Kubernetes基础环境搭建

STATEMENT

声明

由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，雷神众测及文章作者不为此承担任何责任。

雷神众测拥有对此文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的完整性，包括版权声明等全部内容。未经雷神众测允许，不得任意修改或者增减此文章内容，不得以任何方式将其用于商业目的。

简介

主要为master & node安装

master:192.168.3.19

node1:192.168.3.20

node2:192.168.3.21

实际安装

主从机都要安装 epel-release源

yum -y install epel-release

设置hostname

hostnamectl set-hostname node1

关闭防火墙

systemctl stop firewalldsystemctl disable firewalldsetenforce 0sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

最后确认状态

firewall-cmd --state

master配置

host配置

echo "192.168.3.19 master192.168.3.20 node1192.168.3.21 node2" >> /etc/hosts

node也要配下

服务安装

安装etcd、kubernetes-master

/etc/kubernetes/config kubernetest配置文件

# logging to stderr means we get it in the systemd journal 错误日志记录到文件还是输出到stderrKUBE_LOGTOSTDERR="--logtostderr=true"# journal message level, 0 is debug 日志等级KUBE_LOG_LEVEL="--v=0"# Should this cluster be allowed to run privileged docker containers 允许运行特权容器KUBE_ALLOW_PRIV="--allow-privileged=false"# How the controller-manager, scheduler, and proxy find the apiserver apiserver的服务地址controller-manager、scheduler及kubelet都会使用KUBE_MASTER="--master=http://192.168.3.19:8080"

/etc/etcd/etcd.conf

# [Member]# ETCD_CORS=""# etcd数据存储位置ETCD_DATA_DIR="/var/lib/etcd/default.etcd"# ETCD_WAL_DIR=""# ETCD_LISTEN_PEER_URLS="http://localhost:2380" 监听的端口ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"# ETCD_MAX_SNAPSHOTS="5"# ETCD_MAX_WALS="5"# etcd名称ETCD_NAME="default"# ETCD_SNAPSHOT_COUNT="100000"# ETCD_HEARTBEAT_INTERVAL="100"# ETCD_ELECTION_TIMEOUT="1000"# ETCD_QUOTA_BACKEND_BYTES="0"# ETCD_MAX_REQUEST_BYTES="1572864"# ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"# ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"## [Clustering]# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" 集群监听的端口ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"

/etc/kubernetes/apiserver

#### kubernetes system config## The following values are used to configure the kube-apiserver## The address on the local server to listen to. 监听的接口，如果是127则只监听localhost，如果是0.0.0.0则监听全部KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"# The port on the local server to listen on. apiserver的监听默认8080KUBE_API_PORT="--port=8080"# Port minions listen onKUBELET_PORT="--kubelet-port=10250" kubelet的监听端口，默认10250# Comma separated list of nodes in the etcd cluster etcd服务地址，端口2379KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"# Address range to use for services kubernetes可分配的ip范围，启动一个pod及service就会分配一个ip地址，将按扎个范围分配KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"# default admission control policies 集群额外配置项KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"# Add your own!KUBE_API_ARGS=""

启动服务，并设置自启动

etcd、kube-apiserver、kube-controller-manager、kube-scheduler等for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES;systemctl enable $SERVICES;systemctl status $SERVICES ; don

定义flannel网络

etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16"}'

node配置

安装kubernetes Node、flannel组件

/etc/sysconfig/flanneld

为flannel网络指定etcd服务

# Flanneld configuration options# etcd url location. Point this to the server where etcd runs etcd的地址和端口FLANNEL_ETCD_ENDPOINTS="http://192.168.3.19:2379"# etcd config key. This is the configuration key that flannel queries# For address range assignment 服务范围FLANNEL_ETCD_PREFIX="/atomic.io/network"# Any additional options that you want to pass 其他# FLANNEL_OPTIONS="

/etc/kubernetes/config

#### kubernetes system config## The following values are used to configure various aspects of all# kubernetes services, including## kube-apiserver.service# kube-controller-manager.service# kube-scheduler.service# kubelet.service# kube-proxy.service# logging to stderr means we get it in the systemd journalKUBE_LOGTOSTDERR="--logtostderr=true"# journal message level, 0 is debugKUBE_LOG_LEVEL="--v=0"# Should this cluster be allowed to run privileged docker containersKUBE_ALLOW_PRIV="--allow-privileged=false"# How the controller-manager, scheduler, and proxy find the apiserverKUBE_MASTER="--master=http://192.168.3.19:8080

/etc/kubernetes/kubelet

修改node机器的kubelet配置文件

#### kubernetes kubelet (minion) config# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces) minion监听的地址KUBELET_ADDRESS="--address=0.0.0.0"# The port for the info server to serve on 监听的端口KUBELET_PORT="--port=10250"# You may leave this blank to use the actual hostnameKUBELET_HOSTNAME="--hostname-override=192.168.3.20"# location of the api-server apiserverKUBELET_API_SERVER="--api-servers=http://192.168.3.19:8080"# pod infrastructure containerKUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"# Add your own!KUBELET_ARGS=""

启动服务，并设置自启动

kube-proxy,kubelet,docker,flanneld等for SERVICES in kube-proxy kubelet docker flanneld;do systemctl restart $SERVICES;systemctl enable $SERVICES;systemctl status $SERVICES; done

返回master查看配置成功

重复组建node2即可，效果如下