kubernetes安装:
master,etcd:
node:
前提:基于主机名通信;
时间同步;
关闭firewalld和iptables.service
OS:centos7.3,extra
步骤:
etcd cluster,仅master节点;
flannel,集群的所有节点;
配置k8s的master:仅master节点:kubernetes-master
启动的服务:kube-apiserver,kube-scheduler,kube-controller-manager
配置的K8s的node节点:kubernetes-node
先设定启动docker服务;
启动的k8s服务:kube-proxy,kubelet
kubeadm:
1、master,nodes安装kubelet,kubeadm,docker
2、master:kubeadm init
3、nodes:kubeadm join
https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.10.md
关闭firewalld,selinux
1、配置yum源:
docker yum源:
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#阿里云yum源:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
#docker yum源
cat >> /etc/yum.repos.d/docker.repo <<EOF
[docker-repo]
name=Docker Repository
baseurl=http://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7
enabled=1
gpgcheck=0
EOF
kubernertes yum源:
cat >> /etc/yum.repos.d/k8s.repo <<EOF
[k8s]
name=k8s
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
enabled=1
EOF
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
若要使用key:
# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
# yum --import yum-key.gpg
其它yum源:
wget http://mirrors.aliyun.com/repo/Centos-7.repo
2、master端操作:
# yum install -y docker-ce kubelet kubeadm kubectl
# rpm -ql docker-ce
/usr/bin/docker-init
/usr/bin/docker-proxy
/usr/bin/dockerd-ce
/usr/lib/systemd/system/docker.service
/usr/lib/systemd/system/docker.socket
/var/lib/docker-engine/distribution_based_engine-ce.json
# rpm -ql kubelet
/etc/kubernetes/manifests
/etc/sysconfig/kubelet
/usr/bin/kubelet
/usr/lib/systemd/system/kubelet.service
# rpm -ql kubeadm
/usr/bin/kubeadm
/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
# rpm -ql kubectl
/usr/bin/kubectl
# vi /usr/lib/systemd/system/docker.service
Environment="HTTPS_PROXY=http://www.ik8s.io:10080
Environment=""NO_PROXY=127.0.0.0.8,192.168.31.0/16"
# systemctl daemon-reload
# systemctl start docker.service
# cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
# systemctl enable docker.service
# systemctl enable kubelet
# ss -tnl
# vi /etc/sysconfig/kubelet #禁用swap
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
# kubeadm init --help
# kubeadm init --kubernetes-version=stable-1.11 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
# kubeadm init --kubernetes-version=stable-1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
--kubernetes-version=stable-1.11 #指定kubernetes版本
--pod-network-cidr=10.244.0.0/16 #指定pod的网段
--service-cidr=10.96.0.0/12 #指定service的网段
--ignore-preflight-errors=Swap #忽略swap
初始化失败,国内网站无法访问dl.k8s.io/,因此需要事先把这些镜像拉取下来:
could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
方法1:有个墙外的代理服务器,对docker配置代理,需修改/etc/sysconfig/docker文件,添加:
HTTP_PROXY=http://proxy_ip:port
http_proxy=$HTTP_PROXY
重启docker:systemctl restart docker
# docker image ls
# kubeadm config images pull
# kubeadm config images list #初始化时需要的镜像
k8s.gcr.io/kube-apiserver:v1.14.0
k8s.gcr.io/kube-controller-manager:v1.14.0
k8s.gcr.io/kube-scheduler:v1.14.0
k8s.gcr.io/kube-proxy:v1.14.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1
方法2:通过 docker.io/mirrorgooglecontainers中转一下https://hub.docker.com/u/mirrorgooglecontainers
# kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#docker.io/mirrorgooglecontainers#g' |sh -x #下载需要的镜像
# docker images |grep mirrorgooglecontainers |awk '{print "docker tag ",$1":"$2,$1":"$2}' |sed -e 's#mirrorgooglecontainers#k8s.gcr.io#2' |sh -x #重命名镜像
# docker images |grep mirrorgooglecontainers |awk '{print "docker rmi ", $1":"$2}' |sh -x #删除mirrorgooglecontainers镜像
# docker pull docker.io/mirrorgooglecontainers/kube-apiserver:v1.14.0
# docker pull docker.io/mirrorgooglecontainers/kube-controller-manager:v1.14.0
# docker pull docker.io/mirrorgooglecontainers/kube-scheduler:v1.14.0
# docker pull docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0
# docker pull docker.io/mirrorgooglecontainers/pause:3.1
# docker pull docker.io/mirrorgooglecontainers/etcd:3.3.10
# docker tag mirrorgooglecontainers/kube-apiserver:v1.14.0 k8s.gcr.io/kube-apiserver:v1.14.0
# docker tag mirrorgooglecontainers/kube-proxy:v1.14.0 k8s.gcr.io/kube-proxy:v1.14.0
# docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.0 k8s.gcr.io/kube-controller-manager:v1.14.0
# docker tag mirrorgooglecontainers/kube-scheduler:v1.14.0 k8s.gcr.io/kube-scheduler:v1.14.0
# docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
# docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
coredns没包含在docker.io/mirrorgooglecontainers中,需要手工从coredns官方镜像转换下。
# docker pull coredns/coredns:1.3.1
# docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
# docker rmi coredns/coredns:1.3.1
master初始化:
# kubeadm init --kubernetes-version=stable-1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
# kubectl get -h
# kubectl get cs #kubectl get componentstatus
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
或:
# kubeadm init --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=NumCPU
因为后面要安装网络插件flannel ,所有这里要添加参数, --pod-network-cidr=10.244.0.0/16,10.244.0.0/16是flannel插件固定使用的ip段,它的值取决于你准备安装哪个网络插件
如果要自定义配置,先kubeadm config print init-defaults >kubeadm.conf,再修改,改完指定配置文件路径--config /root/kubeadm.conf
指定Kubenetes版本--kubernetes-version,如果不指定该参数,会从google网站下载最新的版本信息,因为它的默认值是stable-1。
因为使用的是虚拟机,只分配一个cpu,所以指定了参数--ignore-preflight-errors=NumCPU,如果你的cpu足够,不要添加这个参数.
初始化参数说明:
-apiserver-advertise-address string
API Server将要广播的监听地址。如指定为 `0.0.0.0` 将使用缺省的网卡地址。
--apiserver-bind-port int32 缺省值: 6443
API Server绑定的端口
--apiserver-cert-extra-sans stringSlice
可选的额外提供的证书主题别名(SANs)用于指定API Server的服务器证书。可以是IP地址也可以是DNS名称。
--cert-dir string 缺省值: "/etc/kubernetes/pki"
证书的存储路径。
--config string
kubeadm配置文件的路径。警告:配置文件的功能是实验性的。
--cri-socket string 缺省值: "/var/run/dockershim.sock"
指明要连接的CRI socket文件
--dry-run
不会应用任何改变;只会输出将要执行的操作。
--feature-gates string
键值对的集合,用来控制各种功能的开关。可选项有:
Auditing=true|false (当前为ALPHA状态 - 缺省值=false)
CoreDNS=true|false (缺省值=true)
-h, --help
获取init命令的帮助信息
--ignore-preflight-errors stringSlice
忽视检查项错误列表,列表中的每一个检查项如发生错误将被展示输出为警告,而非错误。 例如: 'IsPrivilegedUser,Swap'. 如填写为 'all' 则将忽视所有的检查项错误。
--kubernetes-version string 缺省值: "stable-1"
为control plane选择一个特定的Kubernetes版本。
--node-name string
指定节点的名称。
--pod-network-cidr string
指明pod网络可以使用的IP地址段。 如果设置了这个参数,control plane将会为每一个节点自动分配CIDRs。
--service-cidr string 缺省值: "10.96.0.0/12"
为service的虚拟IP地址另外指定IP地址段
--service-dns-domain string 缺省值: "cluster.local"
为services另外指定域名, 例如: "myorg.internal".
