上篇介绍了Kubernetes1.4在阿里云美西节点的部署过程,由于国内网络问题,很多留言表示并不通用,因此才有此下篇介绍本地部署K8S1.4的具体方法。

Ansible是一个简单的自动化运维工具,主要用于配置管理和应用部署,功能类似于目前业界的配置管理工具 Chef,Puppet,Saltstack。Ansible 是通过 Python 语言开发。Ansible 平台由 Michael DeHaan 创建,他同时也是知名软件 Cobbler 与 Func 的作者。

Ansible 的第一个版本发布于 2012 年 2 月。Ansible 默认通过 SSH 协议管理机器,所以 Ansible 不需要安装客户端程序在服务器上。您只需要将 Ansible 安装在一台服务器,在 Ansible 安装完后,您就可以去管理控制其它服务器。不需要为它配置数据库,Ansible 不会以 daemons 方式来启动或保持运行状态,因此使用非常方便,所以这里用它来部署K8S1.4测试环境,具体来讲Ansible 可以实现以下目标:

自动化部署应用

自动化管理配置

自动化的持续交付

自动化的(AWS)云服务管理。

从1.3开始支持新的资源类型DaemonSet,kube-scheduler,kube-apiserver,kube-controller-manager,kube-proxy,kube-discovery都已经放入POD中,使用更加方便了,上文提到Kubernetes1.4的新功能是引入了kubeadm部署机制(暂时还是alpha版本),简化了Kubernetes集群的构建,我们部署一个K8S集群只要如下四个步骤,通过Ansible部署会更加简单,只要二步就OK。

  • 安装docker、kubelet、kubectl、kubeadm
  • docker 容器运行环境
  • kubelet 集群最核心组件,它运行在所有集群中的机器,并实际操作POD和容器
  • kubectl 交互命令行控制集群
  • kubeadm Kubernetes1.4新增,替换之前的kube-up.sh脚本,用于集群的创建和节点的增加
  • kubeadm init初始化master
  • kubeadm join –token
  • 部署POD网络

之前和网友交流过,有些网友已经本地部署成功了,由于比较忙,所以这篇本地部署文章让大家久等了,很抱歉,具体部署代码可以从我的github下载,下面开始我们的本地部署过程。

准备

准备三台虚拟机

  • 硬件配置: 三台 CPU1核 内存1.5G机器-需要可以访问国内网络(Ansible安装和国内镜像下载需要)
  • 操作系统:Centos7.2
  • 代码库-https://github.com/MarkThink/kubernetes1.4

Vagrant配置文件Vagrantfile:

# -*- mode: ruby -*-
# # vi: set ft=ruby :

boxes = {
  ubuntu: "ubuntu/xenial64",
  centos: "centos7.2",
}

distro = :centos # :ubuntu

Vagrant.configure(2) do |config|

  (1..3).each do |i|
    config.vm.define "k8s#{i}" do |s|
      s.ssh.forward_agent = true
      s.vm.box = boxes[distro]
      s.vm.hostname = "k8s#{i}"
      s.vm.provision :shell, path: "scripts/bootstrap_ansible_#{distro.to_s}.sh"
      n = 10 + i
      s.vm.network "private_network", ip: "172.42.42.#{n}", netmask: "255.255.255.0",
        auto_config: true,
        virtualbox__intnet: "k8s-net"
      s.vm.provider "virtualbox" do |v|
        v.name = "k8s#{i}"
        v.memory = 1536
        v.gui = false
      end
    end
  end

  if Vagrant.has_plugin?("vagrant-cachier")
    config.cache.scope = :box
  end
end

启动虚拟机

vagrant up
//进入虚拟机环境
vagrant ssh k8s1
vagrant ssh k8s2
vagrant ssh k8s3
#切换超级用户
su
#关闭SE
setenforce 0
#关闭firewalld
systemctl stop firewalld && systemctl disable firewalld
#进入三台虚拟机,更改IP地址为静态方式
vi /etc/sysconfig/network-scripts/ifcfg-enp0s8
BOOTPROTO=static
#重启网络服务,使三台机器可以两两互通
systemctl restart network

将此文件yum.repo复制到/etc/yum.repo.d/目录,准备Kubernetes安装的软件包。

cp yum.repo /etc/yum.repo.d/
#yum.repo
[base]
name=base-repo
baseurl=http://yum.caicloud.io/base/
enabled=1
gpgcheck=0
gpgkey=http://yum.caicloud.io/Centos7Base/RPM-GPG-KEY-CentOS-7

