作者:Damon
博客:http://www.damon8.cn
程序猿 Damon | 微服务 | 容器化 | 自动化
1、 K8S 的由来
K8S 是 kubernetes 的英文缩写,是用 8 代替 8 个字符 "ubernete" 而成的缩写。
2、 K8S 单机版实战
环境:
ubuntu 16.04
gpu 驱动 418.56
docker 18.06
k8s 1.13.5
一、设置环境
首先备份一下源配置:
cp /etc/apt/sources.list /etc/apt/sources.list.cp
复制代码
编辑,替换为阿里源:
vim /etc/apt/sources.list
deb-src http://archive.ubuntu.com/ubuntu xenial main restricteddeb http://mirrors.aliyun.com/ubuntu/ xenial main restricteddeb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universedeb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricteddeb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universedeb http://mirrors.aliyun.com/ubuntu/ xenial universedeb http://mirrors.aliyun.com/ubuntu/ xenial-updates universedeb http://mirrors.aliyun.com/ubuntu/ xenial multiversedeb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiversedeb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/xenial-backports main restricted universe multiversedeb http://archive.canonical.com/ubuntu xenial partnerdeb-src http://archive.canonical.com/ubuntu xenial partnerdeb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricteddeb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universedeb http://mirrors.aliyun.com/ubuntu/ xenial-security universedeb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
复制代码
更新源:
自动修复安装出现 broken 的 package:
升级,对于 gpu 机器可不执行,否则可能升级 gpu 驱动导致问题:
关闭防火墙:
安装 selinux:
apt install selinux-utils
复制代码
selinux 防火墙配置:
setenforce 0
vim/etc/selinux/conifg
SELINUX=disabled
复制代码
设置网络:
tee /etc/sysctl.d/k8s.conf <<-'EOF'net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1EOFmodprobe br_netfilter
复制代码
查看 ipv4 与 v6 配置是否生效:
配置 iptables:
iptables -P FORWARD ACCEPT
vim /etc/rc.local/usr/sbin/iptables -P FORWARD ACCEPT
复制代码
永久关闭 swap 分区:
sed -i 's/.*swap.*/#&/' /etc/fstab
复制代码
二、安装 docker
执行下面的命令:
apt-get install apt-transport-https ca-certificates curl software-properties-commoncurl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" apt-get updateapt-get purge docker-ce docker docker-engine docker.io && rm -rf /var/lib/docker
apt-get autoremove docker-ce docker docker-engine docker.ioapt-get install -y docker-ce=18.06.3~ce~3-0~ubuntu
复制代码
启动 docker 并设置开机自重启:
systemctl enable docker && systemctl start docker
复制代码
Docker 配置:
vim /etc/docker/daemon.json{ "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "10" }, "insecure-registries": ["http://k8s.gcr.io"], "data-root": "", "default-runtime": "nvidia", "runtimes": { "nvidia": { "path": "/usr/bin/nvidia-container-runtime", "runtimeArgs": [] } }}
复制代码
上面是含 GPU 的配置,不含 GPU 的配置:
{"registry-mirrors":["https://registry.docker-cn.com"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-size":"100m"},"exec-opts":["native.cgroupdriver=systemd"],"insecure-registries":["http://k8s.gcr.io"],"live-restore":true}
复制代码
重启服务并设置开机自动重启:
systemctl daemon-reload && systemctl restart docker && docker info
复制代码
三、安装 k8s
拉取镜像前的设置:
apt-get update && apt-get install -y apt-transport-https curlcurl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -tee /etc/apt/sources.list.d/kubernetes.list <<-'EOF'deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial mainEOF
复制代码
更新:
apt-get updateapt-get purge kubelet=1.13.5-00 kubeadm=1.13.5-00 kubectl=1.13.5-00apt-get autoremove kubelet=1.13.5-00 kubeadm=1.13.5-00 kubectl=1.13.5-00apt-get install -y kubelet=1.13.5-00 kubeadm=1.13.5-00 kubectl=1.13.5-00apt-mark hold kubelet=1.13.5-00 kubeadm=1.13.5-00 kubectl=1.13.5-00
复制代码
启动服务并设置开机自动重启:
systemctl enable kubelet && sudo systemctl start kubelet
复制代码
安装 k8s 相关镜像,由于 gcr.io 网络访问不了,从 registry.cn-hangzhou.aliyuncs.com 镜像地址下载:
docker pull registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-apiserver:v1.13.5
docker pull registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-controller-manager:v1.13.5
docker pull registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-scheduler:v1.13.5
docker pull registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-proxy:v1.13.5
docker pull registry.cn-hangzhou.aliyuncs.com/kuberimages/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/kuberimages/etcd:3.2.24
docker pull registry.cn-hangzhou.aliyuncs.com/kuberimages/coredns:1.2.6
复制代码
打标签:
docker tag registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-apiserver:v1.13.5 k8s.gcr.io/kube-apiserver:v1.13.5
docker tag registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-controller-manager:v1.13.5 k8s.gcr.io/kube-controller-manager:v1.13.5
docker tag registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-scheduler:v1.13.5 k8s.gcr.io/kube-scheduler:v1.13.5
docker tag registry.cn-hangzhou.aliyuncs.com/gg-gcr-io/kube-proxy:v1.13.5 k8s.gcr.io/kube-proxy:v1.13.5
docker tag registry.cn-hangzhou.aliyuncs.com/kuberimages/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/kuberimages/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag registry.cn-hangzhou.aliyuncs.com/kuberimages/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
复制代码
四、kubeadm 初始化
利用 kubeadm 初始化 k8s,其中主机 IP 根据自己的实际情况输入:
kubeadm init --kubernetes-version=v1.13.5 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.16.0.0/16 --apiserver-advertise-address=${masterIp} | tee kubeadm-init.log
复制代码
此时,如果未知主机 IP,也可利用 yaml 文件动态初始化:
vi /etc/hosts10.10.5.100 k8s.api.server
vi kube-init.yaml
apiVersion: kubeadm.k8s.io/v1beta1kind: ClusterConfigurationkubernetesVersion: v1.13.5imageRepository: registry.aliyuncs.com/google_containersapiServer: certSANs: - "k8s.api.server"controlPlaneEndpoint: "k8s.api.server:6443"networking: serviceSubnet: "10.1.0.0/16" podSubnet: "10.244.0.0/16"
复制代码
HA 版本:
apiVersion: kubeadm.k8s.io/v1beta1kind: ClusterConfigurationkubernetesVersion: v1.13.5imageRepository: registry.aliyuncs.com/google_containersapiServer: certSANs: - "api.k8s.com"controlPlaneEndpoint: "api.k8s.com:6443"etcd: external: endpoints: - https://ETCD_0_IP:2379 - https://ETCD_1_IP:2379 - https://ETCD_2_IP:2379networking: serviceSubnet: 10.1.0.0/16 podSubnet: 10.244.0.0/16
复制代码
注意: apiVersion 中用 kubeadm,因为需要用 kubeadm 来初始化,最后执行下面来初始化:
kubeadm init --config=kube-init.yaml
复制代码
出现问题,解决后,reset 后再执行,如果需要更多,执行:
五、部署出现问题
先删除 node 节点(集群版)
kubectl drain <node name> --delete-local-data --force --ignore-daemonsetskubectl delete node <node name>
复制代码
清空 init 配置在需要删除的节点上执行(注意,当执行 init 或者 join 后出现任何错误,都可以使用此命令返回):
六、查问题
初始化后出现问题,可以通过以下命令先查看其容器状态以及网络情况:
sudo docker ps -a | grep kube | grep -v pausesudo docker logs CONTAINERIDsudo docker images && systemctl status -l kubeletnetstat -nlptkubectl describe ep kubernetes
kubectl describe svc kuberneteskubectl get svc kuberneteskubectl get epnetstat -nlpt | grep apiser
vi /var/log/syslog
复制代码
七、给当前用户配置 k8s apiserver 访问公钥
sudo mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
复制代码
八、网络插件
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yamlwget https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
vi calico.yaml
- name: CALICO_IPV4POOL_IPIP value:"off"- name: CALICO_IPV4POOL_CIDR value: "10.244.0.0/16kubectl apply -f calico.yaml
复制代码
单机下允许 master 节点部署 pod 命令如下:
kubectl taint nodes --all node-role.kubernetes.io/master-
复制代码
禁止 master 部署 pod:
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
复制代码
以上单机版部署结束,如果你的项目中,交付的是软硬件结合的一体机,那么到此就结束了。记得单机下要允许 master 节点部署哟!
