From fa9aa1e4e8bb1520a687aa3743a65127f995ec7e Mon Sep 17 00:00:00 2001 From: "huanqing.shao" Date: Mon, 2 Sep 2019 20:48:35 +0800 Subject: [PATCH] install-kubernetes --- .vuepress/components/Promotion.vue | 2 +- .vuepress/config.js | 1 + docker-compose.yaml | 2 +- install/install-k8s-upgrade.md | 18 +++ install/install-k8s.md | 2 +- install/install-kubernetes.md | 194 +++++++++++++++++++++++++---- 6 files changed, 194 insertions(+), 25 deletions(-) create mode 100644 install/install-k8s-upgrade.md diff --git a/.vuepress/components/Promotion.vue b/.vuepress/components/Promotion.vue index 3c9ed64..55e7901 100644 --- a/.vuepress/components/Promotion.vue +++ b/.vuepress/components/Promotion.vue @@ -34,7 +34,7 @@ export default { }, mounted () { // this.waitAMoment() - this.dialogVisible = this.$page.path.indexOf('micro-service') > 0 && localStorage.getItem('promotion') !== 'compaign' + this.dialogVisible = (this.$page.path.indexOf('micro-service') > 0 || this.$page.path.indexOf('learning') > 0) && localStorage.getItem('promotion') !== 'compaign' }, methods: { waitAMoment() { diff --git a/.vuepress/config.js b/.vuepress/config.js index 5d1fad2..d3afbcd 100644 --- a/.vuepress/config.js +++ b/.vuepress/config.js @@ -139,6 +139,7 @@ module.exports = { children: [ ['install-k8s', '安装 Kubernetes 单Master节点'], 'install-kubernetes', + 'install-k8s-upgrade', 'install-kubectl' ] }, diff --git a/docker-compose.yaml b/docker-compose.yaml index de3627e..548e0e7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,7 +2,7 @@ version: "3" services: web: # replace username/repo:tag with your name and image details - image: eipwork/kuboard-press:20190901-210235 + image: eipwork/kuboard-press:latest deploy: replicas: 1 resources: diff --git a/install/install-k8s-upgrade.md b/install/install-k8s-upgrade.md new file mode 100644 index 0000000..2ed01fb --- /dev/null +++ b/install/install-k8s-upgrade.md @@ -0,0 +1,18 @@ +--- +description: 通过 kubeadm 升级 kubernetes 集群 +--- + +# 升级 Kubernetes 集群 + +文档完善中 + +## 前提条件 + +* 您使用 kubeadm 安装了 kubernetes v1.15.0 / v1.15.1 / v1.15.2 集群 +* 您想要将其升级到最新的版本 kubernetes v1.15.3 + +## 升级 kubeadm + +``` sh +yum install kubeadm +``` diff --git a/install/install-k8s.md b/install/install-k8s.md index 7bb94d7..3289e9d 100644 --- a/install/install-k8s.md +++ b/install/install-k8s.md @@ -2,7 +2,7 @@ # layout: StepLayout description: Kubernetes 最新稳定版 v1.15.3 的快速安装文档。该文档由众多网友验证并在线提出修改意见、持续不断地更新和完善、并且通过 QQ 群提供免费在线答疑的服务。 storyBook: - title: '使用 kubeadm 安装 kubernetes v1.15.3' + title: '使用 kubeadm 安装 kubernetes v1.15.3(单Master节点)' initial: StoryBook pages: - name: introduction diff --git a/install/install-kubernetes.md b/install/install-kubernetes.md index b42861a..7caee14 100644 --- a/install/install-kubernetes.md +++ b/install/install-kubernetes.md @@ -1,9 +1,31 @@ --- -description: 使用 kubeadm 安装高可用的 Kubernetes v1.15.2 集群 +description: 使用 kubeadm 安装高可用的 Kubernetes v1.15.3 集群 +storyBook: + title: '使用 kubeadm 安装 kubernetes v1.15.3(高可用)' + initial: StoryBook + pages: + - name: overview + title: 配置要求 + - name: step1 + title: 检查环境 + - name: step2 + title: 安装 docker/kubelet + - name: step3 + title: 初始化 apiserver 集群 + - name: step4 + title: 初始化 worker 节点 + - name: step5 + title: 安装 Ingress Controller + - name: step6 + title: 总结 --- # 安装 Kubernetes 高可用 + + +
