搭建高可用Kubernetes集群之kubernetes集群搭建
2019-05-16 本文已影响6人
olaH
在搭建kubernetes集群之前,请参考我的文章搭建高可用Kubernetes集群之etcd集群搭建篇(一)完成各节点配置
Docker
每一个kubernetes集群节点都需要安装
- 添加Docker源
wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo - 列出docker版本
yum list docker-ce.x86_64 --showduplicates | sort -r - 安装docker
yum install docker-ce-18.06.1.ce -y - 配置docker
因为Docker自1.13版本起会自动设置iptables的FORWARD默认策略为DROP,这可能会影响Kubernetes集群依赖的报文转发功能,因此,需要在docker服务启动后,重新将FORWARD链的默认策略设置为ACCEPT。
vim /usr/lib/systemd/system/docker.service
在如下位置增加ExecStartPost这一行
image.png
systemctl daemon-reload
systemctl start docker.service
systemctl enable docker.service
因为DockerHub下载镜像的速度较缓慢,所以我这里使用我自己的阿里云加速镜像加速服务。
vim /etc/docker/daemon.json
image.png
systemctl restart docker.service
安装kubeadm kubelet kubectl
- 添加Kubernetes源
vim /etc/yum.repos.d/kubernetes.repo
image.png
-
安装kubeadm kubelet kubectl
yum install kubelet kubeadm kubectl -
配置kubelet
因为我需要使用swap,所以需要添加如下来取消swap限制
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet.service
配置初始化文件
- master1
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
advertiseAddress: 192.168.88.97
bindPort: 6443
controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs: #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
external:
endpoints:
- "https://192.168.88.90:2379"
- "https://192.168.88.92:2379"
- "https://192.168.88.93:2379"
caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
certFile: /etc/kubernetes/pki/etcd/etcd.pem
keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
config:
mode: "ipvs"
ipvs:
ExcludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
syncPeriod: 30s
kubeletConfiguration:
baseConfig:
cgroupDriver: cgroupfs
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
failSwapOn: false
resolvConf: /etc/resolv.conf
staticPodPath: /etc/kubernetes/manifests
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
- master2
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
advertiseAddress: 192.168.88.98
bindPort: 6443
controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs: #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
external:
endpoints:
- "https://192.168.88.90:2379"
- "https://192.168.88.92:2379"
- "https://192.168.88.93:2379"
caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
certFile: /etc/kubernetes/pki/etcd/etcd.pem
keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
config:
mode: "ipvs"
ipvs:
ExcludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
syncPeriod: 30s
kubeletConfiguration:
baseConfig:
cgroupDriver: cgroupfs
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
failSwapOn: false
resolvConf: /etc/resolv.conf
staticPodPath: /etc/kubernetes/manifests
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
- master3
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
advertiseAddress: 192.168.88.99
bindPort: 6443
controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs: #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
external:
endpoints:
- "https://192.168.88.90:2379"
- "https://192.168.88.92:2379"
- "https://192.168.88.93:2379"
caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
certFile: /etc/kubernetes/pki/etcd/etcd.pem
keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
config:
mode: "ipvs"
ipvs:
ExcludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
syncPeriod: 30s
kubeletConfiguration:
baseConfig:
cgroupDriver: cgroupfs
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
failSwapOn: false
resolvConf: /etc/resolv.conf
staticPodPath: /etc/kubernetes/manifests
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
需要把之前生成的etcd密钥放在master1节点的这个文件下 /etc/kubernetes/pki/etcd/
上述的镜像仓库地址是我的阿里云镜像仓库,上面已经有需要的镜像了,可以直接使用来下载。
拉取镜像
kubeadm config images pull --config kubeadm-config.yaml
并把pause镜像的名称改回原来的名称,如下
docker tag registry.cn-hangzhou.aliyuncs.com/csdc /pause:3.1 k8s.gcr.io/pause:3.1
初始化集群
做完以上操作之后,就可执行如下命令进行初始化
- master1
kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap
执行成功会像下面一样
image.png
按照提示的操作执行命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
把kubernetes生成的密钥文件复制到各个master节点,如下:
scp -r /etc/kubernetes/pki root@master2:/etc/kubernetes/
scp -r /etc/kubernetes/pki root@master3:/etc/kubernetes/
补全操作:
cat << EOF > /etc/profile.d/kubernetes.sh
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
- master2
删除其他master节点的apiserver的密钥防止冲突,如下
rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap
按照提示的操作执行命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
补全操作:
cat << EOF > /etc/profile.d/kubernetes.sh
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
- master3
删除其他master节点的apiserver的密钥防止冲突,如下
rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap
按照提示的操作执行命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
补全操作:
cat << EOF > /etc/profile.d/kubernetes.sh
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
-
在所有node主机上执行加入集群的命令
kubeadm join 192.168.88.201:6443 --token 60yl6g.256rf16jt7a --discovery-token-ca-cert-hash sha256:8ece398f27a70cba97491a7cbeb8c93435fc7f0e7d8e1cb8aa4b0eee84 --ignore-preflight-errors=Swap -
查看集群状态(在任一主节点执行)
kubectl get node
image.png
安装网络插件
从上图可以看出各个节点的状态还是未准备的状态,这是因为没有安装网络插件
- 下载flannel插件
任选一个主节点执行下列命令进行下载
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
然后把文件里的- --iface=**改成你本机的网卡名就行,例如我的网卡名是eth0
那么 - --iface=eth0(一共有五个地方需要修改)
修改完成执行下面命令进行安装
kubectl apply -f kube-flannel.yml
image.png
至此,Kubernetes的一些基本组件全部安装完成,如果你喜欢,请不要吝啬你的赞。如果有任何疑问,请直接评论或者私信我。
