1. 准备阶段
1.1 组建规划
主机名 | 地址 | 角色 | 组件 |
---|---|---|---|
k8s-master | 10.0.209.151 | k8s-master | etcd、kube-apiserver、kube-controller-manager、kube-scheduler |
k8s-node-1 | 10.0.209.152 | k8s-node | kubelet、docker、kube_proxy |
k8s-node-2 | 10.0.209.153 | k8s-node | kubelet、docker、kube_proxy |
1.2 软件下载
(1) Kubernetes二进制文件下载
https://github.com/kubernetes/kubernetes/releases
从上边的网址中选择相应的版本,从 CHANGELOG页面 下载二进制文件,本文以1.12.1版本为例,如图所示为其Linux Server版本:
解压后,在
/root/kubernetes/server/bin
路径下包含一些必须的组件:(2) etcd数据库下载
https://github.com/coreos/etcd/releases/
这里选用的是最新版本v3.3.10。
2. Master安装
2.1 etcd数据库安装
(1)安装
将下载的etcd文件包进行解压,解压后将etcd、etcdctl二进制文件复制到/usr/bin目录。
(2)设置服务文件etcd.service
在/usr/lib/systemd/system/目录下创建文件etcd.service,内容为:
[Unit]
Description=Etcd Server
[Service]
Type=notify
TimeoutStartSec=0
Restart=always
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
- 其中WorkingDirectory为etcd数据库目录,需要在etcd安装前创建
(3)创建配置文件/etc/etcd/etcd.conf
ETCD_NAME=ETCD Server
ETCD_DATA_DIR="/var/lib/etcd/"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.209.151:2379"
(4)配置开机启动并运行
#systemctl daemon-reload
#systemctl enable etcd.service
#systemctl start etcd.service
(5)检验etcd是否安装成功
#etcdctl cluster-health
2.2 kube-apiserver、kube-controller-manager、kube-scheduler服务安装
2.2.1 复制二进制文件到/usr/bin目录
将kube-apiserver、kube-controller-manager、kube-scheduler 三个可执行文件复制到/usr/bin目录
2.2.2 组件安装及配置
2.2.2.1 kube-apiserver
(1)新建并编辑kube-apiserver.service 文件
路径:/usr/lib/systemd/system/kube-apiserver.service
,内容为:
[Unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_API_LOG \
$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
- 其中EnvironmentFile为kube-apiserver的配置文件
(2)配置文件
apiserver配置文件路径为:/etc/kubernetes/apiserver
,内容为:
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--insecure-port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.209.151:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2"
KUBE_API_ARGS=" "
2.2.2.2 kube-controller-manager
(1)新建并编辑kube-controller-manager.service 文件
路径:/usr/lib/systemd/system/kube-controller-manager.service,内容为:
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_MASTER \
$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
(2)配置文件
apiserver配置文件路径为:/etc/kubernetes/controller-manager,内容为:
KUBE_MASTER="--master=http://10.0.209.151:8080"
KUBE_CONTROLLER_MANAGER_ARGS=" "
2.2.2.3 kube-scheduler
(1)新建并编辑kube-scheduler 文件
路径:/usr/lib/systemd/system/kube-scheduler.service,内容为:
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
User=root
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \
$KUBE_MASTER \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
(2)配置文件
kube-scheduler配置文件路径为:/etc/kubernetes/scheduler,内容为:
KUBE_MASTER="--master=http://10.0.209.151:8080"
KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2"
2.2.3 将各组件加入开机自启
systemctl daemon-reload
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl start kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-scheduler.service
2.3 安装完后检验正确
运行命令 kubectl get cs
3 Node安装
Node节点上安装组件有:
- docker
- kube-proxy
- kubelet
3.1 docker安装
Docker的版本需要与kubelete版本相对应,最好都使用最新的版本。
3.2 拷贝 kubelet、kube-proxy
在之前解压的 kubernetes 文件夹中拷贝二进制文件
# cp /root/kubernetes/server/bin/kubelet /usr/bin/
# cp /root/kubernetes/server/bin/kube-proxy /usr/bin/
3.3 kube-proxy安装
# vi /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=/etc/kubernetes/config
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
创建配置目录,并添加配置文件
# mkdir -p /etc/kubernetes
# vi /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
# vi /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://10.0.209.151:8080"
启动服务
# systemctl daemon-reload
# systemctl start kube-proxy
# netstat -lntp | grep kube-proxy
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 12641/kube-proxy
tcp6 0 0 :::10256 :::* LISTEN 12641/kube-proxy
3.4 kubelet安装
# vi /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
# mkdir -p /var/lib/kubelet
# vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=10.0.209.152" #your node ip address
KUBELET_API_SERVER="--api-servers=http://10.0.209.151:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest"
KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"
- 其中 “--hostname-override=10.0.209.152” 为node主机IP地址。
创建配置文件 vi /var/lib/kubelet/kubeconfig
向master进行注册
apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
cluster:
server: http://10.0.209.151:8080
contexts:
- context:
cluster: kubernetes
user: kubelet
name: service-account-context
current-context: service-account-context
启动kubelet并进行验证。
# systemctl daemon-reload
# systemctl start kubelet.service
# netstat -tnlp | grep kubelet
tcp 0 0 127.0.0.1:45415 0.0.0.0:* LISTEN 12576/kubelet
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 12576/kubelet
tcp6 0 0 :::10250 :::* LISTEN 12576/kubelet
tcp6 0 0 :::10255 :::* LISTEN 12576/kubelet
- 其他节点同样操作。
3.5 验证成功及问题解决
在master上执行命令kubectl get node
,返回如下结果:
创建简单得nginx_test.yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
namespace: default
spec:
containers:
- image: docker.io/istio/nginx
imagePullPolicy: IfNotPresent
name: nginx-deployment-6499c587d8
restartPolicy: Always
执行命令,报错如下:
# kubectl apply -f nginx_test.yaml
Error from server (ServerTimeout): error when creating "test.yaml": No API token found for service account "default", retry
after the token is automatically created and added to the service account
原因是service account没有设置API token引起的问题,解决方法有两种:
- 禁用ServiceAccount
编辑/etc/kubenetes/apiserver
去除KUBE_ADMISSION_CONTROL
中的SecurityContextDeny,ServiceAccount
,并重启kube-apiserver.service服务:
#vi /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
#systemctl restart kube-apiserver.service
之后重新创建pod成功。
- 配置ServiceAccount
首先生成密钥,然后分别编辑apiserver和controller-manager配置文件并重启组件。
# openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
# vi /etc/kubenetes/apiserver
KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key" #添加
# vi /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key" # 添加
#systemctl restart kube-controller-manager.service
之后重新创建pod成功。