一、環境準備
1.關閉防火牆
2.關閉selinux
3.配置hosts
二、docker安裝
1.安裝yum管理軟件
yum install -y yum-utils device-mapper-persistent-data lvm2
2.添加yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3.查看可用版本
yum list docker-ce --showduplicates | sort -r
4.安裝指定版本
yum -y install docker-ce-18.09.6
5.配置國內鏡像加速
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com" ]
}
6.啓動服務
systemctl start docker && systemctl enable docker
三、使用kubeadm安裝kubernetes集羣
1.添加yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.臨時關閉swap
swapoff -a
Kubernetes 1.8 開始要求關閉系統的Swap,如果不關閉,默認配置下 kubelet 將無法啓動。可以通過修改 kubelet 的啓動參數/etc/sysconfig/kubelet中 --fail-swap-on=false 更改這個限制
3.安裝並啓動
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#--disableexcludes=kubernetes 禁掉除了這個之外的別的倉庫
安裝指定版本:kubeadm-1.14.2
systemctl enable kubelet && systemctl start kubelet
4.更改swap限制
# cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--fail-swap-on=false
5.kubeadm config
kubeadm config upload from-file 由配置文件上傳到集羣中生成ConfigMap
kubeadm config upload from-flags 由配置參數生成ConfigMap
kubeadm config view 查看當前集羣中的配置值
kubeadm config print init-defaults 輸出init-defaults默認參數文件內容
kubeadm config print join-defaults 輸出join-defaults默認參數文件內容
kubeadm config migrate 在新舊版本之間進行配置轉換
kubeadm config images list 列出所需鏡像列表
kubeadm config images pull 拉去鏡像到本地
#查看默認參數文件
kubeadm config print init-defaults
6.新建init-config.yaml文件定製鏡像倉庫地址和Pod地址段
# cat init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: docker.io/dustise
kubernetesVersion: v1.14.0
networking:
podSubnet: "192.168.0.0/16"
7.下載所需鏡像
# kubeadm config images pull --config=init-config.yaml
[config/images] Pulled docker.io/dustise/kube-apiserver:v1.14.0
[config/images] Pulled docker.io/dustise/kube-controller-manager:v1.14.0
[config/images] Pulled docker.io/dustise/kube-scheduler:v1.14.0
[config/images] Pulled docker.io/dustise/kube-proxy:v1.14.0
[config/images] Pulled docker.io/dustise/pause:3.1
[config/images] Pulled docker.io/dustise/etcd:3.3.10
[config/images] Pulled docker.io/dustise/coredns:1.3.1
8.安裝Master
# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
~~~~~~
出現[WARNING IsDockerSystemdCheck],是由於docker的Cgroup Driver和kubelet的Cgroup Driver不一致導致的,此處選擇修改docker的和kubelet一致
# docker info | grep Cgroup
Cgroup Driver: cgroupfs
編輯文件/usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd
systemctl daemon-reload
systemctl restart docker
# docker info | grep Cgroup
Cgroup Driver: systemd
使用kubeadm reset重置主機狀態然後重新初始化
# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
。。。。。。
。。。。。。
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
--discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369
按照提示覆制配置文件到用戶目錄下
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看ConfigMap
# kubectl get -n kube-system configmap
NAME DATA AGE
coredns 1 8m53s
extension-apiserver-authentication 6 8m57s
kube-proxy 2 8m53s
kubeadm-config 2 8m54s
kubelet-config-1.14 1 8m54s
查看初始化情況
[root@K8S-1 .kube]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-1 NotReady master 11m v1.14.2
[root@K8S-1 .kube]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6897bd7b5-gpg87 0/1 Pending 0 12m
kube-system coredns-6897bd7b5-hdthq 0/1 Pending 0 12m
kube-system etcd-k8s-1 1/1 Running 0 11m
kube-system kube-apiserver-k8s-1 1/1 Running 0 11m
kube-system kube-controller-manager-k8s-1 1/1 Running 0 11m
kube-system kube-proxy-hxqnk 1/1 Running 0 12m
kube-system kube-scheduler-k8s-1 1/1 Running 0 11m
9.安裝網絡插件weave
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
10.配置node加入集羣
新節點的添加環境配置同上,除了5-9
[root@K8S-2 ~]# kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
> --discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
kubeadm init生成的token有效期只有1天,之後可用
kubeadm token create --ttl 0 --print-join-command生成永不過期的token
[root@K8S-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-1 Ready master 16h v1.14.2
k8s-2 Ready <none> 9m2s v1.14.2
k8s-3 Ready <none> 3m17s v1.14.2
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6897bd7b5-gpg87 1/1 Running 0 16h
kube-system coredns-6897bd7b5-hdthq 1/1 Running 0 16h
kube-system etcd-k8s-1 1/1 Running 0 16h
kube-system kube-apiserver-k8s-1 1/1 Running 0 16h
