Install kubernetes pits Tutorial (original) under CENTOS7

Source: Internet
Author: User
Tags openssl x509 etcd k8s



Kubernetes (hereinafter referred to as "k8s") is now recognized as the most advanced container cluster management tool, after the release of the 1.0 release, the development of k8s more rapidly, and has been the full support of the container ecosystem manufacturers, including coreos, rancher, etc., Many vendors that provide public cloud services also provide container services based on k8s for two development to support the infrastructure layer, such as . It can be said that k8s is also the most powerful competitor of Docker in the field of container cluster management and service Orchestration.



Now the red Hat Centos7 users, already can use the familiar yum to install k8s directly, but really want to install up, still have quite a lot of pit to tread, this article mainly to help everybody fill these big pits!!!



Because k8s involves a lot of components, about the components of learning, online tutorials a lot, but still recommend everyone to the official web to Learn. http://kubernetes.io/docs/tutorials/






first, Environment Construction



In k8s, the host has only two roles of master and Nodes. I have prepared 3 Centos7 host, one of which is both master and nodes, and the other two do Nodes.



The components that master installs Are:


    • Docker

    • ETCD can be understood as a k8s database that stores all nodes, pods, Network information

    • Kube-proxy basic components that provide service services

    • Kubelet manages the components of the k8s node because this master is also nodes, so install

    • Kube-apiserver K8s provides API interface, is the core of the entire k8s

    • Kube-controller-manager managing components that allocate resources

    • Kube-scheduler Components for scheduling resources

    • Flanneld network components for the entire k8s


The components installed by nodes Are:


    • Docker

    • Kube-proxy

    • Kubelet

    • Flanneld


Next is the construction of each node network, modify the/etc/hosts, to ensure that the hosts table of each host is consistent, as Follows:



Echo "192.168.128.160 Centos-master



192.168.128.161 centos-minion-1



192.168.128.162 centos-minion-2 ">>/etc/hosts



finally, Remember to close the selinux of each node to avoid unnecessary problems. The firewall also shuts down to avoid firewall conflicts with the inside of the Docker Container.


[email protected] ~]# systemctl Stop Firewalld
[email protected] ~]# systemctl Disable FIREWALLD





second, Start the installation



1. First add the k8s component to the Yum source that is downloaded in the node, as Follows:


Cat <<EOF>/etc/yum.repos.d/virt7-docker-common-release.repo <<-' EOF '
[virt7-docker-common-release]
Name=virt7-docker-common-release
baseurl=http://cbs.centos.org/repos/virt7-docker-common-release/x86_64/os/
Gpgcheck=0
Eof


Then perform yum-y update



2. The next step is to install the k8s component on each Node.



Master



Yum install-y Docker etcd kube-proxy kubelet kube-apiserver kube-controller-manage kube-scheduler Flanneld



Nodes



Yum install-y etcd kube-proxy kubelet Flanneld



After installation, you can view the corresponding configuration file under/etc/kubernetes, and then we will begin to configure these configuration Files. There is a pit here, because we will install the K8s UI later, but the UI using k8s must use Certificate authentication, and using the Default/etc/kubernetes/apiserver profile does not enable this function properly (i tried many times without success, have success to tell me), This is the way I use the CLI for both Kube-apiserver and Kube-controller-manage Components.



Kube-apiserver:



/usr/bin/kube-apiserver--logtostderr=true--v=0--etcd-servers=http://centos-master:2379--address=0.0.0.0--port= 8080--kubelet-port=10250--allow-privileged=true--service-cluster-ip-range=10.254.0.0/16--admission-control= serviceaccount--insecure-bind-address=0.0.0.0--client-ca-file=/root/security/ca.crt--tls-cert-file=/root/ Security/server.crt--tls-private-key-file=/root/security/server.key--basic-auth-file=/root/security/basic_ auth.csv--secure-port=443 &>>/var/log/kubernetes/kube-apiserver.log &



Kube-controller-manage:



/usr/bin/kube-controller-manager--logtostderr=true--v=0--master=http://centos-master:8080--root-ca-file=/root/ Security/ca.crt--service-account-private-key-file=/root/security/server.key & >>/var/log/kubernetes/ Kube-controller-manage.log &



Everyone has to see me here in/root/security under the specified private key and digital certificate, here we have not generated, so do not directly typed the above command, we first configure the other configuration File.



Etcd



Edit/etc/etcd/etcd.conf



etcd_listen_peer_urls= "http://localhost:2380"



etcd_listen_client_urls= "http://0.0.0.0:2379"



etcd_advertise_client_urls= "http://0.0.0.0:2379"



Flanneld:



Edit/etc/sysconfig/flanneld



flannel_etcd_endpoints= "http://centos-master:2379"



flannel_etcd_prefix= "/kube-centos/network" (here is the key to configure the flannel network, same network Configuration)



flannel_options= "--iface=eno16777736" (the Address of the actual physical network card filled in here, can be viewed with the IP a command, mine is Eno16777736)



Kubelet:



Edit/etc/kubernetes/kubelet



kubelet_address= "--address=0.0.0.0"



Kubelet_hostname= "--hostname-override=centos-master"



Kubelet_api_server= "--api-servers=http://centos-master:8080"



Kubelet_pod_infra_container= "--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"



Config



Edit/etc/kubernetes/config



Kube_logtostderr= "--logtostderr=true"



kube_etcd_servers= "--etcd-servers=http://centos-master:2379"



Kube_log_level= "--v=0"



kube_allow_priv= "--allow-privileged=false"



Kube_master= "--master=http://centos-master:8080"



Depending on the components of the master, nodes installation that we mentioned above, modify the relevant configuration file on master and nodes and the config configuration file is best Modified.



Then we generate the above mentioned generate key and digital certificate, create the Security directory on the master node



Mkdir-p/root/security



Cd/root/security



The relevant certificate file, described as Follows:


File Role
Ca.key The private key of the CA that you generate to impersonate a CA
Ca.crt Self-signed CA certificate with own private key
Server.key The private key of the API server that is used to configure HTTPS for the API server
Server.csr The API Server's certificate request file, which is used to request the API Server's certificate
Server.crt Certificate for API server issued with your own impersonated ca, used to configure HTTPS for API server


OpenSSL genrsa-out Ca.key 2048



OpenSSL req-x509-new-nodes-key ca.key-subj "/cn=ph_ccnp"-days 10000-out ca.crt



OpenSSL genrsa-out Server.key 2048



echo subjectaltname=ip:10.254.0.1 > Extfile.cnf



# #10.254.0.1 is the Mater address under the Flanne network and can be viewed by command



# #kubectl Get services--all-namespaces |grep ' default ' |grep ' kubernetes ' |grep ' 443 ' |awk # # ' {print $} ' because the cluster has not yet started, So see this address, you can add a wrong first, then start the cluster and then modify



OpenSSL req-new-key server.key-subj "/cn=ph_ccnp"-out SERVER.CSR



OpenSSL x509-req-in server.csr-ca ca.crt-cakey ca.key-cacreateserial-extfile extfile.cnf-out server.crt-days 10000






3. Start the service



Master Node:



/usr/bin/kube-apiserver--logtostderr=true--v=0--etcd-servers=http://centos-master:2379--address=0.0.0.0--port= 8080--kubelet-port=10250--allow-privileged=true--service-cluster-ip-range=10.254.0.0/16--admission-control= serviceaccount--insecure-bind-address=0.0.0.0--client-ca-file=/root/security/ca.crt--tls-cert-file=/root/ Security/server.crt--tls-private-key-file=/root/security/server.key--basic-auth-file=/root/security/basic_ auth.csv--secure-port=443 &>>/var/log/kubernetes/kube-apiserver.log &






/usr/bin/kube-controller-manager--logtostderr=true--v=0--master=http://centos-master:8080--root-ca-file=/root/ Security/ca.crt--service-account-private-key-file=/root/security/server.key & >>/var/log/kubernetes/ Kube-controller-manage.log &






For SERVICES in Etcd kube-proxy kube-scheduler flanneld; Do



Systemctl Restart $SERVICES



Systemctl Enable $SERVICES



Systemctl Status $SERVICES



Done



Nodes Node:



For SERVICES in Kube-proxy kubelet Flanneld docker; Do



Systemctl Restart $SERVICES



Systemctl Enable $SERVICES



Systemctl Status $SERVICES



Done



When the service starts, enter Kubectl get nodes on Master


[[email protected] kubernetes]# Kubectl Get nodes
NAME STATUS Age
Centos-master Ready 5d
Centos-minion-1 Ready 12d
Centos-minion-2 Ready 12d


Now the entire cluster has been installed successfully!!






4. Installing Dashboard



First of all, we want to download dashboard image, due to the presence of my greater China local area network, resulting in the official Google kubernetes-dashboard-amd64:v1.5.0 image can not download (pit dad!! ), we'll go to the Docker.io site first pull a v1.4.0 version of the image



Docker Pull docker.io/sailsxu/kubernetes-dashboard-amd64:v1.4.0



Then download the automatic deployment file for the website



Curl Https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml-o Kubernetes-dashborad.yaml



There are three changes to be modified Here:



1.image:docker.io/sailsxu/kubernetes-dashboard-amd64:v1.4.0



2.imagepullpolicy:always to cancel the trip, otherwise it will always go to register to take the mirror



3.#---apiserver-host=http://my-address:port, modified to---apiserver-host=http://centos-master:8080



Then we execute



Kubectl create-f Kubernetes-dashborad.yaml



Kubectl Get Po--namespace=kube-system


NAME Ready STATUS Restarts
Kubernetes-dashboard-2963774231-uzsul 1/1 Running 1 15h


Kubectl--namespace=kube-system Get po-o Wide


NAME ready STATUS Restarts IP NODE
Kubernetes-dashboard-2963774231-uzsul 1/1 Running 15h 172.30.9.2 centos-minion-2


We can see now that dashboard is already running on the centos-minion-2 node and we are viewing it in the browser address bar



Https://192.168.128.160/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=_all



650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "spacer.gif"/>



The dashboard has been installed Here.



This tutorial does not involve the basic part of k8s, and if there is time, I will write some knowledge of the basic part again! About the K8s UI how to use, I will be in the future tutorial in time to update!!






This article is from the "hankou people in hanyang" blog, please make sure to keep this source http://phccnp.blog.51cto.com/4352504/1890494



Install kubernetes pits Tutorial (original) under CENTOS7


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.