云服务器上搭建kubernetes集群
使用的虚机百度云BCC,centos7.5 ,2核4G
yum源百度云官方自带yum源,腾讯,阿里云自带yum源都可参考该文档
搭建k8,一共三台虚机:
1 2 3 |
master 192.168.0.8 master跟etcd共用一台 minion1 192.168.0.9 minion2 192.168.0.10 |
百度云虚机自带yum源就可以下载
三台虚机都需要安装
1 2 3 |
[root@master ~]# yum -y install kubernetes etcd flannel ntp [root@minion1 ~]# yum -y install kubernetes etcd flannel ntp [root@minion2 ~]# yum -y install kubernetes etcd flannel ntp |
关闭防火墙 三台同样需要关闭 注:若是生产环境不必关闭,写firewalld rule
1 2 3 |
[root@master ~]# systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld [root@minion1~]# systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld [root@minion2~]# systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld |
在hosts文件添加以下内容,执行一台,剩余拷贝就ok
1 2 3 4 5 6 7 |
[root@master ~]# vim /etc/hosts 192.168.0.8 master 192.168.0.8 etcd 192.168.0.9 minion1 192.168.0.10 minion2 [root@master ~]# scp /etc/hosts 192.168.0.9:/etc/ [root@master ~]# scp /etc/hosts 192.168.0.10:/etc/ |
在master上配置etcd
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@master ~]# vim /etc/etcd/etcd.conf 改:2 ETCD NAME=default 为:2ETCD_NAME="etcd" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" 改:9 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" 为:ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://192.168.0.8:2379" 改:20 ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" 为:ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.8:2379" 注释: advertise [aedvetarz] 做广告,做宣传;通告,通知 /etc/etcd/etcd.conf 配置文件含意如下: ETCD_NAME="etcd" etcd节点名称,如果etcd 集群只有一台etcd,这一项可以注释不用配置,默认名称为 default,这 个名宇后面会用到。 ETCD_DATA_DIR="/var/lib/etcd/default.etcd" etcd 存储数据的目录 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://192.168.1.63:2379" etcd 对外服务监听地址,一般指定2379端口,如果为0.0.0.0将会监听所有接口 ETCD_ARGS="" |
需要额外添加的参数,可以自己添加,etcd 的所有参数可以通过etcd-h查看。
启动服务
1 2 3 4 5 6 7 8 9 10 |
[root@master ~]# systemctl start etcd [root@master ~]# systemctl status etcd [root@master ~]# systemctl enable etcd [root@master ~]# netstat -anptu | grep 2379 tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 2963/etcd tcp 0 0 192.168.0.8:2379 0.0.0.0:* LISTEN 2963/etcd tcp 0 0 192.168.0.8:38866 192.168.0.8:2379 ESTABLISHED 2963/etcd tcp 0 0 127.0.0.1:2379 127.0.0.1:45804 ESTABLISHED 2963/etcd tcp 0 0 192.168.0.8:2379 192.168.0.8:38866 ESTABLISHED 2963/etcd tcp 0 0 127.0.0.1:45804 127.0.0.1:2379 ESTABLISHED 2963/etcd |
检查etcd集群列表,这里只有一台
1 2 |
[root@master ~]# etcdctl member list 8e9e05c52164694d: name=etcd peerURLs=http://localhost:2380 clientURLs=http://192.168.0.8:2379 isLeader=true |
在master配置master
修改kubernetets配置文件
1 2 3 |
[root@master ~]# vim /etc/kubernetes/config 改:KUBE_MASTER="--master=http://127.0.0.1:8080" 为:KUBE_MASTER="--master=http://192.168.0.8:8080" |
修改apiserver配置文件
1 2 3 4 5 6 7 8 9 10 11 |
[root@master ~]# vim /etc/kubernetes/apiserver [root@xuegod63 ~]# vim /etc/kubernetes/apiserver 改:8 KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" 为:8 KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0 改:17 KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" 为:KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.0.8:2379" 改23行: KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExist s,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 为:KUBE_ADMISSION_CONTROL="--admission-control=AlwaysAdmit" #这里必须配置 正确 |
配置kube-controller-manager配置文件
默认不需要改动
1
|
[root@master ~]# cat /etc/kubernetes/controller-manager
|
配置kube-scheduler配置文件
1 2 3 |
[root@master ~]# vim /etc/kubernetes/scheduler 改:KUBE_SCHEDULER_ARGS=" " 为:KUBE_SCHEDULER_ARGS="0.0.0.0" |
设置etcd网络
1 2 3 |
[root@master ~]# etcdctl set /k8s/network/config '{"Network":"10.255.0.0/16"}' //用于存储flanneld网络信息 [root@master ~]# etcdctl get /k8s/network/config //查看 {"Network":"10.255.0.0/16"} |
配置flanneld服务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@master ~]# vim /etc/sysconfig/flanneld 改:4FLANNEL_ETCD_ENDPOINTS="http://127.0.0.1:2379" 为:4FLANNEL_ETCD_ENDPOINTS="http://192.168.0.8:2379" 改:8 FLANNEL_ETCD_PREFIX="/atomic.io/network" 为:8 FLANNEL_ETCD_PREFIX="/k8s/network" #注其中/k8s/network 与上面 etcd 中的 Network 对应 改:11 #FLANNEL_OPTIONS="" 为:11 FLANNEL_OPTIONS="--iface=eth0" #指定 通信的物理网卡 [root@master ~]# systemctl restart flanneld.service [root@master ~]# systemctl status flanneld.service [root@master ~]# cat /run/flannel/subnet.env //查看/run/flannel/subnet.env 子网信息 FLANNEL_NETWORK=10.255.0.0/16 FLANNEL_SUBNET=10.255.6.1/24 FLANNEL_MTU=1472 FLANNEL_IPMASQ=false |
之后会有一个脚本姜subnet.env转写程一个docker的环境变量文件/run/flannel/docker
docker0的地址是由 /run/flannel/subnet.env 的FLANNEL_SUBENT参数决定的
1 2 3 4 5 |
[root@master ~]# cat /run/flannel/docker DOCKER_OPT_BIP="--bip=10.255.6.1/24" DOCKER_OPT_IPMASQ="--ip-masq=true" DOCKER_OPT_MTU="--mtu=1472" DOCKER_NETWORK_OPTIONS=" --bip=10.255.6.1/24 --ip-masq=true --mtu=1472" |
启动master上的4个服务
1 2 3 |
[root@master ~]# systemctl restart kube-apiserver kube-controller-manager kube-scheduler flanneld [root@master ~]# systemctl status kube-apiserver kube-controller-manager kube-scheduler flanneld [root@master ~]# systemctl enable kube-apiserver kube-controller-manager kube-scheduler flanneld |
到此master和etcd节点配置成功
配置minion1,采用flannel方式
1 2 3 4 5 6 7 8 |
[root@minion1 ~]# vim /etc/sysconfig/flanneld 改:4FLANNEL_ETCD_ENDPOINTS="http://127.0.0.1:2379" 为:4FLANNEL_ETCD_ENDPOINTS="http://192.168.0.8:2379" 改:8 FLANNEL_ETCD_PREFIX="/atomic.io/network" 为:8 FLANNEL_ETCD_PREFIX="/k8s/network" #注其中/k8s/network 与上面 etcd 中的 Network 对应 改:11 #FLANNEL_OPTIONS="" 为:11 FLANNEL_OPTIONS="--iface=eth0" #指定 通信的物理网卡 |
配置minion1上的master地址和kube-proxy
1 2 3 |
[root@minion1 ~]# vim /etc/kubernetes/config 改:KUBE_MASTER="--master=http://127.0.01:8080" 为:KUBE_MASTER="--master=http://192.168.0.8:8080" |
kube-proxy默认不需要改动
1 2 |
[root@minion1 ~]# grep -v '^#' /etc/kubernetes/proxy KUBE_PROXY_ARGS="" |
配置minion1 kubelet
1 2 3 4 5 6 7 8 9 10 11 |
[root@minion1 ~]# vim /etc/kubernetes/kubelet 改:5 KUBELET_ADDRESS="--address=127.0.0.1" 为:5KUBELET_ADDRESS="--address=0.0.0.0" #默认只监听127.0.0.1,要改成:0.0.0.0, 因为后期要使用kubectl 远程连接到kubelet 服务上,来查看 pod 及 pod 中容器的状态。如果是 127 就无法远程连接kubelet服务。 改:11 KUBELET_HOSTNAME="--hostname-override=127.0.0.1" 为:11 KUBELET_HOSTNAME="_-hostname-override=minion1" # minion 的主机名,设置 成和本主机机名一样,便于识别。 改:14 KUBELET_API_SERVER="--api-servers=http://127.0.0.1:8080" 为:14 KUBELET_API_SERVER="--api-servers=http://192.168.0.8:8080" #批定 apiserver 的地址 |
启动minion1服务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@minion1 ~]# systemctl restart flanneld kube-proxy kubelet docker [root@minion1 ~]# systemctl enable flanneld kube-proxy kubelet docker [root@minion1 ~]# systemctl status flanneld kube-proxy kubelet docker 查看 [root@minion1 ~]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.255.90.1 netmask 255.255.255.0 broadcast 0.0.0.0 ether 02:42:0c:ce:9d:7d txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472 inet 10.255.90.0 netmask 255.255.0.0 destination 10.255.90.0 inet6 fe80::6062:c456:9093:278b prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3 bytes 144 (144.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
