千家信息网

docker中如何初始化k8s集群

发表于:2025-01-18 作者:千家信息网编辑
千家信息网最后更新 2025年01月18日,这篇文章给大家分享的是有关docker中如何初始化k8s集群的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。k8s的部署有多种方式,但我们采用kubeadm工具部署。kube
千家信息网最后更新 2025年01月18日docker中如何初始化k8s集群

这篇文章给大家分享的是有关docker中如何初始化k8s集群的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。


k8s的部署有多种方式,但我们采用kubeadm工具部署。

kubeadm官方地址:https://github.com/kubernetes/kubeadm

一、环境

master,etcd: 172.16.1.100

node1: 172.16.1.101

node2: 172.16.1.102

k8s版本:1.11

二、前提

1、基于主机名通信:/etc/hosts;

172.16.1.100 master172.16.1.101 node01172.16.1.102 node02

2、时间同步;

3、关闭firewalld和iptables.service,这两个一定要禁用,因为k8s会自己设置iptables网络策略等;

    systemctl stop iptables.service   systemctl disable iptables.service   systemctl stop firewalld.service    systemctl disable firewalld.service

4、网络桥接全部设置为1

[root@k8s-master yum.repos.d]# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 1[root@k8s-master yum.repos.d]# cat /proc/sys/net/bridge/bridge-nf-call-iptables 1

三、安装配置步骤

1、下载k8s安装包

下载kubernetes包: https://github.com/kubernetes/kubernetes/releases

我们为了方便,不使用上面安装包的来安装k8s,这里只是让大家了解一下。我们此次安装使用kubeadm方式安装。

2、准备好yum源(master和nodes都需要)

a) docker源

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

b)k8s源

[root@k8s-master yum.repos.d]# cat k8s.repo [k8s]name=k8s repobaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpgenabled=1
[root@k8s-master yum.repos.d]# yum repolist
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg [root@k8s-master yum.repos.d]# rpm --import yum-key.gpg
[root@k8s-master yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg[root@k8s-master yum.repos.d]# rpm --import rpm-package-key.gpg

3、首先安装kublete、kubeadm、docker(在master上执行)

   yum -y install docker-ce kubelet kubeadm kubectl   (master上执行)
[root@k8s-master yum.repos.d]# rpm -ql kubelet/etc/kubernetes/manifests #清单目录/etc/sysconfig/kubelet #配置文件/etc/systemd/system/kubelet.service/usr/bin/kubelet #主程序

4、安装代理(为了翻墙)

由于中国某种不可描述的原因,需要更改docker 默认拉取镜像的源

root@k8s-master yum.repos.d]# vim /usr/lib/systemd/system/docker.service [Service]#表示访问https服务时,通过下面的代理来访问,本次这么做的目的是为了能访问外国的docer镜像,要不会被墙,用完了再注释掉,从而继续使用国内的镜像Environment="HTTPS_PROXY=http://www.ik8s.io:10080"Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"
[root@k8s-master yum.repos.d]# systemctl daemon-reload[root@k8s-master yum.repos.d]# systemctl start docker
[root@k8s-master yum.repos.d]# docker info #能看到如下两个HTTPS Proxy: http://www.ik8s.io:10080No Proxy: 127.0.0.0/8,172.16.0.0/16
[chenzx@sa ~]$ telnet www.ik8s.io 10080  #要确保这个端口是通的

5、运行kubeadm int初始化集群(在master上)

该过程会做先决条件预检、生成证书、私钥、生成配置文件、生成静态pod的清单文件并完成部署(addons)

[root@k8s-master yum.repos.d]# systemctl enable kubelet #首先只能设置为开机自启动,但先不要不要手工启动该服务(即使现在启动也启动不起来),等初始化完成了再启动。
[root@k8s-master chenzx]# systemctl  enable docker

