1、環境介紹及準備:
1.1 物理機操作系統
[root@k8s-node-1 ~]# uname -a
Linux k8s-node-1 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
主機名 | IP |
---|---|
k8s-master | 172.18.227.106 |
1.2 設置機器的主機名:
[root@k8s-node-1 ~]# hostnamectl --static set-hostname k8s-node-1
1.3 設置host
echo '10.0.251.148 k8s-master
172.18.227.106 etcd
172.18.227.106 registry
172.18.227.106 k8s-node-1' >> /etc/hosts
1.4 關閉防火牆
systemctl disable firewalld.service
systemctl stop firewalld.service
2、安裝etcd
2.1 etcd用於配置共享和服務發現,k8s運行依賴etcd,需要先部署etcd,本文采用yum方式安裝:
yum install etcd -y
2.2 修改etcd的配置文件
修改ETCD_NAME=“master”
ETCD_LISTEN_CLIENT_URLS=“http://0.0.0.0:2379,http://0.0.0.0:4001”
ETCD_ADVERTISE_CLIENT_URLS=“http://etcd:2379,http://etcd:4001”
[root@localhost ~]# vi /etc/etcd/etcd.conf
# [member]
ETCD_NAME="master"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://etcd:2379,http://etcd:4001"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
2.3 啓動並驗證狀態
[root@k8s-node-1 etcd]# systemctl start etcd
[root@k8s-node-1 etcd]# etcdctl set testdir/testkey0 0
0
[root@k8s-node-1 etcd]# etcdctl get testdir/testkey0
0
[root@k8s-node-1 etcd]# etcdctl -C http://etcd:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://etcd:2379
cluster is healthy
[root@k8s-node-1 etcd]# etcdctl -C http://etcd:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://etcd:2379
cluster is healthy
3、部署master
3.1安裝docker
[root@k8s-node-1 etcd]# yum install docker -y
3.2 配置Docker配置文件,使其允許從registry中拉取鏡像。
OPTIONS=’–insecure-registry registry:5000’
[root@k8s-master ~]# vim /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
OPTIONS='--insecure-registry registry:5000'
3.3 啓動docker
[root@k8s-node-1 etcd]# systemctl start docker
錯誤場景
- cJob for docker.service failed because the control process exited with error code. See “systemctl status docker.service” and “journalctl -xe” for details.
啓動失敗,使用systemctl status docker -l
查看失敗原因
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2018-11-30 16:22:13 CST; 2min 12s ago
Docs: http://docs.docker.com
Process: 32245 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 32245 (code=exited, status=1/FAILURE)
11月 30 16:22:11 k8s-node-1 dockerd-current[32245]: time="2018-11-30T16:22:11.990748588+08:00" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
11月 30 16:22:11 k8s-node-1 dockerd-current[32245]: time="2018-11-30T16:22:11.992907763+08:00" level=info msg="libcontainerd: new containerd process, pid: 32251"
11月 30 16:22:13 k8s-node-1 dockerd-current[32245]: time="2018-11-30T16:22:13.008685863+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
11月 30 16:22:13 k8s-node-1 dockerd-current[32245]: time="2018-11-30T16:22:13.009911216+08:00" level=info msg="Loading containers: start."
11月 30 16:22:13 k8s-node-1 dockerd-current[32245]: time="2018-11-30T16:22:13.026236097+08:00" level=info msg="Firewalld running: false"
11月 30 16:22:13 k8s-node-1 dockerd-current[32245]: Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found
11月 30 16:22:13 k8s-node-1 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
11月 30 16:22:13 k8s-node-1 systemd[1]: Failed to start Docker Application Container Engine.
11月 30 16:22:13 k8s-node-1 systemd[1]: Unit docker.service entered failed state.
11月 30 16:22:13 k8s-node-1 systemd[1]: docker.service failed.
- Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found
這種情況屬於沒有安裝iptables,安裝iptables
[root@k8s-node-1 etcd]# yum install -y iptables-services iptables-devel.x86_64 iptables.x86_64 ##安裝
[root@k8s-node-1 etcd]# systemctl start iptables ##啓動iptables
[root@k8s-node-1 etcd]# systemctl status iptables ##查看iptables狀態
- ‘overlay2’ is not supported over overlayfs
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2018-12-03 02:20:45 UTC; 8s ago
Docs: http://docs.docker.com
Process: 439 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 439 (code=exited, status=1/FAILURE)
CGroup: /docker/785d11cd4339074446bbecac27eac786fb65f9b5f12a9fe5310fa9cb76ae5a64/system.slice/docker.service
Dec 03 02:20:44 785d11cd4339 systemd[1]: Starting Docker Application Container Engine...
Dec 03 02:20:44 785d11cd4339 dockerd-current[439]: time="2018-12-03T02:20:44.971453600Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
Dec 03 02:20:44 785d11cd4339 dockerd-current[439]: time="2018-12-03T02:20:44.973718100Z" level=info msg="libcontainerd: new containerd process, pid: 445"
Dec 03 02:20:45 785d11cd4339 dockerd-current[439]: time="2018-12-03T02:20:45.992735400Z" level=error msg="'overlay2' is not supported over overlayfs"
Dec 03 02:20:45 785d11cd4339 dockerd-current[439]: Error starting daemon: error initializing graphdriver: backing file system is unsupported for this graph driver
Dec 03 02:20:45 785d11cd4339 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Dec 03 02:20:45 785d11cd4339 systemd[1]: Failed to start Docker Application Container Engine.
Dec 03 02:20:46 785d11cd4339 systemd[1]: Unit docker.service entered failed state.
Dec 03 02:20:46 785d11cd4339 systemd[1]: docker.service failed.
這種情況修改 /etc/sysconfig/docker-storage文件
把DOCKER_STORAGE_OPTIONS改爲"–storage-driver devicemapper “,
保存然後重啓
- no
3.4 docker啓動成功看看狀態
[root@k8s-node-1 etcd]# systemctl status docker -l
docker啓動正常
3.5 安裝部署kubernetes
[root@k8s-node-1 etcd]# yum install kubernetes -y ##安裝kubernetes
修改配置文件
在kubernetes master上需要運行以下組件:
Kubernets API Server
Kubernets Controller Manager
Kubernets Scheduler
需要修改對應的配置文件
3.5.1 修改/etc/kubernetes/apiserver配置文件裏面的
KUBE_API_ADDRESS="–insecure-bind-address=0.0.0.0"
KUBE_API_PORT="–port=8080"
KUBE_ETCD_SERVERS="–etcd-servers=http://etcd:2379"
KUBE_ADMISSION_CONTROL="–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://etcd:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""
3.5.2 修改/etc/kubernetes/config配置文件裏面的
KUBE_MASTER="–master=http://k8s-master:8080"
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://k8s-master:8080"
3.5.3 逐個啓動服務
[root@k8s-node-1 etcd]# systemctl restart kube-apiserver
[root@k8s-node-1 etcd]# systemctl restart kube-controller-manager
[root@k8s-node-1 etcd]# systemctl restart kube-scheduler
4、部署node所需要的組件
在kubernetes node上需要運行以下組件:
Kubelet
Kubernets Proxy
4.1 修改/etc/kubernetes/config配置裏面的
KUBE_MASTER="–master=http://k8s-master:8080"
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://k8s-master:8080"
4.2 修改/etc/kubernetes/kubelet裏面的配置
KUBELET_ADDRESS="–address=0.0.0.0"
KUBELET_HOSTNAME="–hostname-override=k8s-node-1"
KUBELET_API_SERVER="–api-servers=http://k8s-master:8080"
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
# KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=k8s-node-1"
# location of the api-server
KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
# Add your own!
KUBELET_ARGS=""
4.3 啓動服務
[root@k8s-node-1 etcd]# systemctl restart kubelet
[root@k8s-node-1 etcd]# systemctl restart kube-proxy
錯誤場景:
4.4 查看節點及節點狀態
[root@k8s-node-1 etcd]# kubectl get node
NAME STATUS AGE
k8s-node-1 Ready 22h
啓動成功
至此,已經搭建了一個kubernetes環境