Kubernetes集群生产环境搭建全过程
本文详细讲解如何搭建高可用的Kubernetes集群,以下简称k8s
由三台服务器(CentOS 7.0)组成master集群,命名为m1,m2,m3,ip用m1 m2 m3来代替
etcd集群搭建
首先搭建etcd集群,etcd为k8s集群的核心组成部分,负责所有集群配置信息和服务信息的存储,所以必须要保证高可用,此处采用etcd的静态服务发现,即在etcd启动的时候,确定etcd node的ip。
yum安装etcd yum install -y etcd
分别在三台机器启动etcd进程(实际操作中需要将m1 m2 m3替换成实际的ip地址)
m1:
etcd -name infra1 -initial-advertise-peer-urls http://m1:2380 -listen-peer-urls http://m1:2380 -listen-client-urls http://m1:2379,http://127.0.0.1:2379 -advertise-client-urls http://m1:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra1=http://m1:2380,infra2=http://m2:2380,infra3=http://m3:2380 -initial-cluster-state new
m2:
etcd -name infra2 -initial-advertise-peer-urls http://m2:2380 -listen-peer-urls http://m2:2380 -listen-client-urls http://m2:2379,http://127.0.0.1:2379 -advertise-client-urls http://m2:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra1=http://m1:2380,infra2=http://m2:2380,infra3=http://m3:2380 -initial-cluster-state new
m3:
etcd -name infra3 -initial-advertise-peer-urls http://m3:2380 -listen-peer-urls http://m3:2380 -listen-client-urls http://m3:2379,http://127.0.0.1:2379 -advertise-client-urls http://m3:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra1=http://m1:2380,infra2=http://m2:2380,infra3=http://m3:2380 -initial-cluster-state new
集群启动后,选取一台机器执行 etcdctl cluster-health
如果出现3个类似 member cbfa6350b369c3a is healthy 的字样,说明etcd集群部署成功。
实战中采取了systemd来进行管理
新建文件 /usr/lib/systemd/system/etcd.service
内容如下:
[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.target[Service]Type=notifyWorkingDirectory=/rootExecStart=etcd -name infra1 -initial-advertise-peer-urls http://m1:2380 -listen-peer-urls http://m1:2380 -listen-client-urls http://m1:2379,http://127.0.0.1:2379 -advertise-client-urls http://m1:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra1=http://m1:2380,infra2=http://m2:2380,infra3=http://m3:2380 -initial-cluster-state newRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target
这样可以使用 systemctl start etcd来启动服务
Kubernete master搭建
master搭建是通过自动化搭建脚本实现的 脚本内容如下
# !/bin/bashecho '################ Prerequisites...'systemctl stop firewalldsystemctl disable firewalldyum -y install ntpsystemctl start ntpdsystemctl enable ntpdecho '################ Installing flannel...'# 安装flannelyum install flannel -yecho '################ Add subnets for flannel...'A_SUBNET=172.17.0.0/16B_SUBNET=192.168.0.0/16C_SUBNET=10.254.0.0/16FLANNEL_SUBNET=$A_SUBNETSERVICE_SUBNET=$B_SUBNETOCCUPIED_IPs=(`ifconfig -a | grep 'inet ' | cut -d ':' -f 2 |cut -d ' ' -f 1 | grep -v '^127'`)for ip in ${OCCUPIED_IPs[@]};do if [ $(ipcalc -n $ip/${A_SUBNET# */}) == $(ipcalc -n ${A_SUBNET}) ];then FLANNEL_SUBNET=$C_SUBNET SERVICE_SUBNET=$B_SUBNET break fi if [ $(ipcalc -n $ip/${B_SUBNET# */}) == $(ipcalc -n ${B_SUBNET}) ];then FLANNEL_SUBNET=$A_SUBNET SERVICE_SUBNET=$C_SUBNET break fi if [ $(ipcalc -n $ip/${C_SUBNET# */}) == $(ipcalc -n ${C_SUBNET}) ];then FLANNEL_SUBNET=$A_SUBNET SERVICE_SUBNET=$B_SUBNET break fidonewhile ((1));do sleep 2 etcdctl cluster-health flag=$? if [ $flag == 0 ];thenetcdctl mk /coreos.com/network/config '{"Network":"'${FLANNEL_SUBNET}'"}' break fidoneecho '################ Starting flannel...'