External Dependencies kubernetes
- Default etcd server is unchanged at v3.2.24 since Kubernetes 1.12. (#68318)
- The list of validated docker versions remain unchanged at 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06 since
docker install
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl start docker
systemctl enable docker
1. 准備階段
1.1 組建規划
| 主機名 | 地址 | 角色 | 組件 |
|---|---|---|---|
| k8s-m1 | 10.16.32.85 | k8s-master | etcd、kube-apiserver、kube-controller-manager、kube-scheduler |
| k8s-g1 | 10.16.32.86 | k8s-node | kubelet、docker、kube_proxy |
| k8s-g2 | 10.16.32.87 | k8s-node | kubelet、docker、kube_proxy |
1.2 軟件下載
(1) Kubernetes二進制文件下載
https://github.com/kubernetes/kubernetes/releases
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1130-beta2
從上邊的網址中選擇相應的版本,從 CHANGELOG頁面 下載二進制文件,本文以1.13版本為例,
在/root/kubernetes/server/bin 路徑下包含一些必須的組件 binary文件如下
(2) etcd數據庫下載
https://github.com/coreos/etcd/releases/
這里選用的是最新版本v3.3.10。
2. Master安裝
2.1 etcd數據庫安裝
(1)安裝
將下載的etcd文件包進行解壓,解壓后將etcd、etcdctl二進制文件復制到/usr/bin目錄。
(2)設置服務文件etcd.service
在/usr/lib/systemd/system/目錄下創建文件etcd.service,內容為:
mkdir /var/lib/etcd/
vim /usr/lib/systemd/system/etcd.service
[Unit] Description=Etcd Server [Service] Type=notify TimeoutStartSec=0 Restart=always WorkingDirectory=/var/lib/etcd/ EnvironmentFile=-/etc/etcd/etcd.conf ExecStart=/usr/bin/etcd [Install] WantedBy=multi-user.target
(3)創建配置文件/etc/etcd/etcd.conf
ETCD_NAME=ETCD Server ETCD_DATA_DIR="/var/lib/etcd/" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_ADVERTISE_CLIENT_URLS="http://10.16.32.85:2379"
(4)配置開機啟動並運行
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd.service
(5)檢驗etcd是否安裝成功
etcdctl cluster-health
2.2 kube-apiserver、kube-controller-manager、kube-scheduler服務安裝
2.2.1 復制二進制文件到/usr/bin目錄
將kube-apiserver、kube-controller-manager、kube-scheduler 三個可執行文件復制到/usr/bin目錄
2.2.2 組件安裝及配置
2.2.2.1 kube-apiserver
(1)新建並編輯kube-apiserver.service 文件
路徑:/usr/lib/systemd/system/kube-apiserver.service,內容為:
[Unit] Description=Kubernetes API Server After=etcd.service Wants=etcd.service [Service] EnvironmentFile=/etc/kubernetes/apiserver ExecStart=/usr/bin/kube-apiserver \ $KUBE_ETCD_SERVERS \ $KUBE_API_ADDRESS \ $KUBE_API_PORT \ $KUBE_SERVICE_ADDRESSES \ $KUBE_ADMISSION_CONTROL \ $KUBE_API_LOG \ $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
- 其中EnvironmentFile為kube-apiserver的配置文件
(2)配置文件
apiserver配置文件路徑為:/etc/kubernetes/apiserver,內容為:
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--insecure-port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://10.16.32.85:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2" KUBE_API_ARGS=" "
2.2.2.2 kube-controller-manager
(1)新建並編輯kube-controller-manager.service 文件
路徑:/usr/lib/systemd/system/kube-controller-manager.service,內容為:
[Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service [Service] EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/bin/kube-controller-manager \ $KUBE_MASTER \ $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
(2)配置文件
apiserver配置文件路徑為:/etc/kubernetes/controller-manager,內容為:
KUBE_MASTER="--master=http://10.16.32.85:8080" KUBE_CONTROLLER_MANAGER_ARGS=" "
2.2.2.3 kube-apiserver
(1)新建並編輯kube-scheduler 文件
路徑:/usr/lib/systemd/system/kube-scheduler.service,內容為:
[Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service [Service] User=root EnvironmentFile=-/etc/kubernetes/scheduler ExecStart=/usr/bin/kube-scheduler \ $KUBE_MASTER \ $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
(2)配置文件
kube-scheduler配置文件路徑為:/etc/kubernetes/scheduler,內容為:
KUBE_MASTER="--master=http://10.16.32.85:8080" KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2"
2.2.3 將各組件加入開機自啟
systemctl daemon-reload systemctl enable kube-apiserver.service systemctl start kube-apiserver.service systemctl enable kube-controller-manager.service systemctl start kube-controller-manager.service systemctl enable kube-scheduler.service systemctl start kube-scheduler.service
2.3 安裝完后檢驗正確
運行命令 kubectl get cs
3 Node安裝
Node節點上安裝組件有:
- docker
- kube-proxy
- kubelet
3.1 docker安裝
Docker的版本需要與kubelete版本相對應,最好都使用最新的版本。
3.2 拷貝 kubelet、kube-proxy
在之前解壓的 kubernetes 文件夾中拷貝二進制文件
cp kubernetes/server/bin/{kubelet,kube-proxy} /usr/bin/
3.3 kube-proxy安裝
vim /usr/lib/systemd/system/kube-proxy.service
[Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/config EnvironmentFile=/etc/kubernetes/proxy ExecStart=/usr/bin/kube-proxy \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_MASTER \ $KUBE_PROXY_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
創建配置目錄,並添加配置文件
mkdir -p /etc/kubernetes
vim /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
vim /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" KUBE_ALLOW_PRIV="--allow_privileged=false" KUBE_MASTER="--master=http://10.16.32.85:8080"
啟動服務
systemctl daemon-reload
systemctl start kube-proxy
3.4 kubelet安裝
vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
mkdir -p /var/lib/kubelet
vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_HOSTNAME="--hostname-override=10.16.32.87" #your node ip address KUBELET_API_SERVER="--api-servers=http://10.16.32.85:8080" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest" KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"
vim /var/lib/kubelet/kubeconfig
apiVersion: v1 kind: Config users: - name: kubelet clusters: - name: kubernetes cluster: server: http://10.16.32.85:8080 contexts: - context: cluster: kubernetes user: kubelet name: service-account-context current-context: service-account-context
啟動kubelet並進行驗證
systemctl daemon-reload
systemctl start kubelet.service
3.5 驗證成功及問題解決
在master上執行命令kubectl get node,返回如下結果:
問題1:
[root@k8s-m1 ~]# kubectl apply -f nginx_test.yaml Error from server (ServerTimeout): error when creating "nginx_test.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
解決辦法:
配置ServiceAccount
1、首先生成密鑰: openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048 2、編輯/etc/kubenetes/apiserver 添加以下內容: KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key" 3、再編輯/etc/kubernetes/controller-manager 添加以下內容: KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key" 需要再重啟kubernetes服務: systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler