欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Docker&K8s安装部署教程

程序员文章站 2024-02-22 21:08:40
...

目录

 

一、说明

二、安装Docker

1.上传

2.解压

3.移动

4.注册服务

5.启动

6.验证

三、K8s安装

1.各节点通用操作

1.1 上传安装源

1.2解压

1.3关闭selinux和防火墙

1.4 修改hosts文件

1.5配置系统路由参数

1.6关闭swap

1.7安装kubelet kubeadm kubectl包

1.8启用开机启动

1.9修改配置文件

1.10重启reload

2.master节点操作

2.1节点互信

2.2环境reset

2.3kubeadm 初始化

2.4配置下环境变量

2.5测试是否启动

2.6安装网络

2.7安装dashboard

2.8创建用户

三、加入node节点到集群

四、查看集群

五、遇到的问题


一、说明

本教程为内网安装,无法连接internet

安装包如下:

Docker&K8s安装部署教程

链接: https://pan.baidu.com/s/1BpadtQcDGHzKYY1zEbRLeQ 提取码: 649m

二、安装Docker

1.上传

rz -y,选择安装包

2.解压

tar -xvf docker-18.06.1-ce.tgz

3.移动

将解压出来的docker文件内容移动到 /usr/bin/ 目录下

cp docker/* /usr/bin/

4.注册服务

将docker注册为service

vim /etc/systemd/system/docker.service

复制下面的内容到docker.service

[Unit]

Description=Docker Application Container Engine

Documentation=https://docs.docker.com

After=network-online.target firewalld.service

Wants=network-online.target

[Service]

Type=notify

# the default is not to use systemd for cgroups because the delegate issues still

# exists and systemd currently does not support the cgroup feature set required

# for containers run by docker

ExecStart=/usr/bin/dockerd

ExecReload=/bin/kill -s HUP $MAINPID

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity

LimitNPROC=infinity

LimitCORE=infinity

# Uncomment TasksMax if your systemd version supports it.

# Only systemd 226 and above support this version.

#TasksMax=infinity

TimeoutStartSec=0

# set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

# kill only the docker process, not all processes in the cgroup

KillMode=process

# restart the docker process if it exits prematurely

Restart=on-failure

StartLimitBurst=3

StartLimitInterval=60s

 

[Install]

WantedBy=multi-user.target



 

5.启动

chmod +x /etc/systemd/system/docker.service #添加文件权限

systemctl daemon-reload #重载unit配 置文件

systemctl start docker #启动Docker

systemctl enable docker.service #设置开机自启

6.验证

systemctl status docker #查看Docker状态

Docker&K8s安装部署教程

docker -v #查看Docker版本

Docker&K8s安装部署教程

docker的安装启动到这里就结束了,没遇到什么问题,所有节点都要安装docker。

三、K8s安装

1.各节点通用操作

1.1 上传安装源

rz -y 选择k8s-offline-install.zip

1.2解压

unzip k8s-offline-install.zip

解压之后里面有docker_images的压缩包,也要解压:

Docker&K8s安装部署教程

分卷压缩包在linux不好解压,可在window解压后,上传回去,解压之后有11个文件。

 

Docker&K8s安装部署教程

将上述镜像导入docker

(全部复制,粘贴到命令行回车即可)

docker load < /root/package/k8s-images/docker_images/etcd-amd64_v3.1.10.tar
docker load < /root/package/k8s-images/docker_images/flannel_v0.9.1-amd64.tar
docker load < /root/package/k8s-images/docker_images/k8s-dns-dnsmasq-nanny-amd64_v1.14.7.tar
docker load < /root/package/k8s-images/docker_images/k8s-dns-kube-dns-amd64_1.14.7.tar
docker load < /root/package/k8s-images/docker_images/k8s-dns-sidecar-amd64_1.14.7.tar
docker load < /root/package/k8s-images/docker_images/kube-apiserver-amd64_v1.9.0.tar
docker load < /root/package/k8s-images/docker_images/kube-controller-manager-amd64_v1.9.0.tar
docker load < /root/package/k8s-images/docker_images/kube-proxy-amd64_v1.9.0.tar
docker load < /root/package/k8s-images/docker_images/kubernetes-dashboard_v1.8.1.tar
docker load < /root/package/k8s-images/docker_images/kube-scheduler-amd64_v1.9.0.tar
docker load < /root/package/k8s-images/docker_images/pause-amd64_3.0.tar

1.3关闭selinux和防火墙

[aaa@qq.com ~]# setenforce 0
[aaa@qq.com ~]# sed -i  "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
[aaa@qq.com ~]# systemctl disable firewalld.service

