CentOS7部署Kubernetes集羣
簡介
Kubernetes是什麼?
Kubernetes一個用於容器集羣的自動化部署、擴容以及運維的開源平臺。
通過Kubernetes,你可以快速有效地響應用戶需求:
a、快速而有預期地部署你的應用
b、極速地擴展你的應用
c、無縫對接新的應用功能
d、節省資源,優化硬件資源的使用
我們希望培育出一個組件及工具的生態,幫助大家減輕在公有云及私有云上運行應用的負擔。
Kubernetes特點:
a、可移植: 支持公有云,私有云,混合雲,多重雲(multi-cloud)
b、可擴展: 模塊化, 插件化, 可掛載, 可組合
c、自愈: 自動佈置,自動重啓,自動複製,自動擴展
Kubernetes始於Google 2014 年的一個項目。 Kubernetes的構建基於Google十多年運行大規模負載產品的經驗,同時也吸取了社區中最好的意見和經驗。
Kubernetes設計架構:
高清圖地址:https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.2/docs/design/architecture.png
Kubernetes主要由以下幾個核心組件組成:
a、etcd保存了整個集羣的狀態;
b、apiserver提供了資源操作的唯一入口,並提供認證、授權、訪問控制、API註冊和發現等機制;
c、controller manager負責維護集羣的狀態,比如故障檢測、自動擴展、滾動更新等;
d、scheduler負責資源的調度,按照預定的調度策略將Pod調度到相應的機器上;
e、kubelet負責維護容器的生命週期,同時也負責Volume(CVI)和網絡(CNI)的管理;
d、Container runtime負責鏡像管理以及Pod和容器的真正運行(CRI);
e、kube-proxy負責爲Service提供cluster內部的服務發現和負載均衡;
除了核心組件,還有一些推薦的Add-ons:
f、kube-dns負責爲整個集羣提供DNS服務
g、Ingress Controller爲服務提供外網入口
h、Heapster提供資源監控
i、Dashboard提供GUI
j、Federation提供跨可用區的集羣
k、Fluentd-elasticsearch提供集羣日誌採集、存儲與查詢
****** 具體參考:https://www.kubernetes.org.cn/docs
一、環境介紹
Kubernetes包提供了一些服務:kube-apiserver, kube-scheduler, kube-controller-manager,kubelet,
kube-proxy。這些服務通過systemd進行管理,配置信息都集中存放在一個地方:/etc/kubernetes。我們將會把這些服務運行到不同的主機上。第一臺主機,centosmaster,將是Kubernetes 集羣的master主機。這臺機器上將運行kube-apiserver, kubecontroller-manager和kube-scheduler這幾個服務,此外,master主機上還將運行etcd。其餘的主機,fed-minion,將是從節點,將會運行kubelet, proxy和docker
操作系統信息:CentOS 7 64位
Open vSwitch版本信息:2.5.0
Kubernetes版本信息:v1.5.2
Etcd版本信息:3.1.9
Docker版本信息:1.12.6
服務器信息:
192.168.80.130 k8s-master
192.168.80.131 k8s-node1
192.168.80.132 k8s-node2
二、部署前準備
1、設置免密登錄
[Master]
[root@k8s-master ~]# ssh-keygen
[root@k8s-master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub k8s-node1
[root@k8s-master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub k8s-node2
2、所有機器上操作
a、添加hosts
[root@k8s-master ~]# vim /etc/hosts
192.168.80.130 k8s-master
192.168.80.131 k8s-node1
192.168.80.132 k8s-node2
b、同步時間
[root@k8s-master ~]# yum -y install lrzsz git wget python-devel ntp net-tools curl cmake epel-release rpmdevtools openssl-devel kernel-devel gcc redhat-rpm-config bridge-utils
[root@k8s-master ~]# yum groupinstall "Development Tools" -y
[root@k8s-master ~]# \cp -Rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@k8s-master ~]# ntpdate 133.100.11.8
[root@k8s-master ~]# sed -i 's#ZONE="America/New_York"#ZONE="Asia/Shanghai"#g' /etc/sysconfig/clock
[root@k8s-master ~]# hwclock -w
[root@k8s-master ~]# date -R
3、在2個Node節點安裝Open Switch,這裏以node1爲例安裝
a、安裝openVswitch
[root@node1 ~]# yum -y install lrzsz git wget python-devel ntp net-tools curl cmake epel-release rpmdevtools openssl-devel kernel-devel gcc redhat-rpm-config bridge-utils
[root@node1 ~]# yum groupinstall "Development Tools" -y