--skip-token-print
不打印出由 `kubeadm init` 命令生成的默认令牌。
--token string
这个令牌用于建立主从节点间的双向受信链接。格式为 [a-z0-9]{6}\.[a-z0-9]{16} - 示例: abcdef.0123456789abcdef
--token-ttl duration 缺省值: 24h0m0s
令牌被自动删除前的可用时长 (示例: 1s, 2m, 3h). 如果设置为 '0', 令牌将永不过期。
-----------------------
部署pod网络插件:flannel插件
选择flannel作为网络插件:
vim /etc/sysctl.conf,添加以下内容
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
修改后,及时生效
sysctl -p
地址:https://github.com/coreos/flannel
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
flannel 默认会使用主机的第一张网卡,如果你有多张网卡,需要通过配置单独指定。修改 kube-flannel.yml 中的以下部分
vim kube-flannel.yml
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=ens33 #添加
# kubectl apply -f kube-flannel.yml
查看各组件的状态:
# kubectl get cs
# kubectl get componentstatus
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
vm1.cluster.com Ready master 13m v1.14.0
# kubectl get pod
No resources found.
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-4sr5b 1/1 Running 0 14m
coredns-fb8b8dccf-rmj7h 1/1 Running 0 14m
etcd-vm1.cluster.com 1/1 Running 0 13m
kube-apiserver-vm1.cluster.com 1/1 Running 0 13m
kube-controller-manager-vm1.cluster.com 1/1 Running 0 13m
kube-flannel-ds-amd64-rnght 1/1 Running 0 2m30s
kube-proxy-mxjwr 1/1 Running 0 14m
kube-scheduler-vm1.cluster.com 1/1 Running 0 13m
# kubectl get ns #名称空间
NAME STATUS AGE
default Active 16m
kube-node-lease Active 16m
kube-public Active 16m
kube-system Active 16m
3、在node节点上操作:
# yum install -y docker-ce kubelet kubeadm
# vi /usr/lib/systemd/system/docker.service
Environment="HTTPS_PROXY=http://www.ik8s.io:10080
Environment=""NO_PROXY=127.0.0.0.8,192.168.31.0/16"
# vi /etc/sysconfig/kubelet #禁用swap
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
# systemctl start docker
# systemctl enable docker
# systemctl enable kubelet
注意,这里不需要启动kubelet,初始化的过程中会自动启动的,如果此时启动了会出现如下报错,忽略即可。日志在tail -f /var/log/messages
failed to load Kubelet config file /var/lib/kubelet/config.yaml, error failed to read kubelet config file “/var/lib/kubelet/config.yaml”, error: open /var/lib/kubelet/config.yaml: no such file or directory
kubeadm join 192.168.31.11:6443 --token rquyna.2jykkhlqq7zr306v \
--discovery-token-ca-cert-hash sha256:f7d07c0ba9ce136a0fb5d3a623146c51e17dfe49d69273474dc4ac902415dc79 --ignore-preflight-errors=Swap
node节点所需要的几个镜像:
k8s.gcr.io/kube-proxy-amd64:v1.10.0
k8s.gcr.io/pause-amd64:3.1
quay.io/coreos/flannel:v0.9.1-amd64(为网络插件的镜像,这里选择flannel为网络插件)
# docker pull docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0
# docker pull docker.io/mirrorgooglecontainers/pause:3.1
# docker tag mirrorgooglecontainers/kube-proxy:v1.14.0 k8s.gcr.io/kube-proxy:v1.14.0
# docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
# docker pull coredns/coredns:1.3.1
# docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
# docker rmi coredns/coredns:1.3.1
node节点上会拉取如下镜像:
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-proxy v1.14.0 5cd54e388aba 10 days ago 82.1MB
k8s.gcr.io/kube-scheduler v1.14.0 00638a24688b 10 days ago 81.6MB
k8s.gcr.io/kube-apiserver v1.14.0 ecf910f40d6e 10 days ago 210MB
k8s.gcr.io/kube-controller-manager v1.14.0 b95b1efa0436 10 days ago 158MB
quay.io/coreos/flannel v0.11.0-amd64 ff281650a721 2 months ago 52.6MB
coredns/coredns 1.3.1 eb516548c180 2 months ago 40.3MB
k8s.gcr.io/coredns 1.3.1 eb516548c180 2 months ago 40.3MB
k8s.gcr.io/etcd 3.3.10 2c4adeb21b4f 4 months ago 258MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 15 months ago 742kB
在master上查看:
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
vm1.cluster.com Ready master 36m v1.14.0
