一, 环境配置
- master 172.16.101.199 docker,apiserver, controller-manager, scheduler
- etcd 172.16.101.199 etcd
- node1 172.16.101.221 flannel, docker, kubelet, kube-proxy
- node2 172.16.101.221 flannel, docker, kubelet, kube-proxy
1 / 设置 hosts 文件
- 172.16.101.199 master
- 172.16.101.199 etcd
- 172.16.101.220 node1
- 172.16.101.221 node2
2, 基础设置
2,1 关闭防火墙
2,2 关闭 selinux
2,3 设置 hosts
2.4 启用 iPv4 转发
CentOS7 下可编辑配置文件 / etc/sysctl.conf
- net.ipv4.ip_forward = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
执行 sudo sysctl -p 立刻生效.
2.5 禁用 SWAP:
永久禁用 swap 可以直接修改 / etc/fstab 文件, 注释掉 swap 项
2.6 免秘钥登录
2,master:
(1), 安装 docker
CentOS7
安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
添加 Docker 软件包源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
更新 yum 包索引
yum makecache fast
安装 Docker CE
yum install docker-ce -y
启动
- systemctl start docker
- systemctl enable docker
卸载方法一
- yum remove docker-ce
- rm -rf /var/lib/docker
- # 卸载 docker 方法二:
- yum list installed | grep docker
删除安装包
sudo yum -y remove docker-engine.x86_64
(2) 安装 kubernets.flannel.etcd
yum install kubernetes-master etcd flannel-y
(3) 配置 etcd
- cat /etc/etcd/etcd.conf |egrep -v "^#|^$"
- ETCD_NAME=default
- ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
- ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379/" ## 监听地址端口
- ETCD_ADVERTISE_CLIENT_URLS="http://etcd:2379/" ## etcd 集群配置; 多个 etcd 服务器, 直接在后面加 url
- ## 启动 etcd 服务
- systemctl start etcd
(4) 配置 kubernetes
- cat /etc/kubernetes/kubernetes.conf
- KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" ## kube 启动时绑定的地址
- KUBE_ETCD_SERVERS="--etcd-servers= http://etcd:2379/" ## kube 调用 etcd 的 url
- KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=172.17.0.0/16" ## 此地址是 docker 容器的地址段
- KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
- KUBE_API_ARGS=""cat config |egrep -v"^#|^$"KUBE_LOGTOSTDERR="--logtostderr=true"KUBE_LOG_LEVEL="--v=0"KUBE_ALLOW_PRIV="--allow-privileged=false"KUBE_MASTER="--master= http://172.16.101.199:8080/ " ## kube master api url
(5) 配置 flanned
- #cat /etc/sysconfig/flanneld
- FLANNEL_ETCD_ENDPOINTS="http://etcd:2379/"
FLANNEL_ETCD_PREFIX="/kube/network" 注意: kube
特别注意项: 这条选项很重要
etcdctl mk /kube/network/config '{"Network":"172.17.0.0/16"}' ## 注意此处的 ip 和上文中出现的 ip 地址保持一致.
报错问题:
E0808 11:09:44.387201 10537 network.go:102] failed to retrieve network config: 100: Key not found (/kube) [3]
3,node1-2 安装
1). 安装软件包.
- yum install kubernetes-node flannel -y #默认安装 docker-1.13.1 版本, 其需要启动 docker 就可以了
- systemctl enable docker
- systemctl start docker
- docker version
2) 配置 flannel
- #cat /etc/sysconfig/flanneld
- FLANNEL_ETCD_ENDPOINTS="http://etcd:2379/"
FLANNEL_ETCD_PREFIX="/kube/network" 注意: kube
systemctl start flanneld
3) 配置 kubelet
- cd /etc/kubernetes
- cat config |egrep -v "^#|^$"
- KUBE_LOGTOSTDERR="--logtostderr=true"
- KUBE_LOG_LEVEL="--v=0"
- KUBE_ALLOW_PRIV="--allow-privileged=false"
- KUBE_MASTER="--master= http://172.16.101.199:8080/" ## kube master api url
- cat kubelet |egrep -v "^#|^$"
- KUBELET_ADDRESS="--address=0.0.0.0" ## kubelet 启动后绑定的地址
- KUBELET_PORT="--port=10250" ## kubelet 端口
- KUBELET_HOSTNAME="--hostname-override=172.16.101.220" ##kubelet 的 hostname, 在 master 执行 kubectl get nodes 显示的名字
- KUBELET_API_SERVER="--api-servers= http://172.16.101.199:8080/" ## kube master api url
- KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
- KUBELET_ARGS=""
4, 启动顺序
- master:
- systemctl start docker #启动
- systemctl status docker #检测
- systemctl start etcd
- systemctl status etcd
- systemctl start flanneld
- systemctl status flanneld
查看 ip, 会出现 flannel0 的网络接口设备, 该地址和 docker0 地址是一致的, 如果不一致请确认以上服务是否正常启动
启动顺序: kube-apiserver 居首.
- systemctl start kube-apiserver
- systemctl start kube-controller-manager
- systemctl start kube-scheduler
- node:
- systemctl start docker.service
- systemctl start kube-proxy
- systemctl start kubelet
5, 检测配置正确性
访问 http://kube-apiserver:port
http://172.16.101.199:8080/ 查看所有请求 url
http://172.16.101.199:8080/healthz/ping 查看健康状况
6, 开启 k8s dashboard:
master:
1). 在 master 上验证服务.
- kubectl get nodes ## 获取 k8s 客户端.
- NAME STATUS AGE
- 172.16.101.220 Ready 1h
- 172.16.101.221 Ready 1h
- kubectl get namespace ## 获取 k8s 所有命名空间
- NAME STATUS AGE
- default Active 1h
- kube-system Active 1h
新建 kube-dashboard.yaml
- cd /usr/local/src/docker/
- kubectl delete -f kubernetes-dashboard.yaml
- kubectl get pods --namespace=kube-system
- kubectl get pod --all-namespaces
- kubectl describe pods kubernetes-dashboard-2215670400-w0j11 --namespace=kube-system
客户端:
- systemctl restart flanneld
- systemctl start kube-proxy
- systemctl start kubelet
- node1-2
客户端执行:
- yum install python-rhsm
- yum install rhsm
- wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
- rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
- docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
- # 基础命令
kubectl get po/svc/cm/rc : 查看容器
kubectl describe po name : 查看详情
kubectl delete po name : 删除资源
-o wide : 多显示几列信息
--all-namespaces : 所有命名空间
-n name : 指定命名空间 (default 可以不带此参数)
kubectl apply/create -f aaa.yaml : 执行 yml 文件
kubectl exec 容器名称 -it -- bash : 进入容器
exit : 退出
kubectl delete po name : 删除资源
1, 问题一
解决不能删除问题:
- [root@localhost docker]# kubectl create -f kubernetes-dashboard.yaml
- Error from server (AlreadyExists): error when creating "kubernetes-dashboard.yaml": deployments.extensions "kubernetes-dashboard" already exists
- Error from server (AlreadyExists): error when creating "kubernetes-dashboard.yaml": services "kubernetes-dashboard" already exists
解决方法:
- kubectl delete namespace kube-system
- kubectl delete -f kubernetes-dashboard.yaml
- https://www.jb51.net/article/94343.htm/
2, 问题二
解决超时问题:
- Error: 'dial tcp 172.17.71.2:9090: getsockopt: no route to host'
- Trying to reach: 'http://172.17.71.2:9090/'
getsockopt: connection timed out'问题
如果安装的 docker 版本为 1.13 及以上, 并且网络畅通, flannel,etcd 都正常, 但还是会出现 getsockopt: connection timed out'的错误, 则可能是 iptables 配置问题. 具体问题:
Error: 'dial tcp 10.233.50.3:8443: getsockopt: connection timed out
如果安装的 docker 版本为 1.13 及以上, 并且网络畅通, flannel,etcd 都正常, 但还是会出现 getsockopt: connection timed out'的错误, 则可能是 iptables 配置问题. 具体问题:
Error: 'dial tcp 10.233.50.3:8443: getsockopt: connection timed out
docker 从 1.13 版本开始, 可能将 iptables FORWARD chain 的默认策略设置为 DROP, 从而导致 ping 其他 Node 上的 Pod IP 失败, 遇到这种问题时, 需要手动设置策略为 ACCEPT:
sudo iptables -P FORWARD ACCEPT
使用 iptables -nL 命令查看, 发现 Forward 的策略还是 drop, 可是我们明明执行了 iptables -P FORWARD ACCEPT. 原来, docker 是在这句话执行之后启动的, 需要每次在 docker 之后再执行这句话... 这么做有点太麻烦了, 所以我们修改下 docker 的启动脚本:
- vi /usr/lib/systemd/system/docker.service
- [Service]
- Type=notify
- ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS $DOCKER_DNS_OPTIONS
添加这行操作, 在每次重启 docker 之前都会设置 iptables 策略为 ACCEPT
- ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
- ExecReload=/bin/kill -s HUP $MAINPID
在启动文件中的 [Service] 下添加一行配置, 即上面代码中的配置即可.
然后重启 docker, 再次查看 dashboard 网页.
这个问题在实在解决不了
master 装一个 node 客户端
来源: http://www.bubuko.com/infodetail-2720094.html