版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/c5113620/article/details/82718230
安装vmware
先安装一个,centos7 minimal模式,安装完重启,输入root与密码,进入控制台
ip addr
//可以看ip,minimal是没有安装ifconfig等等工具的
配置开机联网
cd /etc/sysconfig/network-scripts
vi ifcfg-ens33
ONBOOT=yes
service network restar
//然后就可以使用xshell连接了。
安装必要工具
yum upgrade
yum install net-tools //可以使用yum search ifconfig 查找包
yum groupinstall development tools //可选,安装gcc等等开发工具包
一台配置好了,vmware关机后使用vmware的克隆,复制两个,三台机器就准备完毕,先三台各自【快照】一次方便回退重试
kubernetes总体集群一个master,两个node
- master&etcd 192.168.204.130
- node 192.168.204.131
- node 192.168.204.132
master安装kubernetes
systemctl stop firewalld && sudo systemctl disable firewalld
yum install -y kubernetes etcd docker flannel
node安装kubernetes
systemctl stop firewalld && sudo systemctl disable firewalld
yum install -y kubernetes docker flannel
master配置修改,主要都是改ip
//etcd配置
vi /etc/etcd/etcd.conf 都有只需要修改ip
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS=http://192.168.204.130:2379
//apiserver 配置
vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.204.130:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.204.0/24"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
//KUBE_ADMISSION_CONTROL去掉SecurityContextDeny,ServiceAccount,因为kubectl create时会报错
Error from server (ServerTimeout): error when creating "/opt/dockerconfig/nginx-pod.yaml":
No API token found for service account "default",retry after the token is automatically created and added to the service account
//Kubelet配置
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.204.130"
KUBELET_API_SERVER="--api-servers=http://192.168.204.130:8080"
//config配置
vi /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.204.130:8080"
//scheduler和proxy默认不要改,或者
vi /etc/kubernetes/scheduler
vi /etc/kubernetes/proxy
KUBE_SCHEDULER_ARGS="--address=0.0.0.0"
KUBE_PROXY_ARGS="--address=0.0.0.0"
//flannel配置
vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.204.130:2379"
FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/k8s/flannel/ --iface=ens33"
master配置修改完,先启动etcd服务
systemctl start etcd
//检查etcd cluster状态,输出cluster is healthy
etcdctl cluster-health
//检查etcd集群成员列表,这里只有一台,有显示,表示etcd配置好了
etcdctl member list
//添加kubernetes集群内的ip配置,/atomic.io/network是上面etcd里默认配置的,集群内会被flannel自动分配172.17.0.0网段地址
etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16", "SubnetMin": "172.17.1.0", "SubnetMax": "172.17.254.0"}'
添加 redhat-uep.pem 证书文件,主要是kubectl create后,pull镜像会出错
failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt是/etc/rhsm/ca/redhat-uep.pem的软连接
/etc/rhsm/ca/redhat-uep.pem不存在
两种方法得到redhat-uep.pem文件,xshell的xftp直接放入目录/etc/rhsm/ca/
1。下载,解压
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio xxx.rpm | cpio -idmv
2。自己写
https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
启动kubernetes各组件,tailf /var/log/messages 可以看所有日志
systemctl restart kube-apiserver
//上面执行后,看http://192.168.204.130:8080/ http://192.168.204.130:8080/healthz/ping有内容就kube-apiserver启动成功了
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
systemctl restart kube-proxy
systemctl restart kubelet
systemctl restart flanneld
systemctl restart docker
//上面执行后,ps aux | grep docker,看dockerd-curren进程的参数 是否有--bip=172.17.11.1/24 --ip-masq=true --mtu=1472
//有,表示flannel已接管docker的ip配置
//再看ifconfig的flannel0 172.17.11.0 与docker0 172.17.11.1是否同一网段
如果上面都正常,master就完成了
node配置,与master差不多,很少
//Kubelet配置
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.204.131" //这里是node的ip,131 132
KUBELET_API_SERVER="--api-servers=http://192.168.204.130:8080" //master的ip
//config配置
vi /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.204.130:8080"
//scheduler和proxy默认不要改,或者
vi /etc/kubernetes/scheduler
vi /etc/kubernetes/proxy
KUBE_SCHEDULER_ARGS="--address=0.0.0.0"
KUBE_PROXY_ARGS="--address=0.0.0.0"
//flannel配置
vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.204.130:2379"
FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/k8s/flannel/ --iface=ens33"
两个node配置完,就可以启动了
systemctl restart kube-proxy
systemctl restart kubelet
systemctl restart flanneld
systemctl restart docker
与master一样检查 docker与flannel
在master上看node
kubectl get nodes
在node上看node,加 -s 指定api server
kubectl -s 192.168.204.130:8080 get nodes
看版本
kubectl version
部署nginx, 写三个yaml文件
//nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
//nginx-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-rc
spec:
replicas: 2
selector:
name: nginx-pod
template:
metadata:
labels:
name: nginx-pod
spec:
containers:
- name: nginx-pod
image: nginx
ports:
- containerPort: 80
//nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- port: 80
nodePort: 30001
selector:
name: nginx-pod
使用kubectl 创建部署nginx,就是通过docker pull image nginx 完成部署
kubectl create -f nginx-pod.yaml
//执行完,虽然显示created,但是其实需要pull image 慢慢来的,使用
kubectl describe pod nginx
//看看具体的状态,如果出现open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt错误看上面
//Status: Running,IP有了,Container ID有了,基本就好了
//还可以看看image有没有pull下来,docker ps -a 是否有nginx
kubectl create -f nginx-rc.yaml
kubectl create -f nginx-service.yaml
//有问题,可以把上面的create换成delete删除重建
//查看部署列表
kubectl get pods
kubectl get rc
kubectl get service
访问nginx,验证
http://192.168.204.131:30001/
http://192.168.204.132:30001/
如果打不开,试试下面(每个node节点都要) (https://github.com/kubernetes/kubernetes/issues/40182)
iptables -P FORWARD ACCEPT
如果上面没问题,部署tomcat
//tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myweb
spec:
replicas: 2
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: docker.io/tomcat
ports:
- containerPort: 80
//tomcat-service.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: myweb
执行命令
kubectl create -f tomcat-deployment.yaml
kubectl create -f tomcat-service.yaml
kubectl describe deployment myweb
访问tomcat
http://192.168.204.131:31111/
http://192.168.204.132:31111/
其他
kubectl get svc 显示端口映射
etcdctl --endpoints http://192.168.204.130:2379 ls / 在安装了etcd的服务器,看其他服务器的etcd存储
netstat -antp |grep kube-proxy 显示被flannel监听的端口nodePort
repair.go:122] the cluster IP 10.51.0.1 for service kubernetes/default is not within the service CIDR 10.52.0.0/16; please recreate
检查/etc/kubernetes/apiserver的KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.98.0/24"
清除缓存
etcdctl rm /registry/services/specs/default/kubernetes
重启