[aaa@qq.com ~]# systemctl stop firewalld.service

1.4 修改hosts文件

使用本地解析主机名,给每个节点都起个名字

[aaa@qq.com ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.20.11 master 
172.16.20.12 node1  
172.16.20.13 node2  

1.5配置系统路由参数

防止kubeadm报路由警告
[aaa@qq.com ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[aaa@qq.com ~]# sysctl --system

 

1.6关闭swap


[aaa@qq.com ~]# swapoff -a
# 注释掉带swap的行,你可以直接执行下面的命令,或者自己打开文件手动注释 vi /etc/fstab     
[aaa@qq.com ~]# sed -i 's/.*swap/#&/' /etc/fstab

1.7安装kubelet kubeadm kubectl包

就是安装装包中的rpm文件
[aaa@qq.com k8s-images]# rpm -ivh socat-1.7.3.2-2.el7.x86_64.rpm kubernetes-cni-0.6.0-0.x86_64.rpm  kubelet-1.9.9-9.x86_64.rpm kubectl-1.9.0-0.x86_64.rpm  kubeadm-1.9.0-0.x86_64.rpm

1.8启用开机启动

此处仅需要enable
[aaa@qq.com k8s-images]# systemctl enable kubelet

1.9修改配置文件

设置cgroupkubelet默认的cgroup的driver和docker的不一样,docker默认的cgroupfs,kubelet默认为systemd


[aaa@qq.com k8s-images]# cp -a  /etc/systemd/system/kubelet.service.d/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/10-kubeadm.conf_bak
[aaa@qq.com k8s-images]# sed -i "s/systemd/cgroupfs/g"  /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

1.10重启reload


[aaa@qq.com k8s-images]# systemctl daemon-reload

2.master节点操作

2.1节点互信

master节点与node节点做互相通信(ssh-copy-id的后面写二、2设置的,你要作为node的节点的名字)
[aaa@qq.com k8s-images]# ssh-****** -t rsa -f ~/.ssh/id_rsa -N "" -q
[aaa@qq.com k8s-images]# ssh-copy-id node1
[aaa@qq.com k8s-images]# ssh-copy-id node2

2.2环境reset


[aaa@qq.com k8s-images]# kubeadm reset

2.3kubeadm 初始化

(注意:执行该命令后将出现的kubeadm join xxx保存下来,等下node节点需要使用)

[aaa@qq.com k8s-images]# kubeadm init --kubernetes-version=v1.9.0 --pod-network-cidr=10.244.0.0/16 

kubernetes默认支持多重网络插件如flannel、weave、calico,这里使用flanne,就必须要设置–pod-network-cidr参数,
10.244.0.0/16是kube-flannel.yml里面配置的默认网段,如果需要修改的话,
需要把kubeadm init的–pod-network-cidr参数和后面的kube-flannel.yml里面修改成一样的网段就可以了。(一般不需要修改)

2.4配置下环境变量


对于root用户:
[aaa@qq.com k8s-images]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[aaa@qq.com k8s-images]# source ~/.bash_profile

对于非root用户:(非root用户的操作没试过)
[aaa@qq.com k8s-images]# mkdir -p $HOME/.kube
[aaa@qq.com k8s-images]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[aaa@qq.com k8s-images]# chown $(id -u):$(id -g) $HOME/.kube/config

2.5测试是否启动


[aaa@qq.com k8s-images]# kubectl version

Docker&K8s安装部署教程

2.6安装网络

可以使用flannel、calico、weave、macvlan这里我们用flannel(这个yaml文件是压缩包里带的)

[aaa@qq.com k8s-images]# kubectl create  -f kube-flannel.yml

2.7安装dashboard

(这个yaml文件是压缩包里带的,这里要注意步骤否则有问题)

找到gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.1
修改kubernetes-dashboard.yaml,做如下修改:
image: image: reg.qiniu.com/k8s/kubernetes-dashboard-amd64:v1.8.3 
改为
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.1

#执行kubernetes-dashboard

[aaa@qq.com k8s-images]# kubectl apply -f kubernetes-dashboard.yaml

#查看部署状态,如果不修改kubernetes-dashboard.yaml,直接执行kubernetes-dashboard,下面的STATUS是ImagePullBackOff 我是通过这个网址解决的问题https://www.jianshu.com/p/7159ef208c47

