溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章給大家分享的是有關docker中如何初始化k8s集群的內容。小編覺得挺實用的,因此分享給大家做個參考,一起跟隨小編過來看看吧。
k8s的部署有多種方式,但我們采用kubeadm工具部署。
kubeadm官方地址:https://github.com/kubernetes/kubeadm
master,etcd: 172.16.1.100
node1: 172.16.1.101
node2: 172.16.1.102
k8s版本:1.11
1、基于主機名通信:/etc/hosts;
172.16.1.100 master 172.16.1.101 node01 172.16.1.102 node02
2、時間同步;
3、關閉firewalld和iptables.service,這兩個一定要禁用,因為k8s會自己設置iptables網絡策略等;
systemctl stop iptables.service systemctl disable iptables.service systemctl stop firewalld.service systemctl disable firewalld.service
4、網絡橋接全部設置為1
[root@k8s-master yum.repos.d]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 1 [root@k8s-master yum.repos.d]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 1
下載kubernetes包: https://github.com/kubernetes/kubernetes/releases
我們為了方便,不使用上面安裝包的來安裝k8s,這里只是讓大家了解一下。我們此次安裝使用kubeadm方式安裝。
a) docker源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
b)k8s源
[root@k8s-master yum.repos.d]# cat k8s.repo [k8s] name=k8s repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg enabled=1
[root@k8s-master yum.repos.d]# yum repolist
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg [root@k8s-master yum.repos.d]# rpm --import yum-key.gpg
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg [root@k8s-master yum.repos.d]# rpm --import rpm-package-key.gpg
yum -y install docker-ce kubelet kubeadm kubectl (master上執行)
[root@k8s-master yum.repos.d]# rpm -ql kubelet /etc/kubernetes/manifests #清單目錄 /etc/sysconfig/kubelet #配置文件 /etc/systemd/system/kubelet.service /usr/bin/kubelet #主程序
由于中國某種不可描述的原因,需要更改docker 默認拉取鏡像的源
root@k8s-master yum.repos.d]# vim /usr/lib/systemd/system/docker.service [Service] #表示訪問https服務時,通過下面的代理來訪問,本次這么做的目的是為了能訪問外國的docer鏡像,要不會被墻,用完了再注釋掉,從而繼續使用國內 的鏡像 Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"
[root@k8s-master yum.repos.d]# systemctl daemon-reload [root@k8s-master yum.repos.d]# systemctl start docker
[root@k8s-master yum.repos.d]# docker info #能看到如下兩個 HTTPS Proxy: http://www.ik8s.io:10080 No Proxy: 127.0.0.0/8,172.16.0.0/16
[chenzx@sa ~]$ telnet www.ik8s.io 10080 #要確保這個端口是通的
該過程會做先決條件預檢、生成證書、私鑰、生成配置文件、生成靜態pod的清單文件并完成部署(addons)
[root@k8s-master yum.repos.d]# systemctl enable kubelet #首先只能設置為開機自啟動,但先不要不要手工啟動該服務(即使現在啟動也啟動不起來),等初始化完成了再啟動。
[root@k8s-master chenzx]# systemctl enable docker
[root@k8s-master chenzx]# kubeadm init --help
--apiserver-advertise-address:表示apiserver對外的地址是什么,默認是0.0.0.0
--apiserver-bind-port:表示apiserver的端口是什么,默認是6443
--cert-dir:加載證書的目錄,默認在/etc/kubernetes/pki
--config:配置文件
--ignore-preflight-errors:在預檢中如果有錯誤可以忽略掉,比如忽略 IsPrivilegedUser,Swap.等
--kubernetes-version:指定要初始化k8s的版本信息是什么
--pod-network-cidr :指定pod使用哪個網段,默認使用10.244.0.0/16
--service-cidr:指定service組件使用哪個網段,默認10.96.0.0/12