以上面部署的机器为例,作为 master 节点,继续执行:
scp /etc/kubernetes/admin.conf $nodeUser@$nodeIp:/home/$nodeUserscp /etc/kubernetes/pki/etcd/* $nodeUser@$nodeIp:/home/$nodeUser/etcdkubeadm token generatekubeadm token create $token_name --print-join-command --ttl=0kubeadm join $masterIP:6443 --token $token_name --discovery-token-ca-cert-hash $hash
复制代码
Node 机器执行时,如果需要 cuda ,可以参考以下资料:
https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#ubuntu-installationhttps://blog.csdn.net/u012235003/article/details/54575758https://blog.csdn.net/qq_39670011/article/details/90404111
复制代码
正式执行:
vim /etc/modprobe.d/blacklist-nouveau.confblacklist nouveauoptions nouveau modeset=0update-initramfs -u
复制代码
重启 ubuntu 查看是否禁用成功:
lsmod | grep nouveau
apt-get remove --purge nvidia*
https://developer.nvidia.com/cuda-downloadssudo apt-get install freeglut3-dev build-essential libx11-dev libxmu-dev libxi-dev libgl1-mesa-glx libglu1-mesa libglu1-mesa-dev
复制代码
安装 cuda:
acceptselect "Install" / Enterselect "Yes"sh cuda_10.1.168_418.67_linux.runecho 'export PATH=/usr/local/cuda-10.1/bin:$PATH' >> ~/.bashrcecho 'export PATH=/usr/local/cuda-10.1/NsightCompute-2019.3:$PATH' >> ~/.bashrcecho 'export LD_LIBRARY_PATH=/usr/local/cuda-10.1/lib64:$LD_LIBRARY_PATH' >> ~/.bashrcsource ~/.bashrc
复制代码
重启机器,检查 cuda 是否安装成功。
查看是否有“nvidia*”的设备:
如果没有,创建一个 nv.sh:
vi nv.sh#!/bin/bash /sbin/modprobe nvidiaif [ "$?" -eq 0 ];thenNVDEVS=`lspci | grep -i NVIDIA`N3D=`echo"$NVDEVS"| grep "3D controller" | wc -l`NVGA=`echo"$NVDEVS"| grep "VGA compatible controller" | wc -l`N=`expr $N3D + $NVGA -1`for i in `seq0 $N`; do mknod -m 666 /dev/nvidia$i c 195 $idone mknod -m 666 /dev/nvidiactl c 195 255else exit 1fichmod +x nv.sh && bash nv.sh
复制代码
再次重启机器查看 cuda 版本:
编译:
cd /usr/local/cuda-10.1/samples && make
cd /usr/local/cuda-10.1/samples/bin/x86_64/linux/release ./deviceQuery
复制代码
以上如果输出:“Result = PASS” 代表 cuda 安装成功。
安装 nvdocker:
vim /etc/docker/daemon.json{"runtimes":{ "nvidia":{ "path":"nvidia-container-runtime", "runtimeArgs":[] }},"registry-mirrors":["https://registry.docker-cn.com"],"storage-driver":"overlay2","default-runtime":"nvidia","log-driver":"json-file","log-opts":{ "max-size":"100m"},"exec-opts": ["native.cgroupdriver=systemd"],"insecure-registries": [$harborRgistry],"live-restore": true}
复制代码
重启 docker:
sudo systemctl daemon-reload && sudo systemctl restart docker && docker info
复制代码
检查 nvidia-docker 安装是否成功:
docker run --runtime=nvidia --rm nvidia/cuda:9.0-base nvidia-smi
复制代码
在节点机器进入 su 模式:
给当前节点用户配置 k8s apiserver 访问公钥:
mkdir -p $HOME/.kubecp -i admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/configmkdir -p $HOME/etcdsudo rm -rf /etc/kubernetessudo mkdir -p /etc/kubernetes/pki/etcdsudo cp /home/$nodeUser/etcd/* /etc/kubernetes/pki/etcdsudo kubeadm join $masterIP:6443 --token $token_name --discovery-token-ca-cert-hash $hash
复制代码
如:
sudo kubeadm join 192.168.8.116:6443 --token vyi4ga.foyxqr2iz9i391q3 --discovery-token-ca-cert-hash sha256:929143bcdaa3e23c6faf20bc51ef6a57df02edf9df86cedf200320a9b4d3220a
复制代码
检查 node 是否加入 master:
以上介绍了单机的 k8s 部署,以及 HA 的 master 节点的部署安装。
结束福利
开源实战利用 k8s 作微服务的架构设计代码:
欢迎大家 star,多多指教。
关于作者
笔名:Damon,技术爱好者,长期从事 Java 开发、Spring Cloud 的微服务架构设计,以及结合 Docker、K8s 做微服务容器化,自动化部署等一站式项目部署、落地。目前主要从事基于 K8s 云原生架构研发的工作。Golang 语言开发,长期研究边缘计算框架 KubeEdge、调度框架 Volcano 等。公众号 程序猿Damon 发起人。个人微信 MrNull008,个人网站:Damon | Micro-Service | Containerization | DevOps,欢迎來撩。
欢迎关注:InfoQ
欢迎关注:腾讯自媒体专栏
精彩推荐
欢迎关注
评论