kubernetes是google公司基於docker所做的一個分佈式集羣,有以下主件組成
etcd: 高可用存儲共享配置和服務發現,作爲與minion機器上的flannel配套使用,作用是使每臺 minion上運行的docker擁有不同的ip段,最終目的是使不同minion上正在運行的docker containner都有一個與別的任意一個containner(別的minion上運行的docker containner)不一樣的IP地址。
flannel: 網絡結構支持
kube-apiserver: 不論通過kubectl還是使用remote api 直接控制,都要經過apiserver
kube-controller-manager: 對replication controller, endpoints controller, namespace controller, and serviceaccounts controller的循環控制,與kube-apiserver交互,保證這些controller工作
kube-scheduler: Kubernetes scheduler的作用就是根據特定的調度算法將pod調度到指定的工作節點(minion)上,這一過程也叫綁定(bind)
kubelet: Kubelet運行在Kubernetes Minion Node上. 它是container agent的邏輯繼任者
kube-proxy: kube-proxy是kubernetes 裏運行在minion節點上的一個組件, 它起的作用是一個服務代理的角色
圖爲GIT+Jenkins+Kubernetes+Docker+Etcd+confd+Nginx+Glusterfs架構:
如下:
環境:
centos7系統機器三臺:
192.168.1.165: 用來安裝kubernetes master
192.168.1.247: 用作kubernetes minion (minion1)
一、關閉系統運行的防火牆及selinux
1。如果系統開啓了防火牆則按如下步驟關閉防火牆(所有機器)
# systemctl stop firewalld # systemctl disable firewalld
2.關閉selinux
#setenforce 0 #sed -i '/^SELINUX=/cSELINUX=disabled' /etc/sysconfig/selinux
二、MASTER安裝配置
安裝並配置Kubernetes master(yum 方式)
yum -y install etcd kubernetes
配置etcd。確保列出的這些項都配置正確並且沒有被註釋掉,下面的配置都是如此
#vim /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_NAME="default" ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
配置kubernetes
vim /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBELET_PORT="--kubelet_port=10250"
KUBE_ETCD_SERVERS="--etcd_servers=http://192.168.1.165:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
KUBE_API_ARGS=""
2. 啓動etcd, kube-apiserver, kube-controller-manager and kube-scheduler服務
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES ;systemctl enable $SERVICES ;systemctl status $SERVICES ; done;
3.設置etcd網絡
#etcdctl -C 192.168.1.165:2379 set /atomic.io/network/config '{"Network":"10.1.0.0/16"}'
報錯如下:
parse 192.168.1.165:2379: first path segment in URL cannot contain colon
解決方法:
etcdctl -C http://127.0.0.1:2379 set /atomic.io/network/config '{"Network":"10.1.0.0/16"}'
{"Network":"10.1.0.0/16"}
4. 至此master配置完成,運行kubectl get nodes可以查看有多少minion在運行,以及其狀態。這裏我們的minion還都沒有開始安裝配置,所以運行之後結果爲空
kubectl get nodes
三、MINION安裝配置(每臺minion機器都按如下安裝配置)
1. 環境安裝和配置
yum -y install flannel kubernetes
配置kubernetes連接的服務端IP
vim /etc/kubernetes/config 修改以下兩個配置項KUBE_MASTER="--master=http://192.168.1.165:8080"
KUBE_ETCD_SERVERS="--etcd_servers=http://192.168.1.165:2379"
配置kubernetes ,(請使用每臺minion自己的IP地址比如192.168.1.247:代替下面的$LOCALIP)
#vim /etc/kubernetes/kubelet 紅色標記的要調整,具體看後面的步驟,否則創建pod會失敗。
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.1.247"
KUBELET_API_SERVER="--api-servers=http://192.168.1.165:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
2. 準備啓動服務(如果本來機器上已經運行過docker的請看過來,沒有運行過的請忽略此步驟)
運行ifconfig,查看機器的網絡配置情況(有docker0)
ifconfig docker0Link encap:Ethernet HWaddr 02:42:B2:75:2E:67 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UPBROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
warning:在運行過docker的機器上可以看到有docker0,這裏在啓動服務之前需要刪掉docker0配置,在命令行運行:sudo ip link delete docker0
3.配置flannel網絡
#vim /etc/sysconfig/flanneldFLANNEL_ETCD_ENDPOINTS="http://192.168.1.165:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
PS:其中atomic.io與上面etcd中的Network對應
4. 啓動服務
for SERVICES in flanneld kube-proxy kubelet docker; do systemctl restart $SERVICES ;systemctl enable $SERVICES ;systemctl status $SERVICES; done
確定minion(192.168.1.247)和一臺master(192.168.1.165)都已經成功的安裝配置並且服務都已經啓動了。
切換到master機器上,運行命令kubectl get nodes