[epel]
name=epel-repo
baseurl=http://yum.caicloud.io/epel/
enabled=1
gpgcheck=0
gpgkey=http://yum.caicloud.io/Centos7Base/RPM-GPG-KEY-CentOS-7

[extras]
name=extras-repo
baseurl=http://yum.caicloud.io/extras/
enabled=1
gpgcheck=0
gpgkey=http://yum.caicloud.io/Centos7Base/RPM-GPG-KEY-CentOS-7

[kubernetes]
name=kubernetes-repo
baseurl=http://yum.caicloud.io/kubernetes/
enabled=1
gpgcheck=0
gpgkey=http://yum.caicloud.io/Centos7Base/RPM-GPG-KEY-CentOS-7

[updates]
name=updates-repo
baseurl=http://yum.caicloud.io/updates/
enabled=1
gpgcheck=0
gpgkey=http://yum.caicloud.io/Centos7Base/RPM-GPG-KEY-CentOS-7

开始Ansible部署

vagrant ssh k8s1
vagrant ssh k8s2
vagrant ssh k8s3
#切换超级用户
su
#使用Ansible安装K8S基础环境
ansible-playbook /vagrant/ansible/k8s-base.yml -c local

这会完成docker、kubelet、kubectl、kubeadm的安装,日志如下:

[WARNING]: provided hosts list is empty, only localhost is available


PLAY [localhost] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [k8s-base : Ensure SSH Directories] ***************************************
skipping: [localhost]

TASK [k8s-base : Copy SSH Key Files] *******************************************
skipping: [localhost] => (item=id_rsa)
skipping: [localhost] => (item=id_rsa.pub)
skipping: [localhost] => (item=config)

TASK [k8s-base : Ensure Authorized SSH Key] ************************************
skipping: [localhost]

TASK [k8s-base : Remove Default Host Entry] ************************************
changed: [localhost]

TASK [k8s-base : Ensure Hosts File] ********************************************
changed: [localhost] => (item={u'ip': u'172.42.42.11', u'name': u'k8s1'})
changed: [localhost] => (item={u'ip': u'172.42.42.12', u'name': u'k8s2'})
changed: [localhost] => (item={u'ip': u'172.42.42.13', u'name': u'k8s3'})

TASK [k8s-base : Ensure Kubernetes APT Key] ************************************
skipping: [localhost]

TASK [k8s-base : Ensure Kubernetes APT Repository] *****************************
skipping: [localhost]

TASK [k8s-base : Ensure Base Kubernetes] ***************************************
skipping: [localhost] => (item=[])

TASK [k8s-base : file] *********************************************************
changed: [localhost]

TASK [k8s-base : Ensure Base Kubernetes] ***************************************
changed: [localhost] => (item=[u'docker', u'kubelet', u'kubeadm', u'kubectl', u'kubernetes-cni'])

TASK [k8s-base : Ensure docker.service] ****************************************
changed: [localhost]

TASK [k8s-base : Ensure kubelet.service] ***************************************
changed: [localhost]

TASK [k8s-base : Ensure firewalld.service] *************************************
changed: [localhost]

TASK [k8s-base : firewalld] ****************************************************
changed: [localhost]

TASK [k8s-base : firewalld] ****************************************************
changed: [localhost]

TASK [k8s-base : firewalld] ****************************************************
changed: [localhost]

TASK [k8s-base : firewalld] ****************************************************
changed: [localhost]

TASK [k8s-base : firewalld] ****************************************************
changed: [localhost]

TASK [k8s-base : command] ******************************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=14   changed=13   unreachable=0    failed=0

由于网络问题,这里已经准备了相应的镜像

docker pull registry.51yixiao.com/google_containers/kube-controller-manager-amd64:v1.4.0
docker pull registry.51yixiao.com/google_containers/kube-proxy-amd64:v1.4.0
docker pull registry.51yixiao.com/google_containers/kube-apiserver-amd64:v1.4.0
docker pull registry.51yixiao.com/google_containers/kube-scheduler-amd64:v1.4.0
docker pull registry.51yixiao.com/google_containers/kube-discovery-amd64:1.0
docker pull registry.51yixiao.com/google_containers/kubedns-amd64:1.7
docker pull registry.51yixiao.com/google_containers/exechealthz-amd64:1.1
docker pull registry.51yixiao.com/google_containers/kube-dnsmasq-amd64:1.3
docker pull registry.51yixiao.com/google_containers/pause-amd64:3.0
docker pull registry.51yixiao.com/google_containers/etcd-amd64:2.2.5

