部署 Kubernetes

準(zhǔn)備工作

  1. 運(yùn)行 deb/rpm 兼容操作系統(tǒng)的一臺(tái)或多臺(tái)機(jī)器,例如 Ubuntu 或 CentOS
  2. 每臺(tái)機(jī)器 2GB 或更多內(nèi)存
  3. master 上的 CPU 要求 2 核或以上
  4. 集群中所有機(jī)器(公用或內(nèi)網(wǎng)都可以)的網(wǎng)絡(luò)都是可連通的

安裝 kubeadm

準(zhǔn)備工作

  • 操作系統(tǒng)為 Ubuntu 16.04+

  • 禁用 Swap。為了讓 kubelet 正常工作你必須禁用 swap。

安裝 Docker

在你的每一臺(tái)機(jī)器上安裝 Docker。建議使用的版本號(hào)為 17.03。而 1.11, 1.12 和 1.13 是可以正常使用的。17.06+ 可以用,但是 Kubernetes 團(tuán)隊(duì)還沒(méi)有測(cè)試和驗(yàn)證。

如果你已經(jīng)安裝了要求的 Docker 版本,你可以進(jìn)入下一部分了。如果沒(méi)有,請(qǐng)用下面的命令安裝 Docker。

apt-get update
apt-get install -y docker.io

或者安裝 Docker CE 17.03

apt-get update
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')

這里是 Docker 官方的安裝指南

安裝 kubeadm, kubectl, kubelet

版本號(hào):1.10.3-00
  • kubeadm: 引導(dǎo)啟動(dòng) k8s 集群的命令工具。
  • kubelet: 在群集中的所有計(jì)算機(jī)上運(yùn)行的組件, 并用來(lái)執(zhí)行如啟動(dòng) pods 和 containers 等操作。
  • kubectl: 用于操作運(yùn)行中的集群的命令行工具。
sudo apt-get update && sudo apt-get install -y apt-transport-https
curl -s http://packages.faasx.com/google/apt/doc/apt-key.gpg | sudo apt-key add -
sudo cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://mirrors.ustc.edu.cn/kubernetes/apt/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl

apt-key 官方地址為:https://packages.cloud.google.com/apt/doc/apt-key.gpg。

apt安裝包地址使用了中科大的鏡像,官方地址為:http://apt.kubernetes.io/。

從該鏈接 https://raw.githubusercontent.com/EagleChen/kubernetes_init/master/kube_apt_key.gpg 下載 kube_apt_key.gpg 到當(dāng)前工作目錄下,并按如下指令添加

$ cat kube_apt_key.gpg | sudo apt-key add -

顯示 OK 即表示成功

下載 k8s 鏡像

docker pull anjia0532/kube-proxy-amd64:v1.10.3 \
&& docker pull anjia0532/kube-controller-manager-amd64:v1.10.3 \
&& docker pull anjia0532/kube-scheduler-amd64:v1.10.3 \
&& docker pull anjia0532/kube-apiserver-amd64:v1.10.3 \
&& docker pull anjia0532/k8s-dns-dnsmasq-nanny-amd64:1.14.8 \
&& docker pull anjia0532/k8s-dns-sidecar-amd64:1.14.8 \
&& docker pull anjia0532/k8s-dns-kube-dns-amd64:1.14.8 \
&& docker pull anjia0532/pause-amd64:3.1 \
&& docker pull quay.io/coreos/flannel:v0.10.0-amd64

修改 image tag

docker tag anjia0532/kube-proxy-amd64:v1.10.3 k8s.gcr.io/kube-proxy-amd64:v1.10.3 \
&& docker tag anjia0532/kube-controller-manager-amd64:v1.10.3 k8s.gcr.io/kube-controller-manager-amd64:v1.10.3 \
&& docker tag anjia0532/kube-scheduler-amd64:v1.10.3 k8s.gcr.io/kube-scheduler-amd64:v1.10.3 \
&& docker tag anjia0532/kube-apiserver-amd64:v1.10.3 k8s.gcr.io/kube-apiserver-amd64:v1.10.3 \
&& docker tag anjia0532/k8s-dns-dnsmasq-nanny-amd64:1.14.8 k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.8 \
&& docker tag anjia0532/k8s-dns-sidecar-amd64:1.14.8 k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.8 \
&& docker tag anjia0532/k8s-dns-kube-dns-amd64:1.14.8 k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.8 \
&& docker tag anjia0532/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1

需要下載 crictl

  • USER 與 IP 修改為自己的
$ wget https://github.com/kubernetes-incubator/cri-tools/releases/download/v1.0.0-beta.1/crictl-v1.0.0-beta.1-linux-amd64.tar.gz
$ tar xvf crictl-v1.0.0-beta.1-linux-amd64.tar.gz
$ sudo chown root:root crictl
$ sudo cp crictl /usr/bin
$ scp crictl USER@IP:/home/USER

$ sudo chown root:root crictl
$ sudo mv crictl /usr/bin/

上面的步驟需要在所有機(jī)器上安裝

初始化 master 節(jié)點(diǎn)

$ sudo kubeadm init --apiserver-advertise-address=10.66.180.159 --pod-network-cidr=10.244.0.0/16 --feature-gates=CoreDNS=true --kubernetes-version=v1.10.3

輸出
這里修改了 kubeadm join ip:port,初始化正常的話(huà)按照你自己的輸出來(lái)使用就可以了

[init] Using Kubernetes version: v1.10.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks.
    [WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.03.1-ce. Max validated version: 17.03
[preflight] Starting the kubelet service
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [org2 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.66.180.159]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [localhost] and IPs [127.0.0.1]
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [org2] and IPs [10.66.180.159]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated sa key and public key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests".
[init] This might take a minute or longer if the control plane images have to be pulled.
[apiclient] All control plane components are healthy after 20.001731 seconds
[uploadconfig] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[markmaster] Will mark node org2 as master by adding a label and a taint
[markmaster] Master org2 tainted and labelled with key/value: node-role.kubernetes.io/master=""
[bootstraptoken] Using token: yof8me.re7zttbijtwmdavm
[bootstraptoken] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join ip:port --token yof8me.re7zttbijtwmdavm --discovery-token-ca-cert-hash sha256:507756057bf6982624fa07bbbbdab0855d555c809ec185aac10de95a00c77e2b

如果需要在非 root 用戶(hù)使用 kubectl, 可以執(zhí)行以下命令(也是 kubeadm init 輸出的一部分)

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

如果是 root 用戶(hù)的話(huà),你可以運(yùn)行以下命令

export KUBECONFIG=/etc/kubernetes/admin.conf

kubeadm init 輸出的 token 用于 master 和加入節(jié)點(diǎn)間的身份認(rèn)證,token 是機(jī)密的,需要保證它的安全,因?yàn)閾碛写藰?biāo)記的人都可以隨意向集群中添加節(jié)點(diǎn)。你也可以使用 kubeadm 命令列出,創(chuàng)建,刪除 Token,有關(guān)詳細(xì)信息, 請(qǐng)參閱官方引用文檔

注意:kubeadm 加節(jié)點(diǎn),還會(huì)在找 /var/run/dockershim.sock 文件時(shí)會(huì)報(bào)錯(cuò),得加參數(shù)--ignore-preflight-errors=cri

加入集群

token 需要換成自己初始化時(shí)生成的。

kubeadm join 10.66.180.159:6443 --token yof8me.re7zttbijtwmdavm --discovery-token-ca-cert-hash sha256:507756057bf6982624fa07bbbbdab0855d555c809ec185aac10de95a00c77e2b --ignore-preflight-errors=cri

常用命令

kubeadm 常用命令

kubectl 常用命令

  • kubectl get node --show-labels
  • kubectl get nodes

參考文檔

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀(guān)點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容