部署前环境准备 计算机集群(centos) 10.0.100.202 master 10.0.100.203 node1 10.0.100.204 node2 集群网络连通 必要端口可用(查看端口:netstat -lntup) docker已安装(注意:docker版本和k8s版本相适应)修改主机名: 设置hostname为k8s-master hostnamectl --static set-hostname k8s-master sysctl kernel.hostname=k8s-master (也可以使用nmtui命令修改主机名) 添加集群dn配置 /etc/hosts 192.168.0.145 cc00 192.168.0.239 cc01 192.168.0.240 cc02 192.168.0.241 cc03操作系统配置优化(参考:http://blog.gcalls.cn/blog/2017/09/Kubeadm%E9%9B%86%E7%BE%A4%E6%90%AD%E5%BB%BA.html) setenforce 0 systemctl disable firewalld systemctl stop firewalld 关闭Selinux /etc/selinux/config SELINUX=disabled 网桥配置 /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 sysctl -p环境清理(重新搭建前清理)kubeadm resetrm -rf /etc/kubernetes/manifests /etc/kubernetes/pki /var/lib/kubelet /etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /var/lib/cni /run/flannel /etc/cnikubectl drain--delete-local-data --force --ignore-daemonsetskubectl delete node docker stop $(docker ps -a)docker rm $(docker ps -a -q)安装/启动组件以及相关辅助软件yum安装socat/docker-engine/docker/docker-engine-selinux kubeadm/kubelet/kubectl/kubernetes-cni(注意版本需要相互匹配)启动/重启docker/kubelet服务 systemctl daemon-reload systemctl enable docker systemctl start docker systemctl restart docker systemctl status docker获取k8s核心组件镜像docker pull gcr.io/google_containers/kube-proxy-amd64:v1.7.5docker pull gcr.io/google_containers/kube-apiserver-amd64:v1.7.5docker pull gcr.io/google_containers/kube-controller-manager-amd64:v1.7.5docker pull gcr.io/google_containers/kube-scheduler-amd64:v1.7.5docker pull gcr.io/google_containers/etcd-amd64:3.0.17docker pull gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.1docker pull gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1docker pull gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.1docker pull gcr.io/google_containers/pause-amd64:3.0flanneldashboard注: 1、版本与kubeadm一致、 2、kubeadm init时,会去执行/etc/kubernetes/manifests下的yaml[其中指定了引用的镜像]部署etcd集群(分别在node1/node2/node3上)docker run -d --hostname $(uname -n) --name etcd -p 2380:2380 -p 2379:2379 \--restart always [container_id] \etcd --name [etcd-i-name/infra-i] --initial-advertise-peer-urls http://[node-i-ip]:2380 \--listen-peer-urls http://0.0.0.0:2380 \--listen-client-urls http://0.0.0.0:2379 \--advertise-client-urls http://[node-i-ip]:2379 \--initial-cluster-token etcd-cluster-1 \--initial-cluster infra0=http://[node-i-ip]:2380 \--initial-cluster-state new关闭网络:unset http_proxyunset https_proxysystemctl daemon-reloadsystemctl enable docker && systemctl restart dockersystemctl enable kubelet && systemctl restart kubeletkubeadm相关配置文件说明/etc/kubernetes├── admin.conf├── controller-manager.conf├── kubelet.conf├── manifests│ ├── kube-apiserver.yaml│ ├── kube-controller-manager.yaml│ └── kube-scheduler.yaml├── pki│ ├── apiserver.crt│ ├── apiserver.key│ ├── apiserver-kubelet-client.crt│ ├── apiserver-kubelet-client.key│ ├── ca.crt│ ├── ca.key│ ├── front-proxy-ca.crt│ ├── front-proxy-ca.key│ ├── front-proxy-client.crt│ ├── front-proxy-client.key│ ├── sa.key│ └── sa.pub└── scheduler.confkube初始化kubeadm init --apiserver-advertise-address=[master-ip] --kubernetes-version=v1.6.7 --pod-network-cidr=172.18.0.0/16 --config=kubeadm-config.yaml --skip-preflight-checkskubeadm-config.yaml(参考官网安装yaml说明) apiVersion: kubeadm.k8s.io/v1alpha1 kind: MasterConfiguration api: advertiseAddress: [master-ip] networking: podSubnet: 172.18.0.0/16 etcd: endpoints: - http://[master-ip]:2379 kubernetesVersion: v1.6.7docker ps查看container启动情况join子节点获取tokenkubeadm token listkubeadm join --token [token] 192.168.0.145:6443配置kubectl认证信息# 非root用户mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config # root用户export KUBECONFIG=/etc/kubernetes/admin.conf开启主节点部署pod能力 kubectl taint nodes --all node-role.kubernetes.io/master- kubectl label nodes cc00 node-role.kubernetes.io/master=cc00 --overwrite查看master部署情况:kubectl versionkubectl get nodes --show-labelskubectl describe nodes kubectl get pod -o wide --all-namespaceskubectl get service --all-namespaceskubectl get service -n wenlinkubectl describe pods -n=kube-systemkubeadm token listkubectl logs -f -n kube-system安装flannel网络(与前面的镜像匹配)kubectl apply -f \https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml再次查看master上pod情况:pod-dns状态running修改api-server配置,将端口改到8080/etc/kubernetes/manifests/kube-apiserver.yaml - kube-apiserver - --anonymous-auth=false ... ... - --insecure-bind-address=192.168.0.145 - --insecure-port=8080 livenessProbe: failureThreshold: 8 httpGet: host: 192.168.0.145 path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 15 timeoutSeconds: 15系统重新加载 systemctl daemon-reload && systemctl restart kubelet安装dash-board参考:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboardhttp://jkzhao.github.io/2017/09/19/Kubernetes1-6%E9%9B%86%E7%BE%A4%E4%B8%8A-%E5%BC%80%E5%90%AF%E4%BA%86TLS-%E5%AE%89%E8%A3%85Dashboard/调试: 查看系统日志 查看pod日志 kubectl logs -f -n kube-system kube-apiserver kubectl logs -f -n kube-system kube-proxy kubectl logs -f -n kube-system kube-dns测试验证创建pull私有仓库镜像的secretkubectl create secret docker-registry aip-docker --docker-server=aip-snapshot-docker.artnj.zte.com.cn --docker-username=aip-ci --docker-password=****** --docker-email=tang.chaobin@zte.com.cn -n aiservice使用busybox工具测试网络是否正常busybox -- curl -- 2048service podkubectl exec -ti busybox -- nslookup kubernetes.default.svc.cluster.local参考资料:官网安装说明:https://kubernetes.io/docs/setup/independent/install-kubeadm/安装笔记http://blog.gcalls.cn/blog/2017/09/Kubeadm%E9%9B%86%E7%BE%A4%E6%90%AD%E5%BB%BA.htmlhttps://saurabh-deochake.github.io/posts/2017/07/post-1/
posted on 2018-08-05 09:55 阅读( ...) 评论( ...)