kubectl get nodesNAME STATUS AGE
192.168.1.247 Ready 6h
可以看到配置的minion已經在master的node列表中了。如果想要更多的node,只需要按照minion的配置,配置更多的機器就可以了。
三、Kubernetes之深入瞭解Pod
2、Pod基本用法:
在使用docker時,我們可以使用docker run命令創建並啓動一個容器,而在Kubernetes系統中對長時間運行的容器要求是:其主程序需要一直在前臺運行。如果我們創建的docker鏡像的啓動命令是後臺執行程序,例如Linux腳本:
nohup ./startup.sh &
則kubelet創建包含這個容器的pod後運行完該命令,即認爲Pod執行結束,之後根據RC中定義的pod的replicas副本數量生產一個新的pod,而一旦創建出新的pod,將在執行完命令後陷入無限循環的過程中,這就是Kubernetes需要我們創建的docker鏡像以一個前臺命令作爲啓動命令的原因。
對於無法改造爲前臺執行的應用,也可以使用開源工具supervisor輔助進行前臺運行的功能。
****Pod可以由一個或多個容器組合而成
例如:兩個容器應用的前端frontend和redis爲緊耦合的關係,應該組合成一個整體對外提供服務,則應該將這兩個打包爲一個pod.
配置文件frontend-localredis-pod.yaml如下,剛開始的時候沒有直接複製,yaml對格式嚴格要求,所以可以通過kubectl create -f frontend-localredis-pod.yaml --dry-run --validate=true檢查配置文件哪裏有問題。
apiVersion: v1 kind: Pod metadata: name: redis-php labels: name: redis-php spec: containers: - name: frontend image: kubeguide/guestbook-php-frontend:localredis ports: - containerPort: 80 - name: redis-php image: kubeguide/redis-master ports: - containerPort: 6379
kubernetes啓動pod,pod狀態一直不正常,查看pod狀態顯示
image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)
按照網上所說的解決方案:yum install *rhsm* -y
Failed to create pod infra container: ImagePullBackOff; Skipping pod "redis-master-jj6jw_default(fec25a87-cdbe-11e7-ba32-525400cae48b)": Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest
解決方法:試試通過手動下載
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
docker pull 是還是報錯
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
查看下redhat-ca.crt確實不存在,registry.access.redhat.com/rhel7/pod-infrastructure:latest默認是https下載。
最終解決方案:
1.docker search pod-infrastructure
docker search pod-infrastructure
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/openshift/origin-pod The pod infrastructure image for OpenShift 3 8
docker.io docker.io/davinkevin/podcast-server Container around the Podcast-Server Applic... 5
docker.io docker.io/infrastructureascode/aws-cli Containerized AWS CLI on alpine to avoid r... 4 [OK]
docker.io docker.io/newrelic/infrastructure Public image for New Relic Infrastructure. 4
docker.io docker.io/infrastructureascode/uwsgi uWSGI application server 2 [OK]
docker.io docker.io/infrastructureascode/serf A tiny Docker image with HashiCorp Serf us... 1 [OK]
docker.io docker.io/mosquitood/k8s-rhel7-pod-infrastructure 1
docker.io docker.io/podigg/podigg-lc-hobbit A HOBBIT dataset generator wrapper for PoDiGG 1 [OK]
docker.io docker.io/stefanprodan/podinfo Kubernetes multi-arch pod info 1
docker.io docker.io/tianyebj/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 1
docker.io docker.io/w564791/pod-infrastructure latest 1
docker.io docker.io/infrastructureascode/hello-world A tiny "Hello World" web server with a hea... 0 [OK]
docker.io docker.io/jqka/pod-infrastructure redhat pod 0 [OK]
docker.io docker.io/ocpqe/hello-pod Copy form docker.io/deshuai/hello-pod:latest 0
docker.io docker.io/oudi/pod-infrastructure pod-infrastructure 0 [OK]
docker.io docker.io/sebastianhutter/podcaster python script to download podcasts https:/... 0 [OK]
docker.io docker.io/shadowalker911/pod-infrastructure 0
docker.io docker.io/statemood/pod-infrastructure Automated build from registry.access.redha... 0 [OK]
docker.io docker.io/tfgco/podium Podium is a blazing-fast player ranking se... 0
docker.io docker.io/trancong/pod2consul register pod with consul 0
docker.io docker.io/tundradotcom/podyn dockerized Podyn 0
docker.io docker.io/vistalba/podget Podget Docker with rename included. 0 [OK]
