使用kubeadm安装kubernetes 1.5
2017-01-12
kubernetes是Google开源的基于Docker的容器集群管理系统,是谷歌内部大规模集群管理系统Borg的开源版本。 kubernetes基于Borg集群软件模型,其诱人之处在于该模型经过了Google庞大数据中心的校验。 本文主要介绍在CentOS7上使用kubeadm搭建一个用于开发和学习的单机环境。
系统和环境 #
- CentOS 7.2
- kubernetes 1.5.2
根据官方文档Installing Kubernetes on Linux with kubeadm 中的Limitations小节中的内容,对系统做如下设置:
修改/etc/sysctl.conf追加如下内容:
1net.bridge.bridge-nf-call-iptables = 1
2net.bridge.bridge-nf-call-ip6tables = 1
执行sysctl -p /etc/sysctl.conf使修改生效。
/etc/hosts中设置hostname(这里为cent0)对应非lo回环网卡ip。
1127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
2::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
3192.168.61.100 cent0
Install Docker Engine #
安装过程参考这里Install Docker on CentOS
安装完成后,创建/etc/sysconfig/docker配置文件
1vi /etc/sysconfig/docker
2other_args="--selinux-enabled=false --insecure-registry grc.io"
修改 /lib/systemd/system/docker.service
1vi /lib/systemd/system/docker.service
2...
3EnvironmentFile=-/etc/sysconfig/docker
4ExecStart=/usr/bin/dockerd $other_args
5...
1systemctl daemon-reload
2
3systemctl enable docker.service
4systemctl start docker
kubernetes rpm #
网络条件允许的话直接yum安装。
1cat <<EOF > /etc/yum.repos.d/kubernetes.repo
2[kubernetes]
3name=Kubernetes
4baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
5enabled=1
6gpgcheck=1
7repo_gpgcheck=1
8gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
9 https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
10EOF
查看版本:
1yum list kubeadm.x86_64 --showduplicates |sort -r
2kubeadm.x86_64 1.6.0-0.alpha.0.2074.a092d8e0f95f52 kubernetes
3
4yum list kubectl.x86_64 --showduplicates |sort -r
5kubectl.x86_64 1.5.2-0 kubernetes
6kubectl.x86_64 1.5.1-0 kubernetes
7
8yum list kubelet.x86_64 --showduplicates |sort -r
9kubelet.x86_64 1.5.2-0 kubernetes
10kubelet.x86_64 1.5.1-0 kubernetes
11
12yum list kubernetes-cni.x86_64 --showduplicates |sort -r
13kubernetes-cni.x86_64 0.3.0.1-0.07a8a2 kubernetes
安装最新版:
1yum install -y kubelet kubeadm kubectl kubernetes-cni
网络条件不允许,可使用kubernetes github上的release项目构建rpm包后本地安装。
1git clone https://github.com/kubernetes/release.git
2cd release/rpm
3chmod u+x docker-build.sh
4sysctl -w net.ipv4.ip_forward=1
5 ./docker-build.sh
生成的rpm包在release/rpm/output/x86_64中。 接下来yum本地安装kubernetes:
1cd release/rpm/output/x86_64
2yum localinstall -y *.rpm
3systemctl enable kubelet.service
kubeadm init初始化集群 #
disable selinux
1setenforce 0
2
3vi /etc/selinux/config
4SELINUX=disabled
使用kubeadm init初始化kubernetes master。这里使用flannel作为Pod network。
1kubeadm init --use-kubernetes-version=v1.5.2 --pod-network-cidr=10.244.0.0/16 --api-advertise-addresses=192.168.61.100
由于使用kubeadm安装的kubernetes核心组件都是以docker容器的形式运行,因此kubeadm init命令执行过程中会pull这些组件的docker镜像,根据网络情况这个过程可能十分缓慢。 如果安装过程出现问题,需要先执行下面的命令清理之前的执行残留后,才能重新开始。
1kubeadm reset
2
3ifconfig cni0 down
4ip link delete cni0
5ifconfig flannel.1 down
6ip link delete flannel.1
7rm -rf /var/lib/cni/
执行成功后输出信息:
1[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.
2[preflight] Running pre-flight checks
3[preflight] WARNING: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
4[preflight] Starting the kubelet service
5[init] Using Kubernetes version: v1.5.2
6[tokens] Generated token: "09c2a0.405d80b75a3eab2a"
7[certificates] Generated Certificate Authority key and certificate.
