小水玩转K8S(Kubernetes)---CentOS7下Kubernetes部署

OS:CentOS7 最小化安装

简介

Kubernetes是一个开源的，用于管理云平台中多个主机上的容器化的应用，Kubernetes的目标是让部署容器化的应用简单并且高效（powerful）,Kubernetes提供了应用部署，规划，更新，维护的一种机制。

Kubernetes是Google开源的一个容器编排引擎，它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时，通常要部署该应用的多个实例以便对应用请求进行负载均衡。

在Kubernetes中，我们可以创建多个容器，每个容器里面运行一个应用实例，然后通过内置的负载均衡策略，实现对这一组应用实例的管理、发现、访问，而这些细节都不需要运维人员去进行复杂的手工配置和处理。

Kubernetes 特点

可移植: 支持公有云，私有云，混合云，多重云（multi-cloud）

可扩展: 模块化, 插件化, 可挂载, 可组合

自动化: 自动部署，自动重启，自动复制，自动伸缩/扩展

架构说明

kubernetes集群组件:

etcd 一个高可用的K/V键值对存储和服务发现系统
flannel 实现夸主机的容器网络的通信
kube-apiserver 提供kubernetes集群的API调用
kube-controller-manager 确保集群服务
kube-scheduler 调度容器，分配到Node
kubelet 在Node节点上按照配置文件中定义的容器规格启动容器
kube-proxy 提供网络代理服务

规划

开始部署

1.各节点配置(3个节点)

设置hosts

cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.165 master 
192.168.0.166 node1 
192.168.0.153 node2 

设置主机名

[root@master ~]# hostnamectl set-hostname master
[root@node1 ~]# hostnamectl set-hostname node1
[root@node2 ~]# hostnamectl set-hostname node2

设置防火墙和selinux

systemctl disable firewalld
systemctl stop firewalld
grep -v ^# /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted

设置时间同步

yum -y install epel-release ntp
ntpdate ntp1.aliyun.com
hwclock -w
systemctl start ntpd;systemctl enable ntpd

2.master节点部署

安装服务

[root@master ~]# yum install -y etcd kubernetes-master flannel

配置etcd服务器

[root@master ~]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_NAME=etcd1
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_LISTEN_PEER_URLS="http://192.168.0.165:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.0.165:2380"
#启动服务
[root@master ~]# systemctl start etcd;systemctl enable etcd
#查看状态
[root@master ~]# etcdctl cluster-health
member 9e9e56c5786er9gf is healthy: got healthy result from http://192.168.0.163:2379
cluster is healthy
#etcd集群成员列表
[root@master ~]# etcdctl member list
9e9e56c5786er9gf: name=default peerURLs=http://localhost:2380 clientURLs=http://192.168.0.163:2379 isLeader=true

配置kube-apiserver

[root@master ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.0.163:8080"
[root@master ~]# grep -v '^#' /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.0.163:2379"
#docker容器的地址段
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=AlwaysAdmit"
KUBE_API_ARGS=""

配置kube-controller-manager

[root@master ~]# grep -v '^#' /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS=""

配置kube-scheduler

[root@master ~]# grep -v '^#' /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--address=0.0.0.0"

启动服务

for i in flanneld kube-apiserver kube-controller-manager kube-scheduler;do systemctl restart $i; systemctl enable $i;done

3.node节点部署

服务安装

yum install -y kubernetes-node ntp flannel docker

master节点配置etcd

#此处和上面KUBE_SERVICE_ADDRESSES字段配置相对应
[root@master ~]# etcdctl set /atomic.io/network/config '{"Network": "10.254.0.0/16"}'
{"Network": "10.254.0.0/16"}

配置flannel

[root@node1 ~]# grep -v '^#' /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.0.163:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
FLANNEL_OPTIONS=""

验证

[root@master ~]# etcdctl get /atomic.io/network/config 
{ "Network": "10.254.0.0/16" }
[root@master ~]# etcdctl ls /atomic.io/network/subnets
/atomic.io/network/subnets/10.254.3.0-24
/atomic.io/network/subnets/10.254.65.0-24
[root@master ~]# etcdctl get /atomic.io/network/subnets/10.254.3.0-24
{"PublicIP":"192.168.0.164"}
[root@master ~]# etcdctl get /atomic.io/network/subnets/10.254.65.0-24
{"PublicIP":"192.168.0.165"}

配置 kube-proxy

[root@node1 ~]# grep -v '^#' /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.0.163:8080"
[root@node1 ~]# grep -v '^#' /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""

配置kubelet

[root@node1 ~]# grep -v '^#' /etc/kubernetes/kubelet
#此处配置根据实际更改
KUBELET_ADDRESS="--address=192.168.0.164"
KUBELET_HOSTNAME="--hostname-override=192.168.0.164"
KUBELET_API_SERVER="--api-servers=http://192.168.0.163:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""

启动服务

for i in flanneld kube-proxy kubelet docker;do systemctl restart $i;systemctl enable $i;systemctl status $i ;done

查看节点

[root@master ~]# kubectl get nodes 
NAME STATUS AGE
192.168.0.165 Ready 1h
192.168.0.166 Ready 1h

4.建立pod

[root@master ~]# kubectl run nginx --image=nginx --port=80 --replicas=2

查看结果

[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-5489345310-t6l9f 1/1 Running 0 5m
nginx-5489345310-h4mrv 1/1 Running 0 5m
[root@master ~]# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx 2 2 2 2 10m

建立service(端口映射)

[root@master ~]# kubectl expose deployment nginx --port=80 --type=LoadBalancer
service "nginx" exposed

查看命令

kubectl get service

访问

http://192.168.0.164:33867

删除deployment与service

[root@master ~]# kubectl delete deployment nginx
deployment "nginx" deleted
[root@master ~]# kubectl delete service nginx
service "nginx" deleted

5.遇到的问题

在建立pod的时候也许会出现/etc/rhsm/ca/redhat-uep.pem找不到的问题
解决方法如下：
[root@node1 ~]#rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
#重新建立pod即可

6.开启kubernetes-dashboard

下载kubernetes-dashboard配置文件

创建pod

[root@master ~]# kubectl create -f kubernetes-dashboard.yaml
#删除pod命令
[root@master ~]# kubectl delete -f kubernetes-dashboard.yaml

访问

http://192.168.0.163:8080/
#会自动跳转到此处
http://192.168.0.165:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload