编译安装ETCD+Kubernetes1.7.14

编译安装ETCD+Kubernetes1.7.14

环境准备

一.安装Go环境

1.获取GO安装包

$ wget https://golangtc.com/static/go/1.9.2/go1.9.2.linux-amd64.tar.gz

2.解压安装包并创建目录

#创建language目录存放go程序--GOROOT $ mkdir /opt/language/ #创建go及go下的三个目录存放go的包，二进制，源代码 --GOPATH $ mkdir -p /go/{src,bin,pkg} $ tar -xvf go1.9.2.linux-amd64.tar.gz -C /opt/language/

3.配置环境变量

$ sudo vim /etc/profile.d/go.sh export GOROOT=/opt/language/go export GOBIN=/opt/go/bin export GOPATH=/opt/go export PATH=$PATH:$GOROOT/bin #加载环境变量文件 $ source /etc/profile.d/go.sh

4.host文件的编写

192.168.0.19 etcd1 192.168.0.20 etcd2 192.168.0.21 etcd3 192.168.0.19 k8s-master-35-19 192.168.0.20 k8s-master-35-20 192.168.0.21 k8s-master-35-21 192.168.0.22 k8s-slave-35-22 192.168.0.23 k8s-slave-35-23 192.168.0.25 k8s-slave-35-25 192.168.0.26 k8s-slave-35-26 192.168.0.27 k8s-slave-35-27 192.168.0.28 k8s-slave-35-28 192.168.0.29 k8s-slave-35-29 192.168.0.30 k8s-slave-35-30

5.配置ansible

本文分发和批量操作均用ansible进行

yum install ansible -y vim /etc/ansible/hosts

二.安装证书生成工具

1.下载cfssl

mkdir -p /opt/local/cfssl cd /opt/local/cfssl wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 mv cfssl_linux-amd64 cfssl cp cfssl /bin/cfssl wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 mv cfssljson_linux-amd64 cfssljson cp cfssljson /bin/cfssljson wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 mv cfssl-certinfo_linux-amd64 cfssl-certinfo cp cfssl-certinfo /bin/cfssl-certinfo chmod +x *

2.生成配置文件并

mkdir /opt/ssl cd /opt/ssl cfssl print-defaults config > config.json cfssl print-defaults csr > csr.json

3.修改配置文件

# config.json 文件 { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "87600h" } } } } # csr.json 文件 { "CN": "kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "ShenZhen", "L": "ShenZhen", "O": "k8s", "OU": "System" } ] }

4.生成秘钥

$ cfssl gencert -initca csr.json | cfssljson -bare ca $ ll 总用量 20 -rw-r--r-- 1 root root 1001 2月 27 10:08 ca.csr -rw------- 1 root root 1675 2月 27 10:08 ca-key.pem -rw-r--r-- 1 root root 1363 2月 27 10:08 ca.pem -rw-r--r-- 1 root root 397 2月 26 17:31 config.json -rw-r--r-- 1 root root 266 2月 27 10:08 csr.json

5.颁发证书

# 创建证书目录 mkdir -p /etc/kubernetes/ssl # 拷贝所有文件到目录下 cp * /etc/kubernetes/ssl

这里要将文件拷贝到所有的k8s 机器上

三.生成etcd秘钥并安装etcd

1.获取etcd

$ mkdir /opt/go/src/github.com $ get clone cd etcd $ ./build $ cd /opt/go/src/github.com/coreos/etcd/bin $ cp etcd /bin $ cp etcdctl /bin

编译好后将etcd二进制文件拷贝到其他3台服务器下

编译好后的二进制文件在当前目录下的bin目录下

3.生成etcd秘钥

cd /opt/ssl vi etcd-csr.json { "CN": "etcd", "hosts": [ "127.0.0.1", "192.168.0.19", "192.168.0.20", "192.168.0.21" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "Beijing", "L": "Beijing", "O": "k8s", "OU": "System" } ] }

cfssl gencert -ca=/opt/ssl/ca.pem \ -ca-key=/opt/ssl/ca-key.pem \ -config=/opt/ssl/config.json \ -profile=kubernetes etcd-csr.json | /opt/cfssl/cfssljson -bare etcd cp etcd* /etc/kubernetes/ssl

