前序
Kubernetes(k8s)介绍
Kubernetes是一门基于go语言开发的容器编排的技术。容器编排技术有哪些?Docker Swarm、Google Kubernetes以及docker自身单机版本的docker-compose各有千秋,自行百度每个软件的区别。
Kubernetes目前是使用最为广泛的容器编排软件,甚至可以说Kubernetes与docker相辅相成。
Kubernetes必须基于docker,相对的Kubernetes实现了docker容器的生死自动化。
各大主流公司如谷歌、阿里等都有自己的Kubernetes架构。
对于Kubernetes于其他容器编排技术之间的区分,这里有一片很棒的:
链接:https://blog.csdn.net/gui951753/article/details/81543545
本篇文章转自网易云架构师刘超的个人公众号,刘超的通俗云计算。
环境
docker version:18.09.3
k8s version:1.15.2
pause:3.1
etcd:3.3.10
coredns:1.3.1
CentOS Linux release 7.5.1804 (Core)
本教程在现有docker的宿主机上部署k8s,在此情况下需要先期对k8s对应支持的docker版本搞清,并相应选择能够支持的k8s版本。
环境准备
关闭防火墙
实验环境直接掐了
systemctl stop firewalld.service #停止firewall
systemctl status firewalld.service #firewall状态
禁用SELINUX
vim /etc/selinux/config
将selinux禁用 SELINUX=disabled
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=disabled
8 # SELINUXTYPE= can take one of three values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted
13
14
k8s网络配置文件
创建k8s.conf,vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
然后执行配置生效
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
关于ipvs的转换
其实使用iptables -nvL测试iptables filter表中FOWARD链就可以了,docker 18.06之后均无需管
SWAP
k8s在设计上是要求关闭swap的,这样做能提高性能,但是鉴于大部分服务器都在跑着其他的服务,且实验用的服务器其实在性能上并不需要这样,还要保证容错率,不建议暴力关闭swap,选择k8s启动参数里面让系统忽略过这一步。
搜索10-kubeadm.conf,一般有两种路径
/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
加入Environment=“KUBELET_EXTRA_ARGS=–fail-swap-on=false”
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
然后应用改动
systemctl daemon-reload
安装kubeadm和kubelet
我们这一步直接使用阿里云的资源yum安装 kubelet kubeadm kubectl
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
注意先确定自己需要什么版本的k8s
yum list kubeadm --showduplicates | sort -r
这里我们选择版本v1.15.2
yum install kubeadm-1.15.2-0.x86_64 kubelet-1.15.2-0.x86_64 kubectl-1.15.2-0.x86_64
安装完成之后直接启动即可
/bin/systemctl start kubelet
正常的话,直接执行就成功了,可以通过kubelet --version验证
kubelet --version
如果出现以下错误的话,考虑reload设置
搜索10-kubeadm.conf,一般有两种路径
/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
加入Environment=“KUBELET_EXTRA_ARGS=–fail-swap-on=false”
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
然后应用改动
systemctl daemon-reload
这时候再去/bin/systemctl start kubelet即可
镜像准备
由于k8s由谷歌开源,有条件可以科学上网下载。
另可使用阿里开源镜像资源。
首先我们下载相关的镜像资源并重命名备用
#!/bin/bash
#k8s-pull-aliyun.sh
#docker version:18.09.3
kube_v=v1.15.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$kube_v
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$kube_v
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$kube_v
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$kube_v
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$kube_v k8s.gcr.io/kube-apiserver:$kube_v
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$kube_v k8s.gcr.io/kube-controller-manager:$kube_v
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$kube_v k8s.gcr.io/kube-scheduler:$kube_v
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$kube_v k8s.gcr.io/kube-proxy:$kube_v
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
另附删除脚本
#!/bin/bash
#k8s-rmi-aliyun.sh
#docker version:18.09.3
kube_v=v1.15.2
docker rmi k8s.gcr.io/kube-apiserver:$kube_v
docker rmi k8s.gcr.io/kube-controller-manager:$kube_v
docker rmi k8s.gcr.io/kube-scheduler:$kube_v
docker rmi k8s.gcr.io/kube-proxy:$kube_v
docker rmi k8s.gcr.io/pause:3.1
docker rmi k8s.gcr.io/etcd:3.3.10
docker rmi k8s.gcr.io/coredns:1.3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$kube_v
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$kube_v
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$kube_v
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$kube_v
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1
注意查看脚本是否下载完全所有镜像,小心没下载全把自己坑到,会出现部分服务未running或errimage的状况
至此我们已经完成了准备工序
master节点初始化
这边我们直接给出master节点初始化命令:
1 #!/bin/bash
2 #docker version:18.09.3
3 #k8s version:1.15.2
4
5 #make sure your k8s images are downloaded in this PC
6 #the swap is ignored do not make it down
7 kubeadm init \
8 --apiserver-advertise-address=10.19.155.206 \ #本机的地址
9 --kubernetes-version v1.15.2 \ #k8s版本
10 --pod-network-cidr=10.244.0.0/16 \ #master节点的pod子网
11 --ignore-preflight-errors=Swap #初始化时忽略swap未关闭的错误
因为我们选择了不关闭swap就启动k8s,直接初始化会报错error未关闭swap,所以需要关闭相关错误报警
未完