kube-system kube-controller-manager-k8s-1 1/1 Running 0 16h
kube-system kube-proxy-hxqnk 1/1 Running 0 16h
kube-system kube-proxy-km5dv 1/1 Running 0 9m4s
kube-system kube-proxy-np89x 1/1 Running 0 3m19s
kube-system kube-scheduler-k8s-1 1/1 Running 0 16h
kube-system weave-net-7pdj5 2/2 Running 1 3m19s
kube-system weave-net-8kc2p 2/2 Running 0 21m
kube-system weave-net-vtwwk 2/2 Running 0 9m4s
四.安裝dashboard
1.下載yaml文件到本地
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
由於國內無法從谷歌倉庫k8s.gcr.io下載鏡像,這裏使用另一個鏡像倉庫拉取
在kubernetes-dashboard.yaml中修改鏡像地址
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 爲 mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
修改Dashboard Service 爲NodePort類型
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
2.進行部署
kubectl create -f kubernetes-dashboard.yaml
3.查驗
[root@K8S-1 ~]# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 17h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 17h
kube-system kubernetes-dashboard NodePort 10.99.205.30 <none> 443:30001/TCP 23m
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6897bd7b5-gpg87 1/1 Running 0 17h
kube-system coredns-6897bd7b5-hdthq 1/1 Running 0 17h
kube-system etcd-k8s-1 1/1 Running 0 17h
kube-system kube-apiserver-k8s-1 1/1 Running 0 17h
kube-system kube-controller-manager-k8s-1 1/1 Running 0 17h
kube-system kube-proxy-hxqnk 1/1 Running 0 17h
kube-system kube-proxy-km5dv 1/1 Running 0 114m
kube-system kube-proxy-np89x 1/1 Running 0 108m
kube-system kube-scheduler-k8s-1 1/1 Running 0 17h
kube-system kubernetes-dashboard-68ddcc97fc-f5lhj 1/1 Running 1 23m
kube-system weave-net-7pdj5 2/2 Running 1 108m
kube-system weave-net-8kc2p 2/2 Running 0 126m
kube-system weave-net-vtwwk 2/2 Running 0 114m
4.創建管理員
[root@K8S-1 ~]# cat k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
kubectl create -f k8s-admin.yaml
5.查看token
[root@K8S-1 ~]# kubectl describe serviceaccount admin -n kube-system
Name: admin
Namespace: kube-system
Labels: k8s-app=kubernetes-dashboard
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: admin-token-znvmk
Tokens: admin-token-znvmk
Events: <none>
[root@K8S-1 ~]# kubectl describe secret admin-token-znvmk -n kube-system
Name: admin-token-znvmk
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: be3aca02-82cf-11e9-a2f2-00505694834d
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi16bnZtayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJlM2FjYTAyLTgyY2YtMTFlOS1hMmYyLTAwNTA1Njk0ODM0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.3EtoTPkf_Qf1DizB3FDCRwTi_pqNGUWwblZ3AIzFSylUJmt_yfIghEPqnebj1XgqKX_1YelVkX8nypobMoItukdsT5V9rc0Z3zFMV6tnLlCw3yBzT8T5G4fhoNbWkFtsUU3QJOOXdrPalVnPbpv0Mu71Afh9wtnGUPlcRlbPMi2PGYCQgxtS7853ZQub5XE_w5pH5RPWFrtYc4NNrQRYRMZXtTPWFsVXt8pABvmgC1wMFBcQhRAF8T9fXzpOFxfBHSqy39GsUd2W3w6Vy38YVQcLqkrORUP50jgtBNv4TVvBViu5FLM-A-h6g3Q1WOx4pTwFHKGFoZMhotYZB9gefg
ca.crt: 1025 bytes
namespace: 11 bytes
[root@K8S-1 ~]#
6.使用token登錄
五、部署一個簡單的實例mysql+webapp
1.創建MySQL的RC定義文件
# cat mysql-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql
spec:
replicas: 1
selector:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
2.創建與之關聯的SVC文件
# cat mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
3.創建tomcat的RC文件
# cat web-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 2
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVICE_HOST
value: 'mysql'
- name: MYSQL_SERVICE_PORT
value: '3306'
4.創建對應的SVC文件
# cat web-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30002
selector:
app: myweb
5.分別將MySQL和tomcat的RC,SVC在K8S上發佈
# kubectl create -f mysql-rc.yaml
# kubectl create -f mysql-svc.yaml
# kubectl create -f web-rc.yaml
# kubectl create -f web-svc.yaml
6.查看pod和svc
# kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-sgwc7 1/1 Running 0 2m2s
myweb-7zpbj 1/1 Running 0 10m
myweb-rqpjz 1/1 Running 0 10m
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40h
mysql ClusterIP 10.106.70.242 <none> 3306/TCP 26m
myweb NodePort 10.104.74.76 <none> 8080:30002/TCP 37m
7.網頁登錄
8.清除
# kubectl delete -f mysql-rc.yaml
# kubectl delete -f mysql-svc.yaml
# kubectl get pod
No resources found.