Kubernetes1.4版本中添加了kubeadm,旨在改善开发者在安装、调试和使用k8s时的体验,降低安装和使用门槛。理论上通过两个命令:init和join即可搭建出一套完整的Kubernetes cluster。
kubeadm安装Kubernetes是非常简单的,但限于国内的GWF导致镜像无法下载,会影响整个安装过程;
实验环境
OS: centOS7
Docker:
# docker version
Client:
Version: 17.05.0-ce
API version: 1.29
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:06:25 2017
OS/Arch: linux/amd64
Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:06:25 2017
OS/Arch: linux/amd64
Experimental: false
1.修改主机名
安装之前一定要修改主机名,因为k8s会使用主机名通信;
vi /etc/hostname
vi /etc/hosts
#添加以下内容
your_ip your_hostname
注:通过这种方式修改主机名,不需要重启节点
2. 安装Docker
具体安装步骤参考官网,推荐安装Docker v1.12;
CentOS: https://docs.docker.com/v1.12/engine/installation/linux/centos/
tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=[https://yum.dockerproject.org/repo/main/centos/7/](https://yum.dockerproject.org/repo/main/centos/7/)
enabled=1
gpgcheck=1
gpgkey=[https://yum.dockerproject.org/gpg](https://yum.dockerproject.org/gpg)
EOF
yum list docker-engine --showduplicates
yum install docker-engine-1.12.6 docker-engine-selinux-1.12.6 -y
systemctl enable docker ; systemctl start docker
3. Linux科学上网
export https_proxy=http://proxy.example.com:8118
export http_proxy=http://proxy.example.com:8118
4. 下载kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl
# 如果想要安装指定版本的kubectl,替换掉/release后面的字符串即可
# 例如,如果想安装1.7.0版本的kubectl,执行以下命令
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/darwin/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl可以下载,也是挺奇怪的,但后面要下载的包可就不奇怪了,好气哦。。。
5. Installing kubelet and kubeadm
注: kubelet和kubeadm安装包下载需要科学上网哦~
kubelet:运行在集群中所有节点上,负责启动pods和容器等;
kubeadm:用于启动Kubernetes集群;
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=[https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64](https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64)
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=[https://packages.cloud.google.com/yum/doc/yum-key.gpg](https://packages.cloud.google.com/yum/doc/yum-key.gpg)
[https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg](https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg)
EOF
setenforce 0
yum install -y kubelet kubeadm
systemctl enable kubelet && systemctl start kubelet
6. 修改docker和kubelet的cgroup驱动
docker和kubelet的cgroup驱动方式不同,需要修复配置:
https://github.com/kubernetes/kubeadm/issues/103
vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
修改 KUBELET_CGROUP_ARGS=--cgroup-driver=systemd
为 KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs
systemctl daemon-reload
systemctl start kubelet
7. Docker代理设置
安装过程中会用Docker下载镜像,所以要让Docker科学上网
配置代理并重启docker、kubelet
[root@k8s ~]# systemctl enable docker
[root@k8s ~]# mkdir -p /etc/systemd/system/docker.service.d/
[root@k8s ~]# vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "HTTPS_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,proxy.example.com"
systemctl daemon-reload
[root@k8s ~]# systemctl restart docker
详情请参考:http://www.jianshu.com/p/bf58a66451d0
8. kubeadm init
Requirements:
- One or more machines running Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+
- 1GB or more of RAM per machine (any less will leave little room for your apps)
- Full network connectivity between all machines in the cluster (public or private network is fine)
Objectives
- 配置代理,kubeadm有部分请求也需要代理
export https_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
export http_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
- kubeadm init
kubeadm init
注:
- --kubernetes-version 指定kubernetes版本
- 如果使用flannel或Calico网络方案,需要指定Pod的IP地址段 --pod-network-cidr=10.244.0.0/16
- --skip-preflight-checks 跳过检查
- 在使用代理也无法pull镜像的时候,可以修改/etc/kubenetes/manifest里面的yaml文件,设置imagePullPolicy为Never或者IfNotPresent
- 无法pull镜像的小伙伴可以留言哦
- kubeadm init过程
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.4
[init] Using Authorization modes: [Node RBAC]
[preflight] Skipping pre-flight checks
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.191.138]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
<-> 这里会停的比较久,要去下载镜像,然后还得启动容器
[apiclient] All control plane components are healthy after 293.004469 seconds
[token] Using token: 2af779.b803df0b1effb3d9
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
[http://kubernetes.io/docs/admin/addons/](http://kubernetes.io/docs/admin/addons/)
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.6:6443
- 配置kubeconfig
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config
# ll ~/.kube/
total 8
drwxr-xr-x. 3 root root 23 Jul 29 21:39 cache
-rw-------. 1 root root 5451 Jul 29 22:57 config
9. 安装Calico
kubernetes version >= 1.6.0执行下面的命令
kubectl apply -f [https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml](https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml)
详情参考: https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/
10. Mater isolation
默认情况下,出于安全情况的考虑master节点不可调度,如果想把Pod调度到master节点,执行以下命令:
$ kubectl taint nodes --all node-role.kubernetes.io/master-
node "test-01" untainted
taint key="dedicated" and effect="" not found.
