码迷,mamicode.com
首页 > Web开发 > 详细

centos7.2搭建kubernetes1.5.2+dashboard

时间:2018-03-12 16:51:02      阅读:1950      评论:0      收藏:0      [点我收藏+]

标签:本机   discover   sign   path   yam   created   主机   restart   SM   

一、    简介

近来容器对企业来说已经不是什么陌生的概念,Kubernetes作为Google开源的容器运行平台,受到了大家的热捧。搭建一套完整的kubernetes平台,也成为试用这套平台必须迈过的坎儿。本教程搭建kubernetes1.5.2版本,安装还是相对比较方便的,通过yum源安装。但是在kubernetes1.6之后,安装就比较繁琐了,需要证书各种认证,这里暂时不深讨。 k8s(kubernetes简称)包含以下主要组件:

Kubernetes 集群中主要存在两种类型的节点,分别是 master 节点,以及 minion 节点。

Minion 节点是实际运行 Docker 容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能。

Master 节点负责对外提供一系列管理集群的 API 接口,并且通过和 Minion 节点交互来实现对集群的操作管理。

apiserver:用户和 kubernetes 集群交互的入口,封装了核心对象的增删改查操作,提供了 RESTFul 风格的 API 接口,通过 etcd 来实现持久化并维护对象的一致性。

scheduler:负责集群资源的调度和管理,例如当有 pod 异常退出需要重新分配机器时,scheduler 通过一定的调度算法从而找到最合适的节点。

controller-manager:主要是用于保证 replicationController 定义的复制数量和实际运行的 pod 数量一致,另外还保证了从 service 到 pod 的映射关系总是最新的。

kubelet:运行在 minion 节点,负责和节点上的 Docker 交互,例如启停容器,监控运行状态等。

proxy:运行在 minion 节点,负责为 pod 提供代理功能,会定期从 etcd 获取 service 信息,并根据 service 信息通过修改 iptables 来实现流量转发(最初的版本是直接通过程序提供转发功能,效率较低。),将流量转发到要访问的 pod 所在的节点上去。

etcd:key-value键值存储数据库,用来存储kubernetes的信息的。

flannel:Flannel 是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,需要另外下载部署。我们知道当我们启动 Docker 后会有一个用于和容器进行交互的 IP 地址,如果不去管理的话可能这个 IP 地址在各个机器上是一样的,并且仅限于在本机上进行通信,无法访问到其他机器上的 Docker 容器。Flannel 的目的就是为集群中的所有节点重新规划 IP 地址的使用规则,从而使得不同节点上的容器能够获得同属一个内网且不重复的 IP 地址,并让属于不同节点上的容器能够直接通过内网 IP 通信。

 

二、    部署规划

 centos71  192.168.223.155  master节点

 centos72  192.168.223.156  node节点

 centos73  192.168.223.157  node节点

三、    安装前准备

本次安装使用vmvare建立的3台虚拟机,操作系统CentOS Linux release 7.2.1511 (Core)

3台主机均需要做以下操作:

关闭iptables:service iptables stop

chkconfig iptables off

关闭firewalld:

systemctl disable firewalld.service

systemctl stop firewalld.service

 

关闭selinux:

setenforce 0

修改配置文件vi /etc/selinux/config:

SELINUX=disabled

 

设置HOST文件:vi /etc/hosts:

192.168.223.155 centos71

192.168.223.156 centos72

192.168.223.157 centos73

四、    部署etcd

1、   yum安装etcd

[root@centos71 ~]# yum install -y etcd

 

2、   修改配置文件

[root@centos71 ~]# vi /etc/etcd/etcd.conf

# 修改以下红色部分

#[Member]

#ETCD_CORS=""

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

#ETCD_WAL_DIR=""

#ETCD_LISTEN_PEER_URLS="http://localhost:2380"

ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"

#ETCD_MAX_SNAPSHOTS="5"

#ETCD_MAX_WALS="5"

ETCD_NAME="master"

#ETCD_SNAPSHOT_COUNT="100000"

#ETCD_HEARTBEAT_INTERVAL="100"

#ETCD_ELECTION_TIMEOUT="1000"

#ETCD_QUOTA_BACKEND_BYTES="0"

#

#[Clustering]

#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://centos71:2379,http://centos71:4001"

#ETCD_DISCOVERY=""

#ETCD_DISCOVERY_FALLBACK="proxy"

#ETCD_DISCOVERY_PROXY=""

#ETCD_DISCOVERY_SRV=""

#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"

#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

#ETCD_INITIAL_CLUSTER_STATE="new"

#ETCD_STRICT_RECONFIG_CHECK="true"

#ETCD_ENABLE_V2="true"

#

#[Proxy]

#ETCD_PROXY="off"

#ETCD_PROXY_FAILURE_WAIT="5000"

#ETCD_PROXY_REFRESH_INTERVAL="30000"

#ETCD_PROXY_DIAL_TIMEOUT="1000"

#ETCD_PROXY_WRITE_TIMEOUT="5000"

#ETCD_PROXY_READ_TIMEOUT="0"

#

#[Security]

#ETCD_CERT_FILE=""

#ETCD_KEY_FILE=""

#ETCD_CLIENT_CERT_AUTH="false"

#ETCD_TRUSTED_CA_FILE=""

#ETCD_AUTO_TLS="false"

#ETCD_PEER_CERT_FILE=""

#ETCD_PEER_KEY_FILE=""

#ETCD_PEER_CLIENT_CERT_AUTH="false"

#ETCD_PEER_TRUSTED_CA_FILE=""

#ETCD_PEER_AUTO_TLS="false"

#

#[Logging]

#ETCD_DEBUG="false"

#ETCD_LOG_PACKAGE_LEVELS=""

#ETCD_LOG_OUTPUT="default"

#

#[Unsafe]

#ETCD_FORCE_NEW_CLUSTER="false"

#

#[Version]

#ETCD_VERSION="false"

#ETCD_AUTO_COMPACTION_RETENTION="0"

#

#[Profiling]

#ETCD_ENABLE_PPROF="false"

#ETCD_METRICS="basic"

#

#[Auth]

#ETCD_AUTH_TOKEN="simple"

 

3、   启动并验证

[root@centos71 ~]# systemctl enable etcd

[root@centos71 ~]# systemctl start etcd

[root@centos71 ~]# etcdctl set testdir/testkey0 10

10

[root@centos71 ~]# etcdctl get testdir/testkey0  

10

[root@centos71 ~]# etcdctl -C http://centos71:4001 cluster-health     

member 8e9e05c52164694d is healthy: got healthy result from http://centos71:2379

cluster is healthy

[root@centos71 ~]# etcdctl -C http://centos71:2379 cluster-health

member 8e9e05c52164694d is healthy: got healthy result from http://centos71:2379

cluster is healthy

# 验证正常,本教程搭建的etcd是单机模式,如需搭建集群模式,请参加其他教程。

 

五、    部署master

1、 安装docker

[root@centos71 ~]# yum install docker -y

配置Docker配置文件,使其允许从registry中拉取镜像

OPTIONS=‘--selinux-enabled --log-driver=journald --signature-verification=false‘

if [ -z "${DOCKER_CERT_PATH}" ]; then

    DOCKER_CERT_PATH=/etc/docker

fi

OPTIONS=‘--insecure-registry registry:5000‘

 

[root@centos71 ~]# systemctl enable docker         # 设置开机启动

[root@centos71 ~]# systemctl start docker            # 启动

 

 

2、 安装kubernetes

[root@centos71 ~]# yum install kubernetes -y

 

3、 修改kubernetes配置文件

配置以下master节点需要运行的组件:

Kubernets API Server

Kubernets Controller Manager

Kubernets Scheduler

 

[root@centos71 ~]# vim /etc/kubernetes/apiserver

###

# kubernetes system config

#

# The following values are used to configure the kube-apiserver

#

 

# The address on the local server to listen to.

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

 

