集群架構(gòu)圖
image.png
image.png
相關(guān)概念
Cluster:計算、存儲、網(wǎng)絡(luò)資源的總和。Kubernetes的各種基于容器的應(yīng)用都是運行在這些資源上的。
Master:Kubernetes的大腦,負(fù)責(zé)調(diào)度各種計算資源。Master可以是物理機或虛擬機,多個Master可以同時運行,并實現(xiàn)HA。Master節(jié)點上運行的組件可以參見本文架構(gòu)圖。
Node:負(fù)責(zé)運行容器的應(yīng)用,由Master管理,可以是物理機或虛擬機。
Pod:Kubernetes的最小工作單元,也就是說Kubernetes管理的是Pod而不是容器。每個Pod包括一個或多個容器。Pod中的容器會被作為一個整體被Master調(diào)度到另一個Node上。
Controller:Kubernetes通常不會直接創(chuàng)建Pod,而是通過Controller來管理Pod的。Controller中定義了容器中的一些部署特性。
Service:外界訪問一組特定的Pod方式,有自己的IP和端口,Service為Pod提供了負(fù)載均衡。
Namespace:Namespace可以將一個物理的Cluster邏輯上劃分為多個虛擬Cluster,每個Cluster就是一個Namespace,不同的Namespace里的資源完全是隔離的。創(chuàng)建資源時,如果不指定,將會被放到default這個默認(rèn)的Namespace中。
安裝前提
提示:要在每個節(jié)點進(jìn)行以下操作
修改主機命名【可操作】
[root@k8s-master ~]# vim /etc/hosts
192.168.148.10 k8s-master
192.168.148.11 k8s-node01
192.168.148.12 k8s-node02
關(guān)閉并禁用防火墻
[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# systemctl disable firewalld
網(wǎng)絡(luò)橋接設(shè)置
[root@k8s-master ~]# echo 'net.bridge.bridge-nf-call-iptables = 1'>>/etc/sysctl.conf
[root@k8s-master ~]# echo 'net.bridge.bridge-nf-call-ip6tables = 1'>>/etc/sysctl.conf
[root@k8s-master ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
準(zhǔn)備yum源
[root@k8s-master ~]# cd /etc/yum.repos.d/
# docker源
[root@k8s-master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# k8s源
[root@k8s-master yum.repos.d]# vim k8s.repo
[k8s]
name=k8s repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
# 保存退出
[root@k8s-master yum.repos.d]# yum repolist
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
[root@k8s-master yum.repos.d]# rpm --import yum-key.gpg
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@k8s-master yum.repos.d]# rpm --import rpm-package-key.gpg
查看安裝版本列表
[root@k8s-master yum.repos.d]# yum list docker-ce --showduplicates
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
已安裝的軟件包
docker-ce.x86_64 18.06.0.ce-3.el7 @docker-ce-stable
可安裝的軟件包
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable
在mster節(jié)點安裝軟件
這里選擇安裝docker-ce-18.06,kubelet、 kubeadm、 kubectl 1.12.1版本
yum -y install docker-ce-18.06.0.ce-3.el7 kubelet-1.12.1-0 kubeadm-1.12.1-0 kubectl-1.12.1-0
等待安裝完成...
查看安裝清單
[root@k8s-master yum.repos.d]# rpm -ql kubelet
/etc/kubernetes/manifests #清單目錄
/etc/sysconfig/kubelet #配置文件
/etc/systemd/system/kubelet.service
/usr/bin/kubelet #主程序
k8s相關(guān)docker鏡像獲取
首先需要啟動docker程序
systemctl daemon-reload #修改docker相關(guān)配置文件時,需要重新加載配置信息
systemctl start docker #啟動docker程序
systemctl enable docker #并設(shè)置開機自動啟動
systemctl enable kubelet #并設(shè)置開機自動啟動
由于google http://www.ik8s.io:10080 鏡像網(wǎng)址無法訪問,相關(guān)鏡像無法下載,可到阿里相關(guān)用戶公開鏡像倉庫下載(我已準(zhǔn)備好v1.12.1相關(guān)版本鏡像):
docker pull registry.cn-beijing.aliyuncs.com/yzxd/kube-apiserver:v1.12.1
docker pull registry.cn-beijing.aliyuncs.com/yzxd/kube-controller-manager:v1.12.1
docker pull registry.cn-beijing.aliyuncs.com/yzxd/kube-scheduler:v1.12.1
docker pull registry.cn-beijing.aliyuncs.com/yzxd/kube-proxy:v1.12.1
docker pull registry.cn-beijing.aliyuncs.com/yzxd/etcd:3.2.24
docker pull registry.cn-beijing.aliyuncs.com/yzxd/pause:3.1
docker pull registry.cn-beijing.aliyuncs.com/yzxd/coredns:1.2.2
docker pull registry.cn-beijing.aliyuncs.com/yzxd/flannel:v0.10.0-amd64
# 下載完成后,查看鏡像
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-beijing.aliyuncs.com/yzxd/kube-proxy v1.12.1 61afff57f010 2 months ago 96.6MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-apiserver v1.12.1 dcb029b5e3ad 2 months ago 194MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-controller-manager v1.12.1 aa2dd57c7329 2 months ago 164MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-scheduler v1.12.1 d773ad20fd80 2 months ago 58.3MB
registry.cn-beijing.aliyuncs.com/yzxd/etcd 3.2.24 3cab8e1b9802 2 months ago 220MB
registry.cn-beijing.aliyuncs.com/yzxd/coredns 1.2.2 367cdc8433a4 3 months ago 39.2MB
