posts - 60,  comments - 3,  trackbacks - 0

 

在"China Azure中部署Kubernetes(K8S)集群"一文中,我们使用的ACS Version及Kubernete Version版本都比较低,ACS Version为0.8.0,Kubernete Version为1.6。随着ACS版本及Kubernete版本的不断跟新,我们会尽可能的采用新的version部署我们的集群服务。本文将使用 ACS Version为0.18.8,Kubernete Version为1.10.4 进行部署,同时Kubernetes.json的配置文件也加入了多个限制条件,详情操作见下:

1.查看Ubuntu 机器Version

root@hlmubu1604n1ma:~# lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:    16.04
Codename:    xenial

 

2.在该Ubuntu机器上安装CLI 2.0

root@hlmubu1604n1ma:~# az

     /\
    /  \    _____   _ _  ___ _
   / /\ \  |_  / | | | \'__/ _\
  / ____ \  / /| |_| | | |  __/
 /_/    \_\/___|\__,_|_|  \___|


Welcome to the cool new Azure CLI!

Use `az --version` to display the current version.
Here are the base commands:

 

3.下载并安装 Azure 容器服务引擎(acs-engine) 

wget https://github.com/Azure/acs-engine/releases/download/v0.18.8/acs-engine-v0.18.8-linux-amd64.tar.gz

tar zxvf acs-engine-v0.18.8-linux-amd64.tar.gz

cd acs-engine-v0.18.8-linux-amd64/

root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ./acs-engine version
Version: v0.18.8
GitCommit: 71d88da
GitTreeState: clean

 

4.创建资源组并获取服务主体身份(service principal)

root@hlmubu1604n1ma:~# az cloud set -n AzureChinaCloud
root@hlmubu1604n1ma:~# az login -u "***@***.onmschina.cn"
Password: 
[
  {
    "cloudName": "AzureChinaCloud",
    "id": "***",
    "isDefault": true,
    "name": "He Liming (anitay)",
    "state": "Enabled",
    "tenantId": "***",
    "user": {
      "name": "***",
      "type": "user"
    }
  }
]
root@hlmubu1604n1ma:~# az account set --subscription  "***"
root@hlmubu1604n1ma:~# az group create -n hlmk8srgt1 -l chinanorth
{
  "id": "/subscriptions/***/resourceGroups/hlmk8srgt1",
  "location": "chinanorth",
  "managedBy": null,
  "name": "hlmk8srgt1",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null
}

root@hlmubu1604n1ma:
~# az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/***/resourceGroups/hlmk8srgt1"
Retrying role assignment creation: 1/36 
Retrying role assignment creation:
2/36
Retrying role assignment creation:
3/36
Retrying role assignment creation:
4/36
Retrying role assignment creation:
5/36
Retrying role assignment creation:
6/36
{
"appId": "***",
"displayName": "azure-cli-2018-09-18-07-49-05",
"name": "http://azure-cli-2018-09-18-07-49-05",
"password": "***", "tenant": "***"
}

备注:记录appId及password的值以备后续使用

 

5.创建一个kubernets.json模板文件

{
   "apiVersion": "vlabs",
   "location": "chinanorth",
   "properties" :   {  
      "orchestratorProfile" : {  
         "orchestratorType" : "Kubernetes",
         "kubernetesConfig" : {
            "schedulerConfig" : {  
               "--profiling" : "false"
            },
            "enableRbac":false,       
            "apiServerConfig" : {  
               "--audit-log-path" : "/var/log/audit.log",              
               "--audit-log-maxage": "30",
               "--audit-log-maxsize": "100",
               "--audit-log-maxbackup": "10",
               "--anonymous-auth":"false",
               "--profiling":"false"
            },
           "addons": [  
               {  
                 "name":"tiller",
                 "enabled":false
               },
               {  
                "name":"kubernetes-dashboard",
                  "enabled":false
               },
               {  
                  "name":"cluster-autoscaler",
                  "config":                  {  
                     "maxNodes":"10",
                     "minNodes":"2"
                  },
                  "enabled":true
               }
            ],
            "dnsServiceIP" : "10.2.0.240",
            "networkPolicy": "calico",
            "kubeletConfig" :  {  
              "--make-iptables-util-chains":"true",
               "--allow-privileged":"false",
               "--keep-terminated-pod-volumes":"false",
               "--read-only-port": "0",
               "--event-qps": "0", 
               "--cadvisor-port": "0"
            },
            "serviceCidr": "10.2.0.0/24",
            "controllerManagerConfig": {  
               "--terminated-pod-gc-threshold": "5000",
               "--profiling":"false"
            }
          },             
         "orchestratorVersion": "1.10.4"
      },
      "agentPoolProfiles": [  
         {  
            "storageProfile": "ManagedDisks",
            "name": "macsetupdeve",
            "count": 2,
            "osType": "Linux",
            "vnetSubnetId": "/subscriptions/***/resourceGroups/hlmk8st1/providers/Microsoft.Network/virtualNetworks/hlmk8svnet/subnets/default",
            "vmSize": "Standard_A2_v2",
            "availabilityProfile": "VirtualMachineScaleSets"
         }
      ],
      "servicePrincipalProfile": {  
         "clientId": "***",
         "secret": "***"
      },
      "linuxProfile": {  
         "adminUsername": "stone",
         "ssh": {  
            "publicKeys": [  
               {  
                  "keyData": "ssh-rsa *** root@hlmubu1604n1ma"
               }
            ]
         }
      },
      "masterProfile": {  
         "firstConsecutiveStaticIP": "10.2.0.100",
         "storageProfile": "ManagedDisks",
         "count": 1,
         "dnsPrefix": "hlmk8s-mstr000",
         "vnetSubnetId": "/subscriptions/***/resourceGroups/hlmk8st1/providers/Microsoft.Network/virtualNetworks/hlmk8svnet/subnets/default",
         "vmSize": "Standard_A2_v2"
      }
   }
}

备注:
clientId为之前记录的appId; secret为之前记录的password; keyData为登陆机器所需的公钥(需要使用ssh-keygen命令生成)

 

6.生成Azure模板文件

root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ./acs-engine generate kubernetes.json
INFO[0000] Generating assets into _output/hlmk8s-mstr001... 
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# ls
acs-engine  kubernetes.json  kubernetes.json.bak  kubernetes.json.bak1  kubernetes.json.bak2  LICENSE  _output  README.md  translations
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64# cd _output/
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output# ls
hlmk8s-mstr000  hlmk8s-mstr001
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output# cd hlmk8s-mstr001/
root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output/hlmk8s-mstr001# ls
apimodel.json  apiserver.key     azuredeploy.parameters.json  ca.key      client.key      etcdclient.key  etcdpeer0.key   etcdserver.key  kubectlClient.crt
apiserver.crt  azuredeploy.json  ca.crt                       client.crt  etcdclient.crt  etcdpeer0.crt   etcdserver.crt  kubeconfig      kubectlClient.key

 

7.部署Kubernetes集群,该过程大约需要20分钟左右

备注:使用较新的ACS生成的"azuredeploy.parameters.json"文件,不需要修改URL,直接就可以运行

root@hlmubu1604n1ma:~/acs-engine-v0.18.8-linux-amd64/_output/hlmk8s-mstr001# az group deployment create --resource-group hlmk8srgt1 --template-file azuredeploy.json --parameters azuredeploy.parameters.json

 

8.使用Kubectl工具,并查看集群节点状态

 

 

 

备注:Azure Portal界面显示如下

 

posted on 2018-09-18 23:30  铭的随记  阅读(...)  评论(...编辑  收藏