4.Unit文件编写

vim /etc/system/system/etcd.service

192.168.0.19

vi /root/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify WorkingDirectory=/var/lib/etcd/ User=root # set GOMAXPROCS to number of processors ExecStart=/bin/etcd \ --name=etcd3 \ --cert-file=/etc/kubernetes/ssl/etcd.pem \ --key-file=/etc/kubernetes/ssl/etcd-key.pem \ --peer-cert-file=/etc/kubernetes/ssl/etcd.pem \ --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \ --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \ --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \ --initial-advertise-peer-urls=\ --listen-peer-urls=\ --listen-client-urls=\ --advertise-client-urls=\ --initial-cluster-token=k8s-etcd-cluster \ --initial-cluster=etcd1=\ --initial-cluster-state=new \ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target cp /root/etcd.service /etc/systemd/system

5.分发etcd unti配置

将文件复制到其他节点后,修改IP为本节点IP

scp etcd.service 192.168.0.20:/etc/systemd/system/ scp etcd.service 192.168.0.21:/etc/systemd/system/

6.配置完成后启动服务

mkdir /var/lib/etcd systemctl daemon-reload systemctl enable etcd systemctl start etcd systemctl status etcd

7.查看etcd集群信息

7.1查看集群信息

etcdctl --endpoints=--cert-file=/etc/kubernetes/ssl/etcd.pem --ca-file=/etc/kubernetes/ssl/ca.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem cluster-health cluster is healt

7.2查看节点信息

etcdctl --endpoints=--cert-file=/etc/kubernetes/ssl/etcd.pem --ca-file=/etc/kubernetes/ssl/ca.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem member list

三、安装Kubernetes

1.下载代码、编译、分发

$ git clone https://github.com/kubernetes/kubernetes.git $ make $ ll /opt/app/k8s/source-k8s/kubernetes/_output/local/bin/linux/amd64 总用量 2.3G -rwxr-xr-x 1 root root 54M 1月 28 11:10 apiextensions-apiserver -rwxr-xr-x 1 root root 112M 1月 28 11:10 cloud-controller-manager -rwxr-xr-x 1 root root 6.5M 1月 28 11:04 conversion-gen -rwxr-xr-x 1 root root 6.5M 1月 28 11:03 deepcopy-gen -rwxr-xr-x 1 root root 6.5M 1月 28 11:04 defaulter-gen -rwxr-xr-x 1 root root 225M 1月 28 11:10 e2e_node.test -rwxr-xr-x 1 root root 154M 1月 28 11:10 e2e.test -rwxr-xr-x 1 root root 65M 1月 28 11:10 gendocs -rwxr-xr-x 1 root root 167M 1月 28 11:10 genkubedocs -rwxr-xr-x 1 root root 174M 1月 28 11:10 genman -rwxr-xr-x 1 root root 5.0M 1月 28 11:10 genswaggertypedocs -rwxr-xr-x 1 root root 65M 1月 28 11:10 genyaml -rwxr-xr-x 1 root root 9.7M 1月 28 11:10 ginkgo -rwxr-xr-x 1 root root 38M 1月 28 11:10 gke-certificates-controller -rwxr-xr-x 1 root root 2.6M 1月 28 11:03 go-bindata -rwxr-xr-x 1 root root 240M 1月 28 11:09 hyperkube -rwxr-xr-x 1 root root 144M 1月 28 11:10 kubeadm -rwxr-xr-x 1 root root 53M 1月 28 11:10 kube-aggregator -rwxr-xr-x 1 root root 200M 1月 28 11:10 kube-apiserver -rwxr-xr-x 1 root root 131M 1月 28 11:09 kube-controller-manager -rwxr-xr-x 1 root root 65M 1月 28 11:10 kubectl -rwxr-xr-x 1 root root 141M 1月 28 11:10 kubelet -rwxr-xr-x 1 root root 142M 1月 28 11:10 kubemark -rwxr-xr-x 1 root root 61M 1月 28 11:09 kube-proxy -rwxr-xr-x 1 root root 59M 1月 28 11:10 kube-scheduler -rwxr-xr-x 1 root root 6.0M 1月 28 11:10 linkcheck -rwxr-xr-x 1 root root 2.1M 1月 28 11:10 mounter -rwxr-xr-x 1 root root 12M 1月 28 11:04 openapi-gen -rwxr-xr-x 1 root root 2.6M 1月 28 11:03 teststale

拷贝kubectl、kubelet、kube-apiserver、kube-controller-manager、kube-scheduler、kube-proxy所有主节点的/bin目录下,所有文件要有执行权限

