通过Kubeadm只需几条命令即起一个单机版kubernetes集群系统,而后快速上手k8s。
在kubeadm中,需手动安装Docker和kubeket服务,Docker运行容器引擎,kubelet是启动Pod的核心组件,每一个节点都安装好kubelet和Docker,那么运行容器和Pod的环境就准备好了,在此基础之上,使用Kubeadm工具自动配置kubelet并启动kubelet服务,将Master所有组件和Node上剩余的kube-proxy组件都运行为Pod,托管在k8s之上。

服务器规划

三台机器:一台master、两个Node:

  • k8s-master:10.3.1.20
  • k8s-node01:10.3.1.21
  • k8s-node02:10.3.1.25
  • OS:Ubuntu16.04
  • Docker:17.03.2-ce

安装前准备

1、master节点到各Node节点SSH免密登录。
2、时间同步。
3、各Node必须关闭swap:swapoff -a,否则kubelet启动失败。
4、各节点主机名和IP加入/etc/hosts解析

安装Docker

所有k8s节点安装Docker Daemon:

apt-get update
apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y docker-ce=17.03.2~ce-0~ubuntu-xenial

安装完Docker后,设置FORWARD规则为ACCEPT

#默认为DROP
iptables -P FORWARD ACCEPT

安装kubeadm工具

  • 所有节点都需要安装kubeadm
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >/etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubeadm #它会自动安装kubeadm、kubectl、kubelet、kubernetes-cni、socat

安装完后,设置kubelet服务开机自启:

systemctl enable kubelet

必须设置Kubelet开机自启动,才能让k8s集群各组件在系统重启后自动运行。

部署集群

有了上面这些基础设置后,就可以开始用kubeadm init部署k8s集群了。

在k8s-master上操作

这一步之前确保swap已关闭。

kubeadm init -h可查看帮助信息:

root@k8s-master:~# kubeadm  init -h
##查看init可用的参数,这里使用这两个参数:
--pod-network-cidr string : 自定义Pod网络
--ignore-preflight-errors strings: 忽略一些错误

开始初始化集群

root@k8s-master:~# kubeadm init  --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors=all

输出如下信息:

#初始化kubernetes,Kubeadm默认安装当前最新版本kubernetes
[init] using Kubernetes version: v1.12.0
#安装之前检测当前是否符合k8s运行环境,因为忽略了所有错误所以这里很快就通过了。
[preflight] running pre-flight checks
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
#写入kubelet相关配置文件,并启动kubelet服务
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
#自动生成集群用到的证书
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [10.3.1.20 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.3.1.20]
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[certificates] Generated sa key and public key.
#生成kubelet配置信息写入相应的文件
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
#生成pod清单文件,kubelet将根据此清单文件创建各组件的Pod
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
#根据清单目录开始启动Pod
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 20.003530 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
#给Master设置一个labele且设置一个taint
[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
#集群的一些基础设置
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master" as an annotation
#设置了一个引导令牌,在节点加入时使用
[bootstraptoken] using token: mwfr7m.57rmd56ghjyu0716
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
#提示master已初始化成功
Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user:
#需要执行下面三条命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node
as root: kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622 #把上面kubeadm join这一句话把这个记录下来,否则以后找起来有点麻烦,在node端加入时用到。

初始化完成,一台Master节点就部署好了,初始化过程中需要一定时间来pull镜像,也可以使用下面的命令提前下载好镜像:

root@k8s-master:~# kubeadm  config images pull 

[config/images] Pulled k8s.gcr.io/kube-apiserver:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-scheduler:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-proxy:v1.12.0
[config/images] Pulled k8s.gcr.io/pause:3.1
[config/images] Pulled k8s.gcr.io/etcd:3.2.24
[config/images] Pulled k8s.gcr.io/coredns:1.2.2 #
root@k8s-master:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.12.0 ab60b017e34f 16 hours ago 194 MB
k8s.gcr.io/kube-controller-manager v1.12.0 07e068033cf2 16 hours ago 164 MB
k8s.gcr.io/kube-scheduler v1.12.0 5a1527e735da 16 hours ago 58.3 MB
k8s.gcr.io/kube-proxy v1.12.0 9c3a9d3f09a0 16 hours ago 96.6 MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 7 days ago 220 MB
k8s.gcr.io/coredns 1.2.2 367cdc8433a4 4 weeks ago 39.2 MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 9 months ago 742 kB
  • 根据提示执行:

    root@k8s-master:~# mkdir -p $HOME/.kube
    root@k8s-master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    root@k8s-master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

    在Node上操作

    在所有Node上使用kubeadm join加入集群:

#确保swap已关闭
#复制在master节点上记录下的那句话,以加入集群
root@k8s-node01:~# kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622

输出如下信息:

#加入时也会做一些预检
[preflight] running pre-flight checks
[WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_rr ip_vs_wrr ip_vs_sh ip_vs] or no builtin kernel ipvs support: map[ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]
you can solve this problem with following methods:
1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support [discovery] Trying to connect to API Server "10.3.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.3.1.20:6443"
[discovery] Requesting info from "https://10.3.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.3.1.20:6443"
[discovery] Successfully established connection with API Server "10.3.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node01" as an annotation This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.

init完后,节点已加入群集。

最后,在master节点查看:

root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 6m39s v1.12.0
k8s-node01 NotReady <none> 4m31s v1.12.0
k8s-node02 NotReady <none> 97s v1.12.0

去除master的taint,使用master也能被调度pod

root@k8s-master:~# kubectl taint nodes k8s-master node-role.kubernetes.io/master-
node/k8s-master untainted

安装CNI插件

各Node节点处于"NotReady" ,需要安装一个CNI网络插件:

root@k8s-master:~#  kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
configmap/calico-config configured
daemonset.extensions/calico-etcd created
service/calico-etcd created
daemonset.extensions/calico-node created
deployment.extensions/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created
serviceaccount/calico-cni-plugin created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
serviceaccount/calico-kube-controllers unchanged
root@k8s-master:~#

几分钟后,各Node全部Ready:

#各节点已正常运行
root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 1h v1.12.0
k8s-node01 Ready <none> 1h v1.12.0
k8s-node02 Ready <none> 1h v1.12.0

至此,所有组件全部运行:

root@k8s-master:~# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-etcd-d7v6w 1/1 Running 0 3m21s
calico-kube-controllers-75fb4f8996-dg7hd 1/1 Running 0 3m20s
calico-node-794nd 2/2 Running 0 3m19s
calico-node-b852z 2/2 Running 0 3m19s
calico-node-z7f4n 2/2 Running 0 3m19s
coredns-576cbf47c7-7svmm 1/1 Running 0 15h
coredns-576cbf47c7-kzbv2 1/1 Running 0 15h
etcd-k8s-master 1/1 Running 0 15h
kube-apiserver-k8s-master 1/1 Running 0 15h
kube-controller-manager-k8s-master 1/1 Running 0 15h
kube-proxy-7n5z9 1/1 Running 0 15h
kube-proxy-rwq9g 1/1 Running 0 15h
kube-proxy-v7qnx 1/1 Running 0 15h
kube-scheduler-k8s-master 1/1 Running 0 15h
root@k8s-master:~#

测试集群

  • 配置kubectl的命令补全功能
    命令补全功能由安装包"bash-completion"提供,Ubuntu系统中默认已安装。

    当前shell生效:
    source <(kubectl completion bash)
    永久生效:
    echo "source <(kubectl completion bash)" >> ~/.bashrc
  • 启动一个pod验证集群是否正常运行。
#run一个deployment
kubectl run -h
Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]
[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]

启动一个nginx

kubectl run nginx --image=nginx:1.10 --port=80
deployment.apps/nginx created
#查看
root@k8s-master:~# kubectl get pod -w -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-787b58fd95-p9jwl 0/1 ContainerCreating 0 59s <none> k8s-node02 <none>
nginx-787b58fd95-p9jwl 1/1 Running 0 70s 192.168.58.193 k8s-node02 <none>
  • 测试nginx正常访问

    root@k8s-master:~# curl  -I 192.168.58.193
    HTTP/1.1 200 OK
    Server: nginx/1.10.3
    Date: Sat, 29 Sep 2018 02:42:06 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
    Connection: keep-alive
    ETag: "5890a6b7-264"
    Accept-Ranges: bytes
  • 把nginx暴露一个端口出来,以使集群之外能访问
    kubectl expose -h
    Usage:
    kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name]
    [--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]
    root@k8s-master:~# kubectl expose deployment nginx --port=801 --target-port=80 --type=NodePort --name nginx-svc
    service/nginx-svc exposed
    root@k8s-master:~#
  • 查看服务:
    root@k8s-master:~# kubectl get svc
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h
    nginx-svc NodePort 10.100.84.207 <none> 801:30864/TCP 25s

现在可以访问任意Node的30864端口访问到nginx服务:

root@k8s-node01:~# curl 10.3.1.21:30864

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>

如果发现哪个某个Node端口无法访问,则设置默认FORWARD规则为ACCEPT

 iptables -P FORWARD ACCEPT

kubeadm集群配置到此完成,可参考官方文档

kubernetes之Kubeadm快速安装v1.12.0版的更多相关文章

  1. Kubeadm部署安装kubernetes1.12.1

    1.环境准备(这里是master) CentOS 7.6 两台配置如下,自己更改主机名,加入hosts, master和node 名字不能一样 # hostname master # hostname ...

  2. 处理畅捷通的T+ 12.0版,web服务无故自动停止的问题

    用了几个月的畅捷通T+ 12.0版,一直都挺正常,但最近这两周,出现了好几次web服务自动停止的情况,今天抽空仔细看了Windows的日志,发现在半夜2点左右,TPlusProWebService12 ...

  3. centos环境 使用kubeadm快速安装k8s集群v1.16.2

    全程使用root用户运行,宿主机需要连接外网 浏览一下官方kubeadm[有些镜像用不了] https://kubernetes.io/docs/setup/production-environmen ...

  4. kubeadm快速安装k8s

    1.安装net-tools [root@localhost ~]# yum install -y net-tools 2.关闭firewalld [root@localhost ~]# systemc ...

  5. 使用kubeadm部署K8S v1.17.0集群

    kubeadm部署K8S集群 安装前的准备 集群机器 172.22.34.34 K8S00 172.22.34.35 K8S01 172.22.34.36 K8S02 注意: 本文档中的 etcd . ...

  6. CentOS7.0安装Nginx-1.12.0

    一.安装准备 首先由于nginx的一些模块依赖一些lib库,所以在安装nginx之前,必须先安装这些lib库,这些依赖库主要有g++.gcc.openssl-devel.pcre-devel和zlib ...

  7. CentOS 7 yum安装nginx-1.12.0

    CentOS 7 中的 yum 没法直接使用 yum install nginx 这个指令去安装nginx,因为nginx这个服务不是yum库中自带的.图1是官方提供的大致安装步骤,图2是官网提供的多 ...

  8. 腾讯云服务器 Centos6.5 安装 nginx1.12.0

    今天买了腾讯云,不要问我为什么没有买阿里云... 入正题: 如果出现 CentOS ping: unknown host 的话,表示没有配置dns vim /etc/sysconfig/network ...

  9. FreeBSD 12.0 版发布

    FreeBSD 是一个自由且开源的类 Unix 操作系统,是 BSD Unix 的直系继承者.起始于 1993 年,FreeBSD 拥有悠久的历史与诸多衍生版本.其饱经考验,是最广泛应用的开源 BSD ...

随机推荐

  1. 出现: object() takes no parameters 之后应该如何修改

    这个错误花费了很多的时间去解决,包括重写代码也无济于事. 因为粗心,浪费了很多的时间在这个上面,特写此博客来记录,也希望朋友们不要粗心,特别是初学者. 接下来进入正文: 当在写self.XXX  下方 ...

  2. docker部署redis及踩到的坑

    对docker很好奇,玩了一下,部署了一个redis,结果踩了很多坑 任务目的就是在docker中成功部署redis并保证数据持久化到本地,配置也使用本地配置 docker run -p : -v $ ...

  3. Navicat连接阿里云服务器Linux下的Mysql

    用Navicat连接阿里云ECS服务器上的MySQL数据库   今天用navtive连接阿里云服务器(Linux)的数据库时,老是连接不上,并且报10060错误,要通过以下两个步骤解决: 1.先进入l ...

  4. zip4j压缩

    使用的jar包:zip4j_1.3.2.jar 基本功能: 针对ZIP压缩文件创建.添加.分卷.更新和移除文件 (读写有密码保护的Zip文件) (支持AES 128/256算法加密) (支持标准Zip ...

  5. 2018-2019 网络对抗技术 20165231 Exp5 MSF基础应用

    实践内容(3.5分) 本实践目标是掌握metasploit的基本应用方式,重点常用的三种攻击方式的思路.具体需要完成: 1.1一个主动攻击实践(1分) ms08_067; (失败) MS17-010永 ...

  6. 医学图像数据(三)——TCIA部分数据下载方式

    前为止,本人还没有找到不需要账号的就可以部分下载的方式,因此这里讲的是需要注册账号下载部分数据的方法. 注意:下载部分数据需要注册账号 注册账号网址:https://public.cancerimag ...

  7. SQL server查询语句

    作者:邓聪聪 mysql部分语句的查询,持续更新 系统函数 函数名 描述 举例 convert() 数据类型转换 selece convert(varchar(5),12345) 返回:字符串1234 ...

  8. LeetCode 21. Merge Two Sorted Lists(c++)

    要定义两个链表 判断时依次对应每一个链表的值进行判断即可. /** * Definition for singly-linked list. * struct ListNode { * int val ...

  9. sqlite3 学习

    安装sqlite: [ sqlite]$ wget http://www.sqlite.org/sqlite-3.6.16.tar.gz[ sqlite]$ tar -xzvf sqlite-3.6. ...

  10. uni-app版本在线更新问题(下载完成安装时一闪而过,安卓8以上版本)

    我使用的是uni-app插件市场https://ext.dcloud.net.cn/plugin?id=142 出现一闪而过时加入权限 <uses-permission android:name ...