[root@k8s-master chenzx]# cat /etc/sysconfig/kubelet #指定額外的初始化信息,下面表示禁用操作系統的swap功能 KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@k8s-master chenzx]# kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap [preflight/images] Pulling images required for setting up a Kubernetes cluster ##表示開始拉取鏡像 [preflight/images] This might take a minute or two, depending on the speed of your internet connection [preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' ##如果你感覺網速慢,可以運行kubeadm config images pull命令把鏡像拖到本地 [certificates] Generated apiserver-kubelet-client certificate and key. ##可以看到生成一堆證書 [certificates] Generated sa key and public key. [certificates] Generated front-proxy-ca certificate and key. [certificates] Generated front-proxy-client certificate and key. [certificates] Generated etcd/ca certificate and key. [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml" ##yml控制給pod分多少cpu和內存 [controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager. ###markmaster幫我們把此節點標記為主節點 [markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''" [markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule] ##bootstraptoken是引導令牌,讓其他nodes加入集群時用的 [bootstraptoken] using token: as5gwu.ktojf6cueg0doexi [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials ##從k8s 1.11版開始,DNS正式被CoreDNS取代,它支持很多新的功能,比如資源的動態配置等 [addons] Applied essential addon: CoreDNS ##kube-proxy托管在K8S之上,負責生產service的iptables和ipvs規則,從k8s1.11開始默認支持ipvs [addons] Applied essential addon: kube-proxy ##看到初始化成功了 Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: ##還需要手工運行一下命令 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ##其他機器裝好包后,可以執行下面的命令來把nodes節點加入集群,把下面的命令記得自己保存起來,要不將來找不著就加不進去了 ##其實這么設計的目的就是不是誰都能加入集群的,需要拿著下面的令牌來加入 You can now join any number of machines by running the following on each node as root: kubeadm join 172.16.1.100:6443 --token as5gwu.ktojf6cueg0doexi --discovery-token-ca-cert-hash sha256:399a7de763b95e52084d7bd4cad71dc8fa1bf6dd453b02743d445eee59252cc5
[root@k8s-master chenzx]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy-amd64 v1.11.1 d5c25579d0ff 7 weeks ago 97.8MB k8s.gcr.io/kube-apiserver-amd64 v1.11.1 816332bd9d11 7 weeks ago 187MB k8s.gcr.io/kube-controller-manager-amd64 v1.11.1 52096ee87d0e 7 weeks ago 155MB k8s.gcr.io/kube-scheduler-amd64 v1.11.1 272b3a60cd68 7 weeks ago 56.8MB k8s.gcr.io/coredns 1.1.3 b3b94275d97c 3 months ago 45.6MB k8s.gcr.io/etcd-amd64 3.2.18 b8df3b177be2 4 months ago 219MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 8 months ago 742kB
說明:pause可以做一個容器,這個容器不用啟動,pause可以使其他容器復制基礎的網絡和存儲構件。
如果安裝出錯了,可以執行kubeadm reset命令進行重置,再重新執行kubeadm init...命令
注意:上面初始化中輸出的kubeadm join 172.16.1.100:6443 --token.....這句話,一定要粘貼到記事本保存好,因為以后要使用這個命令把node加入集群,并且該命令無法復現,切記切記!!!
