ubuntu16.04 docker kubernetes(k8s) istio 安装
该文章已更新,更新时间:2020-9-22 14:11:18
ubuntu16.04
docker 19.03.12
k8s 1.18.0
istio 1.5.0
准备工作:
关闭交换空间,虚拟化技术必须关闭交换空间
swapoff -a
查看交换空间
free -h
避免开机启动交换空间,打开下面的文件,注释掉swap那一行
vim /etc/fstab
关闭防火墙
ufw disable
修改主机名,修改文件中的名字,集群中不同端点的名称不同
vim /etc/hostname
再把登记的主机名称改过来,修改127.0.1.1后面那个名字
vim /etc/hosts
固定IP:
先修改vmware的配置:
vmware虚拟机-编辑-虚拟网络编辑器
选择vmnet8,nat模式,修改子网ip为192.168.8.0,按钮全选
点击nat设置,修改网关为192.168.8.2
虚拟机网络适配器选择使用nat模式
vim /etc/network/interfaces
在对应网卡下增加如下内容:
注意inet dhcp要改成static,dhcp表示动态,address改成自己的ip
重启网络
sudo /etc/init.d/networking restart
配置本地dns,增加nameserver 192.168.8.2
vim /etc/resolvconf/resolv.conf.d/base
重启
ping一下试试
ping baidu.com
配置DNS,打开DNS注释,值为114.114.114.114
vim /etc/systemd/resolved.conf
设置时区
dpkg-reconfigure tzdata
选择Asia,ShangHai
时间同步
sudo apt-get install ntpdate
设置系统时间与网络时间同步
ntpdate cn.pool.ntp.org
将系统时间写入硬件时间
hwclock --systohc
配置完成后重启。
docker安装:
安装必要的系统工具
sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
安装GPG证书
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
写入软件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
更新并安装docker
sudo apt-get -y update sudo apt-get -y install docker-ce
配置镜像加速,创建或修改/etc/docker/daemon.json文件,内容如下
{ "registry-mirrors": [ "https://registry.docker-cn.com" ] }
重启服务
sudo systemctl daemon-reload sudo systemctl restart docker
检查加速器是否生效
sudo docker info
有如下提示:表示镜像加速成功
Registry Mirrors: https://registry.docker-cn.com/
查看docker版本
docker version
k8s安装
执行下面任务之前,先换下源,否则apt-get update命令非常慢。
vim /etc/apt/source.list 用下面内容替换下
deb http://mirrors.aliyun.com/ubuntu/ xenial main deb-src http://mirrors.aliyun.com/ubuntu/ xenial main deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main deb http://mirrors.aliyun.com/ubuntu/ xenial universe deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb http://mirrors.aliyun.com/ubuntu/ xenial-security main deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
安装kube三大件
apt-get update && apt-get install -y apt-transport-https
安装GPG证书
如果提示root权限,就切换到root用户
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
添加源
sudo apt-add-repository "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main"
安装
apt-get update apt-get install -y kubelet=1.18.0-00 kubeadm=1.18.0-00 kubectl=1.18.0-00
安装完重启计算机
创建配置目录
cd /usr/local/
mkdir k8s
cd k8s
mkdir config
cd config
kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
vim kubeadm.yml
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.8.130 # 修改IP(虚拟机静态IP,前面设置的) bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers # 修改镜像源 kind: ClusterConfiguration kubernetesVersion: v1.18.6 networking: dnsDomain: cluster.local podSubnet: "10.244.0.0/16" # 增加配置,用于节点间通信 serviceSubnet: 10.96.0.0/12 scheduler: {}
查看镜像
kubeadm config images list --config kubeadm.yml
拉取镜像
kubeadm config images pull --config kubeadm.yml
如果pull失败,就是网络的问题了,另一个方案:从docker仓库下载
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.0 k8s.gcr.io/kube-apiserver:v1.18.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.0 k8s.gcr.io/kube-controller-manager:v1.18.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.0 k8s.gcr.io/kube-scheduler:v1.18.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.0 k8s.gcr.io/kube-proxy:v1.18.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7
查看镜像
docker images
初始化
kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log
执行命令,已经提示你了
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装calico,解决dns问题
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
在k8s/config目录下,执行:
vim calico.yaml
以下内容复制进去:
apiVersion: operator.tigera.io/v1 kind: Installation metadata: name: default spec: # Configures Calico networking. calicoNetwork: # Note: The ipPools section cannot be modified post-install. ipPools: - blockSize: 26 cidr: 10.244.0.0/16 encapsulation: VXLANCrossSubnet natOutgoing: Enabled nodeSelector: all()
执行命令:
kubectl create -f calico.yaml
观察calico启动,需要kexue上网,否则不能成功下载镜像
watch kubectl get pods -n calico-system
等待所有pod均为running状态
查看k8s相关pod运行情况
kubectl get pod -n kube-system
确保所有pod都是running
安装Isito
之所以安装1.5.0版本,是基于阿里的推荐,可参考git地址:
首先要取消k8s的权限限制,否则不能正常安装istio
kubectl taint nodes --all node-role.kubernetes.io/master-
下载istio
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh -
配置istioctl
cd istio-1.5.0 export PATH=$PWD/bin:$PATH
安装istio
istioctl manifest apply --set profile=demo
确保所有istio有关pod都为running状态
kubectl get pod -n istio-system
为default命名空间配置自动注入
kubectl label namespace default istio-injection=enabled kubectl get namespace -L istio-injection
解决每次重启都要配置istioctl命令:
使用root用户,修改/root/.bashrc文件,增加如下内容:
export PATH="$PATH:/usr/local/istio/istio-1.5.0/bin
注意根据安装路径,修改一下,重启。
至此,docker,k8s,istio安装完成。
以上安装过程如出现问题,请及时反馈,望能有所帮助。
知止而后有定;定而后能静;静而后能安;安而后能虑;虑而后能得。
