摘要:在节点上执行命令使用节点执行命令的输出,在上执行,使其加入集群。在两个节点上,执行完毕上述命令后,在上查看部署成功。部署完成后的观察检查现在正在运行的可以发现,,,运行在上,在三个节点上均有运行在三个节点均有运行
集群规划 网络配置
节点网络: 192.168.18.0/24
service网络: 10.96.0.0/12
pod网络: 10.244.0.0/16
etcd部署在master节点上。
部署方法: ansible部署github上有人将部署方式用playbook实现。
使用kubeadm部署 基本情况kubeadm项目链接地址
master、node: 安装kuberlet, kubeadm, docker
master: kubeadm init
node: kubeadm join
apiserver,scheduler,Controller-manager,etcd在master上以Pod运行
kubeproxy以Pod方式运行在每一个node节点上。
以上pod均为静态Pod
每一个节点都需要运行flannel(也是以Pod方式运行),以提供Pod网络
kubeadm的介绍
安装步骤master,node需要安装kubelet, kubeadm, docker
master节点上运行 kubeadm init
node节点上运行 kubeadm join 加入集群
开始部署 我的环境[root@master yum.repos.d]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@master yum.repos.d]# uname -a Linux master 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux节点解析
通过hosts文件解析
192.168.18.128 master.test.com master 192.168.18.129 node01.test.com node01 192.168.18.130 node02.test.com node02
集群通过时间服务器做时钟同步,我没做。
节点互信可以按照此文档配置节点互信。
选择版本使用kubernetes v1.11.2
开始 确保iptables firewalld等未启动,且不开机自启动 配置yum仓库使用aliyun源,链接
docker源使用如下命令获取cd /etc/yum.repos.d wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repokubernetes源
[root@master yum.repos.d]# cat kubernetes.repo [kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg enabled=1查看源是否生效
# yum clean all # yum repolist ***** ***** Determining fastest mirrors kubernetes 243/243 repo id repo name status base/7/x86_64 CentOS-7 - Base - 163.com 9,911 docker-ce-stable/x86_64 Docker CE Stable - x86_64 16 extras/7/x86_64 CentOS-7 - Extras - 163.com 370 kubernetes Kubernetes Repo 243 updates/7/x86_64 CentOS-7 - Updates - 163.com 1,054 repolist: 11,594安装软件
三台机器都需要安装
使用 yum install docker-ce kubelet kubeadm kubectl 安装
安装的软件包如下:
Installing : kubectl-1.11.2-0.x86_64 1/7 Installing : cri-tools-1.11.0-0.x86_64 2/7 Installing : socat-1.7.3.2-2.el7.x86_64 3/7 Installing : kubernetes-cni-0.6.0-0.x86_64 4/7 Installing : kubelet-1.11.2-0.x86_64 5/7 Installing : kubeadm-1.11.2-0.x86_64 6/7 Installing : docker-ce-18.06.0.ce-3.el7.x86_64 7/7启动docker服务等
由于国内网络原因,kubernetes的镜像托管在google云上,无法直接下载,需要设置proxy
在 /usr/lib/systemd/system/docker.service 文件中添加如下两行
[root@master ~]# cat /usr/lib/systemd/system/docker.service |grep PROXY Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,192.168.18.0/24"
之后,启动docker
systemctl daemon-reload systemctl start docker systemctl enable docker确认proc的这两个参数如下,均为1:
[root@master ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 1 [root@master ~]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 1设置kubelet
查看kubelet安装生成了哪些文件
[root@master ~]# rpm -ql kubelet /etc/kubernetes/manifests # 清单目录 /etc/sysconfig/kubelet # 配置文件 /etc/systemd/system/kubelet.service # unit file /usr/bin/kubelet # 主程序
默认的配置文件
[root@master ~]# cat /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=
修改kubelet的配置文件
[root@master ~]# cat /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--fail-swap-on=false"
此时还无法正常启动kubelet,先设置kubelet开机自启动,使用如下命令: systemctl enable kubelet 。
kubeadm init在master节点上执行
kubeadm init --kubernetes-version=v1.11.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
kubeadm init的输出可见于此链接
此命令,下载了如下image
[root@master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy-amd64 v1.11.2 46a3cd725628 7 days ago 97.8MB k8s.gcr.io/kube-apiserver-amd64 v1.11.2 821507941e9c 7 days ago 187MB k8s.gcr.io/kube-controller-manager-amd64 v1.11.2 38521457c799 7 days ago 155MB k8s.gcr.io/kube-scheduler-amd64 v1.11.2 37a1403e6c1a 7 days ago 56.8MB k8s.gcr.io/coredns 1.1.3 b3b94275d97c 2 months ago 45.6MB k8s.gcr.io/etcd-amd64 3.2.18 b8df3b177be2 4 months ago 219MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 7 months ago 742kB
现在,正在运行的docker如下
[root@master ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1c03e043e6b7 46a3cd725628 "/usr/local/bin/kube?? 3 minutes ago Up 3 minutes k8s_kube-proxy_kube-proxy-6fgjm_kube-system_f85e8660-a090-11e8-8ee7-000c29f71e04_0 5f166bd11566 k8s.gcr.io/pause:3.1 "/pause" 3 minutes ago Up 3 minutes k8s_POD_kube-proxy-6fgjm_kube-system_f85e8660-a090-11e8-8ee7-000c29f71e04_0 0f306f98cc52 b8df3b177be2 "etcd --advertise-cl?? 3 minutes ago Up 3 minutes k8s_etcd_etcd-master_kube-system_2cc1c8a24b68ab9b46bca47e153e74c6_0 8f01317b9e20 37a1403e6c1a "kube-scheduler --ad?? 3 minutes ago Up 3 minutes k8s_kube-scheduler_kube-scheduler-master_kube-system_a00c35e56ebd0bdfcd77d53674a5d2a1_0 4e6a71ab20d3 821507941e9c "kube-apiserver --au?? 3 minutes ago Up 3 minutes k8s_kube-apiserver_kube-apiserver-master_kube-system_d25d40ebb427821464356bb27a38f487_0 69e4c5dae335 38521457c799 "kube-controller-man?? 3 minutes ago Up 3 minutes k8s_kube-controller-manager_kube-controller-manager-master_kube-system_6363f7ebf727b0b95d9a9ef72516a0e5_0 da5981dc546a k8s.gcr.io/pause:3.1 "/pause" 3 minutes ago Up 3 minutes k8s_POD_kube-controller-manager-master_kube-system_6363f7ebf727b0b95d9a9ef72516a0e5_0 b7a8fdc35029 k8s.gcr.io/pause:3.1 "/pause" 3 minutes ago Up 3 minutes k8s_POD_kube-apiserver-master_kube-system_d25d40ebb427821464356bb27a38f487_0 b09efc7ff7bd k8s.gcr.io/pause:3.1 "/pause" 3 minutes ago Up 3 minutes k8s_POD_kube-scheduler-master_kube-system_a00c35e56ebd0bdfcd77d53674a5d2a1_0 ab11d6ffadab k8s.gcr.io/pause:3.1 "/pause" 3 minutes ago Up 3 minutes k8s_POD_etcd-master_kube-system_2cc1c8a24b68ab9b46bca47e153e74c6_0
node节点可以通过如下命令加入集群 kubeadm join 192.168.18.128:6443 --token n84v6t.c7d83cn4mo2z8wyr --discovery-token-ca-cert-hash sha256:b946c145416fe1995e1d4d002c149e71a897acc7b106d94cee2920cb2c85ce29 。
在kubeadm init的输出中,提示我们需要以普通用户做如下操作,我此时用root执行
[root@master ~]# mkdir -p $HOME/.kube [root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
此时可以通过 kubelet get 获取各种资源信息。比如
[root@master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
此时的监听状态
