Kubernetes是Google開源的容器集羣管理系統。它構建Ddocker技術之上,爲容器化的應用提供資源調度、部署運行、服務發現、擴容縮容等整一套功能,本質上可看作是基於容器技術的mini-PaaS平臺。本文旨在梳理Kubernetes的架構、概念及基本工作流,並且通過運行一個簡單的示例應用來介紹如何使用Kubernetes。
優點:
—輕量級、簡單
—公有云、私有云、混合雲部署
—模塊化、可插拔化、可掛接、可組合
—自動恢復、自動重啓、自動複製
內網系統中建議關閉防火牆服務:
# systemctl disable firewalld
# systemctl stop firewalld修改/etc/hosts文件
# 192.168.123.201 kubernetes-master
# 192.168.123.202 kubernetes-node1
# 192.168.123.203 kubernetes-node2關閉selinux
# vim /etc/selinux/config
SELINUX=disabled關閉docker的selinux功能
# vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled=false'1.Master上配置kube-apiserver,kube-controller-manager,kube-scheduler服務
(1) kube-apiserver服務
先確認etcd服務已經安裝正確並啓動,配置Kube-apiserver的啓動參數
# yum install -y etcd
# vim /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
# yum install -y kubernetes
# vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
Wants=etcd.service
After=etcd.service
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/apiserver
User=kube
ExecStart=/usr/bin/kube-apiserver \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBELET_PORT \
$KUBE_ALLOW_PRIV \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target配置文件/etc/kubernetes/config,文件的內容爲所有服務都需要的參數
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://kubernetes-master:8080"配置文件/etc/kubernetes/apiserver,內容包括:綁定主機的IP地址、端口號、etcd服務地址、Service所需的Cluster IP池、一系列admission控制策略等
KUBE_API_ADDRESS="--address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""(2) kube-controller-manager服務
kube-controller-manager服務依賴於etcd和kube-apiserver服務
# vim /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=etcd.service
After=kube-apiserver.service
Requires=etcd.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/controller-manager
User=kube
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target(3) kube-scheduler服務
kube-scheduler服務也依賴於etcd和kube-apiserve
# vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler Plugin
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=etcd.service
After=kube-apiserver.service
Requires=etcd.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/scheduler
User=kube
ExecStart=/usr/bin/kube-scheduler \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target完成後,通過systemctl start命令啓動3個服務。同時,使用systemctl enable命令將服務加入開機啓動列表中。
# systemctl daemon-reload
# systemctl start etcd kube-apiserver.service kube-controller-manager kube-scheduler
# systemctl enable etcd kube-apiserver.service kube-controller-manager kube-scheduler通過systemctl status 來驗證服務啓動的狀態。
2.Node上配置kubelet,kube-proxy服務
(1) kubelet服務
配置kubelet服務,它依賴於Docker服務
# vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBELET_API_SERVER \
$KUBELET_ADDRESS \
$KUBELET_PORT \
$KUBELET_HOSTNAME \
$KUBE_ALLOW_PRIV \
$KUBELET_ARGS
Restart=on-failure
[Install]
WantedBy=multi-user.target修改配置文件/etc/kubernetes/kubelet,內容包括:綁定主機IP地址、端口號、apiserver的地址及其他參數
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname_override=kubernetes-node1"
KUBELET_API_SERVER="--api_servers=http://kubernetes-master:8080"
KUBELET_ARGS=""(2) kube-proxy服務
配置kube-proxy服務,它依賴於Linux的network服務
# vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target配置文件/etc/kubernetes/proxy無須特別的參數設置
kubelet和kube-proxy都需要的配置文件/etc/kubernetes/config的內容示例如下:
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://kubernetes-master:8080"配置完成後,通過systemctl啓動服務:
# systemctl daemon-reload
# systemctl start kubelet.service kube-proxy docker
# systemctl enable kubelet.service kube-proxy dockerkubelet默認採用向Master自注冊的機制,在Master上查看名Node的狀態(# kubelet get nodes),狀態爲Ready表示Node向Master註冊成功。