K8S Docker集群搭建
一 Kubernetes主件组成简介
kubernetes是google公司基于docker所做的一个分布式集群,有以下主件组成:
etcd: 高可用存储共享配置和服务发现,作为与minion机器上的flannel配套使用,作用是使每台 minion上运行的docker拥有不同的ip段,最终目的是使不同minion上正在运行的docker containner都有一个与别的任意一个containner(别的minion上运行的docker containner)不一样的IP地址。
flannel: 网络结构支持
kube-apiserver: 不论通过kubectl还是使用remote api 直接控制,都要经过apiserver
kube-controller-manager: 对replication controller, endpoints controller, namespace controller, and serviceaccounts controller的循环控制,与kube-apiserver交互,保证这些controller工作
kube-scheduler: Kubernetes scheduler的作用就是根据特定的调度算法将pod调度到指定的工作节点(minion)上,这一过程也叫绑定(bind)
kubelet: Kubelet运行在Kubernetes Minion Node上. 它是container agent的逻辑继任者
kube-proxy: kube-proxy是kubernetes 里运行在minion节点上的一个组件, 它起的作用是一个服务代理的角色
二 环境准备
1 centos7.4系统机器三台:
10.110.30.50: 用来安装kubernetes master
10.110.30.59: 用作kubernetes minion (minion1)
10.110.30.60: 用作kubbernetes minion (minion2)
2 关闭系统运行的防火墙及selinux
2.1 如果系统开启了防火墙则按如下步骤关闭防火墙(所有机器)
systemctl stop firewalld
systemctl disable firewalld
2.2 关闭selinux
setenforce 0 #临时关闭
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/sysconfig/selinux #永久关闭
三 安装docker
1 docker旧版本安装(1.13.1版本)
1.1 执行安装命令
yum -y install docker
1.2 启动docker并设置开机启动
systemctl start docker
systemctl enable docker
1.3 验证docker是否安装成功
docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
Go version: go1.10.3
Git commit: 7f2769b/1.13.1
Built: Mon Aug 5 15:09:42 2019
OS/Arch: linux/amd64
Experimental: false
四 安装Kubernetes
1 MASTER安装配置
1.1 安装并配置Kubernetes master
yum -y install etcd kubernetes
配置etcd,确保列出的这些项都配置正确并且没有被注释掉,下面的配置都是如此
vi /etc/etcd/etcd.conf
ETCD_NAME="default"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
配置kubernetes
vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""
1.2 启动etcd, kube-apiserver, kube-controller-manager and kube-scheduler服务
systemctl restart etcd
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
systemctl enable etcd
systemctl enable kube-apiserver
systemctl enable kube-controller-manager
systemctl enable kube-scheduler
systemctl status etcd
systemctl status kube-apiserver
systemctl status kube-controller-manager
systemctl status kube-scheduler
1.3 设置etcd网络
etcdctl -C http://127.0.0.1:2379 set /atomic.io/network/config '{"Network":"10.1.0.0/16"}'
1.4 查看节点运行状态
至此master配置完成,运行kubectl get nodes可以查看有多少minion在运行,以及其状态。
这里我们的minion还都没有开始安装配置,所以运行之后结果为空
kubectl get nodes
2 MINION安装配置(每台minion机器都按如下安装配置)
2.1 环境安装和配置
yum -y install flannel kubernetes
配置kubernetes连接的服务端IP
vi /etc/kubernetes/config
KUBE_MASTER="--master=http://10.110.30.50:8080"
KUBE_ETCD_SERVERS="--etcd_servers=http://10.110.30.50:2379"
配置kubernetes ,(HOSTNAME请使用每台minion自己的IP地址比如10.110.30.50,API_SERVER使用master节点的IP 地址)
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=10.110.30.59"
KUBELET_API_SERVER="--api-servers=http://10.110.30.50:8080"
KUBELET_ARGS=""
2.2 准备启动服务
如果本来机器上已经运行过docker的请看过来,没有运行过的请忽略此步骤,运行ifconfig,查看机器的网络配置情况(有docker0)
ifconfig docker0
Link encap:Ethernet HWaddr 02:42:B2:75:2E:67 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP``BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0``errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0``RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)`
**注意:**在运行过docker的机器上可以看到有docker0,这里在启动服务之前需要删掉docker0配置,在命令行运行:
sudo ip link delete docker0
2.3 配置flannel网络
vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://10.110.30.50:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
注意:其中atomic.io与上面etcd中的Network对应
2.4 启动服务
systemctl restart flanneld
systemctl restart kube-proxy
systemctl restart kubelet
systemctl restart docker
systemctl enable flanneld
systemctl enable kube-proxy
systemctl enable kubelet
systemctl enable docker
systemctl status flanneld
systemctl status kube-proxy
systemctl status kubelet
systemctl status docker
五 搭建本地镜像仓库
1 registry仓库搭建
1.1 载入registry镜像
上传registry.tar镜像文件到master节点指定路径,执行docker load命令:
docker load --input registry.tar
1.2 查看镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest 9d0c4eabab4d 2 years ago 33.2 MB
1.3 启动registry
/home/data/registrydata是一个比较大的系统分区,今后镜像仓库中的全部数据都会保存在这个外挂目录下
docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /home/data/registrydata:/tmp/registry registry
1.4 修改配置文件使registry生效
#方法1:
vim /etc/sysconfig/docker加入
OPTIONS='--insecure-registry=10.110.30.50:5000'
systemctl restart docker
#方法2
echo '{ "insecure-registries":["10.110.30.50:5000"] }' > /etc/docker/daemon.json
systemctl restart docker
1.5 测试registry镜像仓库
#在master节点执行上传镜像操作
docker tag docker.io/registry:latest 10.110.30.50:5000/liberary/registry:latest
docker push 10.110.30.50:5000/liberary/registry:latest
#在minion节点执行下拉镜像操作
docker pull 10.110.30.50:5000/liberary/registry:latest
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.110.30.50:5000/liberary/registry latest f32a97de94e1 5 months ago 25.8 MB
未完待续…