0. Linux环境调整
2个VM, 192.168.1.157(docker2) 作为master, 192.168.1.158 (docker3)作为minon
1. 修改hostname
/etc/hostname
192.168.1.157命名为docker2
192.168.1.158 命名为docker3
2. 修改hosts
/etc/hosts
增加
192.168.1.157 docker2 docker2
192.168.1.158 docker3 docker3
1. 修改yum的repo
目录下/etc/yum.repos.d创建文件kubernetes.repo,内容如下:
[kubernetes]
name=Kubernetes baseurl=http://files.rm-rf.ca/rpms/kubelet/ enabled=1 gpgcheck=02. 安装docker和kubenetes
yum install -y docker kubelet kubeadm kubectl kubernetes-cni
3. 修改docker的镜像来源
使用daocloud的加速器:
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://7f135bb1.m.daocloud.io
修改后/lib/systemd/system/docker.service里面如下:
ExecStart=/usr/bin/docker-current daemon --registry-mirror=http://7f135bb1.m.daocloud.io \
--exec-opt native.cgroupdriver=systemd \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ $INSECURE_REGISTRY
4. 启动docker和kubelet
# systemctl enable docker && systemctl start docker# systemctl enable kubelet && systemctl start kubelet
5. 获取相关镜像
docker pull chasontang/kube-proxy-amd64:v1.4.0
docker pull chasontang/kube-discovery-amd64:1.0 docker pull chasontang/kubedns-amd64:1.7 docker pull chasontang/kube-scheduler-amd64:v1.4.0 docker pull chasontang/kube-controller-manager-amd64:v1.4.0 docker pull chasontang/kube-apiserver-amd64:v1.4.0 docker pull chasontang/etcd-amd64:2.2.5 docker pull chasontang/kube-dnsmasq-amd64:1.3 docker pull chasontang/exechealthz-amd64:1.1 docker pull chasontang/pause-amd64:3.0//dashboard这个是登陆daocloud.io后获取的(docker login daocloud.io),需要注册daocloud的帐号
docker pull mritd/kubernetes-dashboard-amd64:v1.4.2
下载以后使用 docker tag 命令将其做别名改为 gcr.io/google_containers
docker tag chasontang/kube-proxy-amd64:v1.4.0 gcr.io/google_containers/kube-proxy-amd64:v1.4.0docker tag chasontang/kube-discovery-amd64:1.0 gcr.io/google_containers/kube-discovery-amd64:1.0docker tag chasontang/kubedns-amd64:1.7 gcr.io/google_containers/kubedns-amd64:1.7docker tag chasontang/kube-scheduler-amd64:v1.4.0 gcr.io/google_containers/kube-scheduler-amd64:v1.4.0docker tag chasontang/kube-controller-manager-amd64:v1.4.0 gcr.io/google_containers/kube-controller-manager-amd64:v1.4.0docker tag chasontang/kube-apiserver-amd64:v1.4.0 gcr.io/google_containers/kube-apiserver-amd64:v1.4.0docker tag chasontang/etcd-amd64:2.2.5 gcr.io/google_containers/etcd-amd64:2.2.5docker tag chasontang/kube-dnsmasq-amd64:1.3 gcr.io/google_containers/kube-dnsmasq-amd64:1.3docker tag chasontang/exechealthz-amd64:1.1 gcr.io/google_containers/exechealthz-amd64:1.1docker tag chasontang/pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0
docker tag mritd/kubernetes-dashboard-amd64:v1.4.2 gcr.io/google_containers//kubernetes-dashboard-amd64:v1.4.2
清除原来下载的镜像
docker rmi chasontang/kube-proxy-amd64:v1.4.0docker rmi chasontang/kube-discovery-amd64:1.0docker rmi chasontang/kubedns-amd64:1.7docker rmi chasontang/kube-scheduler-amd64:v1.4.0docker rmi chasontang/kube-controller-manager-amd64:v1.4.0docker rmi chasontang/kube-apiserver-amd64:v1.4.0docker rmi chasontang/etcd-amd64:2.2.5docker rmi chasontang/kube-dnsmasq-amd64:1.3docker rmi chasontang/exechealthz-amd64:1.1docker rmi chasontang/pause-amd64:3.0
