kubernetes之Kubeadm快速安装v1.12.0版
通过Kubeadm只需几条命令即起一个单机版kubernetes集群系统,而后快速上手k8s。
在kubeadm中,需手动安装Docker和kubeket服务,Docker运行容器引擎,kubelet是启动Pod的核心组件,每一个节点都安装好kubelet和Docker,那么运行容器和Pod的环境就准备好了,在此基础之上,使用Kubeadm工具自动配置kubelet并启动kubelet服务,将Master所有组件和Node上剩余的kube-proxy组件都运行为Pod,托管在k8s之上。
服务器规划
三台机器:一台master、两个Node:
- k8s-master:10.3.1.20
- k8s-node01:10.3.1.21
- k8s-node02:10.3.1.25
- OS:Ubuntu16.04
- Docker:17.03.2-ce
安装前准备
1、master节点到各Node节点SSH免密登录。
2、时间同步。
3、各Node必须关闭swap:swapoff -a,否则kubelet启动失败。
4、各节点主机名和IP加入/etc/hosts解析
安装Docker
所有k8s节点安装Docker Daemon:
apt-get update
apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y docker-ce=17.03.2~ce-0~ubuntu-xenial
安装完Docker后,设置FORWARD规则为ACCEPT
#默认为DROP
iptables -P FORWARD ACCEPT
安装kubeadm工具
- 所有节点都需要安装kubeadm
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >/etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubeadm
#它会自动安装kubeadm、kubectl、kubelet、kubernetes-cni、socat
安装完后,设置kubelet服务开机自启:
systemctl enable kubelet
必须设置Kubelet开机自启动,才能让k8s集群各组件在系统重启后自动运行。
部署集群
有了上面这些基础设置后,就可以开始用kubeadm init部署k8s集群了。
在k8s-master上操作
这一步之前确保swap已关闭。
kubeadm init -h可查看帮助信息:
root@k8s-master:~# kubeadm init -h
##查看init可用的参数,这里使用这两个参数:
--pod-network-cidr string : 自定义Pod网络
--ignore-preflight-errors strings: 忽略一些错误
开始初始化集群
root@k8s-master:~# kubeadm init --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors=all
输出如下信息:
#初始化kubernetes,Kubeadm默认安装当前最新版本kubernetes
[init] using Kubernetes version: v1.12.0
#安装之前检测当前是否符合k8s运行环境,因为忽略了所有错误所以这里很快就通过了。
[preflight] running pre-flight checks
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
#写入kubelet相关配置文件,并启动kubelet服务
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
#自动生成集群用到的证书
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [10.3.1.20 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.3.1.20]
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[certificates] Generated sa key and public key.
#生成kubelet配置信息写入相应的文件
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
#生成pod清单文件,kubelet将根据此清单文件创建各组件的Pod
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
#根据清单目录开始启动Pod
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 20.003530 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
#给Master设置一个labele且设置一个taint
[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
#集群的一些基础设置
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master" as an annotation
#设置了一个引导令牌,在节点加入时使用
[bootstraptoken] using token: mwfr7m.57rmd56ghjyu0716
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
#提示master已初始化成功
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
#需要执行下面三条命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622
#把上面kubeadm join这一句话把这个记录下来,否则以后找起来有点麻烦,在node端加入时用到。
初始化完成,一台Master节点就部署好了,初始化过程中需要一定时间来pull镜像,也可以使用下面的命令提前下载好镜像:
root@k8s-master:~# kubeadm config images pull
[config/images] Pulled k8s.gcr.io/kube-apiserver:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-scheduler:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-proxy:v1.12.0
[config/images] Pulled k8s.gcr.io/pause:3.1
[config/images] Pulled k8s.gcr.io/etcd:3.2.24
[config/images] Pulled k8s.gcr.io/coredns:1.2.2
#
root@k8s-master:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.12.0 ab60b017e34f 16 hours ago 194 MB
k8s.gcr.io/kube-controller-manager v1.12.0 07e068033cf2 16 hours ago 164 MB
k8s.gcr.io/kube-scheduler v1.12.0 5a1527e735da 16 hours ago 58.3 MB
k8s.gcr.io/kube-proxy v1.12.0 9c3a9d3f09a0 16 hours ago 96.6 MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 7 days ago 220 MB
k8s.gcr.io/coredns 1.2.2 367cdc8433a4 4 weeks ago 39.2 MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 9 months ago 742 kB
- 根据提示执行:
root@k8s-master:~# mkdir -p $HOME/.kube
root@k8s-master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@k8s-master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config在Node上操作
在所有Node上使用kubeadm join加入集群:
#确保swap已关闭
#复制在master节点上记录下的那句话,以加入集群
root@k8s-node01:~# kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622
输出如下信息:
#加入时也会做一些预检
[preflight] running pre-flight checks
[WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_rr ip_vs_wrr ip_vs_sh ip_vs] or no builtin kernel ipvs support: map[ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]
you can solve this problem with following methods:
1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support
[discovery] Trying to connect to API Server "10.3.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.3.1.20:6443"
[discovery] Requesting info from "https://10.3.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.3.1.20:6443"
[discovery] Successfully established connection with API Server "10.3.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node01" as an annotation
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the master to see this node join the cluster.