[root@k8s-master chenzx]# kubeadm init --help

--apiserver-advertise-address:表示apiserver对外的地址是什么,默认是0.0.0.0

--apiserver-bind-port:表示apiserver的端口是什么,默认是6443

--cert-dir:加载证书的目录,默认在/etc/kubernetes/pki

--config:配置文件

--ignore-preflight-errors:在预检中如果有错误可以忽略掉,比如忽略 IsPrivilegedUser,Swap.等

--kubernetes-version:指定要初始化k8s的版本信息是什么

--pod-network-cidr :指定pod使用哪个网段,默认使用10.244.0.0/16

--service-cidr:指定service组件使用哪个网段,默认10.96.0.0/12

[root@k8s-master chenzx]# cat /etc/sysconfig/kubelet #指定额外的初始化信息,下面表示禁用操作系统的swap功能KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@k8s-master chenzx]# kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12  --ignore-preflight-errors=Swap[preflight/images] Pulling images required for setting up a Kubernetes cluster ##表示开始拉取镜像[preflight/images] This might take a minute or two, depending on the speed of your internet connection[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' ##如果你感觉网速慢,可以运行kubeadm config images pull命令把镜像拖到本地[certificates] Generated apiserver-kubelet-client certificate and key. ##可以看到生成一堆证书[certificates] Generated sa key and public key.[certificates] Generated front-proxy-ca certificate and key.[certificates] Generated front-proxy-client certificate and key.[certificates] Generated etcd/ca certificate and key.  [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"##yml控制给pod分多少cpu和内存[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.###markmaster帮我们把此节点标记为主节点[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]##bootstraptoken是引导令牌,让其他nodes加入集群时用的[bootstraptoken] using token: as5gwu.ktojf6cueg0doexi[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials##从k8s 1.11版开始,DNS正式被CoreDNS取代,它支持很多新的功能,比如资源的动态配置等[addons] Applied essential addon: CoreDNS##kube-proxy托管在K8S之上,负责生产service的iptables和ipvs规则,从k8s1.11开始默认支持ipvs[addons] Applied essential addon: kube-proxy##看到初始化成功了Your Kubernetes master has initialized successfully!To start using your cluster, you need to run the following as a regular user:##还需要手工运行一下命令  mkdir -p $HOME/.kube  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  sudo chown $(id -u):$(id -g) $HOME/.kube/config##其他机器装好包后,可以执行下面的命令来把nodes节点加入集群,把下面的命令记得自己保存起来,要不将来找不着就加不进去了##其实这么设计的目的就是不是谁都能加入集群的,需要拿着下面的令牌来加入You can now join any number of machines by running the following on each nodeas root:  kubeadm join 172.16.1.100:6443 --token as5gwu.ktojf6cueg0doexi --discovery-token-ca-cert-hash sha256:399a7de763b95e52084d7bd4cad71dc8fa1bf6dd453b02743d445eee59252cc5
[root@k8s-master chenzx]# docker imagesREPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZEk8s.gcr.io/kube-proxy-amd64                v1.11.1             d5c25579d0ff        7 weeks ago         97.8MBk8s.gcr.io/kube-apiserver-amd64            v1.11.1             816332bd9d11        7 weeks ago         187MBk8s.gcr.io/kube-controller-manager-amd64   v1.11.1             52096ee87d0e        7 weeks ago         155MBk8s.gcr.io/kube-scheduler-amd64            v1.11.1             272b3a60cd68        7 weeks ago         56.8MBk8s.gcr.io/coredns                         1.1.3               b3b94275d97c        3 months ago        45.6MBk8s.gcr.io/etcd-amd64                      3.2.18              b8df3b177be2        4 months ago        219MBk8s.gcr.io/pause                           3.1                 da86e6ba6ca1        8 months ago        742kB

说明:pause可以做一个容器,这个容器不用启动,pause可以使其他容器复制基础的网络和存储构件。

如果安装出错了,可以执行kubeadm reset命令进行重置,再重新执行kubeadm init...命令

注意:上面初始化中输出的kubeadm join 172.16.1.100:6443 --token.....这句话,一定要粘贴到记事本保存好,因为以后要使用这个命令把node加入集群,并且该命令无法复现,切记切记!!!

[root@k8s-master chenzx]#  mkdir -p $HOME/.kube[root@k8s-master chenzx]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

6、在nodes节点上安装k8s包(所有nodes节点上执行)

 yum -y install docker-ce kubelet kubeadm (node上执行,nodes上可以不安装kubectl)

7、查看状态信息(在master上)

查看组件信息:

[root@k8s-master chenzx]# kubectl get cs NAME                 STATUS    MESSAGE              ERRORscheduler            Healthy   ok                   controller-manager   Healthy   ok                   etcd-0               Healthy   {"health": "true"}

查看节点信息:

[root@k8s-master chenzx]# kubectl get nodesNAME         STATUS     ROLES     AGE       VERSIONk8s-master   NotReady   master    51m       v1.11.2

说明,:状态为NotReady,是因为还缺flannel组件,没有这个组件是没法设置网络的。

8、安装flannel网络组件(master上执行)

下载地址:https://github.com/coreos/flannel

安装flannel:[root@k8s-master chenzx]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看当前master节点上kube-system名称空间里运行的所有pod状态:

[root@k8s-master chenzx]# kubectl  get pods -n kube-system  NAME                                 READY     STATUS              RESTARTS   AGEcoredns-78fcdf6894-6j6nt             0/1       Running   0          2hcoredns-78fcdf6894-pnmjj             0/1       Running   0          2hetcd-k8s-master                      1/1       Running             0          1hkube-apiserver-k8s-master            1/1       Running             0          1hkube-controller-manager-k8s-master   1/1       Running             0          1hkube-flannel-ds-amd64-txxw2          1/1       Running             0          1hkube-proxy-frkp9                     1/1       Running             0          2hkube-scheduler-k8s-master            1/1       Running             0          1h

另外,以上所有pod必须保证都是running状态的,如果哪个不是,可以通过类似如下命令查看为什么:

 kubectl dscrible pods  coredns-78fcdf6894-6j6nt   -n kube-system
查看flannel镜像:[root@k8s-master chenzx]# docker images quay.io/coreos/flannelREPOSITORY               TAG                 IMAGE ID            CREATED             SIZEquay.io/coreos/flannel   v0.10.0-amd64       f0fad859c909        7 months ago        44.6MB
查看nodes节点信息,看到status这回变成ready了[root@k8s-master chenzx]# kubectl get nodesNAME         STATUS    ROLES     AGE       VERSIONk8s-master   Ready     master    1h        v1.11.2

查看当前节点名称空间:

[root@k8s-master chenzx]# kubectl  get nsNAME          STATUS    AGEdefault       Active    3hkube-public   Active    3hkube-system   Active    3h

9、执行kubeadm join(在node1和node2上执行,表示加入集群中来)

该过程也会先检查先决条件是否满足需求,然后基于域共享的令牌认证方式完成master节点的认证,并完成本地的pod的资源安装,包含以addons方法部署的kubbe-proxy、DNS。

1)在node1和node2上修改配置文件并启动服务:

[root@k8s-master chenzx]# vim /usr/lib/systemd/system/docker.service

[Service]Environment="HTTPS_PROXY=http://www.ik8s.io:10080"Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"

[root@k8s-master chenzx]# vim /etc/sysconfig/kubelet

#指定额外的初始化信息KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@k8s-node1 chenzx]# systemctl daemon-reload[root@k8s-node1 chenzx]# systemctl start docker[root@k8s-node1 chenzx]# systemctl enable docker [root@k8s-node1 chenzx]# systemctl enable kubelet

[root@k8s-node1 chenzx]# docker info

HTTPS Proxy: http://www.ik8s.io:10080No Proxy: 127.0.0.0/8,172.16.0.0/16

[root@k8s-node1 chenzx]# kubeadm join 172.16.1.100:6443 --token as5gwu.ktojf6cueg0doexi --discovery-token-ca-cert-hash sha256:399a7de763b95e52084d7bd4cad71dc8fa1bf6dd453b02743d445eee59252cc5 --ignore-preflight-errors=Swap (注意:这个命令是在kubeadm init初始化中得到的)

[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node1" as an annotationThis node has joined the cluster:* Certificate signing request was sent to master and a response  was received.* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the master to see this node join the cluster.

[root@k8s-node1 chenzx]# docker images

REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZEk8s.gcr.io/kube-proxy-amd64   v1.11.1             d5c25579d0ff        7 weeks ago         97.8MBquay.io/coreos/flannel        v0.10.0-amd64       f0fad859c909        7 months ago        44.6MBk8s.gcr.io/pause              3.1                 da86e6ba6ca1        8 months ago        742kB

[root@k8s-master chenzx]# kubectl get nodes (master上看)

NAME         STATUS    ROLES     AGE       VERSIONk8s-master   Ready     master    4h        v1.11.2k8s-node1    Ready         55m       v1.11.2

[root@k8s-master chenzx]# kubectl get pods -n kube-system -o wide (master上看)

NAME                                 READY     STATUS              RESTARTS   AGE       IP             NODEcoredns-78fcdf6894-6j6nt             0/1       Running   0          4h                 k8s-mastercoredns-78fcdf6894-pnmjj             0/1       Running   0          4h                 k8s-masteretcd-k8s-master                      1/1       Running             0          3h        172.16.1.100   k8s-masterkube-apiserver-k8s-master            1/1       Running             0          3h        172.16.1.100   k8s-masterkube-controller-manager-k8s-master   1/1       Running             0          3h        172.16.1.100   k8s-masterkube-flannel-ds-amd64-87tqv          1/1       Running             0          57m       172.16.1.101   k8s-node1kube-flannel-ds-amd64-txxw2          1/1       Running             0          3h        172.16.1.100   k8s-masterkube-proxy-2rf4m                     1/1       Running             0          57m       172.16.1.101   k8s-node1kube-proxy-frkp9                     1/1       Running             0          4h        172.16.1.100   k8s-masterkube-scheduler-k8s-master            1/1       Running             0          3h        172.16.1.100   k8s-master

以上命令在node2上也执行一遍。

此时已经完成k8s的安装。

感谢各位的阅读!关于"docker中如何初始化k8s集群"这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!

0