6. 初始化master
用192.168.1.157作为master
kubeadm init --api-advertise-addresses=192.168.1.157 --use-kubernetes-version=v1.4.0
7. 安装网络
直接使用官方推荐的weave-net方案,如果使用flannel方案需要特殊处理,具体查阅http://kubernetes.io/docs/admin/kubeadm/
kubectl create -f https://git.io/weave-kube
安装完成后,dns容器应该自动起来了, 通过Kubectl get pods --all-namespaces或者docker ps查看dns的pod是否起来了。
8.安装minon
前5步及第7步相同,完成后加入cluster
kubeadm join --token=018c3f.099d4f13a077a155 192.168.1.157
9.查看状态
kubectl get pods --all-namespaces
[root@docker2 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system dummy-2088944543-pju0l 1/1 Running 0 2h kube-system etcd-docker2 1/1 Running 0 2h kube-system kube-apiserver-docker2 1/1 Running 1 2h kube-system kube-controller-manager-docker2 1/1 Running 1 2h kube-system kube-discovery-1150918428-u51m6 1/1 Running 0 2h kube-system kube-dns-654381707-dotvk 3/3 Running 4 2h kube-system kube-proxy-6qf47 1/1 Running 0 2h kube-system kube-proxy-u8qr0 1/1 Running 0 1h kube-system kube-scheduler-docker2 1/1 Running 0 2h kube-system weave-net-5chdf 2/2 Running 0 1h kube-system weave-net-wfb3l 2/2 Running 0 1h10. 创建kubernetes-dashboard.yaml
修改镜像策略为
IfNotPresent
imagePullPolicy: Always
运行:
kubectl create -f kubernetes-dashboard.yaml
如果创建出现问题,运行下面命令清理:
kubectl delete -f kubernetes-dashboard.yaml
具体日志和问题可以查看:
kubectl describe dashbaord的pod name --namespace=kube-system
11.查看Dashboard状态
[root@docker2 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system dummy-2088944543-pju0l 1/1 Running 3 1d kube-system etcd-docker2 1/1 Running 3 1d kube-system kube-apiserver-docker2 1/1 Running 16 1d kube-system kube-controller-manager-docker2 1/1 Running 7 1d kube-system kube-discovery-1150918428-u51m6 1/1 Running 3 1d kube-system kube-dns-654381707-dotvk 3/3 Running 13 1d kube-system kube-proxy-6qf47 1/1 Running 3 1d kube-system kube-proxy-u8qr0 1/1 Running 1 23h kube-system kube-scheduler-docker2 1/1 Running 5 1dkube-system kubernetes-dashboard-2117559662-zptxa 1/1 Running 0 19h kube-system weave-net-5chdf 2/2 Running 14 23h kube-system weave-net-wfb3l 2/2 Running 2 23h12.访问dashboard
http://192.168.1.157:8080/ui
发现该url访问不了,查看api server的地址:
[root@docker2 ~]# kubectl cluster-info
Kubernetes master is running at http://localhost:8080 kube-dns is running at http://localhost:8080/api/v1/proxy/namespaces/kube-system/services/kube-dnsTo further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
直接在master服务器上运行:wget http://localhost:8080/ui 发现可以获取ui页面
怀疑是路由的问题,于是增加iptables的路由:
iptables -t nat -A PREROUTING --dst 192.168.1.157 -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8080
再次访问: http://192.168.1.157:8080/ui,成功。
13. 限制
这种方式存在的限制是etcd服务是由kubeadm在容器中启动的,而且只是在master节点上启动了一个,存在单点故障, apiserver也存在单点故障。
多个apiserver
--api-advertise-addresses
(multiple values are allowed)
可以通过指定使用外部etcd服务
--external-etcd-cafile
etcd certificate authority file
--external-etcd-endpoints
(multiple values are allowed)
--external-etcd-certfile
etcd client certificate file
--external-etcd-keyfile
etcd client key file
具体参考官方文档:http://kubernetes.io/docs/admin/kubeadm/