一、简介
- Docker:是一个开源的应用容器引擎,可以为应用创建一个轻量级的、可移植的、自给自足的容器。
- Kubernetes:由Google开源的Docker容器集群管理系统,为容器化的应用提供资源调度、部署运行、服务发现、扩容缩容等功能。
- Etcd:由CoreOS开发并维护的一个高可用的键值存储系统,主要用于共享配置和服务发现。
- Flannel:Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的主机拥有一个完整的子网。
二、基本概念
截止2015年9月1日,CentOS 已经把 Kubernetes 加入官方源,所以现在安装Kubernetes已经方便很多。
- kube-apiserver:位于master节点,接受用户请求。
- kube-scheduler:位于master节点,负责资源调度,即pod建在哪个node节点。
- kube-controller-manager:位于master节点,包含ReplicationManager,Endpointscontroller,Namespacecontroller,and Nodecontroller等。
- etcd:分布式键值存储系统,共享整个集群的资源对象信息。
- kubelet:位于node节点,负责维护在特定主机上运行的pod。
- kube-proxy:位于node节点,它起的作用是一个服务代理的角色
三、准备工作
1、环境
主机 运行服务 角色
-------------------------------------------------------------------
192.168.1.14(centos7) kube-apiserver k8s-master
kube-scheduler
kube-controller-manager
-------------------------------------------------------------------
192.168.1.15(centos7) flanneld k8s-minion
docker
kubelet
kube-proxy
------------------------------------------------------------------
192.168.1.16(centos7) flanneld k8s-minion
docker
kubelet
kube-proxy
------------------------------------------------------------------
192.168.1.17(centos7) etcd k8s-etcd
------------------------------------------------------------------
192.168.1.18(centos7) docker-registry k8s-registry
------------------------------------------------------------------
版本:
- Docker version 1.10.3
- Kubernetes v1.3.0
- etcd Version: 2.3.7
2、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
3、安装ntp,为了让各服务器时间保持一直
yum -y install ntp
systemctl start ntpd
systemctl enable ntpd
4、禁用selinux
vim /etc/selinux/config
SELINUX=disabled
四、配置etcd(192.168.1.17)
1、安装etcd
yum -y install etcd
2、修改/etc/etcd/etcd.conf
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
3、启动服务
systemctl start etcd
systemctl enable etcd
4、部署etcd中的网络
定义etcd中的网络配置,nodeN中的flannel service会拉取此配置
[root@k8s-master ~]# etcdctl mk /coreos.com/network/config '{"Network":"172.17.0.0/16"}'
{"Network":"172.17.0.0/16"}
五、部署master(192.168.1.14)
1、安装kubernetes(会自动安装docker)
yum -y install kubernetes-master
2、修改/etc/kubernetes/apiserver配置文件
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""
- KUBE_API_ADDRESS:监听主机的IP地址
- KUBE_API_PORT:绑定端口号
- KUBE_ETCD_SERVERS:etcd服务地址
- KUBE_SERVICE_ADDRESSES:Service所需的Cluster IP池
- KUBE_ADMISSION_CONTROL:admission控制策略
3、修改/etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--node-monitor-grace-period=10s --pod-eviction-timeout=10s"
4、修改/etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.1.14:8080"
5、启动服务
systemctl start kube-apiserver kube-scheduler kube-controller-manager
systemctl enable kube-apiserver kube-scheduler kube-controller-manager
六、部署minions(所有minion,即192.168.1.15,192.168.1.16)
1、安装kubernetes-node和flannel(会自动安装docker)
yum -y install kubernetes-node flannel
2、修改kube-node
/etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.1.14:8080"
/etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=127.0.0.1"
KUBELET_HOSTNAME="--hostname-override=192.168.1.15"
KUBELET_API_SERVER="--api-servers=http://192.168.1.14:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS="--pod-infra-container-image=kubernetes/pause"
- KUBELET_ADDRESS:kubelet 服务监听的地址
- KUBELET_HOSTNAME:本机名称或者ip
- KUBELET_API_SERVER:以逗号分割的 API Server 地址,用于和集群中数据交互
- KUBELET_POD_INFRA_CONTAINER:基础镜像地址,每个 pod 最先启动的容器,会配置共享的网络
- KUBELET_ARGS:标签
为etcd服务配置flannel,/etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.17:2379"
FLANNEL_ETCD_PREFIX="/coreos.com/network"
FLANNEL_OPTIONS="-iface=eno16777736"
提示: FLANNEL_OPTIONS=” -iface=eth0” 其中的eth0是网卡名称(用ifconfig可查询出来,centos7如果你没有改网卡名,那可以是enoXXXXX)
4、启动服务
systemctl restart flanneld docker kubelet kube-proxy
systemctl enable flanneld docker kubelet kube-proxy
七、验证
ifconfig查看每个minions(node)会有docker0和flannel0这2个网卡。这2个网卡在不同的minons都是不同的.
k8s-minion-1
[root@k8s-minion-1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.43.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:8f:2a:96:00 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe75:6710 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:75:67:10 txqueuelen 1000 (Ethernet)
RX packets 56752 bytes 73422049 (70.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22835 bytes 1859743 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 172.17.43.0 netmask 255.255.0.0 destination 172.17.43.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 12 bytes 720 (720.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 720 (720.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
k8s-minion-2
[root@k8s-minion-2 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.81.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:4d:30:b5:cc txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.16 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe6c:67b1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6c:67:b1 txqueuelen 1000 (Ethernet)
RX packets 56558 bytes 73476026 (70.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18907 bytes 1570911 (1.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 172.17.81.0 netmask 255.255.0.0 destination 172.17.81.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 240 (240.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 240 (240.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在master运行一下命令查询所有minion
[root@localhost ~]# kubectl get nodes
NAME STATUS AGE
192.168.1.15 Ready 3s
192.168.1.16 Ready 3m
查看api
八、安装docker仓库
1、Pull镜像
[root@k8s-minion-1 ~]# docker pull registry
2、查看镜像
[root@k8s-minion-1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest d1e32b95d8e8 About an hour ago 33.17 MB
3、启动一个容器
默认情况下,会将仓库存放于容器内的/tmp/registry目录下,这样如果容器被删除,则存放于容器中的镜像也会丢失,所以我们一般情况下会指定本地一个目录挂载到容器内的/tmp/registry下
mkdir /registry
docker run -d -v /registry:/var/lib/registry -p 5000:5000 --restart=always --name luck_registry registry
4、pull镜像
docker pull nginx
5、定义成自己的镜像
[root@k8s-registry ~]# docker tag nginx 192.168.1.18:5000/mynginx
[root@k8s-registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest d1e32b95d8e8 9 hours ago 33.17 MB
192.168.1.18:5000/nginx latest a39777a1a4a6 20 hours ago 181.6 MB
docker.io/nginx latest a39777a1a4a6 20 hours ago 181.6 MB
6、上传到仓库
docker push 192.168.1.18:5000/nginx
7、测试下拉(在别的机器上下拉测试)
docker pull 192.168.1.18:5000/nginx