[root@master ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:2379 *:* LISTEN 0 128 127.0.0.1:10251 *:* LISTEN 0 128 127.0.0.1:2380 *:* LISTEN 0 128 127.0.0.1:10252 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:33881 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 192.168.18.128:10010 *:* LISTEN 0 128 127.0.0.1:10248 *:* LISTEN 0 128 127.0.0.1:10249 *:* LISTEN 0 128 :::6443 :::* LISTEN 0 128 :::10256 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 :::10250 :::*
此时的节点状态
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady master 9m v1.11.2
状态为 NotReady , 需要部署 flannel,链接
部署flannel在文档中,找到如下命令,部署
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.extensions/kube-flannel-ds-amd64 created daemonset.extensions/kube-flannel-ds-arm64 created daemonset.extensions/kube-flannel-ds-arm created daemonset.extensions/kube-flannel-ds-ppc64le created daemonset.extensions/kube-flannel-ds-s390x created
按如下方法查看:
[root@master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-78fcdf6894-cv4gp 1/1 Running 0 13m coredns-78fcdf6894-wmd25 1/1 Running 0 13m etcd-master 1/1 Running 0 49s kube-apiserver-master 1/1 Running 0 49s kube-controller-manager-master 1/1 Running 0 48s kube-flannel-ds-amd64-r42wr 1/1 Running 0 2m kube-proxy-6fgjm 1/1 Running 0 13m kube-scheduler-master 1/1 Running 0 48s [root@master ~]# docker images |grep flannel quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 6 months ago 44.6MB [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 14m v1.11.2
此时master节点状态变为 Ready 。
在node节点上执行 kubeadm join 命令使用master节点执行 kubeadm init 命令的输出,在node上执行,使其加入集群。
[root@node01 ~]# kubeadm join 192.168.18.128:6443 --token n84v6t.c7d83cn4mo2z8wyr --discovery-token-ca-cert-hash sha256:b946c145416fe1995e1d4d002c149e71a897acc7b106d94cee2920cb2c85ce29 --ignore-preflight-errors=Swap
[preflight] running pre-flight checks
[WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh] or no builtin kernel ipvs support: map[ip_vs_sh:{} nf_conntrack_ipv4:{} ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{}]
you can solve this problem with following methods:
1. Run "modprobe -- " to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support
[WARNING Swap]: running with swap on is not supported. Please disable swap
I0815 22:02:30.751069 15460 kernel_validator.go:81] Validating kernel version
I0815 22:02:30.751145 15460 kernel_validator.go:96] Validating kernel config
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.06.0-ce. Max validated version: 17.03
[discovery] Trying to connect to API Server "192.168.18.128:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.18.128:6443"
[discovery] Requesting info from "https://192.168.18.128:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.18.128:6443"
[discovery] Successfully established connection with API Server "192.168.18.128:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.11" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "node01" as an annotation
This node has joined the cluster:
* Certificate signing request was sent to master and a response
was received.
* The Kubelet was informed of the new secure connection details.
Run "kubectl get nodes" on the master to see this node join the cluster.