[root@k8s-master chenzx]# mkdir -p $HOME/.kube [root@k8s-master chenzx]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
yum -y install docker-ce kubelet kubeadm (node上執行,nodes上可以不安裝kubectl)
查看組件信息:
[root@k8s-master chenzx]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"} 查看節點信息:
[root@k8s-master chenzx]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady master 51m v1.11.2
說明,:狀態為NotReady,是因為還缺flannel組件,沒有這個組件是沒法設置網絡的。
下載地址:https://github.com/coreos/flannel
安裝flannel: [root@k8s-master chenzx]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看當前master節點上kube-system名稱空間里運行的所有pod狀態:
[root@k8s-master chenzx]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-78fcdf6894-6j6nt 0/1 Running 0 2h coredns-78fcdf6894-pnmjj 0/1 Running 0 2h etcd-k8s-master 1/1 Running 0 1h kube-apiserver-k8s-master 1/1 Running 0 1h kube-controller-manager-k8s-master 1/1 Running 0 1h kube-flannel-ds-amd64-txxw2 1/1 Running 0 1h kube-proxy-frkp9 1/1 Running 0 2h kube-scheduler-k8s-master 1/1 Running 0 1h
另外,以上所有pod必須保證都是running狀態的,如果哪個不是,可以通過類似如下命令查看為什么:
kubectl dscrible pods coredns-78fcdf6894-6j6nt -n kube-system
查看flannel鏡像: [root@k8s-master chenzx]# docker images quay.io/coreos/flannel REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 7 months ago 44.6MB
查看nodes節點信息,看到status這回變成ready了 [root@k8s-master chenzx]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready master 1h v1.11.2
查看當前節點名稱空間:
[root@k8s-master chenzx]# kubectl get ns NAME STATUS AGE default Active 3h kube-public Active 3h kube-system Active 3h
該過程也會先檢查先決條件是否滿足需求,然后基于域共享的令牌認證方式完成master節點的認證,并完成本地的pod的資源安裝,包含以addons方法部署的kubbe-proxy、DNS。
1)在node1和node2上修改配置文件并啟動服務:
[root@k8s-master chenzx]# vim /usr/lib/systemd/system/docker.service
[Service] Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"
[root@k8s-master chenzx]# vim /etc/sysconfig/kubelet
#指定額外的初始化信息 KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@k8s-node1 chenzx]# systemctl daemon-reload [root@k8s-node1 chenzx]# systemctl start docker [root@k8s-node1 chenzx]# systemctl enable docker [root@k8s-node1 chenzx]# systemctl enable kubelet
[root@k8s-node1 chenzx]# docker info
HTTPS Proxy: http://www.ik8s.io:10080 No Proxy: 127.0.0.0/8,172.16.0.0/16
[root@k8s-node1 chenzx]# kubeadm join 172.16.1.100:6443 --token as5gwu.ktojf6cueg0doexi --discovery-token-ca-cert-hash sha256:399a7de763b95e52084d7bd4cad71dc8fa1bf6dd453b02743d445eee59252cc5 --ignore-preflight-errors=Swap (注意:這個命令是在kubeadm init初始化中得到的)
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap... [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node1" as an annotation This node has joined the cluster: * Certificate signing request was sent to master and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.
[root@k8s-node1 chenzx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy-amd64 v1.11.1 d5c25579d0ff 7 weeks ago 97.8MB quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 7 months ago 44.6MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 8 months ago 742kB
[root@k8s-master chenzx]# kubectl get nodes (master上看)
NAME STATUS ROLES AGE VERSION k8s-master Ready master 4h v1.11.2 k8s-node1 Ready <none> 55m v1.11.2
[root@k8s-master chenzx]# kubectl get pods -n kube-system -o wide (master上看)
NAME READY STATUS RESTARTS AGE IP NODE coredns-78fcdf6894-6j6nt 0/1 Running 0 4h <none> k8s-master coredns-78fcdf6894-pnmjj 0/1 Running 0 4h <none> k8s-master etcd-k8s-master 1/1 Running 0 3h 172.16.1.100 k8s-master kube-apiserver-k8s-master 1/1 Running 0 3h 172.16.1.100 k8s-master kube-controller-manager-k8s-master 1/1 Running 0 3h 172.16.1.100 k8s-master kube-flannel-ds-amd64-87tqv 1/1 Running 0 57m 172.16.1.101 k8s-node1 kube-flannel-ds-amd64-txxw2 1/1 Running 0 3h 172.16.1.100 k8s-master kube-proxy-2rf4m 1/1 Running 0 57m 172.16.1.101 k8s-node1 kube-proxy-frkp9 1/1 Running 0 4h 172.16.1.100 k8s-master kube-scheduler-k8s-master 1/1 Running 0 3h 172.16.1.100 k8s-master
以上命令在node2上也執行一遍。
此時已經完成k8s的安裝。
感謝各位的閱讀!關于“docker中如何初始化k8s集群”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,讓大家可以學到更多知識,如果覺得文章不錯,可以把它分享出去讓更多的人看到吧!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
