锐客网

  1. 首页 > it技术 > >

kubernetes|kubernetes 二进制文件离线手动安装搭建

1. 准备阶段 1.1 组建规划

主机名 地址 角色 组件
k8s-master 10.0.209.151 k8s-master etcd、kube-apiserver、kube-controller-manager、kube-scheduler
k8s-node-1 10.0.209.152 k8s-node kubelet、docker、kube_proxy
k8s-node-2 10.0.209.153 k8s-node kubelet、docker、kube_proxy
1.2 软件下载 (1) Kubernetes二进制文件下载 https://github.com/kubernetes/kubernetes/releases
从上边的网址中选择相应的版本,从 CHANGELOG页面 下载二进制文件,本文以1.12.1版本为例,如图所示为其Linux Server版本:

kubernetes|kubernetes 二进制文件离线手动安装搭建
文章图片
1.12.1 Linux Server版本
解压后,在 /root/kubernetes/server/bin 路径下包含一些必须的组件:
kubernetes|kubernetes 二进制文件离线手动安装搭建
文章图片
Kubernetes文件
(2) etcd数据库下载 https://github.com/coreos/etcd/releases/
这里选用的是最新版本v3.3.10。
2. Master安装 2.1 etcd数据库安装 (1)安装 将下载的etcd文件包进行解压,解压后将etcd、etcdctl二进制文件复制到/usr/bin目录。
(2)设置服务文件etcd.service 在/usr/lib/systemd/system/目录下创建文件etcd.service,内容为:
[Unit] Description=Etcd Server[Service] Type=notify TimeoutStartSec=0 Restart=always WorkingDirectory=/var/lib/etcd/ EnvironmentFile=-/etc/etcd/etcd.conf ExecStart=/usr/bin/etcd [Install] WantedBy=multi-user.target

  • 其中WorkingDirectory为etcd数据库目录,需要在etcd安装前创建
(3)创建配置文件/etc/etcd/etcd.conf
ETCD_NAME=ETCD Server ETCD_DATA_DIR="/var/lib/etcd/" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_ADVERTISE_CLIENT_URLS="http://10.0.209.151:2379"

(4)配置开机启动并运行
#systemctl daemon-reload #systemctl enable etcd.service #systemctl start etcd.service

(5)检验etcd是否安装成功
#etcdctl cluster-health

kubernetes|kubernetes 二进制文件离线手动安装搭建
文章图片
安装etcd成功返回结果 2.2 kube-apiserver、kube-controller-manager、kube-scheduler服务安装 2.2.1 复制二进制文件到/usr/bin目录 将kube-apiserver、kube-controller-manager、kube-scheduler 三个可执行文件复制到/usr/bin目录
2.2.2 组件安装及配置 2.2.2.1 kube-apiserver (1)新建并编辑kube-apiserver.service 文件
路径:/usr/lib/systemd/system/kube-apiserver.service,内容为:
[Unit] Description=Kubernetes API Server After=etcd.service Wants=etcd.service[Service] EnvironmentFile=/etc/kubernetes/apiserver ExecStart=/usr/bin/kube-apiserver\ $KUBE_ETCD_SERVERS \ $KUBE_API_ADDRESS \ $KUBE_API_PORT \ $KUBE_SERVICE_ADDRESSES \ $KUBE_ADMISSION_CONTROL \ $KUBE_API_LOG \ $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536[Install] WantedBy=multi-user.target

  • 其中EnvironmentFile为kube-apiserver的配置文件
    (2)配置文件
    apiserver配置文件路径为:/etc/kubernetes/apiserver,内容为:
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--insecure-port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.209.151:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2" KUBE_API_ARGS=" "

2.2.2.2 kube-controller-manager 【kubernetes|kubernetes 二进制文件离线手动安装搭建】(1)新建并编辑kube-controller-manager.service 文件
路径:/usr/lib/systemd/system/kube-controller-manager.service,内容为:
[Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service[Service] EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/bin/kube-controller-manager \ $KUBE_MASTER \ $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536[Install] WantedBy=multi-user.target

(2)配置文件
apiserver配置文件路径为:/etc/kubernetes/controller-manager,内容为:
KUBE_MASTER="--master=http://10.0.209.151:8080" KUBE_CONTROLLER_MANAGER_ARGS=" "

2.2.2.3 kube-scheduler (1)新建并编辑kube-scheduler 文件
路径:/usr/lib/systemd/system/kube-scheduler.service,内容为:
[Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service[Service] User=root EnvironmentFile=-/etc/kubernetes/scheduler ExecStart=/usr/bin/kube-scheduler \ $KUBE_MASTER \ $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536[Install] WantedBy=multi-user.target

(2)配置文件
kube-scheduler配置文件路径为:/etc/kubernetes/scheduler,内容为:
KUBE_MASTER="--master=http://10.0.209.151:8080" KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2"

2.2.3 将各组件加入开机自启
systemctl daemon-reload systemctl enable kube-apiserver.service systemctl start kube-apiserver.service systemctl enable kube-controller-manager.service systemctl start kube-controller-manager.service systemctl enable kube-scheduler.service systemctl start kube-scheduler.service

2.3 安装完后检验正确 运行命令 kubectl get cs

kubernetes|kubernetes 二进制文件离线手动安装搭建
文章图片
正确安装master返回结果
3 Node安装 Node节点上安装组件有:
  • docker
  • kube-proxy
  • kubelet
3.1 docker安装 Docker的版本需要与kubelete版本相对应,最好都使用最新的版本。
3.2 拷贝 kubelet、kube-proxy 在之前解压的 kubernetes 文件夹中拷贝二进制文件
# cp /root/kubernetes/server/bin/kubelet/usr/bin/ # cp /root/kubernetes/server/bin/kube-proxy/usr/bin/

3.3 kube-proxy安装
# vi /usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/config EnvironmentFile=/etc/kubernetes/proxy ExecStart=/usr/bin/kube-proxy \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_MASTER \ $KUBE_PROXY_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target

创建配置目录,并添加配置文件
# mkdir -p /etc/kubernetes # vi /etc/kubernetes/proxy KUBE_PROXY_ARGS="" # vi /etc/kubernetes/config KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" KUBE_ALLOW_PRIV="--allow_privileged=false" KUBE_MASTER="--master=http://10.0.209.151:8080"

启动服务
# systemctl daemon-reload # systemctl start kube-proxy # netstat -lntp | grep kube-proxy tcp00 127.0.0.1:102490.0.0.0:*LISTEN12641/kube-proxy tcp600 :::10256:::*LISTEN12641/kube-proxy

3.4 kubelet安装
# vi /usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet EnvironmentFile=/etc/kubernetes/kubelet ExecStart=/usr/bin/kubelet $KUBELET_ARGS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target # mkdir -p /var/lib/kubelet # vi /etc/kubernetes/kubelet KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_HOSTNAME="--hostname-override=10.0.209.152"#your node ip address KUBELET_API_SERVER="--api-servers=http://10.0.209.151:8080" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest" KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"

  • 其中 “--hostname-override=10.0.209.152” 为node主机IP地址。
创建配置文件 vi /var/lib/kubelet/kubeconfig 向master进行注册
apiVersion: v1 kind: Config users: - name: kubelet clusters: - name: kubernetes cluster: server: http://10.0.209.151:8080 contexts: - context: cluster: kubernetes user: kubelet name: service-account-context current-context: service-account-context

启动kubelet并进行验证。
# systemctl daemon-reload # systemctl start kubelet.service #netstat -tnlp | grep kubelet tcp00 127.0.0.1:454150.0.0.0:*LISTEN12576/kubelet tcp00 127.0.0.1:102480.0.0.0:*LISTEN12576/kubelet tcp600 :::10250:::*LISTEN12576/kubelet tcp600 :::10255:::*LISTEN12576/kubelet

  • 其他节点同样操作。
3.5 验证成功及问题解决 在master上执行命令kubectl get node,返回如下结果:

kubernetes|kubernetes 二进制文件离线手动安装搭建
文章图片
获取node
创建简单得nginx_test.yaml文件:
apiVersion: v1 kind: Pod metadata: name: nginx labels: app: nginx namespace: default spec: containers: - image: docker.io/istio/nginx imagePullPolicy: IfNotPresent name: nginx-deployment-6499c587d8 restartPolicy: Always

执行命令,报错如下:
# kubectl apply -f nginx_test.yaml Error from server (ServerTimeout): error when creating "test.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

原因是service account没有设置API token引起的问题,解决方法有两种:
  1. 禁用ServiceAccount
    编辑/etc/kubenetes/apiserver去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:
#vi /etc/kubernetes/apiserver KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"#systemctl restart kube-apiserver.service

之后重新创建pod成功。
  1. 配置ServiceAccount
    首先生成密钥,然后分别编辑apiserver和controller-manager配置文件并重启组件。
# openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048 # vi /etc/kubenetes/apiserver KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key"#添加 # vi /etc/kubernetes/controller-manager KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key"# 添加#systemctl restart kube-controller-manager.service

之后重新创建pod成功。

    推荐阅读


    上一篇:各位仙女节日快乐

    下一篇:人生是为了吃喝玩乐