为了账号安全,请及时绑定邮箱和手机立即绑定

kubeadm install Kubernetes1.7.4

标签:
Kubernetes

Kubernetes1.4版本中添加了kubeadm,旨在改善开发者在安装、调试和使用k8s时的体验,降低安装和使用门槛。理论上通过两个命令:init和join即可搭建出一套完整的Kubernetes cluster。

kubeadm安装Kubernetes是非常简单的,但限于国内的GWF导致镜像无法下载,会影响整个安装过程;

实验环境

OS: centOS7
Docker:

# docker versionClient:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:06:25 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:06:25 2017
 OS/Arch:      linux/amd64
 Experimental: false

1.修改主机名

安装之前一定要修改主机名,因为k8s会使用主机名通信;

vi /etc/hostname
vi /etc/hosts#添加以下内容your_ip your_hostname

注:通过这种方式修改主机名,不需要重启节点

2. 安装Docker

具体安装步骤参考官网,推荐安装Docker v1.12;
CentOS: https://docs.docker.com/v1.12/engine/installation/linux/centos/

tee /etc/yum.repos.d/docker.repo <<-'EOF'[dockerrepo]
name=Docker Repository
baseurl=[https://yum.dockerproject.org/repo/main/centos/7/](https://yum.dockerproject.org/repo/main/centos/7/)
enabled=1gpgcheck=1gpgkey=[https://yum.dockerproject.org/gpg](https://yum.dockerproject.org/gpg)
EOF

yum list docker-engine --showduplicates

yum install docker-engine-1.12.6 docker-engine-selinux-1.12.6 -y
systemctl enable docker ; systemctl start docker

3. Linux科学上网

export https_proxy=http://proxy.example.com:8118export http_proxy=http://proxy.example.com:8118

4. 下载kubectl

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl# 如果想要安装指定版本的kubectl,替换掉/release后面的字符串即可# 例如,如果想安装1.7.0版本的kubectl,执行以下命令curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/darwin/amd64/kubectl

chmod +x ./kubectl

sudo mv ./kubectl /usr/local/bin/kubectl

kubectl可以下载,也是挺奇怪的,但后面要下载的包可就不奇怪了,好气哦。。。

5. Installing kubelet and kubeadm

注: kubelet和kubeadm安装包下载需要科学上网哦~

kubelet:运行在集群中所有节点上,负责启动pods和容器等;
kubeadm:用于启动Kubernetes集群;

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=[https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64](https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64)
enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=[https://packages.cloud.google.com/yum/doc/yum-key.gpg](https://packages.cloud.google.com/yum/doc/yum-key.gpg)
        [https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg](https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg)
EOF
setenforce 0yum install -y kubelet kubeadm
systemctl enable kubelet && systemctl start kubelet

6. 修改docker和kubelet的cgroup驱动

docker和kubelet的cgroup驱动方式不同,需要修复配置:
https://github.com/kubernetes/kubeadm/issues/103

vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
修改 KUBELET_CGROUP_ARGS=--cgroup-driver=systemd  
为   KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs

systemctl daemon-reload
systemctl start kubelet

7. Docker代理设置

安装过程中会用Docker下载镜像,所以要让Docker科学上网
配置代理并重启docker、kubelet

[root@k8s ~]# systemctl enable docker[root@k8s ~]# mkdir -p /etc/systemd/system/docker.service.d/[root@k8s ~]# vi /etc/systemd/system/docker.service.d/http-proxy.conf[Service]
Environment="HTTP_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "HTTPS_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,proxy.example.com"
                             systemctl daemon-reload
[root@k8s ~]# systemctl restart docker

详情请参考:http://www.jianshu.com/p/bf58a66451d0

8. kubeadm init

Requirements:

  1. One or more machines running Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+

  2. 1GB or more of RAM per machine (any less will leave little room for your apps)

  3. Full network connectivity between all machines in the cluster (public or private network is fine)
    Objectives

  • 配置代理,kubeadm有部分请求也需要代理

export https_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)export http_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
  • kubeadm init

kubeadm init

注:

  1. --kubernetes-version 指定kubernetes版本

  2. 如果使用flannel或Calico网络方案,需要指定Pod的IP地址段 --pod-network-cidr=10.244.0.0/16

  3. --skip-preflight-checks 跳过检查

  4. 在使用代理也无法pull镜像的时候,可以修改/etc/kubenetes/manifest里面的yaml文件,设置imagePullPolicy为Never或者IfNotPresent

  5. 无法pull镜像的小伙伴可以留言哦

  • kubeadm init过程

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.4[init] Using Authorization modes: [Node RBAC]
[preflight] Skipping pre-flight checks
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.191.138]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"[apiclient] Created API client, waiting for the control plane to become ready  
<-> 这里会停的比较久,要去下载镜像,然后还得启动容器
[apiclient] All control plane components are healthy after 293.004469 seconds
[token] Using token: 2af779.b803df0b1effb3d9
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  [http://kubernetes.io/docs/admin/addons/](http://kubernetes.io/docs/admin/addons/)You can now join any number of machines by running the following on each nodeas root:

  kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.6:6443
  • 配置kubeconfig

# mkdir -p $HOME/.kube# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config# chown $(id -u):$(id -g) $HOME/.kube/config# ll ~/.kube/total 8
drwxr-xr-x. 3 root root   23 Jul 29 21:39 cache
-rw-------. 1 root root 5451 Jul 29 22:57 config

9. 安装Calico

kubernetes version >= 1.6.0执行下面的命令

kubectl apply -f [https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml](https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml)

详情参考:  https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/

10. Mater isolation

默认情况下,出于安全情况的考虑master节点不可调度,如果想把Pod调度到master节点,执行以下命令:

$ kubectl taint nodes --all node-role.kubernetes.io/master-

  node "test-01" untainted
  taint key="dedicated" and effect="" not found.
  taint key="dedicated" and effect="" not found.

11.添加worker节点

worker节点需要安装Docker, kubeadm, 将master节点上的镜像拷贝到worker节点;

kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.1:6443 --skip-preflight-checks
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Skipping pre-flight checks
[discovery] Trying to connect to API Server "192.168.191.138:6443"[discovery] Created cluster-info discovery client, requesting info from "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"[discovery] Cluster info signature and contents are valid, will use API Server "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"[discovery] Successfully established connection with API Server "192.168.191.138:6443"[bootstrap] Detected server version: v1.7.2[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on the master to see this machine join.

12. 所需镜像

# docker images REPOSITORY                                               TAG                 IMAGE ID            CREATED             SIZE
gcr.io/google_containers/kube-controller-manager-amd64   v1.7.4              d2adddc4b1cb        7 days ago          138MB
gcr.io/google_containers/kube-apiserver-amd64            v1.7.4              5260ecb5129c        7 days ago          186MB
gcr.io/google_containers/kube-proxy-amd64                v1.7.4              0f3bf654ec61        7 days ago          115MB
gcr.io/google_containers/kube-scheduler-amd64            v1.7.4              b1cd468ba656        7 days ago          77.2MB
quay.io/calico/kube-policy-controller                    v0.7.0              60d797585fc5        9 days ago          21.9MB
ubuntu                                                   14.04               c69811d4e993        13 days ago         188MB
quay.io/calico/node                                      v2.4.1              7643422fdf0f        2 weeks ago         277MB
centos                                                   latest              328edcd84f1b        2 weeks ago         193MB
quay.io/calico/cni                                       v1.10.0             88ca805c8ddd        3 weeks ago         70.3MB
nginx                                                    latest              b8efb18f159b        4 weeks ago         107MB
busybox                                                  latest              efe10ee6727f        5 weeks ago         1.13MB
quay.io/coreos/etcd                                      v3.1.10             47bb9dd99916        5 weeks ago         34.6MB
gcr.io/google_containers/etcd-amd64                      3.0.17              243830dae7dd        6 months ago        169MB
gcr.io/google_containers/pause-amd64                     3.0                 99e59f495ffa        15 months ago       747kB
sameersbn/squid                                          3.3.8-14            b51686290574        15 months ago       214MB

13. 创建的Pod

kubectl get pods -n=kube-system
NAME                                       READY     STATUS    RESTARTS   AGE
calico-etcd-fts5g                          1/1       Running   1          4d
calico-node-kthzl                          2/2       Running   4          4d
calico-policy-controller-336633499-tg35l   1/1       Running   1          4d
etcd-chun                                  1/1       Running   1          4d
kube-apiserver-chun                        1/1       Running   1          4d
kube-controller-manager-chun               1/1       Running   2          4d
kube-dns-2425271678-fz79r                  0/3       Pending   0          4d
kube-proxy-k6zfz                           1/1       Running   1          4d
kube-scheduler-chun                        1/1       Running   1          4d

14. kubernetes使用的端口

6443*                Kubernetes API server
2379-2380        etcd server client API
10250                Kubelet API
10251                kube-scheduler
10252                kube-controller-manager
10255                Read-only Kubelet API (Heapster)



作者:iCaptain
链接:https://www.jianshu.com/p/61c8e4984b56


点击查看更多内容
TA 点赞

若觉得本文不错,就分享一下吧!

评论

作者其他优质文章

正在加载中
  • 推荐
  • 评论
  • 收藏
  • 共同学习,写下你的评论
感谢您的支持,我会继续努力的~
扫码打赏,你说多少就多少
赞赏金额会直接到老师账户
支付方式
打开微信扫一扫,即可进行扫码打赏哦
今天注册有机会得

100积分直接送

付费专栏免费学

大额优惠券免费领

立即参与 放弃机会
意见反馈 帮助中心 APP下载
官方微信

举报

0/150
提交
取消