docker.io docker.io/wedeploy/infrastructure 0
docker.io docker.io/xplenty/rhel7-pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0
docker.io docker.io/zengshaoyong/pod-infrastructure pod-infrastructure 0 [OK]
2.vi /etc/kubernetes/kubelet
替換爲上面第一個節點(Deven:後面改回去了也沒有報錯了,所以這個步驟可能不是必須的。) KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/openshift/origin-pod"
3.重啓
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
systemctl restart kubelet
systemctl restart kube-proxy
4. kubectl get pods 查看之前的pods已經正常狀態Running
屬於一個Pod的多個容器應用之間相互訪問只需要通過localhost就可以通信,這一組容器被綁定在一個環境中。
使用kubectl create創建該Pod後,get pod信息可以看到如下圖:
#kubectl get pods
NAME READY STATUS RESTARTS AGE
myweb-1rr24 1/1 Running 1 27m
redis-php 2/2 Running 0 16s
查看pod的詳細信息,可以看到兩個容器的定義和創建過程。
#kubectl describe pods redis-php
Name: redis-php
Namespace: default
Node: 192.168.1.247/192.168.1.247
Start Time: Sat, 04 Aug 2018 17:37:53 +0800
Labels: name=redis-php
Status: Running
IP: 10.1.49.3
Controllers: <none>
Containers:
frontend:
Container ID: docker://1c109acce5c81f57f7c02619c489855ae67ece114fdfa104189521e1f2fc052b
Image: kubeguide/guestbook-php-frontend:localredis
Image ID: docker-pullable://docker.io/kubeguide/guestbook-php-frontend@sha256:37c2c1dcfcf0a51bf9531430fe057bcb1d4b94c64048be40ff091f01e384f81e
Port: 80/TCP
State: Running
Started: Sat, 04 Aug 2018 17:37:54 +0800
Ready: True
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
redis-php:
Container ID: docker://6edf7724a548f178975eb9abcbee675788720a5d804867124f1dc454e7e3b058
Image: kubeguide/redis-master
Image ID: docker-pullable://docker.io/kubeguide/redis-master@sha256:e11eae36476b02a195693689f88a325b30540f5c15adbf531caaecceb65f5b4d
Port: 6379/TCP
State: Running
Started: Sat, 04 Aug 2018 17:38:00 +0800
Ready: True
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
2m 2m 1 {default-scheduler } Normal Scheduled Successfully assigned redis-php to 192.168.1.247
2m 2m 1 {kubelet 192.168.1.247} spec.containers{frontend} Normal Pulled Container image "kubeguide/guestbook-php-frontend:localredis" already present on machine
2m 2m 1 {kubelet 192.168.1.247} spec.containers{frontend} Normal Created Created container with docker id 1c109acce5c8; Security:[seccomp=unconfined]
2m 2m 1 {kubelet 192.168.1.247} spec.containers{frontend} Normal Started Started container with docker id 1c109acce5c8
2m 2m 1 {kubelet 192.168.1.247} spec.containers{redis-php} Normal Pulling pulling image "kubeguide/redis-master"
2m 2m 3 {kubelet 192.168.1.247} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
2m 2m 1 {kubelet 192.168.1.247} spec.containers{redis-php} Normal Pulled Successfully pulled image "kubeguide/redis-master"
2m 2m 1 {kubelet 192.168.1.247} spec.containers{redis-php} Normal Created Created container with docker id 6edf7724a548; Security:[seccomp=unconfined]
2m 2m 1 {kubelet 192.168.1.247} spec.containers{redis-php} Normal Started Started container with docker id 6edf7724a548
四、創建RC(Replication Controller)
vim myweb-rc.yaml
apiVersion: v1 kind: ReplicationController metadata: name: myweb spec: replicas: 2 selector: name: myweb template: metadata: labels: name: myweb spec: containers: - name: myweb image: kubeguide/tomcat-app:v1 ports: - containerPort: 8080
創建pod kubectl create -f wyweb-rc.yaml
查看創建情況:kubectl get po
NAME READY STATUS RESTARTS AGE
command-demo 0/1 CrashLoopBackOff 38 2h
myweb-46x8r 1/1 Running 0 7m
redis-php 2/2 Running 0 2h