Lain's Blog

搭建Kubernetes1.4集群

发表于 | 分类于 | | 阅读次数

概述

Kubernetes 1.4引入了kubeadm的部署机制,极大地简化了Kubernetes集群的构建,可以很方便地集成到自动化运维中(Terraform, Chef, Puppet等)。

kubeadm还处于alpha版本,替换之前kube-up.sh,用于集群的创建和节点的增加。

准备

  • 1、主机集群:一台以上物理机或是VM
  • 2、硬件配置:1G以上内存
  • 3、操作系统:ubuntu 16.04、CentOS7、HypriotOS v1.0.1
  • 4、集群网络:集群所有主机都是连通的(公有或是私有网络)

操作流程

安装 kubelet 和 kubeadm

Kubernetes安装依赖于以下程序包,需要在每个主机(节点)上安装:

  • docker:容器运行环境
  • kubelet:Kubernetes最核心的组件,它运行在集群所有的节点上,并实际操作POD和容器
  • kubectl:交互命令行控制集群。通常在Master节点使用,也可在worker节点使用
  • kubeadm:交互命令行加载集群,用于集群的创建和节点的增加。

Ubuntu/Debian/HypriotOS系统

切换至root用户,普通用户执行

su -```切换至root用户,执行如下命令:
1
2
3
4
5
6
7
8
9
```bash
# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
# cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
# apt-get update
# # Install docker if you don't have it already.
# apt-get install -y docker.io
# apt-get install -y kubelet kubeadm kubectl kubernetes-cni

CentOS7系统

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# setenforce 0
# yum install -y docker kubelet kubeadm kubectl kubernetes-cni
# systemctl enable docker && systemctl start docker
# systemctl enable kubelet && systemctl start kubelet

Note:kubelet 每间隔数秒重启一次,等待接受当出现故障时来自kubeadm的处理响应。

初始化Master节点

Master节点运行着“control plane”一组组件,“control plane”的组件主要包括etcd(集群的k-v数据库)和 API Server(提供和kubectl CLI交互),所有的组件都通过kubelet启动运行在pod中。

选择一台安装有kebelet和kubeadm的主机。执行以下命令:

kubeadm init```
1
2
3
4
5
6
7
8
kubeadm init 命令会去安装集群数据库和“control panel”的组件。这个过程会去gcr.io拉取镜像,需要等待几分钟。拉取镜像如下:
```bash
gcr.io/google_containers/kube-controller-manager-amd64:v1.4.0
gcr.io/google_containers/kube-apiserver-amd64:v1.4.0
gcr.io/google_containers/etcd-amd64:2.2.5
gcr.io/google_containers/pause-amd64:3.0
gcr.io/google_containers/kube-scheduler-amd64:v1.4.0

Master节点正确初始化后,会有类似这样的输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<master/tokens> generated token: "f0c861.753c505740ecde4c"
<master/pki> created keys and certificates in "/etc/kubernetes/pki"
<util/kubeconfig> created "/etc/kubernetes/kubelet.conf"
<util/kubeconfig> created "/etc/kubernetes/admin.conf"
<master/apiclient> created API client configuration
<master/apiclient> created API client, waiting for the control plane to become ready
<master/apiclient> all control plane components are healthy after 61.346626 seconds
<master/apiclient> waiting for at least one node to register and become ready
<master/apiclient> first node is ready after 4.506807 seconds
<master/discovery> created essential addon: kube-discovery
<master/addons> created essential addon: kube-proxy
<master/addons> created essential addon: kube-dns
Kubernetes master initialised successfully!
You can connect any number of nodes by running:
kubeadm join --token <token> <master-ip>

出于安全考虑,默认情况下Master节点不会调度部署pods,也就是说Master节点不会作为Worker节点,如果你想搭建单机集群,让Master节点成为Worker节点,执行以下命令:

1
2
3
4
# kubectl taint nodes --all dedicated-
node "test-01" tainted
taint key="dedicated" and effect="" not found.
taint key="dedicated" and effect="" not found

