2018-05-18
k8s搭建高可用服务器

安装配置kubernetes:

sudo yum install etcd kubernetes

# 打开/etc/sysconfig/docker
# 修改OPTIONS为:
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io'

# 打开/etc/kubernetes/kubelet
# 修改KUBELET_POD_INFRA_CONTAINER为:
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/kubernetes/pause:latest"

# 打开/etc/kubernetes/apiserver
# 删除KUBE_ADMISSION_CONTROL中的ServiceAccount为:
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

# 配置Linux系统的IP转发功能(开启IP forward):
echo "1" > /proc/sys/net/ipv4/ip_forward 

安装 etcd, k8s:

sudo yum install etcd kubernetes -y

启动master和node:

打开/etc/kubernetes/config将对应的字段改为以下形式:
KUBE_MASTER="--master=http://master_ip:8080"
打开/etc/kubernetes/apiserver将对应的字段改为以下形式:
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://localhost:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
KUBE_API_ARGS=""
sudo systemctl start kube-apiserver
sudo systemctl start kube-controller-manager
sudo systemctl start kube-scheduler
sudo systemctl start docker
打开/etc/kubernetes/config将对应的字段改为以下形式:
KUBE_MASTER="--master=http://master_ip:8080"
打开/etc/kubernetes/kubelet将对应的字段改为以下形式:
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=node_ip"
KUBELET_API_SERVER="--api-servers=http://master_ip:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/kubernetes/pause:latest"
KUBELET_ARGS=""
sudo systemctl start kubelet
sudo systemctl start kube-proxy

在master上查看node状态:

kubectl get nodes

k8s1  18.136.212.18   172.31.21.194		EC294478-3F08-60EA-1034-6AADE95A2A8F
k8s2  54.251.141.114	172.31.19.192		EC26B92C-33CC-C19C-B383-786CE636581A
k8s3  13.250.100.231	172.31.19.29		EC2CB744-8AA5-5EAD-6BC6-EECC0BEFF8E0

sudo yum update

问题1:

某些安全性配置文件会在 /etc/yum.conf 内全面启用 repo_gpgcheck,以便能检验软件库的中继数据的加密签署。虽然这个设置适用于 CentOS 软件库,有些第三方软件库(例如 EPEL)不支持以 GPG 签署的中继数据。如果 repo_gpgcheck 被启用,yum 会尝试下载被签署的中继档 repomd.xml.asc。要是该文件不存在,yum 将会输出错误信息并离开。你也许要从 /etc/yum.conf 删除 repo_gpgcheck,或个别为不支持加密签署中继数据的软件库设置 repo_gpgcheck=0。

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# Set SELinux in permissive mode (effectively disabling it)
setenforce 0
sudo sed -i 's/^SELINUX=disable$/SELINUX=permissive/' /etc/selinux/config

# 查找kubectl kubelet kubeadm
sudo yum search kubelet kubeadm kubectl --disableexcludes=kubernetes

# 安装kubectl kubelet kubeadm
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

# 设置kubelet服务开启自启动,并启动它(然后它会每隔几秒重启一次等待kubeadm init告诉它做什么)
sudo systemctl enable kubelet && sudo systemctl start kubelet
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

# 安装docker, 并启动docker服务, 设置开启自启动
sudo amazon-linux-extras install docker -y
sudo systemctl start docker
sudo systemctl enable docker

# 安装tc (解决`sudo kubeadm init`时[WARNING FileExisting-tc]: tc not found in system path)
sudo yum install tc -y
sudo kubeadm init --apiserver-advertise-address 172.31.21.194

... 此处省略n行输出

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 172.31.21.194:6443 --token ss35db.wh9u65dtdm7yh5ao --discovery-token-ca-cert-hash sha256:1231548d356bd66c248c050aba7fdb197ff60c69328cffca2066e35badd82dbf
# 官方原文: if the plugin connects containers to a Linux bridge, the plugin must set the net/bridge/bridge-nf-call-iptables sysctl to 1 to ensure that the iptables proxy functions correctly
sudo sysctl net.bridge.bridge-nf-call-iptables=1
# 加入网络插件,不然core-dns启动不起来,node也会一直停留在NoReady状态
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

# 默认情况下,出于安全原因,您的群集不会在主服务器上安排容器。如果您希望能够在主服务器上安排pod,例如,对于用于开发的单机Kubernetes集群,请运行:
kubectl taint nodes --all node-role.kubernetes.io/master-
    node/ip-172-31-21-194.ap-southeast-1.compute.internal untainted

# 以下命令需要在工作节点执行,而非master上执行, 意思是将本节点与master建立关系,加入到集群。
kubeadm join 172.31.21.194:6443 --token ss35db.wh9u65dtdm7yh5ao --discovery-token-ca-cert-hash sha256:1231548d356bd66c248c050aba7fdb197ff60c69328cffca2066e35badd82dbf

# 安装kubernetes-dashboard
wget https://raw.githubusercontent.com/rickgong/k8s/master/kubernetes/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
kubectl describe svc kubernetes-dashboard --namespaces=kube-system

wget https://github.com/coreos/etcd/releases/download/v3.1.5/etcd-v3.1.5-linux-amd64.tar.gz
tar xzvf etcd-v3.1.5-linux-amd64.tar.gz
rm etcd-v3.1.5-linux-amd64.tar.gz
sudo mv etcd-v3.1.5-linux-amd64 /opt/etcd
sudo mkdir /etc/etcd
sudo touch /etc/etcd/conf.yml
cat /etc/etcd/conf.yml
    name: default
    data-dir: /var/lib/etcd/default.etcd
    listen-client-urls: http://localhost:2379
    advertise-client-urls: http://localhost:2379
sudo mkdir /var/lib/etcd
sudo nohup ./etcd --config-file /etc/etcd/conf.yml > /tmp/etcd.log 2>&1 &

kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

kubectl describe pods coredns-86c58d9df4-79x56 -n kube-system kubectl get pods –all-namespaces kubectl get svc –all-namespaces kubectl get nodes

kubectl delete -f “https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version base64 tr -d ‘\n’)”

知识共享许可协议
本站文章采用知识共享署名 4.0 国际许可协议进行许可。

samoyedsun.github.io