8[certificates] Generated API Server key and certificate
9[certificates] Generated Service Account signing keys
10[certificates] Created keys and certificates in "/etc/kubernetes/pki"
11[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
12[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
13[apiclient] Created API client, waiting for the control plane to become ready
14[apiclient] All control plane components are healthy after 22.908997 seconds
15[apiclient] Waiting for at least one node to register and become ready
16[apiclient] First node is ready after 5.505908 seconds
17[apiclient] Creating a test deployment
18[apiclient] Test deployment succeeded
19[token-discovery] Created the kube-discovery deployment, waiting for it to become ready
20[token-discovery] kube-discovery is ready after 4.003787 seconds
21[addons] Created essential addon: kube-proxy
22[addons] Created essential addon: kube-dns
23
24Your Kubernetes master has initialized successfully!
25
26You should now deploy a pod network to the cluster.
27Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
28 http://kubernetes.io/docs/admin/addons/
29
30You can now join any number of machines by running the following on each node:
31
32kubeadm join --token=09c2a0.405d80b75a3eab2a 192.168.61.100
安装flannel pod网络插件 #
使用命令kubectl get pod --all-namespaces -o wide查看kube-dns这个Pod处于ContainerCreating状态,这是因为还未为集群创建Pod network。
下面安装flannel pod网络
1kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
2configmap "kube-flannel-cfg" created
3daemonset "kube-flannel-ds" created
如果主机有多个网卡的话,参考flannel issues 39701,目前需要在kube-flannel.yml中使用--iface参数指定集群主机内网网卡的名称,否则可能会出现dns无法解析。需要将kube-flannel.yml下载到本地,flanneld启动参数加上--iface=<iface-name>
1......
2apiVersion: extensions/v1beta1
3kind: DaemonSet
4metadata:
5 name: kube-flannel-ds
6......
7containers:
8 - name: kube-flannel
9 image: quay.io/coreos/flannel:v0.7.0-amd64
10 command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr", "--iface=eth1" ]
11......
1kubectl apply -f kube-flannel.yml
2configmap "kube-flannel-cfg" created
3daemonset "kube-flannel-ds" created
根据网络状况,安装过程需要一定的时间,最后要确保所有的Pod都处于Running状态。
使master node参与工作负载 #
使用kubeadm初始化的集群,出于安全考虑master node不参与工作负载,也就是说我们无法在master node上运行服务。 这里搭建的环境目前只有一个master node,可以使用下面的命令使master node参与工作负载。
1kubectl get nodes
2NAME STATUS AGE
3cent0 Ready,master 20m
4
5kubectl taint nodes cent0 dedicated-
6node "cent0" tainted
测试DNS #
1kubectl run curl --image=radial/busyboxplus:curl -i --tty
2Waiting for pod default/curl-2421989462-vldmp to be running, status is Pending, pod ready: false
3Waiting for pod default/curl-2421989462-vldmp to be running, status is Pending, pod ready: false
4If you don't see a command prompt, try pressing enter.
5[ root@curl-2421989462-vldmp:/ ]$
进入后执行nslookup kubernetes.default确认解析正常。
1[ root@curl-2421989462-vldmp:/ ]$ nslookup kubernetes.default
2Server: 10.96.0.10
3Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
4
5Name: kubernetes.default
6Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
测试OK后,删除掉curl这个Pod。
1kubectl delete deploy curl
到这一步就可以向集群中发布程序了,同时可以使用kubeadm join命令添加新的Node到集群中。 这里搭建的是单机环境,不再继续描述。
kubernetes的核心组件 #
kubernetes将集群中的机器分为一个Master节点和一组Node节点。 从kubernetes 1.4开始,各个核心组件也是以容器形式运行在master的node上。 其中Master节点上运行kube-apiserver,kube-controller-manager,kube-scheduler,这些容器负责整个集群的资源管理、Pod调度、安全控制、弹性伸缩和系统监控。 Node节点是集群中的工作节点,运行真正的服务。
Pod是Node节点上的基本单元。Node节点上运行着kubelet进程,还有kube-proxy容器,它们负责Pod的创建、启动、监控、重启、销毁,同时实现负载均衡器。 真正需要运行的服务被包装到对应的Pod中,成为Pod中运行的一个容器。