拷贝kubectl、kube-proxy到所有slave节点的/bin目录下,所有文件要有执行权限

将整个目录拷贝到其他节点

2.安装docker并启动

2.1安装docker

yum-config-manager yum -y install yum-util yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum install -y docker-ce

2.2磁盘分区

vim disk.sh #添加主分区 disk_partition () { parted -s /dev/vdc mklabel msdos parted -s /dev/vdc mkpart primary 0 100% } #添加逻辑卷 disk_lvm () { pvcreate /dev/vdc1 vgcreate docker /dev/vdc1 lvcreate --wipesignatures y -n thinpool docker -l 95%VG lvcreate --wipesignatures y -n thinpoolmeta docker -l 1%VG lvconvert -y --zero n -c 512K --thinpool docker/thinpool --poolmetadata docker/thinpoolmeta echo -e 'activation {\nthin_pool_autoextend_threshold=90\nthin_pool_autoextend_percent=20\n}' > /etc/lvm/profile/docker-thinpool.profile lvchange --metadataprofile docker-thinpool docker/thinpool } disk_partition disk_lvm bash disk.sh

2.3修改docker配置文件

vim /etc/docker/daemon.json { "hosts": ["unix:///var/run/docker.sock"], "storage-driver": "devicemapper", "storage-opts": [ "dm.basesize=10G", "dm.thinpooldev=/dev/mapper/docker-thinpool", "dm.use_deferred_removal=true", "dm.use_deferred_deletion=true" ], "log-driver": "json-file", "log-opts": { "max-size": "20m", "max-file": "10" }, "live-restore": false }

2.4启动docker

systemctl enable docker systemctl start docker

3. 建立admin认证

mkdir /opt/ssl cd /opt/ssl vim admin-csr.json { "CN": "admin", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Beijing", "ST": "Beijing", "O": "system.masters", "OU": "System" } ] }

4.生成证书

$ cfssl gencert -ca=/opt/ssl/ca.pem \ -ca-key=/opt/ssl/ca-key.pem \ -config=/opt/ssl/config.json \ -profile=kubernetes admin-csr.json | cfssljson -bare admin

$ ll admin* -rwxr-xr-x 1 root root 1009 3月 8 14:36 admin.csr -rwxr-xr-x 1 root root 288 3月 8 14:32 admin-csr.json -rwx--x--x 1 root root 1675 3月 8 14:36 admin-key.pem -rwxr-xr-x 1 root root 1403 3月 8 14:36 admin.pem

5.配置 kubectl kubeconfig 文件

kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=https://192.168.0.19:6443 # 配置 客户端认证 kubectl config set-credentials admin \ --client-certificate=/etc/kubernetes/ssl/admin.pem \ --embed-certs=true \ --client-key=/etc/kubernetes/ssl/admin-key.pem kubectl config set-context kubernetes \ --cluster=kubernetes \ --user=admin kubectl config use-context kubernetes cp /root/.kube/config /etc/kubernetes/kubelet.kubeconfig # 生成证书后,证书在/root/.kube/config # 将上面配置的 kubeconfig 文件分发到其他机器 # 其他服务器创建目录 mkdir /root/.kube scp /root/.kube/config 192.168.0.20:/root/.kube/ scp /root/.kube/config 192.168.0.21:/root/.kube/ 分发文件后将文件的中IP地址修改为本机IP

四、创建kubernetes证书

1.创建json文件

vim kubernetes-csr.json { "CN": "kuberenetes", "hosts": [ "127.0.0.1", "192.168.0.19", "192.168.0.20", "192.168.0.21", "10.254.0.1", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ] "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Beijing", "ST": "Beijing", "O": "k8s", "OU": "System" } ] }

这里 hosts 字段中 三个 IP 分别为 127.0.0.1 本机10.39.13.21,10.39.13.22,10.39.13.23为 Master 的IP， 10.254.0.1 为 kubernetes SVC 的 IP， 一般是 部署网络的第一个IP , 如: 10.254.0.1 ， 在启动完成后，我们使用 kubectl get svc ， 就可以查看到

$ cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem \ -ca-key=/etc/kubernetes/ssl/ca-key.pem \ -config=/etc/kubernetes/ssl/config.json 、 -profile=kubernetes kubernetes-csr.json |cfssljson -bare kubernetes

