使用kubeadm在CentOS 7.5上安装Kubernetes 1.11.2
Kubernetes作为Google开源的容器运行平台,受到了大家的热捧。搭建一套完整的kubernetes平台,也成为试用这套平台必须迈过的坎儿。kubernetes1.5版本以及之前,安装还是相对比较方便的,官方就有通过yum源在CentOS 7安装Kubernetes。但是在kubernetes1.6之后,安装就比较繁琐了,需要证书各种认证,对于刚接触Kubernetes的人来说很不友好,按照官方文档在本地安装“集群”的的话,我觉得你肯定是跑不起来的,除非你突破了GFW的限制,还要懂得怎么样不断修改参数。
Kubernetes的官方文档更新的速度太快了,我们注意到在Kubernetes 1.9的文档Using kubeadm to Create a Cluster中已经给出了目前1.9的kubeadm的主要特性已经处于beta状态了,在2018年将进入GA状态,说明kubeadm离可以在生产环境中使用的距离越来越近了。
kubeadm方式部署,Kubernetes可以把Kubernetes自身的大部分应用管控起来,即运行于pod上,但是kubelet和docker不能这样实现自托管,这两个主机运行为守护进程,因此,只需要在所有主机都安装kubelet和docker,构建Kubernetes集群。相当于是自举。etcd也是托管于pod上运行,使用kubeadm进行部署,安装过程相对简单。这些主件的pod一般为静态pod(不属于Kubernetes管理),也可以运行为自托管的pod,每个主机都要运行flannel这个主件,可以运行为pod。flannel为动态pod。
kubeadm的介绍可以查看如下链接
https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.10.md
通过kubeadm init 完成集群master节点的初始化,用kubeadm join加入集群
最关键,服务器的资源至少为2G内存,否则初始化Kubernetes会报错
默认情况下,会到google托管的站点下载所有的镜像
使用kubeadm安装,默认网络如下:
pod的默认ip 为 10.244.0.0/16
service的默认ip 10.92.0.0/12
节点网络为:172.20.0.0/16
docker要和Kubernetes结合使用,首先要先通过Kubernetes认证,否则会报警。目前Kubernetes只认证到17.03的版本
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.06.1-ce. Max validated version: 17.03
架构规划
kubernetes至少需要一个master和一个node才能组成一个可用集群。
我们搭建一个master节点和一个node节点。
我们在生产环境中使用时kubernetes时可以适当增加节点。
准备二台主机,分别安装docker和kubelet,其他服务都是通过自托管实现
安装步骤如下三步
- master和node 安装 kubelet、kubeadm、docker
- mster:kubeadm init
- nodes:kubeadm join
安装准备
操作系统:CentOS 7.5
更新系统
# yum update -y && reboot
# cat /etc/centos-release
CentOS Linux release 7.5.1804 (Core)
# uname -r
3.10.0-862.11.6.el7.x86_64
安装机器:kubernetes-master为master节点,kubernetes-node01为slave节点
在两台机器上设置hosts
# echo '192.168.56.55 kubernetes-master' >> /etc/hosts
# echo '192.168.56.56 kubernetes-node01' >> /etc/hosts
kubernetes启用ipvs
确保内核开启了ipvs模块
# lsmod | grep ip_vs
没开启加载方式
# modprobe -- ip_vs
# modprobe -- ip_vs_rr
# modprobe -- ip_vs_wrr
# modprobe -- ip_vs_sh
# modprobe -- nf_conntrack_ipv4
安装Docker
注: 所有节点均需执行该步骤
配置安装源-阿里云源
设置aliyun的docker-ce源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
设置aliyun的kubernetes源
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
#baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
#gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
解决路由异常和调整swappiness参数
安装bridge-util软件,加载bridge模块,加载br_netfilter模块
# yum install bridge-utils -y
# lsmod | grep bridge
# modprobe bridge
# modprobe br_netfilter
# echo 'vm.swappiness = 0' >> /etc/sysctl.conf
# echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
# echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
# sysctl --system
查看当前的Docker版本
# yum list docker-ce --showduplicates | sort -r
# yum install docker-ce -y
# systemctl enable docker
由于Kubernetes安装有很多镜像国内下载不到,因为编辑如下的配置文件可以找到需要的镜像,启动docker前,在Service配置段里定义环境变量,Environment,表示通过这个代理去加载Kubernetes所需的镜像,加载完成后,可以注释掉,仅使用国内的加速器来拉取非Kubernetes的镜像,后续需要使用时,再开启。
# vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"
Environment="HTTP_PROXY=http://www.ik8s.io:10080"
Environment="NO_PROXY=127.0.0.0/8,172.20.0.0/16"
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
#保存退出后,执行
# systemctl daemon-reload
确保如下两个参数值为1,默认为1。
# cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1
启动docker-ce
# systemctl start docker
设置开机启动
# systemctl enable docker
安装kubeadm、kubectl、kubelet
Kubernetes集群节点都要安装kubeadm,kubelet,kubectl
使用kubeadm官方文档:https://kubernetes.io/docs/setup/independent/install-kubeadm
#查看可用版本
# yum list --showduplicates | grep 'kubeadm\|kubectl\|kubelet'
#默认安装最新版本,当前安装的版本为1.11.2,也可以安装指定版本
# yum install kubeadm kubectl kubelet -y
# systemctl enable kubelet
安装Kubernetes集群,kubeadm会读取/etc/systemd/system/kubelet.service.d/10-kubeadm.conf文件的配置信息,更改cgroup的驱动,这里的驱动要要docker一致,因此用docker info | grep Cgroup命令查看docker的驱动类型,如这里查到的结果为 cgroupfs,因此修改kubeadm的配置文件如下