镜像前缀修改

docker tag registry.51yixiao.com/google_containers/kube-controller-manager-amd64:v1.4.0 gcr.io/google_containers/kube-controller-manager-amd64:v1.4.0
docker tag registry.51yixiao.com/google_containers/kube-proxy-amd64:v1.4.0 gcr.io/google_containers/kube-proxy-amd64:v1.4.0
docker tag registry.51yixiao.com/google_containers/kube-apiserver-amd64:v1.4.0 gcr.io/google_containers/kube-apiserver-amd64:v1.4.0
docker tag registry.51yixiao.com/google_containers/kube-scheduler-amd64:v1.4.0 gcr.io/google_containers/kube-scheduler-amd64:v1.4.0
docker tag registry.51yixiao.com/google_containers/kube-discovery-amd64:1.0 gcr.io/google_containers/kube-discovery-amd64:1.0
docker tag registry.51yixiao.com/google_containers/kubedns-amd64:1.7 gcr.io/google_containers/kubedns-amd64:1.7
docker tag registry.51yixiao.com/google_containers/exechealthz-amd64:1.1 gcr.io/google_containers/exechealthz-amd64:1.1
docker tag registry.51yixiao.com/google_containers/kube-dnsmasq-amd64:1.3 gcr.io/google_containers/kube-dnsmasq-amd64:1.3
docker tag registry.51yixiao.com/google_containers/pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0
docker tag registry.51yixiao.com/google_containers/etcd-amd64:2.2.5 gcr.io/google_containers/etcd-amd64:2.2.5

准备POD网络镜像

docker pull registry.51yixiao.com/weaveworks/weave-kube:1.7.2
docker pull registry.51yixiao.com/weaveworks/weave-npc:1.7.2

镜像前缀修改

docker tag registry.51yixiao.com/weaveworks/weave-kube:1.7.2 weaveworks/weave-kube:1.7.2
docker tag registry.51yixiao.com/weaveworks/weave-npc:1.7.2 weaveworks/weave-npc:1.7.2

Master节点

gcr.io/google_containers/kube-controller-manager-amd64:v1.4.0
gcr.io/google_containers/kube-proxy-amd64:v1.4.0
gcr.io/google_containers/kube-apiserver-amd64:v1.4.0
gcr.io/google_containers/kube-scheduler-amd64:v1.4.0
gcr.io/google_containers/kube-discovery-amd64:1.0
gcr.io/google_containers/kubedns-amd64:1.7
gcr.io/google_containers/exechealthz-amd64:1.1
gcr.io/google_containers/kube-dnsmasq-amd64:1.3
gcr.io/google_containers/pause-amd64:3.0
gcr.io/google_containers/etcd-amd64:2.2.5

weaveworks/weave-kube:1.7.2
weaveworks/weave-npc:1.7.2

Node节点

gcr.io/google_containers/kube-proxy-amd64:v1.4.0
gcr.io/google_containers/pause-amd64:3.0
weaveworks/weave-kube:1.7.2
weaveworks/weave-npc:1.7.2

查看镜像数量(Master节点10个镜像 Node节点2个镜像)

docker images|grep gcr.io|wc -l

Setup1.开始部署Master节点

这里以K8S1节点作为Master节点,执行下面的命令,完成Master部署

ansible-playbook /vagrant/ansible/k8s-master.yml -c local

日志信息:

[WARNING]: provided hosts list is empty, only localhost is available


PLAY [localhost] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [k8s-master : Ensure kubeadm initialization] ******************************
changed: [localhost]

TASK [k8s-master : Ensure Network Start Script] ********************************
ok: [localhost] => (item=start-weave)
ok: [localhost] => (item=start-calico)
ok: [localhost] => (item=start-canal)

TASK [k8s-master : Ensure jq package is installed] *****************************
skipping: [localhost] => (item=[])

TASK [k8s-master : Ensure jq package is installed] *****************************
changed: [localhost] => (item=[u'jq'])

TASK [k8s-master : Set --advertise-address flag in kube-apiserver static pod manifest (workaround for https://github.com/kubernetes/kubernetes/issues/34101)] ***
changed: [localhost]

TASK [k8s-master : Set --cluster-cidr flag in kube-proxy daemonset (workaround for https://github.com/kubernetes/kubernetes/issues/34101)] ***
changed: [localhost]

