将新创建的两个虚拟机一个定为Master节点一个定为Slave节点
对于Master,需要安装以下组件
- docker
- etcd
- flannel
- kube-apiserver
- kube-scheduler
- kube-controller-manager
Slave节点需要安装以下东西
- docker
- flannel
- kubelet
- kube-proxy
接下来准备环境
1.先设置master节点和所有slave节点的主机名
master上执行:
hostnamectl --static set-hostname k8s-master
slave上执行这个
hostnamectl --static set-hostname k8s-node-1
2.修改master和slave上的hosts
在master和slave的/etc/hosts文件中均加入以下内容:(需要注意的是前三个ip地址为master节点的,后一个为slave节点的)
192.168.220.130 k8s-master
192.168.220.130 etcd
192.168.220.130 registry
192.168.220.131 k8s-node-1
3.关闭master和slave上的防火墙
systemctl disable firewalld.service
systemctl stop firewalld.service
部署Master节点
下面按顺序安装
1. etcd安装
- 安装命令:yum install etcd -y
- 编辑etcd的默认配置文件/etc/etcd/etcd.conf
需要注意的一点到了,正常安装完毕的文件中是少一行的。这里需要对照以下的增加一行
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
以下是这个文件打开的样子
# [member]
ETCD_NAME=master
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://etcd:2379,http://etcd:4001"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_STRICT_RECONFIG_CHECK="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#ETCD_ENABLE_V2="true"
#
#[proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
#
#[logging]
#ETCD_DEBUG="false"
# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
#ETCD_LOG_PACKAGE_LEVELS=""
#
#[profiling]
#ETCD_ENABLE_PPROF="false"
#ETCD_METRICS="basic"
#
#[auth]
#ETCD_AUTH_TOKEN="simple"
注意,凡是带#开头的都是一样注释,不用看。只需要关注不带#开头的,你就会发现哪里少了这一行,加上去即可。
- 启动etcd并验证
systemctl start etcd // 启动etcd服务
- 再获取etcd的健康指标看看:
etcdctl -C http://etcd:2379 cluster-health
etcdctl -C http://etcd:4001 cluster-health
2.flannel安装
- 安装命令
yum install flannel
- 配置etcd中关于flanner的key
etcdctl mk /atomic.io/network/config '{ "Network": "10.0.0.0/16" }'
*启动flannel并设置开机自启
systemctl start flanneld.service
systemctl enable flanneld.service
3.docker安装
- 安装命令:yum install docker -y
- 开启docker服务:service docker start
- 设置docker开启自启动:chkconfig docker on
在Docker的启动过程中又会遇到很多的坑。查很多还查不到解决办法,下边我来详细的说明一下这里
当敲完安装命令后,Docker将会自动安装,但是当你开启docker服务时候,总是报下边的这个错误:
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
当你按照指令查看详细信息后,将显示如下:
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/docker.service.d
└─flannel.conf
Active: failed (Result: exit-code) since Mon 2018-04-09 05:16:59 UTC; 7s ago
Docs: http://docs.docker.com
Process: 5432 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 5432 (code=exited, status=1/FAILURE)
Apr 09 05:16:57 k8s-master systemd[1]: Starting Docker Application Container Engine...
Apr 09 05:16:57 k8s-master dockerd-current[5432]: time="2018-04-09T05:16:57.871443907Z" level=warning msg="could not change group /var/run/docker.sock to...ot found"
Apr 09 05:16:57 k8s-master dockerd-current[5432]: time="2018-04-09T05:16:57.880566995Z" level=info msg="libcontainerd: new containerd process, pid: 5437"
Apr 09 05:16:59 k8s-master dockerd-current[5432]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either b...ed=false)
Apr 09 05:16:59 k8s-master systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Apr 09 05:16:59 k8s-master systemd[1]: Failed to start Docker Application Container Engine.
Apr 09 05:16:59 k8s-master systemd[1]: Unit docker.service entered failed state.
Apr 09 05:16:59 k8s-master systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
这个错误信息很明显写的是 Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either b...ed=false
意思是说:此linux的内核中的SELinux不支持 overlay2 graph driver ,解决方法有两个,要么启动一个新内核,要么就在docker里禁用selinux,–selinux-enabled=false
但是你查很多都解决不了,这里直接给出最佳解决方案,就是重新编辑docker配置文件:
# vi /etc/sysconfig/docker
*****将其中的selinux-enabled 改为selinux-enabled=false就可以了
。对照下边就是第三行的内容
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
#
# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
~
当修改之后,使用命令# systemctl start docker
即可运行Docker. 上文提到的service docker start
,这个一般是在Ubuntu系统中使用的,但是在CenterOs中也可以使用,但是建议用 systemctl 。
至此,Docker就可以运行起来了。
。。。待续。