registry.cn-beijing.aliyuncs.com/yzxd/flannel v0.10.0-amd64 f0fad859c909 10 months ago 44.6MB
registry.cn-beijing.aliyuncs.com/yzxd/pause 3.1 da86e6ba6ca1 11 months ago 742kB
# 由于k8s使用鏡像名稱與下載的鏡像名不同,需要進(jìn)行鏡像名稱改動
docker tag registry.cn-beijing.aliyuncs.com/yzxd/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-beijing.aliyuncs.com/yzxd/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
docker tag registry.cn-beijing.aliyuncs.com/yzxd/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag registry.cn-beijing.aliyuncs.com/yzxd/kube-scheduler:v1.12.1 k8s.gcr.io/kube-scheduler:v1.12.1
docker tag registry.cn-beijing.aliyuncs.com/yzxd/kube-controller-manager:v1.12.1 k8s.gcr.io/kube-controller-manager:v1.12.1
docker tag registry.cn-beijing.aliyuncs.com/yzxd/kube-apiserver:v1.12.1 k8s.gcr.io/kube-apiserver:v1.12.1
docker tag registry.cn-beijing.aliyuncs.com/yzxd/kube-proxy:v1.12.1 k8s.gcr.io/kube-proxy:v1.12.1
docker tag registry.cn-beijing.aliyuncs.com/yzxd/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
# 修改后的鏡像列表
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-proxy v1.12.1 61afff57f010 2 months ago 96.6MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-proxy v1.12.1 61afff57f010 2 months ago 96.6MB
k8s.gcr.io/kube-scheduler v1.12.1 d773ad20fd80 2 months ago 58.3MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-scheduler v1.12.1 d773ad20fd80 2 months ago 58.3MB
k8s.gcr.io/kube-apiserver v1.12.1 dcb029b5e3ad 2 months ago 194MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-apiserver v1.12.1 dcb029b5e3ad 2 months ago 194MB
k8s.gcr.io/kube-controller-manager v1.12.1 aa2dd57c7329 2 months ago 164MB
registry.cn-beijing.aliyuncs.com/yzxd/kube-controller-manager v1.12.1 aa2dd57c7329 2 months ago 164MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 2 months ago 220MB
registry.cn-beijing.aliyuncs.com/yzxd/etcd 3.2.24 3cab8e1b9802 2 months ago 220MB
k8s.gcr.io/coredns 1.2.2 367cdc8433a4 3 months ago 39.2MB
registry.cn-beijing.aliyuncs.com/yzxd/coredns 1.2.2 367cdc8433a4 3 months ago 39.2MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 10 months ago 44.6MB
registry.cn-beijing.aliyuncs.com/yzxd/flannel v0.10.0-amd64 f0fad859c909 10 months ago 44.6MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 11 months ago 742kB
registry.cn-beijing.aliyuncs.com/yzxd/pause 3.1 da86e6ba6ca1 11 months ago 742kB
# 刪除下載的鏡像
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/kube-apiserver:v1.12.1
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/kube-controller-manager:v1.12.1
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/kube-scheduler:v1.12.1
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/kube-proxy:v1.12.1
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/etcd:3.2.24
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/pause:3.1
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/coredns:1.2.2
docker rmi registry.cn-beijing.aliyuncs.com/yzxd/flannel:v0.10.0-amd64
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-proxy v1.12.1 61afff57f010 2 months ago 96.6MB
k8s.gcr.io/kube-scheduler v1.12.1 d773ad20fd80 2 months ago 58.3MB
k8s.gcr.io/kube-apiserver v1.12.1 dcb029b5e3ad 2 months ago 194MB
k8s.gcr.io/kube-controller-manager v1.12.1 aa2dd57c7329 2 months ago 164MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 2 months ago 220MB
k8s.gcr.io/coredns 1.2.2 367cdc8433a4 3 months ago 39.2MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 10 months ago 44.6MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 11 months ago 742kB
如果想獲取更高k8s.gcr.io相關(guān)包,可根據(jù)以下方式獲取,因為docker.io倉庫對google的容器做了鏡像,這根據(jù)網(wǎng)速快慢,決定下載快慢,網(wǎng)卡實時,可能會下載失敗。下載完后修改成對應(yīng)的名稱。
docker pull mirrorgooglecontainers/kube-apiserver:v1.13.0
docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.0
docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.13.0
docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.13.0
到目前為止,所以鏡像文件已經(jīng)準(zhǔn)備完畢!!!
