以二进制文件方式安装Kubernetes集群
k8s下载地址:https://github.com/kubernetes/kubernetes/releases
wget https://dl.k8s.io/v1.14.0/kubernetes-server-linux-amd64.tar.gz
wget https://dl.k8s.io/v1.14.0/kubernetes-client-linux-amd64.tar.gz
wget https://dl.k8s.io/v1.14.0/kubernetes-node-linux-amd64.tar.gz
wget https://github.com/etcd-io/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz
Master上安装etcd、kube-apiserver、kube-controller-manager、kube-scheduler服务
1.etcd服务
下载etcd二进制包,解压,将etcd、etcdctl文件复制到/usr/bin/目录。
设置systemd配置文件:
[root@common etcd]# cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
[Service]
Type=simple
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
其中WorkingDirectory是etcd的数据保存目录,需要在启动服务之前创建。
/etc/etcd/etcd.conf配置文件先添加配置:
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_CLIENT_URLS="http://10.2.7.67:2379"
#[Clustering]
ETCD_ADVERTISE_CLIENT_URLS="http://10.2.7.67:2379"
启动etcd服务
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd.service
export ETCDCTL_API=3
# 查看健康状态
[root@common etcd]# etcdctl endpoint health
127.0.0.1:2379 is healthy: successfully committed proposal: took = 700.897µs
2.kube-apiserver服务
将 kube-apiserver、kube-controller-manager和kube-scheduler文件复制到/usr/bin目录。设置systemd服务配置文件/usr/lib/systemd/system/kube-apiserver.service,内容如下:
cp kube-apiserver /usr/bin/
cp kube-controller-manager /usr/bin
cp kube-scheduler /usr/bin/
[root@common]# cat /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=etcd.service
Wants=etcd.service
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver $KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
配置文件/etc/kubernetes/apiserver的内容包括了kube-apiserver的全部启动参数,主要的配置参数在变量KUBE_API_ARGS中指定。
[root@common]# cat /etc/kubernetes/apiserver
KUBE_API_ARGS="--etcd-servers=http://127.0.0.1:2379
--insecure-bind-address=0.0.0.0
--insecure-port=8080
--service-cluster-ip-range=169.169.0.0/16
--service-node-port-range=1-65535
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
--logtostderr=false
--log-dir=/var/log/kubernetes
--v=0"
对启动参数说明如下。
◎ --etcd-servers:指定etcd服务的URL。
◎ --storage-backend:指定etcd的版本,从Kubernetes1.6开始,默认为etcd3。注意,在Kubernetes1.6之前的版本中没有这个参数,kube-apiserver默认使用etcd2,对于正在运行的1.5或旧版本的Kubernetes集群,etcd提供了数据升级方案,详见etcd文档(https://coreos.com/etcd/docs/latest/upgrades/upgrade_3_0.html)。
◎ --insecure-bind-address:APIServer绑定主机的非安全IP地址,设置0.0.0.0表示绑定所有IP地址。
◎ --insecure-port:API Server绑定主机的非安全端口号,默认为8080。
◎ --service-cluster-ip-range:Kubernetes集群中Service的虚拟IP地址范围,以CIDR格式表示,例如169.169.0.0/16,该IP范围不能与物理机的IP地址有重合。
◎ --service-node-port-range:Kubernetes集群中Service可使用的物理机端口号 范围,默认值为30000~32767。
◎ --enable-admission-plugins:Kubernetes集群的准入控制设置,各控制模块以插件的形式依次生效。
◎ --logtostderr:设置为false表示将日志写入文件,不写入stderr
◎ --log-dir:日志目录。
◎ --v:日志级别。
3.kube-controller-manager服务
kube-controller-manager服务依赖于kube-apiserver服务,设置systemd服务配置文件/usr/lib/systemd/system/kube-controller-manager.service,内容如下:
[root@common]# cat /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/Kubernetes
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
[root@common]# cat /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig
--logtostderr=false
--log-dir=/var/log/kubernetes
--v=0"
参数说明:--kubeconfig:设置与API Server连接的相关配置
4.kube-scheduler服务
kube-scheduler服务也依赖于kube-apiserver服务,设置systemd服务配置文件/usr/lib/systemd/system/kube-scheduler.service,内容如下:
[root@common]# cat /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Descriptin=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/Kubernetes
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler $KUBE_scheduler_ARGS
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
[root@common]# cat /etc/kubernetes/scheduler
KUBE_scheduler_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig
--logtostderr=false
--log-dir=/var/log/kubernetes
--v=0"
参数说明:--kubeconfig:设置与API Server连接的相关配置
没有此文件/etc/kubernetes/kubeconfig,将--kubeconfig参数换成
--master=http://10.2.7.67:8080即可
配置完成后,执行systemctlstart命令按顺序启动这3个服务,同时,使用systemctl enable命令将服务加入开机启动列表中:
systemctl daemon-reload
systemctl enable kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl start kube-scheduler.service
运行命令kubectl get cs
[root@common]# ./kubectl get cs
NAME STATUS MESSAGE ERROR
etcd-0 Healthy {"health":"true"}
scheduler Healthy ok
controller-manager Healthy ok
通过systemctl status <service_name>验证服务的启动状态,running表示启动成功。至此,Master上所需的服务就全部启动完成了。
存在的问题:
[root@common]# service kube-apiserver status
Redirecting to /bin/systemctl status kube-apiserver.service
● kube-apiserver.service - kubernetes API Server
Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2019-08-19 16:29:52 CST; 21min ago
Docs: https://github.com/GoogleCloudPlatform/Kubernetes
Main PID: 38789 (kube-apiserver)
Tasks: 22
Memory: 149.0M
CGroup: /system.slice/kube-apiserver.service
└─38789 /usr/bin/kube-apiserver --etcd-servers=http://10.2.7.67:2379 --insecure-bind-address=0.0.0.0 --insecure-port=8080 --storage-backend=etcd3 --service-cluster-ip-range=169.169.0.0/16 --service-node-port-range=1-65535 --logtostderr=false --enable-admis...
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.003935 38789 prometheus.go:189] failed to register unfinished_work_seconds metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.003959 38789 prometheus.go:202] failed to register longest_running_processor_microseconds metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847490 38789 prometheus.go:138] failed to register depth metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847536 38789 prometheus.go:150] failed to register adds metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847581 38789 prometheus.go:162] failed to register latency metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847619 38789 prometheus.go:174] failed to register work_duration metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847647 38789 prometheus.go:189] failed to register unfinished_work_seconds metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:50 common.localdomain kube-apiserver[38789]: E0819 16:29:50.847671 38789 prometheus.go:202] failed to register longest_running_processor_microseconds metric admission_quota_controller: duplicate metrics collector registration attempted
8月 19 16:29:52 common.localdomain systemd[1]: Started kubernetes API Server.
8月 19 16:29:52 common.localdomain kube-apiserver[38789]: E0819 16:29:52.368284 38789 controller.go:148] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/10.10.10.6, Resour...AdditionalErrorMsg:
Hint: Some lines were ellipsized, use -l to show in full.
Node上安装kubelet、kube-proxy服务
1.kubelet服务
kubelet服务依赖于Docker服务,设置systemd服务配置文件/usr/lib/systemd/system/kubelet.service,内容如下:
[root@cfs-ctp]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/Kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
[Install]
WantedBy=multi-user.target
其中,WorkingDirectory表示kubelet保存数据的目录,需要在启动kubelet服务之前创建。
配置文件/etc/kubernetes/kubelet的内容包括了kubelet的全部启动参数,主要的配置参数在变量KUBELET_ARGS中指定:
[root@cfs-ctp]# cat /etc/kubernetes/kubelet
KUBELET_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig
--hostname-override=10.2.7.63
--logtostderr=false
--log-dir=/var/log/kubernetes
--v=0"
[root@cfs-ctp]# cat /etc/kubernetes/kubeconfig
apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
cluster:
server: http://10.2.7.67:8080
contexts:
- context:
cluster: kubernetes
user: kubelet
name: service-account-context
current-context: service-account-context
--kubeconfig:设置与APIServer连接的相关配置,可以与kube-controller-manager使用的kubeconfig文件相同。
--hostname-override:设置本Node的名称。
--logtostderr:设置为false表示将日志写入文件,不写入stderr。
2.kube-proxy服务
kube-proxy服务依赖于network服务,设置systemd服务配置文件/usr/lib/systemd/system/kube-proxy.service,内容如下:
[root@cfs-ctp]# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=kubernetes Kube-proxy Server
Documentation=https://github.com/GoogleCloudPlatform/Kubernetes
After=network.service
Requires=network.service
[Service]
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy $KUBE_PROXY_ARGS
Restart=on-failure
LinitNOFILE=65535
[Install]
WantedBy=multi-user.target
#配置文件
[root@cfs-ctp]# cat /etc/kubernetes/proxy
KUBE_PROXY_ARGS="--master=http://10.2.7.67:8080
--logtostderr=false
--log-dir=/var/log/kubernetes
--v=2"
配置完成后,通过systemctl启动kubelet和kube-proxy服务:
systemctl daemon-reload
systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service
kubelet默认采用向Master自动注册本Node的机制,在Master上查看各Node的状态,状态为Ready表示Node已经成功注册并且状态为可用:
[root@common]# ./kubectl get node
NAME STATUS ROLES AGE VERSION
10.2.7.63 Ready <none> 114s v1.14.0
等所有Node的状态都为Ready之后,一个Kubernetes集群就启动完成了。接下来可以创建Pod、Deployment、Service等资源对象来部署容器应用了。