k8s環境搭建--基於kubeadm方法
阿新 • • 發佈:2018-11-30
環境
master node: 數量 1, 系統 ubuntu 16.04_x64
worker node: 數量 1, 系統 ubuntu 16.04_x64
部署kubernetes(master node)
以下操作在master node 上執行
關閉selinux、開啟ipv6
sudo bash selinux_ipv6.sh- 下載k8s.io映象:
如上表所示的映象都是我們所需要的,但是由於網路環境的限制導致我們無法直接從gcr.io的源地址拉去映象,只能在本地事先下載好所需要的映象,執行以下指令碼程式碼即可:
#!/bin/sh TAG=v1.10.7 ETCD_TAG=3.1.12 PAUSE_TAG=3.1 DNS_TAG=1.14.8 REMOTE_RPO=luckydogchian LOCAL_RPO=registry.domain.com LOCAL=k8s.gcr.io API_SERVER=kube-apiserver-amd64:${TAG} MANAGER=kube-controller-manager-amd64:${TAG} ETCD=etcd-amd64:${ETCD_TAG} SCHEDULER=kube-scheduler-amd64:${TAG} PROXY=kube-proxy-amd64:${TAG} PAUSE=pause-amd64:${PAUSE_TAG} DNS=k8s-dns-kube-dns-amd64:${DNS_TAG} SIDECAR=k8s-dns-sidecar-amd64:${DNS_TAG} DNSMASQ=k8s-dns-dnsmasq-nanny-amd64:${DNS_TAG} # 從遠端倉庫下載並推送到本地倉庫 for i in $API_SERVER $MANAGER $SCHEDULER $ETCD $PROXY $DNS $DNSMASQ $SIDECAR $PAUSE; do echo $i docker pull ${REMOTE_RPO}/${i} # docker tag ${REMOTE_RPO}/${i} ${LOCAL_RPO}/${i} docker tag ${REMOTE_RPO}/${i} ${LOCAL}/${i} #docker push ${LOCAL_RPO}/${i} done
下載kubeadm、kubelete和kubectl,解壓縮複製到/usr/local/bin目錄下,下載地址為: kubeadm、kubectl、kubelet.
安裝kubelet 服務
初始化 kubernetes 服務
KUBE_REPO_PREFIX="registry.domain.com" kubeadm init --kubernetes-version=v1.10.7 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=0.0.0.0 --ignore-preflight-errors='Swap'顯示結果如下:
Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 192.168.1.185:6443 --token ow8gkw.yltjigl52r7q3jlq --discovery-token-ca-cert-hash sha256:aa2e50c49a35bcf65edfcf6081159adbf27d7d5a09707d584636a9ab4e1e7b3c按照上面顯示的指示,copy kube-config:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config檢視當前節點狀態:
kubectl get nodes顯示結果如下:
NAME STATUS ROLES AGE VERSION whty0-to-be-filled-by-o-e-m NotReady master 2h v1.10.7之所以沒有處於Ready狀態,是因為我們還沒有配置 可以使得kubernetes節點之間互相通訊的網路外掛.
新增worker節點(worker node)
通過kueadm上面顯示的token就可以,引導其他節點加入到k8s叢集。
關閉selinux、開啟ipv6
sudo bash selinex_ipv6.sh下載k8s.io映象
安裝kubelte 服務
引導worker node 加入叢集:
sudo kubeadm join 192.168.1.185:6443 --token ow8gkw.yltjigl52r7q3jlq --discovery-token-ca-cert-hash sha256:aa2e50c49a35bcf65edfcf6081159adbf27d7d5a09707d584636a9ab4e1e7b3c --ignore-preflight-errors='swap' --ignore-preflight-errors='cri'這裡所傳入的token就是在master節點上初始化時最後顯示的token,需要注意的是token是具有有效期的,在有效期過後需要重新發放token。
顯示結果如下:[preflight] Running pre-flight checks. [WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.06.1-ce. Max validated version: 17.03 [WARNING CRI]: unable to check if the container runtime at "/var/run/dockershim.sock" is running: exit status 1 [WARNING Swap]: running with swap on is not supported. Please disable swap [discovery] Trying to connect to API Server "192.168.1.185:6443" [discovery] Created cluster-info discovery client, requesting info from "https://192.168.1.185:6443" [discovery] Requesting info from "https://192.168.1.185:6443" again to validate TLS against the pinned public key [discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.1.185:6443" [discovery] Successfully established connection with API Server "192.168.1.185:6443"
安裝跨主機網路外掛
想要在叢集中部署的容器可以跨節點互相通訊則需要安裝網路外掛,我們這裡通過安裝網路外掛容器的方式來部署, 所使用的是cni網路外掛:
kubectl apply -f ./rbac-kdd.yaml
kubectl apply -f ./calico.yaml這裡需要提醒大家的是,我們在calico.yaml中有如下配置:
# Auto-detect the BGP IP address.
# value: "autodetect"
- name: IP
value: "autodetect"
- name: IP_AUTODETECTION_METHOD
value: interface=enp1s.*,wlx.*
- name: FELIX_HEALTHENABLED
value: "true" IP:autodetect 指定了cni外掛自動去識別主機的地址,IP_AUTODETECTION_METHOD:interface=enp1s.*,wlx.* 則指定了主機的物理網絡卡名稱(enp1s是有線網絡卡的字首、wlx是無線網絡卡字首),支援萬用字元的方式來匹配,所以我們在安裝的時候需要注意本地物理網絡卡的名稱自己進行適當的修改。
部署成功後我們可以檢視當前線上節點:
NAME STATUS ROLES AGE VERSION
whty0-to-be-filled-by-o-e-m Ready master 2h v1.10.7
whtyhust-to-be-filled-by-o-e-m Ready <none> 1h v1.10.7允許在master node 上建立資源(Optional)
在master node 上執行
kubectl taint nodes --all node-role.kubernetes.io/master-顯示結果如下:
taint "node-role.kubernetes.io/master:" not found
taint "node-role.kubernetes.io/master:" not found執行以上命令後,在部署 k8s資源時 master node會像 worker node一樣被對待,否則預設不會在master節點上部署 k8s 資源