正文
k8s 安装
小程序:扫一扫查出行
【扫一扫了解最新限行尾号】
复制小程序
【扫一扫了解最新限行尾号】
复制小程序
1.1 k8s的架构
除了核心组件,还有一些推荐的Add-ons:
组件名称 说明kube-dns 负责为整个集群提供DNS服务Ingress Controller 为服务提供外网入口Heapster 提供资源监控Dashboard 提供GUIFederation 提供跨可用区的集群Fluentd-elasticsearch 提供集群日志采集、存储与查询
1.2 修改ip地址,主机和host解析
10.0.0.11 k8s-master10.0.0.12 k8s-node110.0.0.13 k8s-node2
所有界定啊需要做hosts解析
1.3 master 节点安装etcd
yum instanll etcd -y修改配置文件vim /etc/etcd/etcd.conf第六行:ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"第二十一行:ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"启动服务systemctl start etcd.servicesystemctl enable etcd.service测试key是否正常生成keyetcdctl set testdir/testkey0 0测试key,查看是否能取到值etcdctl get testdir/testkey0远程测试key能否取值etcdctl -C http://10.0.0.11:2379 cluster-health
1.4 master节点安装kubernetes
yum install kubernetes-master.x86_64 -y修改配置文件vim /etc/kubernetes/apiserver8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"11行:KUBE_API_PORT="--port=8080"14行: KUBELET_PORT="--kubelet-port=10250"17行:KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"删除第23行的ServiceAccount23行:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"修改第二个配置文件vim /etc/kubernetes/config22行:KUBE_MASTER="--master=http://10.0.0.11:8080"重启服务systemctl enable kube-apiserver.servicesystemctl restart kube-apiserver.servicesystemctl enable kube-controller-manager.servicesystemctl restart kube-controller-manager.servicesystemctl enable kube-scheduler.servicesystemctl restart kube-scheduler.service
检查服务是否安装正常
[root@k8s-master ~]# kubectl get componentstatusNAME STATUS MESSAGE ERRORscheduler Healthy okcontroller-manager Healthy oketcd-0 Healthy {"health":"true"}
1.5 node节点安装kubernetes
yum install kubernetes-node.x86_64 -y编辑配置文件,让任意节点都能找到api服务vim /etc/kubernetes/config22行:KUBE_MASTER="--master=http://10.0.0.11:8080"vim /etc/kubernetes/kubelet5行:KUBELET_ADDRESS="--address=0.0.0.0" #修改kubelet监听地址8行:KUBELET_PORT="--port=10250" #监听端口11行:KUBELET_HOSTNAME="--hostname-override=10.0.0.12" #node节点的唯一标识14行:KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080" #apiserver地址启动服务,并加入开机自启systemctl enable dockersystemctl enable kubelet.servicesystemctl restart kubelet.servicesystemctl enable kube-proxy.servicesystemctl restart kube-proxy.service
在master 节点检查,node节点是否启动成功
[root@k8s-master ~]# kubectl get nodesNAME STATUS AGE10.0.0.12 Ready 6m10.0.0.13 Ready 3s
1.6 所有节点配置flannel网络
yum install flannel -y修改配置文件,etcd地址sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld##master节点:设定key,规划key的网段etcdctl mk /atomic.io/network/config '{ "Network": "172.18.0.0/16" }'安装docker ,启动服务yum install docker -ysystemctl enable flanneld.servicesystemctl restart flanneld.servicesystemctl restart dockersystemctl enable dockersystemctl restart kube-apiserver.servicesystemctl restart kube-controller-manager.servicesystemctl restart kube-scheduler.service##node节点:systemctl enable flanneld.servicesystemctl restart flanneld.servicesystemctl restart dockersystemctl restart kubelet.servicesystemctl restart kube-proxy.servicevim /usr/lib/systemd/system/docker.service#在[Service]区域下增加一行ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT #使容器能和外界网络ping通重启服务systemctl daemon-reloadsystemctl restart docker
1.7 配置master为镜像仓库
#所有节点,配置镜像加速,以及镜像仓库地址httpvi /etc/docker/daemon.json{"registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries": ["10.0.0.11:5000"]}##master节点使用master节点安装镜像仓库docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry通过registry镜像生成仓库,没有镜像,默认会去官网下载,先下载registry镜像时间比较短