kubernetes 集群部署

kubernetes 集群部署

环境
JiaoJiao_Centos7-1(152.112) 192.168.152.112
JiaoJiao_Centos7-2(152.113) 192.168.152.113
JiaoJiao_Centos7-3(152.114) 192.168.152.114
已开通 4C+8G+80G

集群规划

 

部署方式

环境准备：基于主机名称通信，时间同步，关闭firewall和iptables.service

方式一：yum ,rpm 安装。复杂。

1. etcd cluster ：安装在master节点上2. flannel：安装在所有节点上
2. 安装配置master
kube-apiserver,kube-scheduler,kube-controller-manager
3. 安装配置node
kube-proxy
kubelet

方式二：使用kubeadm工具安装。简单。

1. master和node 都用yum 安装kubelet，kubeadm，docker
2. master 上初始化：kubeadm init
3. master 上启动一个flannel的pod
4. node上加入集群:kubeadm join

部署步骤

采取方式二：使用kubeadm工具安装步骤

准备环境

修改主机名（3台机器都需要修改）

# hostnamectl set-hostname master

配置hosts和dns解析（3台机器都需要配置）

[root@node02 ~]# cat /etc/hosts
127.0.0.1 node02 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 node02 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.152.112 master
192.168.152.113 node01
192.168.152.114 node02

默认的dns服务器没法解析到opsx.alibaba.com和mirrors.aliyun.com，使用nameserver 192.168.?.?（具体根据你所在公司环境设置）这个可以。

[root@master ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.?.?

 

关闭防火墙和iptables，检查iptables配置值是否为1（3台机器都需要）

# systemctl stop firewalld.service
# systemctl stop iptables.service 
# systemctl disable firewalld.service
[root@master docker]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 
1
[root@master docker]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 
1

配置docker yum源

#yum update
#yum install -y yum-utils device-mapper-persistent-data lvm2 wget
#cd /etc/yum.repos.d
#wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

配置kubernetes yum 源

#wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# rpm --import rpm-package-key.gpg
# rpm --import yum-key.gpg
[root@master yum.repos.d]# cat kubernetes.repo 
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
# yum repolist

master和node 安装kubelet，kubeadm，docker

# yum install docker-ce kubelet kubeadm

master 上安装kubectl ，node节点可以选择安装或者不安装

kubectl 是API server 客户端程序，通过连接master端的API server来实现k8s对象资源的增删改查等基本操作。

#yum install kubectl

 

docker的配置

配置私有仓库和镜像加速地址

[root@master docker]# cat /etc/docker/daemon.json 
{"registry-mirrors": ["http://295c6a59.m.daocloud.io"],
"insecure-registries":["自己搭建的私有仓库地址"]}

 

设置代理

[root@master docker]# cat /usr/lib/systemd/system/docker.service |grep -v "^#"
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
#设置代理地址，和不让代理的地址
Environment="HTTPS_PROXY=http://www.ik8s.io:10080" "NO_PROXY=localhost,127.0.0.1,192.168.152.0/24"
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target

 

启动docker

# systemctl daemon-reload 
# systemctl start docker 
[root@master docker]# docker info 
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.09.6
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.64GiB
Name: master
ID: KEBQ:4XXU:LTA7:J5QH:HK4F:JS26:RKI4:YFPJ:RY45:Q647:SJI6:VZDQ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTPS Proxy: http://www.ik8s.io:10080 #代理地址
No Proxy: localhost,127.0.0.1,192.168.152.0/24
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
XXXXX #本公司私有库地址
127.0.0.0/8
Registry Mirrors:
http://295c6a59.m.daocloud.io/ #镜像加速地址
Live Restore Enabled: false
Product License: Community Engine 
# systemctl enable docker

 

master 上初始化：kubeadm init

修改配置文件，忽略swap报错

[root@master docker]# cat /etc/sysconfig/kubelet 
KUBELET_EXTRA_ARGS="--fail-swap-on=false"

 

初始化

#kubeadm init [command] --help 可以先查看下帮助
# kubeadm init --kubernetes-version=v1.14.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap--kubernetes-version=v1.14 # k8s的版本
版本通过：https://github.com/kubernetes/kubernetes/releases 来确定你需要的版本。
--pod-network-cidr=10.244.0.0/16 #pod网络。flannel 的默认是10.244.0.0/16
--service-cidr=10.96.0.0/12 # service 网络，也是用了默认值
--ignore-preflight-errors=Swap #忽略Swap报错[root@master ~]# kubeadm init --kubernetes-version=v1.14.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
[init] Using Kubernetes version: v1.14.2
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING Swap]: running with swap on is not supported. Please disable swap
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.14.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.14.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.14.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused
, error: exit status 1

 

报错了。拉不到镜像。
解决办法：docker.io仓库对google的容器做了镜像，可以通过下列命令下拉取相关镜像

#docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2
#docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2
#docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2
#docker pull mirrorgooglecontainers/kube-proxy:v1.14.2
#docker pull mirrorgooglecontainers/pause:3.1
#docker pull mirrorgooglecontainers/etcd:3.3.10
#docker pull coredns/coredns:1.3.1

通过docker tag命令来修改镜像的标签：

# docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
# docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
# docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2 
# docker tag mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2 
# docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 
# docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
# docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 

初始化过程中有提示，请按照提示进行操作并且将下面内容保存下来。

kubeadm join 192.168.152.112:6443 --token qlu35g.rfxl6k8mvry8nxfp \
> --discovery-token-ca-cert-hash sha256:8febc1b1402b471187e55186b4c3937ac23cfe830fb6ccfbd2e9f212e011218d

部署网络：master 上启动一个flannel的pod

下载镜像。由于不能直接下载官方镜像，自己百度找了个地址：

#docker pull jmgao1983/flannel:v0.11.0-amd64
#docker tag jmgao1983/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
#docker rmi jmgao1983/flannel:v0.11.0-amd64

启动：

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

检查下：

[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-f7db6 1/1 Running 0 53m
coredns-fb8b8dccf-sd8hk 1/1 Running 0 53m
etcd-master 1/1 Running 0 52m
kube-apiserver-master 1/1 Running 0 52m
kube-controller-manager-master 1/1 Running 0 52m
kube-flannel-ds-amd64-zq5zr 1/1 Running 0 19m
kube-proxy-8mtbc 1/1 Running 0 53m
kube-scheduler-master 1/1 Running 0 52m

到此，master 就安装好了! 保存镜像

docker save -o master.tar k8s.gcr.io/kube-proxy:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2 quay.io/coreos/flannel:v0.11.0-amd64 k8s.gcr.io/coredns:1.3.1 k8s.gcr.io/etcd:3.3.10 k8s.gcr.io/pause:3.1

 

node节点加入集群

将master上保存的镜像同步到节点上

[root@master ~]#scp master.tar node01:/root/
[root@master ~]#scp master.tar node02:/root/

将镜像导入本地

[root@node01 ~]# docker load< master.tar

修改配置，忽略报错：

[root@node01 docker]# cat /etc/sysconfig/kubelet 
KUBELET_EXTRA_ARGS="--fail-swap-on=false"

执行加入集群命令

[root@node01 ~]# kubeadm join 192.168.152.112:6443 --token qlu35g.rfxl6k8mvry8nxfp --discovery-token-ca-cert-hash sha256:8febc1b1402b471187e55186b4c3937ac23cfe830fb6ccfbd2e9f212e011218d --ignore-preflight-errors=Swap

在master上查看节点情况

[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 107m v1.14.2
node01 Ready <none> 23m v1.14.2
node02 Ready <none> 23m v1.14.2