init完后,节点已加入群集。
最后,在master节点查看:
root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 6m39s v1.12.0
k8s-node01 NotReady <none> 4m31s v1.12.0
k8s-node02 NotReady <none> 97s v1.12.0
去除master的taint,使用master也能被调度pod
root@k8s-master:~# kubectl taint nodes k8s-master node-role.kubernetes.io/master-
node/k8s-master untainted
安装CNI插件
各Node节点处于"NotReady" ,需要安装一个CNI网络插件:
root@k8s-master:~# kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
configmap/calico-config configured
daemonset.extensions/calico-etcd created
service/calico-etcd created
daemonset.extensions/calico-node created
deployment.extensions/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created
serviceaccount/calico-cni-plugin created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
serviceaccount/calico-kube-controllers unchanged
root@k8s-master:~#
几分钟后,各Node全部Ready:
#各节点已正常运行
root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 1h v1.12.0
k8s-node01 Ready <none> 1h v1.12.0
k8s-node02 Ready <none> 1h v1.12.0
至此,所有组件全部运行:
root@k8s-master:~# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-etcd-d7v6w 1/1 Running 0 3m21s
calico-kube-controllers-75fb4f8996-dg7hd 1/1 Running 0 3m20s
calico-node-794nd 2/2 Running 0 3m19s
calico-node-b852z 2/2 Running 0 3m19s
calico-node-z7f4n 2/2 Running 0 3m19s
coredns-576cbf47c7-7svmm 1/1 Running 0 15h
coredns-576cbf47c7-kzbv2 1/1 Running 0 15h
etcd-k8s-master 1/1 Running 0 15h
kube-apiserver-k8s-master 1/1 Running 0 15h
kube-controller-manager-k8s-master 1/1 Running 0 15h
kube-proxy-7n5z9 1/1 Running 0 15h
kube-proxy-rwq9g 1/1 Running 0 15h
kube-proxy-v7qnx 1/1 Running 0 15h
kube-scheduler-k8s-master 1/1 Running 0 15h
root@k8s-master:~#
测试集群
配置kubectl的命令补全功能
命令补全功能由安装包"bash-completion"提供,Ubuntu系统中默认已安装。当前shell生效:
source <(kubectl completion bash)
永久生效:
echo "source <(kubectl completion bash)" >> ~/.bashrc- 启动一个pod验证集群是否正常运行。
#run一个deployment
kubectl run -h
Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]
[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]
启动一个nginx
kubectl run nginx --image=nginx:1.10 --port=80
deployment.apps/nginx created
#查看
root@k8s-master:~# kubectl get pod -w -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-787b58fd95-p9jwl 0/1 ContainerCreating 0 59s <none> k8s-node02 <none>
nginx-787b58fd95-p9jwl 1/1 Running 0 70s 192.168.58.193 k8s-node02 <none>
- 测试nginx正常访问
root@k8s-master:~# curl -I 192.168.58.193
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Sat, 29 Sep 2018 02:42:06 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
Connection: keep-alive
ETag: "5890a6b7-264"
Accept-Ranges: bytes - 把nginx暴露一个端口出来,以使集群之外能访问
kubectl expose -h
Usage:
kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name]
[--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]root@k8s-master:~# kubectl expose deployment nginx --port=801 --target-port=80 --type=NodePort --name nginx-svc
service/nginx-svc exposed
root@k8s-master:~# - 查看服务:
root@k8s-master:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h
nginx-svc NodePort 10.100.84.207 <none> 801:30864/TCP 25s
现在可以访问任意Node的30864端口访问到nginx服务:
root@k8s-node01:~# curl 10.3.1.21:30864
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
如果发现哪个某个Node端口无法访问,则设置默认FORWARD规则为ACCEPT
iptables -P FORWARD ACCEPT
kubeadm集群配置到此完成,可参考官方文档
kubernetes之Kubeadm快速安装v1.12.0版的更多相关文章
- Kubeadm部署安装kubernetes1.12.1
1.环境准备(这里是master) CentOS 7.6 两台配置如下,自己更改主机名,加入hosts, master和node 名字不能一样 # hostname master # hostname ...