[root@node1 ~]# mkdir -p ~/rpmbuild/SOURCES
[root@node1 ~]# wget http://openvswitch.org/releases/openvswitch-2.5.0.tar.gz
[root@node1 ~]# cp openvswitch-2.5.0.tar.gz ~/rpmbuild/SOURCES/
[root@node1 ~]# tar xfz openvswitch-2.5.0.tar.gz
[root@node1 ~]# sed 's/openvswitch-kmod, //g' openvswitch-2.5.0/rhel/openvswitch.spec > openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec
[root@node1 ~]# rpmbuild -bb --nocheck ~/openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec
[root@node1 ~]# yum -y localinstall ~/rpmbuild/RPMS/x86_64/openvswitch-2.5.0-1.x86_64.rpm
[root@node1 ~]# modprobe openvswitch && systemctl start openvswitch.service
b、配置GRE遂道
[Node1]
[root@node1 ~]# ovs-vsctl add-br obr0
****** 接下來建立gre,並將新建的gre0添加到obr0,在node1上執行如下命令,
[root@node1 ~]# ovs-vsctl add-port obr0 gre0 -- set Interface gre0 type=gre options:remote_ip=192.168.80.132
****** 注:remote_ip=node2_IP
[Node2]
[root@node2 ~]# ovs-vsctl add-br obr0
****** 接下來建立gre,並將新建的gre0添加到obr0,在node1上執行如下命令,
[root@node2 ~]# ovs-vsctl add-port obr0 gre0 -- set Interface gre0 type=gre options:remote_ip=192.168.80.131
****** 注:remote_ip=node1_IP
****** 至此,node1和node2之間的隧道已經建立。然後我們在node1和node2上創建網橋br0替代Docker默認的docker0,設置node1的br0的地址:172.16.1.1/24, node2的br0的地址:172.16.2.1/24,並添加obr0到br0接口,以下命令均在node1和 node2上執行,
這裏以node1爲例執行:
[root@node1 ~]# brctl addbr br0 //創建linux bridge
[root@node1 ~]# brctl addif br0 obr0 //添加obr0爲br0的接口
[root@node1 ~]# ip link set dev docker0 down //設置docker0爲down狀態
[root@node1 ~]# ip link del dev docker0 //刪除docker0
****** 爲了使用br0在重啓後也生效,我們需要在/etc/sysconfig/network-scripts下創建網卡文件ifcfg-br0
[root@node1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.16.1.1
NETMASK=255.255.255.0
GATEWAY=172.16.1.0
USERCTL=no
TYPE=Bridge
IPV6INIT=no
******** Node2上也需要執行上面命令 *******
c、兩臺node互添路由信息:
[node1]
[root@node1 ~]# cd /etc/sysconfig/network-scripts/
[root@node1 ~]# ls ./
[root@node1 ~]# ifcfg-br0 ifcfg-ens33 ifcfg-lo
[root@node1 ~]# vim route-ens33
172.16.2.0/24 via 192.168.80.132 dev ens33
******注:ens33是node1的物理網卡名稱,如果你的是eth0,那麼名稱爲:route-eth0
[root@node1 ~]# service network restart
[node2]
[root@node2 ~]# /etc/sysconfig/network-scripts/
[root@node2 ~]# vim route-ens33
172.16.1.0/24 via 192.168.80.131 dev ens33
[root@node2 ~]# service network restart
d、測試gre遂道是否連通
[root@k8s-node1 ~]# ping -w 4 172.16.2.1
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=0.652 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=0.281 ms
64 bytes from 172.16.2.1: icmp_seq=3 ttl=64 time=0.374 ms
64 bytes from 172.16.2.1: icmp_seq=4 ttl=64 time=0.187 ms
--- 172.16.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.187/0.373/0.652/0.174 ms
三、部署Kubernetes
1、在Master機器上安裝
[master]
[root@k8s-master ~]# yum -y install etcd kubernetes
2、配置Etcd
