kubernetes 单节点和多节点环境搭建

kubernetes单节点环境搭建：

1.在VMWare Workstation中建立一个centos 7虚拟机。虚拟机的配置尽量调大一些

2.操作系统安装完成后，关闭centos 自带的防火墙服务

systemctl disable firewalld

systemctl stop firewalld

3.安装etcd 和kubernetes软件（会自动安装docker软件）

yum install -y etcd kubernetes

4.安装好软件后，修改两个配置文件（其他配置文件使用默认的就好）

docker配置文件为/etc/sysconfig/docker,其中OPTIONS的内容设置为

OPTINOS='--selinux-enabled=false --insecure-registry gcr.io'

kubernetes apiserver配置文件为/etc/kubernetes/apiserver,把--admission_control参数中的ServiceAccount删除。

5.按顺序启动所有服务

systemctl start etcd

systemctl start docker

systemctl start kube-apiserver

systemctl start kube-controller-manager

systemctl start kube-scheduler

systemctl start kubelet

systemctl start kube-proxy

至此一个单机版的kubernetes集群环境就安装成功了。 

kubernetes多节点环境搭建：

多节点环境分为master节点（master节点上运行etcd 、api-server、controller-manager、scheduler、kubelet、proxy）和node节点（node节点上运行kubelet、proxy）

1.在VMWare Workstation中建立3个centos 7虚拟机。虚拟机的配置尽量调大一些

2.操作系统安装完成后，关闭centos 自带的防火墙服务（三个节点上都要执行）

systemctl disable firewalld

systemctl stop firewalld

3.安装etcd 和kubernetes软件（会自动安装docker软件，三个节点上都要执行）

yum install -y etcd kubernetes

4.软件安装完成后分别在master节点和node节点上做以下配置

配置master节点：
配置etcd服务：
/etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://192.168.1.10:2379" ---etcd监听的地址和端口号   <master节点的ip>:<2379 >端口默认就是2379
配置kube-apiserver服务：
/etc/kubernetes/apiserver
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.1.10:2379" -----etcd的地址     <master节点的ip>:<2379 >端口默认就是2379

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"   这里设置为0.0.0.0
controller-manager服务和kube-scheduler服务不需要配置
配置conifg服务：
KUBE_MASTER="--master=http://192.168.1.10:8080" ---master地址  <master节点的ip>:<8080 >端口默认就是8080
配置docker服务：
/etc/sysconfig/docker文件改为：
#OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry gcr.io'
/etc/kubernetes/apiserver文件中吧--admission_control参数中的ServiceAcount删除
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

配置完成后，在master节点上执行

systemctl daemon-reload

systemctl enable etcd
systemctl start etcd
systemctl enable docker
systemctl start docker
systemctl enable kube-apiserver
systemctl start kube-apiserver
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
systemctl enable kube-scheduler
systemctl start kube-scheduler

systemctl enable kubelet
systemctl start kubelet

systemctl enable kube-proxy
systemctl start kube-proxy

etcdctl cluster-health ---验证etcd是否正确启动

配置node节点：
配置kubelet：
/etc/kubernetes/kubelet
KUBELET_HOSTNAME="--hostname-override=192.168.1.10" -----------kubelet的hostname
KUBELET_API_SERVER="--api-servers=http://192.168.1.10:8080" ----apiserver地址 <master节点的ip>:<8080 >端口默认就是8080
kube-proxy服务不需要配置
配置config：
/etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.1.10:8080"   <master节点的ip>:<8080 >端口默认就是8080
/etc/kubernetes/
systemctl enable docker
systemctl start docker
systemctl enable kubelet
systemctl start kubelet
systemctl enable kube-proxy
systemctl start kube-proxy

至此node节点配置完成。

在master节点上执行kubernetes get nodes查看是否将node节点管理起来，如果管理不起来，

在master节点上执行

systemctl enable etcd
systemctl restart etcd
systemctl enable docker
systemctl restart docker
systemctl enable kube-apiserver
systemctl restart kube-apiserver
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager
systemctl enable kube-scheduler
systemctl restart kube-scheduler

在node节点上执行

systemctl enable docker
systemctl restart docker
systemctl enable kubelet
systemctl restart kubelet
systemctl enable kube-proxy
systemctl restart kube-proxy

然后在执行kubernetes get nodes验证结果。

后续配置根据需要：

服务名 cmd --help -----查看每个服务的配置参数，例如：
kubelet cmd --help
kube-controller-manager cmd --help

ks集群网络配置ovs
1.设置node1和node2节点上的docker0网桥的网段
[root@localhost docker]# cat /etc/docker/daemon.json
{"registry-mirrors": ["http://55488037.m.daocloud.io"], "bip": "172.17.42.1/24"}
2.禁止selinux设置：/etc/selinux/config
SELINUX=disabled
3.yum install policycoreutils-python
semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?"
restorecon -Rv /etc/openvswitch
service openvswitch status
yum install bridge-utils

ovs-vsctl set interface gre2 type=gre option:remote_ip=192.168.1.106
brctl addif docker0 br0
ip link set dev br0 up
ip link set dev docker0 up
ip route add 172.17.0.0/16 dev docker0
iptables -t nat -F
iptables -F

FAQ

1.重启服务命令

systemctl restart etcd
systemctl restart docker
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler