kubernetes/docker私库/kubernetes-dashboard
经历了一天半,终于搞完了,写个文章记录一下关键步骤中遇到的错误:
感谢@破小孩儿制作的kubernetes集群搭建教程,在他的基础上做的,踩了很多坑终于搞定。后面点出一些坑的位置,方面后面有人遇到。
感谢@harris135 帮助解决的UI跳转失败问题。
感谢GitHub、stackflow、Google、Baidu
我实在Windows10 VMware WorkStaion 14 上搭建的虚拟机来模拟的kubernetes集群
下面介绍一下机器分部:
192.168.134.111 k8s-master
192.168.134.135 k8s-minion-0
192.168.134.55 k8s-minion-1
192.168.134.138 k8s-docker
一个master两个minion和一个docker私库
下面介绍一下几大步骤
- 一台yum 更新后的centos7虚拟机
- 配置kubernetes Master
- 配置kubernetes Minion0
- 配置docker私库
- 整体调试解决问题
- 大功告成
一台yum 更新后的centos7虚拟机
- 准备一台centos7镜像,可以从阿里云下载,最小型的就行。
- firewall-cmd –zone=public –add-port=0-65535/tcp –permanent #防火墙永久开放所有端口
- firewall-cmd –reload #防火墙永久开放所有端口
- yum install rhsm -y #防止pod-infrastructure:latest镜像下载失败【image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest】
- 此时基础镜像已经完成,将此镜像通过VMwareWorkStation进行虚拟机管理克隆出三台机器,总共四台机器分别命名为:master minion0 minion1 docker (第一台机器就是master)
- 根据四台机器的IP地址制作hosts
【
xxx.xxx.xxx.xxx k8s-master
xxx.xxx.xxx.xxx k8s-minion-0
xxx.xxx.xxx.xxx k8s-minion-1
xxx.xxx.xxx.xxx k8s-docker
】 - vim /etc/hosts
- 将这四个hosts配置插入到到master minion0 minion1 docker 这四台机器上的/etc/hosts 文件末尾 并
- service network restart
配置kubernetes Master
- yum -y install etcd docker kubernetes flannel #制作过程中发现master没有flannel会出问题,所以添加上
- 对etcd进行配置,编辑/etc/etcd/etcd.conf,内容如下:
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
- 对Master节点上的Kubernetes进行配置,编辑配置文件/etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://k8s-master:8080"
- 编辑配置文件/etc/kubernetes/apiserver
KUBE_API_ADDRESS="--address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
KUBE_API_ARGS=""
- 制作master启动脚本 vim kubernetes_master.sh 编辑如下内容
for SERVICES in etcd docker kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
sh kubernetes_master.sh
在etcd里定义flannel网络配置:
etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16"}'#mk 用来创建一个配置
配置kubernetes Minion
- yum -y install flannel docker kubernetes
- 对flannel进行配置,编辑/etc/etcd/etcd.conf,内容如下:
FLANNEL_ETCD="http://k8s-master:2379"
FLANNEL_ETCD_KEY="/atomic.io/network"
- 配置/etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://k8s-master:8080"
- 配置 k8s-minion-0 /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=k8s-minion-0"
KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
- 配置 k8s-minion-1 /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=k8s-minion-1"
KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
- 制作启动脚本 vim kubernetes_monion.sh
for SERVICES in kube-proxy kubelet docker flanneld; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
- sh kubernetes_monion.sh #将两个minion的配置也启动起来
配置docker私库
- 编辑 /etc/pki/tls/openssl.cnf
[ v3_ca ]
subjectAltName = IP:192.168.169.125 #这行是添加
- mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
- yum -y install docker
- mkdir -p /etc/docker/certs.d/k8s-docker:5000
- cp certs/domain.crt /etc/docker/certs.d/k8s-docker:5000/ca.crt
- systemctl restart docker
- docker run -d -p 5000:5000 –restart=always –name registry -v
pwd
/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:latest
将证书发布到几个节点机器上
- mkdir -p /etc/docker/certs.d/k8s-docker:5000
- scp root@k8s-docker:~/certs/domain.crt /etc/docker/certs.d/k8s-docker:5000/ca.crt
- systemctl restart docker
根据网友建议从docker.io/mritd/kubernetes-dashboard-amd64拉去UI - docker pull docker.io/mritd/kubernetes-dashboard-amd64
- docker tag 75f167b703e6 k8s-docker:5000/kubernetes-dashboard-amd64
- docker push k8s-docker:5000/kubernetes-dashboard-amd64
生成一个kubernetes-dashboard.yaml文件
kind: Deployment
apiVersion: extensions/v1
metadata:
labels:
app: kubernetes-dashboard
version:
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s-docker:5000/kubernetes-dashboard-amd64
imagePullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
- --apiserver-host=k8s-master:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
- kubectl create -f kubernetes-dashboard.yaml
在master机器上 使用 http://k8s-master:8080/ui/ 访问kubernetes-dashboard
补充
以下有些命令你可能用的到
- kubectl get nodes #查看
- kubelctl delete -f kubernetes-dashboard.yaml #删除
- kubelctl create -f kubernetes-dashboard.yaml #创建
- kubectl get pods –all-namespaces #查看
- kubectl describe pods –namespace=kube-system #查看具体情况
- kubectl logs pods –namespace=kube-system #查看运行日志