初始化k8s
[root@k8s-master ~]# vim /etc/sysconfig/kubelet
#指定額外的初始化信息,下面表示禁用操作系統(tǒng)的swap功能
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
進(jìn)行初始化
kubeadm init --kubernetes-version=v1.12.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
[preflight/images] Pulling images required for setting up a Kubernetes cluster ##表示開始拉取鏡像
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' ##由于以上操作,把相關(guān)鏡像已經(jīng)pull到本地了,很快就結(jié)束
[certificates] Generated apiserver-kubelet-client certificate and key. ##可以看到生成一堆證書
[certificates] Generated sa key and public key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
##yml控制給pod分多少cpu和內(nèi)存
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.
###markmaster幫我們把此節(jié)點標(biāo)記為主節(jié)點
[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
##bootstraptoken是引導(dǎo)令牌,讓其他nodes加入集群時用的
[bootstraptoken] using token: as5gwu.ktojf6cueg0doexi
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
##從k8s 1.11版開始,DNS正式被CoreDNS取代,它支持很多新的功能,比如資源的動態(tài)配置等
[addons] Applied essential addon: CoreDNS
##kube-proxy托管在K8S之上,負(fù)責(zé)生產(chǎn)service的iptables和ipvs規(guī)則,從k8s1.11開始默認(rèn)支持ipvs
[addons] Applied essential addon: kube-proxy
##看到初始化成功了
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
##還需要手工運行一下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
##其他機器裝好包后,可以執(zhí)行下面的命令來把nodes節(jié)點加入集群,把下面的命令記得自己保存起來,要不將來找不著就加不進(jìn)去了
##其實這么設(shè)計的目的就是不是誰都能加入集群的,需要拿著下面的令牌來加入
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.148.10:6443 --token fp2kiw.ckplxjg0qqk54269 --discovery-token-ca-cert-hash sha256:6b920472ac5213a002dee75d62d6d3b0caf8051e5cdf8d7c37066d85d5abe022 --ignore-preflight-errors=Swap
提示:如果安裝出錯了,可以執(zhí)行kubeadm reset命令進(jìn)行重置,再重新執(zhí)行kubeadm init...命令
請記錄好最后一行的 kubeadm join ...,這是其它節(jié)點加入集群的口令。
手動執(zhí)行初始化提示的命令:
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
查看狀態(tài)信息
查看組件信息:
[root@k8s-master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
查看節(jié)點信息:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 51m v1.12.1
說明:狀態(tài)為NotReady,是因為還缺flannel組件,沒有這個組件是沒法設(shè)置網(wǎng)絡(luò)的。
安裝flannel網(wǎng)絡(luò)組件(master上執(zhí)行)
下載地址:https://github.com/coreos/flannel
image.png
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看當(dāng)前master節(jié)點上kube-system名稱空間里運行的所有pod狀態(tài):
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-576cbf47c7-4hn4p 1/1 Running 0 3h50m
coredns-576cbf47c7-fwpvk 1/1 Running 0 3h50m
etcd-k8s-master 1/1 Running 0 3h49m
kube-apiserver-k8s-master 1/1 Running 0 3h49m
kube-controller-manager-k8s-master 1/1 Running 0 3h49m
kube-flannel-ds-amd64-m7pgh 1/1 Running 0 3h46m
kube-proxy-5h8wg 1/1 Running 0 145m
kube-scheduler-k8s-master 1/1 Running 0 3h49m
查看nodes節(jié)點信息,看到status這回變成ready狀態(tài)
[root@k8s-master chenzx]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 1h v1.12.1
查看當(dāng)前節(jié)點名稱空間
[root@k8s-master chenzx]# kubectl get ns
NAME STATUS AGE
default Active 3h
kube-public Active 3h
kube-system Active 3h
在nodes節(jié)點上安裝k8s
nodes上可以不安裝kubectl
yum -y install docker-ce-18.06.0.ce-3.el7 kubelet-1.12.1-0 kubeadm-1.12.1-0
設(shè)置過濾警告項
vim /etc/sysconfig/kubelet
#指定額外的初始化信息
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
加入集群口令:
kubeadm init --kubernetes-version=v1.12.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
# 加入集群提示
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node1" as an annotation
This node has joined the cluster:
* Certificate signing request was sent to master and a response
was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the master to see this node join the cluster.
現(xiàn)在在master節(jié)點查看節(jié)點信息
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 4h2m v1.12.1
k8s-node01 Ready <none> 161m v1.12.1
其它節(jié)點進(jìn)行相同操作!!!
到此,集群搭建完畢!!!
原始資源可以參考:
http://blog.itpub.net/28916011/viewspace-2213536
https://blog.csdn.net/solaraceboy/article/details/83308339
