本文在
centos7.3环境中进行安装
kubernetes版本为1.11.1
etcd版本为3.3.9
1. 下载相关文件
1.1 首先下载k8s相关文件
登录github-kubernetes,点击releases连接:
image.png
找到1.11.1版本,并点击其中的CHANGELOG-1.11.md连接,如图:
image.png
就能进入具体的下载列表界面,我也不知道要哪些东东,先下载下来,如图:
image.png
image.png
下载下来的文件如下图所示:
image.png
1.2 下载etcd
登录github-etcd,找到对应的版本,如下图所示:
image.png
2. 安装前的配置
2.1 防火墙
查看防火墙的状态:
firewall-cmd --state
关闭防火墙:
systemctl stop firewall
systemctl disable firewall
2.2 selinux
关闭selinux:
vi /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled,wq保存退出。
2.3 swap
关闭swap
swapoff -a
vi /etc/fstab
将swap那一行注释掉。
3. 安装Docker
删除旧的docker
$sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
安装需要的组件:
sudo yum install -y yum-utils \
device-mapper-persistent-data \ lvm2
在yum中配置docker地址:
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
如果连不上,则使用下面这个:
sudo yum-config-manager --add-repo http://mirrors/aliyun.com/docker-ce/linux/centos/docker-ce.repo
再配置两个:
sudo yum-config-manager --enable docker-ce-edge
sudo yum-config-manager --enable docker-ce-test
安装docker,这一步需要一点时间,有可能还会连不上docker镜像网站
sudo yum install docker-ce
安装完成之后,启动docker:
sudo systemctl start docker
启动完成之后,使用下面的命令测试docker有没有启动成功:
sudo docker run hello-world
第一次安装时,会去拉镜像,然后会看到Hello from Docker!这样的信息,表示安装成功。
4. Node节点安装
我只有一台服务器,今天第一次安装,不一定能成功,尤其是因为不知道kubernetes的master和node能不能安装在一起,错了再说吧。
4.1 准备工作
Node节点主要是需要安装kubelet和kube-proxy。这两个文件在上面下面的安装包里有。
之前下面的安装包有好几个,好像server的那个安装包,里面什么都有了,我们先解压那个安装包:
tar -zxvf kubernetes-server-linux-amd64.tar.gz
解压之后,进入server/bin目录,看一下有哪些东东:
image.png
我们需要将
kubelet和kube-proxy两个文件复制到/usr/bin目录下面去,因为当前命令行已经在bin目录了,使用下面的命令进行复制:
cp kubelet kube-proxy /usr/bin/
4.2 安装kube-proxy
首先编辑proxy的配置文件:/usr/lib/systemd/system/kube-proxy.service:
vi /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
Requires=network.service
[Service]
EnvironmentFile=/etc/kubernetes/config
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
编辑完了之后,wq保存退出,接着开始编辑EnvironmentFile参数中指定的两个配置文件,编辑这两个配置文件之前,首先需要创建一个配置文件目录:
mkdir -p /etc/kubernetes
后面所有的配置文件都放在这里:
vi /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
vi /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_LOG_DIR="--log-dir=/var/log/kubernetes"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://172.28.8.193:8080"
这两个文件,分别都是编辑完了之后,wq保存退出。
接下来,启动服务,并验证是否启动成功:
[root@greenvm-y16558v2 kubernetes]# systemctl daemon-reload
[root@greenvm-y16558v2 kubernetes]# systemctl start kube-proxy.service
[root@greenvm-y16558v2 kubernetes]# netstat -lntp | grep kube-proxy
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 27624/kube-proxy
tcp6 0 0 :::10256 :::* LISTEN 27624/kube-proxy
4.3 安装kubelet服务
跟上面的类似,首先需要编辑服务的配置文件,vim /usr/lib/systemd/system/kubelet.service:
vi /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
上面的参数WorkingDirectory所指定的目录需要创建:
mkdir -p /var/lib/kubelet
接下来开始编辑配置文件:
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=172.28.8.193"
KUBELET_API_SERVER="--api-servers=http://172.28.8.193:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest"
KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"
上面的配置中,hostname表示的是当前node的名称。
