Kubernetes 二進制文件安裝方法

Kubernetes 二進制文件安裝方法 === ## 目錄 [TOC] ## 下載二進制文件官網下載: https://github.com/kubernetes/kubernetes/releases 進入所需版本的CHANGELOG頁面，下載Server Binaries 解壓縮 ``` tar zxvf kubernetes-server-linux-amd64.tar.gz ``` 解壓縮完後得到一個kubernetes資料夾，所需的資料在kubernetes/server/bin/目錄中 * Master 需要 kube-apiserver、kube-controller-manager、kube-scheduler、kubectl * Slave 需要 kube-proxy、kubelet **將所需執行檔複製到/usr/bin下面** 還有需要docker自行安裝 ## 安裝etcd(Master部分) ### **(1)安裝** 官網下載: https://github.com/etcd-io/etcd 解壓縮 ``` tar zxvf etcd-v3.3.14-linux-amd64.tar.gz ``` 將etcd和etcdctl移至/usr/bin ``` mv etcd etcdctl /usr/bin ``` 檢查 ``` etcd --version ``` ### **(2)設定服務文件** 在usr/lib/systemd/system目錄下新增一檔案**etcd.service**內容如下 ``` [Unit] Description=Etcd Server [Service] Type=notify TimeoutStartSec=0 Restart=always WorkingDirectory=/var/lib/etcd/ EnvironmentFile=-/etc/etcd/etcd.conf ExecStart=/usr/bin/etcd [Install] WantedBy=multi-user.target ``` 其中WorkingDirectory為ETCD數據庫目錄，需手動新增 ### **(3)設定配置文件** 在/etc底下創建etcd資料夾，並新增文件**etcd.conf**內容如下 ``` ETCD_NAME=ETCD Server ETCD_DATA_DIR="/var/lib/etcd/" ETCD_LISTEN_CLIENT_URLS="http://127.0.0.1:2379" ETCD_ADVERTISE_CLIENT_URLS="http://127.0.0.1:2379" ``` ### **(4)啟動服務** 輸入以下指令設定開機啟動與啟動 ``` systemctl daemon-reload systemctl enable etcd.service systemctl start etcd.service ``` 如啟動後又更改配置，使用以下指令重啟 ``` systemctl restart etcd ``` 檢查 ``` etcdctl cluster-health ``` 成功畫面如下 ![](https://i.imgur.com/tqLSwbQ.png) ## 安裝kubenetes組件(Master部分) ### **(1)kube-apiserver** 在/usr/lib/systemd/system/目錄下新增**kube-apiserver.service**文件，內容如下 ``` [Unit] Description=Kubernetes API Server After=etcd.service Wants=etcd.service [Service] EnvironmentFile=/etc/kubernetes/apiserver ExecStart=/usr/bin/kube-apiserver \ $KUBE_ETCD_SERVERS \ $KUBE_API_ADDRESS \ $KUBE_API_PORT \ $KUBE_SERVICE_ADDRESSES \ $KUBE_ADMISSION_CONTROL \ $KUBE_API_LOG \ $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` EnvironmentFile所設定的是kube-apiserver的配置文件，接下來新增此配置文件**apiserver** (在/etc/kubernetes/) ``` KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--insecure-port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2" KUBE_API_ARGS=" " ``` ### **(2)kube-controller-manager** 在/usr/lib/systemd/system/目錄下新增**kube-controller-manager.service**文件，內容如下 ``` [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service [Service] EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/bin/kube-controller-manager \ $KUBE_MASTER \ $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` 在/etc/kubernetes/下新增配置文件**controller-manager**內容如下 ``` KUBE_MASTER="--master=http://127.0.0.1:8080" KUBE_CONTROLLER_MANAGER_ARGS=" " ``` ### **(3)kube-scheduler** 在/usr/lib/systemd/system/目錄下新增**kube-scheduler.service**文件，內容如下 ``` [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service [Service] User=root EnvironmentFile=-/etc/kubernetes/scheduler ExecStart=/usr/bin/kube-scheduler \ $KUBE_MASTER \ $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` 在/etc/kubernetes/下新增配置文件**scheduler**內容如下 ``` KUBE_MASTER="--master=http://127.0.0.1:8080" KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2" ``` ### **(4)啟動服務** 輸入以下指令設定開機啟動與啟動 ``` systemctl daemon-reload systemctl enable kube-apiserver.service systemctl start kube-apiserver.service systemctl enable kube-controller-manager.service systemctl start kube-controller-manager.service systemctl enable kube-scheduler.service systemctl start kube-scheduler.service ``` 檢查 ``` kubectl get cs ``` ![](https://i.imgur.com/Qo73bko.png) ### **(5)配置ServiceAccount** ``` 生成密鑰的指令 openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048 vim /etc/kubernetes/apiserver 輸入下面這行然後存檔 KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key" vim /etc/kubernetes/controller-manager 輸入下面這行然後存檔 KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key" 重啟服務 systemctl restart kube-controller-manager.service ``` ## 安裝kubenetes組件(Slave部分) ### **(1)kube-proxy** 在/usr/lib/systemd/system/目錄下新增**kube-proxy.service**文件，內容如下 ``` [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/config EnvironmentFile=/etc/kubernetes/proxy ExecStart=/usr/bin/kube-proxy \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_MASTER \ $KUBE_PROXY_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` 在/etc/kubernetes/下新增配置文件**proxy**內容如下 ``` KUBE_PROXY_ARGS="" ``` 在/etc/kubernetes/下新增配置文件**config**內容如下 KUBE_MASTER部分輸入Master的ip ``` KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" KUBE_ALLOW_PRIV="--allow_privileged=false" KUBE_MASTER="--master=http://xxx.xxx.xxx.xxx:8080" ``` 啟動指令 ``` systemctl daemon-reload systemctl start kube-proxy ``` 測試 ``` netstat -lntp | grep kube-proxy ``` ### **(2)kubelet** 在/usr/lib/systemd/system/目錄下新增**kubelet.service**文件，內容如下 ``` [Unit] Description=Kubernetes Kubelet Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet EnvironmentFile=/etc/kubernetes/kubelet ExecStart=/usr/bin/kubelet $KUBELET_ARGS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target ``` 需手動新增剛才設定的WorkingDirectory目錄 **/var/lib/kubelet** 在/etc/kubernetes/下新增配置文件**kubelet**內容如下 --hostname-override設定為此node的ip --api-servers=設定為此master的ip ``` KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_HOSTNAME="--hostname-override=xxx.xxx.xxx.xxx" #your node ip address KUBELET_API_SERVER="--api-servers=http://xxx.xxx.xxx.xxx:8080" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest" KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig" ``` 在/var/lib/kubelet下新增文件**kubeconfig** (向master註冊用) server填master的ip ``` apiVersion: v1 kind: Config users: - name: kubelet clusters: - name: kubernetes cluster: server: http://xxx.xxx.xxx:8080 contexts: - context: cluster: kubernetes user: kubelet name: service-account-context current-context: service-account-context ``` 啟動 ``` systemctl daemon-reload systemctl start kubelet.service ``` 檢查 ``` netstat -tnlp | grep kubelet ```