kubernetes创建集群

时间:Dec. 7, 2018 分类:

目录:

通过kubeadm构建k8s集群

IP地址 主机名 角色
172.19.0.16 why-03 node
172.19.0.15 why-02 node
172.19.0.13 why-01 master

安装docker

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce
systemctl enable docker && systemctl start docker

安装kubeadm

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# Set SELinux in permissive mode (effectively disabling it)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable kubelet && systemctl start kubelet

更多操作系统安装可以参考install-kubeadm

初始化master

注意内核参数net.ipv4.ip_forward = 1需要调整为1

$ kubeadm init --apiserver-advertise-address 172.19.0.9 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.13.0
# kubeadm 执行初始化前的检查
[preflight] Running pre-flight checks                       
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.0. Latest validated version: 18.06
    [WARNING Hostname]: hostname "why-01" could not be reached
    [WARNING Hostname]: hostname "why-01": lookup why-01 on 183.60.83.19:53: no such host
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
# 生成token和证书
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [why-01 localhost] and IPs [172.19.0.9 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [why-01 localhost] and IPs [172.19.0.9 127.0.0.1 ::1]
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [why-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.19.0.9]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
# 生成kubernetes配置文件
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
# 安装master组件
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 21.502397 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.13" in namespace kube-system with the configuration for the kubelets in the cluster
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "why-01" as an annotation
[mark-control-plane] Marking the node why-01 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node why-01 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 3t2p2v.7o85e8murnxuw4ve
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
# 安装附加组件kube-proxy和CoreDNS
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

# kubernetes Master节点初始化成功
Your Kubernetes master has initialized successfully!

# 提示如何配置kubectl
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 提示如何安装Pod网络
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

# 提示如何祖册其他节点到
You can now join any number of machines by running the following on each node
as root:

  kubeadm join 172.19.0.9:6443 --token 3t2p2v.7o85e8murnxuw4ve --discovery-token-ca-cert-hash sha256:84a016da1d4593348db015d1765ac9ad9847e7cf7eae96031cf688f2ffe4aaff

  • --apiserver-advertise-address指明用Master的哪个interface与集群其他节点通信,如果不指定会使用默认的interface
  • --pod-network-cidr指定Pod网络的范围,因为要使用flannel网络,所以设置为这个CIDR

初始化启动的容器

$ docker ps -a
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS               NAMES
1246b18cb4f9        8fa56d18961f           "/usr/local/bin/kube…"   17 minutes ago      Up 17 minutes                           k8s_kube-proxy_kube-proxy-92wr6_kube-system_7ad4502d-f928-11e8-b21a-5254005c0df5_0
8a97faf6e643        k8s.gcr.io/pause:3.1   "/pause"                 17 minutes ago      Up 17 minutes                           k8s_POD_kube-proxy-92wr6_kube-system_7ad4502d-f928-11e8-b21a-5254005c0df5_0
e75e871dc31c        3cab8e1b9802           "etcd --advertise-cl…"   17 minutes ago      Up 17 minutes                           k8s_etcd_etcd-why-01_kube-system_9449638043de9548565b05f118a251e0_0
e1ce526dbca2        9508b7d8008d           "kube-scheduler --ad…"   17 minutes ago      Up 17 minutes                           k8s_kube-scheduler_kube-scheduler-why-01_kube-system_69aa2b9af9c518ac6265f1e8dce289a0_0
b7c0dcebc81d        f1ff9b7e3d6e           "kube-apiserver --au…"   17 minutes ago      Up 17 minutes                           k8s_kube-apiserver_kube-apiserver-why-01_kube-system_5f2c4fdf9ea97da5addcbbed08b7d6c6_0
7de644bddefc        d82530ead066           "kube-controller-man…"   17 minutes ago      Up 17 minutes                           k8s_kube-controller-manager_kube-controller-manager-why-01_kube-system_35c45cd26ae611481b56189b4aafa2b2_0
531728bb82bb        k8s.gcr.io/pause:3.1   "/pause"                 17 minutes ago      Up 17 minutes                           k8s_POD_kube-scheduler-why-01_kube-system_69aa2b9af9c518ac6265f1e8dce289a0_0
7c52442fc09f        k8s.gcr.io/pause:3.1   "/pause"                 17 minutes ago      Up 17 minutes                           k8s_POD_kube-controller-manager-why-01_kube-system_35c45cd26ae611481b56189b4aafa2b2_0
01f7f8162f4e        k8s.gcr.io/pause:3.1   "/pause"                 17 minutes ago      Up 17 minutes                           k8s_POD_kube-apiserver-why-01_kube-system_5f2c4fdf9ea97da5addcbbed08b7d6c6_0
3b65b233ac78        k8s.gcr.io/pause:3.1   "/pause"                 17 minutes ago      Up 17 minutes                           k8s_POD_etcd-why-01_kube-system_9449638043de9548565b05f118a251e0_0

