容器编排之Kubernetes1.7.6安装与配置
kubernetes官网的安装教程是采用kubeadm init的方式,但是在生产环境当中,可能需要独自手动安装k8s,本文采用源码安装的方式,一步步搭建k8s的master节点和node节点。系统配置:Centos7.3
Docker版本:1.12.6
一、创建 kubernetes 各组件 TLS 加密通信的证书和秘钥
kubernetes 系统的各组件需要使用 TLS 证书对通信进行加密,本文档使用 CloudFlare 的 PKI 工具集 cfssl 来生成 Certificate Authority (CA) 和其它证书;
生成的 CA 证书和秘钥文件如下:
[*]ca-key.pem
[*]ca.pem
[*]kubernetes-key.pem
[*]kubernetes.pem
[*]kube-proxy.pem
[*]kube-proxy-key.pem
[*]admin.pem
[*]admin-key.pem
使用证书的组件如下:
[*]etcd:使用 ca.pem、kubernetes-key.pem、kubernetes.pem;
[*]kube-apiserver:使用 ca.pem、kubernetes-key.pem、kubernetes.pem;
[*]kubelet:使用 ca.pem;
[*]kube-proxy:使用 ca.pem、kube-proxy-key.pem、kube-proxy.pem;
[*]kubectl:使用 ca.pem、admin-key.pem、admin.pem;
kube-controller、kube-scheduler 当前需要和 kube-apiserver 部署在同一台机器上且使用非安全端口通信,故不需要证书。
kubernetes版本:1.7.6
kubernetes下载地址:https://www.kubernetes.org.cn/2729.html
下载下来,解压缩:
tar xzvf kubernetes.tar.gz
cd kubernetes
执行get-kube-binaries.sh下载server和client的可执行文件
$ ./cluster/get-kube-binaries.sh
Kubernetes>7.6
Server: linux
/amd64(to override, set KUBERNETES_SERVER_ARCH)
Client: linux
/amd64(autodetected)
。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。
等待很长时间
服务端可执行文件下载到了server文件夹,没有被自动展开
# cd server/
# ls
kubernetes
-manifests.tar.gzkubernetes-salt.tar.gzkubernetes-server-linux-amd64.tar.gzREADME
# tar zxvf kubernetes
-server-linux-amd64.tar.gz
kubernetes
/
kubernetes
/server/
kubernetes
/server/bin/
kubernetes
/server/bin/cloud-controller-manager
kubernetes
/server/bin/kube-aggregator.tar
kubernetes
/server/bin/kube-proxy.tar
kubernetes
/server/bin/kube-proxy
kubernetes
/server/bin/kube-controller-manager.tar
kubernetes
/server/bin/kube-controller-manager
kubernetes
/server/bin/kube-apiserver
kubernetes
/server/bin/kube-aggregator.docker_tag
kubernetes
/server/bin/kube-controller-manager.docker_tag
kubernetes
/server/bin/kubefed
kubernetes
/server/bin/kube-scheduler.tar
kubernetes
/server/bin/kube-apiserver.tar
kubernetes
/server/bin/kubeadm
kubernetes
/server/bin/kube-scheduler.docker_tag
kubernetes
/server/bin/hyperkube
kubernetes
/server/bin/kube-scheduler
kubernetes
/server/bin/cloud-controller-manager.tar
kubernetes
/server/bin/kubelet
kubernetes
/server/bin/kube-proxy.docker_tag
kubernetes
/server/bin/kube-apiserver.docker_tag
kubernetes
/server/bin/kubectl
kubernetes
/server/bin/apiextensions-apiserver
kubernetes
/server/bin/cloud-controller-manager.docker_tag
kubernetes
/server/bin/kube-aggregator
kubernetes
/LICENSES
kubernetes
/addons/
kubernetes
/kubernetes-src.tar.gz
#
这里就是最新版本的kubernetes可执行文件列表。要构建kubernetes集群,需要在master节点启动kube-apiserver, kube-controller-manager, kube-scheduler,在每个节点启动kubelet和kube-proxy(如果pod采用的网络模式为host模式,kube-proxy可以不安装,只安装kubelet即可)。这里我们不直接执行,采用systemctl管理。
# vim /usr/lib/systemd/system/kube-apiserver.service
Description
=Kubernetes API Service
Documentation
=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=etcd.service
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBELET_PORT \
$KUBE_ALLOW_PRIV \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
WantedBy=multi-user.target
kube-controller-manager.service
# vim /usr/lib/systemd/system/kube-controller-manager.service
Description
=Kubernetes Controller Manager
Documentation
=https://github.com/GoogleCloudPlatform/kubernetes
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
WantedBy=multi-user.target
kube-scheduler.service
# vim /usr/lib/systemd/system/kube-scheduler.service
Description
=Kubernetes Scheduler Plugin
Documentation
=https://github.com/GoogleCloudPlatform/kubernetes
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
WantedBy=multi-user.target
接着执行命令:
systemctl --system daemon-reload
systemctl start kube
-apiserver.service
systemctl start kube
-controller-manager.service
systemctl start kube
-scheduler.service
这样,master上的kubernetes组件就全部跑起来了,可以使用kubectl检查是否运行正常:
将k8s的命令全部复制到PATH路径下
# cd
/root/kubernetes/server/kubernetes/server/bin
# cp kube
* /usr/bin/
查看master信息
# kubectl cluster
-info
Kubernetes master
is running at https://172.17.100.13:6443
页:
[1]