TASK [k8s-master : firewalld] **************************************************
changed: [localhost]

TASK [k8s-master : firewalld] **************************************************
changed: [localhost]

TASK [k8s-master : command] ****************************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=9    changed=7    unreachable=0    failed=0

生成的配置文件列表

# 证书
/etc/kubernetes/pki/apiserver-key.pem
/etc/kubernetes/pki/apiserver.pem
/etc/kubernetes/pki/apiserver-pub.pem
/etc/kubernetes/pki/ca-key.pem
/etc/kubernetes/pki/ca.pem
/etc/kubernetes/pki/ca-pub.pem
/etc/kubernetes/pki/sa-key.pem
/etc/kubernetes/pki/sa-pub.pem
/etc/kubernetes/pki/tokens.csv
# Master配置
/etc/kubernetes/manifests/kube-scheduler.json
/etc/kubernetes/manifests/kube-controller-manager.json
/etc/kubernetes/manifests/kube-apiserver.json
/etc/kubernetes/manifests/etcd.json
# kubelet配置
/etc/kubernetes/admin.conf
/etc/kubernetes/kubelet.conf
#查看启动配置
ps aux|grep kubelet
#输出日志
/usr/bin/kubelet --kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --cluster-dns=100.64.0.10 --cluster-domain=cluster.local --v=4

由于POD网络未配置,kube-dns未启动

[root@k8s1 files]# kubectl get po --namespace=kube-system
NAME                             READY     STATUS              RESTARTS   AGE
etcd-k8s1                        1/1       Running             0          5m
kube-apiserver-k8s1              1/1       Running             3          5m
kube-controller-manager-k8s1     1/1       Running             1          6m
kube-discovery-982812725-uz406   1/1       Running             0          6m
kube-dns-2247936740-s412w        0/3       ContainerCreating   0          6m
kube-proxy-amd64-2228u           1/1       Running             0          2m
kube-proxy-amd64-3um33           1/1       Running             0          6m
kube-proxy-amd64-945s5           1/1       Running             0          2m
kube-scheduler-k8s1              1/1       Running             1          5m
weave-net-i4qk7                  2/2       Running             0          28s
weave-net-k12m3                  2/2       Running             0          28s
weave-net-vh456                  2/2       Running             0          28s

Setup2.添加work节点

k8s2/k8s3设置为工作节点,执行下面的命令

ansible-playbook /vagrant/ansible/k8s-worker.yml -c local
[root@k8s2 ~]# ansible-playbook /vagrant/ansible/k8s-worker.yml -c local
 [WARNING]: provided hosts list is empty, only localhost is available


PLAY [localhost] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [k8s-worker : Join Kubernetes Cluster] ************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0

查看节点状态

[root@k8s1 files]# kubectl get node
NAME      STATUS    AGE
k8s1      Ready     49m
k8s2      Ready     45m
k8s3      Ready     45m

Setup3.部署Pod网络

Kubernetes1.2版本默认使用的是flannel网络,用于解决POD跨主机之间的通信。新版本未提供默认的网络插件,在部署应用集群之前,必须要配置POD网络。

未配置POD网络,默认的KUBE-DNS是无法启动的。这里使用weave网络方案,当然也可以使用Calico 或 Canal。

在Master节点执行下面的命令安装POD网络

[root@k8s1 files]# pwd
/vagrant/ansible/roles/k8s-master/files
[root@k8s1 files]# ./start-weave

查看部署POD

[root@k8s1 files]# kubectl get po --namespace=kube-system
NAME                             READY     STATUS    RESTARTS   AGE
etcd-k8s1                        1/1       Running   0          54m
kube-apiserver-k8s1              1/1       Running   3          55m
kube-controller-manager-k8s1     1/1       Running   1          55m
kube-discovery-982812725-uz406   1/1       Running   0          55m
kube-dns-2247936740-s412w        3/3       Running   1          55m
kube-proxy-amd64-2228u           1/1       Running   0          51m
kube-proxy-amd64-3um33           1/1       Running   0          55m
kube-proxy-amd64-945s5           1/1       Running   0          51m
kube-scheduler-k8s1              1/1       Running   1          54m
weave-net-i4qk7                  2/2       Running   0          49m
weave-net-k12m3                  2/2       Running   0          49m
weave-net-vh456                  2/2       Running   0          49m

至此完成K8S1.4环境的本地部署,希望此文对大家有帮助。