可以看到启动了kube-apiserver、kube-scheduler、kube-controller-manager,kube-proxy和etcd容器

使用普通用户运行kubectl

$ useradd why
$ vi /etc/sudoers
why     ALL=(ALL)       NOPASSWD:ALL
$ su - why
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装 Pod 网络

$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created

这是新启动的容器

$ sudo docker ps -a
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS                     PORTS               NAMES
222b63517a28        f59dcacceff4             "/coredns -conf /etc…"   2 minutes ago       Up 2 minutes                                   k8s_coredns_coredns-86c58d9df4-wg6wc_kube-system_7abedcb7-f928-11e8-b21a-5254005c0df5_0
d4873ac26728        f59dcacceff4             "/coredns -conf /etc…"   2 minutes ago       Up 2 minutes                                   k8s_coredns_coredns-86c58d9df4-gb6h4_kube-system_7ac11b86-f928-11e8-b21a-5254005c0df5_0
9ef2e8cfdd68        k8s.gcr.io/pause:3.1     "/pause"                 2 minutes ago       Up 2 minutes                                   k8s_POD_coredns-86c58d9df4-gb6h4_kube-system_7ac11b86-f928-11e8-b21a-5254005c0df5_0
27d8b876b292        k8s.gcr.io/pause:3.1     "/pause"                 2 minutes ago       Up 2 minutes                                   k8s_POD_coredns-86c58d9df4-wg6wc_kube-system_7abedcb7-f928-11e8-b21a-5254005c0df5_0
afd12ca65c98        f0fad859c909             "/opt/bin/flanneld -…"   2 minutes ago       Up 2 minutes                                   k8s_kube-flannel_kube-flannel-ds-amd64-dkbgq_kube-system_fece093d-f92b-11e8-b21a-5254005c0df5_0
841e08dc9ebd        quay.io/coreos/flannel   "cp -f /etc/kube-fla…"   2 minutes ago       Exited (0) 2 minutes ago                       k8s_install-cni_kube-flannel-ds-amd64-dkbgq_kube-system_fece093d-f92b-11e8-b21a-5254005c0df5_0
925e1a14a54d        k8s.gcr.io/pause:3.1     "/pause"                 2 minutes ago       Up 2 minutes                                   k8s_POD_kube-flannel-ds-amd64-dkbgq_kube-system_fece093d-f92b-11e8-b21a-5254005c0df5_0

包括一个flannel服务和两个coredns服务

Node加入集群

[root@why-02 ~]# kubeadm join 172.19.0.9:6443 --token 3t2p2v.7o85e8murnxuw4ve --discovery-token-ca-cert-hash sha256:84a016da1d4593348db015d1765ac9ad9847e7cf7eae96031cf688f2ffe4aaff
[preflight] Running pre-flight checks
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.0. Latest validated version: 18.06
    [WARNING Hostname]: hostname "why-02" could not be reached
    [WARNING Hostname]: hostname "why-02": lookup why-02 on 183.60.83.19:53: no such host
[discovery] Trying to connect to API Server "172.19.0.9:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://172.19.0.9:6443"
[discovery] Requesting info from "https://172.19.0.9:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "172.19.0.9:6443"
[discovery] Successfully established connection with API Server "172.19.0.9:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "why-02" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

初始化后的Node上的容器

[root@why-02 ~]# docker ps -a
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS                     PORTS               NAMES
58154d12ff4f        f0fad859c909             "/opt/bin/flanneld -…"   8 minutes ago       Up 8 minutes                                   k8s_kube-flannel_kube-flannel-ds-amd64-k5x5z_kube-system_c18b9c09-f92f-11e8-b21a-5254005c0df5_0
be15315002e1        quay.io/coreos/flannel   "cp -f /etc/kube-fla…"   8 minutes ago       Exited (0) 8 minutes ago                       k8s_install-cni_kube-flannel-ds-amd64-k5x5z_kube-system_c18b9c09-f92f-11e8-b21a-5254005c0df5_0
267c1b3e1aeb        k8s.gcr.io/kube-proxy    "/usr/local/bin/kube…"   8 minutes ago       Up 8 minutes                                   k8s_kube-proxy_kube-proxy-qgrxx_kube-system_c18b01ce-f92f-11e8-b21a-5254005c0df5_0
4b75fefc3207        k8s.gcr.io/pause:3.1     "/pause"                 8 minutes ago       Up 8 minutes                                   k8s_POD_kube-proxy-qgrxx_kube-system_c18b01ce-f92f-11e8-b21a-5254005c0df5_0
079af832afbf        k8s.gcr.io/pause:3.1     "/pause"                 8 minutes ago       Up 8 minutes                                   k8s_POD_kube-flannel-ds-amd64-k5x5z_kube-system_c18b9c09-f92f-11e8-b21a-5254005c0df5_0

