docker安装包
https://download.csdn.net/download/van_peak/10590104

安装docker软件

root@ubuntu-129:/opt/docker# dpkg -i docker-ce_18.06.0_ce_3-0_ubuntu_amd64.deb

查看docker 安装版本

root@ubuntu-129:/opt/docker# docker version
Client:
 Version:           18.06.0-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        0ffa825
 Built:             Wed Jul 18 19:11:02 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.0-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       0ffa825
  Built:            Wed Jul 18 19:09:05 2018
  OS/Arch:          linux/amd64
  Experimental:     false

docker开机启动设置

root@ubuntu-129:/opt/docker# systemctl enable docker
Synchronizing state of docker.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable docker
root@ubuntu-129:/opt/docker# systemctl start docker

2.下载alpine 操作系统镜像

如果本地没有,会从docker远端仓库下载docker镜像

root@ubuntu-129:/opt/docker# docker run -it --rm alpine:latest sh
Unable to find image 'alpine:latest' locally
^C
root@ubuntu-129:/opt/docker# docker run -it --rm alpine:latest sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
050382585609: Pull complete
Digest: sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998
Status: Downloaded newer image for alpine:latest

配置阿里云docker远端仓库地址

vim  /etc/docker/daemon.json

{
"registry-mirror":["https://ozcouvlb.mirror.aliyuncs.com"]
}

使得文件生效,并重启docker:

root@ubuntu-129:~# systemctl  daemon-reload
root@ubuntu-129:~# systemctl  restart docker

以nginx 镜像为例测试新配置的远程仓库下载速度(还是很快的):

root@ubuntu-129:/opt/docker# docker run -it --rm nginx:latest sh
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
f5d23c7fed46: Pull complete
918b255d86e5: Pull complete
8c0120a6f561: Pull complete
Digest: sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b
Status: Downloaded newer image for nginx:latest
root@ubuntu-129:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              e445ab08b2be        2 weeks ago         126MB
alpine              latest              b7b28af77ffe        4 weeks ago         5.58MB
root@ubuntu-129:~# vim  /etc/docker/daemon.json
root@ubuntu-129:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
bf5f906e9868        nginx:latest        "sh"                3 minutes ago       Up 3 minutes        80/tcp              happy_tereshkova
root@ubuntu-129:~#

安装K8S

配置k8s下载源

vim /etc/apt/sources.list.d/kubernetes.list

deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main

但是更新源后报错调试证书错误: 

root@ubuntu-129:~# apt update
命中:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial InRelease
获取:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-updates InRelease [109 kB]
获取:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease [107 kB]
获取:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-security InRelease [109 kB]
获取:5 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease [8,993 B]
错误:5 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease
  由于没有公钥,无法验证下列签名: NO_PUBKEY 6A030B21BA07F4FB
命中:6 http://nginx.org/packages/ubuntu xenial InRelease
正在读取软件包列表... 完成
W: GPG 错误:http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease: 由于没有公钥,无法验证下列签名: NO_PUBKEY 6A030B21BA07F4
E: 仓库 “http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease” 没有数字签名。
N: 无法安全地用该源进行更新,所以默认禁用该源。
N: 参见 apt-secure(8) 手册以了解仓库创建和用户配置方面的细节。

解决方案:

添加认证key

运行如下命令

其中recv-keys 是你之前6A030B21BA07F4FB的后8位

gpg --keyserver keyserver.ubuntu.com --recv-keys BA07F4FB

 导出你的key

gpg --export --armor BA07F4FB | apt-key add - 

 再次更新解决

root@ubuntu-129:~# apt update
获取:1 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease [8,993 B]
忽略:2 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial/main amd64 Packages
获取:2 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial/main amd64 Packages [28.4 kB]
命中:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial InRelease
命中:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-updates InRelease
命中:5 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease
命中:6 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-security InRelease
命中:7 http://nginx.org/packages/ubuntu xenial InRelease
已下载 28.4 kB,耗时 2秒 (11.9 kB/s)
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
有 413 个软件包可以升级。请执行 ‘apt list --upgradable’ 来查看它们。

 

禁止基础设施

 4.2 K8S系统网络 配置

安装K8S

安装k8s

apt update && apt-get install -y kubelet=1.13.1-00 kubernetes-cni=0.6.0-00 kubeadm=1.13.1-00 kubectl=1.13.1-00

 设置开机启动

systemctl enable kubelet && systemctl start kubelet

5.2master 和node基础配置

vim /etc/hostname

master ----> node1--->node2

下面这个是ubutu18配置的地址,

因为ubuntu从17.10开始,已放弃在/etc/network/interfaces里固定IP的配置,而是改成netplan方式了。所以这里不会动

 

network:
  version: 2
  ethernets:
    ens33:   #配置的网卡名称
      dhcp4: false    #dhcp4关闭
      addresses: [192.168.236.177/24]   #设置本机IP及掩码
      gateway4: 192.168.236.2   #设置网关
      nameservers:
          addresses: [192.168.236.2]   #设置DNS
      optional: true

 

启动master节点(ubuntu-128)

root@ubuntu-128:/home/itcast/working# kubeadm init --config ./kubeadm.conf
[init] Using Kubernetes version: v1.13.1
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [ubuntu-128 localhost] and IPs [192.168.13.128 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [ubuntu-128 localhost] and IPs [192.168.13.128 127.0.0.1 ::1]
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [ubuntu-128 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.13.128]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 33.010980 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.13" in namespace kube-system with the configuration for the kubelets in the cluster
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ubuntu-128" as an annotation
[mark-control-plane] Marking the node ubuntu-128 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node ubuntu-128 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.13.128:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:341f71f586d22b71da8bf5fb9dfb5b72fbc3dbc8377a4752bcb5b1a6a04e84b8

按照提醒执行 下面三条指令

root@ubuntu-128:~# mkdir -p $HOME/.kube
root@ubuntu-128:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@ubuntu-128:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

测试k8s master节点情况

root@ubuntu-128:~# systemctl  enable kubelet
root@ubuntu-128:~# systemctl  start kubelet
root@ubuntu-128:~# kubectl get nodes
NAME         STATUS     ROLES    AGE     VERSION
ubuntu-128   NotReady   master   2m26s   v1.13.1
root@ubuntu-128:~# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   {"health": "true"}

 

其他node节点想要进入master节点,需要按照以下方式加入到集群中


To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.13.128:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:341f71f586d22b71da8bf5fb9dfb5b72fbc3dbc8377a4752bcb5b1a6a04e84b8

 

 

 

Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes