一、準備工作
systemctl disable firewalld
systemctl stop firewalld
sed -i s'/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
cat /etc/hosts
192.168.11.10 master
yum -y update && reboot
vi /etc/yum.repos.d/virt7-docker-common-release.repo
[virt7-docker-common-release]
name=virt7-docker-common-release
baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/
gpgcheck=0
yum install -y --enablerepo=virt7-docker-common-release etcd kubernetes ntp flannel
二、配置etcd
[root@bogon ~]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_NAME=k8s
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
啓動etcd
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd.service
查看服務狀態
systemctl status -l etcd
etcd服務檢查
[root@bogon ~]# etcdctl cluster-health
[root@bogon ~]# etcdctl member list
etcd網絡配置
etcdctl set /k8s/network/config '{"Network": "10.255.0.0/16"}'
etcdctl get /k8s/network/config
三、Master節點部署
配置kubernetes system config
[root@bogon ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.11.10:8080"
配置kuber-apiserver啓動參數
[root@bogon ~]#grep -v '^#' /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_API_ARGS=""
啓動kube-api-servers服務
systemctl daemon-reload
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
驗證服務
http://192.168.11.10:8080/healthz
部署kube-controller-manager服務
[root@bogon ~]# cat /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS=""
啓動kube-controller-manager
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
部署kube-scheduler服務
[root@bogon ~]# cat /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS=""
啓動kube-scheduler服務
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl start kube-scheduler
master節點部署
[root@bogon ~]# grep -v '^#' /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.11.10:2379"
FLANNEL_ETCD_PREFIX="/k8s/network"
啓動flannel
systemctl daemon-reload
systemctl enable flanneld.service
systemctl start flanneld.service
注意啓動flannel前要關閉docker這樣flannel纔會覆蓋docker0網橋
flanneld服務啓動後就會根據etcd裏面配置劃分子網了,劃分子網是給docker使用的,docker想使用還得折騰一翻,其實就是想辦法把幾個重要變量傳過去,使docker啓動時能夠使用
注意啓動docker前要使某些變量生效,需要:
source /run/flannel/docker
source /run/flannel/subnet.env
配置master kube-proxy
[root@bogon ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.11.10:8080"
[root@bogon ~]# grep -v '^#' /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
配置master kubelet
[root@bogon ~]# grep -v '^#' /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=master"
KUBELET_API_SERVER="--api-servers=http://192.168.11.10:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
systemctl daemon-reload
systemctl enable kube-proxy.service
systemctl start kube-proxy.service
systemctl daemon-reload
systemctl enable kubelet.service
systemctl start kubelet.service
測試集羣
[root@bogon ~]# kubectl get nodes
NAME STATUS AGE
master Ready 1h
下載鏡像
[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/gdk/registry
[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/pengg/centos
docker pull registry.cn-hangzhou.aliyuncs.com/qinyujia-test/mysql
docker pull registry.cn-hangzhou.aliyuncs.com/andymo/nginx
docker pull registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
查看鏡像
[root@bogon ~]# docker images
打標籤
[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/gdk/registry:latest 192.168.11.10:5000/registry:latest
[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/pengg/centos:latest 192.168.11.10:5000/v1/centos:latest
[root@master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:latest 192.168.11.10:5000/v1/kubernetes-dashboard-amd64:latest
搭建registry私有倉庫
由於私有服務中使用爲http協議,所以需要將私有服務器添加到“不安全”服務器列表:
[root@bogon ~]# vi /etc/sysconfig/docker
INSECURE_REGISTRY='--insecure-registry 192.168.11.10:5000'
重啓docker
[root@bogon ~]# systemctl stop docker
[root@bogon ~]# systemctl start docker
啓動倉庫
[root@bogon ~]# docker run --name registry_joy -d -p 5000:5000 192.168.11.10:5000/registry:latest
上傳鏡像到倉庫
[root@master ~]# docker push 192.168.11.10:5000/v1/centos
搭建kubernetes-dashboard
[root@master ~]# vi kubernetes.yaml
啓動kubernetes-dashboard
[root@master ~]# kubectl create -f kubernetes.yaml
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
查看
[root@master ~]# kubectl get deployment --all-namespaces
kubectl get svc --all-namespaces
kubectl get pod -o wide --all-namespaces
刪除
kubectl delete svc kubernetes-dashboard --namespace=kube-system
kubectl delete deployment kubernetes-dashboard --namespace=kube-system