通过Kubeadm只需几条命令即起一个单机版kubernetes集群系统,而后快速上手k8s。
在kubeadm中,需手动安装Docker和kubeket服务,Docker运行容器引擎,kubelet是启动Pod的核心组件,每一个节点都安装好kubelet和Docker,那么运行容器和Pod的环境就准备好了,在此基础之上,使用Kubeadm工具自动配置kubelet并启动kubelet服务,将Master所有组件和Node上剩余的kube-proxy组件都运行为Pod,托管在k8s之上。

服务器规划

三台机器:一台master、两个Node:

  • k8s-master:10.3.1.20
  • k8s-node01:10.3.1.21
  • k8s-node02:10.3.1.25
  • OS:Ubuntu16.04
  • Docker:17.03.2-ce

安装前准备

1、master节点到各Node节点SSH免密登录。
2、时间同步。
3、各Node必须关闭swap:swapoff -a,否则kubelet启动失败。
4、各节点主机名和IP加入/etc/hosts解析

安装Docker

所有k8s节点安装Docker Daemon:

apt-get update

apt-get install \

    apt-transport-https \

    ca-certificates \

    curl \

    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

apt-key fingerprint 0EBFCD88

add-apt-repository \

    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \

    $(lsb_release -cs) \

    stable"

apt-get update

apt-get install -y docker-ce=17.03.2~ce-0~ubuntu-xenial

安装完Docker后,设置FORWARD规则为ACCEPT

#默认为DROP

 iptables -P FORWARD ACCEPT

安装kubeadm工具

  • 所有节点都需要安装kubeadm
apt-get update && apt-get install -y apt-transport-https curl

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -

echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >/etc/apt/sources.list.d/kubernetes.list

apt-get update

apt-get install -y  kubeadm

#它会自动安装kubeadm、kubectl、kubelet、kubernetes-cni、socat

安装完后,设置kubelet服务开机自启:

systemctl enable kubelet

必须设置Kubelet开机自启动,才能让k8s集群各组件在系统重启后自动运行。

部署集群

有了上面这些基础设置后,就可以开始用kubeadm init部署k8s集群了。

在k8s-master上操作

这一步之前确保swap已关闭。

kubeadm init -h可查看帮助信息:

root@k8s-master:~# kubeadm  init -h

 ##查看init可用的参数,这里使用这两个参数:

   --pod-network-cidr string : 自定义Pod网络

   --ignore-preflight-errors strings: 忽略一些错误

开始初始化集群

root@k8s-master:~# kubeadm init  --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors=all

输出如下信息:

#初始化kubernetes,Kubeadm默认安装当前最新版本kubernetes

[init] using Kubernetes version: v1.12.0

#安装之前检测当前是否符合k8s运行环境,因为忽略了所有错误所以这里很快就通过了。

[preflight] running pre-flight checks

[preflight/images] Pulling images required for setting up a Kubernetes cluster

[preflight/images] This might take a minute or two, depending on the speed of your internet connection

[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'

#写入kubelet相关配置文件,并启动kubelet服务

[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[preflight] Activating the kubelet service

#自动生成集群用到的证书

[certificates] Generated front-proxy-ca certificate and key.

[certificates] Generated front-proxy-client certificate and key.

[certificates] Generated etcd/ca certificate and key.

[certificates] Generated etcd/server certificate and key.

[certificates] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [127.0.0.1 ::1]

[certificates] Generated apiserver-etcd-client certificate and key.

[certificates] Generated etcd/peer certificate and key.

[certificates] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [10.3.1.20 127.0.0.1 ::1]

[certificates] Generated etcd/healthcheck-client certificate and key.

[certificates] Generated ca certificate and key.

[certificates] Generated apiserver-kubelet-client certificate and key.

[certificates] Generated apiserver certificate and key.

[certificates] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.3.1.20]

[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"

[certificates] Generated sa key and public key.

