1.1 k8s的架构
除了核心组件,还有一些推荐的Add-ons:
组件名称 说明
kube-dns 负责为整个集群提供DNS服务
Ingress Controller 为服务提供外网入口
Heapster 提供资源监控
Dashboard 提供GUI
Federation 提供跨可用区的集群
Fluentd-elasticsearch 提供集群日志采集、存储与查询
1.2 修改ip地址,主机和host解析
10.0.0.11 k8s-master
10.0.0.12 k8s-node1
10.0.0.13 k8s-node2
所有界定啊需要做hosts解析
1.3 master 节点安装etcd
yum instanll etcd -y
修改配置文件
vim /etc/etcd/etcd.conf
第六行:ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
第二十一行:ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
启动服务
systemctl start etcd.service
systemctl enable etcd.service
测试key是否正常
生成key
etcdctl set testdir/testkey0 0
测试key,查看是否能取到值
etcdctl get testdir/testkey0
远程测试key能否取值
etcdctl -C http://10.0.0.11:2379 cluster-health
1.4 master节点安装kubernetes
yum install kubernetes-master.x86_64 -y
修改配置文件
vim /etc/kubernetes/apiserver
8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
11行:KUBE_API_PORT="--port=8080"
14行: KUBELET_PORT="--kubelet-port=10250"
17行:KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
删除第23行的ServiceAccount
23行:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
修改第二个配置文件
vim /etc/kubernetes/config
22行:KUBE_MASTER="--master=http://10.0.0.11:8080"
重启服务
systemctl enable kube-apiserver.service
systemctl restart kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl restart kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl restart kube-scheduler.service
检查服务是否安装正常
[root@k8s-master ~]# kubectl get componentstatus
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
1.5 node节点安装kubernetes
yum install kubernetes-node.x86_64 -y
编辑配置文件,让任意节点都能找到api服务
vim /etc/kubernetes/config
22行:KUBE_MASTER="--master=http://10.0.0.11:8080"
vim /etc/kubernetes/kubelet
5行:KUBELET_ADDRESS="--address=0.0.0.0" #修改kubelet监听地址
8行:KUBELET_PORT="--port=10250" #监听端口
11行:KUBELET_HOSTNAME="--hostname-override=10.0.0.12" #node节点的唯一标识
14行:KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080" #apiserver地址
启动服务,并加入开机自启
systemctl enable docker
systemctl enable kubelet.service
systemctl restart kubelet.service
systemctl enable kube-proxy.service
systemctl restart kube-proxy.service
在master 节点检查,node节点是否启动成功
[root@k8s-master ~]# kubectl get nodes
NAME STATUS AGE
10.0.0.12 Ready 6m
10.0.0.13 Ready 3s
1.6 所有节点配置flannel网络
yum install flannel -y
修改配置文件,etcd地址
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld
##master节点:
设定key,规划key的网段
etcdctl mk /atomic.io/network/config '{ "Network": "172.18.0.0/16" }'
安装docker ,启动服务
yum install docker -y
systemctl enable flanneld.service
systemctl restart flanneld.service
systemctl restart docker
systemctl enable docker
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service
##node节点:
systemctl enable flanneld.service
systemctl restart flanneld.service
systemctl restart docker
systemctl restart kubelet.service
systemctl restart kube-proxy.service
vim /usr/lib/systemd/system/docker.service
#在[Service]区域下增加一行
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT #使容器能和外界网络ping通
重启服务
systemctl daemon-reload
systemctl restart docker
1.7 配置master为镜像仓库
#所有节点,配置镜像加速,以及镜像仓库地址http
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.0.0.11:5000"]
}
##master节点
使用master节点安装镜像仓库
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
通过registry镜像生成仓库,没有镜像,默认会去官网下载,先下载registry镜像时间比较短
浙公网安备 33010602011771号