01.集群規划
系統版本:CentOS Linux release 7.6.1810 (Core)
軟件版本:kubeadm、kubernetes-1.15、docker-ce-18.09
硬件要求:最少需要2GB或者以上的內存,最少需要2核或者以上更多的CPU
參考官方文檔:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
| 主機名 | 主機地址 | 主機角色 | 運行服務 |
|---|---|---|---|
| k8s-master | 172.16.254.134 | control-plane(master) | kube-apiserver etcd kube-scheduler kube-controller-manager docker kubelet |
| k8s-ndoe01 | 172.16.254.135 | woker node(node) | kubelet kube-proxy docker |
02.配置主機
我們需要在主機上配置以下操作:
- 主機名
- 名稱解析
- 關閉SWAP交換內存
- 關閉防火牆和SeLinux
- 啟用bridge-nf功能
- 檢查集群中每個主機的Mac地址和ProductUUID唯一性
- 檢查可用端口是否被占用
| 主機 | 協議 | 運行服務 | 所需端口 |
|---|---|---|---|
| Master | TCP | api-server etcd-server-client-api kubelet-api kube-scheduler kube-controlle-manager |
6443* 2379-2380 10250 10251 10252 |
| Node | TCP | kubelet-api nodeport-services** |
10250 30000-32767 |
為啥要啟用bridge-nf?
答:默認情況下iptables不對二層幀數據做任何處理,為了使Pod進行網絡通信時也可以受到IPtables鏈上的規則所影響,所以我們需要開啟IPtables的網橋透明工作模式,即來自二層的流量也將會被IPtables所過濾,避免出現IPtables被繞過而導致Pod流量路由不正確的問題。
主機(172.16.254.134)(k8s-master)上操作:
[root@localhost ~]# echo "k8s-master" >/etc/hostname
[root@localhost ~]# cat /etc/hostname |xargs hostname
[root@localhost ~]# bash
[root@k8s-master ~]# vim /etc/hosts
172.16.254.134 k8s-master
172.16.254.135 k8s-node01
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# systemctl disable firewalld
[root@k8s-master ~]# setenforce 0
[root@k8s-master ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
[root@k8s-master ~]# vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl --system
[root@k8s-master ~]# ip link |grep 'link/ether'
link/ether 00:0c:29:d1:7c:b1 brd ff:ff:ff:ff:ff:ff
[root@k8s-master ~]# cat /sys/class/dmi/id/product_uuid
8A2E4D56-EE76-A6CE-0E12-70F4B8D17CB1
[root@k8s-master ~]# netstat -lnupt
主機(172.16.254.135)(k8s-node01)上操作
[root@localhost ~]# echo "k8s-node01" >/etc/hostname
[root@localhost ~]# cat /etc/hostname |xargs hostname
[root@localhost ~]# bash
[root@k8s-node01 ~]#
[root@k8s-node01 ~]# vim /etc/hosts
172.16.254.134 k8s-master
172.16.254.135 k8s-node01
[root@k8s-node01 ~]# swapoff -a
[root@k8s-node01 ~]# systemctl stop firewalld
[root@k8s-node01 ~]# systemctl disable firewalld
[root@k8s-node01 ~]# setenforce 0
[root@k8s-node01 ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
[root@k8s-node01 ~]# vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-node01 ~]# ip link |grep 'link/ether'
link/ether 00:0c:29:6d:40:2b brd ff:ff:ff:ff:ff:ff
[root@k8s-node01 ~]# cat /sys/class/dmi/id/product_uuid
4D854D56-E60A-69DD-CC05-4BF03A6D402B
[root@k8s-node01 ~]# netstat -lnupt
03.部署容器運行平台(docker)
1、安裝Docker
兩台主機上操作相同!
[root@localhost ~]# yum -y install epel-release.noarch yum-utils
[root@localhost ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum -y install device-mapper-persistent-data lvm2
[root@localhost ~]# yum -y install docker-ce-18.09.1
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl enable docker
2、配置Docker,重啟Docker服務
配置Docker在線鏡像源為國內鏡像源,配置Docker使用的cgroup驅動為"systemd"。
兩台主機上操作相同。
[root@k8s-master ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
[root@k8s-master ~]# systemctl restart docker
04.安裝相關組件(kubelet、kubeadm、kubectl)
1、配置YUM-Kubernetes存儲庫
YUM-Kubernetes存儲庫由阿里雲開源鏡像網提供。
兩台主機上操作相同!
[root@k8s-master ~]# vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
2、安裝kubelet、kubeadm、kubectl
兩台主機上操作相同!
[root@k8s-master ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubelet-1.15.0 --disableexcludes=kubernetes
3、配置Kubelet
避免Kubelet受swap影響導致服務啟動失敗。
兩台主機上操作相同!
[root@k8s-master ~]# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@k8s-master ~]# systemctl enable kubelet
05.構建集群
1、查看使用Kubeadm創建Kubernetes集群所需要的Docker鏡像
由於Kubeadm默認使用的在線鏡像源地址是"k8s.gcr.io"。所以我們需要手動下載所需鏡像才能去創建集群。
主機(k8s-master)上操作!