#生成kubelet配置信息写入相应的文件

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"

#生成pod清单文件,kubelet将根据此清单文件创建各组件的Pod

[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"

[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"

[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"

[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"

#根据清单目录开始启动Pod

[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"

[init] this might take a minute or longer if the control plane images have to be pulled

[apiclient] All control plane components are healthy after 20.003530 seconds

[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace

[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster

#给Master设置一个labele且设置一个taint

[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"

[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]

#集群的一些基础设置

[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master" as an annotation

#设置了一个引导令牌,在节点加入时使用

[bootstraptoken] using token: mwfr7m.57rmd56ghjyu0716

[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials

[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token

[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster

[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace

[addons] Applied essential addon: CoreDNS

[addons] Applied essential addon: kube-proxy

#提示master已初始化成功

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

#需要执行下面三条命令

  mkdir -p $HOME/.kube

  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node

as root:

  kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622

#把上面kubeadm join这一句话把这个记录下来,否则以后找起来有点麻烦,在node端加入时用到。

初始化完成,一台Master节点就部署好了,初始化过程中需要一定时间来pull镜像,也可以使用下面的命令提前下载好镜像:

root@k8s-master:~# kubeadm  config images pull 

[config/images] Pulled k8s.gcr.io/kube-apiserver:v1.12.0

[config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.12.0

[config/images] Pulled k8s.gcr.io/kube-scheduler:v1.12.0

[config/images] Pulled k8s.gcr.io/kube-proxy:v1.12.0

[config/images] Pulled k8s.gcr.io/pause:3.1

[config/images] Pulled k8s.gcr.io/etcd:3.2.24

[config/images] Pulled k8s.gcr.io/coredns:1.2.2

#

root@k8s-master:~# docker images

REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE

k8s.gcr.io/kube-apiserver            v1.12.0             ab60b017e34f        16 hours ago        194 MB

k8s.gcr.io/kube-controller-manager   v1.12.0             07e068033cf2        16 hours ago        164 MB

k8s.gcr.io/kube-scheduler            v1.12.0             5a1527e735da        16 hours ago        58.3 MB

k8s.gcr.io/kube-proxy                v1.12.0             9c3a9d3f09a0        16 hours ago        96.6 MB

k8s.gcr.io/etcd                      3.2.24              3cab8e1b9802        7 days ago          220 MB

k8s.gcr.io/coredns                   1.2.2               367cdc8433a4        4 weeks ago         39.2 MB

k8s.gcr.io/pause                     3.1                 da86e6ba6ca1        9 months ago        742 kB
  • 根据提示执行:

    root@k8s-master:~# mkdir -p $HOME/.kube
    
root@k8s-master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    
root@k8s-master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

    在Node上操作

    在所有Node上使用kubeadm join加入集群:

#确保swap已关闭

#复制在master节点上记录下的那句话,以加入集群

root@k8s-node01:~# kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622

输出如下信息:

#加入时也会做一些预检

[preflight] running pre-flight checks

    [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_rr ip_vs_wrr ip_vs_sh ip_vs] or no builtin kernel ipvs support: map[ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]

you can solve this problem with following methods:

 1. Run 'modprobe -- ' to load missing kernel modules;

2. Provide the missing builtin kernel ipvs support

[discovery] Trying to connect to API Server "10.3.1.20:6443"

[discovery] Created cluster-info discovery client, requesting info from "https://10.3.1.20:6443"

[discovery] Requesting info from "https://10.3.1.20:6443" again to validate TLS against the pinned public key

[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.3.1.20:6443"

[discovery] Successfully established connection with API Server "10.3.1.20:6443"

[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace

[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[preflight] Activating the kubelet service

[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...

[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node01" as an annotation

This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

init完后,节点已加入群集。

最后,在master节点查看:

root@k8s-master:~# kubectl get node

NAME          STATUS     ROLES    AGE     VERSION

k8s-master    NotReady   master   6m39s   v1.12.0

k8s-node01   NotReady   <none>   4m31s   v1.12.0

k8s-node02   NotReady   <none>   97s     v1.12.0

去除master的taint,使用master也能被调度pod

root@k8s-master:~# kubectl taint nodes k8s-master node-role.kubernetes.io/master-

node/k8s-master untainted

安装CNI插件

各Node节点处于"NotReady" ,需要安装一个CNI网络插件:

root@k8s-master:~#  kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml

configmap/calico-config configured

daemonset.extensions/calico-etcd created

service/calico-etcd created

daemonset.extensions/calico-node created

deployment.extensions/calico-kube-controllers created

clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created

clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created

serviceaccount/calico-cni-plugin created

clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created

clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created

serviceaccount/calico-kube-controllers unchanged

root@k8s-master:~#

几分钟后,各Node全部Ready:

#各节点已正常运行

root@k8s-master:~# kubectl get node

NAME         STATUS   ROLES    AGE   VERSION

k8s-master   Ready    master   1h   v1.12.0

k8s-node01   Ready    <none>   1h   v1.12.0

k8s-node02   Ready    <none>   1h   v1.12.0

至此,所有组件全部运行:

root@k8s-master:~# kubectl get pod -n kube-system

NAME                                       READY   STATUS    RESTARTS   AGE

calico-etcd-d7v6w                          1/1     Running   0          3m21s

calico-kube-controllers-75fb4f8996-dg7hd   1/1     Running   0          3m20s

calico-node-794nd                          2/2     Running   0          3m19s

calico-node-b852z                          2/2     Running   0          3m19s

calico-node-z7f4n                          2/2     Running   0          3m19s

coredns-576cbf47c7-7svmm                   1/1     Running   0          15h

coredns-576cbf47c7-kzbv2                   1/1     Running   0          15h

etcd-k8s-master                            1/1     Running   0          15h

kube-apiserver-k8s-master                  1/1     Running   0          15h

kube-controller-manager-k8s-master         1/1     Running   0          15h

kube-proxy-7n5z9                           1/1     Running   0          15h

kube-proxy-rwq9g                           1/1     Running   0          15h

kube-proxy-v7qnx                           1/1     Running   0          15h

kube-scheduler-k8s-master                  1/1     Running   0          15h

root@k8s-master:~#

测试集群

  • 配置kubectl的命令补全功能
    命令补全功能由安装包"bash-completion"提供,Ubuntu系统中默认已安装。

    当前shell生效:
    
source <(kubectl completion bash)
    
永久生效:
    
echo "source <(kubectl completion bash)" >> ~/.bashrc
  • 启动一个pod验证集群是否正常运行。
#run一个deployment

kubectl run -h

Usage:

  kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]

[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]

启动一个nginx

kubectl run nginx --image=nginx:1.10 --port=80

deployment.apps/nginx created

#查看

root@k8s-master:~# kubectl get pod -w -o wide

NAME                     READY   STATUS              RESTARTS   AGE   IP       NODE         NOMINATED NODE

nginx-787b58fd95-p9jwl   0/1     ContainerCreating   0          59s   <none>   k8s-node02   <none>

nginx-787b58fd95-p9jwl   1/1   Running   0     70s   192.168.58.193   k8s-node02   <none>
  • 测试nginx正常访问

    root@k8s-master:~# curl  -I 192.168.58.193
    
HTTP/1.1 200 OK
    
Server: nginx/1.10.3
    
Date: Sat, 29 Sep 2018 02:42:06 GMT
    
Content-Type: text/html
    
Content-Length: 612
    
Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
    
Connection: keep-alive
    
ETag: "5890a6b7-264"
    
Accept-Ranges: bytes
  • 把nginx暴露一个端口出来,以使集群之外能访问 
    kubectl expose -h
    
Usage:
    
kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name]
    
[--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]
    root@k8s-master:~# kubectl expose deployment nginx --port=801 --target-port=80 --type=NodePort --name nginx-svc
    
service/nginx-svc exposed
    
root@k8s-master:~#
  • 查看服务: 
    root@k8s-master:~# kubectl get svc
    
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
    
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP         16h
    
nginx-svc    NodePort    10.100.84.207   <none>        801:30864/TCP   25s

现在可以访问任意Node的30864端口访问到nginx服务:

root@k8s-node01:~# curl 10.3.1.21:30864

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

如果发现哪个某个Node端口无法访问,则设置默认FORWARD规则为ACCEPT

 iptables -P FORWARD ACCEPT

kubeadm集群配置到此完成,可参考官方文档

kubernetes之Kubeadm快速安装v1.12.0版的更多相关文章

  1. Kubeadm部署安装kubernetes1.12.1

    1.环境准备(这里是master) CentOS 7.6 两台配置如下,自己更改主机名,加入hosts, master和node 名字不能一样 # hostname master # hostname ...

  2. 处理畅捷通的T+ 12.0版,web服务无故自动停止的问题

    用了几个月的畅捷通T+ 12.0版,一直都挺正常,但最近这两周,出现了好几次web服务自动停止的情况,今天抽空仔细看了Windows的日志,发现在半夜2点左右,TPlusProWebService12 ...

  3. centos环境 使用kubeadm快速安装k8s集群v1.16.2

    全程使用root用户运行,宿主机需要连接外网 浏览一下官方kubeadm[有些镜像用不了] https://kubernetes.io/docs/setup/production-environmen ...

  4. kubeadm快速安装k8s

    1.安装net-tools [root@localhost ~]# yum install -y net-tools 2.关闭firewalld [root@localhost ~]# systemc ...

  5. 使用kubeadm部署K8S v1.17.0集群

    kubeadm部署K8S集群 安装前的准备 集群机器 172.22.34.34 K8S00 172.22.34.35 K8S01 172.22.34.36 K8S02 注意: 本文档中的 etcd . ...

  6. CentOS7.0安装Nginx-1.12.0

    一.安装准备 首先由于nginx的一些模块依赖一些lib库,所以在安装nginx之前,必须先安装这些lib库,这些依赖库主要有g++.gcc.openssl-devel.pcre-devel和zlib ...

  7. CentOS 7 yum安装nginx-1.12.0

    CentOS 7 中的 yum 没法直接使用 yum install nginx 这个指令去安装nginx,因为nginx这个服务不是yum库中自带的.图1是官方提供的大致安装步骤,图2是官网提供的多 ...

  8. 腾讯云服务器 Centos6.5 安装 nginx1.12.0

    今天买了腾讯云,不要问我为什么没有买阿里云... 入正题: 如果出现 CentOS ping: unknown host 的话,表示没有配置dns vim /etc/sysconfig/network ...

  9. FreeBSD 12.0 版发布

    FreeBSD 是一个自由且开源的类 Unix 操作系统,是 BSD Unix 的直系继承者.起始于 1993 年,FreeBSD 拥有悠久的历史与诸多衍生版本.其饱经考验,是最广泛应用的开源 BSD ...

随机推荐

  1. 出现: object() takes no parameters 之后应该如何修改

    这个错误花费了很多的时间去解决,包括重写代码也无济于事. 因为粗心,浪费了很多的时间在这个上面,特写此博客来记录,也希望朋友们不要粗心,特别是初学者. 接下来进入正文: 当在写self.XXX  下方 ...

  2. docker部署redis及踩到的坑

    对docker很好奇,玩了一下,部署了一个redis,结果踩了很多坑 任务目的就是在docker中成功部署redis并保证数据持久化到本地,配置也使用本地配置 docker run -p : -v $ ...

  3. Navicat连接阿里云服务器Linux下的Mysql

    用Navicat连接阿里云ECS服务器上的MySQL数据库   今天用navtive连接阿里云服务器(Linux)的数据库时,老是连接不上,并且报10060错误,要通过以下两个步骤解决: 1.先进入l ...

  4. zip4j压缩

    使用的jar包:zip4j_1.3.2.jar 基本功能: 针对ZIP压缩文件创建.添加.分卷.更新和移除文件 (读写有密码保护的Zip文件) (支持AES 128/256算法加密) (支持标准Zip ...

  5. 2018-2019 网络对抗技术 20165231 Exp5 MSF基础应用

    实践内容(3.5分) 本实践目标是掌握metasploit的基本应用方式,重点常用的三种攻击方式的思路.具体需要完成: 1.1一个主动攻击实践(1分) ms08_067; (失败) MS17-010永 ...

  6. 医学图像数据(三)——TCIA部分数据下载方式

    前为止,本人还没有找到不需要账号的就可以部分下载的方式,因此这里讲的是需要注册账号下载部分数据的方法. 注意:下载部分数据需要注册账号 注册账号网址:https://public.cancerimag ...

  7. SQL server查询语句

    作者:邓聪聪 mysql部分语句的查询,持续更新 系统函数 函数名 描述 举例 convert() 数据类型转换 selece convert(varchar(5),12345) 返回:字符串1234 ...

  8. LeetCode 21. Merge Two Sorted Lists(c++)

    要定义两个链表 判断时依次对应每一个链表的值进行判断即可. /** * Definition for singly-linked list. * struct ListNode { * int val ...

  9. sqlite3 学习

    安装sqlite: [ sqlite]$ wget http://www.sqlite.org/sqlite-3.6.16.tar.gz[ sqlite]$ tar -xzvf sqlite-3.6. ...

  10. uni-app版本在线更新问题(下载完成安装时一闪而过,安卓8以上版本)

    我使用的是uni-app插件市场https://ext.dcloud.net.cn/plugin?id=142 出现一闪而过时加入权限 <uses-permission android:name ...