基于kubernetes构建Docker集群管理详解

454luikty

一、环境部署
1、平台版本说明
    1）Centos7.0 OS
    2）Kubernetes V0.6.2
    3）etcd version 0.4.6
    4）Docker version 1.3.2
2、平台环境说明
192.168.1.20  kubernetes etcd
192.168.1.21
3、环境安装
    1）系统初始化工作（所有主机）
    系统安装-选择[最小化安装]
    # yum -y install wget ntpdate bind-utils
    # wget http://mirror.centos.org/centos/7/extras/x86_64/Packages/epel-release-7-6.noarch.rpm   

    # yum update
CentOS 7.0默认使用的是firewall作为防火墙，这里改为iptables防火墙（熟悉度更高，非必须）。
    1.1、关闭firewall：

    # systemctl stop firewalld.service #停止firewall
    # systemctl disable firewalld.service #禁止firewall开机启动

    1.2、安装iptables防火墙

    # yum install iptables-services #安装
    # systemctl start iptables.service #最后重启防火墙使配置生效
    # systemctl enable iptables.service #设置防火墙开机启动

    2）安装Etcd（192.168.1.20主机）
    # mkdir -p /home/install && cd /home/install  
    # wget https://github.com/coreos/etcd/r ... -linux-amd64.tar.gz  
    # tar -zxvf etcd-v0.4.6-linux-amd64.tar.gz  
    # cd etcd-v0.4.6-linux-amd64  
    # cp etcd* /bin/  
    # /bin/etcd -version  
    etcd version 0.4.6
  启动服务etcd服务，如有提供第三方管理需求，另需在启动参数中添加“-cors='*'”参数。
    # mkdir -p /data/etcd  
    # /bin/etcd -name etcdserver -peer-addr 192.168.1.20:7001 -addr 192.168.1.20:4001 -data-dir /data/etcd -peer-bind-addr 0.0.0.0:7001 -bind-addr 0.0.0.0:4001 &
  配置etcd服务防火墙，其中4001为服务端口，7001为集群数据交互端口。
    # iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 4001 -j ACCEPT
    # iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 7001 -j ACCEPT

    3）安装Kubernetes（涉及所有Master、Minion主机）
    通过yum源方式安装，默认将安装etcd, docker, and cadvisor相关包。
    #cd  /etc/yum.repos.d/
    #wget http://mirrors.aliyun.com/repo/Centos-7.repo
    #yum -y install kubernetes

    4）Kubernetes配置（仅Master主机）
    master运行三个组件,包括apiserver、scheduler、controller-manager，相关配置项也只涉及这三块。
4.1、【/etc/kubernetes/config】
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"

# Comma seperated list of nodes in the etcd cluster  
KUBE_ETCD_SERVERS="--etcd_servers=http://192.168.1.20:4001"

4.2、【/etc/kubernetes/apiserver】

# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"

# How the replication controller and scheduler find the kube-apiserver  
KUBE_MASTER="--master=192.168.1.20:8080"   

# Port minions listen on
KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

# Add your own!
KUBE_API_ARGS=""

4.3、【/etc/kubernetes/controller-manager】
# Comma seperated list of minions  
KUBELET_ADDRESSES="--machines= 192.168.1.21,192.168.1.100"

# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS=""

4.4、【/etc/kubernetes/scheduler】
# Add your own!  
KUBE_SCHEDULER_ARGS=""  




启动master侧相关服务

    # systemctl daemon-reload
    # systemctl start kube-apiserver.service kube-controller-manager.service kube-scheduler.service
    # systemctl enable kube-apiserver.service kube-controller-manager.service kube-scheduler.service