再编辑一下kubeconfig的配置:
vi /var/lib/kubelet/kubeconfig
apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
cluster:
server: http://172.28.8.193:8080
contexts:
- context:
cluster: kubernetes
user: kubelet
name: service-account-context
current-context: service-account-context
最后,启动并验证服务:
[root@greenvm-y16558v2 kubernetes]# swapoff -a
[root@greenvm-y16558v2 kubernetes]# systemctl daemon-reload
[root@greenvm-y16558v2 kubernetes]# systemctl start kubelet.service
[root@greenvm-y16558v2 kubernetes]# netstat -tnlp | grep kubelet
tcp 0 0 127.0.0.1:38496 0.0.0.0:* LISTEN 27972/kubelet
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 27972/kubelet
tcp6 0 0 :::10250 :::* LISTEN 27972/kubelet
tcp6 0 0 :::10255 :::* LISTEN 27972/kubelet
5. 安装Master
5.1 安装etcd
在安装master上的其它k8s组件之前,首先要安装etcd,前面我们已经下载过了,现在需要解压一下:
tar -zxvf etcd-v3.3.9-linux-amd64.tar.gz
然后将etcd和etcdctl复制到/usr/bin目录下:
cp etcd etcdctl /usr/bin/
接下来编辑etcd的服务配置文件:
vi /usr/lib/systemd/system/etcd.service
[Unit]
Description=etcd.service
[Service]
Type=notify
TimeoutStartSec=0
Restart=always
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
创建上面配置中的两个目录:
mkdir -p /var/lib/etcd && mkdir -p /etc/etcd/
编辑环境文件:
vi /etc/etcd/etcd.conf
ETCD_NAME=ETCD Server
ETCD_DATA_DIR="/var/lib/etcd/"
ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
ETCD_ADVERTISE_CLIENT_URLS="http://172.28.8.193:2379"
最后,启动etcd服务,并验证其正确性:
[root@greenvm-y16558v2 k8s]# systemctl daemon-reload
[root@greenvm-y16558v2 k8s]# systemctl start etcd.service
[root@greenvm-y16558v2 k8s]# etcdctl cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://172.28.8.193:2379
cluster is healthy
5.2 安装kube-apiserver
首先,进入之前解压的目录中,/server/bin,把kube-apiserver可执行文件复制到/usr/bin目录中:
cp kube-apiserver /usr/bin/
编辑服务文件:
vi /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_API_LOG \
$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
编辑 环境文件:
vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://172.28.8.193:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.0.0.0/24"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
KUBE_API_ARGS=""
启动服务,并验证其正确性:
[root@greenvm-y16558v2 bin]# systemctl daemon-reload
[root@greenvm-y16558v2 bin]# systemctl start kube-apiserver.service
[root@greenvm-y16558v2 bin]# netstat -tnlp | grep kube-api
tcp6 0 0 :::6443 :::* LISTEN 29228/kube-apiserve
tcp6 0 0 :::8080 :::* LISTEN 29228/kube-apiserve
5.3 安装kube-controller-manager
首先将kube-controller-namager可执行文件复制到/usr/lib目录中:
cp kube-controller-manager /usr/bin/
编辑启动文件:
vi /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_MASTER \
$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
编辑环境文件:
vi /etc/kubernetes/controller-manager
KUBE_MASTER="--master=http://172.28.8.193:8080"
KUBE_CONTROLLER_MANAGER_ARGS=""
启动服务并验证其正确性:
[root@greenvm-y16558v2 bin]# systemctl daemon-reload
[root@greenvm-y16558v2 bin]# systemctl start kube-controller-manager.service
[root@greenvm-y16558v2 bin]# netstat -lntp | grep kube-controll
tcp6 0 0 :::10252 :::* LISTEN 29431/kube-controll
5.4 安装kube-scheduler
首先将kube-scheduler可执行文件复制到/usr/bin目录下:
