二进制安装kubernetes 1.10 最新版(上)
2018-08-21 18:13
281 查看
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_25611295/article/details/81912295
参考:二进制安装(复杂):https://jicki.me/kubernetes/2018/04/23/kubernetes-1.10.1.html
参考:yum安装(简单):https://www.kubernetes.org.cn/3808.html
集群部署
1、环境规划
2、安装Docker
3、自签TLS证书
4、部署Etcd集群
5、部署Flannel网络
6、创建Node节点kubeconfig文件
7、获取K8S二进制包
8、运行Master组件
9、运行Node组件
10、查询集群状态
11、启动一个测试示例
12、部署Web UI (Dashboard)
1、环境规划:
操作系统:centos7.4
Kubernetes :1.10.7
Docker: 18.06.0-ce
Etcd: 3.0
CPU 2核+ 2G内存+
master
192.168.1.6 kube-apiserver kube-controller-manager kube-scheduler flannel etcd
node01
192.168.1.7 kubelet kube-proxy docker flannel etcd
node02
192.168.1.8 kubelet kube-proxy docker flannel etcd
注意有iptables的注意添加规则内网互通:
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT
2、安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": [ "https://registry.docker-cn.com"]
}
EOF
systemctl start docker
systemctl enable docker
创建k8s的目录:
mkdir -p /opt/kubernetes/{bin,cfg,ssl}
3、自签TLS证书
用到证书的地方
在master上面操作,即192.168.1.6
安装证书生成工具cfssl:
cd /opt/sslwget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x * mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
不知道如何创建证书可以根据提示 生成模板然后修改:
cfssl print-defaults config >config.json
cfssl print-defaults csr >csr.json
生成我们需要的证书脚本;
[root@localhost ssl]# cat certificate.sh
#证书根机构
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
#生成根证书的具体信息
cat > ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "hangzhou",
"ST": "hangzhou",
"O": "k8s",
"OU": "System"
}
]
}
EOF
#用cfssl生成证书
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
#-----------------------
#用于api http通信的证书信息
cat > server-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.1.6",
"192.168.1.7",
"192.168.1.8",
"10.10.10.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
#生成server证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
#-----------------------
#集群管理员证书,权限
cat > admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
EOF
#生成管理员证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
#-----------------------
#关于网络策略的证书
cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
#生成网络策略证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
然后运行该脚本
我们只需要生成的pem格式的证书,其他的可以删掉了。
ls |grep -v pem|xargs -i rm {}
然后将我们证书拷贝到我们定义的地方:
cp server* ca* /opt/kubernetes/ssl/
4、部署etcd 存储集群
首先我们在master上操作,即192.168.1.6
二进制包下载地址:https://github.com/coreos/etcd/releases/tag/v3.2.12
此处我们可以用的最新版的:3.3.9版本
wget https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz
但是我还是用的3.2版本
tar xvf etcd-v3.2.12-linux-amd64.tar.gz cd etcd-v3.2.12-linux-amd64
将我们需要的可执行文件拷贝到我们自定义的地方
cp etcd /opt/kubernetes/bin/ cp etcdctl /opt/kubernetes/bin/
编辑etcd配置文件:
vim /opt/kubernetes/cfg/etcd #[Member] ETCD_NAME="etcd01" #数据目录 ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.1.6:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.1.6:2379" #节点信息 #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.6:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.6:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.1.6:2380,etcd02=https://192.168.1.7:2380,etcd03=https://192.168.1.8:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
将etcd配置到系统环境中
vim /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/opt/kubernetes/ssl/server.pem \
--key-file=/opt/kubernetes/ssl/server-key.pem \
--peer-cert-file=/opt/kubernetes/ssl/server.pem \
--peer-key-file=/opt/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
启动etcd服务:
systemctl start etcd
如果启动的时候没有退出命令交互界面,可以强制ctrl +c
如果报错:查看/var/log/message
开机启动:
systemctl enable etcd
此时master上面etcd配置完毕,我们将其配置拷贝到其他2台机器上面(192.168.1.7,192.168.1.8)
rsync -avzP /opt/kubernetes root@192.168.1.7:/opt rsync -avzP /opt/kubernetes root@192.168.1.8:/opt
传过去以后我们只需要变更/opt/kubernetes/cfg/etcd 配置文件即可
需要改的地方:
分别启动 192.168.1.7和192.168.1.8上的etcd
测试etcd:
cd /opt/kubernet 24000 es/ssl /opt/kubernetes/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379" cluster-health
我们也可以将etcdctl写入bash里面,方便使用
如果出现:8月 20 17:51:06 es1 etcd[2068]: request sent was ignored (cluster ID mismatch: peer[5fe38a6e135d0fde]=cdf818194e3a8c32, local=b37e2d2fbf0626a5)
类似错误,我们需要删除etcd的数据目录即可解决。rm -rf /var/lib/etcd/*
5、部署Flannel网络
我们先在master上面操作,即192.168.1.6
下载二进制包:
此处我们用的比较新的0.10版本
wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
将解压后得到的可执行文件放入我们之定义的路径下面
cp flanneld mk-docker-opts.sh /opt/kubernetes/bin/
配置配置文件:
直接在命令行 将配置文件利用EOF写进去
#写flanneld配置文件
cat <<EOF >/opt/kubernetes/cfg/flanneld
FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379 \
-etcd-cafile=/opt/kubernetes/ssl/ca.pem \
-etcd-certfile=/opt/kubernetes/ssl/server.pem \
-etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
EOF
#写入 flanneld系统配置文件
cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service
[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
#写入分配的子网段到etcd,供flanneld使用
cd /opt/kubernetes/ssl
/opt/kubernetes/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
测试:
/opt/kubernetes/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379" get /coreos.com/network/config
systemctl enable flanneld systemctl start flanneld
如果报错请查看:/var/log/message
查看flanneld分配的网络:
cat /run/flannel/subnet.env
编辑docker系统配置文件
cat <<EOF >/usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify EnvironmentFile=/run/flannel/subnet.env ExecStart=/usr/bin/dockerd \$DOCKER_NETWORK_OPTIONS ExecReload=/bin/kill -s HUP \$MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl restart docker
查看ifconfig 中 会出现一个flannel 网络,并且flannel和docker0 网络段会相同
设置完成后将配置文件分发到node02,和node03上即192.168.1.7和192.168.1.8
rsync -avzP /opt/kubernetes/bin/flanneld mk-docker-opts.sh root@192.168.1.7:/opt/kubernetes/bin/ rsync -avzP /opt/kubernetes/cfg/flanneld root@192.168.1.7:/opt/kubernetes/cfg/ rsync -avzP /usr/lib/systemd/system/flanneld.service root@192.168.1.7:/usr/lib/systemd/system/ rsync -avzP /opt/kubernetes/bin/flanneld mk-docker-opts.sh root@192.168.1.8:/opt/kubernetes/bin/ rsync -avzP /opt/kubernetes/cfg/flanneld root@192.168.1.8:/opt/kubernetes/cfg/ rsync -avzP /usr/lib/systemd/system/flanneld.service root@192.168.1.8:/usr/lib/systemd/system/
然后将docker系统配置文件(即/usr/lib/systemd/system/docker.servic)改成和 master(192.168.1.6)一样,
然后启动
systemctl daemon-reloadsystemctl enable flanneld systemctl start flanneldsystemctl restart docker
查看ifconfig 是否有flanneld,docker0网络是否和flanneld一致,
在master上ping node02上的docker0网关,如果能通的话证明Ok
如下:
[root@localhost ssl]# /opt/kubernetes/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379" ls /coreos.com/network/subnets /coreos.com/network/subnets/172.17.41.0-24 /coreos.com/network/subnets/172.17.96.0-24 /coreos.com/network/subnets/172.17.98.0-24 [root@localhost ssl]# ping 172.17.41.1 PING 172.17.41.1 (172.17.41.1) 56(84) bytes of data. 64 bytes from 172.17.41.1: icmp_seq=1 ttl=64 time=0.454 ms
6、创建Node节点kubeconfig文件
在Master上执行即192.168.1.6
cd /opt/ssl
运行脚本获取我们所需的文件,总共有三个:
1、TLS Bootstrapping Token
2、kubelet kubeconfig
3、kube-proxy kubeconfig
