kubernetes官网的安装教程是采用kubeadm init的方式,但是在生产环境当中,可能需要独自手动安装k8s,本文采用源码安装的方式,一步步搭建k8s的master节点和node节点。
系统配置:Centos7.3
Docker版本:1.12.6
一、创建 kubernetes 各组件 TLS 加密通信的证书和秘钥
kubernetes 系统的各组件需要使用 TLS 证书对通信进行加密,本文档使用 CloudFlare 的 PKI 工具集 cfssl 来生成 Certificate Authority (CA) 和其它证书;
生成的 CA 证书和秘钥文件如下:
- ca-key.pem
- ca.pem
- kubernetes-key.pem
- kubernetes.pem
- kube-proxy.pem
- kube-proxy-key.pem
- admin.pem
- admin-key.pem
使用证书的组件如下:
- etcd:使用 ca.pem、kubernetes-key.pem、kubernetes.pem;
- kube-apiserver:使用 ca.pem、kubernetes-key.pem、kubernetes.pem;
- kubelet:使用 ca.pem;
- kube-proxy:使用 ca.pem、kube-proxy-key.pem、kube-proxy.pem;
- kubectl:使用 ca.pem、admin-key.pem、admin.pem;
kube-controller、kube-scheduler 当前需要和 kube-apiserver 部署在同一台机器上且使用非安全端口通信,故不需要证书。
kubernetes版本:1.7.6
kubernetes下载地址:https://www.kubernetes.org.cn/2729.html
下载下来,解压缩:
tar xzvf kubernetes.tar.gz
cd kubernetes
执行get-kube-binaries.sh下载server和client的可执行文件
$ ./cluster/get-kube-binaries.sh Kubernetes release: v1.7.6 Server: linux/amd64 (to override, set KUBERNETES_SERVER_ARCH) Client: linux/amd64 (autodetected) 。。。。。。。。。。。。。。。 。。。。。。。。。。。。。。。 等待很长时间
服务端可执行文件下载到了server文件夹,没有被自动展开
[root@bogon kubernetes]# cd server/ [root@bogon server]# ls kubernetes-manifests.tar.gz kubernetes-salt.tar.gz kubernetes-server-linux-amd64.tar.gz README [root@bogon server]# tar zxvf kubernetes-server-linux-amd64.tar.gz kubernetes/ kubernetes/server/ kubernetes/server/bin/ kubernetes/server/bin/cloud-controller-manager kubernetes/server/bin/kube-aggregator.tar kubernetes/server/bin/kube-proxy.tar kubernetes/server/bin/kube-proxy kubernetes/server/bin/kube-controller-manager.tar kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kube-aggregator.docker_tag kubernetes/server/bin/kube-controller-manager.docker_tag kubernetes/server/bin/kubefed kubernetes/server/bin/kube-scheduler.tar kubernetes/server/bin/kube-apiserver.tar kubernetes/server/bin/kubeadm kubernetes/server/bin/kube-scheduler.docker_tag kubernetes/server/bin/hyperkube kubernetes/server/bin/kube-scheduler kubernetes/server/bin/cloud-controller-manager.tar kubernetes/server/bin/kubelet kubernetes/server/bin/kube-proxy.docker_tag kubernetes/server/bin/kube-apiserver.docker_tag kubernetes/server/bin/kubectl kubernetes/server/bin/apiextensions-apiserver kubernetes/server/bin/cloud-controller-manager.docker_tag kubernetes/server/bin/kube-aggregator kubernetes/LICENSES kubernetes/addons/ kubernetes/kubernetes-src.tar.gz [root@bogon server]#
这里就是最新版本的kubernetes可执行文件列表。要构建kubernetes集群,需要在master节点启动kube-apiserver, kube-controller-manager, kube-scheduler,在每个节点启动kubelet和kube-proxy(如果pod采用的网络模式为host模式,kube-proxy可以不安装,只安装kubelet即可)。这里我们不直接执行,采用systemctl管理。
[root@node1 ~]# vim /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Service Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target After=etcd.service [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/apiserver ExecStart=/usr/bin/kube-apiserver $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
kube-controller-manager.service
[root@node1 ~]# vim /usr/lib/systemd/system/kube-controller-manager.service Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/bin/kube-controller-manager $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
kube-scheduler.service
[root@node1 ~]# vim /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Plugin Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/scheduler ExecStart=/usr/bin/kube-scheduler $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
接着执行命令:
systemctl --system daemon-reload systemctl start kube-apiserver.service systemctl start kube-controller-manager.service systemctl start kube-scheduler.service
这样,master上的kubernetes组件就全部跑起来了,可以使用kubectl检查是否运行正常:
将k8s的命令全部复制到PATH路径下 [root@node1 bin]# cd /root/kubernetes/server/kubernetes/server/bin [root@node1 bin]# cp kube* /usr/bin/ 查看master信息 [root@node1 bin]# kubectl cluster-info Kubernetes master is running at https://172.17.100.13:6443