Jusene's Blog

kubeadm 构建k8s集群

Kubernetes
字数统计: 2k阅读时长: 11 min
2018/09/10 Share

kubernetes

Docker的出现几乎改变了整个传统的架构,微服务化,CI/CD系统,DEVOPS的概念正在有落地的可能,而kubernetes的出现,也几乎正在颠覆整个IT系统部署与流程的改进,2018年是kubernetes的元年,几乎击败了任何市面上的容器编排。而相对的kubernetes的构建的复杂度也令许多想要接触kubernetes的人望而却步,当然这不是google的初衷,为了简化kubernetes的部署,官方推出了kubeadm来简化完成kubernetes的部署:

首先了解下kubernetes的集群架构:

再者需要了解kubernetes的网络结构:

实践kubeadm部署

  • 环境:

master, etcd: 10.211.55.6
node1: 10.211.55.16
node2: 10.211.55.17

  • 前提:
  1. 基于主机名通信: /etc/hosts
  2. 时间同步
  3. 关闭firewalld和iptables
  • 安装配置步骤:
  1. etcd cluster, 仅master节点
  2. flannel,集群的所有节点
  3. 配置k8s的master节点: kube-apiserver, kube-scheduler, kube-controller-manager
  4. 配置k8s的各node节点: 先设定启动docker服务 kube-proxy,kubelet

master:

1
# 配置yum源
2
~]# cat kubernetes.repo 
3
[kubernetes]
4
name=kubernetes
5
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
6
gpgcheck=0
7
enable=1
8
9
~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
10
# 安装kubeadm,docker-ce,kubelet,kubectl
11
~]# yum install -y docker-ce kubelet kubeadm kubectl
12
# 国内网络无法访问gcr镜像库,所以我们需要在docker中加入代理
13
~]# vim /usr/lib/systemd/system/docker.service
14
...
15
[Service]
16
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"
17
...
18
~]# systemctl daemon-reload && systemctl start docker
19
# 查看是否生效
20
~]# docker info
21
...
22
HTTPS Proxy: http://www.ik8s.io:10080
23
...
24
# kubernetes集群不允许开启swap,所以我们需要忽略这个错误
25
~]# vim /etc/sysconfig/kubelet
26
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
27
~]# systemctl enable docker
28
~]# systemctl enabel kubelet
29
~]# kubeadm init --kubernetes-version=v1.11.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap  # 需要下载镜像,时间有点长
30
# 配置kubectl与apiserver的认证
31
~]# mkdir -p $HOME/.kube
32
~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
33
~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
34
# 检查健康状态
35
~]# kubectl get cs
36
NAME                 STATUS    MESSAGE              ERROR
37
scheduler            Healthy   ok                   
38
controller-manager   Healthy   ok                   
39
etcd-0               Healthy   {"health": "true"}
40
# 查看节点状态
41
~]# kubectl get nodes
42
NAME      STATUS    ROLES     AGE       VERSION
43
init      NotReady     master    4m       v1.11.2
44
# 我们没有配置flannel网络,pod间网络不通,所以一直农田ready
45
~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml # 镜像也需要下载
46
~]# kubectl get nodes
47
NAME      STATUS    ROLES     AGE       VERSION
48
init      Ready     master    10m       v1.11.2
49
50
~]# ~]# docker images
51
REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
52
k8s.gcr.io/kube-proxy-amd64                v1.11.1             d5c25579d0ff        7 weeks ago         97.8MB
53
k8s.gcr.io/kube-controller-manager-amd64   v1.11.1             52096ee87d0e        7 weeks ago         155MB
54
k8s.gcr.io/kube-scheduler-amd64            v1.11.1             272b3a60cd68        7 weeks ago         56.8MB
55
k8s.gcr.io/kube-apiserver-amd64            v1.11.1             816332bd9d11        7 weeks ago         187MB
56
k8s.gcr.io/coredns                         1.1.3               b3b94275d97c        3 months ago        45.6MB
57
k8s.gcr.io/etcd-amd64                      3.2.18              b8df3b177be2        5 months ago        219MB
58
quay.io/coreos/flannel                     v0.10.0-amd64       f0fad859c909        7 months ago        44.6MB
59
k8s.gcr.io/pause                           3.1                 da86e6ba6ca1        8 months ago        742kB
60
~]# kubectl get pods -n kube-system -o wide
61
NAME                           READY     STATUS    RESTARTS   AGE       IP             NODE
62
coredns-78fcdf6894-n5kzm       1/1       Running   0          23h       10.244.0.3     init
63
coredns-78fcdf6894-rqfjq       1/1       Running   0          23h       10.244.0.2     init
64
etcd-init                      1/1       Running   0          23h       10.211.55.6    init
65
kube-apiserver-init            1/1       Running   0          23h       10.211.55.6    init
66
kube-controller-manager-init   1/1       Running   0          23h       10.211.55.6    init
67
kube-flannel-ds-amd64-wrx27    1/1       Running   0          23h       10.211.55.6    init
68
kube-proxy-65h9b               1/1       Running   0          23h       10.211.55.6    init
69
kube-scheduler-init            1/1       Running   0          23h       10.211.55.6    init
70
~]# kubectl get deployment -n kube-system
71
NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
72
coredns   2         2         2            2           23h
73
~}# kubectl get svc -n kube-system
74
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
75
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP   23h
76
~]# kubectl get svc
77
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
78
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP   23h

node:

1
# 配置yum源
2
~]# cat kubernetes.repo 
3
[kubernetes]
4
name=kubernetes
5
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
6
gpgcheck=0
7
enable=1
8
9
~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
10
# 安装kubeadm,docker-ce,kubelet
11
~]# yum install -y docker-ce kubelet kubeadm
12
# 国内网络无法访问gcr镜像库,所以我们需要在docker中加入代理
13
~]# vim /usr/lib/systemd/system/docker.service
14
...
15
[Service]
16
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"
17
...
18
~]# systemctl daemon-reload && systemctl start docker
19
# 查看是否生效
20
~]# docker info
21
...
22
HTTPS Proxy: http://www.ik8s.io:10080
23
...
24
# kubernetes集群不允许开启swap,所以我们需要忽略这个错误
25
~]# vim /etc/sysconfig/kubelet
26
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
27
~]# systemctl enable docker
28
~]# systemctl enabel kubelet
29
# 加入kubernetes集群
30
~]# kubeadm join 10.211.55.6:6443 --token a8uq9g.fwx2hubk66x68a5g --discovery-token-ca-cert-hash sha256:52385b782fcff923f8d794ff07f44f00b0a095c03a8361875ad33806df61f34d --ignore-preflight-errors=Swap # token与hash在kubeadm的完成后有提示,记得记录
31
32
33
master查看:
34
~]# kubectl get nodes
35
NAME      STATUS    ROLES     AGE       VERSION
36
init      Ready     master    23h       v1.11.2
37
node1     Ready     <none>    23h       v1.11.2
38
node2     Ready     <none>    23h       v1.11.2

