Kubernetes集群搭建

k8s集群搭建

基于CentOS7 k8s集群部署
注意 均同时安装

Docker Version: 1.13.1
Kubernetes Version: 1.5.2
Etcd Version: 3.2.22
Flanneld Version: 0.7.1

环境:

节点 主机名 IP
Master kmaster 192.168.1.90
Node1 knode1 192.168.1.91
Node2 knode2 192.168.1.92

Master&&Node

关闭防火墙

1
2
systemctl stop firewalld
systemctl disable firewalld

关闭selinux

1
2
sed -i 's/enforcing/disabled/g' /etc/selinux/config
reboot

基础服务安装

1
2
3
4
5
6
7
8
9
10
11
12
13
yum install -y net-tools wget vim ntpdate docker kubernetes flannel
systemctl enable ntpdate
systemctl start ntpdate
systemctl enable docker
systemctl start docker
systemctl enable flanneld
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ntp.uiuc.edu
cat <<EOF > /etc/hosts
192.168.1.90	kmaster
192.168.1.91	knode1
192.168.1.92	knode2
EOF

Master

修改主机名

1
hostnamectl --static set-hostname kmaster

安装etcd服务

1
yum -y install etcd

修改etcd配置文件

1
2
3
4
5
6
7
8
cat /etc/etcd/etcd.conf | grep -v "^#"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
ETCD_NAME="master"
ETCD_ADVERTISE_CLIENT_URLS="http://kmaster:2379,http://kmaster:4001"

systemctl enable etcd
systemctl start etcd

测试

1
2
etcdctl -C http://kmaster:4001 cluster-health
etcdctl -C http://kmaster:2379 cluster-health

修改k8s apiserver文件

1
2
3
4
5
6
7
8
cat /etc/kubernetes/apiserver | grep -v "^#"
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.1.90:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
KUBE_API_ARGS=""

修改k8s config文件

1
2
3
4
5
cat /etc/kubernetes/config | grep -v "^#"
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.1.90:8080"

k8s服务

1
2
systemctl enable kube-apiserver kube-controller-manager kube-scheduler
systemctl start kube-apiserver kube-controller-manager kube-scheduler

修改flanneld config文件

1
2
3
cat /etc/sysconfig/flanneld | grep -v "^#"
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.90:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

添加网络

1
etcdctl mk //atomic.io/network/config '{"Network":"172.8.0.0/16"}'

flanneld服务

1
2
3
systemctl enable flanneld
systemctl start flanneld
for SERVICES in docker kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES ; done

Node1

修改主机名

1
hostnamectl --static set-hostname knode1

修改k8s config文件

1
2
3
4
5
cat /etc/kubernetes/config | grep -v "^#"
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.1.90:8080"

修改k8s kubelet文件

1
2
3
4
5
6
cat /etc/kubernetes/kubelet | grep -v "^#"
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.1.91"
KUBELET_API_SERVER="--api-servers=http://192.168.1.90:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""

k8s服务

1
2
systemctl enable kubelet kube-proxy
systemctl start kubelet kube-proxy

修改flanneld config文件

1
2
3
cat /etc/sysconfig/flanneld | grep -v "^#"
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.90:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

flanneld服务

1
2
3
systemctl enable flanneld
systemctl start flanneld
systemctl restart kube-proxy kubelet docker

Node2

修改主机名

1
hostnamectl --static set-hostname knode2

修改k8s config文件

1
2
3
4
5
cat /etc/kubernetes/config | grep -v "^#"
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.1.90:8080"

修改k8s kubelet文件

1
2
3
4
5
6
cat /etc/kubernetes/kubelet | grep -v "^#"
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.1.92"
KUBELET_API_SERVER="--api-servers=http://192.168.1.90:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""

k8s服务

1
2
systemctl enable kubelet kube-proxy
systemctl start kubelet kube-proxy

修改flanneld config文件

1
2
3
cat /etc/sysconfig/flanneld | grep -v "^#"
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.90:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

flanneld服务

1
2
3
systemctl enable flanneld
systemctl start flanneld
systemctl restart kube-proxy kubelet docker

测试
状态ready即可

1
2
kubectl get node
kubectl -s http://kmaster:8080 get node

如果docker容器无法ping通则

1
2
3
4
5
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -F		#可不运行
iptables -L -n		#可不运行