在两个节点上,执行完毕上述命令后,在master上查看
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 23m v1.11.2 node01 Ready2m v1.11.2 node02 Ready 1m v1.11.2
部署成功。
部署完成后的观察 检查现在正在运行的pod[root@master ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE coredns-78fcdf6894-cv4gp 1/1 Running 0 28m 10.244.0.3 mastercoredns-78fcdf6894-wmd25 1/1 Running 0 28m 10.244.0.2 master etcd-master 1/1 Running 0 15m 192.168.18.128 master kube-apiserver-master 1/1 Running 0 15m 192.168.18.128 master kube-controller-manager-master 1/1 Running 0 15m 192.168.18.128 master kube-flannel-ds-amd64-48rvq 1/1 Running 3 6m 192.168.18.130 node02 kube-flannel-ds-amd64-7dw42 1/1 Running 3 7m 192.168.18.129 node01 kube-flannel-ds-amd64-r42wr 1/1 Running 0 16m 192.168.18.128 master kube-proxy-6fgjm 1/1 Running 0 28m 192.168.18.128 master kube-proxy-6mngv 1/1 Running 0 7m 192.168.18.129 node01 kube-proxy-9sh2n 1/1 Running 0 6m 192.168.18.130 node02 kube-scheduler-master 1/1 Running 0 15m 192.168.18.128 master
可以发现:
kube-apiserver, kube-scheduler, kube-controller,etcd-master运行在master上,
kube-flannel在三个节点上均有运行
kube-proxy 在三个节点均有运行
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/32702.html
摘要:所以,选择把运行直接运行在宿主机中,使用容器部署其他组件。独立部署方式所需机器资源多按照集群的奇数原则,这种拓扑的集群关控制平面最少就要台宿主机了。 在上篇文章minikube部署中,有提到Minikube部署Kubernetes的核心就是Kubeadm,这篇文章来详细说明下Kubeadm原理及部署步骤。写这篇文章的时候,Kubernetes1.14刚刚发布,所以部署步骤以1.14版为...
摘要:所以,选择把运行直接运行在宿主机中,使用容器部署其他组件。独立部署方式所需机器资源多按照集群的奇数原则,这种拓扑的集群关控制平面最少就要台宿主机了。 在上篇文章minikube部署中,有提到Minikube部署Kubernetes的核心就是Kubeadm,这篇文章来详细说明下Kubeadm原理及部署步骤。写这篇文章的时候,Kubernetes1.14刚刚发布,所以部署步骤以1.14版为...
摘要:上一章中,我们用去搭建单机集群,并且创建在三章中讲解,本篇将介绍利用部署多节点集群,并学会安装以及使用的命令行工具,快速创建集群实例,完成部署应用的实践。上一章中,我们用 minikube 去搭建单机集群,并且创建 Deployment、Service(在三章中讲解),本篇将介绍利用 kubeadm 部署多节点集群,并学会 安装以及使用 kubernetes 的命令行工具,快速创建集群实例,...
kubeadm介绍kubeadm概述Kubeadm 是一个工具,它提供了 kubeadm init 以及 kubeadm join 这两个命令作为快速创建 kubernetes 集群的最佳实践。 kubeadm 通过执行必要的操作来启动和运行一个最小可用的集群。kubeadm 只关心启动集群,而不关心其他工作,如部署前的节点准备工作、安装各种Kubernetes Dashboard、监控解决方案...
摘要:代表的解决方案为。虽然官网列出的部署方式很多,但也不用被这么多种部署方式搞糊涂了。虽然只是一条命令,但其实执行了很多步骤命令执行后输出如下可以看到,主要做了这些事创建了名为的虚拟机,并在虚拟机中安装了容器运行时。 综述 Kubernetes集群的组件众多,要部署一套符合生产环境的集群不是一件容易的事。好在随着社区的快速发展,特别是在它成为事实上的容器编排标准以后,基本所有的主流云平台都...
摘要:代表的解决方案为。虽然官网列出的部署方式很多,但也不用被这么多种部署方式搞糊涂了。虽然只是一条命令,但其实执行了很多步骤命令执行后输出如下可以看到,主要做了这些事创建了名为的虚拟机,并在虚拟机中安装了容器运行时。 综述 Kubernetes集群的组件众多,要部署一套符合生产环境的集群不是一件容易的事。好在随着社区的快速发展,特别是在它成为事实上的容器编排标准以后,基本所有的主流云平台都...
阅读 572·2021-08-17 10:15
阅读 1690·2021-07-30 14:57
阅读 1951·2019-08-30 15:55
阅读 2799·2019-08-30 15:55
阅读 2679·2019-08-30 15:44
阅读 642·2019-08-30 14:13
阅读 2349·2019-08-30 13:55
阅读 2572·2019-08-26 13:56
