k8s集群搭建文档-白红宇的个人博客

k8s集群搭建文档

发布日期：2021-05-08 05:02:18 浏览次数：28 分类：精选文章

本文共 9222 字，大约阅读时间需要 30 分钟。

1.背景

k8s是对docker容器的集群化管理，实现了资源调度，自动管理生命周期，负载均衡，高可用

2.准备工作

机器准备：

mater机器：10.0.0.11

node机器：10.0.0.12

1.二进制安装

准备二进制文件

etcd：

kubernetes：

下载的二进制文件如下：

kubernetes-server-linux-amd64.tar.gz

kubernetes-node-linux-amd64.tar.gz

etcd-v3.3.4-linux-amd64.tar.gz

docker自行安装

将这些二进制文件解压

server得到二进制文件：etcd，etcdctl，kube-apiserver，kubectl，kube-controller-manager，kube-proxy，kube-scheduler，kubelet

node得到二进制文件：kubectl，kubelet，kube-proxy

将server的二进制文件拷贝到master下的/usr/bin/

[root@k8s-master ~]# cp -rf etcd /usr/bin/[root@k8s-master ~]# cp -rf etcdctl /usr/bin/[root@k8s-master ~]# cp -rf kubectl /usr/bin/[root@k8s-master ~]# cp -rf kube-controller-manager /usr/bin/[root@k8s-master ~]# cp -rf kube-proxy /usr/bin/[root@k8s-master ~]# cp -rf kube-scheduler /usr/bin/[root@k8s-master ~]# cp -rf kubelet /usr/bin/

将node的二进制文件拷贝到node下的/usr/bin

[root@k8s-master ~]# cp -rf kubectl /usr/bin/[root@k8s-master ~]# cp -rf kubelet /usr/bin/[root@k8s-master ~]# cp -rf kube-proxy /usr/bin/

2.在线安装k8s

master节点上

[root@k8s-master ~]# yum install etcd -y [root@k8s-master ~]# yum install docker -y [root@k8s-master ~]# yum install kubernetes -y [root@k8s-master ~]# yum install flannel -y

node节点上

[root@k8s-node ~]# yum install docker -y[root@k8s-node ~]# yum install kubernetes -y [root@k8s-node ~]# yum install flannel -y

3.确保运行的service

如果没有一下配置，则创建（一般在线安装会有如下配置）

[root@k8s-master ~]# vim /usr/lib/systemd/system/etcd.service[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.target[Service]Type=notifyWorkingDirectory=/var/lib/etcd/EnvironmentFile=-/etc/etcd/etcd.confUser=etcd# set GOMAXPROCS to number of processorsExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\""Restart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target

[root@k8s-master ~]# vim /usr/lib/systemd/system/kube-apiserver.service[Unit]Description=Kubernetes API ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.targetAfter=etcd.service[Service]EnvironmentFile=-/etc/kubernetes/configEnvironmentFile=-/etc/kubernetes/apiserverExecStart=/usr/bin/kube-apiserver \$KUBE_LOGTOSTDERR \$KUBE_LOG_LEVEL \$KUBE_ETCD_SERVERS \$KUBE_API_ADDRESS \$KUBE_API_PORT \$KUBELET_PORT \$KUBE_ALLOW_PRIV \$KUBE_SERVICE_ADDRESSES \$KUBE_ADMISSION_CONTROL \$KUBE_API_ARGSRestart=on-failureType=notifyLimitNOFILE=65536[Install]WantedBy=multi-user.target

[root@k8s-master ~]# vim /usr/lib/systemd/system/kube-scheduler.service[Unit]Description=Kubernetes Scheduler PluginDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]EnvironmentFile=-/etc/kubernetes/configEnvironmentFile=-/etc/kubernetes/schedulerUser=kubeExecStart=/usr/bin/kube-scheduler \$KUBE_LOGTOSTDERR \$KUBE_LOG_LEVEL \$KUBE_MASTER \$KUBE_SCHEDULER_ARGSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target

[root@k8s-master ~]# vim /usr/lib/systemd/system/kubelet.service （node也许需要）[Unit]Description=Kubernetes Kubelet ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=docker.serviceRequires=docker.service[Service]WorkingDirectory=/var/lib/kubeletEnvironmentFile=-/etc/kubernetes/configEnvironmentFile=-/etc/kubernetes/kubeletExecStart=/usr/bin/kubelet \$KUBE_LOGTOSTDERR \$KUBE_LOG_LEVEL \$KUBELET_API_SERVER \$KUBELET_ADDRESS \$KUBELET_PORT \$KUBELET_HOSTNAME \$KUBE_ALLOW_PRIV \$KUBELET_POD_INFRA_CONTAINER \$KUBELET_ARGSRestart=on-failure[Install]WantedBy=multi-user.target

[root@k8s-master ~]# vim /usr/lib/systemd/system/kube-proxy.service（node也需要）[Unit]Description=Kubernetes Kube-Proxy ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.target[Service]EnvironmentFile=-/etc/kubernetes/configEnvironmentFile=-/etc/kubernetes/proxyExecStart=/usr/bin/kube-proxy \$KUBE_LOGTOSTDERR \$KUBE_LOG_LEVEL \$KUBE_MASTER \$KUBE_PROXY_ARGSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target

[root@k8s-master ~]# systemctl daemon-reload

4.修改配置文件及运行各模块

1.etcd

配置[root@k8s-master ~]# vim /etc/etcd/etcd.confETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_NAME="default"ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"运行[root@k8s-master ~]# systemctl enable etcd.service[root@k8s-master ~]# systemctl  start etcd.service验证[root@k8s-master ~]# etcdctl -C http://10.0.0.11:2379 cluster-healthmember 8e9e05c52164694d is healthy: got healthy result from http://10.0.0.11:2379cluster is healthy

2.apiserver

配置[root@k8s-master ~]# vim /etc/kubernetes/apiserverKUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"KUBE_API_PORT="--port=8080"KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"KUBE_API_ARGS="--etcd-servers=http://10.0.0.11:2379 --insecure-bind-address=0.0.0.0 --insecure-port=8080 --service-cluster-ip-range=170.170.0.0/16 --service-node-port-range=1-65535 --admission-control=NamespaceLifecycle,LimitRanger,ResourceQuota --logtostderr=false --log-dir=/data/log/kubenetes --v=2"[root@k8s-master ~]# vim /etc/kubernetes/configKUBE_LOGTOSTDERR="--logtostderr=true"KUBE_LOG_LEVEL="--v=0"KUBE_ALLOW_PRIV="--allow-privileged=true"KUBE_MASTER="--master=http://10.0.0.11:8080"运行[root@k8s-master ~]# systemctl enable kube-apiserver.service[root@k8s-master ~]# systemctl start kube-apiserver.service[root@k8s-master ~]# systemctl enable kube-controller-manager.service[root@k8s-master ~]# systemctl start kube-controller-manager.service[root@k8s-master ~]# systemctl enable kube-scheduler.service[root@k8s-master ~]# systemctl start kube-scheduler.service验证1[root@k8s-master ~]# systemctl status kube-apiserver.service kube-controller-manager.service  kube-scheduler.service...running...验证api[root@k8s-master ~]# curl http://localhost:8080/api/

3. node节点

[root@k8s-node ~]# vim /etc/kubernetes/configKUBE_LOGTOSTDERR="--logtostderr=true"KUBE_LOG_LEVEL="--v=0"KUBE_ALLOW_PRIV="--allow-privileged=true"KUBE_MASTER="--master=http://10.0.0.11:8080"配置node-1[root@k8s-node ~]# vim /etc/kubernetes/kubeletKUBELET_ADDRESS="--address=0.0.0.0"KUBELET_HOSTNAME="--hostname-override=node-1"KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"KUBELET_ARGS=""运行[root@k8s-node ~]# systemctl enable kubelet.service[root@k8s-node ~]# systemctl start kubelet.service[root@k8s-node ~]# systemctl enable kube-proxy.service[root@k8s-node ~]# systemctl start kube-proxy.service验证master上进行验证[root@k8s-master ~]# kubectl get nodesNAME        STATUS    AGE10.0.0.12   Ready     3m

4.配置网络flannel

配置[root@k8s-master ~]# vim /etc/sysconfig/flanneldFLANNEL_ETCD_ENDPOINTS="http://10.0.0.11:2379"FLANNEL_ETCD_PREFIX="/atomic.io/network"[root@k8s-node ~]# vim /etc/sysconfig/flanneldFLANNEL_ETCD_ENDPOINTS="http://10.0.0.11:2379"FLANNEL_ETCD_PREFIX="/atomic.io/network"配置网络范围[root@k8s-master ~]# etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'运行[root@k8s-master ~]# systemctl enable flanneld.service [root@k8s-master ~]# systemctl start flanneld.service [root@k8s-master ~]# service docker restart[root@k8s-master ~]# systemctl restart kube-apiserver.service[root@k8s-master ~]# systemctl restart kube-controller-manager.service[root@k8s-master ~]# systemctl restart kube-scheduler.service[root@k8s-node ~]# systemctl enable flanneld.service [root@k8s-node ~]# systemctl start flanneld.service [root@k8s-node ~]# service docker restart[root@k8s-node ~]# systemctl restart kubelet.service[root@k8s-node ~]# systemctl restart kube-proxy.service

4.整体验证

[root@k8s-master ~]# vim nginx-rc.yamlapiVersion: v1kind: ReplicationControllermetadata:  name: nginxspec:  replicas: 1  selector:    app: nginx  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx        image: nginx:latest        ports:        - containerPort: 80

[root@k8s-master ~]# kubectl create -f nginx-rc.yamlpod "nginx" created

验证是否运行

[root@k8s-master ~]# kubectl get pods -o wideNAME          READY     STATUS    RESTARTS   AGE       IP            NODEnginx         1/1        Running       0      2h     172.16.42.2      10.0.0.12

[root@k8s-node ~]# docker ps -a

这里你会找到你运行的容器是否存在或则运行状态

至此你的部署完成

5.常见的部署问题

kubernetes创建集群资源对象, pod服务一直处于ContainerCreating状态问题。

failed to “StartContainer” for “POD” with ErrImagePull

1.查看pods状态，一直处于ContainerCreating状态

[root@k8s-master ~]# kubectl get podsNAME        READY    STATUS              RESTARTS  AGEnginx-pod  0/1      ContainerCreating   0          15h

2.查看错误信息

[root@k8s-master ~]# kubectl describe pod nginx-pod...(open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)...

说明由于证书原因，无法拉取镜像，所以需要安装证书

证书安装方法1

[root@k8s-master ~]# yum install python-rhsm* -y

证书安装方法2

[root@k8s-master ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm[root@k8s-master ~]# rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem

上一篇：docker网络配置

下一篇：安装docker第一次启动失败了(网卡问题)

发表评论

关于作者

喝酒易醉，品茶养心，人生如梦，品茶悟道，何以解忧？唯有杜康！

-- 愿君每日到此一游！

发表评论

最新留言

关于作者

推荐文章