cp kube-scheduler /usr/bin/
编辑启动文件:
vi /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
User=root
EnvironmentFile=/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \
$KUBE_MASTER \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
编辑环境配置文件:
vi /etc/kubernetes/scheduler
KUBE_MASTER="--master=http://172.28.8.193:8080"
KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes --v=2"
启动服务并验证其正确性:
[root@greenvm-y16558v2 bin]# systemctl daemon-reload
[root@greenvm-y16558v2 bin]# systemctl start kube-scheduler.service
[root@greenvm-y16558v2 bin]# netstat -lntp | grep kube_scheduler
[root@greenvm-y16558v2 bin]# netstat -lntp | grep kube_schedule
[root@greenvm-y16558v2 bin]# netstat -lntp | grep kube-schedule
tcp6 0 0 :::10251 :::* LISTEN 29629/kube-schedule
5.5 配置Profile
将server/bin设置为默认搜索路径,应该就是像java设置环境变量一样:
[root@greenvm-y16558v2 bin]# pwd
/home/software/k8s/kubernetes-server/server/bin
[root@greenvm-y16558v2 bin]# sed -i '$a export PATH=$PATH:/home/software/k8s/kubernetes-server/server/bin/' /etc/profile[root@greenvm-y16558v2 bin]# source /etc/profile
5.6 安装kubectl
这个最简单,将server/bin目录下的kubectl可执行文件复制到/usr/bin目录下即可:
[root@greenvm-y16558v2 bin]# cp kubectl /usr/bin/
[root@greenvm-y16558v2 bin]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
6 验证
最后查看一下有没有安装成功:
[root@greenvm-y16558v2 bin]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
greenvm-y16558v2 Ready <none> 5m v1.11.1
7 后续
本来以为一切都好了,结果发现在拉镜像创建pod时,一直是不成功的,比如官网上的例子:
kubectl run kubernetes-bootcamp --image=jocatalin/kubernetes-bootcamp:v1 --port=8080
通过如下命令查看时,会发现pod一直在创建中:
[root@greenvm-y16558v2 bin]# kubectl get pods
NAME READY STATUS RESTARTS AGE
kubernetes-bootcamp-7d48d75958-w9hgp 0/1 ContainerCreating 0 52s
然后通过kubectl describe pod xx查看具体的原因,发现了如下截图中的错误:
image.png
即:
Warning FailedCreatePodSandBox ...failed pulling image "k8s.gcr.io/pause:3.1"...
出现这种问题,是因为国内防问不了国外呀,这个可以理解为是一个初始镜像,后续的所有用户创建的镜像,都需要通过这个默认的镜像来启动,而这个pull不下来的话,一切都白瞎。
所以需要从国内的仓库取下来,然后打个tag。
[root@greenvm-y16558v2 docker]# docker pull registry.cn-qingdao.aliyuncs.com/minsec/pause-amd64:3.1
3.1: Pulling from minsec/pause-amd64
7675586df687: Pull complete
Digest: sha256:fcaff905397ba63fd376d0c3019f1f1cb6e7506131389edbcb3d22719f1ae54d
Status: Downloaded newer image for registry.cn-qingdao.aliyuncs.com/minsec/pause-amd64:3.1
[root@greenvm-y16558v2 docker]# docker tag registry.cn-qingdao.aliyuncs.com/minsec/pause-amd64:3.1 k8s.gcr.io/pause:3.1
重启kubelet:
[root@greenvm-y16558v2 bin]# systemctl stop kubelet.service
[root@greenvm-y16558v2 bin]# systemctl daemon-reload
[root@greenvm-y16558v2 bin]# systemctl start kubelet.service
再重新创建pod,查看pod及deployment:
[root@greenvm-y16558v2 bin]# kubectl run kubernetes-bootcamp --image=jocatalin/kubernetes-bootcamp:v1 --port=8080
deployment.apps/kubernetes-bootcamp created
[root@greenvm-y16558v2 bin]# kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kubernetes-bootcamp 1 1 1 1 9s
[root@greenvm-y16558v2 bin]# kubectl get pods
NAME READY STATUS RESTARTS AGE
kubernetes-bootcamp-7d48d75958-nllfb 1/1 Running 0 15s
一切正常!