查看kube-proxy
1 2 3 4 |
[root@minion1 ~]# netstat -antup | grep proxy tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 3242/kube-proxy tcp 0 0 192.168.0.9:53976 192.168.0.8:8080 ESTABLISHED 3242/kube-proxy tcp 0 0 192.168.0.9:53974 192.168.0.8:8080 ESTABLISHED 3242/kube-proxy |
配置minion2,采用flannel方式,和minion1配置一样
这里 直接将minion1的的配置文件拷贝到minion2了
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@minion1 ~]# scp /etc/sysconfig/flanneld 189.168.0.10:/etc/sysconfig/ 再次确认拷贝正确 [root@minion2 ~]# grep -v '^#' /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://192.168.0.8:2379" FLANNEL_ETCD_PREFIX="/k8s/network" FLANNEL_OPTIONS="--iface=eth0" [root@minion2 ~]# systemctl start flanneld.service [root@minion2 ~]# ifconfig flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472 inet 10.255.50.0 netmask 255.255.0.0 destination 10.255.50.0 inet6 fe80::435b:45bf:df6b:58c prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 96 (96.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
配置minion2上的地址和kube-proxy
这里也直接拷贝minion1的配置文件了
1 2 3 4 5 6 7 8 |
[root@minion1 ~]# scp /etc/kubernetes/config 192.168.0.10:/etc/kubernetes/ [root@minion1 ~]# scp /etc/kubernetes/proxy 192.168.0.10:/etc/kubernetes/ [root@minion2 ~]# systemctl start kube-proxy [root@minion2 ~]# netstat -anptu | grep proxy tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 29942/kube-proxy tcp 0 0 192.168.0.10:59170 192.168.0.8:8080 ESTABLISHED 29942/kube-proxy tcp 0 0 192.168.0.10:59168 192.168.0.8:8080 ESTABLISHED 29942/kube-proxy tcp 0 0 192.168.0.10:59166 192.168.0.8:8080 ESTABLISHED 29942/kube-proxy |
配置minion2 kubelet
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@minion1 ~]# scp /etc/kubernetes/kubelet 192.168.0.10:/etc/kubernetes/ root@192.168.0.10 password: kubelet 100% 613 1.6MB/s 00:00 [root@minion2 ~]# vim /etc/kubernetes/kubelet 改:KUBELET_HOSTNAME="--hostname-override=minion1" 为:KUBELET_HOSTNAME="--hostname-override=minion2" [root@minion2 ~]# systemctl start kubelet [root@minion2 ~]# netstat -antup | grep 8080 //查看:已建立连接 tcp 0 0 192.168.0.10:59216 192.168.0.8:8080 TIME_WAIT - tcp 0 0 192.168.0.10:59168 192.168.0.8:8080 ESTABLISHED 29942/kube-proxy tcp 0 0 192.168.0.10:59212 192.168.0.8:8080 ESTABLISHED 32339/kubelet tcp 0 0 192.168.0.10:59214 192.168.0.8:8080 ESTABLISHED 32339/kubelet tcp 0 0 192.168.0.10:59218 192.168.0.8:8080 ESTABLISHED 32339/kubelet tcp 0 0 192.168.0.10:59166 192.168.0.8:8080 ESTABLISHED 29942/kube-proxy tcp 0 0 192.168.0.10:59210 192.168.0.8:8080 ESTABLISHED 32339/kubelet [root@minion2 ~]# systemctl restart flanneld kube-proxy kubelet docker [root@minion2 ~]# systemctl enable flanneld kube-proxy kubelet docker [root@minion2 ~]# systemctl status flanneld kube-proxy kubelet docker |
ifconfig查看docker0 IP minion1和minion2是不一样的
到master主机上查看集群运行状态
1 2 3 4 |
[root@master ~]# kubectl get nodes NAME STATUS AGE minion1 Ready 26m minion2 Ready 7m |
到此整个集群搭建完成
总结:kubernetes 每个节点需要启动的服务和开放端口号
在本实验中kubernetes4个结点一共需要启动13个服务,开6个端口号。
详情如下:~
etcd:一共1个服务 ,通讯使用 2379 端口
启动服务
[root@master(etcd)~]#systemctl restart etcd
master:一共4个服务,通讯使用 8080端口
[root@master(etcd)–]# systemctl restart kube-apiserver kube-controller-manager
kube-scheduler flanneld
minion1:一共4个服务
kubeproxy 监控听端口号是 10249 , kubelet 监听端口 10248、10250、10255 三个端口
[root@minion1 –]# systemctl restart flanneld kube-proxy kubelet docker
minion2:一共4个服务
[root@minion2 ~]# systemctl restart flanneld kube-proxy kubelet docker