# The port on the local server to listen on.

KUBE_API_PORT="--port=8080"

 

# Port minions listen on

# KUBELET_PORT="--kubelet-port=10250"

 

# Comma separated list of nodes in the etcd cluster

KUBE_ETCD_SERVERS="--etcd-servers=http://centos71:2379"

 

# Address range to use for services

KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.0.0.0/16"

# flannel网络段设置

 

# default admission control policies

#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

# 必须去掉ServiceAccount,否则出现验证错误

 

# Add your own!

KUBE_API_ARGS=""

 

[root@centos71 ~]# vim /etc/kubernetes/config

###

# kubernetes system config

#

# The following values are used to configure various aspects of all

# kubernetes services, including

#

#   kube-apiserver.service

#   kube-controller-manager.service

#   kube-scheduler.service

#   kubelet.service

#   kube-proxy.service

# logging to stderr means we get it in the systemd journal

KUBE_LOGTOSTDERR="--logtostderr=true"

 

# journal message level, 0 is debug

KUBE_LOG_LEVEL="--v=0"

 

# Should this cluster be allowed to run privileged docker containers

KUBE_ALLOW_PRIV="--allow-privileged=false"

 

# How the controller-manager, scheduler, and proxy find the apiserver

KUBE_MASTER="--master=http://centos71:8080"

 

4、 启动服务

[root@centos71 ~]# systemctl enable kube-apiserver.service

[root@centos71 ~]# systemctl start kube-apiserver.service

[root@centos71 ~]# systemctl enable kube-controller-manager.service

[root@centos71 ~]# systemctl start kube-controller-manager.service

[root@centos71 ~]# systemctl enable kube-scheduler.service

[root@centos71 ~]# systemctl start kube-scheduler.service

 

六、    部署node

两个节点centos72和centos73均需执行,这里以centos72为例。

1、 安装docker

参见第五章第1节

 

2、   安装kubernetes

[root@centos72 ~]# yum install kubernetes -y

配置以下master节点需要运行的组件:

Kubelet

Kubernets Proxy

 

3、   修改kubernetes配置文件

[root@centos72 ~]# vim /etc/kubernetes/config

###

# kubernetes system config

#

# The following values are used to configure various aspects of all

# kubernetes services, including

#

#   kube-apiserver.service

#   kube-controller-manager.service

#   kube-scheduler.service

#   kubelet.service

#   kube-proxy.service

# logging to stderr means we get it in the systemd journal

KUBE_LOGTOSTDERR="--logtostderr=true"

 

# journal message level, 0 is debug

KUBE_LOG_LEVEL="--v=0"

 

# Should this cluster be allowed to run privileged docker containers

KUBE_ALLOW_PRIV="--allow-privileged=false"

 

# How the controller-manager, scheduler, and proxy find the apiserver

KUBE_MASTER="--master=http://centos71:8080"

 

[root@centos72 ~]# vim /etc/kubernetes/kubelet

###

# kubernetes kubelet (minion) config

 

# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)

KUBELET_ADDRESS="--address=0.0.0.0"

 

# The port for the info server to serve on

# KUBELET_PORT="--port=10250"

 

# You may leave this blank to use the actual hostname

KUBELET_HOSTNAME="--hostname-override=centos72"

 

# location of the api-server

KUBELET_API_SERVER="--api-servers=http://centos71:8080"

 

# pod infrastructure container

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

 

# Add your own!

KUBELET_ARGS=""

 

4、 启动服务

[root@centos72 ~]# systemctl enable kubelet.service

[root@centos72 ~]# systemctl start kubelet.service

[root@centos72 ~]# systemctl enable kube-proxy.service

[root@centos72 ~]# systemctl start kube-proxy.service

 

集群配置完成,在master节点centos71上查看集群节点及状态

[root@centos71 ~]# kubectl -s http://centos71:8080 get node

NAME       STATUS    AGE

centos72   Ready     2d

centos73   Ready     2d

或者

[root@centos71 ~]# kubectl get nodes

NAME       STATUS    AGE

centos72   Ready     2d

centos73   Ready     2d

 