$ll kubernetes* -rwxr-xr-x 1 root root 1261 3月 9 10:17 kubernetes.csr -rwxr-xr-x 1 root root 561 3月 9 10:16 kubernetes-csr.json -rwx--x--x 1 root root 1675 3月 9 10:17 kubernetes-key.pem -rwxr-xr-x 1 root root 1631 3月 9 10:17 kubernetes.pem

2.编写kube-apiserver.service unti文件

10.39.13.21

mkdir /root/service/ vi /root/service/kube-apiserver.service [Unit] Description=kubernetes API Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] User=root ExecStart=/bin/kube-apiserver \ --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \ --advertise-address=192.168.0.19 \ --allow-privileged=true \ --apiserver-count=3 \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/var/log/audit.log \ --authorization-mode=AlwaysAllow \ --bind-address=192.168.0.19 \ --client-ca-file=/etc/kubernetes/ssl/ca.pem \ --enable-swagger-ui=true \ --etcd-cafile=/etc/kubernetes/ssl/ca.pem \ --etcd-certfile=/etc/kubernetes/ssl/etcd.pem \ --etcd-keyfile=/etc/kubernetes/ssl/etcd-key.pem \ --etcd-servers=\ --event-ttl=1h \ --kubelet-\ --insecure-bind-address=192.168.0.19 \ --runtime-config=rbac.authorization.k8s.io/v1alpha1 \ --service-account-key-file=/etc/kubernetes/ssl/ca.pem \ --service-cluster-ip-range=10.254.0.0/16 \ --service-node-port-range=30000-32000 \ --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \ --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \ --experimental-bootstrap-token-auth \ --token-auth-file=/etc/kubernetes/token.csv \ --v=2 Restart=on-failure RestartSec=5 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target cp /root/service/kube-apiserver.service /etc/systemd/system/

3.重启服务

systemctl daemon-reload systemctl enable kube-apiserver systemctl start kube-apiserver systemctl status kube-apiserver

4.生成token

# 生成 token [root@k8s-master-1 ssl]# head -c 16 /dev/urandom | od -An -t x | tr -d ' ' d51cd04061186edab41cf11abba63d5f # 创建 token.csv 文件 /opt/ssl vi token.csv d51cd04061186edab41cf11abba63d5f,kubelet-bootstrap,10001,"system:kubelet-bootstrap" # 拷贝 cp token.csv /etc/kubernetes/ssl/

3.编写 kube-controller-manager.service Unit文件

192.168.0.19

[Unit] vi /root/service/kube-controller-manager.service Description=kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=//bin/kube-controller-manager \ --address=127.0.0.1 \ --master=\ --allocate-node-cidrs=true \ --service-cluster-ip-range=10.254.0.0/16 \ --cluster-cidr=10.233.0.0/16 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \ --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \ --root-ca-file=/etc/kubernetes/ssl/ca.pem \ --leader-elect=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target cp /root/service/kube-controller-manager.service /etc/systemd/system/kube-controller-manager.service

启动服务

systemctl daemon-reload systemctl enable kube-controller-manager systemctl start kube-controller-manager systemctl status kube-controller-manager

4.编写 kube-scheduler.service

192.168.0.19

vi /root/service/kube-scheduler.service [Unit] Description=kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/bin/kube-scheduler \ --address=127.0.0.1 \ --master=\ --leader-elect=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target cp /root/service/kube-scheduler.service /etc/systemd/system/

启动服务

systemctl daemon-reload systemctl enable scheduler systemctl start scheduler systemctl status scheduler

5.配置kubelet

kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=\ --kubeconfig=bootstrap.kubeconfig # 配置客户端认证 kubectl config set-credentials kubelet-bootstrap \ --token=11849e4f70904706ab3e631e70e6af0d \ --kubeconfig=bootstrap.kubeconfig # 配置关联 kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig # 配置默认关联 kubectl config use-context default --kubeconfig=bootstrap.kubeconfig # 拷贝生成的 bootstrap.kubeconfig 文件 mv bootstrap.kubeconfig /etc/kubernetes/

编辑kubelet.service

vi /root/service/kubelet.service [Unit] Description=kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStart=/bin/kubelet \ --address=192.168.0.19 \ --hostname-override=k8s-master-35-19 \ --pod-infra-container-image=jicki/pause-amd64:3.0 \ --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ --require-kubeconfig \ --cert-dir=/etc/kubernetes/ssl \ --cluster_dns=10.254.0.2 \ --cluster_domain=cluster.local. \ --hairpin-mode promiscuous-bridge \ --allow-privileged=true \ --serialize-image-pulls=false \ --logtostderr=true \ --network-plugin=cni \ --v=2 Restart=on-failure RestartSec=5 WantedBy=multi-user.target cp /rot/service/kubelet.service /etc/systemd

启动kubelet

mkdir /var/lib/kubelet systemctl daemon-reload systemctl enable kubelet systemctl start kubelet systemctl status kubelet

6.部署kube-proxy

建立证书

vi /opt/ssl { "CN": "system:kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "Beijing", "L": "Beijing", "O": "k8s", "OU": "System" } ] }

生成证书

cfssl gencert -ca=/opt/ssl/ca.pem \ -ca-key=/opt/ssl/ca-key.pem \ -config=/opt/ssl/config.json \ -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy cp kube-proxy* /etc/kubernetes/ssl/

创建kube-proxy kubeconfig文件

# 配置集群 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=\ --kubeconfig=kube-proxy.kubeconfig # 配置客户端认证 kubectl config set-credentials kube-proxy \ --client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \ --client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig # 配置关联 kubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig # 配置默认关联 kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig # 拷贝到目录 mv kube-proxy.kubeconfig /etc/kubernetes/

创建kube-proxy unti文件

vi /root/service/kube-proxy.service [Unit] Description=kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/bin/kube-proxy \ --bind-address=192.168.0.19 \ --hostname-override=k8s-master-35-19 \ --cluster-cidr=10.254.0.0/16 \ --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target cp /root/service/kube-proxy /etc/systemd/system

启动服务

systemctl daemon-reload systemctl enable kube-proxy systemctl start kube-proxy systemctl status kube-proxy

添加其它主节点

拷贝service目录，修改unti文件中对应的IP地址为对应节点的IP，并创建好对应的目录 scp -r /root/service 192.168.0.20:/root scp -r /root/service 192.168.0.21:/root 拷贝kubernetes目录，修改*.kubeconfig文件中对应的IP地址 scp -r /etc/kubernetes 192.168.0.20:/etc/ scp -r /etc/kubernetes 192.168.0.20:/etc/

添加Node节点(此处指写一个节点的配置)

修改hosts文件

vi /etc/hosts 192.168.0.19 kubernetes.default.svc.cluster.local 192.168.0.20 kubernetes.default.svc.cluster.local 192.168.0.21 kubernetes.default.svc.cluster.local

在修改配置文件

#拷贝kubelet.service、kube-proxy.service的配置文件 scp /root/service/kubelet.service /root/service/kube-proxy.service 192.168.0.22:/root #修改对应的IP与主机名 cp /root/kubelet.service /etc/systemd/system cp /root/kube-proxy.service /etc/systemd/system #建立目录 mkdir /var/lib/kubelet mkdir /var/lib/kube-proxy #拷贝kubernetes目录到node节点中 scp -r /etc/kubernetes 192.168.0.22:/etc/ #将*.kubeconfig中的IP替换为kubernetes.default.svc.cluster.local

配置kube-dns

所需镜像

jicki/k8s-dns-sidecar-amd64:1.14.4 jicki/k8s-dns-kube-dns-amd64:1.14.4 jicki/k8s-dns-dnsmasq-nanny-amd64:1.14.4

mkdir /root/kube-dns #拷贝源码文件中的kube-dns文件到kube-dns目录下 cd /opt/kubernetes/cluster/addons/dns cp kubedns-sa.yaml kubedns-cm.yaml /root/kube-dns cp kubedns-controller.yaml.base /root/kube-dns/kubedns-controller.yaml cp kubedns-svc.yaml.base /root/kube-dns/kubedns-svc.yaml