[root@localhost ssl]# cat kubeconfig.sh
# 创建 TLS Bootstrapping Token
export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
#----------------------
# 创建kubelet bootstrapping kubeconfig
export KUBE_APISERVER="https://192.168.1.6:6443"
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=./ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=bootstrap.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=bootstrap.kubeconfig
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
#----------------------
# 创建kube-proxy kubeconfig文件
kubectl config set-cluster kubernetes \
--certificate-authority=./ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy \
--client-certificate=./kube-proxy.pem \
--client-key=./kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
运行该脚本:
sh -x kubeconfig.sh
此时我们可以获取到三个配置文件,我们将其拷贝到指定目录:
cp -rf token.csv bootstrap.kubeconfig kube-proxy.kubeconfig /opt/kubernetes/cfg/
7、获取K8S二进制包,
我们这里使用的是kubernetes1.10.7,我们下载server包,里面内容很全面
参考地址:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1107
8、运行Master组件
1.10包地址:
wget https://dl.k8s.io/v1.10.7/kubernetes-server-linux-amd64.tar.gz
我们先在master(192.168.1.6)上操作
master需要三个组件:kube-apiserver kube-controller-manager kube-scheduler
我们将其拿出来 放入指定目录:
tar xvf kubernetes-server-linux-amd64.tar.gz cp kubernetes/server/bin/kube-scheduler ./ cp kubernetes/server/bin/kube-controller-manager ./ cp kubernetes/server/bin/kube-apiserver ./ [root@localhost kubernetes]# ls apiserver.sh controller-manager.sh kube-apiserver kube-controller-manager kubectl kube-scheduler master.zip scheduler.sh mv kube-apiserver kube-controller-manager kube-scheduler /opt/kubernetes/bin/ 赋予权限 chmod +x /opt/kubernetes/bin/* echo "export PATH=$PATH:/opt/kubernetes/bin" >> /etc/profile
其中的*.sh文件是我们自定义的脚本,帮助我们安装。
安装kube-apiserver
[root@localhost kubernetes]# cat apiserver.sh
#!/bin/bash
MASTER_ADDRESS=${1:-"192.168.1.6"}
ETCD_SERVERS=${2:-"http://127.0.0.1:2379"}
cat <<EOF >/opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \\
--v=4 \\
--etcd-servers=${ETCD_SERVERS} \\
--insecure-bind-address=127.0.0.1 \\
--bind-address=${MASTER_ADDRESS} \\
--insecure-port=8080 \\
--secure-port=6443 \\
--advertise-address=${MASTER_ADDRESS} \\
--allow-privileged=true \\
--service-cluster-ip-range=10.10.10.0/24 \\
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \\
--kubelet-https=true \\
--enable-bootstrap-token-auth \\
--token-auth-file=/opt/kubernetes/cfg/token.csv \\
--service-node-port-range=30000-50000 \\
--tls-cert-file=/opt/kubernetes/ssl/server.pem \\
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
--client-ca-file=/opt/kubernetes/ssl/ca.pem \\
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
--etcd-certfile=/opt/kubernetes/ssl/server.pem \\
--etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver
ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver
执行脚本:
./apiserver.sh 192.168.1.6 https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379
其中 192.168.1.6 代表master ip,https://192.168.1.6:2379,https://192.168.1.7:2379,https://192.168.1.8:2379代表枚举ip
安装:controller-manager
编写安装脚本:
[root@localhost master_pkg]# cat controller-manager.sh
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect=true \\
--address=127.0.0.1 \\
--service-cluster-ip-range=10.10.10.0/24 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--root-ca-file=/opt/kubernetes/ssl/ca.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager
ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager
执行脚本安装启动:
./controller-manager.sh 127.0.0.1 ps uxa |grep controller-manager
安装scheduler:
编写安装脚本:
[root@localhost master_pkg]# cat scheduler.sh
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-scheduler
KUBE_SCHEDULER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler
ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler
执行脚本安装启动:
./scheduler.sh 127.0.0.1 ps aux |grep scheduler
到这里我们可以测试集群大概状态了
[root@localhost master_pkg]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-1 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
9、运行node组件
首先我们需要在master上面生成一个角色用于node上证书绑定认证
在master上面操作(192.168.1.6)
创建认证用户
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
如果创建错误我们可以先删除再创建:
删除: kubectl delete clusterrolebinding kubelet-bootstrap
将在master上面生成的 bootstrap.kubeconfig ,kube-proxy.kubeconfig文件传到node节点上面去
rsync -avPz bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.1.8:/opt/kubernetes/cfg/ rsync -avPz bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.1.7:/opt/kubernetes/cfg/
在node上操作(192.168.1.7)
将我们需要的文件(kubelet ,kube-proxy)拿出来,文件都在我们下载的二进制包中,其中*.sh为我们自定义的脚本
[root@mail node_pkg]# ls kubelet kubelet.sh kube-proxy proxy.sh chmod +x *.sh mv kubelet kube-proxy /opt/kubernetes/bin/ chmod +x /opt/kubernetes/bin/* echo "export PATH=$PATH:/opt/kubernetes/bin" >> /etc/profile
安装kubelet
编辑安装脚本:
[root@mail node_pkg]# cat kubelet.sh
#!/bin/bash
NODE_ADDRESS=${1:-"192.168.1.6"}
DNS_SERVER_IP=${2:-"10.10.10.2"}
cat <<EOF >/opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF
cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
执行脚本安装:
sh ./kubelet.sh 192.168.1.7 10.10.10.2
启动出错查看:/var/log/message
安装kube-proxy:
编写安装脚本:
[root@mail node_pkg]# cat proxy.sh
#!/bin/bash
NODE_ADDRESS=${1:-"192.168.1.7"}
cat <<EOF >/opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy
启动脚本:
sh ./proxy.sh 192.168.1.7 ps aux |grep proxy 报错查看:/var/log/message journalctl -f -t kube-proxy journalctl -u kube-proxy
node02没有出错的话我们就去node03上操作(192.168.1.8)
同样的操作:
只是将脚本里面对应的ip改成本机ip
./kubelet.sh 192.168.1.8 10.10.10.2 ./proxy.sh 192.168.1.8
到此集群的安装结束,我们测试集群通不通
10、查询集群状态:
[root@localhost ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-0EfKRr3ZU_UVFi5O8XLASGNxTzMrIsxMHg8oHJnY3JA 4m kubelet-bootstrap Pending node-csr-MTGLph0ohPwDJK6FtjJagnkjo3utvYjL1N52nBA1xRU 43m kubelet-bootstrap Pending
可以看到,节点 是处于等待状态
我们查看节点接入情况:
[root@localhost ~]# kubectl get node No resources found.
目前没有节点加入,我们将节点加入:
kubectl certificate approve node-csr-0EfKRr3ZU_UVFi5O8XLASGNxTzMrIsxMHg8oHJnY3JA kubectl certificate approve node-csr-MTGLph0ohPwDJK6FtjJagnkjo3utvYjL1N52nBA1xRU
骚等片刻,我们发现节点已经加入进来:
[root@localhost ~]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.1.7 NotReady <none> 2s v1.10.7 192.168.1.8 Ready <none> 1m v1.10.7
查看集群状态:( kubectl get componentstatus)
[root@localhost ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-1 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Kubernetes离线安装、Kubernetes二进制文件方式安装
- mysql 5.7.19 二进制最新安装
- mysql 5.7.19 二进制最新安装
- Kubernetes 1.10.x 安装
- kubernetes 二进制文件方式安装
- iOS 最新版 CocoaPods 的安装流程
- CocoaPods 1.0 最新安装及问题
- centos安装最新稳定版nginx
- 最新eclipse安装SVN插件
- 如何在Ubuntu 14.04中安装最新版Eclipse
- [JIRA] 最新Linux安装版本jira6.3.6安装破解以及数据导入的详细步骤
- 最新版勤哲Excel服务器V2017.13.0.1无限用户支持手机APP,微信,任意安装,支持后续升级
- 在ubuntu下安装最新版本的R软件
- Android-eclipse安装最新SVN插件
- 补充篇 基于linux centos 7安装elasticsearch5.6.3(最新版)教程
- linux6下安装mysql 5.7.11 以编译好的二进制文件方式安装1
- Kubernetes安装部署
- 通过二进制方式安装innobackupex
- Ubuntu10.04安装QT最新版,QT SDK1.1