安装版本
Kubernetes – 1.11.1
机器规划
注:三台机器已做key认证并添加hosts, 方便传送文件
系统配置(三台机器都执行)
关闭selinux及firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld && systemctl disable firewalld
内核参数调整
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
关闭swap, 注释fstab中的swap配置
swapoff -a
注: k8s 版本1.8开始要求关闭系统的swap,否则启动不了kubelet;
安装docker并启动(三台机器都执行)
docker从1.13版本之后采用时间线的方式作为版本号,分为社区版CE和企业版EE; 比如: 18.06 为18年6月份发布的版本;
安装包官方地址:
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
下载安装 docker-ce 17.03版本:
wget -c https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm
wget -c https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm
yum install -y docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm
注:本次安装的版本为 17.03 ; k8s-1.11.1 对应的最高版本docker是 17.03 ;
修改docker启动配置文件:
/usr/lib/systemd/system/docker.service
# 指定监听端口、数据存储目录以及加速镜像源
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H 127.0.0.1:8888 -g /data/docker --registry-mirror=http://xxxx.io --exec-opt native.cgroupdriver=systemd
启动 docker :
systemctl daemon-reload && systemctl enable docker && systemctl start docker
导入必要的镜像
默认使用 kubeadm 初始化集群时需要从 k8s.gcr.io 地址上拉取相关镜像,如果可以科学上网的,这一步可以省略;
master节点执行:
images=(kube-apiserver-amd64.tar kube-controller-manager-amd64.tar kube-scheduler-amd64.tar kubernetes-dashboard-amd64.tar etcd-amd64.tar coredns.tar flannel.tar kube-proxy-amd64.tar pause.tar)
for i in ${images[@]};do
docker load < $(dirname $script_dir)/$i
done
node节点执行:
images=(flannel.tar kube-proxy-amd64.tar pause.tar)
for i in ${images[@]};do
docker load < $(dirname $script_dir)/$i
done
镜像分享地址:
链接: https://pan.baidu.com/s/1jtT0qHpcz1WjovIBP6JOwQ 密码:5xxn
安装 kubeadm (三台机器都执行)
添加 yum 源:
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
EOF
安装 kubeadm :
# 列出最新版本
yum list kubeadm --showduplicates
# 安装
yum install kubeadm-1.11.1
注:安装 kubeadm ,相关依赖会安装 kubectl、kubelet、kubernetes-cni ; kubectl 是管理集群的工具,kubelet 是每个node节点都会运行的一个服务,用于管理节点的docker启动、网络组件等功能;
配置启动 kubelet (三台机器都执行)
确保kubelet和docker使用同一个cgroupdriver, 这里使用systemd;
kubelet 额外参数配置:
/etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"
启动 kubelet :
systemctl enable kubelet && systemctl start kubelet
初始化k8s集群 (master机器执行)
初始化:
kubeadm init --apiserver-advertise-address 10.211.55.10 --pod-network-cidr=10.10.0.0/16 --kubernetes-version=v1.11.1
初始化完成后会有以下提示:
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 10.211.55.10:6443 --token 4zfhdz.8jue59q95hzoc7p9 --discovery-token-ca-cert-hash sha256:da756adb30db06963db480d3868b9acd02c2e38271314baf62e9d28c6629ae92
增加kubectl权限访问:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置 k8s 网络 – flannel
Kubernetes支持Flannel、Calico、Weave network等多种cni网络Drivers;
配置 flannel :
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
如果有多张网卡,需要在kube-flannel.yml中使用–iface参数指定集群主机内网网卡的名称, 类似 :
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth1
查看 k8s 集群状态
查看集群状态 :
kubectl get cs
查看 pods :
kubectl get pod --all-namespaces
其它节点添加到集群
集群初始化完成后可以看到,最后有提示加入集群的命令,但token是有时间限制的,可能过一段时间就过期了,可以通过以下命令成生新的命令:
kubeadm token create --print-join-command
输出类似:
kubeadm join 10.211.55.10:6443 --token pxlvg5.puu7a0mrhpoif16e --discovery-token-ca-cert-hash sha256:f732ceef958151c56583641048ce6a11c39f960166969fb8f782374c3b4a7570
查看已有 token :
kubeadm token list
部署 k8s Dashboard
下载部署配置文件:
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
指向端口类型为 NodePort , 可以使用 节点ip:端口 访问 :
修改 kubernetes-dashboard.yaml
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
因 k8s 在1.6版本以后 kube-apiserver 启用了 RBAC 授权, 因此需要认证权限配置文件 :
增加 kubernetes-dashboard-admin.rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
节点增加标签用法:
kubectl label nodes <node-name> <label-key>=<label-value>
kubectl get nodes
kubectl label nodes k8s-master1 k8s-app=kubernetes-dashboard
查看 dashboard 分配到的 NodePort :
kubectl get svc,pod --all-namespaces | grep dashboard
创建 dashboard 的 pod :
kubectl create -f kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard-admin.rbac.yaml
查看登陆 dashboard 的token :
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
kubectl 命令补全
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc