K8s 按装详解

前言介绍：

安装k8s一般有如下几种方式：
1）源码编译安装，golang编译环境
2）二进制安装 文档 全程手动，ansible版 saltstack版
3）kubeadm 网络要求  目前可以按装版本1.0 ~ 1.14
4）minikube 开发者学习
5）yum 安装 1.5.2

本次介绍yum 安装 1.5.2 的安装

环境准备：（三台主机，一台master,两台Node，系统centos7）

 10.0.0.11  k8s-master
 10.0.0.12  k8s-node01 10.0.0.13 k8s-node02

环境配置

1：修改IP地址、主机名和host解析

[root@k8s-master ~]# scp /etc/hosts 10.0.0.12:/etc/hosts

[root@k8s-master ~]# scp /etc/hosts 10.0.0.13:/etc/hosts

 10.0.0.11  k8s-master
 10.0.0.12  k8s-node01
 10.0.0.13  k8s-node02

2： 关闭防火墙和selinux

systemctl stop firewalld.service
systemctl disable firewalld.service 
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

3：所有节点安装docker-1.12.6-68

wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-common-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm
wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-client-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm
wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm　　

yum localinstall docker-common-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y
yum localinstall docker-client-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y
yum localinstall docker-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y

4：master节点安装etcd

yum install etcd -y

vim /etc/etcd/etcd.conf
6行：ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
21行：ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"

systemctl start etcd.service
systemctl enable etcd.service
 
测试etcd健康
创建：etcdctl set testdir/testkey0 0    
获取：etcdctl get testdir/testkey0
检查健康：etcdctl -C http://10.0.0.11:2379 cluster-health

5：master节点安装kubernetes （安装:kube-apiserver; kube-controller-manager; kube-scheduler 三个服务）

安装
yum install kubernetes-master.x86_64 -y

修改配置一：vim /etc/kubernetes/apiserver 
8行:  KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
11行：KUBE_API_PORT="--port=8080"
17行：KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
23行：KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" (去除ServiceAccount)

修改配置二
vim /etc/kubernetes/config
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

启动服务
systemctl enable kube-apiserver.service
systemctl restart kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl restart kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl restart kube-scheduler.service

6：所有node节点安装kubernetes并修改配置（安装kubelet；kube-proxy两个服务）

安装：
yum install kubernetes-node.x86_64 -y

修改配置一
vim /etc/kubernetes/config 
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

修改配置二
vim /etc/kubernetes/kubelet
5行：KUBELET_ADDRESS="--address=0.0.0.0"
8行：KUBELET_PORT="--port=10250"
11行：KUBELET_HOSTNAME="--hostname-override=本机IP"
14行：KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"

启动服务
systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service

7：所有节点配置flannel网络

安装flannel服务
yum install flannel -y

修改配置
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld


master节点 创建etcd目录，设置网段
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'

master节点重启服务：
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service

所有node节点重启服务：
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service

8 ： master节点测试网络互通

所有节点执行：docker run -it docker.io/busybox:latest  (小的带有ip的镜像服务，为了查看IP互通)

 

 ==========================以上k8s集群环境安装完成===================================================

创建pod案例

一，所有节点优化docker镜像环境，指定私有仓库地址

修改配置，针对老版本，新版本见docker配置
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000'

重启服务
systemctl restart docker

二，配置私有镜像仓库，设置在master节点

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry

三 创建nginx pod 案例

创建私有仓库nginx 镜像

下载镜像：
[root@k8s-master ~]# docker pull nginx:1.13
打标签上传到私有仓库
[root@k8s-master ~]# docker tag docker.io/nginx:1.13 10.0.0.11:5000/nginx:1.13
上传到私有仓库
[root@k8s-master ~]# docker push 10.0.0.11:5000/nginx:1.13　

创建Nginx的yaml文件

[root@k8s-master ~]# vim k8s_pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: 10.0.0.11:5000/nginx:1.13
      ports:
        - containerPort: 80

创建pod

[root@k8s-master ~]# kubectl create -f k8s_pod.yaml

创建pod失败，需要pod-infrastructure:latest镜像支持，可通过 kubectl  describe pod nginx 查看详细

下载镜像 
docker pull docker.io/tianyebj/pod-infrastructure
打标签镜像
docker tag docker.io/tianyebj/pod-infrastructure:latest  10.0.0.11:5000/rhel7/pod-infrastructure:latest
推送到第私有仓库
[root@k8s-master ~]# docker push 10.0.0.11:5000/rhel7/pod-infrastructure:latest　

 修改Node节点配置

修改配置
[root@k8s-node01 src]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/rhel7/pod-infrastructure:latest"

[root@k8s-node02 src]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/rhel7/pod-infrastructure:latest"

重启服务：
systemctl restart kubelet.service

 查看pod

[root@k8s-master ~]# kubectl get pods
NAME      READY     STATUS    RESTARTS   AGE
nginx     1/1       Running   0          44s
[root@k8s-master ~]# kubectl get pods -o wide
NAME      READY     STATUS    RESTARTS   AGE       IP            NODE
nginx     1/1       Running   0          1m        172.16.91.2   10.0.0.12
[root@k8s-master ~]# 

由此可以看出，pod创建成功，并且分配到12这个Node节点