1、Kubernetes(k8s)架构图,如下所示:
1)、etcd的官方将它定位成一个可信赖的分布式键值存储服务,它能够为整个分布式集群存储一些关键数据,协助分布式集群的正常运转。键值对数据库,存储k8s集群的所有重要信息,重要信息是进行持久化的信息。 2)、etcd作为持久化方案,etcd STORAGE存储有两个版本,v2版本是基于Memory内存的,数据存储到内存中,v3版本是基于Database,引入本地卷的持久化操作,关机不会操作数据的损坏。推荐在k8s集群中使用Etcd v3,v2版本已在k8s v1.11中弃用。 3)、master服务器,领导者,包含scheduler调度器、replication controller简称rc,控制器、api server是主服务器。 4)、scheduler调度器,任务过来以后通过调度器分散到不同的node节点里面,注意,scheduler调度器将任务交给api server,api server将任务写入到etcd,scheduler调度器并不会和etch直接进行交互。负责接收任务,选择合适的节点进行分配任务。 5)、replication controller简称rc,控制器,它们就是维护副本的数目,维护我们的期望值,维护副本的数目也就是创建相应的pod,删除相应的pod。维护副本期望数目。 6)、api server是主服务器里面一切服务访问的入口,api server非常繁忙的,为了减轻其压力,每个组件可以在本地生成一定的缓存。所有服务访问统一入口。 7)、node节点,执行者。包含 Kubelet、Kube proxy、container。node节点需要安装三个软件Kubelet、Kube proxy、Docker(或者其他容器引擎)。 8)、Kubelet组件会和CRI(container Runtime Interface)这里就是Docker的表现形式,Kubelet和Docker进行交互操作Docker创建对应的容器,Kubelet维持我们的Pod的声明周期。直接跟容器引擎交互实现容器的生命周期管理。 9)、Kube proxy组件可以完成负载的操作,怎么实现Pod与Pod之间的访问,包括负载均衡,需要借助Kube proxy,它的默认操作对象是操作防火墙去实现这里的映射,新版本还支持IPVS(LVS组件)。负责写入规则至iptables、ipvs实现服务映射访问的。
2、其他插件说明,如下所示:
1)、CoreDNS:可以为集群中的SVC创建一个域名IP的对应关系解析。 2)、Dashboard:给 K8S 集群提供一个 B/S 结构访问体系。 3)、Ingress Controller:官方只能实现四层代理,INGRESS 可以实现七层代理。 4)、Federation:提供一个可以跨集群中心多K8S统一管理功能。 5)、Prometheus:提供K8S集群的监控能力。 6)、Elk:提供 K8S 集群日志统一分析介入平台。
3、ETCD的架构图,如下所示:
4、Pod的分类,根据是否自主式进行分类。
1)、自主式Pod(即不是被控制器管理的Pod),一旦死亡就不会被拉起来,也不会重启,Pod死亡之后副本数达不到期望值了,也不会有新的Pod创建满足它的期望值,这些都是自主式Pod的缺憾。 2)、控制器管理的Pod(被控制器管理的Pod)。
5、Pod与容器的理解?
答:定义一个Pod,它会先启动第一个容器Pause,只要运行了这个Pod,这个容器Pause就会被启动,只要是有Pod,这个容器Pause就要被启动。一个Pod里面可以有很多个容器,如果此Pod有两个容器,这两个容器会共用Pause的网络栈,共用Pause的存储卷。共用Pause的网络栈意味着这两个容器没有独立的ip地址,有的都是这个Pod的地址或者是Pause的地址,但是这两个尾根隔离,但是进程不隔离,互相访问可以使用localhost进行互访,这就意味着同一个Pod内容器之间的端口不能冲突。共用Pause的存储卷,两个容器可以共享Pause的存储,在同一个Pod内既共享网络,又共享存储卷。 6、Pod的控制器类型。
1)、ReplicationController & ReplicaSet & Deployment 这是三种控制器。
1.1)、ReplicationController用来确保容器应用的副本数时终保持在用户定义的副本数,即如果有容器异常退出,会自动创建新的Pod来替代。而如果异常多出来的容器也会自动回收。在新版本的Kubernetes中建议使用RepliaSet来取代ReplicationControlle。 1.2)、ReplicaSet跟ReplicationController没有本质的不同,只是名字不一样,并且ReplicaSet支持集合式的selector。ReplicaSet比ReplicationController更有意义,在最新版本中官方全部采用ReplicaSet。虽然ReplicaSet可以独立使用,但是一般还是建议使用Deployment来自动管理ReplicaSet,这样就无需担心跟其他机制的不兼容问题(比如ReplicaSet不支持rolling-update滚动更新,但Deployment支持rolling-update滚动更新) 1.3)、Deployment为Pod和ReplicaSet提供了一个声明式定义(declarative)方法。用来替代以前的ReplicationController来方便的管理应用。典型的应用场景包括,定义Deployment来创建Pod和ReplicaSet、滚动升级和回滚应用、扩容和缩容、暂停和继续Deployment。
2)、HPA(HorizontalPodAutoScale),Horizontal Pod Autoscaling仅适用于Deployment和ReplicaSet,在V1版本中仅支持根据Pod的Cpu利用率扩缩容,在v1alpha版本中,支持根据内容和用户自定义的metric扩缩容。
3)、StatefullSet是为了解决有状态服务的问题(对应Deployments和ReplicaSets是为无状态服务而设计),其应用场景包括。
3.1)、稳定的持久化存储,即Pod重新调度后还是能访问到相同的持久化数据,基于PVC来实现。 3.2)、稳定的网络标志,即Pod重新调度后其PodName和HostName不变,基于Headless Service(即没有Cluster IP的Service)来实现。 3.3)、有序部署,有序扩展,即Pod是有顺序的,在部署或者扩展的时候要依据定义的顺序依次进行(即从0到N-1,在下一个Pod运行所有之前的Pod必须都是Running和Ready状态),基于init containers来实现。 3.4)、有序收缩,有序删除(即从N-1到0)。
4)、DaemonSet确保全部(或者一些)Node上运行一个Pod的副本。当有Node加入集群的时候,也会为它们新增一个Pod,当有Node从集群移除的时候,这些Pod也会被回收。删除DaemonSet将会删除它创建的所有Pod。使用DaemonSet的一些典型用法。
4.1)、运行集群存储daemon,例如在每个Node上运行glusterd、ceph。 4.2)、在每个Node上运行日志收集daemon,例如fluentd、logstash。 4.3)、在每个Node上运行监控daemon,例如Prometheus Node Exporter。
5)、Job,Cronjob,Job负责批处理任务,即仅执行一次的任务,它保证批处理任务的一个或者多个Pod成功结束。Cron Job管理基于时间的Job,即:
5.1)、在给定时间点只运行一次。 5.2)、周期性地在给定时间点运行。
7、服务发现。
答:客户端想要访问一组Pod,如果Pod是不相关地话,是不可以通过service进行统一代理的,一组Pod必须要具有相关性,比如是同一个Deployment 创建的,或者拥有同一组标签的,就可以被service所收集到,service收集到Pod是通过标签收集到的,收集到之后service会有自己的ip地址和端口号,客户端就可以访问service的ip地址和端口号,就间接的访问到了对应的Pod,这里面有一个RR轮询算法存在的。
8、Kubernetes的网络通讯模式。
答:1)、Kubernetes的网络模型假定了所有Pod都在一个可以直接连通的扁平的网络空间中,这在GCE(Google Compute Engine)里面是现成的网络模型,Kubernetes假定这个网络已经存在。而在私有云里面搭建Kubernetes集群,就不能假定这个网络已经存在了。我们需要自己实现这个网络假设,将不同节点上的Docker容器之间的互相访问先打通,然后运行Kubernetes。
2)、同一个Pod内的多个容器之间:IO。同一个Pod内的多个容器之间互相访问是通过(只要是同一个Pod,就会共用我们的Pause容器的网络栈)Pause容器网络栈的网卡IO,通过localhost的方式就可以进行访问。
3)、各个Pod之间的通讯:Overlay Network全覆盖网络。
4)、Pod与Service之间的通讯:各节点的Iptables规则。在最新版本中加入了LVS,转发效率会更高,上限也会更高。
9、网络解决方案Kubernetes Flannel。
答:Flannel是CoreOS团队针对Kubernetes设计的一个网络规划服务,简单来说,它的功能是让集群中的不同节点主机创建的Docker容器都具有全集群唯一的虚拟IP地址。而且它还能在这些IP地址之间建立一个覆盖网络(Overlay Network),通过这个覆盖网络,将数据包原封不动地传递到目标容器内。
解释说明,如下所示:
1)、上图是两台大主机,物理机,192.168.66.11、192.168.66.12。 2)、运行了四个Pod,分别是Web app1、Web app2、Web app3、Backend前端组件。 3)、外部访问到Backend,然后经过自己的网关去处理,把什么样的请求分配到什么样的服务上。所以要了解Web app2与Backend如何进行通讯、Web app3与Backend如何进行通讯。 4)、首先,在真实的Node服务器上面,会安装一个Flanneld守护进程,这个进程监听一个端口,这个端口就是用于后期转发数据包以及接收数据包的端口。Flanneld守护进程一旦启动就会启动一个Flannel0网桥,这个网桥专门用于收集Docker0转发出来的数据报文,可以理解Flannel0网桥就是一个钩子函数,强行获取数据报文。Docker0会分配自己ip到对应的Pod上,如果是同一台主机两个不同Pod进行访问的话,其实走的是Docker0的网桥,因为它们都是在同一个网桥下面的两个不同子网ip地址。 5)、难点是如何通过跨主机,还能通过对方的ip直接到达。此时,如果将Web app2这个Pod的数据包发送到Backend前端组件,源地址要填写10.1.15.2/24,目标地址要填写10.1.20.3/24,由于目标地址和源地址是不同的网段,此时源地址将数据包发送到网关Docker0,Docker0上面会有钩子函数,将数据包抓取到Flannel0,此时Flannel0里面有一堆的路由表记录,是从etcd里面获取到的,写入到当前的主机里面,判断到底路由到那台机器,由于Flannel0是Flanneld开启的网桥,此时数据包到了Flanneld,到了Flanneld之后会对数据包进行封装,通过mac封装、udp封装、payload封装,然后转发到192.168.66.12,目标端口就是Flanneld的端口。 6)、此时数据包会被Flanneld所截获,截获之后进行拆封,拆封完之后转发到Flannel0,Flannel0转发到Docker0,Docker0会路由到Backend端,并且从源地址出来的数据包是经过二次解封的,目标地址的Docker0是看不到第一层的信息的,它看到的是第二层的信息,此时就可以实现跨主机的扁平化网络。
10、上图的架构图,可以分析为,如下所示的访问过程。
11、ETCD之Flannel提供说明。ETCD之与Flannel如何进行关联的。
答:1)、存储管理Flannel可分配地IP地址段资源。
2)、监控ETCD中每个Pod地实际地址,并在内存中建立维护Pod节点路由表。
12、不同情况下网络通信方式。
1)、同一个Pod内部通讯,同一个Pod共享同一个网络命名空间,共享同一个Linux协议栈,可以通过localhost进行互访。 2)、Pod1至Pod2的两种方式,在同一台机器,不在同一台机器。
a、第一种,Pod1与Pod2不在同一台主机,Pod地地址是与docker0在同一个网段地但是docker0网段与宿主机网卡是两个完全不同地IP网段,并且不同Node之间的通信只能通过宿主机的物理网卡进行。将Pod的Ip和所在Node的IP关联起来,通过这个关联让Pod可以互相访问。
b、第二种,Pod1与Pod2在同一台机器,由Docker0网桥直接转发请求至Pod2,不需要经过Flannel。直接通过网桥在本机之间完成转换。
3)、Pod至Service的网络,目前基于性能考虑,全部为iptables维护和转发。注意,最新版的可以改为LVS模式,通过LVS进行转发和维护,效率更加高。
4)、Pod到外网,Pod向外网发送请求,查找路由表,转发数据包到宿主机的网卡,宿主网卡完成路由选择后,iptables执行Masquerade,把源IP更改为宿主网卡的IP,然后向外网服务器发送请求。即如果Pod里面的容器想要上网,直接通过SNAT动态转换来完成上网行为。
5)、外网访问Pod,Service,借助Service的NodPod方式才可以进行所谓的访问集群内部。
13、组件通讯示意图,如下所示:
答:k8s里面有三层网络,包含节点网络、Pod网络、Service网络。
注意:真实地物理网络只有节点网络这一个,构建服务器的时候只需要一张网卡就可以实现,也可以有多个网卡,Pod网络、Service网络是虚拟网络,可以将它两个理解为内部网络。
如果想要访问Service网络的时候,需要在Service网络中进行访问,Service再和后端的Pod进行访问,通过Iptables或者LVS转换进行访问。
14、什么是Kubernetes?
答:Kubernetes是谷歌公司开源的一个容器管理平台。Kubernetes就是将Borg项目最精华的部分提取出来,使现在的开发者能够更简单、直接的去应用它。
15、Kubernetes的核心功能?
答:自我修复、服务发现和负载均衡、自动部署和回滚、弹性伸缩。
16、Kubernetes核心组件。
答:1)、ectd,保存了整个集群的状态。 2)、apiserver,提供了资源操作的唯一入口,并提供认证、授权、访问控制、Api注册和发现等机制。 3)、controller manager,负责维护集群的状态,比如故障检测,自动扩展,滚动更新等等。 4)、scheduler,负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上。 5)、kubelet,负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理。 6)、Container runtime,负责镜像管理以及Pod和容器的真正运行(CRI)。 7)、Kube-proxy,负责为Service提供cluster内部的服务发现和负载均衡。
17、Kubernetes扩展组件。
答:1)、kube-dns,负责为整个集群提供DNS服务。 2)、ingress Controller为服务提供外网入口。 3)、Heapster,提供资源监控。 4)、Dashboard,提供GUI。 5)、Federation,提供跨可用区的集群。 6)、Fluentd-elasticasearch,提供集群日志采集、存储与查询。
18、Kubernetes架构图,如下所示:
1、Kubernetes(k8s)集群安装。
首先,查看CentOS7内核版本及发行版本。我这里使用的是CentOS Linux release 7.6.1810 (Core)、内核版本Linux 3.10.0-957.el7.x86_64。
代码语言:javascript复制 1 -- 查看内核版本,方式一
2 [root@slaver4 ~]# uname -sr
3 Linux 3.10.0-957.el7.x86_64
4 [root@slaver4 ~]#
5
6 -- 查看内核版本,方式二
7 [root@slaver4 ~]# uname -a
8 Linux slaver4 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
9 [root@slaver4 ~]#
10
11 -- 查看内核版本,方式三
12 [root@slaver4 ~]# cat /proc/version
13 Linux version 3.10.0-957.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Thu Nov 8 23:39:32 UTC 2018
14 [root@slaver4 ~]#
15
16
17
18 -- 查看发行版本,适用于所有linux发行版本
19 [root@slaver4 ~]# yum install -y redhat-lsb-core
20 Loaded plugins: fastestmirror, langpacks
21 Loading mirror speeds from cached hostfile
22 * base: mirrors.tuna.tsinghua.edu.cn
23 * extras: mirrors.tuna.tsinghua.edu.cn
24 * updates: mirrors.tuna.tsinghua.edu.cn
25 base | 3.6 kB 00:00:00
26 extras | 2.9 kB 00:00:00
27 updates | 2.9 kB 00:00:00
28 updates/7/x86_64/primary_db | 2.1 MB 00:00:00
29 Resolving Dependencies
30 --> Running transaction check
31 ---> Package redhat-lsb-core.x86_64 0:4.1-27.el7.centos.1 will be installed
32 --> Processing Dependency: redhat-lsb-submod-security(x86-64) = 4.1-27.el7.centos.1 for package: redhat-lsb-core-4.1-27.el7.centos.1.x86_64
33 --> Processing Dependency: spax for package: redhat-lsb-core-4.1-27.el7.centos.1.x86_64
34 --> Processing Dependency: /usr/bin/patch for package: redhat-lsb-core-4.1-27.el7.centos.1.x86_64
35 --> Processing Dependency: /usr/bin/m4 for package: redhat-lsb-core-4.1-27.el7.centos.1.x86_64
36 --> Running transaction check
37 ---> Package m4.x86_64 0:1.4.16-10.el7 will be installed
38 ---> Package patch.x86_64 0:2.7.1-12.el7_7 will be installed
39 ---> Package redhat-lsb-submod-security.x86_64 0:4.1-27.el7.centos.1 will be installed
40 ---> Package spax.x86_64 0:1.5.2-13.el7 will be installed
41 --> Finished Dependency Resolution
42
43 Dependencies Resolved
44
45 ============================================================================================================
46 Package Arch Version Repository Size
47 ============================================================================================================
48 Installing:
49 redhat-lsb-core x86_64 4.1-27.el7.centos.1 base 38 k
50 Installing for dependencies:
51 m4 x86_64 1.4.16-10.el7 base 256 k
52 patch x86_64 2.7.1-12.el7_7 base 111 k
53 redhat-lsb-submod-security x86_64 4.1-27.el7.centos.1 base 15 k
54 spax x86_64 1.5.2-13.el7 base 260 k
55
56 Transaction Summary
57 ============================================================================================================
58 Install 1 Package ( 4 Dependent packages)
59
60 Total download size: 679 k
61 Installed size: 1.3 M
62 Downloading packages:
63 (1/5): patch-2.7.1-12.el7_7.x86_64.rpm | 111 kB 00:00:00
64 (2/5): redhat-lsb-core-4.1-27.el7.centos.1.x86_64.rpm | 38 kB 00:00:00
65 (3/5): redhat-lsb-submod-security-4.1-27.el7.centos.1.x86_64.rpm | 15 kB 00:00:00
66 (4/5): m4-1.4.16-10.el7.x86_64.rpm | 256 kB 00:00:00
67 (5/5): spax-1.5.2-13.el7.x86_64.rpm | 260 kB 00:00:00
68 ------------------------------------------------------------------------------------------------------------
69 Total 1.5 MB/s | 679 kB 00:00:00
70 Running transaction check
71 Running transaction test
72 Transaction test succeeded
73 Running transaction
74 Warning: RPMDB altered outside of yum.
75 Installing : spax-1.5.2-13.el7.x86_64 1/5
76 Installing : redhat-lsb-submod-security-4.1-27.el7.centos.1.x86_64 2/5
77 Installing : m4-1.4.16-10.el7.x86_64 3/5
78 Installing : patch-2.7.1-12.el7_7.x86_64 4/5
79 Installing : redhat-lsb-core-4.1-27.el7.centos.1.x86_64 5/5
80 Verifying : patch-2.7.1-12.el7_7.x86_64 1/5
81 Verifying : m4-1.4.16-10.el7.x86_64 2/5
82 Verifying : redhat-lsb-submod-security-4.1-27.el7.centos.1.x86_64 3/5
83 Verifying : spax-1.5.2-13.el7.x86_64 4/5
84 Verifying : redhat-lsb-core-4.1-27.el7.centos.1.x86_64 5/5
85
86 Installed:
87 redhat-lsb-core.x86_64 0:4.1-27.el7.centos.1
88
89 Dependency Installed:
90 m4.x86_64 0:1.4.16-10.el7 patch.x86_64 0:2.7.1-12.el7_7
91 redhat-lsb-submod-security.x86_64 0:4.1-27.el7.centos.1 spax.x86_64 0:1.5.2-13.el7
92
93 Complete!
94 [root@slaver4 ~]# lsb_release -a
95 LSB Version: :core-4.1-amd64:core-4.1-noarch
96 Distributor ID: CentOS
97 Description: CentOS Linux release 7.6.1810 (Core)
98 Release: 7.6.1810
99 Codename: Core
100 [root@slaver4 ~]# cat /etc/redhat-release
101 CentOS Linux release 7.6.1810 (Core)
102 [root@slaver4 ~]#
103
104
105 -- 仅适用于redhat系列linux
106 [root@slaver4 ~]# cat /etc/redhat-release
107 CentOS Linux release 7.6.1810 (Core)
108 [root@slaver4 ~]# 网卡模式使用的VMnet8(NAT模式),三台虚拟机。
代码语言:javascript复制1 192.168.110.133 2G内存 一个处理器,每个处理器的核心数量为2
2 192.168.110.134 2G内存 一个处理器,每个处理器的核心数量为2
3 192.168.110.135 2G内存 一个处理器,每个处理器的核心数量为2首先,由于我电脑资源有限,这里先使用三台机器,一个机器作为Master、Node、另外两台机器作为两个Node节点即可,分配如下所示:
主机名称 | ip地址 | 角色 | 组件 |
|---|---|---|---|
k8s-master | 192.168.110.133 | Master、Node | etcd、api-server、controller-manager、scheduler、kubelet、kube-proxy。 |
k8s-node2 | 192.168.110.134 | Node | kubelet、kube-proxy、docker。 |
k8s-node3 | 192.168.110.135 | Node | kubelet、kube-proxy、docker。 |
备注:Node节点安装的时候会自动安装好docker,Master节点和Node节点在一台机器上面,只要将kubelet、kube-proxy组件安装到Master节点即可。即完成了一个Master节点,三个Node节点。
2、按照自己的规定,修改主机名,分别为k8s-master、k8s-node2、k8s-node3。
代码语言:javascript复制1 [root@slaver4 ~]# vim /etc/hostname可以使用hostname master立即生效,不用重启机器。修改之后,重连Xshell即可,显示效果。
3、开始修改域名和主机名对应关系,做好host解析,如下所示:
[root@k8s-master ~]# vim /etc/hosts
代码语言:javascript复制1 192.168.110.133 k8s-master
2 192.168.110.134 k8s-node2
3 192.168.110.135 k8s-node3修改之后,可以ping一下修改的主机名,看看是否可以ping通。
[root@k8s-master ~]# ping k8s-node2
[root@k8s-master ~]# ping k8s-node3
3、关闭防火墙,如下所示:
代码语言:javascript复制1 [root@k8s-master ~]# systemctl stop firewalld
2 [root@k8s-master ~]# systemctl disable firewalld4、在k8s-master这个Master节点安装etcd服务,etcd服务相当于是一个数据库。
代码语言:javascript复制 1 [root@k8s-master ~]# yum install etcd -y
2 Loaded plugins: fastestmirror, langpacks
3 Loading mirror speeds from cached hostfile
4 * base: mirrors.tuna.tsinghua.edu.cn
5 * extras: mirrors.tuna.tsinghua.edu.cn
6 * updates: mirrors.tuna.tsinghua.edu.cn
7 base | 3.6 kB 00:00:00
8 extras | 2.9 kB 00:00:00
9 updates | 2.9 kB 00:00:00
10 Resolving Dependencies
11 --> Running transaction check
12 ---> Package etcd.x86_64 0:3.3.11-2.el7.centos will be installed
13 --> Finished Dependency Resolution
14
15 Dependencies Resolved
16
17 ============================================================================================================
18 Package Arch Version Repository Size
19 ============================================================================================================
20 Installing:
21 etcd x86_64 3.3.11-2.el7.centos extras 10 M
22
23 Transaction Summary
24 ============================================================================================================
25 Install 1 Package
26
27 Total download size: 10 M
28 Installed size: 45 M
29 Downloading packages:
30 etcd-3.3.11-2.el7.centos.x86_64.rpm | 10 MB 00:00:04
31 Running transaction check
32 Running transaction test
33 Transaction test succeeded
34 Running transaction
35 Installing : etcd-3.3.11-2.el7.centos.x86_64 1/1
36 Verifying : etcd-3.3.11-2.el7.centos.x86_64 1/1
37
38 Installed:
39 etcd.x86_64 0:3.3.11-2.el7.centos
40
41 Complete!
42 [root@k8s-master ~]# 开始配置etcd,由于etcd原生支持做集群的。
[root@k8s-master ~]# vim /etc/etcd/etcd.conf
1 #[Member]
2 #ETCD_CORS=""
3 # 数据存在于那个目录
4 ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
5 #ETCD_WAL_DIR=""
6 #ETCD_LISTEN_PEER_URLS="http://localhost:2380"
7 # 监听的地址,可以将localhost改为0.0.0.0,这样远端也可以访问,本地也可以访问,本地访问默认使用127.0.0.1进行访问。
8 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
9 #ETCD_MAX_SNAPSHOTS="5"
10 #ETCD_MAX_WALS="5"
11 # 节点的名称,不配置集群没有什么作用,配置集群必须不一样。
12 ETCD_NAME="default"
13 #ETCD_SNAPSHOT_COUNT="100000"
14 #ETCD_HEARTBEAT_INTERVAL="100"
15 #ETCD_ELECTION_TIMEOUT="1000"
16 #ETCD_QUOTA_BACKEND_BYTES="0"
17 #ETCD_MAX_REQUEST_BYTES="1572864"
18 #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
19 #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
20 #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
21 #
22 #[Clustering]
23 #ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
24 # 如果配置了集群,集群里面的ip地址。将localhost改为192.168.110.133。
25 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.110.133:2379"
26 #ETCD_DISCOVERY=""
27 #ETCD_DISCOVERY_FALLBACK="proxy"
28 #ETCD_DISCOVERY_PROXY=""
29 #ETCD_DISCOVERY_SRV=""
30 #ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
31 #ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
32 #ETCD_INITIAL_CLUSTER_STATE="new"
33 #ETCD_STRICT_RECONFIG_CHECK="true"
34 #ETCD_ENABLE_V2="true"
35 #
36 #[Proxy]
37 #ETCD_PROXY="off"
38 #ETCD_PROXY_FAILURE_WAIT="5000"
39 #ETCD_PROXY_REFRESH_INTERVAL="30000"
40 #ETCD_PROXY_DIAL_TIMEOUT="1000"
41 #ETCD_PROXY_WRITE_TIMEOUT="5000"
42 #ETCD_PROXY_READ_TIMEOUT="0"
43 #
44 #[Security]
45 #ETCD_CERT_FILE=""
46 #ETCD_KEY_FILE=""
47 #ETCD_CLIENT_CERT_AUTH="false"
48 #ETCD_TRUSTED_CA_FILE=""
49 #ETCD_AUTO_TLS="false"
50 #ETCD_PEER_CERT_FILE=""
51 #ETCD_PEER_KEY_FILE=""
52 #ETCD_PEER_CLIENT_CERT_AUTH="false"
53 #ETCD_PEER_TRUSTED_CA_FILE=""
54 #ETCD_PEER_AUTO_TLS="false"
55 #
56 #[Logging]
57 #ETCD_DEBUG="false"
58 #ETCD_LOG_PACKAGE_LEVELS=""
59 #ETCD_LOG_OUTPUT="default"
60 #
61 #[Unsafe]
62 #ETCD_FORCE_NEW_CLUSTER="false"
63 #
64 #[Version]
65 #ETCD_VERSION="false"
66 #ETCD_AUTO_COMPACTION_RETENTION="0"
67 #
68 #[Profiling]
69 #ETCD_ENABLE_PPROF="false"
70 #ETCD_METRICS="basic"
71 #
72 #[Auth]
73 #ETCD_AUTH_TOKEN="simple"启动etcd,命令如下所示:
代码语言:javascript复制[root@k8s-master ~]# systemctl start etcd
[root@k8s-master ~]# 设置为将etch开机自启动,如下所示:
代码语言:javascript复制1 [root@k8s-master ~]# systemctl enable etcd
2 Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
3 [root@k8s-master ~]# 可以使用netstat -lntup命令查看监听的端口号,如果etcd启动之后会监听两个端口,一个是2379,刚才设置为0.0.0.0地址,所以会监听任意的2379,还有一个会监听127.0.0.1:2380。2379是对外提供服务用的,k8s向etcd写数据,使用的是2379端口,etcd集群之间相互数据同步使用的是2380端口。
具体操作,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# netstat -lntup
2 Active Internet connections (only servers)
3 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
4 tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 8797/etcd
5 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
6 tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 7071/X
7 tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 7235/dnsmasq
8 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6750/sshd
9 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6748/cupsd
10 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7200/master
11 tcp6 0 0 :::3306 :::* LISTEN 7599/mysqld
12 tcp6 0 0 :::2379 :::* LISTEN 8797/etcd
13 tcp6 0 0 :::111 :::* LISTEN 1/systemd
14 tcp6 0 0 :::6000 :::* LISTEN 7071/X
15 tcp6 0 0 :::22 :::* LISTEN 6750/sshd
16 tcp6 0 0 ::1:631 :::* LISTEN 6748/cupsd
17 tcp6 0 0 ::1:25 :::* LISTEN 7200/master
18 udp 0 0 0.0.0.0:1018 0.0.0.0:* 6357/rpcbind
19 udp 0 0 192.168.122.1:53 0.0.0.0:* 7235/dnsmasq
20 udp 0 0 0.0.0.0:67 0.0.0.0:* 7235/dnsmasq
21 udp 0 0 0.0.0.0:56403 0.0.0.0:* 6368/avahi-daemon:
22 udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
23 udp 0 0 0.0.0.0:5353 0.0.0.0:* 6368/avahi-daemon:
24 udp6 0 0 :::1018 :::* 6357/rpcbind
25 udp6 0 0 :::111 :::* 1/systemd
26 [root@k8s-master ~]# 可以使用systemctl stop etcd.service停止etcd,然后使用netstat -lntup查看监听的端口号,再启动etcd进行观察。
代码语言:javascript复制 1 [root@k8s-master ~]# systemctl stop etcd.service
2 [root@k8s-master ~]# netstat -lntup
3 Active Internet connections (only servers)
4 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
5 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
6 tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 7071/X
7 tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 7235/dnsmasq
8 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6750/sshd
9 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6748/cupsd
10 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7200/master
11 tcp6 0 0 :::3306 :::* LISTEN 7599/mysqld
12 tcp6 0 0 :::111 :::* LISTEN 1/systemd
13 tcp6 0 0 :::6000 :::* LISTEN 7071/X
14 tcp6 0 0 :::22 :::* LISTEN 6750/sshd
15 tcp6 0 0 ::1:631 :::* LISTEN 6748/cupsd
16 tcp6 0 0 ::1:25 :::* LISTEN 7200/master
17 udp 0 0 0.0.0.0:1018 0.0.0.0:* 6357/rpcbind
18 udp 0 0 192.168.122.1:53 0.0.0.0:* 7235/dnsmasq
19 udp 0 0 0.0.0.0:67 0.0.0.0:* 7235/dnsmasq
20 udp 0 0 0.0.0.0:56403 0.0.0.0:* 6368/avahi-daemon:
21 udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
22 udp 0 0 0.0.0.0:5353 0.0.0.0:* 6368/avahi-daemon:
23 udp6 0 0 :::1018 :::* 6357/rpcbind
24 udp6 0 0 :::111 :::* 1/systemd
25 [root@k8s-master ~]# systemctl start etcd.service
26 [root@k8s-master ~]# netstat -lntup
27 Active Internet connections (only servers)
28 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
29 tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 9055/etcd
30 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
31 tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 7071/X
32 tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 7235/dnsmasq
33 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6750/sshd
34 tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6748/cupsd
35 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7200/master
36 tcp6 0 0 :::3306 :::* LISTEN 7599/mysqld
37 tcp6 0 0 :::2379 :::* LISTEN 9055/etcd
38 tcp6 0 0 :::111 :::* LISTEN 1/systemd
39 tcp6 0 0 :::6000 :::* LISTEN 7071/X
40 tcp6 0 0 :::22 :::* LISTEN 6750/sshd
41 tcp6 0 0 ::1:631 :::* LISTEN 6748/cupsd
42 tcp6 0 0 ::1:25 :::* LISTEN 7200/master
43 udp 0 0 0.0.0.0:1018 0.0.0.0:* 6357/rpcbind
44 udp 0 0 192.168.122.1:53 0.0.0.0:* 7235/dnsmasq
45 udp 0 0 0.0.0.0:67 0.0.0.0:* 7235/dnsmasq
46 udp 0 0 0.0.0.0:56403 0.0.0.0:* 6368/avahi-daemon:
47 udp 0 0 0.0.0.0:111 0.0.0.0:* 1/systemd
48 udp 0 0 0.0.0.0:5353 0.0.0.0:* 6368/avahi-daemon:
49 udp6 0 0 :::1018 :::* 6357/rpcbind
50 udp6 0 0 :::111 :::* 1/systemd
51 [root@k8s-master ~]# 可以使用etcd的命令进行测试,然后查看etcd集群的健康状态。
代码语言:javascript复制 1 [root@k8s-master ~]# etcdctl set testdir/testkey0 0
2 0
3 [root@k8s-master ~]# etcdctl get testdir/testkey0
4 0
5 [root@k8s-master ~]# etcdctl set testdir/testkey1 111
6 111
7 [root@k8s-master ~]# etcdctl get testdir/testkey1
8 111
9 [root@k8s-master ~]# etcdctl -C http://192.168.110.133:2379 cluster-health
10 4member 8e9e05c52164694d is healthy: got healthy result from http://192.168.110.133:2379
11 cluster is healthy
12 [root@k8s-master ~]# 5、安装Kubernetes(k8s)的master节点。
安装master的时候会安装一个kubernetes-client,这个kubernetes-client里面有kubectl这个命令。
代码语言:javascript复制 1 [root@k8s-master ~]# yum install kubernetes
2 kubernetes-client.x86_64 kubernetes-master.x86_64 kubernetes-node.x86_64 kubernetes.x86_64
3 [root@k8s-master ~]# yum install kubernetes
4 kubernetes-client.x86_64 kubernetes-master.x86_64 kubernetes-node.x86_64 kubernetes.x86_64
5 [root@k8s-master ~]# yum install kubernetes-master.x86_64 -y
6 Loaded plugins: fastestmirror, langpacks
7 Loading mirror speeds from cached hostfile
8 * base: mirrors.tuna.tsinghua.edu.cn
9 * extras: mirrors.tuna.tsinghua.edu.cn
10 * updates: mirrors.tuna.tsinghua.edu.cn
11 Resolving Dependencies
12 --> Running transaction check
13 ---> Package kubernetes-master.x86_64 0:1.5.2-0.7.git269f928.el7 will be installed
14 --> Processing Dependency: kubernetes-client = 1.5.2-0.7.git269f928.el7 for package: kubernetes-master-1.5.2-0.7.git269f928.el7.x86_64
15 --> Running transaction check
16 ---> Package kubernetes-client.x86_64 0:1.5.2-0.7.git269f928.el7 will be installed
17 --> Finished Dependency Resolution
18
19 Dependencies Resolved
20
21 =================================================================================================================================================================================================================
22 Package Arch Version Repository Size
23 =================================================================================================================================================================================================================
24 Installing:
25 kubernetes-master x86_64 1.5.2-0.7.git269f928.el7 extras 25 M
26 Installing for dependencies:
27 kubernetes-client x86_64 1.5.2-0.7.git269f928.el7 extras 14 M
28
29 Transaction Summary
30 =================================================================================================================================================================================================================
31 Install 1 Package ( 1 Dependent package)
32
33 Total download size: 39 M
34 Installed size: 224 M
35 Downloading packages:
36 (1/2): kubernetes-master-1.5.2-0.7.git269f928.el7.x86_64.rpm | 25 MB 00:00:14
37 (2/2): kubernetes-client-1.5.2-0.7.git269f928.el7.x86_64.rpm | 14 MB 00:00:19
38 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
39 Total 2.0 MB/s | 39 MB 00:00:19
40 Running transaction check
41 Running transaction test
42 Transaction test succeeded
43 Running transaction
44 Installing : kubernetes-client-1.5.2-0.7.git269f928.el7.x86_64 1/2
45 Installing : kubernetes-master-1.5.2-0.7.git269f928.el7.x86_64 2/2
46 Verifying : kubernetes-client-1.5.2-0.7.git269f928.el7.x86_64 1/2
47 Verifying : kubernetes-master-1.5.2-0.7.git269f928.el7.x86_64 2/2
48
49 Installed:
50 kubernetes-master.x86_64 0:1.5.2-0.7.git269f928.el7
51
52 Dependency Installed:
53 kubernetes-client.x86_64 0:1.5.2-0.7.git269f928.el7
54
55 Complete!
56 [root@k8s-master ~]# 主节点里面包含etcd、api-server、controller-manager、scheduler。刚才已经安装过了ectd,现在开始配置api-server,如下所示:
代码语言:javascript复制1 [root@k8s-master ~]# vim /etc/kubernetes/apiserver
具体配置,如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes system config
3 #
4 # The following values are used to configure the kube-apiserver
5 #
6
7 # The address on the local server to listen to.
8 # 首先要配置的api-server监听的地址,如果是仅本机可以访问,就配置为127.0.0.1,如果在其他地方想用k8s的客户端来访问,就需要监听0.0.0.0
9 KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
10
11 # The port on the local server to listen on.
12 # 监听端口,api-server的端口是8080,由于api-server是k8s的核心服务,很多时候,把安装了api-server服务的这台机器叫做k8s的Master节点。
13 KUBE_API_PORT="--port=8080"
14
15 # Port minions listen on
16 # minions是随从的意思,即Node的意思,这里是有三个Node节点的,Node节点它的端口启动Kubelet服务之后,需要监听10250,Master节点也是通过10250去访问Node节点。
17 # 需要在配置文件中进行协商,这里默认为10250。为了安全也可以改为其他端口。
18 KUBELET_PORT="--kubelet-port=10250"
19
20 # Comma separated list of nodes in the etcd cluster
21 # 连接到etcd,由于etcd在master节点上,所以将127.0.0.1改为192.168.110.133,etcd对外提供服务使用的2379端口。
22 KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.110.133:2379"
23
24 # Address range to use for services
25 KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
26
27 # default admission control policies
28 KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
29
30 # Add your own!
31 KUBE_API_ARGS=""现在开始配置controller-manager、scheduler,由于它们共用一个配置文件,如下所示:
代码语言:javascript复制1 [root@k8s-master ~]# vim /etc/kubernetes/config
具体配置,如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes system config
3 #
4 # The following values are used to configure various aspects of all
5 # kubernetes services, including
6 #
7 # kube-apiserver.service
8 # kube-controller-manager.service
9 # kube-scheduler.service
10 # kubelet.service
11 # kube-proxy.service
12 # logging to stderr means we get it in the systemd journal
13 KUBE_LOGTOSTDERR="--logtostderr=true"
14
15 # journal message level, 0 is debug
16 KUBE_LOG_LEVEL="--v=0"
17
18 # Should this cluster be allowed to run privileged docker containers
19 KUBE_ALLOW_PRIV="--allow-privileged=false"
20
21 # How the controller-manager, scheduler, and proxy find the apiserver
22 # controller-manager, scheduler, and proxy找到apiserver的地址,需要将127.0.0.1改为192.168.110.133。
23 # 注意参数名称KUBE_MASTER,由于将api-server安装到那台机器,那台机器就是master节点。
24 KUBE_MASTER="--master=http://192.168.110.133:8080"那么,现在开始启动api-server服务、启动controller-manager服务、启动scheduler服务。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl start kube-apiserver.service
2 [root@k8s-master ~]# systemctl start kube-controller-manager.service
3 [root@k8s-master ~]# systemctl start kube-scheduler.service
4 [root@k8s-master ~]# 可以设置为开机自启,以免机器意外停机,或者关机k8s集群开机之后不能用了。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl enable kube-apiserver.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
3 [root@k8s-master ~]# systemctl enable kube-controller-manager.service
4 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
5 [root@k8s-master ~]# systemctl enable kube-scheduler.service
6 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
7 [root@k8s-master ~]# 
6、全部启动完毕之后,可以使用命令查看状态是否正常。
代码语言:javascript复制1 [root@k8s-master ~]# kubectl get componentstatus
2 NAME STATUS MESSAGE ERROR
3 controller-manager Healthy ok
4 scheduler Healthy ok
5 etcd-0 Healthy {"health":"true"}
6 [root@k8s-master ~]# 
目前为止,主节点Master分配的2G内存,已经快用完了。
代码语言:javascript复制1 [root@k8s-master ~]# free -h
2 total used free shared buff/cache available
3 Mem: 1.8G 636M 282M 12M 900M 961M
4 Swap: 2.0G 0B 2.0G
5 [root@k8s-master ~]#7、安装kubernetes(k8s)的 node 节点。安装node服务的时候,会自动依赖帮助你安装好docker。
代码语言:javascript复制1 [root@k8s-master ~]# yum install kubernetes-node.x86_64 -y安装过程,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# yum install kubernetes-node.x86_64 -y
2 Loaded plugins: fastestmirror, langpacks
3 Loading mirror speeds from cached hostfile
4 * base: mirrors.tuna.tsinghua.edu.cn
5 * extras: mirrors.tuna.tsinghua.edu.cn
6 * updates: mirrors.tuna.tsinghua.edu.cn
7 Resolving Dependencies
8 --> Running transaction check
9 ---> Package kubernetes-node.x86_64 0:1.5.2-0.7.git269f928.el7 will be installed
10 --> Processing Dependency: docker for package: kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
11 --> Processing Dependency: conntrack-tools for package: kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
12 --> Running transaction check
13 ---> Package conntrack-tools.x86_64 0:1.4.4-7.el7 will be installed
14 --> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
15 --> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
16 --> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
17 --> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
18 --> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
19 --> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
20 ---> Package docker.x86_64 2:1.13.1-161.git64e9980.el7_8 will be installed
21 --> Processing Dependency: docker-common = 2:1.13.1-161.git64e9980.el7_8 for package: 2:docker-1.13.1-161.git64e9980.el7_8.x86_64
22 --> Processing Dependency: docker-client = 2:1.13.1-161.git64e9980.el7_8 for package: 2:docker-1.13.1-161.git64e9980.el7_8.x86_64
23 --> Processing Dependency: subscription-manager-rhsm-certificates for package: 2:docker-1.13.1-161.git64e9980.el7_8.x86_64
24 --> Running transaction check
25 ---> Package docker-client.x86_64 2:1.13.1-161.git64e9980.el7_8 will be installed
26 ---> Package docker-common.x86_64 2:1.13.1-161.git64e9980.el7_8 will be installed
27 --> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
28 --> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
29 --> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
30 --> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
31 --> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
32 --> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
33 --> Processing Dependency: atomic-registries for package: 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64
34 ---> Package libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 will be installed
35 ---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 will be installed
36 ---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
37 ---> Package subscription-manager-rhsm-certificates.x86_64 0:1.24.26-3.el7.centos will be installed
38 --> Running transaction check
39 ---> Package atomic-registries.x86_64 1:1.22.1-33.gitb507039.el7_8 will be installed
40 --> Processing Dependency: python-pytoml for package: 1:atomic-registries-1.22.1-33.gitb507039.el7_8.x86_64
41 ---> Package container-selinux.noarch 2:2.119.1-1.c57a6f9.el7 will be installed
42 ---> Package container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 will be installed
43 ---> Package containers-common.x86_64 1:0.1.40-7.el7_8 will be installed
44 --> Processing Dependency: subscription-manager for package: 1:containers-common-0.1.40-7.el7_8.x86_64
45 --> Processing Dependency: slirp4netns for package: 1:containers-common-0.1.40-7.el7_8.x86_64
46 --> Processing Dependency: fuse-overlayfs for package: 1:containers-common-0.1.40-7.el7_8.x86_64
47 ---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
48 ---> Package oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6 will be installed
49 ---> Package oci-umount.x86_64 2:2.5-3.el7 will be installed
50 --> Running transaction check
51 ---> Package fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 will be installed
52 --> Processing Dependency: libfuse3.so.3(FUSE_3.2)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
53 --> Processing Dependency: libfuse3.so.3(FUSE_3.0)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
54 --> Processing Dependency: libfuse3.so.3()(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
55 ---> Package python-pytoml.noarch 0:0.1.14-1.git7dea353.el7 will be installed
56 ---> Package slirp4netns.x86_64 0:0.4.3-4.el7_8 will be installed
57 ---> Package subscription-manager.x86_64 0:1.24.26-3.el7.centos will be installed
58 --> Processing Dependency: subscription-manager-rhsm = 1.24.26 for package: subscription-manager-1.24.26-3.el7.centos.x86_64
59 --> Processing Dependency: python-dmidecode >= 3.12.2-2 for package: subscription-manager-1.24.26-3.el7.centos.x86_64
60 --> Processing Dependency: python-syspurpose for package: subscription-manager-1.24.26-3.el7.centos.x86_64
61 --> Processing Dependency: python-dateutil for package: subscription-manager-1.24.26-3.el7.centos.x86_64
62 --> Running transaction check
63 ---> Package fuse3-libs.x86_64 0:3.6.1-4.el7 will be installed
64 ---> Package python-dateutil.noarch 0:1.5-7.el7 will be installed
65 ---> Package python-dmidecode.x86_64 0:3.12.2-4.el7 will be installed
66 ---> Package python-syspurpose.x86_64 0:1.24.26-3.el7.centos will be installed
67 ---> Package subscription-manager-rhsm.x86_64 0:1.24.26-3.el7.centos will be installed
68 --> Finished Dependency Resolution
69
70 Dependencies Resolved
71
72 =================================================================================================================================================================================================================
73 Package Arch Version Repository Size
74 =================================================================================================================================================================================================================
75 Installing:
76 kubernetes-node x86_64 1.5.2-0.7.git269f928.el7 extras 14 M
77 Installing for dependencies:
78 atomic-registries x86_64 1:1.22.1-33.gitb507039.el7_8 extras 36 k
79 conntrack-tools x86_64 1.4.4-7.el7 base 187 k
80 container-selinux noarch 2:2.119.1-1.c57a6f9.el7 extras 40 k
81 container-storage-setup noarch 0.11.0-2.git5eaf76c.el7 extras 35 k
82 containers-common x86_64 1:0.1.40-7.el7_8 extras 42 k
83 docker x86_64 2:1.13.1-161.git64e9980.el7_8 extras 18 M
84 docker-client x86_64 2:1.13.1-161.git64e9980.el7_8 extras 3.9 M
85 docker-common x86_64 2:1.13.1-161.git64e9980.el7_8 extras 99 k
86 fuse-overlayfs x86_64 0.7.2-6.el7_8 extras 54 k
87 fuse3-libs x86_64 3.6.1-4.el7 extras 82 k
88 libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
89 libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
90 libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
91 oci-register-machine x86_64 1:0-6.git2b44233.el7 extras 1.1 M
92 oci-systemd-hook x86_64 1:0.2.0-1.git05e6923.el7_6 extras 34 k
93 oci-umount x86_64 2:2.5-3.el7 extras 33 k
94 python-dateutil noarch 1.5-7.el7 base 85 k
95 python-dmidecode x86_64 3.12.2-4.el7 base 83 k
96 python-pytoml noarch 0.1.14-1.git7dea353.el7 extras 18 k
97 python-syspurpose x86_64 1.24.26-3.el7.centos updates 269 k
98 slirp4netns x86_64 0.4.3-4.el7_8 extras 81 k
99 subscription-manager x86_64 1.24.26-3.el7.centos updates 1.1 M
100 subscription-manager-rhsm x86_64 1.24.26-3.el7.centos updates 327 k
101 subscription-manager-rhsm-certificates x86_64 1.24.26-3.el7.centos updates 232 k
102
103 Transaction Summary
104 =================================================================================================================================================================================================================
105 Install 1 Package ( 24 Dependent packages)
106
107 Total download size: 40 M
108 Installed size: 166 M
109 Downloading packages:
110 (1/25): atomic-registries-1.22.1-33.gitb507039.el7_8.x86_64.rpm | 36 kB 00:00:00
111 (2/25): container-storage-setup-0.11.0-2.git5eaf76c.el7.noarch.rpm | 35 kB 00:00:00
112 (3/25): containers-common-0.1.40-7.el7_8.x86_64.rpm | 42 kB 00:00:00
113 (4/25): container-selinux-2.119.1-1.c57a6f9.el7.noarch.rpm | 40 kB 00:00:00
114 (5/25): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00:00
115 (6/25): docker-client-1.13.1-161.git64e9980.el7_8.x86_64.rpm | 3.9 MB 00:00:02
116 (7/25): docker-common-1.13.1-161.git64e9980.el7_8.x86_64.rpm | 99 kB 00:00:00
117 (8/25): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm | 54 kB 00:00:00
118 (9/25): fuse3-libs-3.6.1-4.el7.x86_64.rpm | 82 kB 00:00:00
119 (10/25): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00:00
120 (11/25): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00:00
121 (12/25): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00:05
122 (13/25): kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64.rpm | 14 MB 00:00:10
123 (14/25): oci-register-machine-0-6.git2b44233.el7.x86_64.rpm | 1.1 MB 00:00:00
124 (15/25): oci-systemd-hook-0.2.0-1.git05e6923.el7_6.x86_64.rpm | 34 kB 00:00:00
125 (16/25): oci-umount-2.5-3.el7.x86_64.rpm | 33 kB 00:00:00
126 (17/25): python-pytoml-0.1.14-1.git7dea353.el7.noarch.rpm | 18 kB 00:00:00
127 (18/25): python-dateutil-1.5-7.el7.noarch.rpm | 85 kB 00:00:00
128 (19/25): python-dmidecode-3.12.2-4.el7.x86_64.rpm | 83 kB 00:00:00
129 (20/25): slirp4netns-0.4.3-4.el7_8.x86_64.rpm | 81 kB 00:00:00
130 (21/25): subscription-manager-1.24.26-3.el7.centos.x86_64.rpm | 1.1 MB 00:00:00
131 (22/25): subscription-manager-rhsm-certificates-1.24.26-3.el7.centos.x86_64.rpm | 232 kB 00:00:00
132 (23/25): docker-1.13.1-161.git64e9980.el7_8.x86_64.rpm | 18 MB 00:00:16
133 (24/25): subscription-manager-rhsm-1.24.26-3.el7.centos.x86_64.rpm | 327 kB 00:00:05
134 (25/25): python-syspurpose-1.24.26-3.el7.centos.x86_64.rpm | 269 kB 00:00:10
135 -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
136 Total 1.5 MB/s | 40 MB 00:00:26
137 Running transaction check
138 Running transaction test
139 Transaction test succeeded
140 Running transaction
141 Installing : subscription-manager-rhsm-certificates-1.24.26-3.el7.centos.x86_64 1/25
142 Installing : python-dateutil-1.5-7.el7.noarch 2/25
143 Installing : subscription-manager-rhsm-1.24.26-3.el7.centos.x86_64 3/25
144 Installing : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 4/25
145 Installing : libnetfilter_cthelper-1.0.0-11.el7.x86_64 5/25
146 Installing : slirp4netns-0.4.3-4.el7_8.x86_64 6/25
147 Installing : 1:oci-register-machine-0-6.git2b44233.el7.x86_64 7/25
148 Installing : 1:oci-systemd-hook-0.2.0-1.git05e6923.el7_6.x86_64 8/25
149 Installing : fuse3-libs-3.6.1-4.el7.x86_64 9/25
150 Installing : fuse-overlayfs-0.7.2-6.el7_8.x86_64 10/25
151 Installing : python-pytoml-0.1.14-1.git7dea353.el7.noarch 11/25
152 Installing : 1:atomic-registries-1.22.1-33.gitb507039.el7_8.x86_64 12/25
153 Installing : 2:oci-umount-2.5-3.el7.x86_64 13/25
154 Installing : python-dmidecode-3.12.2-4.el7.x86_64 14/25
155 Installing : python-syspurpose-1.24.26-3.el7.centos.x86_64 15/25
156 Installing : subscription-manager-1.24.26-3.el7.centos.x86_64 16/25
157 Installing : 1:containers-common-0.1.40-7.el7_8.x86_64 17/25
158 Installing : container-storage-setup-0.11.0-2.git5eaf76c.el7.noarch 18/25
159 Installing : libnetfilter_queue-1.0.2-2.el7_2.x86_64 19/25
160 Installing : conntrack-tools-1.4.4-7.el7.x86_64 20/25
161 Installing : 2:container-selinux-2.119.1-1.c57a6f9.el7.noarch 21/25
162 Installing : 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64 22/25
163 Installing : 2:docker-client-1.13.1-161.git64e9980.el7_8.x86_64 23/25
164 Installing : 2:docker-1.13.1-161.git64e9980.el7_8.x86_64 24/25
165 Installing : kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64 25/25
166 Verifying : 2:container-selinux-2.119.1-1.c57a6f9.el7.noarch 1/25
167 Verifying : 1:atomic-registries-1.22.1-33.gitb507039.el7_8.x86_64 2/25
168 Verifying : libnetfilter_queue-1.0.2-2.el7_2.x86_64 3/25
169 Verifying : fuse-overlayfs-0.7.2-6.el7_8.x86_64 4/25
170 Verifying : container-storage-setup-0.11.0-2.git5eaf76c.el7.noarch 5/25
171 Verifying : subscription-manager-1.24.26-3.el7.centos.x86_64 6/25
172 Verifying : conntrack-tools-1.4.4-7.el7.x86_64 7/25
173 Verifying : python-syspurpose-1.24.26-3.el7.centos.x86_64 8/25
174 Verifying : python-dateutil-1.5-7.el7.noarch 9/25
175 Verifying : subscription-manager-rhsm-1.24.26-3.el7.centos.x86_64 10/25
176 Verifying : python-dmidecode-3.12.2-4.el7.x86_64 11/25
177 Verifying : 2:oci-umount-2.5-3.el7.x86_64 12/25
178 Verifying : python-pytoml-0.1.14-1.git7dea353.el7.noarch 13/25
179 Verifying : 2:docker-client-1.13.1-161.git64e9980.el7_8.x86_64 14/25
180 Verifying : fuse3-libs-3.6.1-4.el7.x86_64 15/25
181 Verifying : 1:containers-common-0.1.40-7.el7_8.x86_64 16/25
182 Verifying : 1:oci-systemd-hook-0.2.0-1.git05e6923.el7_6.x86_64 17/25
183 Verifying : 1:oci-register-machine-0-6.git2b44233.el7.x86_64 18/25
184 Verifying : slirp4netns-0.4.3-4.el7_8.x86_64 19/25
185 Verifying : libnetfilter_cthelper-1.0.0-11.el7.x86_64 20/25
186 Verifying : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 21/25
187 Verifying : 2:docker-common-1.13.1-161.git64e9980.el7_8.x86_64 22/25
188 Verifying : kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64 23/25
189 Verifying : subscription-manager-rhsm-certificates-1.24.26-3.el7.centos.x86_64 24/25
190 Verifying : 2:docker-1.13.1-161.git64e9980.el7_8.x86_64 25/25
191
192 Installed:
193 kubernetes-node.x86_64 0:1.5.2-0.7.git269f928.el7
194
195 Dependency Installed:
196 atomic-registries.x86_64 1:1.22.1-33.gitb507039.el7_8 conntrack-tools.x86_64 0:1.4.4-7.el7 container-selinux.noarch 2:2.119.1-1.c57a6f9.el7
197 container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 containers-common.x86_64 1:0.1.40-7.el7_8 docker.x86_64 2:1.13.1-161.git64e9980.el7_8
198 docker-client.x86_64 2:1.13.1-161.git64e9980.el7_8 docker-common.x86_64 2:1.13.1-161.git64e9980.el7_8 fuse-overlayfs.x86_64 0:0.7.2-6.el7_8
199 fuse3-libs.x86_64 0:3.6.1-4.el7 libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7
200 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 oci-register-machine.x86_64 1:0-6.git2b44233.el7 oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6
201 oci-umount.x86_64 2:2.5-3.el7 python-dateutil.noarch 0:1.5-7.el7 python-dmidecode.x86_64 0:3.12.2-4.el7
202 python-pytoml.noarch 0:0.1.14-1.git7dea353.el7 python-syspurpose.x86_64 0:1.24.26-3.el7.centos slirp4netns.x86_64 0:0.4.3-4.el7_8
203 subscription-manager.x86_64 0:1.24.26-3.el7.centos subscription-manager-rhsm.x86_64 0:1.24.26-3.el7.centos subscription-manager-rhsm-certificates.x86_64 0:1.24.26-3.el7.centos
204
205 Complete!
206 [root@k8s-master ~]# 此时,将192.168.110.133、192.168.110.134、192.168.110.135三台机器的Node节点都安装上去。
开始在Master节点配置Node服务,由于刚才已经配置过vim /etc/kubernetes/config。所以Master节点的Node服务不用进行配置了,那么开始配置kubelet服务。
代码语言:javascript复制1 [root@k8s-master ~]# vim /etc/kubernetes/kubelet
具体配置,如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes kubelet (minion) config
3
4 # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
5 # kublet的监听地址,将127.0.0.1改为192.168.110.133,对192.168.110.133进行监听。
6 KUBELET_ADDRESS="--address=192.168.110.133"
7
8 # The port for the info server to serve on
9 # 刚才在master节点上的api-server中配置的端口是10250,那么kublet里面的端口也需要是10250,它们需要一致。
10 KUBELET_PORT="--port=10250"
11
12 # You may leave this blank to use the actual hostname
13 # 配置kublet的hostname主机名,因为有多个kublet Node节点的时候,每个节点都需要给它贴上一个标签。这样的话master节点在下命令的时候,可以找到指定的node。
14 # 可以使用ip地址进行区别,或者主机名称进行区分。主机名是需要做hosts解析的哦,不然找不到指定的地址的。
15 KUBELET_HOSTNAME="--hostname-override=k8s-master"
16
17 # location of the api-server
18 # kublet需要连接api-server,将127.0.0.1改为192.168.110.133。
19 KUBELET_API_SERVER="--api-servers=http://192.168.110.133:8080"
20
21 # pod infrastructure container
22 KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
23
24 # Add your own!
25 KUBELET_ARGS=""配置好之后,就可以将Node节点上的两个服务kubelet、kube-proxy进行启动。启动kubelet会自动启动Docker的。
可以先查看Docker的运行状态。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl status docker
2 ● docker.service - Docker Application Container Engine
3 Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
4 Active: inactive (dead)
5 Docs: http://docs.docker.com
6 [root@k8s-master ~]# 开始启动kubelet,然后再查看Docker的状态。启动kubelet会进行检测Docker,如果Docker没有启动,会将Docker进行启动。
具体操作,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# systemctl start kubelet.service
2 [root@k8s-master ~]# systemctl status docker
3 ● docker.service - Docker Application Container Engine
4 Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
5 Active: active (running) since Thu 2020-06-04 22:47:33 CST; 9s ago
6 Docs: http://docs.docker.com
7 Main PID: 10765 (dockerd-current)
8 Tasks: 21
9 Memory: 24.9M
10 CGroup: /system.slice/docker.service
11 ├─10765 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/...
12 └─10771 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/contain...
13
14 Jun 04 22:47:31 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:31.476853448 08:00" level=info msg="libcontainerd: new containerd process, pid: 10771"
15 Jun 04 22:47:32 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:32.645932860 08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
16 Jun 04 22:47:32 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:32.647279977 08:00" level=info msg="Loading containers: start."
17 Jun 04 22:47:32 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:32.692606901 08:00" level=info msg="Firewalld running: false"
18 Jun 04 22:47:32 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:32.836987038 08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon optio...d IP address"
19 Jun 04 22:47:32 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:32.948334741 08:00" level=info msg="Loading containers: done."
20 Jun 04 22:47:33 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:33.065358435 08:00" level=info msg="Daemon has completed initialization"
21 Jun 04 22:47:33 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:33.065386204 08:00" level=info msg="Docker daemon" commit="64e9980/1.13.1" graphdriver=overlay2 version=1.13.1
22 Jun 04 22:47:33 k8s-master dockerd-current[10765]: time="2020-06-04T22:47:33.104178460 08:00" level=info msg="API listen on /var/run/docker.sock"
23 Jun 04 22:47:33 k8s-master systemd[1]: Started Docker Application Container Engine.
24 Hint: Some lines were ellipsized, use -l to show in full.
25 [root@k8s-master ~]# 将Kublet服务设置为开机自启动。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl enable kubelet.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
3 [root@k8s-master ~]# 然后,将kube-proxy服务启动。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl start kube-proxy.service将kube-proxy服务设置为开机自启动。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl enable kube-proxy.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
3 [root@k8s-master ~]# 此时,当有一个Node节点创建好之后,可以执行kube-ctl,在master节点执行。
代码语言:javascript复制1 [root@k8s-master ~]# kubectl get nodes
2 NAME STATUS AGE
3 k8s-master Ready 6m
4 [root@k8s-master ~]# 此时,已经有一个节点自动注册进来了,注册进来6分钟了。在启动kubelet服务的一瞬间就会自动注册进来,受master节点管控了。这个Node节点的名称k8s-master,这个名称是在kubelet的配置文件里面指定的。
利用相同的方法,接下来配置k8s-node2、k8s-node3这两个Node节点的服务。此配置主要给kube-proxy服务使用的。
代码语言:javascript复制1 [root@k8s-node2 ~]# vim /etc/kubernetes/config1 [root@k8s-node3 ~]# vim /etc/kubernetes/config将配置KUBE_MASTER="--master=http://192.168.110.133:8080",如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes system config
3 #
4 # The following values are used to configure various aspects of all
5 # kubernetes services, including
6 #
7 # kube-apiserver.service
8 # kube-controller-manager.service
9 # kube-scheduler.service
10 # kubelet.service
11 # kube-proxy.service
12 # logging to stderr means we get it in the systemd journal
13 KUBE_LOGTOSTDERR="--logtostderr=true"
14
15 # journal message level, 0 is debug
16 KUBE_LOG_LEVEL="--v=0"
17
18 # Should this cluster be allowed to run privileged docker containers
19 KUBE_ALLOW_PRIV="--allow-privileged=false"
20
21 # How the controller-manager, scheduler, and proxy find the apiserver
22 KUBE_MASTER="--master=http://192.168.110.133:8080"接下来,修改k8s-node2的配置/etc/kubernetes/kubelet给kubelet服务使用。
代码语言:javascript复制1 [root@k8s-node2 ~]# vim /etc/kubernetes/kubelet
具体配置,如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes kubelet (minion) config
3
4 # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
5 # 修改自己的监听地址,将127.0.0.1修改为192.168.110.134
6 KUBELET_ADDRESS="--address=192.168.110.134"
7
8 # The port for the info server to serve on
9 # kube-let的端口是10250
10 KUBELET_PORT="--port=10250"
11
12 # You may leave this blank to use the actual hostname
13 # 修改自己的主机名称,将127.0.0.1修改为k8s-node2
14 KUBELET_HOSTNAME="--hostname-override=k8s-node2"
15
16 # location of the api-server
17 # 连接master节点的api-server端口
18 KUBELET_API_SERVER="--api-servers=http://192.168.110.133:8080"
19
20 # pod infrastructure container
21 KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
22
23 # Add your own!
24 KUBELET_ARGS=""启动k8s-node2的kubelet的服务。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl start kubelet.service然后设置为k8s-node2的kubelet的服务开机自启动。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl enable kubelet.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
3 [root@k8s-node2 ~]# 然后启动k8s-node2的kube-proxy的服务。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl start kube-proxy.service然后设置为k8s-node2的kube-proxy的服务开机自启动。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl enable kube-proxy.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
3 [root@k8s-node2 ~]# 当将k8s-node2节点配置好之后,去Master节点去查看Node节点的状态。
代码语言:javascript复制1 [root@k8s-master ~]# kubectl get nodes
2 NAME STATUS AGE
3 k8s-master Ready 26m
4 k8s-node2 Ready 3m接下来,修改k8s-node3的配置/etc/kubernetes/kubelet给kubelet服务使用。
代码语言:javascript复制1 [root@k8s-node3 ~]# vim /etc/kubernetes/kubelet
具体配置,如下所示:
代码语言:javascript复制 1 ###
2 # kubernetes kubelet (minion) config
3
4 # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
5 KUBELET_ADDRESS="--address=192.168.110.135"
6
7 # The port for the info server to serve on
8 KUBELET_PORT="--port=10250"
9
10 # You may leave this blank to use the actual hostname
11 KUBELET_HOSTNAME="--hostname-override=k8s-node3"
12
13 # location of the api-server
14 KUBELET_API_SERVER="--api-servers=http://192.168.110.133:8080"
15
16 # pod infrastructure container
17 KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
18
19 # Add your own!
20 KUBELET_ARGS=""然后启动k8s-node3的kubelet、kube-proxy服务。
代码语言:javascript复制1 [root@k8s-node3 ~]# systemctl start kubelet.service
2 [root@k8s-node3 ~]# systemctl enable kubelet.service
3 Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
4 [root@k8s-node3 ~]# systemctl start kube-proxy.service
5 [root@k8s-node3 ~]# systemctl enable kube-proxy.service
6 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
7 [root@k8s-node3 ~]# 当将k8s-node3节点配置好之后,去Master节点去查看Node节点的状态。
代码语言:javascript复制1 [root@k8s-master ~]# kubectl get nodes
2 NAME STATUS AGE
3 k8s-master Ready 38m
4 k8s-node2 Ready 15m
5 k8s-node3 Ready 17s
6 [root@k8s-master ~]# 删除节点的命令,[root@k8s-master ~]# kubectl delete node k8s-node3
代码语言:javascript复制1 [root@k8s-master ~]# kubectl delete node k8s-node38、所有node节点配置flannel网络插件。目的是因为现在有三台Node节点,Node节点会起容器,当大规模使用容器的时候,容器和容器之间是需要通讯的,此时需要实现Docker宿主机跨Docker宿主机容器之间的通讯,此时需要网络插件来让所有的宿主机之间容器之间可以通讯,这里使用的是flannel网络插件。在三个机器都需要安装flannel网络插件。
代码语言:javascript复制1 [root@k8s-master ~]# yum install flannel.x86_64 -y具体安装步骤,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# yum install flannel.x86_64 -y
2 Loaded plugins: fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
3
4 This system is not registered with an entitlement server. You can use subscription-manager to register.
5
6 Loading mirror speeds from cached hostfile
7 * base: mirrors.tuna.tsinghua.edu.cn
8 * extras: mirrors.tuna.tsinghua.edu.cn
9 * updates: mirrors.tuna.tsinghua.edu.cn
10 base | 3.6 kB 00:00:00
11 extras | 2.9 kB 00:00:00
12 updates | 2.9 kB 00:00:00
13 updates/7/x86_64/primary_db | 2.1 MB 00:00:01
14 Resolving Dependencies
15 --> Running transaction check
16 ---> Package flannel.x86_64 0:0.7.1-4.el7 will be installed
17 --> Finished Dependency Resolution
18
19 Dependencies Resolved
20
21 =================================================================================================================================
22 Package Arch Version Repository Size
23 =================================================================================================================================
24 Installing:
25 flannel x86_64 0.7.1-4.el7 extras 7.5 M
26
27 Transaction Summary
28 =================================================================================================================================
29 Install 1 Package
30
31 Total download size: 7.5 M
32 Installed size: 41 M
33 Downloading packages:
34 flannel-0.7.1-4.el7.x86_64.rpm | 7.5 MB 00:00:03
35 Running transaction check
36 Running transaction test
37 Transaction test succeeded
38 Running transaction
39 Installing : flannel-0.7.1-4.el7.x86_64 1/1
40 Verifying : flannel-0.7.1-4.el7.x86_64 1/1
41
42 Installed:
43 flannel.x86_64 0:0.7.1-4.el7
44
45 Complete!
46 [root@k8s-master ~]# 开始配置一下flanneld,配置文件。
代码语言:javascript复制1 [root@k8s-master ~]# vim /etc/sysconfig/flanneld
具体配置如下所示:
代码语言:javascript复制 1 # Flanneld configuration options
2
3 # etcd url location. Point this to the server where etcd runs
4 # 配置flannel连接etcd的地址,注意,api-server和flannel都会使用到etcd。将127.0.0.1改为192.168.110.133
5 FLANNEL_ETCD_ENDPOINTS="http://192.168.110.133:2379"
6
7 # etcd config key. This is the configuration key that flannel queries
8 # For address range assignment
9 # 配置一个Key,这个Key是后期flannel去查询etcd用的。每个容器的Ip地址分配都会存储在etcd里面,此时需要建立一个key,这里使用默认的
10 FLANNEL_ETCD_PREFIX="/atomic.io/network"
11
12 # Any additional options that you want to pass
13 #FLANNEL_OPTIONS=""接下来在etcd里面创建这个key。
代码语言:javascript复制 1 [root@k8s-master ~]# vim /etc/sysconfig/flanneld
2 [root@k8s-master ~]# cat /etc/sysconfig/flanneld
3 # Flanneld configuration options
4
5 # etcd url location. Point this to the server where etcd runs
6 FLANNEL_ETCD_ENDPOINTS="http://192.168.110.133:2379"
7
8 # etcd config key. This is the configuration key that flannel queries
9 # For address range assignment
10 #
11 FLANNEL_ETCD_PREFIX="/atomic.io/network"
12
13 # Any additional options that you want to pass
14 #FLANNEL_OPTIONS=""
15
16 [root@k8s-master ~]# etcdctl set /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
17 { "Network": "172.16.0.0/16" }
18 [root@k8s-master ~]# 开始启动flannel,并加入到开机自启动。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl start flanneld.service
2 [root@k8s-master ~]# systemctl enable flanneld.service
3 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
4 Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
5 [root@k8s-master ~]# 启动flannel之后,使用ifconfig命令可以看到多了一块网卡,inet 172.16.77.0,第三段77是随机分配的,但是docker的网段还是 inet 172.17.0.1。
具体操作,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# ifconfig
2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
4 ether 02:42:10:af:ae:f5 txqueuelen 0 (Ethernet)
5 RX packets 0 bytes 0 (0.0 B)
6 RX errors 0 dropped 0 overruns 0 frame 0
7 TX packets 0 bytes 0 (0.0 B)
8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9
10 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
11 inet 192.168.110.133 netmask 255.255.255.0 broadcast 192.168.110.255
12 inet6 fe80::5c39:8629:f198:a325 prefixlen 64 scopeid 0x20<link>
13 ether 00:0c:29:19:d5:2d txqueuelen 1000 (Ethernet)
14 RX packets 107438 bytes 111779873 (106.6 MiB)
15 RX errors 0 dropped 0 overruns 0 frame 0
16 TX packets 33711 bytes 8689415 (8.2 MiB)
17 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
18
19 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
20 inet 172.16.77.0 netmask 255.255.0.0 destination 172.16.77.0
21 inet6 fe80::c0eb:e3ef:c042:590f prefixlen 64 scopeid 0x20<link>
22 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
23 RX packets 0 bytes 0 (0.0 B)
24 RX errors 0 dropped 0 overruns 0 frame 0
25 TX packets 3 bytes 144 (144.0 B)
26 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
27
28 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
29 inet 127.0.0.1 netmask 255.0.0.0
30 inet6 ::1 prefixlen 128 scopeid 0x10<host>
31 loop txqueuelen 1000 (Local Loopback)
32 RX packets 360520 bytes 153986867 (146.8 MiB)
33 RX errors 0 dropped 0 overruns 0 frame 0
34 TX packets 360520 bytes 153986867 (146.8 MiB)
35 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
36
37 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
38 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
39 ether 52:54:00:0f:f4:f2 txqueuelen 1000 (Ethernet)
40 RX packets 0 bytes 0 (0.0 B)
41 RX errors 0 dropped 0 overruns 0 frame 0
42 TX packets 0 bytes 0 (0.0 B)
43 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
44
45 [root@k8s-master ~]# 启动flannel之后,使用ifconfig命令可以看到多了一块网卡,inet 172.16.77.0,第三段77是随机分配的,但是docker的网段还是 inet 172.17.0.1,此时配置完flannel之后,重启docker服务,此时插件才可以生效。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl restart docker
2 [root@k8s-master ~]# 可以再使用ifconfig查看docker的网段。此时docker的网段inet 172.16.77.1和flannel的网段inet 172.16.77.0一致了。
具体操作,如下所示:
代码语言:javascript复制 1 [root@k8s-master ~]# ifconfig
2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3 inet 172.16.77.1 netmask 255.255.255.0 broadcast 0.0.0.0
4 ether 02:42:10:af:ae:f5 txqueuelen 0 (Ethernet)
5 RX packets 0 bytes 0 (0.0 B)
6 RX errors 0 dropped 0 overruns 0 frame 0
7 TX packets 0 bytes 0 (0.0 B)
8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9
10 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
11 inet 192.168.110.133 netmask 255.255.255.0 broadcast 192.168.110.255
12 inet6 fe80::5c39:8629:f198:a325 prefixlen 64 scopeid 0x20<link>
13 ether 00:0c:29:19:d5:2d txqueuelen 1000 (Ethernet)
14 RX packets 108807 bytes 111980559 (106.7 MiB)
15 RX errors 0 dropped 0 overruns 0 frame 0
16 TX packets 34584 bytes 9157328 (8.7 MiB)
17 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
18
19 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
20 inet 172.16.77.0 netmask 255.255.0.0 destination 172.16.77.0
21 inet6 fe80::c0eb:e3ef:c042:590f prefixlen 64 scopeid 0x20<link>
22 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
23 RX packets 0 bytes 0 (0.0 B)
24 RX errors 0 dropped 0 overruns 0 frame 0
25 TX packets 3 bytes 144 (144.0 B)
26 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
27
28 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
29 inet 127.0.0.1 netmask 255.0.0.0
30 inet6 ::1 prefixlen 128 scopeid 0x10<host>
31 loop txqueuelen 1000 (Local Loopback)
32 RX packets 372011 bytes 159660750 (152.2 MiB)
33 RX errors 0 dropped 0 overruns 0 frame 0
34 TX packets 372011 bytes 159660750 (152.2 MiB)
35 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
36
37 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
38 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
39 ether 52:54:00:0f:f4:f2 txqueuelen 1000 (Ethernet)
40 RX packets 0 bytes 0 (0.0 B)
41 RX errors 0 dropped 0 overruns 0 frame 0
42 TX packets 0 bytes 0 (0.0 B)
43 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
44
45 [root@k8s-master ~]# Master节点配置完毕之后,现在开始配置剩下的两个Node节点。
代码语言:javascript复制1 [root@k8s-node2 ~]# vim /etc/sysconfig/flanneld 1 [root@k8s-node3 ~]# vim /etc/sysconfig/flanneld配置内容,如下所示,将FLANNEL_ETCD_ENDPOINTS="http://192.168.110.133:2379"配置,找到指定的etcd。
代码语言:javascript复制 1 # Flanneld configuration options
2
3 # etcd url location. Point this to the server where etcd runs
4 FLANNEL_ETCD_ENDPOINTS="http://192.168.110.133:2379"
5
6 # etcd config key. This is the configuration key that flannel queries
7 # For address range assignment
8 FLANNEL_ETCD_PREFIX="/atomic.io/network"
9
10 # Any additional options that you want to pass
11 #FLANNEL_OPTIONS=""配置完毕之后,开始启动flannel,注意,刚才在master节点已经配置key,这里启动才可以正常地,不然两个Node节点启动也是会报错的。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl start flanneld.service1 [root@k8s-node3 ~]# systemctl start flanneld.service 顺便将两个Node节点的flannel设置为开机自启动。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl enable flanneld.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
3 Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
4 [root@k8s-node2 ~]# 1 [root@k8s-node3 ~]# systemctl enable flanneld.service
2 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
3 Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.
4 [root@k8s-node3 ~]# 想要flannel生效,还需要重启一下docker的。
代码语言:javascript复制1 [root@k8s-node2 ~]# systemctl restart docker1 [root@k8s-node3 ~]# systemctl restart docker开始测试一下,所有网段之间是否可以正常通讯呢。在master节点,docker的随机分配的地址段,网段是inet 172.16.77.1,Node2节点的docker随机分配的地址段是inet 172.16.52.1,Node3节点的docker随机分配的地址段是inet 172.16.13.1。请记好自己的网段。
代码语言:javascript复制 1 [root@k8s-master ~]# ifconfig
2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3 inet 172.16.77.1 netmask 255.255.255.0 broadcast 0.0.0.0
4 ether 02:42:10:af:ae:f5 txqueuelen 0 (Ethernet)
5 RX packets 0 bytes 0 (0.0 B)
6 RX errors 0 dropped 0 overruns 0 frame 0
7 TX packets 0 bytes 0 (0.0 B)
8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9
10 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
11 inet 192.168.110.133 netmask 255.255.255.0 broadcast 192.168.110.255
12 inet6 fe80::5c39:8629:f198:a325 prefixlen 64 scopeid 0x20<link>
13 ether 00:0c:29:19:d5:2d txqueuelen 1000 (Ethernet)
14 RX packets 113455 bytes 112697638 (107.4 MiB)
15 RX errors 0 dropped 0 overruns 0 frame 0
16 TX packets 37647 bytes 10843382 (10.3 MiB)
17 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
18
19 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
20 inet 172.16.77.0 netmask 255.255.0.0 destination 172.16.77.0
21 inet6 fe80::c0eb:e3ef:c042:590f prefixlen 64 scopeid 0x20<link>
22 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
23 RX packets 0 bytes 0 (0.0 B)
24 RX errors 0 dropped 0 overruns 0 frame 0
25 TX packets 3 bytes 144 (144.0 B)
26 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
27
28 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
29 inet 127.0.0.1 netmask 255.0.0.0
30 inet6 ::1 prefixlen 128 scopeid 0x10<host>
31 loop txqueuelen 1000 (Local Loopback)
32 RX packets 413251 bytes 179956183 (171.6 MiB)
33 RX errors 0 dropped 0 overruns 0 frame 0
34 TX packets 413251 bytes 179956183 (171.6 MiB)
35 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
36
37 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
38 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
39 ether 52:54:00:0f:f4:f2 txqueuelen 1000 (Ethernet)
40 RX packets 0 bytes 0 (0.0 B)
41 RX errors 0 dropped 0 overruns 0 frame 0
42 TX packets 0 bytes 0 (0.0 B)
43 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
44
45 [root@k8s-master ~]# 1 [root@k8s-node2 ~]# ifconfig
2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3 inet 172.16.52.1 netmask 255.255.255.0 broadcast 0.0.0.0
4 ether 02:42:8f:81:1d:f5 txqueuelen 0 (Ethernet)
5 RX packets 0 bytes 0 (0.0 B)
6 RX errors 0 dropped 0 overruns 0 frame 0
7 TX packets 0 bytes 0 (0.0 B)
8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9
10 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
11 inet 192.168.110.134 netmask 255.255.255.0 broadcast 192.168.110.255
12 inet6 fe80::5c39:8629:f198:a325 prefixlen 64 scopeid 0x20<link>
13 inet6 fe80::1dad:6022:4131:5f1c prefixlen 64 scopeid 0x20<link>
14 ether 00:0c:29:d3:11:ba txqueuelen 1000 (Ethernet)
15 RX packets 78216 bytes 87153782 (83.1 MiB)
16 RX errors 0 dropped 0 overruns 0 frame 0
17 TX packets 32399 bytes 5365699 (5.1 MiB)
18 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
19
20 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
21 inet 172.16.52.0 netmask 255.255.0.0 destination 172.16.52.0
22 inet6 fe80::8630:7924:a3c3:a6e7 prefixlen 64 scopeid 0x20<link>
23 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
24 RX packets 0 bytes 0 (0.0 B)
25 RX errors 0 dropped 0 overruns 0 frame 0
26 TX packets 3 bytes 144 (144.0 B)
27 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
28
29 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
30 inet 127.0.0.1 netmask 255.0.0.0
31 inet6 ::1 prefixlen 128 scopeid 0x10<host>
32 loop txqueuelen 1000 (Local Loopback)
33 RX packets 200 bytes 21936 (21.4 KiB)
34 RX errors 0 dropped 0 overruns 0 frame 0
35 TX packets 200 bytes 21936 (21.4 KiB)
36 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
37
38 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
39 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
40 ether 52:54:00:0f:f4:f2 txqueuelen 1000 (Ethernet)
41 RX packets 0 bytes 0 (0.0 B)
42 RX errors 0 dropped 0 overruns 0 frame 0
43 TX packets 0 bytes 0 (0.0 B)
44 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
45
46 [root@k8s-node2 ~]# 1 [root@k8s-node3 ~]# ifconfig
2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3 inet 172.16.13.1 netmask 255.255.255.0 broadcast 0.0.0.0
4 ether 02:42:c7:0d:a6:e9 txqueuelen 0 (Ethernet)
5 RX packets 0 bytes 0 (0.0 B)
6 RX errors 0 dropped 0 overruns 0 frame 0
7 TX packets 0 bytes 0 (0.0 B)
8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9
10 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
11 inet 192.168.110.135 netmask 255.255.255.0 broadcast 192.168.110.255
12 inet6 fe80::f2ac:286a:e885:a442 prefixlen 64 scopeid 0x20<link>
13 ether 00:0c:29:b6:cf:68 txqueuelen 1000 (Ethernet)
14 RX packets 586163 bytes 827958100 (789.6 MiB)
15 RX errors 0 dropped 0 overruns 0 frame 0
16 TX packets 180587 bytes 12919890 (12.3 MiB)
17 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
18
19 flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
20 inet 172.16.13.0 netmask 255.255.0.0 destination 172.16.13.0
21 inet6 fe80::d6d3:434e:c643:5f73 prefixlen 64 scopeid 0x20<link>
22 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
23 RX packets 0 bytes 0 (0.0 B)
24 RX errors 0 dropped 0 overruns 0 frame 0
25 TX packets 3 bytes 144 (144.0 B)
26 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
27
28 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
29 inet 127.0.0.1 netmask 255.0.0.0
30 inet6 ::1 prefixlen 128 scopeid 0x10<host>
31 loop txqueuelen 1000 (Local Loopback)
32 RX packets 25226 bytes 2092968 (1.9 MiB)
33 RX errors 0 dropped 0 overruns 0 frame 0
34 TX packets 25226 bytes 2092968 (1.9 MiB)
35 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
36
37 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
38 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
39 ether 52:54:00:d7:6e:e2 txqueuelen 1000 (Ethernet)
40 RX packets 0 bytes 0 (0.0 B)
41 RX errors 0 dropped 0 overruns 0 frame 0
42 TX packets 0 bytes 0 (0.0 B)
43 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
44
45 [root@k8s-node3 ~]# 此时,已经将flannel插件已经安全好了,可以将主节点Master的api-server、controller-manager、scheduler都进行重启。两个Node节点的kubelet、kube-proxy进行重启。如果你已经将Master节点、两个Node节点的flannel配置好,并启动,然后将Master节点、两个Node节点的docker重启。
代码语言:javascript复制1 [root@k8s-master ~]# systemctl restart kube-apiserver.service
2 [root@k8s-master ~]# systemctl restart kube-controller-manager.service
3 [root@k8s-master ~]# systemctl restart kube-scheduler.service
4 [root@k8s-master ~]# 1 [root@k8s-node2 ~]# systemctl restart kubelet.service
2 [root@k8s-node2 ~]# systemctl restart kube-proxy.service
3 [root@k8s-node2 ~]# 1 [root@k8s-node3 ~]# systemctl restart kubelet.service
2 [root@k8s-node3 ~]# systemctl restart kube-proxy.service
3 [root@k8s-node3 ~]# 9、最后,测试跨宿主机容器之间的互通性。在所有节点执行docker run -it busybox。
这里使用docker pull拉取镜像,也可以导入包的方式。
代码语言:javascript复制 1 [root@k8s-master ~]# docker pull busybox
2 Using default tag: latest
3 Trying to pull repository docker.io/library/busybox ...
4 latest: Pulling from docker.io/library/busybox
5 76df9210b28c: Pull complete
6 Digest: sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
7 Status: Downloaded newer image for docker.io/busybox:latest
8 [root@k8s-master ~]# docker image ls
9 REPOSITORY TAG IMAGE ID CREATED SIZE
10 docker.io/busybox latest 1c35c4412082 2 days ago 1.22 MB
11 [root@k8s-master ~]# 1 [root@k8s-node2 ~]# docker pull busybox
2 Using default tag: latest
3 Trying to pull repository docker.io/library/busybox ...
4 latest: Pulling from docker.io/library/busybox
5 76df9210b28c: Pull complete
6 Digest: sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
7 Status: Downloaded newer image for docker.io/busybox:latest
8 [root@k8s-node2 ~]# docker image ls
9 REPOSITORY TAG IMAGE ID CREATED SIZE
10 docker.io/busybox latest 1c35c4412082 2 days ago 1.22 MB
11 [root@k8s-node2 ~]# 1 [root@k8s-node3 ~]# docker pull busybox
2 Using default tag: latest
3 Trying to pull repository docker.io/library/busybox ...
4 latest: Pulling from docker.io/library/busybox
5 76df9210b28c: Pull complete
6 Digest: sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
7 Status: Downloaded newer image for docker.io/busybox:latest
8 [root@k8s-node3 ~]# docker image ls
9 REPOSITORY TAG IMAGE ID CREATED SIZE
10 docker.io/busybox latest 1c35c4412082 2 days ago 1.22 MB
11 [root@k8s-node3 ~]# 也可以将docker_busybox.tar.gz上传到服务器,然后使用docker load -i docker_busybox.tar.gz导入一下,然后可以使用docker image ls进行查看镜像。
现在开始运行 busybox,启动一个 busybox 容器。
代码语言:javascript复制1 [root@k8s-master ~]# docker run -it busybox
2 / # 1 [root@k8s-node2 ~]# docker run -it busybox
2 / # 1 [root@k8s-node3 ~]# docker run -it busybox
2 / # 现在在所有节点查看ip地址。master节点的ip地址是inet addr:172.16.77.2、node2节点的ip地址是inet addr:172.16.52.2、node3节点的ip地址是inet addr:172.16.13.2。
代码语言:javascript复制 1 [root@k8s-master ~]# docker run -it busybox
2 / # ifconfig
3 eth0 Link encap:Ethernet HWaddr 02:42:AC:10:4D:02
4 inet addr:172.16.77.2 Bcast:0.0.0.0 Mask:255.255.255.0
5 inet6 addr: fe80::42:acff:fe10:4d02/64 Scope:Link
6 UP BROADCAST RUNNING MULTICAST MTU:1472 Metric:1
7 RX packets:24 errors:0 dropped:0 overruns:0 frame:0
8 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
9 collisions:0 txqueuelen:0
10 RX bytes:2650 (2.5 KiB) TX bytes:656 (656.0 B)
11
12 lo Link encap:Local Loopback
13 inet addr:127.0.0.1 Mask:255.0.0.0
14 inet6 addr: ::1/128 Scope:Host
15 UP LOOPBACK RUNNING MTU:65536 Metric:1
16 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
17 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
18 collisions:0 txqueuelen:1000
19 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
20
21 / # 1 [root@k8s-node2 ~]# docker run -it busybox
2 / # ifconfig
3 eth0 Link encap:Ethernet HWaddr 02:42:AC:10:34:02
4 inet addr:172.16.52.2 Bcast:0.0.0.0 Mask:255.255.255.0
5 inet6 addr: fe80::42:acff:fe10:3402/64 Scope:Link
6 UP BROADCAST RUNNING MULTICAST MTU:1472 Metric:1
7 RX packets:53 errors:0 dropped:0 overruns:0 frame:0
8 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
9 collisions:0 txqueuelen:0
10 RX bytes:9546 (9.3 KiB) TX bytes:656 (656.0 B)
11
12 lo Link encap:Local Loopback
13 inet addr:127.0.0.1 Mask:255.0.0.0
14 inet6 addr: ::1/128 Scope:Host
15 UP LOOPBACK RUNNING MTU:65536 Metric:1
16 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
17 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
18 collisions:0 txqueuelen:1000
19 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
20
21 / # 1 [root@k8s-node3 ~]# docker run -it busybox
2 / # ifconfig
3 eth0 Link encap:Ethernet HWaddr 02:42:AC:10:0D:02
4 inet addr:172.16.13.2 Bcast:0.0.0.0 Mask:255.255.255.0
5 inet6 addr: fe80::42:acff:fe10:d02/64 Scope:Link
6 UP BROADCAST RUNNING MULTICAST MTU:1472 Metric:1
7 RX packets:24 errors:0 dropped:0 overruns:0 frame:0
8 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
9 collisions:0 txqueuelen:0
10 RX bytes:2634 (2.5 KiB) TX bytes:656 (656.0 B)
11
12 lo Link encap:Local Loopback
13 inet addr:127.0.0.1 Mask:255.0.0.0
14 inet6 addr: ::1/128 Scope:Host
15 UP LOOPBACK RUNNING MTU:65536 Metric:1
16 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
17 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
18 collisions:0 txqueuelen:1000
19 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
20
21 / # 然后在所有节点之间互ping。
代码语言:javascript复制 1 / # ping 172.16.52.2
2 PING 172.16.52.2 (172.16.52.2): 56 data bytes
3 64 bytes from 172.16.52.2: seq=0 ttl=60 time=4.633 ms
4 64 bytes from 172.16.52.2: seq=1 ttl=60 time=1.292 ms
5 64 bytes from 172.16.52.2: seq=2 ttl=60 time=2.266 ms
6 ^C
7 --- 172.16.52.2 ping statistics ---
8 3 packets transmitted, 3 packets received, 0% packet loss
9 round-trip min/avg/max = 1.292/2.730/4.633 ms
10 / # ping 172.16.13.2
11 PING 172.16.13.2 (172.16.13.2): 56 data bytes
12 ^C
13 --- 172.16.13.2 ping statistics ---
14 6 packets transmitted, 0 packets received, 100% packet loss
15 / # 我的互ping,有的是通的,有的不通,为什么容器间ping不通,因为docker默认安装的版本是1.13.1版本。
注意:你需要在三台服务器都进行ping操作,看看到底那台ping不通地。
代码语言:javascript复制 1 [root@k8s-master ~]# docker version
2 Client:
3 Version: 1.13.1
4 API version: 1.26
5 Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
6 Go version: go1.10.3
7 Git commit: 64e9980/1.13.1
8 Built: Tue Apr 28 14:43:01 2020
9 OS/Arch: linux/amd64
10
11 Server:
12 Version: 1.13.1
13 API version: 1.26 (minimum version 1.12)
14 Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
15 Go version: go1.10.3
16 Git commit: 64e9980/1.13.1
17 Built: Tue Apr 28 14:43:01 2020
18 OS/Arch: linux/amd64
19 Experimental: false
20 [root@k8s-master ~]# docker1.13.1版本之后,将iptables的规则调整了。导致容器之间ping不通,我的机器是有的可以ping通,有的不可以ping通地。
代码语言:javascript复制 1 [root@k8s-master ~]# iptables -L -n
2 Chain INPUT (policy ACCEPT)
3 target prot opt source destination
4 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
9
10 Chain FORWARD (policy ACCEPT)
11 target prot opt source destination
12 DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
13 DOCKER all -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
15 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
16 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
17 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
18 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
19 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
20 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
21 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
22
23 Chain OUTPUT (policy ACCEPT)
24 target prot opt source destination
25 KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
26 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
27 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
28
29 Chain DOCKER (1 references)
30 target prot opt source destination
31
32 Chain DOCKER-ISOLATION (1 references)
33 target prot opt source destination
34 RETURN all -- 0.0.0.0/0 0.0.0.0/0
35
36 Chain KUBE-FIREWALL (2 references)
37 target prot opt source destination
38 DROP all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
39
40 Chain KUBE-SERVICES (1 references)
41 target prot opt source destination
42 [root@k8s-master ~]# 1 [root@k8s-node2 ~]# iptables -L -n
2 Chain INPUT (policy ACCEPT)
3 target prot opt source destination
4 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
9
10 Chain FORWARD (policy ACCEPT)
11 target prot opt source destination
12 DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
13 DOCKER all -- 0.0.0.0/0 0.0.0.0/0
14 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
15 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
16 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
17 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
18 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
19 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
20 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
21 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
22
23 Chain OUTPUT (policy ACCEPT)
24 target prot opt source destination
25 KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
26 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
27 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
28
29 Chain DOCKER (1 references)
30 target prot opt source destination
31
32 Chain DOCKER-ISOLATION (1 references)
33 target prot opt source destination
34 RETURN all -- 0.0.0.0/0 0.0.0.0/0
35
36 Chain KUBE-FIREWALL (2 references)
37 target prot opt source destination
38 DROP all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
39
40 Chain KUBE-SERVICES (1 references)
41 target prot opt source destination 1 [root@k8s-node3 ~]# iptables -L -n
2 Chain INPUT (policy ACCEPT)
3 target prot opt source destination
4 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
5
6 Chain FORWARD (policy DROP)
7 target prot opt source destination
8 DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
9 DOCKER all -- 0.0.0.0/0 0.0.0.0/0
10 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
11 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
12 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
13
14 Chain OUTPUT (policy ACCEPT)
15 target prot opt source destination
16 KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
17 KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0
18
19 Chain DOCKER (1 references)
20 target prot opt source destination
21
22 Chain DOCKER-ISOLATION (1 references)
23 target prot opt source destination
24 RETURN all -- 0.0.0.0/0 0.0.0.0/0
25
26 Chain KUBE-FIREWALL (2 references)
27 target prot opt source destination
28 DROP all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
29
30 Chain KUBE-SERVICES (1 references)
31 target prot opt source destination 所以,将iptables规则修改为ACCEPT即可。如果三台机器都是Drop,那么三台机器都需要修改为accept的。
代码语言:javascript复制1 [root@k8s-node3 ~]# iptables -P FORWARD ACCEPT修改完毕,可以再使用iptables -L -n命令进行查看的。看看是否已经修改为了ACCEPT,可以看到三台机器都是Chain FORWARD (policy ACCEPT)。
再次使用[root@k8s-master ~]# docker run -it busybox,看看是否可以ping通,如下所示:
iptables规则的问题,如果服务器断电重启了,这个规则还需要手动加一遍,这里让其自动进行添加,把它加入到我们的docker的配置文件中。查看docker的启动路径,如下所示:
然后将配置iptables -P FORWARD ACCEPT改到docker的配置文件里面去。
代码语言:javascript复制1 [root@k8s-node3 ~]# which iptables
2 /usr/sbin/iptables
3 [root@k8s-node3 ~]# vim /usr/lib/systemd/system/docker.service
4 [root@k8s-node3 ~]# 具体配置如下所示:
代码语言:javascript复制1 # ExecStartPost服务启动之后,执行一步操作,使用全路径/usr/sbin/iptables。
2 ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT具体演示,如下所示:
这里修改了docker的配置文件,如果想要此配置文件生效,还要执行命令,让其生效。不需要重启docker,刚才临时让其配置生效,下次重启Docker也是生效的。
代码语言:javascript复制1 [root@k8s-node3 ~]# systemctl daemon-reload
2 [root@k8s-node3 ~]# 至此,安装就结束了,下面看下我的机器内存(十分羡慕电脑配置高的啊,囊中羞涩)。
