docker k8s集羣

一、準備工作

 systemctl disable firewalld

 systemctl stop firewalld

 sed -i s'/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

 

 cat /etc/hosts

192.168.11.10 master

 

yum -y update && reboot

 

vi /etc/yum.repos.d/virt7-docker-common-release.repo

[virt7-docker-common-release]

name=virt7-docker-common-release

baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/

gpgcheck=0

 

yum install -y --enablerepo=virt7-docker-common-release etcd kubernetes ntp flannel

 

二、配置etcd

[root@bogon ~]# grep -v '^#' /etc/etcd/etcd.conf

ETCD_NAME=k8s

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"

ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"

 

啓動etcd

 systemctl daemon-reload

 systemctl enable etcd.service

 systemctl start etcd.service

 

查看服務狀態

systemctl status -l etcd

 

etcd服務檢查

[root@bogon ~]#  etcdctl cluster-health

[root@bogon ~]# etcdctl member list

 

etcd網絡配置

 etcdctl set /k8s/network/config '{"Network": "10.255.0.0/16"}'

 etcdctl get /k8s/network/config

 

三、Master節點部署

配置kubernetes system config

[root@bogon ~]# grep -v '^#'  /etc/kubernetes/config

KUBE_LOGTOSTDERR="--logtostderr=true"

KUBE_LOG_LEVEL="--v=0"

KUBE_ALLOW_PRIV="--allow-privileged=false"

KUBE_MASTER="--master=http://192.168.11.10:8080"

 

配置kuber-apiserver啓動參數

[root@bogon ~]#grep -v '^#'  /etc/kubernetes/apiserver

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"

KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

KUBE_API_ARGS=""

 

 

啓動kube-api-servers服務

 systemctl daemon-reload

 systemctl enable kube-apiserver.service

 systemctl start kube-apiserver.service

 

驗證服務

http://192.168.11.10:8080/healthz

 

部署kube-controller-manager服務

[root@bogon ~]#  cat /etc/kubernetes/controller-manager

KUBE_CONTROLLER_MANAGER_ARGS=""

 

啓動kube-controller-manager

 systemctl daemon-reload

 systemctl enable kube-controller-manager

 systemctl start kube-controller-manager

 

部署kube-scheduler服務

[root@bogon ~]# cat /etc/kubernetes/scheduler

KUBE_SCHEDULER_ARGS=""

 

啓動kube-scheduler服務

 systemctl daemon-reload

 systemctl enable kube-scheduler

 systemctl start kube-scheduler

 

master節點部署

[root@bogon ~]# grep -v '^#' /etc/sysconfig/flanneld

FLANNEL_ETCD_ENDPOINTS="http://192.168.11.10:2379"

FLANNEL_ETCD_PREFIX="/k8s/network"

 

啓動flannel

 

 systemctl daemon-reload

 systemctl enable flanneld.service

 systemctl start flanneld.service

 注意啓動flannel前要關閉docker這樣flannel纔會覆蓋docker0網橋

  flanneld服務啓動後就會根據etcd裏面配置劃分子網了，劃分子網是給docker使用的，docker想使用還得折騰一翻，其實就是想辦法把幾個重要變量傳過去，使docker啓動時能夠使用

 

注意啓動docker前要使某些變量生效，需要：

 source /run/flannel/docker

 source /run/flannel/subnet.env

 

 

配置master kube-proxy

[root@bogon ~]#  grep -v '^#' /etc/kubernetes/config

KUBE_LOGTOSTDERR="--logtostderr=true"

KUBE_LOG_LEVEL="--v=0"

KUBE_ALLOW_PRIV="--allow-privileged=false"

KUBE_MASTER="--master=http://192.168.11.10:8080"

 

[root@bogon ~]#  grep -v '^#' /etc/kubernetes/proxy     

KUBE_PROXY_ARGS=""

 

 

配置master kubelet

[root@bogon ~]#  grep -v '^#' /etc/kubernetes/kubelet

 

KUBELET_ADDRESS="--address=0.0.0.0"

KUBELET_HOSTNAME="--hostname-override=master"

KUBELET_API_SERVER="--api-servers=http://192.168.11.10:8080"

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

KUBELET_ARGS=""

 

 systemctl daemon-reload

 systemctl enable kube-proxy.service

 systemctl start kube-proxy.service

 systemctl daemon-reload

 systemctl enable kubelet.service

 systemctl start kubelet.service

 

測試集羣

[root@bogon ~]#  kubectl get nodes   

NAME      STATUS    AGE

master     Ready     1h

 

 

下載鏡像

[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/gdk/registry

[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/pengg/centos

docker pull registry.cn-hangzhou.aliyuncs.com/qinyujia-test/mysql

docker pull registry.cn-hangzhou.aliyuncs.com/andymo/nginx

docker pull registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64

 

查看鏡像

[root@bogon ~]# docker images

 

打標籤

[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/gdk/registry:latest 192.168.11.10:5000/registry:latest

[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/pengg/centos:latest 192.168.11.10:5000/v1/centos:latest

[root@master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:latest 192.168.11.10:5000/v1/kubernetes-dashboard-amd64:latest

 

 

搭建registry私有倉庫

由於私有服務中使用爲http協議，所以需要將私有服務器添加到“不安全”服務器列表：

[root@bogon ~]# vi /etc/sysconfig/docker

INSECURE_REGISTRY='--insecure-registry 192.168.11.10:5000'

重啓docker

[root@bogon ~]# systemctl stop docker

[root@bogon ~]#  systemctl start docker

啓動倉庫

[root@bogon ~]# docker run --name registry_joy -d -p 5000:5000 192.168.11.10:5000/registry:latest

上傳鏡像到倉庫

[root@master ~]# docker push 192.168.11.10:5000/v1/centos

 

 

搭建kubernetes-dashboard

 

[root@master ~]# vi kubernetes.yaml

 

 

啓動kubernetes-dashboard

[root@master ~]# kubectl create -f kubernetes.yaml

deployment "kubernetes-dashboard" created

service "kubernetes-dashboard" created

 

查看

[root@master ~]# kubectl get deployment --all-namespaces

kubectl get svc  --all-namespaces

kubectl get pod  -o wide  --all-namespaces

 

刪除

kubectl delete svc  kubernetes-dashboard --namespace=kube-system

kubectl delete deployment  kubernetes-dashboard --namespace=kube-system