+ ::: tip 推荐初学者按照 [安装Kubernetes 单Master节点](install-k8s.html) 文档进行 Kubernetes 集群搭建 ::: @@ -12,11 +34,11 @@ description: 使用 kubeadm 安装高可用的 Kubernetes v1.15.2 集群 kubernetes 安装有多种选择,本文档描述的集群安装具备如下特点: -* Kubernetes 1.15.2 - * calico 3.8 +* Kubernetes 1.15.3 + * calico 3.8.2 * nginx-ingress 1.5.3 * Docker 18.09.7 -* 三个 master 组成主节点集群,通过内网 loader balancer 实现负载均衡 +* 三个 master 组成主节点集群,通过内网 loader balancer 实现负载均衡;至少需要三个 master 节点才可组成高可用集群,否则会出现 ***脑裂*** 现象 * 多个 worker 组成工作节点集群,通过外网 loader balancer 实现负载均衡 安装后的拓扑图如下:下载拓扑图源文件 使用Axure RP 9.0可打开该文件 @@ -27,7 +49,9 @@ kubernetes 安装有多种选择,本文档描述的集群安装具备如下特 ![kuboard_qq.png](../overview/README.assets/kuboard_qq.png) -# 安装步骤 +
+ +
## 检查 centos / hostname @@ -49,6 +73,10 @@ hostname | 7.3 | 🤔 | 待验证 | | 7.2 | 😞 | 已证实会出现 kubelet 无法启动的问题 | +
+ +
+ ## 安装 docker / kubelet 使用 root 身份在所有节点执行如下代码,以安装软件: @@ -63,7 +91,7 @@ hostname ``` sh # 在 master 节点和 worker 节点都要执行 -curl -sSL https://kuboard.cn/install-script/install-kubelet.sh | sh +curl -sSL https://kuboard.cn/install-script/v1.15.3/install-kubelet.sh | sh ``` @@ -73,7 +101,7 @@ curl -sSL https://kuboard.cn/install-script/install-kubelet.sh | sh 手动执行以下代码,效果与快速安装完全相同。 -<<< @/.vuepress/public/install-script/install-kubelet.sh +<<< @/.vuepress/public/install-script/v1.15.3/install-kubelet.sh ::: warning 如果此时执行 `service status kubelet` 命令,将得到 kubelet 启动失败的错误提示,请忽略此错误,因为必须完成后续步骤中 kubeadm init 的操作,kubelet 才能正常启动 @@ -81,6 +109,10 @@ curl -sSL https://kuboard.cn/install-script/install-kubelet.sh | sh :::: +
+ +
+ ## 初始化API Server ### 创建 ApiServer 的 ELB(私网) @@ -121,7 +153,7 @@ export APISERVER_IP=x.x.x.x export APISERVER_NAME=apiserver.demo export POD_SUBNET=10.100.0.1/20 echo "${APISERVER_IP} ${APISERVER_NAME}" >> /etc/hosts -curl -sSL https://kuboard.cn/install-script/init-master.sh | sh +curl -sSL https://kuboard.cn/install-script/v1.15.3/init-master.sh | sh ``` ::: @@ -138,12 +170,47 @@ export POD_SUBNET=10.100.0.1/20 echo "${APISERVER_IP} ${APISERVER_NAME}" >> /etc/hosts ``` -<<< @/.vuepress/public/install-script/init-master.sh +<<< @/.vuepress/public/install-script/v1.15.3/init-master.sh ::: :::: +***执行结果*** + +执行结果中: +* 第15、16、17行,用于初始化第二、三个 master 节点 +* 第25、26行,用于初始化 worker 节点 + +``` sh {15,16,17,25,26} +Your Kubernetes control-plane has initialized successfully! + +To start using your cluster, you need to run the following as a regular user: + + mkdir -p $HOME/.kube + sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + sudo chown $(id -u):$(id -g) $HOME/.kube/config + +You should now deploy a pod network to the