[kubernetes -> server 、client、 node]:https://github.com/kubernetes/kubernetes/releases:wget https://github.com/kubernetes/kubernetes/releases/download/v1.1.1/kubernetes.tar.gz:wget https://github.com/kubernetes/kubernetes/releases/download/v1.14.3/kubernetes.tar.gz[etcd]:https://github.com/coreos/etcd/releases/:wget https://github.com/coreos/etcd/releases/download/v2.2.0/etcd-v2.2.0-linux-amd64.tar.gz:wget https://github.com/etcd-io/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz
etcd-v2.2.0-linux-amd64.tar.gz
ETCD 数据库安装
[解压安装]
:tar -zxvf etcd-v2.2.0-linux-amd64.tar.gz
:etcd、etcdctl -> 复制到 , /usr/bin
[配置服务 -> etcd.service]
:vim /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
[Service]
Type=notify
TimeoutStartSec=0
Restart=always
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
// WorkingDirectory为etcd数据库目录,需要在etcd安装前创建
[配置文件 -> etcd.conf]
: vim /etc/etcd/etcd.conf
ETCD_NAME=ETCD Server
ETCD_DATA_DIR="/var/lib/etcd/"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.209.151:2379"
[配置服务开机启动 & 并运行]
:systemctl daemon-reload && systemctl enable etcd.service
:systemctl start etcd.service
[检测]
:etcdctl cluster-health
Master 安装
[解压安装]
:tar -zxvf kbernetes.tar.gz
:kube-apiserver、kube-controller-manager、kube-scheduler -> 复制到 /usr/bin
kube-apiserver [kube-apiserver.service && apiserver]
[组件安装及配置 -> kube-apiserver]
:vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_API_LOG \
$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
// EnvironmentFile为kube-apiserver的配置文件
:vim /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--insecure-port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2"
KUBE_API_ARGS=" "
# /usr/lib/systemd/system/kube-apiserver.service
# /etc/kubernetes/apiserver
kube-controller-manager [kube-controller-manager.service && controller-manager]
[组件安装及配置 -> kube-controller-manager]
:vim /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_MASTER \
$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
:vim /etc/kubernetes/controller-manager
KUBE_MASTER="--master=http://127.0.0.1:8080"
KUBE_CONTROLLER_MANAGER_ARGS=" "
# /usr/lib/systemd/system/kube-controller-manager.service
# /etc/kubernetes/controller-manager
kube-scheduler [kube-scheduler.service && scheduler]
[组件安装及配置 -> kube-scheduler]
:vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
User=root
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \
$KUBE_MASTER \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
:vim /etc/kubernetes/scheduler
KUBE_MASTER="--master=http://127.0.0.1:8080"
KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2"
# /etc/kubernetes/scheduler
# /usr/lib/systemd/system/kube-scheduler.service
[服务开机自启]
:systemctl daemon-reload
:systemctl enable kube-apiserver.service
:systemctl enable kube-controller-manager.service
:systemctl enable kube-scheduler.service
:systemctl start kube-apiserver.service
:systemctl start kube-controller-manager.service
:systemctl start kube-scheduler.service
: systemctl start kube-apiserver.service && systemctl start kube-controller-manager.service && systemctl start kube-scheduler.service
[检测]
:kubectl get cs
[验证 NODE]
:kubectl get node
NODE 安装
docker
[Docker]
:curl -sSL https:/get.docker.com | sh
:docker -d -H unix:///var/run/docker.sock -H 0.0.0:2375 >> /var/log/docker.log 2>&1 &
kube-proxy
[kubelet、kube-proxy]
:cp kubelet /usr/bin/kubelet
:cp kube-proxy /usr/bin/kube-proxy kubelet
[服务组件 -> kube-proxy]
:vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=/etc/kubernetes/config
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
:mkdir -p /etc/kubernetes
:vim /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
:vim /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://10.0.0.112:8080"
# /usr/lib/systemd/system/kube-proxy.service
# /etc/kubernetes/proxy
# /etc/kubernetes/config
kubelet
[服务组件 -> kubelet]
:vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
:vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=127.0.0.1" #your node ip address
KUBELET_API_SERVER="--api-servers=http://10.0.0.112:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest"
KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"
// “--hostname-override=10.0.209.152” 为Node主机IP地址
:mkdir -p /var/lib/kubelet && vim /var/lib/kubelet/kubeconfig # 向master进行注册
apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
cluster:
server: http://10.0.0.112:8080
contexts:
- context:
cluster: kubernetes
user: kubelet
name: service-account-context
current-context: service-account-context
# /usr/lib/systemd/system/kubelet.service
# /etc/kubernetes/kubelet
# /var/lib/kubelet/kubeconfig
[配置服务]
:systemctl daemon-reload
:systemctl enable kube-proxy.service
:systemctl enable kubelet.service
:systemctl start kube-proxy
:systemctl start kubelet.service
[检测]
:netstat -lntp | grep kube-proxy
:netstat -tnlp | grep kubelet
验证环境,创建POD
[配置 nginx_test.yaml]
:vim nginx_test.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
namespace: default
spec:
containers:
- image: docker.io/istio/nginx
imagePullPolicy: IfNotPresent
name: nginx-deployment-6499c587d8
restartPolicy: Always
[创建]
:kubectl apply -f nginx_test.yaml
[Question]
Error from server (ServerTimeout): error when creating "test.yaml": No API token found for service account "default", retry
after the token is automatically created and added to the service account
[原因]
:service account没有设置API token
[解决 方式一]
:禁用ServiceAccount
:vim /etc/kubenetes/apiserver -> 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount
:systemctl restart kube-apiserver.service # 重启kube-apiserver.service服务
[解决 方式二]
:配置ServiceAccount
:生成密钥,然后分别编辑apiserver和controller-manager配置文件并重启组件
:openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
:vim /etc/kubenetes/apiserver
KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key" #添加
:vim /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key" # 添加
:systemctl restart kube-apiserver.service && systemctl restart kube-controller-manager.service
若有收获,就点个赞吧
0 人点赞
