配置etcd服务防火墙,其中4001为服务端口,7001为集群数据交互端口。
# iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 4001 -j ACCEPT# iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 7001 -j ACCEPT
3)安装Kubernetes(涉及所有Master、Minion主机)
通过yum源方式安装,默认将安装etcd, docker, and cadvisor相关包。
# curl https://copr.fedoraproject.org/coprs/eparis/kubernetes-epel-7/repo/epel-7/eparis-kubernetes-epel-7-epel-7.repo -o /etc/yum.repos.d/eparis-kubernetes-epel-7-epel-7.repo#yum -y install kubernetes
升级至v0.6.2,覆盖bin文件即可,方法如下:
# mkdir -p /home/install && cd /home/install# wget https://github.com/GoogleCloudPlatform/kubernetes/releases/download/v0.6.2/kubernetes.tar.gz
# tar -zxvf kubernetes.tar.gz
# tar -zxvf kubernetes/server/kubernetes-server-linux-amd64.tar.gz
# cp kubernetes/server/bin/kube* /usr/bin
校验安装结果,出版以下信息说明安装正常。
[root@SN2014-12-200 bin]# /usr/bin/kubectl versionClient Version: version.Info{Major:"0", Minor:"6+", GitVersion:"v0.6.2", GitCommit:"729fde276613eedcd99ecf5b93f095b8deb64eb4", GitTreeState:"clean"}
Server Version: &version.Info{Major:"0", Minor:"6+", GitVersion:"v0.6.2", GitCommit:"729fde276613eedcd99ecf5b93f095b8deb64eb4", GitTreeState:"clean"}
4)Kubernetes配置(仅Master主机)
master运行三个组件,包括apiserver、scheduler、controller-manager,相关配置项也只涉及这三块。
4.1【/etc/kubernetes/config】
# Comma seperated list of nodes in the etcd clusterKUBE_ETCD_SERVERS="--etcd_servers=http://192.168.1.10:4001"
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privleged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=false"
4.2【/etc/kubernetes/apiserver】
# The address on the local server to listen to.KUBE_API_ADDRESS="--address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# How the replication controller and scheduler find the kube-apiserver
KUBE_MASTER="--master=192.168.1.200:8080"
# Port minions listen on
KUBELET_PORT="--kubelet_port=10250"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--portal_net=10.254.0.0/16"
# Add you own!
KUBE_API_ARGS=""
4.3【/etc/kubernetes/controller-manager】
# Comma seperated list of minionsKUBELET_ADDRESSES="--machines= 192.168.1.201,192.168.1.202"
# Add you own!
KUBE_CONTROLLER_MANAGER_ARGS=""
4.4【/etc/kubernetes/scheduler】
# Add your own!KUBE_SCHEDULER_ARGS=""
启动master侧相关服务
# systemctl daemon-reload# systemctl start kube-apiserver.service kube-controller-manager.service kube-scheduler.service
# systemctl enable kube-apiserver.service kube-controller-manager.service kube-scheduler.service
5)Kubernetes配置(仅minion��机)
minion运行两个组件,包括kubelet、proxy,相关配置项也只涉及这两块。
Docker启动脚本更新
# vi /etc/sysconfig/docker添加:-H tcp://0.0.0.0:2375,最终配置如下,以便以后提供远程API维护。
OPTIONS=--selinux-enabled -H tcp://0.0.0.0:2375 -H fd://修改minion防火墙配置,通常master找不到minion主机多半是由于端口没有连通。
iptables -I INPUT -s 192.168.1.200 -p tcp --dport 10250 -j ACCEPT修改kubernetes minion端配置,以192.168.1.201主机为例,其它minion主机同理。
5.1【/etc/kubernetes/config】
# Comma seperated list of nodes in the etcd clusterKUBE_ETCD_SERVERS="--etcd_servers=http://192.168.1.10:4001"
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privleged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=false"
5.2【/etc/kubernetes/kubelet】
#### kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname_override=192.168.1.201"
# Add your own!
KUBELET_ARGS=""
5.3【/etc/kubernetes/proxy】
KUBE_PROXY_ARGS=""