修改kubedns-controller.yaml文件

cd /root/kube-dns vi kubedns-controller.yaml # Copyright 2016 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml # in sync with this file. # __MACHINE_GENERATED_WARNING__ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: # replicas: not specified here: # 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. strategy: rollingUpdate: maxSurge: 10% maxUnavailable: 0 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: tolerations: - key: "CriticalAddonsOnly" operator: "Exists" volumes: - name: kube-dns-config configMap: name: kube-dns optional: true containers: - name: kubedns image: reg.enncloud.cn/enncloud/k8s-dns-kube-dns-amd64:1.14.4 #修改镜像 resources: # TODO: Set memory limits when we've profiled the container for large # clusters, then set request = limit to keep this container in # guaranteed class. Currently, this container falls into the # "burstable" category so the kubelet doesn't backoff from restarting it. limits: memory: 170Mi requests: cpu: 100m memory: 70Mi livenessProbe: httpGet: path: /healthcheck/kubedns port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /readiness port: 8081 scheme: HTTP # we poll on pod startup for the Kubernetes master service and # only setup the /readiness HTTP server once that's available. initialDelaySeconds: 3 timeoutSeconds: 5 args: - --domain=cluster.local #需要改__PILLAR__DNS__DOMAIN__为cluster.local - --dns-port=10053 - --config-dir=/kube-dns-config - --v=2 env: - name: PROMETHEUS_PORT value: "10055" ports: - containerPort: 10053 name: dns-local protocol: UDP - containerPort: 10053 name: dns-tcp-local protocol: TCP - containerPort: 10055 name: metrics protocol: TCP volumeMounts: - name: kube-dns-config mountPath: /kube-dns-config - name: dnsmasq image: reg.enncloud.cn/enncloud/k8s-dns-dnsmasq-nanny-amd64:1.14.4 #修改镜像 livenessProbe: httpGet: path: /healthcheck/dnsmasq port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - -v=2 - -logtostderr - -configDir=/etc/k8s/dns/dnsmasq-nanny - -restartDnsmasq=true - -- - -k - --cache-size=1000 - --log-facility=- - --server=/cluster.local/127.0.0.1#10053 #需要改__PILLAR__DNS__DOMAIN__为cluster.local - --server=/in-addr.arpa/127.0.0.1#10053 - --server=/ip6.arpa/127.0.0.1#10053 ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP # see: for details resources: requests: cpu: 150m memory: 20Mi volumeMounts: - name: kube-dns-config mountPath: /etc/k8s/dns/dnsmasq-nanny - name: sidecar image: reg.enncloud.cn/enncloud/k8s-dns-sidecar-amd64:1.14.4 #修改镜像 livenessProbe: httpGet: path: /metrics port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - --v=2 - --logtostderr - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A #需要改__PILLAR__DNS__DOMAIN__为cluster.local - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A #需要改__PILLAR__DNS__DOMAIN__为cluster.local ports: - containerPort: 10054 name: metrics protocol: TCP resources: requests: memory: 20Mi cpu: 10m dnsPolicy: Default # Don't use cluster DNS.

修改

vi kubedns-svc.yaml # Copyright 2016 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # __MACHINE_GENERATED_WARNING__ apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "KubeDNS" spec: selector: k8s-app: kube-dns clusterIP: 10.254.0.2 #__PILLAR__DNS__SERVER__该为10.254.0.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP

创建kube-dns服务

kubectl create -f .

配置calico组建

获取镜像

jicki/node:v1.3.0 jicki/cni:v1.9.1 jicki/kube-policy-controller:v0.6.0

获取文件并修改文件

wget http://docs.projectcalico.org/v2.3/getting-started/kubernetes/installation/hosted/calico.yaml vi calico.yaml # 注意修改如下选项: etcd_endpoints: "https://192.168.0.19:2379,https://192.168.0.20:2379,https://192.168.0.21:2379" etcd_ca: "/calico-secrets/etcd-ca" etcd_cert: "/calico-secrets/etcd-cert" etcd_key: "/calico-secrets/etcd-key" # 这里面要写入 base64 的信息 # 分别执行括号内的命令，填写到 etcd-key , etcd-cert, etcd-ca 中，不用括号。 data: etcd-key: (cat /etc/kubernetes/ssl/etcd-key.pem | base64 | tr -d '\n') etcd-cert: (cat /etc/kubernetes/ssl/etcd.pem | base64 | tr -d '\n') etcd-ca: (cat /etc/kubernetes/ssl/ca.pem | base64 | tr -d '\n') - name: CALICO_IPV4POOL_CIDR value: "10.233.0.0/16"

创建calico

kubectl create -f calico.yaml

测试集群

# 创建一个 nginx deplyment vi nginx.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-dm spec: replicas: 2 template: metadata: labels: name: nginx spec: containers: - name: nginx image: nginx:alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx kubectl create nginx.yaml

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。