Kuberneteser二进制安装与配置（二）

环境：Centos7

版本：Kubernetes v1.11.4

 

一、下载Kubernetes（在所有机器上都要）

 

1）下载

wget https://github.com/kubernetes/kubernetes/releases/download/v1.11.4/kubernetes.tar.gz

2）解压

tar -zxvf kubernetes.tar.gz
cd kubernetes
sh cluster/get-kube-binaries.sh

3）server目录下会多一个文件

 

解压：进入到bin目录，可以看到很多二进制文件

 

 

二、Master上部署服务etcd、kube-apiserver、kube-controller-manager、kube-schedule服务

 

1、关闭防火墙

yum -y install firewalld
systemctl stop firewalld
systemctl disable firewalld.service

2、配置etcd

 

etcd服务作为Kubernetes集群的主数据库，在安装Kubernetes各服务之前需要首先安装和启动

wget https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz
tar -zxvf cd etcd-v3.3.2-linux-amd64/tar.gz
cd etcd-v3.3.2-linux-amd64/

 

把etcd、etcdctl拷贝到/usr/bin目录下，并设置systemd服务文件

cp etcd etcdctl /usr/bin/

vim /usr/lib/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd

[Install]
WantedBy=multi-user.target

加载配置文件并启动

mkdir  /var/lib/etcd
systemctl daemon-reload
systemctl start etcd.service

查看etcd是否健康

 

etcdctl cluster-health

 

3、kube-apiserver   

 

vim  /usr/lib/systemd/system/kube-apiserver.service

 

[Unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service

[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver       
                    $KUBE_LOGTOSTDERR   
                    $KUBE_ETCD_SERVERS  
                    $KUBE_LOG_LEVEL     
                    $KUBE_LOG_DIR       
                    $KUBE_API_ADDRESS   
                    $KUBE_API_PORT      
                    $KUBE_SERVICE_ADDRESS 
                    $KUBE_SERVICE_PORT 
                    $KUBE_ADMISSION_CONTROL 
Restart=on-failure
Type=notify
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

配置文件：

 

vim /etc/kubernetes/apiserver

 

 

 

KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--insecure-port=8080"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=169.169.0.0/16"
KUBE_SERVICE_PORT="--service-node-port-range=1-65535" 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ResourceQuota"
KUBE_LOGTOSTDERR="--logtostderr=false"
KUBE_LOG_DIR="--log-dir=/var/log/kubernetes"
KUBE_LOG_LEVEL="--v=2"

--etcd-servers：指定etcd服务的URL

--insecure-bind-address：apiserver绑定主机的非安全IP地址，设置0.0.0.0表示绑定所有IP地址

--insecure-port：apiserver绑定主机的非安全端口号，默认为8080

--service-cluster-ip-range：Kubernetes集群中Service的虚拟IP地址范围，该IP范围不能与物理机的真实IP段有重合

--service-node-ip-range：Kubernetes集群中Service可映射的物理机端口号范围，默认为30000~32767

--admission-control：Kubernetes集群的准入控制设置，各控制模块以插件的形式依次生效

--logtostderr：设置为false表示将日志写入文件，不写入stderr

--log-dir：日志目录

--v：日志级别

 

 

启动并查看其状态：

 

cp kube-apiserver /usr/bin/
systemctl daemon-reload
systemctl start kube-apiserver.service
systemctl status kube-apiserver.service

 

4、kube-controller-manager  

kube-controller-manager服务依赖于kube-apiserver

 

vim /usr/lib/systemd/system/kube-controller-manager.service

 

[Unit]
Description=Kubernetes Controller Manager Server
After=kube-apiserver.service
Requires=kube-apiserver.service

[Service]
EnvironmentFile=/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager      
                            $KUBE_LOGTOSTDERR   
                            $KUBE_LOGDIR        
                            $KUBE_LOG_LEVEL     
                            $KUBE_MASTER        
Restart=on-failure
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/controller-manager

 

KUBE_MASTER="--master=http://127.0.0.1:8080"
KUBE_LOGTOSTDERR="--logtostderr=false"
KUBE_LOGDIR="--log-dir=/var/log/kubenetes"
KUBE_LOG_LEVEL="--v=2"

--master：表示apiserver的URL地址

--logtostderr：设置为false表示将日志写入文件，不写入stderr

--log-dir：日志目录

--v：日志级别

 

启动查看状态：

cp kube-controller-manager /usr/bin/
systemctl start kube-controller-manager.service
systemctl status kube-controller-manager.service

5、kube-schedule

kube-schedule服务也依赖于kube-apiserver服务

 

vim /usr/lib/systemd/system/kube-schedule.service

 

[Unit]
Description=Kubernetes Schedule Server
After=kube-apiserver.service
Requires=kube-apiserver.service

[Service]
EnvironmentFile=/etc/kubernetes/schedule
ExecStart=/usr/bin/kube-scheduler 
                            $KUBE_LOGTOSTDERR   
                            $KUBE_LOGDIR        
                            $KUBE_LOG_LEVEL     
                            $KUBE_MASTER

Restart=on-failure
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/schedule

KUBE_MASTER="--master=http://127.0.0.1:8080"
KUBE_LOGTOSTDERR="--logtostderr=false"
KUBE_LOGDIR="--log-dir=/var/log/kubenetes"
KUBE_LOG_LEVEL="--v=2"

 

启动、查看状态

cp kube-scheduler /usr/bin/
systemctl daemon-reload
systemctl start kube-schedule.service
systemctl status kube-schedule.service

 

三、Node上的Kubelet、kube-proxy服务

 

在node节点上得先安装docker

yum -y remove docker*
yum -y install docker
systemctl start docker

1）Kubelet

Kubelet服务依赖于Docker服务

 

vim /usr/lib/systemd/system/kubelet.service

 

[Unit]
Description=Kubernetes Kubelete Server
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet 
                      $KUBELET_ADDRESS            
                      $KUBELET_POD_INFRA_CONTAINER  
                      $KUBELET_ARGS     
                      $KUBE_LOGTOSTDERR 
                      $KUBE_LOGDIR 
                      $KUBE_LOG_LEVEL 
                      $KUBE_CGROUPS 
                      $KUBE_HOSTNAME

Restart=on-failure

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/kubelet

KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure"
KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/etc/kubernetes/config"
KUBE_LOGTOSTDERR="--logtostderr=false"
KUBE_LOGDIR="--log-dir=/var/log/kubenetes"
KUBE_LOG_LEVEL="--v=2"
KUBE_CGROUPS="--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"
KUBE_HOSTNAME="--hostname-override=node1"

vim /etc/kubernetes/config

apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
  cluster:
    server: http://172.29.1.165:8080
contexts:
- context:
    cluster: kubernetes
    user: kubelet
  name: service-account-context
current-context: service-account-context

mkdir /var/lib/kubelet
cp kubelet /usr/bin/
systemctl daemon-reload
systemctl start kubelet.service
systemctl status kubelet.service

这里启动kubelet可能会报错：

failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

 

解决办法：

vim /lib/systemd/system/docker.service

--exec-opt native.cgroupdriver=systemd  修改成  --exec-opt native.cgroupdriver=cgroupfs

2、kube-proxy

 

vim /usr/lib/systemd/system/kube-proxy.service

[Unit]
Description=Kubernetes Kubelete Server
After=network.service
Requires=network.service

[Service]
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy 
                            $KUBE_LOGTOSTDERR   
                            $KUBE_LOGDIR        
                            $KUBE_LOG_LEVEL     
                            $KUBE_MASTER
Restart=on-failure
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/proxy

KUBE_MASTER="--master=http://172.29.1.165:8080"
KUBE_LOGTOSTDERR="--logtostderr=false"
KUBE_LOGDIR="--log-dir=/var/log/kubenetes"
KUBE_LOG_LEVEL="--v=2"

cp kube-proxy /usr/bin/
systemctl daemon-reload
systemctl start kube-proxy.service
systemctl status kube-proxy.service

 

四、验证

 

在master上查看组件状态：

 

 

cp kubectl /usr/bin/
kubectl get cs

 

 

在master上查看nodes，看nodes是否在master上注册

 

 

 kubectl get nodes