一、环境准备

1.关闭防火墙
2.关闭selinux
3.配置hosts

二、docker安装

1.安装yum管理软件

yum install -y yum-utils device-mapper-persistent-data lvm2

2.添加yum源

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

3.查看可用版本

yum list docker-ce --showduplicates | sort -r

K8S实践Ⅰ(集群安装配置)

4.安装指定版本

yum -y install docker-ce-18.09.6

5.配置国内镜像加速

cat /etc/docker/daemon.json 
{
"registry-mirrors": ["https://registry.docker-cn.com" ]
}

其他镜像加速器

6.启动服务

systemctl start docker && systemctl enable docker

三、使用kubeadm安装kubernetes集群

1.添加yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2.临时关闭swap

swapoff -a   

Kubernetes 1.8 开始要求关闭系统的Swap,如果不关闭,默认配置下 kubelet 将无法启动。可以通过修改 kubelet 的启动参数/etc/sysconfig/kubelet中 --fail-swap-on=false 更改这个限制

3.安装并启动

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#--disableexcludes=kubernetes  禁掉除了这个之外的别的仓库 

安装指定版本:kubeadm-1.14.2

systemctl enable kubelet && systemctl start kubelet

4.更改swap限制

# cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--fail-swap-on=false

5.kubeadm config

kubeadm config upload from-file 由配置文件上传到集群中生成ConfigMap
kubeadm config upload from-flags 由配置参数生成ConfigMap
kubeadm config view 查看当前集群中的配置值
kubeadm config print init-defaults 输出init-defaults默认参数文件内容
kubeadm config print join-defaults 输出join-defaults默认参数文件内容
kubeadm config migrate 在新旧版本之间进行配置转换
kubeadm config images list 列出所需镜像列表
kubeadm config images pull 拉去镜像到本地

#查看默认参数文件
kubeadm config print init-defaults

6.新建init-config.yaml文件定制镜像仓库地址和Pod地址段

# cat init-config.yaml 
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: docker.io/dustise
kubernetesVersion: v1.14.0
networking:
  podSubnet: "192.168.0.0/16"

7.下载所需镜像

# kubeadm config images pull --config=init-config.yaml
[config/images] Pulled docker.io/dustise/kube-apiserver:v1.14.0
[config/images] Pulled docker.io/dustise/kube-controller-manager:v1.14.0
[config/images] Pulled docker.io/dustise/kube-scheduler:v1.14.0
[config/images] Pulled docker.io/dustise/kube-proxy:v1.14.0
[config/images] Pulled docker.io/dustise/pause:3.1
[config/images] Pulled docker.io/dustise/etcd:3.3.10
[config/images] Pulled docker.io/dustise/coredns:1.3.1

K8S实践Ⅰ(集群安装配置)

