手动搭建k8s-1.16.6高可用集群之部署worker节点-部署docker组件
docker 运行和管理容器,kubelet 通过 Container Runtime Interface (CRI) 与它进行交互。注意:如果没有特殊指明,本文档的所有操作均在 k8s-01上执行,然后远程分发文件和执行命令;需要先安装 flannel;一、下载和分发docker二进制文件cd /opt/k8s/workwget https://download.dock...
·
docker 运行和管理容器,kubelet 通过 Container Runtime Interface (CRI) 与它进行交互。
注意:
-
如果没有特殊指明,本文档的所有操作均在 k8s-01上执行,然后远程分发文件和执行命令;
-
需要先安装 flannel;
一、下载和分发docker二进制文件
cd /opt/k8s/work
wget https://download.docker.com/linux/static/stable/x86_64/docker-18.09.6.tgz
tar -zxf docker-18.09.6.tgz
分发二进制文件到所有 worker 节点:
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp docker/* root@${node_ip}:/opt/k8s/bin/
ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
done
EOF
二、创建和分发 systemd unit 文件
cd /opt/k8s/work
cat > docker.service <<"EOF"
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
WorkingDirectory=##DOCKER_DIR##
Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin"
EnvironmentFile=-/run/flannel/docker
ExecStart=/opt/k8s/bin/dockerd $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
- EOF 前后有双引号,这样 bash 不会替换文档中的变量,如
$DOCKER_NETWORK_OPTIONS(这些环境变量是 systemd 负责替换的。); - dockerd 运行时会调用其它 docker 命令,如 docker-proxy,所以需要将 docker 命令所在的目录加到 PATH 环境变量中;
- flanneld 启动时将网络配置写入
/run/flannel/docker文件中,dockerd 启动前读取该文件中的环境变量DOCKER_NETWORK_OPTIONS,然后设置 docker0 网桥网段; - 如果指定了多个
EnvironmentFile选项,则必须将/run/flannel/docker放在最后(确保 docker0 使用 flanneld 生成的 bip 参数); - docker 需要以 root 用户运行;
- docker 从 1.13 版本开始,可能将 iptables FORWARD chain的默认策略设置为DROP,从而导致 ping 其它 Node 上的 Pod IP 失败,遇到这种情况时,需要手动设置策略为
ACCEPT:
$ sudo iptables -P FORWARD ACCEPT
并且把以下命令写入 /etc/rc.local 文件中,防止节点重启iptables FORWARD chain的默认策略又还原为DROP
/sbin/iptables -P FORWARD ACCEPT
分发 systemd unit 文件到所有 worker 主机上:
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
sed -i -e "s|##DOCKER_DIR##|${DOCKER_DIR}|" docker.service
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp docker.service root@${node_ip}:/etc/systemd/system/
done
EOF
三、配置和分发 docker 配置文件
使用国内的镜像仓库服务器以加快 pull image 的速度,同时增加下载的并发数 (需要重启 dockerd 生效):
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
cat > docker-daemon.json <<EOF
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://hub-mirror.c.163.com"],
"insecure-registries": ["docker02:35000"],
"max-concurrent-downloads": 20,
"live-restore": true,
"max-concurrent-uploads": 10,
"debug": true,
"data-root": "${DOCKER_DIR}/data",
"exec-root": "${DOCKER_DIR}/exec",
"log-opts": {
"max-size": "100m",
"max-file": "5"
}
}
EOF
分发docker配置文件到所有 worker 节点:
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "mkdir -p /etc/docker/ ${DOCKER_DIR}/{data,exec}"
scp docker-daemon.json root@${node_ip}:/etc/docker/daemon.json
done
EOF
四、启动 docker 服务
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker"
done
EOF
五、查看服务运行状态
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl status docker|grep Active"
done
EOF
输出结果如下:
$ ./deploy.sh
>>> 192.168.0.71
Active: active (running) since Fri 2020-04-24 16:03:15 CST; 1min 56s ago
>>> 192.168.0.72
Active: active (running) since Fri 2020-04-24 16:03:17 CST; 1min 55s ago
>>> 192.168.0.73
Active: active (running) since Fri 2020-04-24 16:03:18 CST; 1min 54s ago
确保状态为 active (running),否则通过如下命令查看日志,确认原因:
journalctl -u docker
六、检查 docker0 网桥
cat > deploy.sh << "EOF"
#!/bin/bash
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "/usr/sbin/ip addr show flannel.1 && /usr/sbin/ip addr show docker0"
done
EOF
输出内容如下:
$ ./deploy.sh
>>> 192.168.0.71
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 32:52:1f:dc:89:4e brd ff:ff:ff:ff:ff:ff
inet 172.30.128.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:d7:6b:e5:4f brd ff:ff:ff:ff:ff:ff
inet 172.30.128.1/21 brd 172.30.135.255 scope global docker0
valid_lft forever preferred_lft forever
>>> 192.168.0.72
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether 02:6d:85:9e:c1:96 brd ff:ff:ff:ff:ff:ff
inet 172.30.88.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:96:a3:38:d3 brd ff:ff:ff:ff:ff:ff
inet 172.30.88.1/21 brd 172.30.95.255 scope global docker0
valid_lft forever preferred_lft forever
>>> 192.168.0.73
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether e2:35:9c:62:ee:fe brd ff:ff:ff:ff:ff:ff
inet 172.30.104.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:22:02:21:8e brd ff:ff:ff:ff:ff:ff
inet 172.30.104.1/21 brd 172.30.111.255 scope global docker0
valid_lft forever preferred_lft forever
确认各 worker 节点的 docker0 网桥和 flannel.1 接口的 IP 处于同一个网段中(如下 172.30.128.0/32 位于 172.30.128.1/21 中):
注意: 如果您的服务安装顺序不对或者机器环境比较复杂, docker服务早于flanneld服务安装,此时 worker 节点的 docker0 网桥和 flannel.1 接口的 IP可能不会同处同一个网段下,这个时候请先停止docker服务, 手工删除docker0网卡,重新启动docker服务后即可修复:
$ systemctl stop docker
$ ip link delete docker0
$ systemctl start docker
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献26条内容
所有评论(0)