[root@k8s-master ~]# kubeadm config print init-defaults |grep imageRepository
imageRepository: k8s.gcr.io
[root@k8s-master ~]# kubeadm config images list
W0708 15:58:04.237960 23951 version.go:99] falling back to the local client version: v1.15.0
k8s.gcr.io/kube-apiserver:v1.15.0
k8s.gcr.io/kube-controller-manager:v1.15.0
k8s.gcr.io/kube-scheduler:v1.15.0
k8s.gcr.io/kube-proxy:v1.15.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1
2、手動從第三方存儲庫下載鏡像,並重新標記
我們可以先從在線的鏡像源中搜索一下。
兩台主機上操作相同!
[root@k8s-master ~]# docker search kube-apiserver:v1.15.0
[root@k8s-master ~]# docker search richarddockerimage
NAME DESCRIPTION STARS
richarddockerimage/kube-apiserver-v15 k8s.gcr.io/kube-apiserver:v1.15.0 0
richarddockerimage/tomcat_env_image Based on ubuntu 14.04, plus java7 and tomcat… 0
richarddockerimage/docker-whale Demo for docker 0
richarddockerimage/kube-controller-manager-v15 k8s.gcr.io/kube-controller-manager:v1.15.0 0
richarddockerimage/kube-proxy-v15 k8s.gcr.io/kube-proxy:v1.15.0 0
richarddockerimage/kube-scheduler-v15 k8s.gcr.io/kube-scheduler:v1.15.0 0
richarddockerimage/coredns-v15 k8s.gcr.io/coredns:1.3.1 0
richarddockerimage/etcd k8s.gcr.io/etcd:3.3.10 0
richarddockerimage/pause-v15 k8s.gcr.io/pause:3.1 0
richarddockerimage/oracle12 Oracle database 12 0
richarddockerimage/sqlserver sql server 2017 0
richarddockerimage/image_from_dockerfile 0
[root@k8s-master ~]# docker pull richarddockerimage/kube-apiserver-v15
[root@k8s-master ~]# docker pull richarddockerimage/kube-controller-manager-v15
[root@k8s-master ~]# docker pull richarddockerimage/kube-scheduler-v15
[root@k8s-master ~]# docker pull richarddockerimage/kube-proxy-v15
[root@k8s-master ~]# docker pull richarddockerimage/pause-v15
[root@k8s-master ~]# docker pull richarddockerimage/etcd
[root@k8s-master ~]# docker pull richarddockerimage/coredns-v15
[root@k8s-master ~]# docker tag richarddockerimage/kube-apiserver-v15 k8s.gcr.io/kube-apiserver:v1.15.0
[root@k8s-master ~]# docker tag richarddockerimage/kube-controller-manager-v15 k8s.gcr.io/kube-controller-manager:v1.15.0
[root@k8s-master ~]# docker tag richarddockerimage/kube-scheduler-v15 k8s.gcr.io/kube-scheduler:v1.15.0
[root@k8s-master ~]# docker tag richarddockerimage/kube-proxy-v15 k8s.gcr.io/kube-proxy:v1.15.0
[root@k8s-master ~]# docker tag richarddockerimage/pause-v15 k8s.gcr.io/pause:3.1
[root@k8s-master ~]# docker tag richarddockerimage/etcd k8s.gcr.io/etcd:3.3.10
[root@k8s-master ~]# docker tag richarddockerimage/coredns-v15 k8s.gcr.io/coredns:1.3.1
[root@k8s-master ~]# docker rmi richarddockerimage/kube-apiserver-v15
[root@k8s-master ~]# docker rmi richarddockerimage/kube-controller-manager-v15
[root@k8s-master ~]# docker rmi richarddockerimage/kube-scheduler-v15
[root@k8s-master ~]# docker rmi richarddockerimage/kube-proxy-v15
[root@k8s-master ~]# docker rmi richarddockerimage/pause-v15
[root@k8s-master ~]# docker rmi richarddockerimage/etcd
[root@k8s-master ~]# docker rmi richarddockerimage/coredns-v15
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/etcd 3.3.10 aae65e9fad13 9 days ago 258MB
k8s.gcr.io/coredns 1.3.1 12dcba476018 9 days ago 40.3MB
k8s.gcr.io/pause 3.1 f3120a7daf47 9 days ago 742kB
k8s.gcr.io/kube-proxy v1.15.0 b39aca5c3855 9 days ago 82.4MB
k8s.gcr.io/kube-scheduler v1.15.0 9270c92a5165 9 days ago 81.1MB
k8s.gcr.io/kube-controller-manager v1.15.0 79939977718a 9 days ago 159MB
k8s.gcr.io/kube-apiserver v1.15.0 6ea465931092 9 days ago 207MB
3、創建一個Kubernetes集群
主機(k8s-master)上操作!
使用以下命令將會在主機上自動安裝並運行控制平面(Master)組件服務。
[root@k8s-master ~]# kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --apiserver-advertise-address=0.0.0.0 --ignore-preflight-errors=Swap
Your Kubernetes control-plane has initialized successfully!
你的Kubernetes 控制平面節點(Master)安裝成功!