有flannel服务,kube-proxy服务,其实每台Node上还启动了以守护进程启动的kubelet服务

[root@why-02 ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/kubelet.service.d
           └─10-kubeadm.conf
   Active: active (running) since Thu 2018-12-06 16:20:13 CST; 38min ago
     Docs: https://kubernetes.io/docs/
 Main PID: 17093 (kubelet)
    Tasks: 16
   Memory: 39.9M
   CGroup: /system.slice/kubelet.service
           └─17093 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --cgroup-driver=cgroupfs --network-plugin=cni --pod-infra-container-image=k8s.gcr.io/paus...

Dec 06 16:20:14 why-02 kubelet[17093]: E1206 16:20:14.129998   17093 kubelet.go:2192] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Dec 06 16:20:14 why-02 kubelet[17093]: W1206 16:20:14.238857   17093 container.go:523] Failed to update stats for container "/system.slice/run-17169.scope": failed to parse memory.usage_in_bytes - read /sys/fs/cgroup/memory/system.slice/run-17169...tinuing to push stats
Dec 06 16:20:16 why-02 kubelet[17093]: W1206 16:20:16.164218   17093 pod_container_deletor.go:75] Container "079af832afbf925ba567c0a54d089ec8174ed755ae0f54e409180790b50821dd" not found in pod's containers
Dec 06 16:20:16 why-02 kubelet[17093]: W1206 16:20:16.168032   17093 pod_container_deletor.go:75] Container "4b75fefc3207fcc4e5d03ab0280cc31d9d536375342f4ea220fb7d0b037b099e" not found in pod's containers
Dec 06 16:20:19 why-02 kubelet[17093]: W1206 16:20:19.012931   17093 cni.go:203] Unable to update cni config: No networks found in /etc/cni/net.d
Dec 06 16:20:19 why-02 kubelet[17093]: E1206 16:20:19.013024   17093 kubelet.go:2192] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Dec 06 16:20:24 why-02 kubelet[17093]: W1206 16:20:24.013814   17093 cni.go:203] Unable to update cni config: No networks found in /etc/cni/net.d
Dec 06 16:20:24 why-02 kubelet[17093]: E1206 16:20:24.013906   17093 kubelet.go:2192] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Dec 06 16:20:24 why-02 kubelet[17093]: E1206 16:20:24.019373   17093 cadvisor_stats_provider.go:432] Partial failure issuing cadvisor.ContainerInfoV2: partial failures: ["/system.slice/run-17169.scope": RecentStats: unable to find data in memory cache]
Dec 06 16:20:26 why-02 kubelet[17093]: W1206 16:20:26.371112   17093 container.go:409] Failed to create summary reader for "/kubepods/podc18b9c09-f92f-11e8-b21a-5254005c0df5/be15315002e1e3de825d4dc221a30eb4573d2f3bfdae9dff4c355256c565ef80": none ...es are being tracked.
Hint: Some lines were ellipsized, use -l to show in full.

从Master节点查看Node状态

[why@why-01 ~]$ kubectl get nodes
NAME     STATUS   ROLES    AGE     VERSION
why-01   Ready    master   57m     v1.13.0
why-02   Ready    <none>   4m59s   v1.13.0
why-03   Ready    <none>   25s     v1.13.0
[why@why-01 ~]$ kubectl get pod --all-namespaces
NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
kube-system   coredns-86c58d9df4-gb6h4         1/1     Running   0          61m
kube-system   coredns-86c58d9df4-wg6wc         1/1     Running   0          61m
kube-system   etcd-why-01                      1/1     Running   0          60m
kube-system   kube-apiserver-why-01            1/1     Running   0          60m
kube-system   kube-controller-manager-why-01   1/1     Running   0          60m
kube-system   kube-flannel-ds-amd64-7pcv4      1/1     Running   0          4m38s
kube-system   kube-flannel-ds-amd64-dkbgq      1/1     Running   0          36m
kube-system   kube-flannel-ds-amd64-k5x5z      1/1     Running   0          9m12s
kube-system   kube-proxy-92wr6                 1/1     Running   0          61m
kube-system   kube-proxy-9rdtg                 1/1     Running   0          4m38s
kube-system   kube-proxy-qgrxx                 1/1     Running   0          9m12s
kube-system   kube-scheduler-why-01            1/1     Running   0          60m