部署環境服務器:騰訊雲
操作系統版本:centos 7.2
1、修改系統配置:
[root@node1~]# cat /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables= 1 net.bridge.bridge-nf-call-iptables= 1
2、是配置生效:
執行sysctl -p/etc/sysctl.d/k8s.conf使修改生效。
3、設置主機名對應IP:
[root@node1~]# cat /etc/hosts 10.104.143.65 node1 10.186.54.177 node2
4、安裝kuberete包,下載包,因爲中國都是被屏蔽的、所以使用國人維護的庫,下載包下來:https://yum.mritd.me/
# 添加 yum 源
[root@linux-node1src]#tee /etc/yum.repos.d/mritd.repo << EOF [mritdrepo] name=MritdRepository baseurl=https://yumrepo.b0.upaiyun.com/centos/7/x86_64 enabled=1 gpgcheck=1 gpgkey=https://mritd.b0.upaiyun.com/keys/rpm.public.key EOF
# 刷新cache [root@linux-node1src]#yummakecache # 安裝 yum-utils [root@linux-node1src]#yuminstall -y yum-utils socat # 下載 rpm 到本地 [root@linux-node1src]#yumdownloader kubelet kubectl kubernetes-cni kubeadm #查看一下本地有哪些包: [root@linux-node1src]# ls kubeadm-1.6.2-0.x86_64.rpm kubectl-1.6.2-0.x86_64.rpm kubelet-1.6.2-0.x86_64.rpm kubernetes-cni-0.5.1-0.x86_64.rpm
5、安裝kubeletes包:
[root@linux-node1src]# yum localinstall kube*.rpm
6、我們先了解一下需要下載哪些包,相關版本都需要什麼依賴關係,因爲在國內包是被牆的,我們需要從第三方雲下載相關的版本然後再安裝:
Image | Ver | Component |
gcr.io/google_containers/kube-proxy-amd64 | v1.6.2 | Kubernetes |
gcr.io/google_containers/kube-controller-manager-amd64 | v1.6.2 | Kubernetes |
gcr.io/google_containers/kube-apiserver-amd64 | v1.6.2 | Kubernetes |
gcr.io/google_containers/kube-scheduler-amd64 | v1.6.2 | Kubernetes |
gcr.io/google_containers/etcd-amd64 | 3.0.17 | Kubernetes |
gcr.io/google_containers/pause-amd64 | 3.0 | Kubernetes |
gcr.io/google_containers/k8s-dns-sidecar-amd64 | 1.14.1 | DNS |
gcr.io/google_containers/k8s-dns-kube-dns-amd64 | 1.14.1 | DNS |
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64 | 1.14.1 | DNS |
7、下載相關的包,然後重命名tag,再刪除之前的包:
[root@linux-node1src]#images=(kube-proxy-amd64:v1.6.2kube-controller-manager-amd64:v1.6.2 kube-apiserver-amd64:v1.6.2kube-scheduler-amd64:v1.6.2 k8s-dns-sidecar-amd64:1.14.1k8s-dns-dnsmasq-nanny-amd64:1.14.1) [root@linux-node1src]#for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/kube_containers/$imageName docker tag registry.cn-hangzhou.aliyuncs.com/kube_containers/$imageNamegcr.io/google_containers/$imageName docker rmi registry.cn-hangzhou.aliyuncs.com/kube_containers/$imageName done
[root@linux-node1src]#dockerpull registry.cn-hangzhou.aliyuncs.com/google-containers/etcd-amd64:3.0.17 [root@linux-node1src]#docker pullregistry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 [root@linux-node1src]#docker pullindex.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1 [root@linux-node1src]#docker tagregistry.cn-hangzhou.aliyuncs.com/google-containers/etcd-amd64:3.0.17gcr.io/google_containers/etcd-amd64:3.0.17 [root@linux-node1src]#docker rmiregistry.cn-hangzhou.aliyuncs.com/google-containers/etcd-amd64:3.0.17 [root@linux-node1src]#dockertag registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0gcr.io/google_containers/pause-amd64:3.0 [root@linux-node1src]#docker rmiregistry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 [root@linux-node1src]#dockertag index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1 [root@linux-node1src]#dockerrmi index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1
8、初始化集羣:
[root@node1~]# kubeadm init --kubernetes-version=v1.6.2 --pod-network-cidr=10.244.0.0/16--apiserver-advertise-address=10.104.143.65 ........ You cannow join any number of machines by running the following on each node as root: kubeadm join --token 50e5cc.8ca639f09da1fb6510.104.143.65:6443
#使用flannel網絡的時候需要指定pod-network-cide,不然後面起不來的。
#控制token,這個是我們Node加入集羣的憑證。
9、假如出錯,我們就重新初始化集羣,然後再生成一個token-id:(不重新執行這部略)
[root@node1~]#kubeadmreset [root@node1~]#ifconfigcni0 down [root@node1~]#ip linkdelete cni0 [root@node1~]#ifconfigflannel.1 down [root@node1~]#ip linkdelete flannel.1 [root@node1~]#rm -rf/var/lib/cni/
10、在1.6.2版本之後由於監聽的是6443端口,不是之前的80,所以執行查看會報錯:
##這個時候執行kubectlget node 會報錯: [root@node1manifests]# kubectl get nodes Theconnection to the server localhost:8080 was refused - did you specify the righthost or port? ##默認在之前版本是監聽8080端口,但是kube-apiserver監聽的是6443端口:
11、可以查看一下相關api-server文件:
[root@node1manifests]# cat kube-apiserver.yaml apiVersion:v1 。。。。。。 image:gcr.io/google_containers/kube-apiserver-amd64:v1.6.2 livenessProbe: failureThreshold: 8 httpGet: host: 127.0.0.1 path: /healthz port: 6443 scheme: HTTPS initialDelaySeconds: 15 timeoutSeconds: 15 ###看一下監聽端口: [root@node1manifests]# netstat -ntlp | grep api tcp6 0 0:::6443 :::* LISTEN 64692/kube-apiserve
12、設置一下環境變量:
[root@node1~]# vim /etc/profile exportKUBECONFIG=/etc/kubernetes/admin.conf [root@node1~]# source /etc/profile
13、查看一下相關的pod狀態:
[root@node1src]# kubectl get pod --all-namespaces-o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE kube-system etcd-node1 1/1 Running 0 4m 10.104.143.65 node1 kube-system kube-apiserver-node1 1/1 Running 0 4m 10.104.143.65 node1 kube-system kube-controller-manager-node1 1/1 Running 0 4m 10.104.143.65 node1 kube-system kube-dns-3913472980-zkqk1 0/3 Pending 0 3m <none> kube-system kube-proxy-tckxj 1/1 Running 0 3m 10.104.143.65 node1 kube-system kube-scheduler-node1 1/1 Running 0 4m 10.104.143.65 node1 ###可以看到kube-dns是還沒有起來的,是因爲我們網絡還沒有配置,所以起不來的。
14、查看集羣節點的狀態:
[root@node1src]# kubectl get nodes NAME STATUS AGE VERSION node1 NotReady 3m v1.6.2
15、接下來我們配置網絡,先下載flannl網絡文件,然後配置:
[root@node1 src]#wgethttps://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml [root@node1 src]#wgethttps://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
##然後修改相關文件,加上自己網卡,不然多網卡經常網絡起不來:
[root@node1 src]# vim kube-flannel.yml ###添加"--iface=eth0” command: [ "/opt/bin/flanneld","--ip-masq", "--kube-subnet-mgr", "--iface=eth0"]
16、爲了啓動快速,我們可以事先把flannel的鏡像下載下來:
[root@node1 ~]# docker pullregistry.cn-hangzhou.aliyuncs.com/omega-reg/flannel:v0.7.1-amd64 [root@node1 ~]# docker tagregistry.cn-hangzhou.aliyuncs.com/omega-reg/flannel:v0.7.1-amd64quay.io/coreos/flannel:v0.7.1-amd64
17、接下來我們啓動flannel網絡:
[root@node1 src]# kubectl create -fkube-flannel-rbac.yml clusterrole "flannel" created clusterrolebinding "flannel"created [root@node1 src]# kubectl apply -fkube-flannel.yml serviceaccount "flannel" created configmap "kube-flannel-cfg"created daemonset "kube-flannel-ds" created
18、然後我們看一下pod相關狀態:
[root@node1 src]# kubectl get pod -o wide -nkube-system NAME READY STATUS RESTARTS AGE IP NODE etcd-node1 1/1 Running 0 10m 10.104.143.65 node1 kube-apiserver-node1 1/1 Running 0 10m 10.104.143.65 node1 kube-controller-manager-node1 1/1 Running 0 10m 10.104.143.65 node1 kube-dns-3913472980-zkqk1 3/3 Running 0 10m 10.244.0.2 node1 kube-flannel-ds-xjckw 2/2 Running 0 51s 10.104.143.65 node1 kube-proxy-tckxj 1/1 Running 0 10m 10.104.143.65 node1 kube-scheduler-node1 1/1 Running 0 10m 10.104.143.65 node1
19、接下來我們把node2加入集羣:
[root@node2 ~]# kubeadm join --token 50e5cc.8ca639f09da1fb6510.104.143.65:6443 [kubeadm] WARNING: kubeadm is in beta, pleasedo not use it for production clusters. [preflight] Running pre-flight checks 。。。。。
20、在Node1上面查看:
[root@node1src]# kubectl get nodes NAME STATUS AGE VERSION node1 Ready 26m v1.6.2 node2 Ready 2m v1.6.2
21、我們可以先測試一下DNS解析組件是否正常,因爲這個和可能影響到後面的dashboard:
[root@node1 src]# kubectl run curl--image=radial/busyboxplus:curl -i --tty If you don't see a command prompt, trypressing enter. [ root@curl-57077659-f4wgb:/ ]$ nslookupkubernetes.default Server: 10.96.0.10 Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: kubernetes.default Address 1: 10.96.0.1kubernetes.default.svc.cluster.local [ root@curl-57077659-f4wgb:/ ]$ nslookupkube-dns.kube-system Server: 10.96.0.10 Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: kube-dns.kube-system Address 1: 10.96.0.10kube-dns.kube-system.svc.cluster.local
22、正常之後,我們編寫一個pod,然後測試一下運行情況:
[root@node1src]# cat my-nginx.yaml apiVersion:extensions/v1beta1 kind:Deployment metadata: name: my-nginx spec: replicas: 2 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80
###對外訪問的時候,我們需要提供相關端口訪問,故需要編寫一個service:
[root@node1src]# cat nginx-srv.yaml apiVersion:v1 kind:Service metadata: name: my-nginx labels: run: my-nginx spec: type: NodePort ports: - port: 80 nodePort: 30062 protocol: TCP selector: run: my-nginx
23、啓動正常,我們可以測試一下訪問是否正常:
[root@node1src]# kubectl create -f my-nginx.yaml deployment"my-nginx" created [root@node1src]# kubectl create -f nginx-srv.yaml service"my-nginx" created ##查看一下pod是否已經起來了: [root@node1src]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE curl-57077659-f4wgb 1/1 Running 1 19m 10.244.0.3 node1 my-nginx-858393261-2f2cq 1/1 Running 0 41s 10.244.0.4 node1 my-nginx-858393261-frdtg 1/1 Running 0 41s 10.244.1.2 node2
##查看一下相關service的情況:
[root@node1src]# kubectl get service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.96.0.1 <none> 443/TCP 37m my-nginx 10.110.89.147 <nodes> 80:30062/TCP 1m
24、接下來就是測試是否正常了:
[root@node1src]# curl 10.110.89.147 <!DOCTYPEhtml> <html> <head> <title>Welcometo nginx!</title> .......
##要是不在這個節點上面我們就得根據NODE IP:30062來訪問了:
[root@node1src]# curl node1:30062 <!DOCTYPEhtml> <html> <head> <title>Welcometo nginx!</title> [root@node1src]# curl node2:30062 <!DOCTYPEhtml> <html> <head> <title>Welcometo nginx!</title> <style>
25、##然後我們可以測試一下容器之間的相互連通性:
[root@node1src]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE curl-57077659-f4wgb 1/1 Running 1 23m 10.244.0.3 node1 my-nginx-858393261-2f2cq 1/1 Running 0 4m 10.244.0.4 node1 my-nginx-858393261-frdtg 1/1 Running 0 4m 10.244.1.2 node2 ##登錄10.244.0.4ping 10.244.1.2: [root@node1src]# kubectl exec my-nginx-858393261-2f2cq ping 10.244.1.2 PING10.244.1.2 (10.244.1.2): 56 data bytes 64 bytesfrom 10.244.1.2: icmp_seq=0 ttl=62 time=5.018 ms ##可以看到是沒問題的。
26、接下來我們測試一下dns解析是否有問題,因爲我們有curl節點了,直接用curl測試,有了dns內部測試,我們可以根據service 定義的訪問即可:
[root@node1src]# kubectl get service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.96.0.1 <none> 443/TCP 57m my-nginx 10.110.89.147 <nodes> 80:30062/TCP 21m [root@node1src]# kubectl exec curl-57077659-f4wgb curl my-nginx % Total % Received % Xferd AverageSpeed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<!DOCTYPE html> <html> <head> <title>Welcometo nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial,sans-serif; } </style>
##我們看到測試dns也是能夠完成安裝的,到底玄機在哪裏的,就是dns插件構成的結果,後續我們有時間再做進一步解析,今天kubernetes安裝就先到這。