cluster. +Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: + https://kubernetes.io/docs/concepts/cluster-administration/addons/ + +You can now join any number of the control-plane node running the following command on each as root: + + kubeadm join apiserver.k8s:6443 --token 4z3r2v.2p43g28ons3b475v \ + --discovery-token-ca-cert-hash sha256:959569cbaaf0cf3fad744f8bd8b798ea9e11eb1e568c15825355879cf4cdc5d6 \ + --control-plane --certificate-key 41a741533a038a936759aff43b5680f0e8c41375614a873ea49fde8944614dd6 + +Please note that the certificate-key gives access to cluster sensitive data, keep it secret! +As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use +"kubeadm init phase upload-certs --upload-certs" to reload certs afterward. + +Then you can join any number of worker nodes by running the following on each as root: + +kubeadm join apiserver.k8s:6443 --token 4z3r2v.2p43g28ons3b475v \ + --discovery-token-ca-cert-hash sha256:959569cbaaf0cf3fad744f8bd8b798ea9e11eb1e568c15825355879cf4cdc5d6 + +``` **检查 master 初始化结果** @@ -159,34 +226,83 @@ kubectl get nodes ### 初始化第二、三个master节点 +**获得 master 节点的 join 命令** + +:::: tabs type:border-card + +::: tab 和第一个Master节点一起初始化 + +初始化第一个 master 节点时的输出内容中,第15、16、17行就是用来初始化第二、三个 master 节点的命令,如下所示:此时请不要执行该命令 + +``` sh + kubeadm join apiserver.k8s:6443 --token 4z3r2v.2p43g28ons3b475v \ + --discovery-token-ca-cert-hash sha256:959569cbaaf0cf3fad744f8bd8b798ea9e11eb1e568c15825355879cf4cdc5d6 \ + --control-plane --certificate-key 41a741533a038a936759aff43b5680f0e8c41375614a873ea49fde8944614dd6 +``` + +::: + +::: tab 第一个Master节点初始化2个小时后再初始化 + +**获得 certificate key** + 在 demo-master-a-1 上执行 ```sh -# 只在 demo-master-a-1 节点执行 +# 只在 第一个 master 节点 demo-master-a-1 上执行 kubeadm init phase upload-certs --upload-certs ``` 输出结果如下: +``` sh {6} +[root@demo-master-a-1 ~]# kubeadm init phase upload-certs --upload-certs +W0902 09:05:28.355623 1046 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) +W0902 09:05:28.355718 1046 version.go:99] falling back to the local client version: v1.15.3 +[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace +[upload-certs] Using certificate key: +70eb87e62f052d2d5de759969d5b42f372d0ad798f98df38f7fe73efdf63a13c ``` +**获得 join 命令** + +在 demo-master-a-1 上执行 +``` sh +# 只在 第一个 master 节点 demo-master-a-1 上执行 +kubeadm token create --print-join-command ``` +输出结果如下: +``` sh {2} +[root@demo-master-a-1 ~]# kubeadm token create --print-join-command +kubeadm join apiserver.demo:6443 --token bl80xo.hfewon9l5jlpmjft --discovery-token-ca-cert-hash sha256:b4d2bed371fe4603b83e7504051dcfcdebcbdcacd8be27884223c4ccc13059a4 +``` + +则,第二、三个 master 节点的 join 命令如下: + +* 命令行中,蓝色部分来自于前面获得的 join 命令,红色部分来自于前面获得的 certificate key + +
+kubeadm join apiserver.demo:6443 --token ejwx62.vqwog6il5p83uk7y \
+--discovery-token-ca-cert-hash sha256:6f7a8e40a810323672de5eee6f4d19aa2dbdb38411845a1bf5dd63485c43d303 \
+--control-plane --certificate-key 70eb87e62f052d2d5de759969d5b42f372d0ad798f98df38f7fe73efdf63a13c +
+::: + +:::: + +**初始化第二、三个 master 节点** + 在 demo-master-b-1 和 demo-master-b-2 机器上执行 ``` sh -# 只在 demo-master-b-1 和 demo-master-b-2 节点执行 +# 只在第二、三个 master 节点 demo-master-b-1 和 demo-master-b-2 执行 # 替换 x.x.x.x 为 ApiServer LoadBalancer 的 IP 地址 export APISERVER_IP=x.x.x.x # 替换 apiserver.demo 为 前面已经使用的 dnsName export APISERVER_NAME=apiserver.demo echo "${APISERVER_IP} ${APISERVER_NAME}" >> /etc/hosts -``` - - -执行 (替换参数) - -```bash +# 使用前面步骤中获得的第二、三个 master 节点的 join 命令 kubeadm join apiserver.demo:6443 --token ejwx62.vqwog6il5p83uk7y \ --discovery-token-ca-cert-hash sha256:6f7a8e40a810323672de5eee6f4d19aa2dbdb38411845a1bf5dd63485c43d303 \ --control-plane --certificate-key 70eb87e62f052d2d5de759969d5b42f372d0ad798f98df38f7fe73efdf63a13c @@ -195,18 +311,38 @@ kubeadm join apiserver.demo:6443 --token ejwx62.vqwog6il5p83uk7y \ **检查 master 初始化结果** ``` sh -# 只在 demo-master-a-1 节点执行 +# 只在第一个 master 节点 demo-master-a-1 执行 # 查看 master 节点初始化结果 kubectl get nodes ``` +
+ +
+ ## 初始化 worker节点 ### 获得 join命令参数 +:::: tabs type:border-card + +::: tab 和第一个Master节点一起初始化 + +初始化第一个 master 节点时的输出内容中,第25、26行就是用来初始化 worker 节点的命令,如下所示:此时请不要执行该命令 + +``` sh + kubeadm join apiserver.k8s:6443 --token 4z3r2v.2p43g28ons3b475v \ + --discovery-token-ca-cert-hash sha256:959569cbaaf0cf3fad744f8bd8b798ea9e11eb1e568c15825355879cf4cdc5d6 +``` + +::: + +::: tab 第一个Master节点初始化2个小时后再初始化 + **在第一个 master 节点 demo-master-a-1 节点执行** ```bash +# 只在第一个 master 节点 demo-master-a-1 上执行 kubeadm token create --print-join-command ``` @@ -216,6 +352,9 @@ kubeadm token create --print-join-command kubeadm join apiserver.demo:6443 --token mpfjma.4vjjg8flqihor4vt --discovery-token-ca-cert-hash sha256:6f7a8e40a810323672de5eee6f4d19aa2dbdb38411845a1bf5dd63485c43d303 ``` +::: + +:::: ### 初始化worker @@ -236,7 +375,7 @@ kubeadm join apiserver.demo:6443 --token mpfjma.4vjjg8flqihor4vt --discovery 在第一个master节点 demo-master-a-1 上执行 ```sh -sudo -i +# 只在第一个 master 节点 demo-master-a-1 上执行 kubectl get nodes ``` @@ -263,6 +402,9 @@ kubectl delete node demo-worker-x-x > * 将 demo-worker-x-x 替换为要移除的 worker 节点的名字 > * worker 节点的名字可以通过在第一个 master 节点 demo-master-a-1 上执行 kubectl get nodes 命令获得 +
+ +
## 安装 Ingress Controller @@ -282,15 +424,15 @@ kubectl delete node demo-worker-x-x **在 master 节点上执行** ``` sh -# 只在 master 节点执行 -kubectl apply -f https://kuboard.cn/install-script/nginx-ingress.yaml +# 只在第一个 master 节点 demo-master-a-1 上执行 +kubectl apply -f https://kuboard.cn/install-script/v1.15.3/nginx-ingress.yaml ``` ::: ::: tab YAML文件 lazy -<<< @/.vuepress/public/install-script/nginx-ingress.yaml +<<< @/.vuepress/public/install-script/v1.15.3/nginx-ingress.yaml ::: @@ -327,6 +469,10 @@ kubectl apply -f https://kuboard.cn/install-script/nginx-ingress.yaml 在浏览器访问 a.demo.yourdomain.com,将得到 404 NotFound 错误页面 +
+ +
+ ## 下一步 :tada: :tada: :tada: @@ -338,3 +484,7 @@ kubectl apply -f https://kuboard.cn/install-script/nginx-ingress.yaml 在线体验 Kuboard + +
+ +