在"China Azure中部署Kubernetes(K8S)集群"一文中,我们使用的ACS Version及Kubernete Version版本都比较低,ACS Version为0.8.0,Kubernete Version为1.6。随着ACS版本及Kubernete版本的不断跟新,我们会尽可能的采用新的version部署我们的集群服务。本文将使用 ACS Version为0.18.8,Kubernete Version为1.10.4 进行部署,同时Kubernetes.json的配置文件也加入了多个限制条件,详情操作见下:
1.查看Ubuntu 机器Version
root@hlmubu1604n1ma:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.5 LTS Release: 16.04 Codename: xenial
2.在该Ubuntu机器上安装CLI 2.0
root@hlmubu1604n1ma:~# az /\ / \ _____ _ _ ___ _ / /\ \ |_ / | | | \'__/ _\ / ____ \ / /| |_| | | | __/ /_/ \_\/___|\__,_|_| \___| Welcome to the cool new Azure CLI! Use `az --version` to display the current version. Here are the base commands:
3.下载并安装 Azure 容器服务引擎(acs-engine)
wget https://github.com/Azure/acs-engine/releases/download/v0.18.8/acs-engine-v0.18.8-linux-amd64.tar.gz tar zxvf acs-engine-v0.18.8-linux-amd64.tar.gz cd acs-engine-v0.18.8-linux-amd64/ root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ./acs-engine version Version: v0.18.8 GitCommit: 71d88da GitTreeState: clean
4.创建资源组并获取服务主体身份(service principal)
root@hlmubu1604n1ma:~# az cloud set -n AzureChinaCloud root@hlmubu1604n1ma:~# az login -u "***@***.onmschina.cn" Password: [ { "cloudName": "AzureChinaCloud", "id": "***", "isDefault": true, "name": "He Liming (anitay)", "state": "Enabled", "tenantId": "***", "user": { "name": "***", "type": "user" } } ] root@hlmubu1604n1ma:~# az account set --subscription "***" root@hlmubu1604n1ma:~# az group create -n hlmk8srgt1 -l chinanorth { "id": "/subscriptions/***/resourceGroups/hlmk8srgt1", "location": "chinanorth", "managedBy": null, "name": "hlmk8srgt1", "properties": { "provisioningState": "Succeeded" }, "tags": null }
root@hlmubu1604n1ma:~# az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/***/resourceGroups/hlmk8srgt1"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
Retrying role assignment creation: 3/36
Retrying role assignment creation: 4/36
Retrying role assignment creation: 5/36
Retrying role assignment creation: 6/36
{
"appId": "***",
"displayName": "azure-cli-2018-09-18-07-49-05",
"name": "http://azure-cli-2018-09-18-07-49-05",
"password": "***", "tenant": "***"
}
备注:记录appId及password的值以备后续使用
5.创建一个kubernets.json模板文件
{ "apiVersion": "vlabs", "location": "chinanorth", "properties" : { "orchestratorProfile" : { "orchestratorType" : "Kubernetes", "kubernetesConfig" : { "schedulerConfig" : { "--profiling" : "false" }, "enableRbac":false, "apiServerConfig" : { "--audit-log-path" : "/var/log/audit.log", "--audit-log-maxage": "30", "--audit-log-maxsize": "100", "--audit-log-maxbackup": "10", "--anonymous-auth":"false", "--profiling":"false" }, "addons": [ { "name":"tiller", "enabled":false }, { "name":"kubernetes-dashboard", "enabled":false }, { "name":"cluster-autoscaler", "config": { "maxNodes":"10", "minNodes":"2" }, "enabled":true } ], "dnsServiceIP" : "10.2.0.240", "networkPolicy": "calico", "kubeletConfig" : { "--make-iptables-util-chains":"true", "--allow-privileged":"false", "--keep-terminated-pod-volumes":"false", "--read-only-port": "0", "--event-qps": "0", "--cadvisor-port": "0" }, "serviceCidr": "10.2.0.0/24", "controllerManagerConfig": { "--terminated-pod-gc-threshold": "5000", "--profiling":"false" } }, "orchestratorVersion": "1.10.4" }, "agentPoolProfiles": [ { "storageProfile": "ManagedDisks", "name": "macsetupdeve", "count": 2, "osType": "Linux", "vnetSubnetId": "/subscriptions/***/resourceGroups/hlmk8st1/providers/Microsoft.Network/virtualNetworks/hlmk8svnet/subnets/default", "vmSize": "Standard_A2_v2", "availabilityProfile": "VirtualMachineScaleSets" } ], "servicePrincipalProfile": { "clientId": "***", "secret": "***" }, "linuxProfile": { "adminUsername": "stone", "ssh": { "publicKeys": [ { "keyData": "ssh-rsa *** root@hlmubu1604n1ma" } ] } }, "masterProfile": { "firstConsecutiveStaticIP": "10.2.0.100", "storageProfile": "ManagedDisks", "count": 1, "dnsPrefix": "hlmk8s-mstr000", "vnetSubnetId": "/subscriptions/***/resourceGroups/hlmk8st1/providers/Microsoft.Network/virtualNetworks/hlmk8svnet/subnets/default", "vmSize": "Standard_A2_v2" } } } 备注: clientId为之前记录的appId; secret为之前记录的password; keyData为登陆机器所需的公钥(需要使用ssh-keygen命令生成)
6.生成Azure模板文件
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ./acs-engine generate kubernetes.json INFO[0000] Generating assets into _output/hlmk8s-mstr001... root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ls acs-engine kubernetes.json kubernetes.json.bak kubernetes.json.bak1 kubernetes.json.bak2 LICENSE _output README.md translations root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# cd _output/ root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output# ls hlmk8s-mstr000 hlmk8s-mstr001 root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output# cd hlmk8s-mstr001/ root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output/hlmk8s-mstr001# ls apimodel.json apiserver.key azuredeploy.parameters.json ca.key client.key etcdclient.key etcdpeer0.key etcdserver.key kubectlClient.crt apiserver.crt azuredeploy.json ca.crt client.crt etcdclient.crt etcdpeer0.crt etcdserver.crt kubeconfig kubectlClient.key
7.部署Kubernetes集群,该过程大约需要20分钟左右
备注:使用较新的ACS生成的"azuredeploy.parameters.json"文件,不需要修改URL,直接就可以运行
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output/hlmk8s-mstr001# az group deployment create --resource-group hlmk8srgt1 --template-file azuredeploy.json --parameters azuredeploy.parameters.json
8.使用Kubectl工具,并查看集群节点状态
备注:Azure Portal界面显示如下
I hear and I forget. I see and I remeber. I do and I understand!