至此,已经搭建了一个kubernetes集群,但目前该集群还不能很好的工作,请继续后续的步骤。

 

七、    创建覆盖网络-Flannel

在master与node节点都需要执行。

1、 安装Flannel

[root@centos71 ~]# yum install flannel -y

 

2、 配置Flannel

[root@centos71 ~]# vim /etc/sysconfig/flanneld

# Flanneld configuration options 

 

# etcd url location.  Point this to the server where etcd runs

FLANNEL_ETCD_ENDPOINTS="http://centos71:2379"

 

# etcd config key.  This is the configuration key that flannel queries

# For address range assignment

FLANNEL_ETCD_PREFIX="/atomic.io/network"

 

# Any additional options that you want to pass

#FLANNEL_OPTIONS=""

 

3、 配置etcd中关于flannel的key

Flannel使用Etcd进行配置,来保证多个Flannel实例之间的配置一致性,所以需要在etcd上进行如下配置:(‘/atomic.io/network/config’这个key与上文/etc/sysconfig/flannel中的配置项FLANNEL_ETCD_PREFIX是相对应的,错误的话启动就会出错),网络也与master节点/etc/kubernetes/apiserver中配置的KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.0.0.0/16"保持一致。

[root@centos71 ~]# etcdctl mk /atomic.io/network/config ‘{ "Network": "10.0.0.0/16" }‘

{ "Network": "10.0.0.0/16" }

 

4、 启动Flannel

启动Flannel之后,需要依次重启docker、kubernetes。

在master节点执行:

systemctl enable flanneld.service

systemctl start flanneld.service

systemctl restart docker

systemctl restart kube-apiserver.service

systemctl restart kube-controller-manager.service

systemctl restart kube-scheduler.service

在node节点上执行:

systemctl enable flanneld.service

systemctl start flanneld.service

systemctl restart docker

systemctl restart kubelet.service

systemctl restart kube-proxy.service

 

八、    安装dashboard

Dashbord为我们提供了一个便捷的控制台,可以在一定程度上摆脱枯燥的命令行操作,可以用来管理Node,部署应用,性能监控等等。当然,喜欢自己开发自动化工具的人也可以通过kube的api,开发出更加高级的工具。

1、 编辑dashboard的yaml文件

首先在master上新建一个叫ube-system的namespace(有可能已自带)

[root@centos71 ~]# vim kube-namespace.yaml

{

"kind": "Namespace",

"apiVersion": "v1",

"metadata": {

"name": "kube-system"

}

}

[root@centos71 ~]# kubectl create -f kube-namespace.yaml

 

[root@centos71 ~]# vim kube-dashboard.yaml

# Copyright 2015 Google Inc. All Rights Reserved.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

 

# Configuration to deploy release version of the Dashboard UI.

#

# Example usage: kubectl create -f <this_file>

 

kind: Deployment

apiVersion: extensions/v1beta1

metadata:

  labels:

    app: kubernetes-dashboard

    version: v1.5.1

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  selector:

    matchLabels:

      app: kubernetes-dashboard

  template:

    metadata:

      labels:

        app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: docker.io/rainf/kubernetes-dashboard-amd64

        imagePullPolicy: Always

        ports:

        - containerPort: 9090

          protocol: TCP

        args:

          # Uncomment the following line to manually specify Kubernetes API server Host

          # If not specified, Dashboard will attempt to auto discover the API server and connect

          # to it. Uncomment only if the default does not work.

        - --apiserver-host=http://192.168.223.155:8080  ## 请修改为自己的kebu-apiserver

        livenessProbe:

          httpGet:

            path: /

            port: 9090

          initialDelaySeconds: 30

          timeoutSeconds: 30

---

kind: Service

apiVersion: v1

metadata:

  labels:

    app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 9090

  selector:

app: kubernetes-dashboard

 

2、 根据dashboard的yaml文件创建pod

[root@centos71 ~]# kubectl create -f kube-dashboard.yaml

deployment "kubernetes-dashboard" created

service "kubernetes-dashboard" created

 

