kubernetes 環境搭建
一.規劃
1.系統
centos 7
2.ip規劃及功能分配
192.168.2.24 master
192.168.2.24 etcd
192.168.2.25 node1(即minion)
192.168.2.26 node2(即minion)
二.基本環境配置
1.關閉防火牆
#systemctl stop firewalld.service
#systemctl disable firewalld.service
2.永久關閉SELinux
#vi /etc/selinux/config
SELINUX=disabled
3.重啟
#reboot
4.安裝NTP
為了讓各個伺服器的時間保持一致,還需要為所有的伺服器安裝NTP:
# yum -y install ntp
# systemctl start ntpd
# systemctl enable ntpd
三.Master配置及安裝相應軟體
1.安裝和配置etcd
etcd是KV儲存系統,用於叢集的共享配置和服務發現
1.1 安裝:
#yum install etcd
1.2 修改etcd配置檔案
修改/etc/etcd/etcd.conf中的部分屬性
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://etcd:2379"
PS:其中etcd表示etcd伺服器主機名
1.3 執行etcd並配置開機啟動
#systemctl start etcd
#systemctl enable etcd
1.4 etcd中的網路配置
etcdctl -C //192.168.2.24:2379 set /atomic.io/network/config '{"Network":"172.17.0.0/16"}'
PS:其中網路號172.17.0.0/16與docker中的docker0網路一致(若不一致,可修改docker0網路或者配置上述etcd網路);atomic.io與下面的Flannel配置中的FLANNEL_ETCD_PREFIX對應
2.安裝和配置kubernetes-master
2.1 安裝
#yum install kubernetes-master
2.2 配置apiserver
#vi /etc/kubernetes/apiserver
-------------------
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://etcd:2379"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
------------------
PS:
測試時需要把KUBE_ADMISSION_CONTROL中的SecurityContextDeny和ServiceAccount去掉,這是許可權相關的
否則會出現錯誤retry after the token is automatically created and added to the service account
2.3 配置全域性配置檔案
#vi /etc/kubernetes/config
----------------------
KUBE_MASTER="--master=http://master:8080"
----------------------
2.4 啟動master服務及開機啟動
#systemctl enable kube-apiserver kube-scheduler kube-controller-manager
#systemctl start kube-apiserver kube-scheduler kube-controller-manager
2.5 測試master服務
#curl master:8080
返回如下資料:
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/apps",
"/apis/apps/v1beta1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v2alpha1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1alpha1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/ping",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/extensions/third-party-resources",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/logs",
"/metrics",
"/swaggerapi/",
"/ui/",
"/version"
]
}
四.node(minion)安裝及配置
1.安裝docker
#yum install docker
2.安裝及配置flannel
flannel:網路規劃工具,統一分配叢集Docker容器的虛擬IP,並實現服務之間通訊
2.1 安裝
#yum install flannel
2.2 配置
#vi /etc/sysconfig/flanneld
--------------------
FLANNEL_ETCD_ENDPOINTS="http://etcd:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
--------------------
3.安裝和配置kubernetes-node
3.1 安裝kubernetes-node
#yum install kubernetes-node
3.2 配置
#vi /etc/kubernetes/kubelet
--------------------
KUBELET_HOSTNAME="--hostname-override=node1"
KUBELET_API_SERVER="--api-servers=http://master:8080"
---------------------
PS:
node1 為規劃的節點上的區域網ip
3.3 配置開機啟動並啟動服務
#systemctl enable kubelet kube-proxy
#systemctl start kubelet kube-proxy
五.master上檢視節點:
#kubectl get nodes
如出現:
No resources found.
請檢視master和node上的firewalld是否關閉,selinux是否關閉
正常應該出現:
NAME STATUS AGE
node1 Ready 1m
node2 Ready 1m