Etcd默認的監聽端口是4001,在這裏修改以下信息
a、配置etcd.conf
[root@k8s-master ~]# cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf_bak
[root@k8s-master ~]# vim /etc/etcd/etcd.conf
# [member]
ETCD_NAME="etcd-master"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://k8s-master:2380"
ETCD_INITIAL_CLUSTER="etcd-master=http://k8s-master:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://k8s-master:2379,http://k8s-master:4001"
b、配置etcd.service
[root@k8s-master ~]# cp /usr/lib/systemd/system/etcd.service /usr/lib/systemd/system/etcd.service_bak
[root@k8s-master ~]# vim /usr/lib/systemd/system/etcd.service
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" --initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""
****** 注:只修改[service]裏的ExecStart
[root@k8s-master ~]# mkdir -p /export/etcd
[root@k8s-master ~]# chown -R etcd:etcd /export/etcd
c、啓動etcd服務
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl enable etcd.service
[root@k8s-master ~]# systemctl start etcd.service
d、驗證是否成功
[root@k8s-master ~]# :q
ffe21a7812eb7c5f: name=etcd-master peerURLs=http://k8s-master:2380 clientURLs=http://k8s-master:2379,http://k8s-master:4001 isLeader=true
3、配置Kubernetes
a、apiserver配置
[root@k8s-master ~]# cd /etc/kubernetes/
[root@k8s-master ~]# cp apiserver apiserver_bak
[root@k8s-master ~]# vim /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
#KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# The port on the local server to listen on.
# KUBE_API_PORT="--port=8080"
KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
#KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_ETCD_SERVERS="--etcd-servers=http://k8s-master:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""
b、配置config
[root@k8s-master ~]# cp config config_bak
[root@k8s-master ~]# vim /etc/kubernetes/config
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://k8s-master:8080"
#******** add etcd server info ********#
# Etcd Server Configure
KUBE_ETCD_SERVERS="--etcd-servers=http://k8s-master:4001"
4、啓動服務
[root@k8s-master ~]#
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
5、Node機器只需要Kubernetes
[所有的node節點]
****** 這裏以node1爲例:
[root@node1 ~]# yum -y install kubernetes
****** 安裝k8s會自動安裝docker
6、配置Node節點的Kubernetes
[root@node1 ~]# cd /etc/kubernetes
[root@node1 ~]# cp kubelet kubelet_bak
[root@node1 ~]# vim /etc/kubernetes/kubelet
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
#KUBELET_ADDRESS="--address=127.0.0.1"
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
# KUBELET_PORT="--port=10250"
KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
#KUBELET_HOSTNAME="--hostname-override=127.0.0.1"
KUBELET_HOSTNAME="--hostname-override=k8s-node"
# location of the api-server
#KUBELET_API_SERVER="--api-servers=http://127.0.0.1:8080"
KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
# Add your own!
KUBELET_ARGS=""
7、啓動Node節點Kubernetes服務
[root@node1 ~]#
for SERVICES in kube-proxy kubelet docker; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
8、測試
[master]
a、查看node節點:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS AGE
k8s-node1 Ready 1h
k8s-node2 Ready 1h
b、創建 nginx Pod:
[root@k8s-master ~]# mkdir /export/kube_containers
[root@k8s-master ~]# cd /export/kube_containers
[root@k8s-master ~]# vim nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
name: nginx
spec:
containers:
- resources:
limits:
cpu: 1
image: nginx
name: nginx
ports:
- containerPort: 80
name: nginx
c、創建 Mysql Pod資源文件
[root@k8s-master ~]# vim mysql.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql
labels:
name: mysql
spec:
containers:
- resources:
limits :
cpu: 0.5
image: mysql
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: rootpwd
ports:
- containerPort: 3306
name: mysql
volumeMounts:
# name must match the volume name below
- name: mysql-persistent-storage
# mount path within the container
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
cinder:
volumeID: bd82f7e2-wece-4c01-a505-4acf60b07f4a
fsType: ext4
d、導入資源
[root@k8s-master ~]# kubectl create -f mysql.yaml
e、查看資源狀態
[root@k8s-master ~]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE
mysql 0/1 ContainerCreating 0 5m <none> k8s-node2
nginx-controller-fnttl 0/1 ContainerCreating 0 5m <none> k8s-node2
nginx-controller-kb4hj 0/1 ContainerCreating 0 5m <none> k8s-node1
****** 這裏的STATUS的狀態是:ContainerCreating,因爲在此時node節點在下載images,稍等片刻就可以,如果不放心可以使用nmon監控下流量。
****** 再次查看:
[root@k8s-master ~]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE
mysql 1/1 Running 0 19m 172.17.0.3 k8s-node2
nginx-controller-fnttl 1/1 Running 0 19m 172.17.0.2 k8s-node2
nginx-controller-kb4hj 1/1 Running 0 19m 172.17.0.2 k8s-node1
×××××× 這裏已經部署在運行了,所以是Running。Status開始是Ready。
9、查看日誌
以Master機器日誌爲例:
[root@k8s-master ~]# tail -f /var/log/messages | grep kube
Dec 11 09:54:11 192 kube-scheduler: I1211 09:54:11.380994 20445 event.go:203] Event(api.ObjectReference{Kind:"Pod", Namespace:"default", Name:"mysql", UID:"2f192467-a030-11e5-8a55-000c298cfaa1", APIVersion:"v1", ResourceVersion:"3522", FieldPath:""}): reason: 'scheduled' Successfully assigned mysql to dslave
四、常見錯誤及解決方案
1、[錯誤1]
[root@k8s-master ~]# kubectl create -f mysql.yaml
Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
[解決方案]
[root@k8s-master ~]# vim /etc/kubernets/apiserver
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
修改爲:
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
[重啓服務]
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
2、[錯誤2]
在部署Pod時,在Node機器日誌中報錯
Dec 11 09:30:22 dslave kubelet: E1211 09:30:22.745867 99650 manager.go:1557] Failed to create pod infra container: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (Network timed out while trying to connect to http://gcr.io/v1/repositories/google_containers/pause/images. You may want to check your internet connection or if you are behind a proxy.); Skipping pod "mysql_default"
Dec 11 09:30:22 dslave kubelet: E1211 09:30:22.955470 99650 pod_workers.go:111] Error syncing pod bcbb3b8a-a02a-11e5-8a55-000c298cfaa1, skipping: image pull failed for gcr.io/google_containers/pause:0.8.0, this may be because there are no credentials on this request. details: (Network timed out while trying to connect to http://gcr.io/v1/repositories/google_containers/pause/images. You may want to check your internet connection or if you are behind a proxy.)
[解決方案]
原因:Google被牆了,下載資源包到本地
http://www.sunmite.com/linux/installing-kubernetes-cluster-on-centos7-to-manage-pods-and-services/attachment/pause-0-8-0/
在Node節點導入
docker load --input pause-0.8.0.tar
至此,環境已經全部搭建完畢,如有問題請聯繫:[email protected]