3、 查看并验证pod

[root@centos71 ~]# kubectl get pods --namespace=kube-system                                            

NAME                                    READY     STATUS              RESTARTS   AGE

kubernetes-dashboard-1472098125-942vp   0/1       ContainerCreating   0          5s

 

查看该容器的详细过程:

[root@centos71 ~]# skubectl describe pods kubernetes-dashboard-1472098125-942vp --namespace=kube-system

Name:           kubernetes-dashboard-1472098125-xptk2

Namespace:      kube-system

Node:           centos73/192.168.223.157

Start Time:     Mon, 12 Mar 2018 12:01:28 +0800

Labels:         app=kubernetes-dashboard

                pod-template-hash=1472098125

Status:         Running

IP:             10.0.86.2

Controllers:    ReplicaSet/kubernetes-dashboard-1472098125

Containers:

  kubernetes-dashboard:

    Container ID:       docker://4938e3d24cb6524a47caad183724710e190a9ca907c1d10371c1279c95cb8a5a

    Image:              docker.io/rainf/kubernetes-dashboard-amd64

    Image ID:           docker-pullable://docker.io/rainf/kubernetes-dashboard-amd64@sha256:a7f45e6fe292abe69d92426aaca4ec62c0c62097c1aff6b8b12b8cc7a2225345

    Port:               9090/TCP

    Args:

      --apiserver-host=http://192.168.223.155:8080

    State:                      Running

      Started:                  Mon, 12 Mar 2018 12:01:37 +0800

    Ready:                      True

    Restart Count:              0

    Liveness:                   http-get http://:9090/ delay=30s timeout=30s period=10s #success=1 #failure=3

    Volume Mounts:              <none>

    Environment Variables:      <none>

Conditions:

  Type          Status

  Initialized   True

  Ready         True

  PodScheduled  True

No volumes.

QoS Class:      BestEffort

Tolerations:    <none>

Events:

  FirstSeen     LastSeen        Count   From                    SubObjectPath                           Type            Reason                  Message

  ---------     --------        -----   ----                    -------------                           --------        ------                  -------

  16s           16s             1       {default-scheduler }                                            Normal          Scheduled               Successfully assigned kubernetes-dashboard-1472098125-xptk2 to centos73

  15s           15s             1       {kubelet centos73}      spec.containers{kubernetes-dashboard}   Normal          Pulling                 pulling image "docker.io/rainf/kubernetes-dashboard-amd64"

  16s           7s              2       {kubelet centos73}                                              Warning         MissingClusterDNS       kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.

  7s            7s              1       {kubelet centos73}      spec.containers{kubernetes-dashboard}   Normal          Pulled                  Successfully pulled image "docker.io/rainf/kubernetes-dashboard-amd64"

  7s            7s              1       {kubelet centos73}      spec.containers{kubernetes-dashboard}   Normal          Created                 Created container with docker id 4938e3d24cb6; Security:[seccomp=unconfined]

  7s            7s              1       {kubelet centos73}      spec.containers{kubernetes-dashboard}   Normal          Started                 Started container with docker id 4938e3d24cb6

[root@centos71 ~]# kubectl get pods --namespace=kube-system    

NAME                                    READY     STATUS    RESTARTS   AGE

kubernetes-dashboard-1472098125-xptk2   1/1       Running   0          18s

 

注:有可能会出现Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""的错误。尝试运行docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest,提示redhat-ca.crt: no such file or directory。ls查看改文件是个软连接,链接目标是/etc/rhsm,查看有没有rpm -qa|grep rhsm,如果没有安装yum install *rhsm*,在每个节点都安装。

 

4、 访问dashboard

http://192.168.223.155:8080/ui

 技术分享图片

 

centos7.2搭建kubernetes1.5.2+dashboard

标签:本机   discover   sign   path   yam   created   主机   restart   SM   

原文地址:https://www.cnblogs.com/leffss/p/8549259.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!