[aaa@qq.com k8s-images]# kubectl get pods --all-namespaces

NAMESPACE     NAME                                      READY     STATUS    RESTARTS   AGE
kube-system   kubernetes-dashboard-7d5dcdb6d9-mf6l2     1/1       Running   0          9m

2.8创建用户


创建服务账号,首先创建一个叫admin-user的服务账号,并放在kube-system名称空间下:

[aaa@qq.com k8s-images]# kubectl create -f admin-user.yaml

绑定角色,默认情况下,kubeadm创建集群时已经创建了admin角色,我们直接绑定即可:

[aaa@qq.com k8s-images]# kubectl create -f  admin-user-role-binding.yaml

获取Token,现在我们需要找到新创建的用户的Token,以便用来登录dashboard:

[aaa@qq.com k8s-images]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

输出类似:
Name:         admin-user-token-qrj82
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXFyajgyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2Y2Q2MDY3My00ZDEzLTExZTgtYTU0OC0wMDE1NWQwMDA1MjkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.C5mjsa2uqJwjscWQ9x4mEsWALUTJu3OSfLYecqpS1niYXxp328mgx0t-QY8A7GQvAr5fWoIhhC_NOHkSkn2ubn0U22VGh2msU6zAbz9sZZ7BMXG4DLMq3AaXTXY8LzS3PQyEOCaLieyEDe-tuTZz4pbqoZQJ6V6zaKJtE9u6-zMBC2_iFujBwhBViaAP9KBbE5WfREEc0SQR9siN8W8gLSc8ZL4snndv527Pe9SxojpDGw6qP_8R-i51bP2nZGlpPadEPXj-lQqz4g5pgGziQqnsInSMpctJmHbfAh7s9lIMoBFW7GVE8AQNSoLHuuevbLArJ7sHriQtDB76_j4fmA
ca.crt:     1025 bytes
namespace:  11 bytes

这里的token是登陆dashboard的web网页需要的码

用firefox访问https://172.x.x.x:32666 ,选择令牌登录,输入token

注意:一定要是https不然访问不了。这个问题我是通过这个网址解决的:https://github.com/kubernetes/dashboard/issues/3460

Docker&K8s安装部署教程

三、加入node节点到集群

使用刚刚执行kubeadm后的kubeadm join –xxx(注意,执行你自己的,别执行这里的,这只是个例子)
[aaa@qq.com ~]# kubeadm join --token 361c68.fbafaa96a5381651 master:6443 --discovery-token-ca-cert-hash sha256:e5e392f4ce66117635431f76512d96824b88816dfdf0178dc497972cf8631a98

四、查看集群

在master节,查看节点
[aaa@qq.com k8s-images]# kubectl get nodes
NAME      STATUS    ROLES     AGE       VERSION
master    Ready     master    3h        v1.9.0
node1     Ready     <none>    3h        v1.9.0
node2     Ready     <none>    3h        v1.9.0

查看服务
[aaa@qq.com k8s-images]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   etcd-hadoop04                           1/1       Running   0          1d
kube-system   kube-apiserver-hadoop04                 1/1       Running   0          1d
kube-system   kube-controller-manager-hadoop04        1/1       Running   0          1d
kube-system   kube-dns-6f4fd4bdf-2sll4                3/3       Running   0          1d
kube-system   kube-flannel-ds-4xp4v                   1/1       Running   0          1d
kube-system   kube-flannel-ds-8wfw4                   1/1       Running   0          23h
kube-system   kube-proxy-7gzw9                        1/1       Running   0          1d
kube-system   kube-proxy-phnm8                        1/1       Running   0          23h
kube-system   kube-scheduler-hadoop04                 1/1       Running   0          1d
kube-system   kubernetes-dashboard-7b7b5cd79b-ctz85   1/1       Running   0          23h

在集群配置时,默认会生成kubernetes-admin这个用户及相关公私钥和证书,证书信息保存在master节点的配置文件/etc/kubernetes/admin.conf中

kubectl config的配置信息中需要三个证书信息,都可以在admin.conf中找到

certificate-authority-data
client-certificate-data
client-key-data


整体的离线安装思路是这个网址提供的:https://blog.csdn.net/wylfengyujiancheng/article/details/81102801

五、遇到的问题

1.node节点无法加入集群,一直报错connection refused

发现node节点无法ping通master节点,报错如下,暂时无法解决,只好换个主节点。

Docker&K8s安装部署教程

2.主节点执行kubeadm init等待巨长时间后,报错

测试kubectl version也说connection refused,解决方式还是换个主节点,哈哈,我也是小白,暂时没查到原因,20个结点,应该够我换的。

 

相关标签: 云服务