注:这条命令将会从任何节点上移除“dedicated”标记,包括Master节点,这意味着调度器可以在任何节点上调度部署pods。

配置Pod网络

Kubernetes 1.2版本默认使用的是flannel网络,用于解决POD跨主机之间的通信。新版本未提供默认的网络插件,在部署应用集群之前,必须要配置POD网络。

未配置POD网络,默认的KUBE-DNS是无法启动的,通过下面的方法查看:

1
2
3
4
5
6
7
#查看系统Pod
# kubectl get pods --namespace=kube-system
# NAME                                           READY     STATUS    RESTARTS   AGE
#kube-dns-2247936740-90wib                      0/3       ContainerCreating   0          4m
# 查看POD日志
# kubectl describe pod kube-dns-2247936740-90wib --namespace=kube-system
# ...

这里使用的是weave网络,也可以使用Calico或Cannal。

1
2
# kubectl apply -f https://git.io/weave-kube
daemonset "weave-net" created

网络安装完成,通过下面的命令可以查看kube-dns已经启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# kubectl get pods --namespace=kube-system
# NAME                                           READY     STATUS    RESTARTS   AGE
# etcd-lain-virtual-machine                      1/1       Running   0          5m
# kube-apiserver-lain-virtual-machine            1/1       Running   0          5m
# kube-controller-manager-lain-virtual-machine   1/1       Running   0          5m
# kube-discovery-982812725-98ivv                 1/1       Running   0          5m
# kube-dns-2247936740-90wib                      3/3       Running   0          5m
# kube-proxy-amd64-pgj8g                         1/1       Running   0          5m
# kube-scheduler-lain-virtual-machine            1/1       Running   0          5m
# weave-net-bkady                                2/2       Running   0          5m
# 查看启动配置
# ps aux | grep kubelet
# 输出日志
# ... /usr/bin/kubelet --kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --cluster-dns=100.64.0.10 --cluster-domain=cluster.local --v=4

添加Worker节点

通过

join --token ```命令可以添加任意多的节点到Kubernetes集群中。命令操作如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
```bash
# kubeadm join --token <token> <master-ip>
<util/tokens> validating provided token
<node/discovery> created cluster info discovery client, requesting info from "http://138.68.156.129:9898/cluster-info/v1/?token-id=0f8588"
<node/discovery> cluster info object received, verifying signature using given token
<node/discovery> cluster info signature and contents are valid, will use API endpoints [https://138.68.156.129:443]
<node/csr> created API client to obtain unique certificate for this node, generating keys and certificate signing request
<node/csr> received signed certificate from the API server, generating kubelet configuration
<util/kubeconfig> created "/etc/kubernetes/kubelet.conf"
Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this machine join.

添加worker节点后,可以在Master节点通过

get nodes```查看集群里的机器。
1
2
3
4
5
6
7
### 从Master节点以外的机器控制集群
如果你想在笔记本上通过kubectl来控制你的集群,只需要将Master节点上KubeConfig复制到你的笔记本即可,操作如下:
```bash
# scp root@<master ip>:/etc/kubernetes/admin.conf .
# kubectl --kubeconfig ./admin.conf get nodes

安装Demo应用

1
2
# kubectl create namespace sock-shop
# kubectl apply -n sock-shop -f "https://github.com/microservices-demo/microservices-demo/blob/master/deploy/kubernetes/complete-demo.yaml?raw=true"

Tear down

  • uninstall 一个app,在Master节点执行
    delete namespace sock-shop```
    1
    2
    3
    4
    5
    6
    - undo kubeadm的操作,重置本地状态:
    ```bash 
    systemctl stop kubelet;
    docker rm -f -v $(docker ps -q);
    find /var/lib/kubelet | xargs -n 1 findmnt -n -t tmpfs -o TARGET -T | uniq | xargs -r umount -v;
    rm -r -f /etc/kubernetes /var/lib/kubelet /var/lib/etcd;

More

扫二维码
扫一扫,用手机访问本站

扫一扫,用手机访问本站

发送邮件