8.安装Master

# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
~~~~~~

出现[WARNING IsDockerSystemdCheck],是由于docker的Cgroup Driver和kubelet的Cgroup Driver不一致导致的,此处选择修改docker的和kubelet一致

# docker info | grep Cgroup
Cgroup Driver: cgroupfs

编辑文件/usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd
systemctl daemon-reload
systemctl restart docker
# docker info | grep Cgroup
Cgroup Driver: systemd

使用kubeadm reset重置主机状态然后重新初始化

# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
。。。。。。
。。。。。。
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
    --discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369 

按照提示复制配置文件到用户目录下

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看ConfigMap

# kubectl get -n kube-system configmap
NAME                                 DATA   AGE
coredns                              1      8m53s
extension-apiserver-authentication   6      8m57s
kube-proxy                           2      8m53s
kubeadm-config                       2      8m54s
kubelet-config-1.14                  1      8m54s

查看初始化情况

[root@K8S-1 .kube]# kubectl get node
NAME    STATUS     ROLES    AGE   VERSION
k8s-1   NotReady   master   11m   v1.14.2
[root@K8S-1 .kube]# kubectl get pods --all-namespaces
NAMESPACE     NAME                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87         0/1     Pending   0          12m
kube-system   coredns-6897bd7b5-hdthq         0/1     Pending   0          12m
kube-system   etcd-k8s-1                      1/1     Running   0          11m
kube-system   kube-apiserver-k8s-1            1/1     Running   0          11m
kube-system   kube-controller-manager-k8s-1   1/1     Running   0          11m
kube-system   kube-proxy-hxqnk                1/1     Running   0          12m
kube-system   kube-scheduler-k8s-1            1/1     Running   0          11m

9.安装网络插件weave

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

10.配置node加入集群

新节点的添加环境配置同上,除了5-9

[root@K8S-2 ~]# kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
>     --discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

kubeadm init生成的token有效期只有1天,之后可用
kubeadm token create --ttl 0 --print-join-command生成永不过期的token

[root@K8S-1 ~]# kubectl get node
NAME    STATUS   ROLES    AGE     VERSION
k8s-1   Ready    master   16h     v1.14.2
k8s-2   Ready    <none>   9m2s    v1.14.2
k8s-3   Ready    <none>   3m17s   v1.14.2
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87         1/1     Running   0          16h
kube-system   coredns-6897bd7b5-hdthq         1/1     Running   0          16h
kube-system   etcd-k8s-1                      1/1     Running   0          16h
kube-system   kube-apiserver-k8s-1            1/1     Running   0          16h
kube-system   kube-controller-manager-k8s-1   1/1     Running   0          16h
kube-system   kube-proxy-hxqnk                1/1     Running   0          16h
kube-system   kube-proxy-km5dv                1/1     Running   0          9m4s
kube-system   kube-proxy-np89x                1/1     Running   0          3m19s
kube-system   kube-scheduler-k8s-1            1/1     Running   0          16h
kube-system   weave-net-7pdj5                 2/2     Running   1          3m19s
kube-system   weave-net-8kc2p                 2/2     Running   0          21m
kube-system   weave-net-vtwwk                 2/2     Running   0          9m4s

四.安装dashboard

Kubernetes Dashboard

1.下载yaml文件到本地

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

由于国内无法从谷歌仓库k8s.gcr.io下载镜像,这里使用另一个镜像仓库拉取

在kubernetes-dashboard.yaml中修改镜像地址
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 为 mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

修改Dashboard Service 为NodePort类型

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

2.进行部署

kubectl create -f kubernetes-dashboard.yaml

3.查验

[root@K8S-1 ~]# kubectl get svc --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes             ClusterIP   10.96.0.1      <none>        443/TCP                  17h
kube-system   kube-dns               ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   17h
kube-system   kubernetes-dashboard   NodePort    10.99.205.30   <none>        443:30001/TCP            23m
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87                 1/1     Running   0          17h
kube-system   coredns-6897bd7b5-hdthq                 1/1     Running   0          17h
kube-system   etcd-k8s-1                              1/1     Running   0          17h
kube-system   kube-apiserver-k8s-1                    1/1     Running   0          17h
kube-system   kube-controller-manager-k8s-1           1/1     Running   0          17h
kube-system   kube-proxy-hxqnk                        1/1     Running   0          17h
kube-system   kube-proxy-km5dv                        1/1     Running   0          114m
kube-system   kube-proxy-np89x                        1/1     Running   0          108m
kube-system   kube-scheduler-k8s-1                    1/1     Running   0          17h
kube-system   kubernetes-dashboard-68ddcc97fc-f5lhj   1/1     Running   1          23m
kube-system   weave-net-7pdj5                         2/2     Running   1          108m
kube-system   weave-net-8kc2p                         2/2     Running   0          126m
kube-system   weave-net-vtwwk                         2/2     Running   0          114m

4.创建管理员

[root@K8S-1 ~]# cat k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
kubectl create -f k8s-admin.yaml 

5.查看token

[root@K8S-1 ~]# kubectl describe serviceaccount admin -n kube-system
Name:                admin
Namespace:           kube-system
Labels:              k8s-app=kubernetes-dashboard
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   admin-token-znvmk
Tokens:              admin-token-znvmk
Events:              <none>
[root@K8S-1 ~]# kubectl describe secret admin-token-znvmk -n kube-system
Name:         admin-token-znvmk
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: be3aca02-82cf-11e9-a2f2-00505694834d

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi16bnZtayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJlM2FjYTAyLTgyY2YtMTFlOS1hMmYyLTAwNTA1Njk0ODM0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.3EtoTPkf_Qf1DizB3FDCRwTi_pqNGUWwblZ3AIzFSylUJmt_yfIghEPqnebj1XgqKX_1YelVkX8nypobMoItukdsT5V9rc0Z3zFMV6tnLlCw3yBzT8T5G4fhoNbWkFtsUU3QJOOXdrPalVnPbpv0Mu71Afh9wtnGUPlcRlbPMi2PGYCQgxtS7853ZQub5XE_w5pH5RPWFrtYc4NNrQRYRMZXtTPWFsVXt8pABvmgC1wMFBcQhRAF8T9fXzpOFxfBHSqy39GsUd2W3w6Vy38YVQcLqkrORUP50jgtBNv4TVvBViu5FLM-A-h6g3Q1WOx4pTwFHKGFoZMhotYZB9gefg
ca.crt:     1025 bytes
namespace:  11 bytes
[root@K8S-1 ~]# 

6.使用token登录
K8S实践Ⅰ(集群安装配置)

K8S实践Ⅰ(集群安装配置)

五、部署一个简单的实例mysql+webapp

1.创建MySQL的RC定义文件

# cat mysql-rc.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:5.7
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"

2.创建与之关联的SVC文件

# cat mysql-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: mysql
spec:
  ports:
    - port: 3306
  selector:
    app: mysql

3.创建tomcat的RC文件

# cat web-rc.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 2
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: kubeguide/tomcat-app:v1
        ports:
        - containerPort: 8080
        env:
        - name: MYSQL_SERVICE_HOST
          value: 'mysql'
        - name: MYSQL_SERVICE_PORT
          value: '3306'

4.创建对应的SVC文件

# cat web-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 30002
  selector:
    app: myweb

5.分别将MySQL和tomcat的RC,SVC在K8S上发布

# kubectl create -f mysql-rc.yaml          
# kubectl create -f mysql-svc.yaml
# kubectl create -f web-rc.yaml
# kubectl create -f web-svc.yaml 

6.查看pod和svc

# kubectl get pod
NAME          READY   STATUS    RESTARTS   AGE
mysql-sgwc7   1/1     Running   0          2m2s
myweb-7zpbj   1/1     Running   0          10m
myweb-rqpjz   1/1     Running   0          10m
# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP          40h
mysql        ClusterIP   10.106.70.242   <none>        3306/TCP         26m
myweb        NodePort    10.104.74.76    <none>        8080:30002/TCP   37m

7.网页登录
K8S实践Ⅰ(集群安装配置)

8.清除

# kubectl delete -f mysql-rc.yaml
# kubectl delete -f mysql-svc.yaml 
# kubectl get pod
No resources found.