一:基礎概念:
Ⅰ、etcd:
1:保存pod的信息
2:存儲各種對象的狀態和元信息配置
3:存儲網絡的配置信息,flannel通過etcd獲得其他node的網絡信息,為node創建路由表,實現node跨主機通信
Ⅱ、kube-proxy:
1:service的透明代理和負載均衡器,將service的訪問請求轉發到后端某個pod上
2:service的cluster IP和Nodeport的proxy通過iptables的NAT轉換實現
Ⅲ、kubelet:
1:監控分配給node節點的pods
2:掛載pods需要的volumes
3:下載pod的secret
4:運行pod中的容器
一、集群環境信息及安裝前准備
部署前准備(集群內所有主機)
.關閉防火牆,關閉selinux(生產環境按需關閉或打開) .同步服務器時間,選擇公網ntpd服務器或者自建ntpd服務器 .關閉swap分區 .集群所有節點主機可以相互解析 .master對node節點ssh互信6.配置系統內核參數使流過網橋的流量也進入iptables/netfilter框架(如果報錯,提示沒有文件 modprobe br_netfilter 添加此模塊) echo -e 'net.bridge.bridge-nf-call-iptables = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf && sysctl -p
二、配置yum源及k8s相關軟件包
備注:以下操作在所有節點執行相同操作
1.配置yum、epel、k8s及docker源
[root@k8s-master ~]# cd /etc/yum.repos.d [root@k8s-master yum.repos.d]# yum install wget -y [root@k8s-master yum.repos.d]# rm -f CentOS-* [root@k8s-master yum.repos.d]#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo [root@k8s-master yum.repos.d]#wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo [root@k8s-master yum.repos.d]#cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF [root@k8s-master yum.repos.d]#wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg [root@k8s-master yum.repos.d]#rpm -import rpm-package-key.gpg #安裝key文件 [root@k8s-master yum.repos.d]#wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo [root@k8s-master yum.repos.d]#yum clean all && yum makecache fast
2.安裝kubeadm和相關工具包
[root@k8s-master ~]# cd [root@k8s-master ~]# yum install docker kubectl-1.12.3 kubeadm-1.12.3 kubelet-1.12.3 kubernetes-cni-0.6.0 -y #需要制定版本,默認是最新的,由於不可描述的原因,暫時最新的還無法下載
3.啟動相關服務並設置開機自啟
[root@k8s-master ~]# systemctl daemon-reload [root@k8s-master ~]# systemctl enable docker && systemctl restart docker [root@k8s-master ~]# systemctl enable kubelet && systemctl restart kubelet
4.下載K8S相關鏡像
[root@k8s-node2 yum.repos.d]# cat down.sh
#!/bin/bash
down_image_url=registry.cn-hangzhou.aliyuncs.com/kuberimages/
images=(kube-proxy:v1.12.3 kube-apiserver:v1.12.3 kube-controller-manager:v1.12.3 kube-scheduler:v1.12.3 etcd:3.2.24 coredns:1.2.2 flannel:v0.10.0-amd64 pause:3.1 kubernetes-dashboard-amd64:v1.10.0)
for imageName in ${images[@]} ; do
docker pull ${down_image_url}$imageName
docker tag ${down_image_url}$imageName k8s.gcr.io/$imageName
docker rmi ${down_image_url}$imageName
done
5.查看鏡像是否下載
[root@k8s-master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy-amd64 v1.10.0 bfc21aadc7d3 7 months ago 97 MB k8s.gcr.io/kube-apiserver-amd64 v1.10.0 af20925d51a3 7 months ago 225 MB k8s.gcr.io/kube-scheduler-amd64 v1.10.0 704ba848e69a 7 months ago 50.4 MB k8s.gcr.io/kube-controller-manager-amd64 v1.10.0 ad86dbed1555 7 months ago 148 MB k8s.gcr.io/etcd-amd64 3.1.12 52920ad46f5b 7 months ago 193 MB k8s.gcr.io/kubernetes-dashboard-amd64 v1.8.3 0c60bcf89900 8 months ago 102 MB quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 9 months ago 44.6 MB k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64 1.14.8 c2ce1ffb51ed 9 months ago 41 MB k8s.gcr.io/k8s-dns-sidecar-amd64 1.14.8 6f7f2dc7fab5 9 months ago 42.2 MB k8s.gcr.io/k8s-dns-kube-dns-amd64 1.14.8 80cc5ea4b547 9 months ago 50.5 MB k8s.gcr.io/pause-amd64 3.1 da86e6ba6ca1 10 months ago 742 kB
三、初始化k8s集群(僅master節點)
[root@k8s-master ~]# kubeadm init --kubernetes-version=v1.12.3 --pod-network-cidr=10.244.0.0/16(指定pod的網段)
#指定版本,需要與docker中的鏡像版本一致
配置環境變量
[root@k8s-master ~]# mkdir -p $HOME/.kube [root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
查看集群狀態:
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady master 10m v1.10.0
可以看到STATUS顯示未就緒,這是因為現在還沒有網絡可用,下一步我們需要配置網絡功能
四、配置網絡
docker pull quay.io/coreos/flannel:v0.9.1-amd64
mkdir -p /etc/cni/net.d/
cat <<EOF> /etc/cni/net.d/10-flannel.conf
{"name":"cbr0","type":"flannel","delegate": {"isDefaultGateway": true}}
EOF
mkdir /usr/share/oci-umount/oci-umount.d -p
mkdir /run/flannel/
cat <<EOF> /run/flannel/subnet.env
FLANNEL_NETWORK=172.100.0.0/16
FLANNEL_SUBNET=172.100.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
然后執行命令
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml
安裝完成后,稍等一下再查看集群狀態,發現已經就緒了(master上)
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready master 1h v1.10.0
五、node節點加入集群(所有node上)
[root@k8s-node1 ~]# kubeadm join 192.168.199.116:6443 --token fauq6n.e1iv2mbxotq5a1zp --discovery-token-ca-cert-hash sha81dbbeb6
如果token失效,則需要重新生成token再加入
1、查看token,執行kubeadm token list
2、沒有token則生成,執行kubeadm token create
3、獲取ca證書sha256編碼hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
4、node節點加入
kubeadm join 10.167.11.153:6443 --token o4avtg.65ji6b778nyacw68 --discovery-token-ca-cert-hash sha256:2cc3029123db737f234186636330e87b5510c173c669f513a9c0e0da395515b0
5、在master查看是否成功
六、自動補全
yum install -y bash-completion source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc