1.环境准备
name | ip address | system |
master | 192.168.211.130 | centos 7 64位 |
node1 | 192.168.211.131 | centos 7 64位 |
node2 | 192.168.211.132 | centos 7 64位 |
2.安装部署准备
同步三台机器时间(master/node1/node2)
yum install -y ntp
ntpdate -u cn.pool.ntp.org
在node节点上安装redhat-ca软件包(node1/node2)
yum install *rhsm* -y
配置软件包的密钥(node1/node2)
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
3.安装etcd集群
- master节点
yum -y install kubernetes-master etcd
vi /etc/etcd/etcd.conf
#[Member] #ETCD_CORS="" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD_WAL_DIR="" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_WALS="5" ETCD_NAME="etcd1" #ETCD_SNAPSHOT_COUNT="100000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" #ETCD_QUOTA_BACKEND_BYTES="0" #ETCD_MAX_REQUEST_BYTES="1572864" #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s" #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" # #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.211.130:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.211.130:2379" #ETCD_DISCOVERY="" #ETCD_DISCOVERY_FALLBACK="proxy" #ETCD_DISCOVERY_PROXY="" #ETCD_DISCOVERY_SRV="" ETCD_INITIAL_CLUSTER="etcd1=http://192.168.211.130:2380,etcd2=http://192.168.211.131:2380,etcd3=http://192.168.211.132:2380" #ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" #ETCD_INITIAL_CLUSTER_STATE="new" #ETCD_STRICT_RECONFIG_CHECK="true" #ETCD_ENABLE_V2="true" # #[Proxy] #ETCD_PROXY="off" #ETCD_PROXY_FAILURE_WAIT="5000" #ETCD_PROXY_REFRESH_INTERVAL="30000" #ETCD_PROXY_DIAL_TIMEOUT="1000" #ETCD_PROXY_WRITE_TIMEOUT="5000" #ETCD_PROXY_READ_TIMEOUT="0" # #[Security] #ETCD_CERT_FILE="" #ETCD_KEY_FILE="" #ETCD_CLIENT_CERT_AUTH="false" #ETCD_TRUSTED_CA_FILE="" #ETCD_AUTO_TLS="false" #ETCD_PEER_CERT_FILE="" #ETCD_PEER_KEY_FILE="" #ETCD_PEER_CLIENT_CERT_AUTH="false" #ETCD_PEER_TRUSTED_CA_FILE="" #ETCD_PEER_AUTO_TLS="false" # #[Logging] #ETCD_DEBUG="false" #ETCD_LOG_PACKAGE_LEVELS="" #ETCD_LOG_OUTPUT="default" # #[Unsafe] #ETCD_FORCE_NEW_CLUSTER="false" # #[Version] #ETCD_VERSION="false" #ETCD_AUTO_COMPACTION_RETENTION="0" # #[Profiling] #ETCD_ENABLE_PPROF="false" #ETCD_METRICS="basic" # #[Auth] #ETCD_AUTH_TOKEN="simple"
- node1,node2节点
yum -y install kubernetes-node etcd flannel docker
vi /etc/etcd/etcd.conf
#[Member] #ETCD_CORS="" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD_WAL_DIR="" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" #ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_WALS="5" ETCD_NAME="etcd2" #ETCD_SNAPSHOT_COUNT="100000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" #ETCD_QUOTA_BACKEND_BYTES="0" #ETCD_MAX_REQUEST_BYTES="1572864" #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s" #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" # #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.211.131:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.211.131:2379" #ETCD_DISCOVERY="" #ETCD_DISCOVERY_FALLBACK="proxy" #ETCD_DISCOVERY_PROXY="" #ETCD_DISCOVERY_SRV="" ETCD_INITIAL_CLUSTER="etcd1=http://192.168.211.130:2380,etcd2=http://192.168.211.131:2380,etcd3=http://192.168.211.132:2380" #ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" #ETCD_INITIAL_CLUSTER_STATE="new" #ETCD_STRICT_RECONFIG_CHECK="true" #ETCD_ENABLE_V2="true" # #[Proxy] #ETCD_PROXY="off" #ETCD_PROXY_FAILURE_WAIT="5000" #ETCD_PROXY_REFRESH_INTERVAL="30000" #ETCD_PROXY_DIAL_TIMEOUT="1000" #ETCD_PROXY_WRITE_TIMEOUT="5000" #ETCD_PROXY_READ_TIMEOUT="0" # #[Security] #ETCD_CERT_FILE="" #ETCD_KEY_FILE="" #ETCD_CLIENT_CERT_AUTH="false" #ETCD_TRUSTED_CA_FILE="" #ETCD_AUTO_TLS="false" #ETCD_PEER_CERT_FILE="" #ETCD_PEER_KEY_FILE="" #ETCD_PEER_CLIENT_CERT_AUTH="false" #ETCD_PEER_TRUSTED_CA_FILE="" #ETCD_PEER_AUTO_TLS="false" # #[Logging] #ETCD_DEBUG="false" #ETCD_LOG_PACKAGE_LEVELS="" #ETCD_LOG_OUTPUT="default" # #[Unsafe] #ETCD_FORCE_NEW_CLUSTER="false" # #[Version] #ETCD_VERSION="false" #ETCD_AUTO_COMPACTION_RETENTION="0" # #[Profiling] #ETCD_ENABLE_PPROF="false" #ETCD_METRICS="basic" # #[Auth] #ETCD_AUTH_TOKEN="simple"
- 启动etc cluster(master,node1,node2)
systemctl start etcd.service
systemctl status etcd.service
- 查看集群状态(master)
etcdctl cluster-health
4.Kubenetes集群配置
- master节点
vim /etc/kubernetes/apiserver
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. # KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" KUBE_API_ADDRESS="--address=0.0.0.0" # The port on the local server to listen on. KUBE_API_PORT="--port=8080" # Port minions listen on KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.211.130:2379,http://192.168.211.131:2379,http://192.168.211.132:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies # KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota" # Add your own! KUBE_API_ARGS=""
systemctl enable kube-apiserver # 开机启动
systemctl enable kube-controller-manager
systemctl enable kube-scheduler
systemctl start kube-apiserver # 开启
systemctl start kube-controller-manager
systemctl start kube-scheduler
- node1,node2节点
vim /etc/kubernetes/config
### # kubernetes system config # # The following values are used to configure various aspects of all # kubernetes services, including # # kube-apiserver.service # kube-controller-manager.service # kube-scheduler.service # kubelet.service # kube-proxy.service # logging to stderr means we get it in the systemd journal KUBE_LOGTOSTDERR="--logtostderr=true" # journal message level, 0 is debug KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow-privileged=false" # How the controller-manager, scheduler, and proxy find the apiserver KUBE_MASTER="--master=http://182.168.211.130:8080"
vim /etc/kubernetes/kubelet
### # kubernetes kubelet (minion) config # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces) KUBELET_ADDRESS="--address=192.168.211.132" # The port for the info server to serve on # KUBELET_PORT="--port=10250" # You may leave this blank to use the actual hostname KUBELET_HOSTNAME="--hostname-override=192.168.211.132" # location of the api-server KUBELET_API_SERVER="--api-servers=http://192.168.211.130:8080" # pod infrastructure container KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest" # Add your own! KUBELET_ARGS=""
vim /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.211.130:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network" # *****重点来了:这个需要在master手动配置,配置如下******
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
## 由于linux还有底层的iptables,所以在node上分别执行:##
## 注意要关闭防火墙,有一些端口用于flannel之间相互通信 ##
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -L -n
etcdctl mk /atomic.io/network/network/config '{"Network":"10.2.0.0/16"}' # Type:host-gw/vxlan
etcdctl set /atomic.io/network/config '{"Network":"172.17.0.0/16", "SubnetMin": "172.17.1.0", "SubnetMax": "172.17.254.0", "Backend":{"Type":"host-gw"}}'
systemctl enable kubelet systemctl enable kube-proxy
systemctl enable flanneld
systemctl enable docker
systemctl start kubelet systemctl start kube-proxy
systemctl start flanneld systemctl start docker
- 查看集群状态(master):
kubectl get nodes
etcdctl member list
etcdctl cluster-health
5.Kubernetes管理
- 创建pods
kubectl run my-nginx --image=nginx --replicas=2 --port=80
kubectl create -f deployment-nginx.yml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 4 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.12.2 ports: - containerPort: 80
- 查看pod信息
kubectl get pods -o wide
- 删除pod
kubectl delete pods my-nginx-379829228-bkt21
- 进入指定pods并执行bash命令
kubectl exec -it my-nginx-379829228-462dl bash
- 将pods端口与宿主端口映射
kubectl port-forward my-nginx-379829228-ng2jb 80:80 # 主机(master)上映射,并且只能通过http://127.0.0.1:8080访问
kubectl expose deployment nginx-deployment --type=NodePort # 节点(node1,node2)上映射,**推荐**
- 修改pods数量(pods的类型有:rc【Replication Controller】、rs【ReplicaSet】、deployment、job)
kubectl scale rc my-nginx --replicas=4
- 删除pods(文件/name)(文件仅支持:json、yaml)
kubectl delete deployment --all
kubectl delete -f rc_nginx.yaml
- 通过deployment创建的pods升级images
kubectl set image deployment nginx-deployment nginx=nginx:1.13
- 查看pods升级images的历史
kubectl rollout history deployment nginx-deployment
- 回滚pods升级images的历史
kubectl rollout undo deployment nginx-deployment
- 查看节点
kubectl get node -o wide
- 创建service
kubectl expoese命令,会给我们的pod创建一个service,供外部访问。通过yaml文件创建。还可以通过DNS(但需要add-on)
service主要有三类:ClusterIP,NodePort,Loadalancer
kubectl get svc # 查询service
kubectl expose pods pod-nginx # 创建ClusterIP,创建出来的cluster ip不会变化,原本的pod的ip是会变化的。
# 通过给出的cluster ip+port访问时,会自动做负载均衡
kubectl expose pods pod-nginx --type=NodePort # 创建NodePort。--type默认为ClusterIP