openstack-kolla k8s 部署
如何快速搭建openstack云计算平台?这里提供安装部署说明。
目录
1 部署说明 2
1.1 部署环境 2
1.2 主机配置 2
1.3 依赖包 3
1.4 注意点 3
1.5 部署步骤 3
1.6 在只有一个root用户的时候,添加普通用户 3
2 部署kubernetes 4
2.1 注意点 4
3 验证kubernetes 4
4 部署kolla-kubernetes 4
1 部署说明
1.1 部署环境
Centos7.3,ALL IN ONE。
进行操作时不能使用root用户,因为在Centos7, /usr/local/bin/找不到helm。
Helm是专为 Kubernetes 提供查找,分享和使用软件的最佳实践。Helm 可以使用 Charts 启动 Kubernetes 集群,提供可用的工作流:Redis 集群、Postgres 数据库、HAProxy 边界负载均衡。Chart 是 Kubernetes 的单元。
1.2 主机配置
2 network interfaces
8GB main memory
40GB disk space
1.3 依赖包
docker == 1.12.6
helm >= 2.4.1
kubectl >= 1.6.3
kubeadm >= 1.6.3
kubelet >= 1.6.3 + fix - see below
kubernetes-cni >= 0.5.1
1.4 注意点
为了能够更好地练习使用kubernetes,建议再开启一个窗口运行以下命令进行观察变化:
watch -d kubectl get pods --all-namespaces
希望能够看到更多的信息,可以使用以下命令:
watch -d kubectl get pods –all-namespaces -o wide
1.5 部署步骤
部署Kubernetes
验证Kubernetes
部署kolla-kubernetes
1.6 在只有一个root用户的时候,添加普通用户
添加用户ragpo,并且设置密码
useradd ragpo
passwd ragpo
修改/etc/sudoers,添加ragpo,修改文件前该文件为只读文件,修改为可读写
chmod 777 /etc/sudoers
然后再添加ragpo用户的权限
Allow root to run any commands anywhere
root ALL=(ALL) ALL
ragpo ALL=(ALL) ALL
再将/etc/sudoers文件修改为只读文件
chmod 440 /etc/sudoers
如果不执行以上步骤,以ragpo用户执行sudo命令是会报错
1.7 Kubernetes架构
1.7.1 什么是kubernetes
Kubernetes是Google开源的容器集群管理系统,其提供应用部署、维护、 扩展机制等功能,利用Kubernetes能方便地管理跨机器运行容器化的应用,其主要功能如下:
- 使用Docker对应用程序包装(package)、实例化(instantiate)、运行(run)。
- 以集群的方式运行、管理跨机器的容器。
- 解决Docker跨机器容器之间的通讯问题。
- Kubernetes的自我修复机制使得容器集群总是运行在用户期望的状态。
1.7.2 名称概念
1.7.3 进程服务
1.7.4 kubernetes架构图
2 部署kubernetes
2.1 注意点
网络注意事项
假定POD的网络为10.1.0.0/16,,service的网络10.3.3.0/24,并且二者不能一样,这两个地址不能使用已经被分配的地址。
关闭SELinux和防火墙
sudo setenforce 0
sudo sed -i 's/enforcing/permissive/g' /etc/selinux/config
sudo systemctl stop firewalld
sudo systemctl disable firewalld
2.2 开始部署
配置kubernetes的yum源
sudo tee /etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
安装软件包及其依赖
sudo yum install -y docker ebtables kubeadm-1.6.3 kubectl-1.6.3 kubelet-1.6.3 kubernetes-cni git gcc
由于下载的时候会去读取软件包的依赖相关文件,但是因为无法获取这个文件,会导致下载失败
[ragpo@k8s-node1 ~]$ sudo yum install -y docker ebtables kubeadm-1.6.3 kubectl-1.6.3 kubelet-1.6.3 kubernetes-cni git gcc
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found
Trying other mirror.
One of the configured repositories failed (Kubernetes),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum --disablerepo=kubernetes ...
4. Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable kubernetes
or
subscription-manager repos --disable=kubernetes
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true
failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 302 – Found
通过把http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/repodata/目录下的文件下载至本地,然后复制到/var/cache/yum/x86_64/7/kubernetes/目录下即可
由于kubeadm-1.6.3 kubectl-1.6.3 kubelet-1.6.3 kubernetes-cni这四个软件包因为网络原因无法下载,通过手动下载,然后导入至/var/cache/yum/x86_64/7/kubernetes/packages/目录下
报错:
Downloading packages:
81158f40764a08356242a53ef4bf7e FAILED
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/../../pool/81158f40764a08356242a53ef4bf7e3c219f48f364c55260db571cae51ce6eec-kubeadm-1.6.3-0.x86_64.rpm: [Errno 14] HTTPS Error 302 - Found- ETA
Trying other mirror.
d5cc6bb2e439298eb1b3e45c3ac580 FAILED
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/../../pool/d5cc6bb2e439298eb1b3e45c3ac58010580c1d3c3a2fa71040a7c73b1dc22881-kubectl-1.6.3-0.x86_64.rpm: [Errno 14] HTTPS Error 302 - Found- ETA
Trying other mirror.
b610c239bd57c3ca0dcae3f4d4ae60 FAILED
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/../../pool/b610c239bd57c3ca0dcae3f4d4ae60a0a1eab99c7b059cf1b0fe8dd7267c3f73-kubelet-1.6.3-0.x86_64.rpm: [Errno 14] HTTPS Error 302 - Found- ETA
Trying other mirror.
e7a4403227dd24036f3b0615663a37 FAILED
http://yum.kubernetes.io/repos/kubernetes-el7-x86_64/../../pool/e7a4403227dd24036f3b0615663a371c4e07a95be5fee53505e647fd8ae58aa6-kubernetes-cni-0.5.1-0.x86_64.rpm: [Errno 14] HTTPS Error 302 - Found
Trying other mirror.
然后再执行安装命令
sudo yum install -y docker ebtables kubeadm-1.6.3 kubectl-1.6.3 kubelet-1.6.3 kubernetes-cni git gcc
启动docker服务
sudo systemctl enable docker
sudo systemctl start docker
设置DNS server,kubernetes的DNS server通常为X.X.X.10
sudo sed -i 's/10.96.0.10/10.3.3.10/g' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
重启daemon
sudo systemctl daemon-reload
停止kubelet
sudo systemctl stop kubelet
启动docker和kubelet
sudo systemctl enable kubelet
sudo systemctl start kubelet
使用kubeadm部署Kubernetes,网络采用之前规划的
sudo kubeadm init --pod-network-cidr=10.1.0.0/16 --service-cidr=10.3.3.0/24
假设执行了上述命令后报如下的错:
preflight] Some fatal errors occurred: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
解决方法1:
添加net.bridge.bridge-nf-call-ip6tables = 1 和 net.bridge.bridge-nf-call-iptables = 1至/etc/sysctl.conf
执行sysctl –p使其生效
执行sysctl net.bridge.bridge-nf-call-ip[6]tables验证是否生效
解决方法2:
执行Run with –skip-preflight-checks
加载kubedm的凭证至系统
mkdir -p $HOME/.kube
sudo -H cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo -H chown $(id -u):$(id -g) $HOME/.kube/config
安装Canal,CNI driver是kubernetes使用网络driver,目前CNI使用的是Canal
curl -L https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/rbac.yaml -o rbac.yaml
kubectl apply -f rbac.yaml
curl -L https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/canal.yaml -o canal.yaml
sed -i "s@192.168.0.0/16@10.1.0.0/16@" canal.yaml
sed -i "s@10.96.232.136@10.3.3.100@" canal.yaml
kubectl apply -f canal.yaml
配置schedule调度功能
kubectl taint nodes --all=true node-role.kubernetes.io/master:NoSchedule-
查看开启的监控窗口内容,确认dns pod是3/3 Running状态,如果这个步骤不正确,下面的验证步骤是无法通过的。
3 验证kubernetes
运行一个busybox容器
kubectl run -i -t $(uuidgen) --image=busybox --restart=Never
Waiting for pod default/33c30c3b-8130-408a-b32f-83172bca19d0 to be running, status is Pending, pod ready: false
验证dns服务是否正常工作
nslookup kubernetes
Server: 10.3.3.10
Address 1: 10.3.3.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.3.3.1 kubernetes.default.svc.cluster.local
nslookup kubernetes