taint key="dedicated" and effect="" not found.
11.添加worker节点
worker节点需要安装Docker, kubeadm, 将master节点上的镜像拷贝到worker节点;
kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.1:6443 --skip-preflight-checks
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Skipping pre-flight checks
[discovery] Trying to connect to API Server "192.168.191.138:6443"
[discovery] Created cluster-info discovery client, requesting info from "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"
[discovery] Cluster info signature and contents are valid, will use API Server "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"
[discovery] Successfully established connection with API Server "192.168.191.138:6443"
[bootstrap] Detected server version: v1.7.2
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
Node join complete:
* Certificate signing request sent to master and response
received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this machine join.
12. 所需镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gcr.io/google_containers/kube-controller-manager-amd64 v1.7.4 d2adddc4b1cb 7 days ago 138MB
gcr.io/google_containers/kube-apiserver-amd64 v1.7.4 5260ecb5129c 7 days ago 186MB
gcr.io/google_containers/kube-proxy-amd64 v1.7.4 0f3bf654ec61 7 days ago 115MB
gcr.io/google_containers/kube-scheduler-amd64 v1.7.4 b1cd468ba656 7 days ago 77.2MB
quay.io/calico/kube-policy-controller v0.7.0 60d797585fc5 9 days ago 21.9MB
ubuntu 14.04 c69811d4e993 13 days ago 188MB
quay.io/calico/node v2.4.1 7643422fdf0f 2 weeks ago 277MB
centos latest 328edcd84f1b 2 weeks ago 193MB
quay.io/calico/cni v1.10.0 88ca805c8ddd 3 weeks ago 70.3MB
nginx latest b8efb18f159b 4 weeks ago 107MB
busybox latest efe10ee6727f 5 weeks ago 1.13MB
quay.io/coreos/etcd v3.1.10 47bb9dd99916 5 weeks ago 34.6MB
gcr.io/google_containers/etcd-amd64 3.0.17 243830dae7dd 6 months ago 169MB
gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 15 months ago 747kB
sameersbn/squid 3.3.8-14 b51686290574 15 months ago 214MB
13. 创建的Pod
kubectl get pods -n=kube-system
NAME READY STATUS RESTARTS AGE
calico-etcd-fts5g 1/1 Running 1 4d
calico-node-kthzl 2/2 Running 4 4d
calico-policy-controller-336633499-tg35l 1/1 Running 1 4d
etcd-chun 1/1 Running 1 4d
kube-apiserver-chun 1/1 Running 1 4d
kube-controller-manager-chun 1/1 Running 2 4d
kube-dns-2425271678-fz79r 0/3 Pending 0 4d
kube-proxy-k6zfz 1/1 Running 1 4d
kube-scheduler-chun 1/1 Running 1 4d
14. kubernetes使用的端口
6443* Kubernetes API server
2379-2380 etcd server client API
10250 Kubelet API
10251 kube-scheduler
10252 kube-controller-manager
10255 Read-only Kubelet API (Heapster)
13. 参考链接
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
https://github.com/kubernetes/kubeadm/issues/103
https://docs.docker.com/v1.12/engine/installation/linux/centos/
https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/
https://my.oschina.net/styshoo/blog/841308
