在 Ubuntu 18.04 中安装 Kubernetes 集群

Kubernetes 是一个遵循主从式架构设计的容器编排系统,由分布式键值数据库(etcd)、控制节点(Control Plane)、工作节点(Worker)三部分组成。

在本文中,示例创建一个由单个控制节点,两台工作节点组成的 Kubernetes 集群,测试于 DigitalOcean 平台,配置均为 2 颗 CPU,2G 内存。

  • kubernetes-master
  • kubernetes-node-1
  • kubernetes-node-2

当然,你也可以选择 DigitalOcean 提供的 Kubernetes Clusters 服务而无需自行安装。

安装需要

安装 Kubernetes 集群需要以下软件条件:

  • Kubernetes 工具:kubeadm、kubectl、kubelet
  • 容器引擎:Docker / Containerd / CRI-O
  • 网络插件:Flannel / Calico / 或更多

每台机器至少需要 2G 内存,而控制节点节点需要两颗及以上 CPU。

安装容器引擎

Get Docker Engine - Community for Ubuntu

Kubernetes 支持多种容器引擎,集群中的每台机器都需要安装任意一种容器引擎,本文以 Docker 为例。

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) \
    stable"

apt-get install -y docker-ce docker-ce-cli containerd.io

安装 Kubernetes

Installing kubeadm

运行 Kubernetes 需要三个工具:kubeadm、kubectl、kubelet,需要在所有节点上安装 Kubernetes 工具集。

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -

cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF

apt-get install -y kubelet kubeadm kubectl

初始化 Kubernetes 节点

Creating a single control-plane cluster with kubeadm

在控制节点 kubernetes-master 初始化 Kubernetes,由于网络插件 Flannel 需要随控制节点一同初始化,需要在命令后添加 --pod-network-cidr=10.244.0.0/16。

kubeadm init --pod-network-cidr=10.244.0.0/16

如果希望 kubectl 可以以非 root 权限运行,执行命令:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

随后会输出一个包含命令 kubeadm join 的命令,该命令包含一个有效期为 24 小时的 token,用于以后加入工作节点。

【示例】 kubeadm join <IP>:6443 --token 2n2o9b.xucvko6ix7aviht8 --discovery-token-ca-cert-hash sha256:38f3bf9835def8fd3debe965273ef7f287479d1b25cad8dbd920de4626549e88

网络插件用于容器之间的相互通信,需要在启动任何应用之前先安装网络插件,在这里以 Flannel 示例,在控制节点上执行:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

执行后返回:

root@kubernetes-master:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

表明网络插件安装成功,这时 CoreDNS 也已启动。

加入 Kubernetes 节点

在工作节点上安装 Kubernetes 工具集以及容器引擎后,执行刚刚得到的 kubeadm join 命令。

root@kubernetes-node-1:~# kubeadm join <IP>:6443 --token 2n2o9b.xucvko6ix7aviht8 --discovery-token-ca-cert-hash sha256:38f3bf9835def8fd3debe965273ef7f287479d1b25cad8dbd920de4626549e88
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

这时在控制节点上执行 kubectl get nodes 就可以看到集群节点状态。

root@kubernetes-master:~# kubectl get nodes
NAME                STATUS   ROLES    AGE   VERSION
kubernetes-master   Ready    master   29m   v1.15.1
kubernetes-node-1   Ready    <none>   29s   v1.15.1
kubernetes-node-2   Ready    <none>   11s   v1.15.1