一、CentOS 7 基础环境准备
centos 7 默认服务目录
/usr/lib/systemd/system systemctl服务开机启动链接存贮目录: /etc/systemd/system/basic.target.wants/ 列出所有开机自启的服务 systemctl list-unit-files|grep enabled
1、Centos7 防火墙 默认是 firewall
想和centos 6 一样配置 iptables;直接 yum update iptables
也可以直接安装 yum install iptables iptables-server
Systemctl stop firewalld Systemctl disable firewalld systemctl restart iptables.service systemctl status iptables.service systemctl enable iptables.service
2、网络设置network
使用 static 地址和配置DNS Centos 7 的网卡名称从默认eth更改为ifcfg-en开头的 CentOS6 及之前以太网网卡进行顺序命名的;多网卡如:eth0,eth1 依次。 Centos7 则不同,命名规则默认是基于固件、拓扑、位置信息来分配。 # ip addr show 如果用户不习惯可以更新 ifconfig 然后再查看; # yum update ifconfig
3、关闭selinux
#sed -i ‘/^SELINUX=/cSELINUX=disabled‘ /etc/sysconfig/selinux
4、更新 yum 源
# cat /etc/yum.repos.d/virt7-docker-common-release.repo [virt7-docker-common-release] name=virt7-docker-common-release baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/ gpgcheck=0
5、时间校验
# yum install ntp systemctl restart ntpd.service
也可以部署时间服务器进行校验
6、规划分布
10.100.10.100 master 10.100.10.105 minion1 (node1) 10.100.10.106 minion2 (node2)
也可以去绑定主机头 /etc/hosts
二 、kubernetes
三、master 服务端:
IP : 10.100.10.100 # yum install etcd flannel docker kubernetes
1、etcd
etcd.conf 文件配置示例 :
# cat etcd.conf ETCD_NAME=default ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" 启动 : systemctl start etcd.services
2、虚拟网络(可以供docker虚拟网络)
可以使用 flannel,或者openvswitch
在etcd里定义创建flannel网络配置:
# etcdctl mk /atomic.io/network/config ‘{"Network":"172.16.0.0/16"}‘
3、etcdctl 常用命令;
backup 备份目录
cluster-health 集群健康检测
mk 创建一个键值设置属性
mkdir 创建目录
rm 删除
rmdir 如果目录为空 删除所有
get 查看键的属性
4、kubernetes -master 配置;
4.1、config配置示例:
# cat /etc/kubernetes/config |grep -v ^$ |grep -v ^# KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" KUBE_ALLOW_PRIV="--allow-privileged=false" KUBE_MASTER="--master=http://docker-master:8080"
4.2、apiserver 配置示例:
# cat /etc/kubernetes/apiserver |grep -v ^$ |grep -v ^# KUBE_API_ADDRESS="--address=0.0.0.0" KUBE_API_PORT="--port=8080" KUBE_MASTER="--master=http://docker-master:8080" KUBELET_PORT="--kubelet-port=10250" KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" KUBE_API_ARGS=""
4.3、kubelet配置示例:
# cat /etc/kubernetes/kubelet |grep -v ^$ |grep -v ^# KUBELET_ADDRESS="--address=127.0.0.1" KUBELET_HOSTNAME="--hostname-override=127.0.0.1" KUBELET_API_SERVER="--api-servers=http://127.0.0.1:8080" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest" KUBELET_ARGS=""
5、添加启动项、启动、并查看状态:
# cat start-kube.sh for SERVICES in etcd docker kube-apiserver kube-controller-manager kube-scheduler; do systemctl enable $SERVICES systemctl restart $SERVICES systemctl status $SERVICES done
7、服务检测:
1. 检测端口;ss -tln 2. 查看 docker 网络 # ifconfig docker 查看docker网络 172.16.0.0/16 网络 3. master 检测节点(暂时没有): # kubectl get nodes NAME STATUS AGE 4. 异常排错:可以根据提示进行查看启动运行异常的信息 # journalctl -xe 查看错误信息 dhcp 问题 DNS问题 镜像下载问题 ca认证问题
四、kubernettes - minion 节点
1. 环境安装 yum -y install flannel docker kubernetes 2. 配置flannel # cat /etc/sysconfig/flanneld FLANNEL_ETCD_ENDPOINTS="http://10.100.10.100:2379" # etcd 节点名称 FLANNEL_ETCD_PREFIX="/atomic.io/network" # flannel网络 可以设置成master主机IP
1、kubernetes minion 端配置示例参考;
主要也是这个文件 config kubetle apiserver (minion 配置基本一样的,kubelet 中 KUBELET_HOSTNAME 设置为本机IP 地址)
1.1、apiserver 文件
# cat apiserver |grep -v ^$ |grep -v ^# KUBE_API_ADDRESS="--address=127.0.0.1" KUBE_ETCD_SERVERS="--etcd_servers=http://10.100.10.100:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
1.2、config 文件
# cat config |grep -v ^$ |grep -v ^# KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" KUBE_ALLOW_PRIV="--allow_privileged=false" KUBE_MASTER="--master=http://10.100.10.100:8080" KUBE_ETCD_SERVERS="--etcd-servers=http://10.100.10.100:2379"
1.3、kubelet 文件
# cat kubelet |grep -v ^$ |grep -v ^# KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_PORT="--port=10250" KUBELET_HOSTNAME="--hostname-override=10.100.10.105"
# KUBELET_HOSTNAME 设置minion端主机IP (node2 就是设置为 10.100.10.106) KUBELET_API_SERVER="--api-servers=http://10.100.10.100:8080" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
2、minion 端添加启动项、启动、并查看状态;
# cat minion-kube.sh for SERVICES in kube-proxy kubelet docker flanneld; do systemctl enable $SERVICES systemctl restart $SERVICES systemctl status $SERVICES done
3、检测服务
ss -tln # 检测进程端口; # ifconfig docker
查看docker网络 172.16.0.0/16 网络;
再返回 master 端检测节点: # kubectl get nodes NAME STATUS AGE
五、Kubernetes Web UI搭建
1、创建kubernetes-dashboard.yaml
从官网下载 yaml 文件; wget https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml
2、编辑 kubernetes-dashboard.yaml 文件;
配置示例(版本不是最新,可按照部署最新进行编辑修改):
# cat kubernetes-dashboard.yaml
# Copyright 2015 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Configuration to deploy release version of the Dashboard UI.
#
# Example usage: kubectl create -f <this_file>
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation if Dashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
image: docker.io/mritd/kubernetes-dashboard-amd64
# 如果有网络问题,images 也可以自己创建 docker 私有库;地址写成自己的;
#imagePullPolicy: Always
imagePullPolicy: IfNotPresent
# 不存在 就下载
ports:
- containerPort: 9090
protocol: TCP
args:
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
- --apiserver-host=http://10.100.10.100:8080
# master 主机 apiserver
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
3、创建 Pod (image 位置;设置下载地址有关 需要等一会)
# kubectl create -f kubernetes-dashboard.yaml
# 创建 pod 失败删除
# 可以使用 kuectl delete -f kubernetes-dashboard.yaml 删除
4、检测 pods
pods
# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system kubernetes-dashboard-3713835017-4nbkp 1/1 Running 1 5m
services # kubectl get services --all-namespaces NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes 10.254.0.1 <none> 443/TCP 33m kube-system kubernetes-dashboard 10.254.211.205 <nodes> 80:30491/TCP 5m
5、查看 service 信息
# kubectl describe service/kubernetes-dashboard --namespace="kube-system" Name: kubernetes-dashboard Namespace: kube-system Labels: app=kubernetes-dashboard Selector: app=kubernetes-dashboard Type: NodePort IP: 10.254.211.205 Port: <unset> 80/TCP NodePort: <unset> 30491/TCP Endpoints: 172.16.4.4:9090 Session Affinity: None
6、异常处理
可以查看pods信息描述; # kubectl describe pod/kubernetes-dashboard-3713835017-4nbkp --namespace="kubectl-system" 查看日志信息; # kubectl logs -f kubernetes-dashboard-3713835017-4nbkp --namespace=kube-system
7、测试访问:
http://master:8080/ui/
六、kubectl 常用命令:
1. 检测信息命令 # 查看集群信息 kubectl cluster-info # 查看各组件信息 kubectl -s http://localhost:8080 get componentstatuses # 查看pods所在的运行节点 kubectl get pods -o wide # 查看pods定义的详细信息 kubectl get pods -o yaml # 查看Replication Controller信息 kubectl get rc # 查看service的信息 kubectl get service # 查看节点信息 kubectl get nodes # 按selector名来查找pod kubectl get pod --selector name=redis # 查看运行的pod的环境变量 kubectl exec pod名 env 2.操作类命令 # 创建 kubectl create -f 文件名 # 重建 kubectl replace -f 文件名 [--force] # 删除 kubectl delete -f 文件名 kubectl delete pod pod名 kubectl delete rc rc名 kubectl delete service service名 kubectl delete pod --all
