代码改变世界

《Kubernetes权威指南:从Docker到Kubernetes实践全接触》学习实验记录-环境准备与部署

2019-01-09 09:52  it长青  阅读(431)  评论(0)    收藏  举报

环境交待

实验虚拟机环境

操作系统:centos 7.3

master 节点
主机名:k8s_master
4G内存

IP:172.16.111.200

node节点

主机名:k8s_node1
4G内存
IP:172.16.111.201

前提注意

如果你安装的docker不能进入容器实例

=========

报错
# docker exec httpd_web -ti /bin/bash
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "process_linux.go:110: decoding init error from pipe caused \"read parent: connection reset by peer\""

解决方案
https://jimmysong.io/posts/docker-exec-bug-on-centos7/

降级docker版本
# rpm -qa | grep -i docker
docker-1.13.1-84.git07f3374.el7.centos.x86_64
docker-common-1.13.1-84.git07f3374.el7.centos.x86_64
docker-client-1.13.1-84.git07f3374.el7.centos.x86_64
# yum downgrade -y docker-1.13.1-75.git8633870.el7.centos.x86_64 docker-client-1.13.1-75.git8633870.el7.centos.x86_64 docker-common-1.13.1-75.git8633870.el7.centos.x86_64
# rpm -qa | grep -i docker
docker-1.13.1-75.git8633870.el7.centos.x86_64
docker-common-1.13.1-75.git8633870.el7.centos.x86_64
docker-client-1.13.1-75.git8633870.el7.centos.x86_64

=======

基本配置准备

在 k8s_master

hostnamectl set-hostname "k8s_master"

vi /etc/hosts
172.16.111.200 master localhost
172.16.111.201 node1
172.16.111.202 node2

[root@localhost ~]# setenforce 0
[root@localhost ~]# 
[root@localhost ~]# getenforce 
Permissive
[root@localhost ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected. 
# mls - Multi Level Security protection.
SELINUXTYPE=targeted 

要重启一下操作系统,不然docker 后面会启动不了,报错 Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel.
reboot

node节点准备

hostnamectl set-hostname "k8s_node1"

vi /etc/hosts
172.16.111.200 master 
172.16.111.201 node1 localhost
172.16.111.202 node2

[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce 
Permissive
[root@localhost ~]# 
[root@localhost ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected. 
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

master 节点安装应用

[root@k8s_master ~]# yum install -y etcd kubernetes
...
[root@k8s_master ~]# kubectl --version
Kubernetes v1.5.2

node 节点安装应用

[root@k8s_node1 ~]# yum install -y kubernetes docker
...
[root@k8s_node1 ~]# docker -v
Docker version 1.13.1, build 07f3374/1.13.1
You have new mail in /var/spool/mail/root
[root@k8s_node1 ~]#

配置master 节点

从 /usr/lib/systemd/system/etcd.service 中找到 etcd的配置文件

vi /etc/etcd/etcd.conf
1,$s/localhost/172.16.111.200/g

将所有的localhost改成本地的IP,用主机名 master 试过不行,会启动不了

启动 etcd
systemctl enable etcd
systemctl start etcd

[root@k8s_master ~]# netstat -tlnup|grep 2379
tcp 0 0 172.16.111.200:2379 0.0.0.0:* LISTEN 8510/etcd           
[root@k8s_master ~]#

配置全局

vim /etc/kubernetes/config
#通用配置
KUBE_MASTER="--master=http://master:8080"
#指定apiserver

配置API server

vim /usr/lib/systemd/system/kube-apiserver.service
#apiserver的启动文件
#可以发现,它所依赖的配置文件有两个:/etc/kubernetes/config和/etc/kubernetes/apiserver
 
vim /etc/kubernetes/config
#除了etcd,其它组件都要依赖于这个配置文件,通用配置
KUBE_MASTER="--master=http://master:8080"
#指定apiserver是谁
#这条配置对apiserver没用,但对其它组件有用
 
vim /etc/kubernetes/apiserver
#apiserver的自有配置
KUBE_API_ADDRESS="--insecure-bind-address=172.16.111.200"
#监听地址
#--insecure,表示不用https
KUBE_API_PORT="--port=8080"
#指定端口
KUBE_ETCD_SERVERS="--etcd-servers=http://172.16.111.200:2379"
#apiserver需要连接etcd,指定etcd的地址
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
#去掉ServiceAccount,否则创建pod时,会提示没有API token
KUBE_API_ARGS="--secure-port=0"
#不使用https连接apiserver,否则需要key和crt
 
systemctl enable kube-apiserver
systemctl start kube-apiserver
[root@k8s_master ~]# netstat -tlnp|grep 8080
tcp 0 0 172.16.111.200:8080 0.0.0.0:* LISTEN 8586/kube-apiserver 
[root@k8s_master ~]#

配置controller manager

vim /usr/lib/systemd/system/kube-controller-manager.service
#controller manager的启动文件
#可以发现,两个配置文件:/etc/kubernetes/config和/etc/kubernetes/controller-manager
#里面最主要的一个变量就是:KUBE_MASTER,前面已经改过了,所以这里不用改配置了

systemctl enable kube-controller-manager
systemctl start kube-controller-manager

配置scheduler

vim /usr/lib/systemd/system/kube-scheduler.service
#scheduler启动文件
#最主要变量也是KUBE_MASTER

systemctl enable kube-scheduler
systemctl start kube-scheduler

安装并运行 registry

要registry的镜像
systemctl start docker
docker pull registry

docker run -dit --restart=always --name docker-registry -p 5000:5000 -v /var/www:/storage registry

