1. 技术文章
  2. kubernetes二进制离线安装(含docker)

kubernetes二进制离线安装(含docker)

倾然丶 夕夏残阳落幕 提交于 2019-11-27 14:04:14

环境:CentOS7.4

服务器环境是外网隔离状态,所需安装包需要本地下载,远程拷贝至服务器。下载好需要的包后,全部安装过程均为离线安装。

一、安装docker

下载二进制安装包https://download.docker.com/linux/static/stable/x86_64/
1、解压

$ tar xzvf docker-18.06.1-ce.tgz

2、拷贝至/usr/bin

$ sudo cp docker/* /usr/bin

3、启动docker daemon

$ sudo dockerd &

4、制作 docker.service 和 docker.socket 文件(或下载)
https://github.com/moby/moby/tree/master/contrib/init/systemd
其中的docker.service.rpm 文件修改名字为 docker.service;docker.socket 则不需要改动,直接复制粘贴新建一个 docker.socket 文件即可。
5、将上述步骤得到的 docker.service 和 docker.socket 文件一起放到 /etc/systemd/system 目录下

$ sudo cp docker.socket /etc/systemd/system
$ sudo cp docker.service /etc/systemd/system

6、重启 systemctl 服务

# 先重启 systemctl 守护进程
$ sudo systemctl daemon-reload
# 再开启 docker 服务
$ sudo systemctl start docker

# * 如果上一行代码显示失败,那么重启电脑再重试上面两行命令 *
$ sudo reboot

7、如果需要docker服务开机自启动

$ sudo systemctl enable docker

二、安装k8s

这一部分引用《kubernetes 二进制文件离线手动安装搭建》作者:HerbGuo 

链接:https://www.jianshu.com/p/8067912667f1


1. 准备阶段
1.1 组建规划

主机名    地址    角色    组件
k8s-master    172.24.61.96    k8s-master    etcd、kube-apiserver、kube-controller-manager、kube-scheduler
k8s-node-1    192.168.0.97    k8s-node    kubelet、docker、kube_proxy
k8s-node-2    192.168.0.98    k8s-node    kubelet、docker、kube_proxy

1.2 软件下载

(1) Kubernetes二进制文件下载
https://github.com/kubernetes/kubernetes/releases
从上边的网址中选择相应的版本,从 CHANGELOG页面 下载二进制文件,本文以1.12.1版本为例,如图所示为其Linux Server版本:
(2) etcd数据库下载
https://github.com/coreos/etcd/releases/
这里选用的是最新版本v3.3.10。

2.Master安装

2.1 etcd数据库安装

(1)安装
将下载的etcd文件包进行解压,解压后将etcd、etcdctl二进制文件复制到/usr/bin目录。

(2)设置服务文件etcd.service
在/usr/lib/systemd/system/目录下创建文件etcd.service,内容为:

[Unit]
Description=Etcd Server

[Service]
Type=notify
TimeoutStartSec=0
Restart=always
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd 

[Install]
WantedBy=multi-user.target

其中WorkingDirectory为etcd数据库目录,需要在etcd安装前创建
(3)创建配置文件/etc/etcd/etcd.conf

ETCD_NAME=ETCD Server
ETCD_DATA_DIR="/var/lib/etcd/"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://172.24.61.96:2379"


(4)配置开机启动并运行

$ systemctl daemon-reload
$ systemctl enable etcd.service
$ systemctl start etcd.service


(5)检验etcd是否安装成功

$ etcdctl cluster-health


2.2 kube-apiserver、kube-controller-manager、kube-scheduler服务安装

2.2.1 解压k8s安装包并复制以下二进制文件到/usr/bin目录
将kubernetes/server/bin/目录下的kube-apiserver、kube-controller-manager、kube-scheduler 三个可执行文件复制到/usr/bin目录

2.2.2 组件安装及配置

2.2.2.1 kube-apiserver
(1)新建并编辑kube-apiserver.service 文件
路径:/usr/lib/systemd/system/kube-apiserver.service,内容为:

[Unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service

[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver  \
        $KUBE_ETCD_SERVERS \
        $KUBE_API_ADDRESS \
        $KUBE_API_PORT \
        $KUBE_SERVICE_ADDRESSES \
        $KUBE_ADMISSION_CONTROL \
        $KUBE_API_LOG \
        $KUBE_API_ARGS 
Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

其中EnvironmentFile为kube-apiserver的配置文件
(2)配置文件
apiserver配置文件路径为:/etc/kubernetes/apiserver,内容为:

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--insecure-port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://172.24.61.96:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernets/apiserver --v=2"
KUBE_API_ARGS=" "

2.2.2.2 kube-controller-manager
(1)新建并编辑kube-controller-manager.service 文件
路径:/usr/lib/systemd/system/kube-controller-manager.service,内容为:

[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service 
Requires=kube-apiserver.service

[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \
        $KUBE_MASTER \
        $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

(2)配置文件
apiserver配置文件路径为:/etc/kubernetes/controller-manager,内容为:

KUBE_MASTER="--master=http://172.24.61.96:8080"
KUBE_CONTROLLER_MANAGER_ARGS=" "

2.2.2.3 kube-scheduler
(1)新建并编辑kube-scheduler 文件
路径:/usr/lib/systemd/system/kube-scheduler.service,内容为:

[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service 
Requires=kube-apiserver.service

[Service]
User=root
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \
        $KUBE_MASTER \
        $KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

(2)配置文件
kube-scheduler配置文件路径为:/etc/kubernetes/scheduler,内容为:

KUBE_MASTER="--master=http://172.24.61.96:8080"
KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes/scheduler --v=2"

2.2.3 将各组件加入开机自启

sudo systemctl daemon-reload 
sudo systemctl enable kube-apiserver.service
sudo systemctl start kube-apiserver.service
sudo systemctl enable kube-controller-manager.service
sudo systemctl start kube-controller-manager.service
sudo systemctl enable kube-scheduler.service
sudo systemctl start kube-scheduler.service

2.2.3设置环境变量

(1)首先用命令find / -name kubectl   查找kubectl所在的位置,或者在解压后的目录/kubernetes/server/bin下

(2)将这个路径添加到系统的path,编辑 vim /etc/profile。

     在profile中添加:

export PATH=" /data1/ai_paas/zhanghao/k8s.12/kubernetes/server/bin/:$PATH"


(3)使修改生效

source /etc/profile

2.2.4 安装完后检验正确

运行命令

 kubectl get cs


各服务均为healthy即可

3. Node安装

Node节点上安装组件有:

docker
kube-proxy
kubelet

3.1 docker安装

Docker的版本需要与kubelete版本相对应,最好都使用最新的版本。

3.2 拷贝 kubelet、kube-proxy


在之前解压的 kubernetes 文件夹中拷贝二进制文件

$ cp /root/kubernetes/server/bin/kubelet  /usr/bin/
$ cp /root/kubernetes/server/bin/kube-proxy  /usr/bin/

3.3 kube-proxy安装

$ vi /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
 
[Service]
EnvironmentFile=/etc/kubernetes/config
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
            $KUBE_LOGTOSTDERR \
            $KUBE_LOG_LEVEL \
            $KUBE_MASTER \
            $KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target

创建配置目录,并添加配置文件

# mkdir -p /etc/kubernetes
# vi /etc/kubernetes/proxy
KUBE_PROXY_ARGS=""
# vi /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_MASTER="--master=http://172.24.61.96:8080"

启动服务

# systemctl daemon-reload
# systemctl start kube-proxy
# netstat -lntp | grep kube-proxy

3.4 kubelet安装

# vi /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
 
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
KillMode=process
 
[Install]
WantedBy=multi-user.target
# mkdir -p /var/lib/kubelet
# vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=172.24.61.97"   #your node ip address
KUBELET_API_SERVER="--api-servers=http://172.24.61.96:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=reg.docker.tb/harbor/pod-infrastructure:latest"
KUBELET_ARGS="--enable-server=true --enable-debugging-handlers=true --fail-swap-on=false --kubeconfig=/var/lib/kubelet/kubeconfig"

其中 “--hostname-override=172.24.61.97” 为node主机IP地址。

创建配置文件 vi /var/lib/kubelet/kubeconfig 向master进行注册

apiVersion: v1
kind: Config
users:
- name: kubelet
clusters:
- name: kubernetes
  cluster:
    server: http://172.24.61.96:8080
contexts:
- context:
    cluster: kubernetes
    user: kubelet
  name: service-account-context
current-context: service-account-context

启动kubelet并进行验证。

# systemctl daemon-reload
# systemctl start kubelet.service
# netstat -tnlp | grep kubelet

其他节点同样操作。

3.5 验证成功及问题解决


一、在master上执行命令kubectl get node,返回如下结果:

创建简单得nginx_test.yaml文件:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: nginx
  namespace: default
spec:
  containers:
  - image: docker.io/istio/nginx
    imagePullPolicy: IfNotPresent
    name: nginx-deployment-6499c587d8
  restartPolicy: Always


执行命令,报错如下:

# kubectl apply -f nginx_test.yaml
Error from server (ServerTimeout): error when creating "test.yaml": No API token found for service account "default", retry 
after the token is automatically created and added to the service account

原因是service account没有设置API token引起的问题,解决方法有两种:

1.禁用ServiceAccount
编辑/etc/kubenetes/apiserver去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:

#vi /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"

#systemctl restart kube-apiserver.service

之后重新创建pod成功。2.配置ServiceAccount
首先生成密钥,然后分别编辑apiserver和controller-manager配置文件并重启组件。

# openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
# vi /etc/kubenetes/apiserver 
KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/serviceaccount.key"
# vi /etc/kubernetes/controller-manager 
KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/serviceaccount.key"

#systemctl restart kube-controller-manager.service


之后重新创建pod成功。

二、遇到启动kubelet服务一直失败的问题,用systemctl status kubelet.service 查看日志为


#systemctl status kubelet.service
● kubelet.service - Kubernetes API Server
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Thu 2018-08-09 15:55:54 CST; 7min ago
     Docs: https://kubernetes.io/doc
  Process: 5718 ExecStart=/usr/bin/kubelet --kubeconfig=/etc/kubernetes/kubeconfig.yaml --logtostderr=false --log-dir=/var/log/kubernetes --v=2 (code=exited, status=255)
 Main PID: 5718 (code=exited, status=255)
 
Aug 09 15:55:53 test.novalocal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Aug 09 15:55:53 test.novalocal systemd[1]: Unit kubelet.service entered failed state.
Aug 09 15:55:53 test.novalocal systemd[1]: kubelet.service failed.
Aug 09 15:55:54 test.novalocal systemd[1]: kubelet.service holdoff time over, scheduling restart.
Aug 09 15:55:54 test.novalocal systemd[1]: start request repeated too quickly for kubelet.service
Aug 09 15:55:54 test.novalocal systemd[1]: Failed to start Kubernetes API Server.
Aug 09 15:55:54 test.novalocal systemd[1]: Unit kubelet.service entered failed state.
Aug 09 15:55:54 test.novalocal systemd[1]: kubelet.service failed

按网上指导的办法关掉swapoff -a

然后查看journalctl -xefu kubelet,发现真实原因是docker版本太老,apiservice太老导致,故更新docker版本

三、编写好yaml文件,启动deployment时节点创建容器失败,查看日志发现是缺少两个镜像:k8s.gcr.io/coredns_1.1.3 && k8s.gcr.io/pause_3.1,此为google镜像,docker.io提供了国内下载,在可联网的机器上下载如下

docker pull mirrorgooglecontainers/pause:3.1
docker pull coredns/coredns:1.1.3

版本信息需要根据实际情况进行相应的修改。通过docker tag命令来修改镜像的标签:

docker tag docker.io/mirrorgooglecontainers/pause:3.1  k8s.gcr.io/pause:3.1
docker tag docker.io/coredns/coredns:1.1.3  k8s.gcr.io/coredns:1.1.3

然后docker save -o xxx.tar xxx保存为tar文件,上传至节点服务器再导入

docker load -i xxx.tar

然后kubectl create -f xxx.yaml即可成功启动container,pod,deployment

标签
Kubernetes
Docker
log文件
lib文件
二进制代码
etcd
systemd
sudo
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!