一、准备工作
systemctl disable firewalld
systemctl stop firewalld
sed -i s'/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
cat /etc/hosts
192.168.11.10 master
yum -y update && reboot
vi /etc/yum.repos.d/virt7-docker-common-release.repo
[virt7-docker-common-release]
name=virt7-docker-common-release
baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/
gpgcheck=0
yum install -y --enablerepo=virt7-docker-common-release etcd kubernetes ntp flannel
二、配置etcd
[root@bogon ~]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_NAME=k8s
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
启动etcd
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd.service
查看服务状态
systemctl status -l etcd
etcd服务检查
[root@bogon ~]# etcdctl cluster-health
[root@bogon ~]# etcdctl member list
etcd网络配置
etcdctl set /k8s/network/config '{"Network": "10.255.0.0/16"}'
etcdctl get /k8s/network/config
三、Master节点部署
配置kubernetes system config
[root@bogon ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.11.10:8080"
配置kuber-apiserver启动参数
[root@bogon ~]#grep -v '^#' /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_API_ARGS=""
启动kube-api-servers服务
systemctl daemon-reload
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
验证服务
http://192.168.11.10:8080/healthz
部署kube-controller-manager服务
[root@bogon ~]# cat /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS=""
启动kube-controller-manager
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
部署kube-scheduler服务
[root@bogon ~]# cat /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS=""
启动kube-scheduler服务
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl start kube-scheduler
master节点部署
[root@bogon ~]# grep -v '^#' /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.11.10:2379"
FLANNEL_ETCD_PREFIX="/k8s/network"
启动flannel
systemctl daemon-reload
systemctl enable flanneld.service
systemctl start flanneld.service
注意启动flannel前要关闭docker这样flannel才会覆盖docker0网桥
flanneld服务启动后就会根据etcd里面配置划分子网了,划分子网是给docker使用的,docker想使用还得折腾一翻,其实就是想办法把几个重要变量传过去,使docker启动时能够使用
注意启动docker前要使某些变量生效,需要:
source /run/flannel/docker
source /run/flannel/subnet.env
配置master kube-proxy
[root@bogon ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.11.10:8080"
[root@bogon ~]# grep -v '^#' /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
配置master kubelet
[root@bogon ~]# grep -v '^#' /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=master"
KUBELET_API_SERVER="--api-servers=http://192.168.11.10:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
systemctl daemon-reload
systemctl enable kube-proxy.service
systemctl start kube-proxy.service
systemctl daemon-reload
systemctl enable kubelet.service
systemctl start kubelet.service
测试集群
[root@bogon ~]# kubectl get nodes
NAME STATUS AGE
master Ready 1h
下载镜像
[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/gdk/registry
[root@bogon ~]# docker pull registry.cn-hangzhou.aliyuncs.com/pengg/centos
docker pull registry.cn-hangzhou.aliyuncs.com/qinyujia-test/mysql
docker pull registry.cn-hangzhou.aliyuncs.com/andymo/nginx
docker pull registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
查看镜像
[root@bogon ~]# docker images
打标签
[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/gdk/registry:latest 192.168.11.10:5000/registry:latest
[root@bogon ~]# docker tag registry.cn-hangzhou.aliyuncs.com/pengg/centos:latest 192.168.11.10:5000/v1/centos:latest
[root@master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:latest 192.168.11.10:5000/v1/kubernetes-dashboard-amd64:latest
搭建registry私有仓库
由于私有服务中使用为http协议,所以需要将私有服务器添加到“不安全”服务器列表:
[root@bogon ~]# vi /etc/sysconfig/docker
INSECURE_REGISTRY='--insecure-registry 192.168.11.10:5000'
重启docker
[root@bogon ~]# systemctl stop docker
[root@bogon ~]# systemctl start docker
启动仓库
[root@bogon ~]# docker run --name registry_joy -d -p 5000:5000 192.168.11.10:5000/registry:latest
上传镜像到仓库
[root@master ~]# docker push 192.168.11.10:5000/v1/centos
搭建kubernetes-dashboard
[root@master ~]# vi kubernetes.yaml
启动kubernetes-dashboard
[root@master ~]# kubectl create -f kubernetes.yaml
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
查看
[root@master ~]# kubectl get deployment --all-namespaces
kubectl get svc --all-namespaces
kubectl get pod -o wide --all-namespaces
删除
kubectl delete svc kubernetes-dashboard --namespace=kube-system
kubectl delete deployment kubernetes-dashboard --namespace=kube-system