- 处理畅捷通的T+ 12.0版,web服务无故自动停止的问题
用了几个月的畅捷通T+ 12.0版,一直都挺正常,但最近这两周,出现了好几次web服务自动停止的情况,今天抽空仔细看了Windows的日志,发现在半夜2点左右,TPlusProWebService12 ...
- centos环境 使用kubeadm快速安装k8s集群v1.16.2
全程使用root用户运行,宿主机需要连接外网 浏览一下官方kubeadm[有些镜像用不了] https://kubernetes.io/docs/setup/production-environmen ...
- kubeadm快速安装k8s
1.安装net-tools [root@localhost ~]# yum install -y net-tools 2.关闭firewalld [root@localhost ~]# systemc ...
- 使用kubeadm部署K8S v1.17.0集群
kubeadm部署K8S集群 安装前的准备 集群机器 172.22.34.34 K8S00 172.22.34.35 K8S01 172.22.34.36 K8S02 注意: 本文档中的 etcd . ...
- CentOS7.0安装Nginx-1.12.0
一.安装准备 首先由于nginx的一些模块依赖一些lib库,所以在安装nginx之前,必须先安装这些lib库,这些依赖库主要有g++.gcc.openssl-devel.pcre-devel和zlib ...
- CentOS 7 yum安装nginx-1.12.0
CentOS 7 中的 yum 没法直接使用 yum install nginx 这个指令去安装nginx,因为nginx这个服务不是yum库中自带的.图1是官方提供的大致安装步骤,图2是官网提供的多 ...
- 腾讯云服务器 Centos6.5 安装 nginx1.12.0
今天买了腾讯云,不要问我为什么没有买阿里云... 入正题: 如果出现 CentOS ping: unknown host 的话,表示没有配置dns vim /etc/sysconfig/network ...
- FreeBSD 12.0 版发布
FreeBSD 是一个自由且开源的类 Unix 操作系统,是 BSD Unix 的直系继承者.起始于 1993 年,FreeBSD 拥有悠久的历史与诸多衍生版本.其饱经考验,是最广泛应用的开源 BSD ...
随机推荐
- robotframework环境安装
1.安装 robotframework 执行命令 pip install robotframework 2.安装seleniumlibrary 执行命令 pip install --upgrade r ...
- vue eventBus 跳坑的办法
前言(feihua): 最近闲来没事写了一个小的demo,在小的数据传输上没有必要去使用vuex,对于非父子组件的传值方法总结了一点心得体会供大家参考(如有太low,还请大神别喷俺) 先上官方文档: ...
- jmeter分布式测试教程和远程的代理机无法连接网络的问题解决方法
一.Jmeter分布式执行原理: 1.Jmeter分布式测试时,选择其中一台作为控制机(Controller),其它机器做为代理机(Agent). 2.执行时,Controller会把脚本发送到每台A ...
- [转] word2vec
from: https://www.cnblogs.com/peghoty/p/3857839.html 另附一个比较好的介绍:https://zhuanlan.zhihu.com/p/2630679 ...
- vertical-align作用的前提++图片不上下居中
5.3.2 vertical-align作用的前提 很多人,尤其CSS新手,会问这么一个问题:“为什么我设置了vertical-align却没任何作用?” 因为vertical-align起作用是有前 ...
- CF666E Forensic Examination [后缀自动机,线段树合并]
洛谷 Codeforces 思路 最初的想法:后缀数组+区间众数,似乎并不能过. 既然后缀数组不行,那就按照套路建出广义SAM,然后把\(S\)放在上面跑,得到以每个点结尾会到SAM上哪个节点. 询问 ...
- 实验一《Java开发环境的熟悉》_实验报告
实验一<Java开发环境的熟悉>_实验报告 一.实验内容与主要步骤 1.Linux系统命令行下java程序开发 实验要求 1 建立"自己学号exp1"的目录 2 在&q ...
- 高可用Redis(一):通用命令,数据结构和内部编码,单线程架构
1.通用API 1.1 keys命令和dbsize命令 keys * 遍历所有key keys [pattern] 遍历模式下所有的key dbsize 计算Redis中所有key的总数 例子: 12 ...
- layUI 实现自定义弹窗
需求描述:点击表格中的数据,弹出一张具体信息表.描述的不是很清楚,放效果图,就明白了,上图 放心,能看到的数据,都不是生产数据,我造的假数据,但是功能效果就是这样,点击列表中的一行,弹出某些要展示的信 ...
- 在django中使用redis
方式一 utils文件夹下,简历redis_pool.py import redis POOL = redis.ConnectionPool(host='127.0.0.1', port=6379,p ...