使用kubeadm安装kubernetes 1.5

2017-01-12 阅读: Kubernetes

kubernetes是Google开源的基于Docker的容器集群管理系统,是谷歌内部大规模集群管理系统Borg的开源版本。 kubernetes基于Borg集群软件模型,其诱人之处在于该模型经过了Google庞大数据中心的校验。 本文主要介绍在CentOS7上使用kubeadm搭建一个用于开发和学习的单机环境。

系统和环境

  • CentOS 7.2
  • kubernetes 1.5.2

根据官方文档Installing Kubernetes on Linux with kubeadm 中的Limitations小节中的内容,对系统做如下设置:

修改/etc/sysctl.conf追加如下内容:

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

执行sysctl -p /etc/sysctl.conf使修改生效。

/etc/hosts中设置hostname(这里为cent0)对应非lo回环网卡ip。

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.61.100 cent0

Install Docker Engine

安装过程参考这里Install Docker on CentOS

安装完成后,创建/etc/sysconfig/docker配置文件

vi /etc/sysconfig/docker
other_args="--selinux-enabled=false --insecure-registry grc.io"

修改 /lib/systemd/system/docker.service

vi /lib/systemd/system/docker.service
... 
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=/usr/bin/dockerd $other_args
...
systemctl daemon-reload

systemctl enable docker.service
systemctl start docker

kubernetes rpm

网络条件允许的话直接yum安装。

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

查看版本:

yum list kubeadm.x86_64  --showduplicates |sort -r
kubeadm.x86_64          1.6.0-0.alpha.0.2074.a092d8e0f95f52          kubernetes

yum list kubectl.x86_64  --showduplicates |sort -r
kubectl.x86_64                        1.5.2-0                         kubernetes
kubectl.x86_64                        1.5.1-0                         kubernetes

yum list kubelet.x86_64  --showduplicates |sort -r
kubelet.x86_64                        1.5.2-0                         kubernetes
kubelet.x86_64                        1.5.1-0                         kubernetes

yum list kubernetes-cni.x86_64  --showduplicates |sort -r
kubernetes-cni.x86_64                0.3.0.1-0.07a8a2                kubernetes

安装最新版:

yum install -y kubelet kubeadm kubectl kubernetes-cni

网络条件不允许,可使用kubernetes github上的release项目构建rpm包后本地安装。

git clone https://github.com/kubernetes/release.git
cd release/rpm
chmod u+x docker-build.sh
sysctl -w net.ipv4.ip_forward=1
 ./docker-build.sh

生成的rpm包在release/rpm/output/x86_64中。 接下来yum本地安装kubernetes:

cd release/rpm/output/x86_64
yum localinstall -y *.rpm
systemctl enable kubelet.service

kubeadm init初始化集群

disable selinux

setenforce 0

vi /etc/selinux/config
SELINUX=disabled

使用kubeadm init初始化kubernetes master。这里使用flannel作为Pod network。

kubeadm init --use-kubernetes-version=v1.5.2 --pod-network-cidr=10.244.0.0/16 --api-advertise-addresses=192.168.61.100

由于使用kubeadm安装的kubernetes核心组件都是以docker容器的形式运行,因此kubeadm init命令执行过程中会pull这些组件的docker镜像,根据网络情况这个过程可能十分缓慢。 如果安装过程出现问题,需要先执行下面的命令清理之前的执行残留后,才能重新开始。

kubeadm reset

ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/

执行成功后输出信息:

[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.
[preflight] Running pre-flight checks
[preflight] WARNING: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Starting the kubelet service
[init] Using Kubernetes version: v1.5.2
[tokens] Generated token: "09c2a0.405d80b75a3eab2a"
[certificates] Generated Certificate Authority key and certificate.
[certificates] Generated API Server key and certificate
[certificates] Generated Service Account signing keys
[certificates] Created keys and certificates in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 22.908997 seconds
[apiclient] Waiting for at least one node to register and become ready
[apiclient] First node is ready after 5.505908 seconds
[apiclient] Creating a test deployment
[apiclient] Test deployment succeeded
[token-discovery] Created the kube-discovery deployment, waiting for it to become ready
[token-discovery] kube-discovery is ready after 4.003787 seconds
[addons] Created essential addon: kube-proxy
[addons] Created essential addon: kube-dns

Your Kubernetes master has initialized successfully!

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node:

kubeadm join --token=09c2a0.405d80b75a3eab2a 192.168.61.100

安装flannel pod网络插件

使用命令kubectl get pod --all-namespaces -o wide查看kube-dns这个Pod处于ContainerCreating状态,这是因为还未为集群创建Pod network。

下面安装flannel pod网络

kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
configmap "kube-flannel-cfg" created
daemonset "kube-flannel-ds" created

如果主机有多个网卡的话,参考flannel issues 39701,目前需要在kube-flannel.yml中使用--iface参数指定集群主机内网网卡的名称,否则可能会出现dns无法解析。需要将kube-flannel.yml下载到本地,flanneld启动参数加上--iface=<iface-name>

......
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
......
containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.7.0-amd64
        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr", "--iface=eth1" ]
......
kubectl apply -f kube-flannel.yml
configmap "kube-flannel-cfg" created
daemonset "kube-flannel-ds" created

根据网络状况,安装过程需要一定的时间,最后要确保所有的Pod都处于Running状态。

使master node参与工作负载

使用kubeadm初始化的集群,出于安全考虑master node不参与工作负载,也就是说我们无法在master node上运行服务。 这里搭建的环境目前只有一个master node,可以使用下面的命令使master node参与工作负载。

kubectl get nodes
NAME      STATUS         AGE
cent0     Ready,master   20m

kubectl taint nodes cent0 dedicated-
node "cent0" tainted

测试DNS

kubectl run curl --image=radial/busyboxplus:curl -i --tty
Waiting for pod default/curl-2421989462-vldmp to be running, status is Pending, pod ready: false
Waiting for pod default/curl-2421989462-vldmp to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
[ root@curl-2421989462-vldmp:/ ]$

进入后执行nslookup kubernetes.default确认解析正常。

[ root@curl-2421989462-vldmp:/ ]$ nslookup kubernetes.default
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local

测试OK后,删除掉curl这个Pod。

kubectl delete deploy curl

到这一步就可以向集群中发布程序了,同时可以使用kubeadm join命令添加新的Node到集群中。 这里搭建的是单机环境,不再继续描述。

kubernetes的核心组件

kubernetes将集群中的机器分为一个Master节点和一组Node节点。 从kubernetes 1.4开始,各个核心组件也是以容器形式运行在master的node上。 其中Master节点上运行kube-apiserver,kube-controller-manager,kube-scheduler,这些容器负责整个集群的资源管理、Pod调度、安全控制、弹性伸缩和系统监控。 Node节点是集群中的工作节点,运行真正的服务。

Pod是Node节点上的基本单元。Node节点上运行着kubelet进程,还有kube-proxy容器,它们负责Pod的创建、启动、监控、重启、销毁,同时实现负载均衡器。 真正需要运行的服务被包装到对应的Pod中,成为Pod中运行的一个容器。

参考文档

标题:使用kubeadm安装kubernetes 1.5
本文链接:https://blog.frognew.com/2017/01/install-kubernetes-with-kubeadm.html
转载请注明出处。

目录