kubeadm install Kubernetes1.7.4

Kubernetes1.4版本中添加了kubeadm,旨在改善开发者在安装、调试和使用k8s时的体验,降低安装和使用门槛。理论上通过两个命令:init和join即可搭建出一套完整的Kubernetes cluster。

kubeadm安装Kubernetes是非常简单的,但限于国内的GWF导致镜像无法下载,会影响整个安装过程;

实验环境

OS: centOS7
Docker:

# docker version
Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:06:25 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:06:25 2017
 OS/Arch:      linux/amd64
 Experimental: false

1.修改主机名

安装之前一定要修改主机名,因为k8s会使用主机名通信;

vi /etc/hostname
vi /etc/hosts
#添加以下内容
your_ip your_hostname

注:通过这种方式修改主机名,不需要重启节点

2. 安装Docker

具体安装步骤参考官网,推荐安装Docker v1.12;
CentOS: https://docs.docker.com/v1.12/engine/installation/linux/centos/

tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=[https://yum.dockerproject.org/repo/main/centos/7/](https://yum.dockerproject.org/repo/main/centos/7/)
enabled=1
gpgcheck=1
gpgkey=[https://yum.dockerproject.org/gpg](https://yum.dockerproject.org/gpg)
EOF

yum list docker-engine --showduplicates

yum install docker-engine-1.12.6 docker-engine-selinux-1.12.6 -y
systemctl enable docker ; systemctl start docker

3. Linux科学上网

export https_proxy=http://proxy.example.com:8118
export http_proxy=http://proxy.example.com:8118

4. 下载kubectl

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl

# 如果想要安装指定版本的kubectl,替换掉/release后面的字符串即可
# 例如,如果想安装1.7.0版本的kubectl,执行以下命令
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/darwin/amd64/kubectl

chmod +x ./kubectl

sudo mv ./kubectl /usr/local/bin/kubectl

kubectl可以下载,也是挺奇怪的,但后面要下载的包可就不奇怪了,好气哦。。。

5. Installing kubelet and kubeadm

注: kubelet和kubeadm安装包下载需要科学上网哦~

kubelet:运行在集群中所有节点上,负责启动pods和容器等;
kubeadm:用于启动Kubernetes集群;

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=[https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64](https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64)
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=[https://packages.cloud.google.com/yum/doc/yum-key.gpg](https://packages.cloud.google.com/yum/doc/yum-key.gpg)
        [https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg](https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg)
EOF
setenforce 0
yum install -y kubelet kubeadm
systemctl enable kubelet && systemctl start kubelet

6. 修改docker和kubelet的cgroup驱动

docker和kubelet的cgroup驱动方式不同,需要修复配置:
https://github.com/kubernetes/kubeadm/issues/103

vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
修改 KUBELET_CGROUP_ARGS=--cgroup-driver=systemd  
为   KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs

systemctl daemon-reload
systemctl start kubelet

7. Docker代理设置

安装过程中会用Docker下载镜像,所以要让Docker科学上网
配置代理并重启docker、kubelet

[root@k8s ~]# systemctl enable docker

[root@k8s ~]# mkdir -p /etc/systemd/system/docker.service.d/
[root@k8s ~]# vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "HTTPS_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,proxy.example.com"
                             
systemctl daemon-reload
[root@k8s ~]# systemctl restart docker

详情请参考:http://www.jianshu.com/p/bf58a66451d0

8. kubeadm init

Requirements:

  1. One or more machines running Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+
  2. 1GB or more of RAM per machine (any less will leave little room for your apps)
  3. Full network connectivity between all machines in the cluster (public or private network is fine)
    Objectives
  • 配置代理,kubeadm有部分请求也需要代理
export https_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
export http_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
  • kubeadm init
kubeadm init 

注:

  1. --kubernetes-version 指定kubernetes版本
  2. 如果使用flannel或Calico网络方案,需要指定Pod的IP地址段 --pod-network-cidr=10.244.0.0/16
  3. --skip-preflight-checks 跳过检查
  4. 在使用代理也无法pull镜像的时候,可以修改/etc/kubenetes/manifest里面的yaml文件,设置imagePullPolicy为Never或者IfNotPresent
  5. 无法pull镜像的小伙伴可以留言哦
  • kubeadm init过程
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.4
[init] Using Authorization modes: [Node RBAC]
[preflight] Skipping pre-flight checks
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.191.138]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready  
<-> 这里会停的比较久,要去下载镜像,然后还得启动容器
[apiclient] All control plane components are healthy after 293.004469 seconds
[token] Using token: 2af779.b803df0b1effb3d9
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  [http://kubernetes.io/docs/admin/addons/](http://kubernetes.io/docs/admin/addons/)

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.6:6443
  • 配置kubeconfig
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config

# ll ~/.kube/
total 8
drwxr-xr-x. 3 root root   23 Jul 29 21:39 cache
-rw-------. 1 root root 5451 Jul 29 22:57 config

9. 安装Calico

kubernetes version >= 1.6.0执行下面的命令

kubectl apply -f [https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml](https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml)

详情参考: https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/

10. Mater isolation

默认情况下,出于安全情况的考虑master节点不可调度,如果想把Pod调度到master节点,执行以下命令:

$ kubectl taint nodes --all node-role.kubernetes.io/master-

  node "test-01" untainted
  taint key="dedicated" and effect="" not found.
  taint key="dedicated" and effect="" not found.

11.添加worker节点

worker节点需要安装Docker, kubeadm, 将master节点上的镜像拷贝到worker节点;

kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.1:6443 --skip-preflight-checks
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Skipping pre-flight checks
[discovery] Trying to connect to API Server "192.168.191.138:6443"
[discovery] Created cluster-info discovery client, requesting info from "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"
[discovery] Cluster info signature and contents are valid, will use API Server "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"
[discovery] Successfully established connection with API Server "192.168.191.138:6443"
[bootstrap] Detected server version: v1.7.2
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on the master to see this machine join.

12. 所需镜像

# docker images 
REPOSITORY                                               TAG                 IMAGE ID            CREATED             SIZE
gcr.io/google_containers/kube-controller-manager-amd64   v1.7.4              d2adddc4b1cb        7 days ago          138MB
gcr.io/google_containers/kube-apiserver-amd64            v1.7.4              5260ecb5129c        7 days ago          186MB
gcr.io/google_containers/kube-proxy-amd64                v1.7.4              0f3bf654ec61        7 days ago          115MB
gcr.io/google_containers/kube-scheduler-amd64            v1.7.4              b1cd468ba656        7 days ago          77.2MB
quay.io/calico/kube-policy-controller                    v0.7.0              60d797585fc5        9 days ago          21.9MB
ubuntu                                                   14.04               c69811d4e993        13 days ago         188MB
quay.io/calico/node                                      v2.4.1              7643422fdf0f        2 weeks ago         277MB
centos                                                   latest              328edcd84f1b        2 weeks ago         193MB
quay.io/calico/cni                                       v1.10.0             88ca805c8ddd        3 weeks ago         70.3MB
nginx                                                    latest              b8efb18f159b        4 weeks ago         107MB
busybox                                                  latest              efe10ee6727f        5 weeks ago         1.13MB
quay.io/coreos/etcd                                      v3.1.10             47bb9dd99916        5 weeks ago         34.6MB
gcr.io/google_containers/etcd-amd64                      3.0.17              243830dae7dd        6 months ago        169MB
gcr.io/google_containers/pause-amd64                     3.0                 99e59f495ffa        15 months ago       747kB
sameersbn/squid                                          3.3.8-14            b51686290574        15 months ago       214MB

13. 创建的Pod

kubectl get pods -n=kube-system
NAME                                       READY     STATUS    RESTARTS   AGE
calico-etcd-fts5g                          1/1       Running   1          4d
calico-node-kthzl                          2/2       Running   4          4d
calico-policy-controller-336633499-tg35l   1/1       Running   1          4d
etcd-chun                                  1/1       Running   1          4d
kube-apiserver-chun                        1/1       Running   1          4d
kube-controller-manager-chun               1/1       Running   2          4d
kube-dns-2425271678-fz79r                  0/3       Pending   0          4d
kube-proxy-k6zfz                           1/1       Running   1          4d
kube-scheduler-chun                        1/1       Running   1          4d

14. kubernetes使用的端口

6443* Kubernetes API server
2379-2380 etcd server client API
10250 Kubelet API
10251 kube-scheduler
10252 kube-controller-manager
10255 Read-only Kubelet API (Heapster)

13. 参考链接

https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
https://github.com/kubernetes/kubeadm/issues/103
https://docs.docker.com/v1.12/engine/installation/linux/centos/
https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/
https://my.oschina.net/styshoo/blog/841308

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 206,126评论 6 481
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 88,254评论 2 382
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 152,445评论 0 341
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 55,185评论 1 278
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 64,178评论 5 371
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,970评论 1 284
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,276评论 3 399
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,927评论 0 259
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 43,400评论 1 300
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,883评论 2 323
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,997评论 1 333
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,646评论 4 322
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,213评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,204评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,423评论 1 260
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 45,423评论 2 352
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,722评论 2 345

推荐阅读更多精彩内容