在各个节点(master和node) /etc/sysconfig/docker 加上这两行
ADD_REGISTRY='--add-registry 172.16.111.200:5000'
INSECURE_REGISTRY='--insecure-registry 172.16.111.200:5000'
#指定本地仓库和不使用SSL
#不指定默认用公用仓库,而使用私有的172.16.111.200:5000

重启
systemctl restart docker

配置node节点

systemctl enable docker

全局配置

vim /etc/kubernetes/config
#通用配置
KUBE_MASTER="--master=http://172.16.111.200:8080"
#指定apiserver

配置kubelet

vim /usr/lib/systemd/system/kubelet.service
#查看kubelet启动文件
#可以发现,有两个配置文件:/etc/kubernetes/config和/etc/kubernetes/kublet

vim /etc/kubernetes/kubelet
#kublete专属配置
KUBELET_ADDRESS="--address=0.0.0.0"
#指定kubelet监听地址
KUBELET_PORT="--port=10250"
#指定监听端口
KUBELET_HOSTNAME="--hostname-override=node1"
#指定hostname
KUBELET_API_SERVER="--api-servers=http://master:8080"
#指定apiserver
#实现自动注册
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=172.16.111.200:5000/pod-infrastructure:latest"
#指定pod-infrastructure镜像从本地仓库拿

systemctl enable kubelet
systemctl start kubelet

配置proxy

vim /usr/lib/systemd/system/kube-proxy.service
#proxy的启动文件
#查看配置文件和启动环境变量
#比较重要的一个变量:KUBE_MASTER,在前面已经配置了

启动
systemctl enable kube-proxy.service
systemctl start kube-proxy.service

验证

在master上验证

kubectl get nodes -s http://master:8080
#向apiserver查询node信息
#STATUS处于ready就对了

[root@k8s_master ~]# kubectl get nodes -s http://master:8080
NAME STATUS AGE
node1 Ready 21h
node2 Ready 3m
[root@k8s_master ~]# 

#查看node详细信息
[root@k8s_master ~]# kubectl describe nodes -s http://master:8080
Name:	node1
Role:   
Labels:	beta.kubernetes.io/arch=amd64
   beta.kubernetes.io/os=linux
   kubernetes.io/hostname=node1
Taints:	<none>
CreationTimestamp:	Sat, 08 Dec 2018 02:12:05 -0500
Phase:   
Conditions:
  Type	Status	LastHeartbeatTime	LastTransitionTime	Reason	Message
  ----	------	-----------------	------------------	------	-------
  OutOfDisk False Sat, 08 Dec 2018 02:13:25 -0500 Sat, 08 Dec 2018 02:12:05 -0500 KubeletHasSufficientDisk kubelet has sufficient disk space available
  MemoryPressure False Sat, 08 Dec 2018 02:13:25 -0500 Sat, 08 Dec 2018 02:12:05 -0500 KubeletHasSufficientMemory kubelet has sufficient memory available
  DiskPressure False Sat, 08 Dec 2018 02:13:25 -0500 Sat, 08 Dec 2018 02:12:05 -0500 KubeletHasNoDiskPressure kubelet has no disk pressure
  Ready True Sat, 08 Dec 2018 02:13:25 -0500 Sat, 08 Dec 2018 02:12:05 -0500 KubeletReady kubelet is posting ready status
Addresses:	172.16.111.201,172.16.111.201,node1
Capacity:
 alpha.kubernetes.io/nvidia-gpu:	0
 cpu:	1
 memory:	3865524Ki
 pods:	110
Allocatable:
 alpha.kubernetes.io/nvidia-gpu:	0
 cpu:	1
 memory:	3865524Ki
 pods:	110
System Info:
 Machine ID:	c8a3d56d16fa4d5fb97749ff46689a07
 System UUID:	8E654D56-87D6-DA79-9739-911B7B98A6EB
 Boot ID:	b2789f77-29af-4ddd-8543-5234e749ad1f
 Kernel Version:	3.10.0-514.el7.x86_64
 OS Image:	CentOS Linux 7 (Core)
 Operating System:	linux
 Architecture:	amd64
 Container Runtime Version:	docker://1.13.1
 Kubelet Version:	v1.5.2
 Kube-Proxy Version:	v1.5.2
ExternalID:	node1
Non-terminated Pods:	(0 in total)
  Namespace	Name	CPU Requests	CPU Limits	Memory Requests	Memory Limits
  ---------	----	------------	----------	---------------	-------------
Allocated resources:
  (Total limits may be over 100 percent, i.e., overcommitted.
  CPU Requests	CPU Limits	Memory Requests	Memory Limits
  ------------	----------	---------------	-------------
  0 (0%)	0 (0%)	0 (0%)	0 (0%)
Events:
  FirstSeen	LastSeen	Count	From	SubObjectPath	Type	Reason	Message
  ---------	--------	-----	----	-------------	--------	------	-------
  8m	8m	1	{kubelet node1}	Warning	ImageGCFailed	unable to find data for container /
  8m	1m	39	{kubelet node1}	Normal	NodeHasSufficientDisk	Node node1 status is now: NodeHasSufficientDisk
  8m	1m	39	{kubelet node1}	Normal	NodeHasSufficientMemory	Node node1 status is now: NodeHasSufficientMemory
  8m	1m	39	{kubelet node1}	Normal	NodeHasNoDiskPressure	Node node1 status is now: NodeHasNoDiskPressure
.....
.....
[root@k8s_master ~]#

** 如果遇到下面的情况,要先检查防火墙关了没,是否到访问到 8080

[root@k8s_master ~]# kubectl get nodes -s http://master:8080
No resources found.
[root@k8s_master ~]#

总结

1.docker,默认是用官方仓库,可指定本地仓库
2.kubelet,管理pod的生命周期,通过apiserver
3.kube-proxy,实现负载均衡