# 此处将m1 m2 m3 换成实际的ipecho -e "FLANNEL_ETCD=\"http://m1:2379,http://m2:2379,http://m3:2379\"FLANNEL_ETCD_KEY=\"/coreos.com/network\"" > /etc/sysconfig/flanneldsystemctl enable flanneldsystemctl start flanneldecho '################ Installing K8S...'yum -y install kubernetesecho 'KUBE_API_ADDRESS="--address=0.0.0.0"KUBE_API_PORT="--port=8080"KUBELET_PORT="--kubelet_port=10250"KUBE_ETCD_SERVERS="--etcd_servers=http://m1:2379,http://m2:2379,http://m3:2379"KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range='${SERVICE_SUBNET}'"KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"KUBE_API_ARGS=""' > /etc/kubernetes/apiserverecho '################ Start K8S components...'for SERVICES in kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICESdone
Kubernete node搭建
node的搭建也是通过自动化部署脚本实现的,脚本内容如下:
# !/bin/bashecho '################ Prerequisites...'# 关闭firewall 开启ntp时间同步systemctl stop firewalldsystemctl disable firewalldyum -y install ntpsystemctl start ntpdsystemctl enable ntpd# 安装kubernetes所需要的几个软件yum -y install kubernetes docker flannel bridge-utils# 此处使用了一个vip 命名为vip 实际部署时需要替换为你的集群的vip 使用此ip的服务有 kube-master(8080) registry(5000) skydns(53)echo '################ Configuring nodes...'echo '################ Configuring nodes > Find Kube master...'KUBE_REGISTRY_IP="vip"KUBE_MASTER_IP="vip"echo '################ Configuring nodes > Configuring Minion...'echo -e "KUBE_LOGTOSTDERR=\"--logtostderr=true\"KUBE_LOG_LEVEL=\"--v=0\"KUBE_ALLOW_PRIV=\"--allow_privileged=false\"KUBE_MASTER=\"--master=http://${KUBE_MASTER_IP}:8080\"" > /etc/kubernetes/configecho '################ Configuring nodes > Configuring kubelet...'# 取每个node机器的eth0的ip作为标识KUBE_NODE_IP=`ifconfig eth0 | grep "inet " | awk '{print $2}'`# api_servers 使用master1 master2 master3的ip数组形式echo -e "KUBELET_ADDRESS=\"--address=0.0.0.0\"KUBELET_PORT=\"--port=10250\"KUBELET_HOSTNAME=\"--hostname_override=${KUBE_NODE_IP}\"KUBELET_API_SERVER=\"--api_servers=http://m1:8080,http://m2:8080,http://m3:8080\"KUBELET_ARGS=\"--cluster-dns=vip --cluster-domain=k8s --pod-infra-container-image=${KUBE_REGISTRY_IP}:5000/pause:latest\"" > /etc/kubernetes/kubelet# flannel读取etcd配置信息 为本机的docker0分配ip 保证node集群子网互通echo '################ Configuring flannel...'echo -e "FLANNEL_ETCD=\"http://m1:2379,http://m2:2379,http://m3:2379\"FLANNEL_ETCD_KEY=\"/coreos.com/network\"" > /etc/sysconfig/flanneldecho '################ Accept private registry...'echo "OPTIONS='--selinux-enabled --insecure-registry ${KUBE_REGISTRY_IP}:5000'DOCKER_CERT_PATH=/etc/docker" > /etc/sysconfig/dockerecho '################ Start K8S Components...'systemctl daemon-reloadfor SERVICES in kube-proxy flanneld; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICESdoneecho '################ Resolve interface conflicts...'systemctl stop dockerifconfig docker0 downbrctl delbr docker0echo '################ Accept private registry...'echo -e "OPTIONS='--selinux-enabled --insecure-registry ${KUBE_REGISTRY_IP}:5000'DOCKER_CERT_PATH=/etc/docker" > /etc/sysconfig/dockerfor SERVICES in docker kubelet; do systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICESdone
至此,Kubernetes master和node的搭建就结束了。
关键字:docker, k8s
版权声明
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处。如若内容有涉嫌抄袭侵权/违法违规/事实不符,请点击 举报 进行投诉反馈!