K8s 按裝詳解

前言介紹：

安裝k8s一般有如下幾種方式：
1）源碼編譯安裝，golang編譯環境
2）二進制安裝 文檔 全程手動，ansible版 saltstack版
3）kubeadm 網絡要求  目前可以按裝版本1.0 ~ 1.14
4）minikube 開發者學習
5）yum 安裝 1.5.2

本次介紹yum 安裝 1.5.2 的安裝

環境准備：（三台主機，一台master,兩台Node，系統centos7）

 10.0.0.11  k8s-master
 10.0.0.12  k8s-node01 10.0.0.13 k8s-node02

環境配置

1：修改IP地址、主機名和host解析

[root@k8s-master ~]# scp /etc/hosts 10.0.0.12:/etc/hosts

[root@k8s-master ~]# scp /etc/hosts 10.0.0.13:/etc/hosts

 10.0.0.11  k8s-master
 10.0.0.12  k8s-node01
 10.0.0.13  k8s-node02

2： 關閉防火牆和selinux

systemctl stop firewalld.service
systemctl disable firewalld.service 
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

3：所有節點安裝docker-1.12.6-68

wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-common-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm
wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-client-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm
wget http://vault.centos.org/7.4.1708/extras/x86_64/Packages/docker-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm　　

yum localinstall docker-common-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y
yum localinstall docker-client-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y
yum localinstall docker-1.12.6-71.git3e8e77d.el7.centos.x86_64.rpm -y

4：master節點安裝etcd

yum install etcd -y

vim /etc/etcd/etcd.conf
6行：ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
21行：ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"

systemctl start etcd.service
systemctl enable etcd.service
 
測試etcd健康
創建：etcdctl set testdir/testkey0 0    
獲取：etcdctl get testdir/testkey0
檢查健康：etcdctl -C http://10.0.0.11:2379 cluster-health

5：master節點安裝kubernetes （安裝:kube-apiserver; kube-controller-manager; kube-scheduler 三個服務）

安裝
yum install kubernetes-master.x86_64 -y

修改配置一：vim /etc/kubernetes/apiserver 
8行:  KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
11行：KUBE_API_PORT="--port=8080"
17行：KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
23行：KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" (去除ServiceAccount)

修改配置二
vim /etc/kubernetes/config
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

啟動服務
systemctl enable kube-apiserver.service
systemctl restart kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl restart kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl restart kube-scheduler.service

6：所有node節點安裝kubernetes並修改配置（安裝kubelet；kube-proxy兩個服務）

安裝：
yum install kubernetes-node.x86_64 -y

修改配置一
vim /etc/kubernetes/config 
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

修改配置二
vim /etc/kubernetes/kubelet
5行：KUBELET_ADDRESS="--address=0.0.0.0"
8行：KUBELET_PORT="--port=10250"
11行：KUBELET_HOSTNAME="--hostname-override=本機IP"
14行：KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"

啟動服務
systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service

7：所有節點配置flannel網絡

安裝flannel服務
yum install flannel -y

修改配置
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld


master節點 創建etcd目錄，設置網段
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'

master節點重啟服務：
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service

所有node節點重啟服務：
systemctl enable flanneld.service 
systemctl start flanneld.service 
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service

8 ： master節點測試網絡互通

所有節點執行：docker run -it docker.io/busybox:latest  (小的帶有ip的鏡像服務，為了查看IP互通)

 

 ==========================以上k8s集群環境安裝完成===================================================

創建pod案例

一，所有節點優化docker鏡像環境，指定私有倉庫地址

修改配置，針對老版本，新版本見docker配置
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000'

重啟服務
systemctl restart docker

二，配置私有鏡像倉庫，設置在master節點

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry

三 創建nginx pod 案例

創建私有倉庫nginx 鏡像

下載鏡像：
[root@k8s-master ~]# docker pull nginx:1.13
打標簽上傳到私有倉庫
[root@k8s-master ~]# docker tag docker.io/nginx:1.13 10.0.0.11:5000/nginx:1.13
上傳到私有倉庫
[root@k8s-master ~]# docker push 10.0.0.11:5000/nginx:1.13　

創建Nginx的yaml文件

[root@k8s-master ~]# vim k8s_pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: 10.0.0.11:5000/nginx:1.13
      ports:
        - containerPort: 80

創建pod

[root@k8s-master ~]# kubectl create -f k8s_pod.yaml

創建pod失敗，需要pod-infrastructure:latest鏡像支持，可通過 kubectl  describe pod nginx 查看詳細

下載鏡像 
docker pull docker.io/tianyebj/pod-infrastructure
打標簽鏡像
docker tag docker.io/tianyebj/pod-infrastructure:latest  10.0.0.11:5000/rhel7/pod-infrastructure:latest
推送到第私有倉庫
[root@k8s-master ~]# docker push 10.0.0.11:5000/rhel7/pod-infrastructure:latest　

 修改Node節點配置

修改配置
[root@k8s-node01 src]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/rhel7/pod-infrastructure:latest"

[root@k8s-node02 src]# vim /etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/rhel7/pod-infrastructure:latest"

重啟服務：
systemctl restart kubelet.service

 查看pod

[root@k8s-master ~]# kubectl get pods
NAME      READY     STATUS    RESTARTS   AGE
nginx     1/1       Running   0          44s
[root@k8s-master ~]# kubectl get pods -o wide
NAME      READY     STATUS    RESTARTS   AGE       IP            NODE
nginx     1/1       Running   0          1m        172.16.91.2   10.0.0.12
[root@k8s-master ~]# 

由此可以看出，pod創建成功，並且分配到12這個Node節點