To start using your cluster, you need to run the following as a regular user:
要開始使用集群,你需要作為常規用戶運行一下內容:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
你現在需要向集群中部署一個Pod網絡。
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
你可以通過下面鏈接中的幫助文檔,安裝一個適用的網絡插件用於Pod網絡通信。
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
你可以運行以下命令將任意Node節點的加入到Kubernetes集群中。
kubeadm join 172.16.254.134:6443 --token c4p317.ia0w2uc6m1f4pmnn \
--discovery-token-ca-cert-hash sha256:ef2c778a8d7c6c2df000449249f45f55bf35356239fdaefa84822fde4b2f4b71
4、拷貝kubectl的配置文件
主機(k8s-master)上操作!
集群創建完成后,我們需要使用"kubectl"客戶端連接管理集群,kubectl使用生成的配置文件連接並管理操作集群,源配置文件路徑:/etc/kubernetes/admin.conf。
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
5、部署網絡插件(flannel)
主機(k8s-master)上操作!
Kubenetes中Pod之間網絡通信通過第三方擴展來實現的,所以我們需要安裝第三方網絡插件,flannel是常用的網絡插件,當然可以選擇其他,請參考官方文檔。
安裝完成后我們使用"kubectl get pods --all-namespaces"命令查看下"kube-system"這個名稱空間下的Pod運行情況,發現都是"Running"運行狀態,說明Kubernetes集群已正常工作了。
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/62e44c867a2846fefb68bd5f178daf4da3095ccb/Documentation/kube-flannel.yml
[root@k8s-master ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-5c98db65d4-sj2j6 1/1 Running 0 93m
kube-system coredns-5c98db65d4-zhpdw 1/1 Running 0 93m
kube-system etcd-k8s-master 1/1 Running 0 92m
kube-system kube-apiserver-k8s-master 1/1 Running 0 92m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 92m
kube-system kube-flannel-ds-amd64-22fnl 1/1 Running 0 12m
kube-system kube-proxy-dlxwl 1/1 Running 0 93m
kube-system kube-proxy-mtplf 1/1 Running 0 100s
kube-system kube-scheduler-k8s-master 1/1 Running 0 92m
6、將Node節點主機加入到集群中
主機(k8s-Node01)上操作!
默認情況下,在創建的集群的時候,就會創建一個Token和CA證書,用於Node節點連接並接入到集群中,令牌的過期時間默認是24小時,當超過這個時間,如果還需要Node節點加入到集群中的話,則我們需要手動創建Token和CA證書。
[root@k8s-master ~]# kubeadm token list
[root@k8s-master ~]# kubeadm token create
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
[root@k8s-node01 ~]# kubeadm join 172.16.254.134:6443 --token c4p317.ia0w2uc6m1f4pmnn --discovery-token-ca-cert-hash sha256:ef2c778a8d7c6c2df000449249f45f55bf35356239fdaefa84822fde4b2f4b71 --ignore-preflight-errors=Swap
This node has joined the cluster:
這個節點已加入到集群中:
* Certificate signing request was sent to apiserver and a response was received.
證書簽名請求已發送到API Server,並接受到響應。
* The Kubelet was informed of the new secure connection details.
Kubelet被告知新的安全連接細節。
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
在控制平面上運行這個命令"kubectl get nodes"可以看到這個節點已加入到集群中。
06.查看集群
1、查看集群中節點情況
主機(k8s-master)上操作。
我們已經看到集群已經構建完成!Master和Node節點處於就緒狀態。
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 95m v1.15.0
k8s-node01 Ready <none> 2m57s v1.15.0
2、查看控制平面(Master)節點組件運行情況
[root@k8s-master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
3、查看集群狀態信息
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://172.16.254.134:6443
KubeDNS is running at https://172.16.254.134:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
4、查看集群版本
[root@k8s-master ~]# kubectl version --short=true
Client Version: v1.15.0
Server Version: v1.15.0
07.簡單使用
在集群中創建一個Pod,驗證是否可正常運行!
1、創建Deployment
創建Deployment(Pod控制器),即會自動創建並調度Pod在Node上運行起來。
創建Pod后,Kubernetes會自動在Docker上基於鏡像運行起來一個容器應用。
Pod內運行Nginx應用的容器。
[root@minikube ~]# kubectl create deployment nginx --image=nginx # 創建Deployment
[root@minikube ~]# kubectl get deployment -o wide # 查看Deployment
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 1/1 1 1 24m nginx nginx app=nginx
[root@minikube ~]# kubectl get pod -o wide # 查看Pod
NAME READY STATUS RESTARTS AGE IP NODE
nginx-554b9c67f9-7bzhw 1/1 Running 0 24m 172.17.0.2 minikube
2、創建Service
創建Service,映射容器應用暴露的端口到主機端口,映射到主機上的端口是隨機分配的。
[root@minikube ~]# kubectl expose deployment nginx --port=80 --type=NodePort # 創建Service
[root@minikube ~]# kubectl get service nginx -o wide # 查看Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx NodePort 10.96.89.7 <none> 80:32756/TCP 2m4s app=nginx
3、通過瀏覽器訪問
訪問地址:NodeIP:Port.
