=========================
==== kubernetes实战 ======
#环境
操作系统
- centos7
主机
- 172.16.53.240 k8s-master
- 172.16.53.209 k8s-slave1
- 172.16.53.250 k8s-slave2
代理
export http_proxy=http://IP:PORT
export https_proxy=http://IP:PORT
# 安装(yum)
echo "
[virt7-testing]
name=virt7-testing
baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/
gpgcheck=0" >> /etc/yum.repos.d/kubernetes.repo
# 所有机器安装kubernetes
yum install kubernetes(slave)
yum install -y etcd flannel kubernetes (k8s-master)
= 关闭selinux
setenforce 0
= 关闭防火墙(有要求但未做) !=
systemctl stop iptables
systemctl disable iptables
# 设置认证(可选)
vi /etc/kubernetes/token_auht_file
admin,admin,1
system,system,2
vim /etc/kubernetes/apiserver
KUBE_API_ARGS="--secure-port=443 --token_auth_file=/etc/kubernetes/token_auth_file"
=修改配置文件
kubernetes
- vi /etc/kubernetes/config
- KUBE_LOGTOSTDERR="--logtostderr=true"
- KUBE_LOG_LEVEL="--v=0"
- KUBE_ALLOW_PRIV="--allow-privileged=false"
- KUBE_MASTER="--master=http://172.16.53.240:8080"
- vi /etc/kubernetes/apiserver
- KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
- KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
- KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
- KUBE_API_ARGS=""
- systemctl start
etcd
- vi /etc/etcd/etcd.conf
- ETCD_NAME=default
- ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
- ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
- ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
- systemctl start etcd
- etcdctl mkdir /kube-centos/network
- etcdctl mk /kube-centos/network/config "{ \"Network\": \"10.254.0.0/16\", \"SubnetLen\": 24, \"Backend\": { \"Type\": \"vxlan\" } }"
flanneld
- vi /etc/sysconfig/flanneld
- FLANNEL_ETCD_ENDPOINTS="http://127.0.0.1:2379"
- FLANNEL_ETCD_PREFIX="/kube-centos/network"
= 启动服务
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
= 开放端口(master)
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2380 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4194 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10248 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10249 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10250 -j ACCEPT
============================================================
======= slave 配置kubernetes ===============================
echo "172.16.53.240 k8s-master" >> /etc/hosts
= 安装kubernetes, flanndl
yum install -y kubernetes flannel
= 配置服务
- vi /etc/kubernetes/apiserver
- KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
- vi /etc/kubernetes/kubelet
- KUBELET_ADDRESS="--address=0.0.0.0"
- KUBELET_PORT="--port=10250"
- KUBELET_HOSTNAME="--hostname-override=k8s-slave2"
- KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
- KUBELET_ARGS=""
- vi /etc/kubernetes/config
- KUBE_MASTER="--master=http://k8s-master:8080"
- vi /etc/sysconfig/flanneld
- FLANNEL_ETCD_ENDPOINTS="http://k8s-master:2379"
- FLANNEL_ETCD_PREFIX="/kube-centos/network"
= 启动服务
for SERVICES in kube-proxy kubelet docker; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done
= 配置kubectl
- kubectl config set-cluster default-cluster --server=http://centos-master:8080
- kubectl config set-context default-context --cluster=default-cluster --user=default-admin
- kubectl config use-context default-context
= 开放端口(slave)
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4194 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10248 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10249 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10250 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10255 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 32104 -j ACCEPT
= 搭建私有仓库(单独server)
mkdir -p /docker/data
docker pull registry
docker run -it --name registry -p 5000:5000 -v /docker/data:/tmp/registry registry
=安装gcloud
wget https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-151.0.1-linux-x86_64.tar.gz
tar zxvf google-cloud-sdk-151.0.1-linux-x86_64.tar.gz
mv google-cloud-sdk /usr/local/gcloud
ln -s /usr/local/gcloud/bin/gcloud /usr/local/bin/gcloud
= 设置docker代理
mkdir /etc/systemd/system/docker.service.d/
vi /usr/lib/systemd/system/docker.service
[service]
Environment="HTTP_PROXY=http://IP:PORT"
Environment="HTTPS_PROXY=http://IP:PORT"
systemctl restart docker
= 安装dashboard UI(kube-ui)
gcloud docker pull gcr.io/gcr.io/google_containers/kube-ui:v5
vi kube-ui.yaml
'''apiVersion: v1
kind: ReplicationController
metadata:
name: kube-ui-v5
namespace: kube-system
labels:
k8s-app: kube-ui
version: v5
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: kube-ui
version: v5
template:
metadata:
labels:
k8s-app: kube-ui
version: v5
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: kube-ui
p_w_picpath: gcr.io/google_containers/kube-ui:v5
resources:
limits:
cpu: 100m
memory: 50Mi
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: kube-ui
namespace: kube-system
labels:
k8s-app: kube-ui
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "KubeUI"
spec:
selector:
k8s-app: kube-ui
clusterIP: 10.254.0.254
ports:
- port: 80
targetPort: 8080" '''
vi kubernetes-dashboard.yaml
'''
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
p_w_picpath: docker.io/kubernetesdashboarddev/kubernetes-dashboard-amd64:head
p_w_picpathPullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
- --apiserver-host=http://172.16.53.224:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard'''
= 检查服务运行状态
kubectl get po --namespace=kube-system
# = 安装Dashboard UI
# cd /root/kube-ui
# wget https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml
# = docker pull 镜像并授权Google认证
# gcloud docker -- pull gcr.io/google-containers/kubernetes-dashboard-amd64:v1.6.0
# = 配置证书
# openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
==================================================
# 编译安装kube-ui
= 安装node.js
wget https://nodejs.org/dist/v6.10.2/node-v6.10.2-linux-x64.tar.xz
tar xvf node-v6.10.2-linux-x64.tar.xz
mv node-v6.10.2-linux-x64 /usr/local/node
ln -s /usr/local/node/bin/node /usr/local/bin/node
ln -s /usr/local/node/bin/npm /usr/local/bin/npm
yum install git -y
npm install -g bower
= 安装kube-ui
wget https://github.com/kubernetes/kube-ui/archive/master.zip
unzip master.zip
cd kube-ui-master/master/
npm install
#安装kube-admin
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kube-admin
==================================================
== 编译安装 ====
== 系统更新并安装依赖 ==
yum update -y && yum install -y lsof telnet net-tools unzip wget git docker iptables-services
mkdir /root/kube
cd /root/kube
tar zxvf google-cloud-sdk-151.0.0-linux-x86_64.gz && tar xvf node-v6.10.2-linux-x64.tar.xz && unzip master.zip && tar zxvf kubernetes.tar.gz
mv node-v6.10.2-linux-x64 /usr/local/node
ln -s /usr/local/node/bin/npm /usr/local/bin/npm
ln -s /usr/local/node/bin/node /usr/local/bin/node
ln -s /usr/local/google-cloud-sdk/bin/gcloud /usr/local/bin/gcloud
ln -s /usr/local/google-cloud-sdk/bin/gsutil /usr/local/bin/gsutil
ln -s /usr/local/google-cloud-sdk/bin/bq /usr/local/bin/bq
#启动iptables
systemctl disable firewalld
systemctl stop firewalld
# 安装 kubernetes
cd /root/kube/kubernetes/cluster
sh get-kube-local.sh #(需要×××)
sh get-kube-binaries.sh
mv /root/kube/kubernetes/server/kubernetes /usr/local/
ln -s /usr/local/kubernetes/server/bin/kubeadm /usr/local/bin/kubeadm
ln -s /usr/local/kubernetes/server/bin/kubectl /usr/local/bin/kubectl
ln -s /usr/local/kubernetes/server/bin/kubelet /usr/local/bin/kubelet
ln -s /usr/local/kubernetes/server/bin/kube-apiserver /usr/local/bin/kube-apiserver
ln -s /usr/local/kubernetes/server/bin/kube-fed /usr/local/bin/kube-fed
ln -s /usr/local/kubernetes/server/bin/kube-proxy /usr/local/bin/kube-proxy
ln -s /usr/local/kubernetes/server/bin/kube-controller-manager /usr/local/bin/kube-controller-manager
# 安装dashboard
cd /root/dashboard-master/
npm install
npm start
= 参考网址
http://kubecloud.io/guide-installing-kubernetes-dashboard-on-hypriotos/
https://kubernetes.io/docs/tasks/web-ui-dashboard/
https://github.com/kubernetes/dashboard
https://kubernetes.io/docs/tasks/web-ui-dashboard/