kubernetes简单应用

1
# 起一个pod
2
~]# kubectl run nginx-deploy --image=nginx:1.14-alpine --replicas=1 --port=80
3
~]# kubectl get deployment
4
NAME           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
5
nginx-deploy   1         1         1            1           4h
6
~]# kubectl get pod
7
nginx-deploy-5b595999-mks9p   1/1       Running     0          4h
8
~]# kubectl get pods -o wide
9
kubectl get pods -o wide
10
NAME                          READY     STATUS      RESTARTS   AGE       IP           NODE
11
nginx-deploy-5b595999-mks9p   1/1       Running     0          4h        10.244.2.2   node2
12
~]# curl 10.244.2.2   # pod网络,所以集群内的pod可以通信
13
<!DOCTYPE html>
14
<html>
15
<head>
16
<title>Welcome to nginx!</title>
17
<style>
18
    body {
19
        width: 35em;
20
        margin: 0 auto;
21
        font-family: Tahoma, Verdana, Arial, sans-serif;
22
    }
23
</style>
24
</head>
25
<body>
26
<h1>Welcome to nginx!</h1>
27
<p>If you see this page, the nginx web server is successfully installed and
28
working. Further configuration is required.</p>
29
30
<p>For online documentation and support please refer to
31
<a href="http://nginx.org/">nginx.org</a>.<br/>
32
Commercial support is available at
33
<a href="http://nginx.com/">nginx.com</a>.</p>
34
35
<p><em>Thank you for using nginx.</em></p>
36
</body>
37
</html>
38
~]# kubectl expose deployment nginx-deploy --name=nginx  --port=80 --target-port=80 --protocol=TCP  # 部署个service,为nginx-deploy的pod提供统一的访问节点
39
~]# kubectl get svc
40
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
41
nginx        ClusterIP   10.105.30.179   <none>        80/TCP    4h
42
~]# curl 10.105.30.179
43
<!DOCTYPE html>
44
<html>
45
<head>
46
<title>Welcome to nginx!</title>
47
<style>
48
    body {
49
        width: 35em;
50
        margin: 0 auto;
51
        font-family: Tahoma, Verdana, Arial, sans-serif;
52
    }
53
</style>
54
</head>
55
<body>
56
<h1>Welcome to nginx!</h1>
57
<p>If you see this page, the nginx web server is successfully installed and
58
working. Further configuration is required.</p>
59
60
<p>For online documentation and support please refer to
61
<a href="http://nginx.org/">nginx.org</a>.<br/>
62
Commercial support is available at
63
<a href="http://nginx.com/">nginx.com</a>.</p>
64
65
<p><em>Thank you for using nginx.</em></p>
66
</body>
67
</html>
68
69
# 开启一个pod终端
70
~]# kubectl run client --image=busybox -it --restart=Never
71
If you don't see a command prompt, try pressing enter.
72
/ # cat /etc/resolv.conf 
73
nameserver 10.96.0.10
74
search default.svc.cluster.local svc.cluster.local cluster.local localdomain
75
options ndots:5
76
/ # wget -O - http://nginx/   # pod内部可以根据service name进行通信
77
Connecting to nginx (10.105.30.179:80)
78
<!DOCTYPE html>
79
<html>
80
<head>
81
<title>Welcome to nginx!</title>
82
<style>
83
    body {
84
        width: 35em;
85
        margin: 0 auto;
86
        font-family: Tahoma, Verdana, Arial, sans-serif;
87
    }
88
</style>
89
</head>
90
<body>
91
<h1>Welcome to nginx!</h1>
92
<p>If you see this page, the nginx web server is successfully installed and
93
working. Further configuration is required.</p>
94
95
<p>For online documentation and support please refer to
96
<a href="http://nginx.org/">nginx.org</a>.<br/>
97
Commercial support is available at
98
<a href="http://nginx.com/">nginx.com</a>.</p>
99
100
<p><em>Thank you for using nginx.</em></p>
101
</body>
102
</html>
103
104
~]# dig -t A nginx.default.svc.cluster.local @10.96.0.10  # 集群内部也可以根据coredns来解析
105
106
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A nginx.default.svc.cluster.local @10.96.0.10
107
;; global options: +cmd
108
;; Got answer:
109
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7916
110
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
111
112
;; OPT PSEUDOSECTION:
113
; EDNS: version: 0, flags:; udp: 4096
114
;; QUESTION SECTION:
115
;nginx.default.svc.cluster.local. IN    A
116
117
;; ANSWER SECTION:
118
nginx.default.svc.cluster.local. 5 IN   A       10.105.30.179
119
120
;; Query time: 0 msec
121
;; SERVER: 10.96.0.10#53(10.96.0.10)
122
;; WHEN: Mon Sep 10 09:33:28 EDT 2018
123
;; MSG SIZE  rcvd: 107
124
125
# 扩容
126
~]# kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2
127
~]# kubectl expose deployment myapp --name=myapp --port=80
128
~]# kubectl scale --replicas=5 deployment myapp
129
130
# 缩容
131
~]# kubectl scale --replicas=3 deployment myapp
132
133
# 滚动发布
134
~]# kubectl set image deployment myapp myapp=ikubernetes/myapp:v2
135
136
# 发布回滚
137
~]# kubectl rollout undo deployment myapp

原文作者:Zhang Jusene

原文链接:http://jusene.github.io/2018/09/10/k8s-1/

发表日期:September 10th 2018, 8:25:38 pm

更新日期:November 30th 2019, 1:54:24 am

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

CATALOG
  1. 1. kubernetes
  2. 2. 实践kubeadm部署
  3. 3. kubernetes简单应用
Total : 190
2020
2019
2018
2017
python boot troubshooting docker drbd ssh web ELK kubernetes Kubernetes git ansible tools dns corosync consul Django etcd security ftp Go bash bigdata grub heartbeat Java kickstart kvm lvs mongodb mysql mesh nc nfs mogilefs openresty upgrade puppet rabbitmq saltstack rsync screen socat svn tcpdump fastdfs haproxy iscsi keepalived cache openssl vpn optimization prometheus redis RPM cncf supervisord kernel JAVA
python Linux troubshooting Docker docker storage nginx Nosql kubernetes Flask Kubernetes ansible Shell cluster Django Go bigdata boot Java hypervisor mysql mesh tools openresty puppet rabbitmq saltstack optimization cncf varnish tomcat JAVA