# docker info | grep Cgroup
Cgroup Driver: cgroupfs
# vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
1.10以上版本,使用kubeadm安装的,直接修改kube-proxy configmap即可
# kubectl edit configmap kube-proxy --namespace=kube-system
mode: "" 修改为 mode: "ipvs"
使用kubeadm init初始化集群
初始化kubeadm,仅在master节点上执行
查看kubeadm相关的参数
# kubeadm init --help
# kubeadm init --kubernetes-version=v1.11.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.56.55:6443 --token nk4y2d.akj9heoeqh6a647e --discovery-token-ca-cert-hash sha256:ec53e4f34482c6ba71868f43c9e54e10b67cc447bb86b5899a7ba0444d0164af
更多init的错误可以新开一个控制台使用命令跟踪:
[root@kubernetes-master ~]# journalctl -f -u kubelet
[root@kubernetes-master ~]# mkdir -p $HOME/.kube
[root@kubernetes-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
kubectl命令自动补全
# source <(kubectl completion bash)
# echo "source <(kubectl completion bash)" >> ~/.bashrc
获取组件的健康状态
# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
查看节点信息
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kubernetes-master NotReady master 5m v1.11.2
安装Flannel
这里status未就绪,是因为没有网络插件,如flannel.地址https://github.com/coreos/flannel可以查看flannel在github上的相关项目,执行如下的命令自动安装flannel。
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
执行完上述命令后,会拉取flannel的镜像,可用docker image ls查看flannel镜像是否成功拉取,如quay.io/coreos/flannel :v0.10.0-amd64
# docker image ls
获取当前系统上所有在运行的pod的状态,指定名称空间为kube-system,为系统级的pod
# kubectl get pods --namespace=kube-system
镜像拉取成功后,一般会把启动起来。此时默认的node状态为Ready,如下
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kubernetes-master Ready master 13m v1.11.2
获取当前系统的名称空间
# kubectl get namespaces
NAME STATUS AGE
default Active 16m
kube-public Active 16m
kube-system Active 16m
kubernetes启用ipvs
看到pod如下信息表明成功
# kubectl logs --namespace=kube-system kube-proxy-qhp8m
I0904 07:40:27.547304 1 server_others.go:183] Using ipvs Proxier.
W0904 07:40:27.554131 1 proxier.go:355] IPVS scheduler not specified, use rr by default
I0904 07:40:27.554218 1 server_others.go:210] Tearing down inactive rules.
I0904 07:40:27.571427 1 server.go:448] Version: v1.11.2
I0904 07:40:27.574574 1 conntrack.go:98] Set sysctl 'net/netfilter/nf_conntrack_max' to 262144
I0904 07:40:27.574617 1 conntrack.go:52] Setting nf_conntrack_max to 262144
I0904 07:40:27.574867 1 conntrack.go:83] Setting conntrack hashsize to 65536
I0904 07:40:27.579747 1 conntrack.go:98] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_established' to 86400
I0904 07:40:27.579789 1 conntrack.go:98] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_close_wait' to 3600
I0904 07:40:27.579961 1 config.go:102] Starting endpoints config controller
I0904 07:40:27.579975 1 controller_utils.go:1025] Waiting for caches to sync for endpoints config controller
I0904 07:40:27.579992 1 config.go:202] Starting service config controller
I0904 07:40:27.579997 1 controller_utils.go:1025] Waiting for caches to sync for service config controller
I0904 07:40:27.680117 1 controller_utils.go:1032] Caches are synced for service config controller
I0904 07:40:27.680142 1 controller_utils.go:1032] Caches are synced for endpoints config controller
测试DNS (只在主节点执行),确认解析正常
# kubectl run curl --image=radial/busyboxplus:curl -i --tty
If you don't see a command prompt, try pressing enter.
[ root@curl-87b54756-qtz9t:/ ]$ nslookup kubernetes.default
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
[ root@curl-87b54756-qtz9t:/ ]$
向Kubernetes集群添加Node (只在副节点执行)
加入master节点,注意,如下命令token和discovery-token-ca-cert-hash是随机生成,可以用命令查找,比较麻烦,建议安装成功后,在成功的信息中,如下的命令需要保存,后期方便加入主节点。
# kubeadm join 192.168.56.55:6443 --token nk4y2d.akj9heoeqh6a647e --discovery-token-ca-cert-hash sha256:ec53e4f34482c6ba71868f43c9e54e10b67cc447bb86b5899a7ba0444d0164af
# mkdir -p $HOME/.kube
在master端执行
# scp /etc/kubernetes/admin.conf centos7-vm-node01:$HOME/.kube/config
内容来源于网络,如有侵权,请联系作者删除!