vm2.cluster.com NotReady <none> 4m36s v1.14.0
如要剔除node节点:
# kubectl delete node vm2.cluster.com
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-4sr5b 1/1 Running 0 36m
coredns-fb8b8dccf-rmj7h 1/1 Running 0 36m
etcd-vm1.cluster.com 1/1 Running 0 35m
kube-apiserver-vm1.cluster.com 1/1 Running 0 35m
kube-controller-manager-vm1.cluster.com 1/1 Running 0 35m
kube-flannel-ds-amd64-rnght 1/1 Running 0 24m
kube-flannel-ds-amd64-sng8b 0/1 Init:0/1 0 4m42s
kube-proxy-hptk5 0/1 ContainerCreating 0 4m42s
kube-proxy-mxjwr 1/1 Running 0 36m
kube-scheduler-vm1.cluster.com 1/1 Running 0 35m
# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-fb8b8dccf-4sr5b 1/1 Running 0 36m 10.244.0.3 vm1.cluster.com <none> <none>
coredns-fb8b8dccf-rmj7h 1/1 Running 0 36m 10.244.0.2 vm1.cluster.com <none> <none>
etcd-vm1.cluster.com 1/1 Running 0 35m 192.168.31.11 vm1.cluster.com <none> <none>
kube-apiserver-vm1.cluster.com 1/1 Running 0 35m 192.168.31.11 vm1.cluster.com <none> <none>
kube-controller-manager-vm1.cluster.com 1/1 Running 0 35m 192.168.31.11 vm1.cluster.com <none> <none>
kube-flannel-ds-amd64-rnght 1/1 Running 0 25m 192.168.31.11 vm1.cluster.com <none> <none>
kube-flannel-ds-amd64-sng8b 0/1 Init:0/1 0 4m55s 192.168.31.22 vm2.cluster.com <none> <none>
kube-proxy-hptk5 0/1 ContainerCreating 0 4m55s 192.168.31.22 vm2.cluster.com <none> <none>
kube-proxy-mxjwr 1/1 Running 0 36m 192.168.31.11 vm1.cluster.com <none> <none>
kube-scheduler-vm1.cluster.com 1/1 Running 0 36m 192.168.31.11 vm1.cluster.com <none> <none>
pod,service,replicaset,deployment,statefulet,daemonset,job,cronjob,node
deployment,job:pod的控制器
# kubectl version
# kubectl cluster-info
Kubernetes master is running at https://192.168.31.11:6443
KubeDNS is running at https://192.168.31.11:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
# kubectl run nginx-deploy --image=nginx:1.14-alpine --port=8080 --replicas=1 --generator=run-pod/v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx-deploy created (dry run)
# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 0/1 1 0 69s
# kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name]
[--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]
# kubectl expose deployment nginx-deploy --name=nginx --port=80 --target-port=80 --protocol=TCP
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5h50m
nginx ClusterIP 10.108.178.106 <none> 80/TCP 9s
# curl 10.108.178.106
# kubectl describe service nginx
# kubectl edit svc nginx #编辑这个service
# kubectl scaled --replicas=3 deployment nginx #扩容到3个pod
# kubectl describe pods nginx
# kubectl set image deployment nginx nginx=nginx:1.15-alpine #更新镜像版本
# kubectl rollout status deployment nginx #查看更新过程,灰度
# kubectl rollout undo deployment nginx #回滚,默认是回滚到上一个版本
在外部访问,需要修改pod的类型
# kubectl edit svc nginx
spec:
clusterIP: 10.108.178.106
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: nginx-deploy
sessionAffinity: None
type: ClusterIP --->修改问NodePort
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6h39m
nginx NodePort 10.108.178.106 <none> 80:30020/TCP 48m
在浏览器访问:10.108.178.106:30020
# kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2
# kubectl expose pod myapp --name=myapp --port=80
#实时监视watch
# kubectl get pod -w
#增加/缩减副本数量:
#kubectl scale --replicas=2 deployment myapp
#kubectl get pod
#升级
#kubectl set image deployment myapp myapp=ikubernetes/v2
#kubectl rollout status deployment myapp
#kubectl describe pod myapp-xxxx
#回滚
#kubectl rollout undo deployment myapp
#kubectl describe pod myapp-xxxx
#查看生成的iptabes规则
#iptabes -vnL
