部署环境
| IP地址 |
主机名 |
功能 |
|---|---|---|
| 10.1.104.200 | k8s-deploy | 部署节点,不承担实际作用 |
| 10.1.104.201 | k8s-master01 | master节点 |
| 10.1.104.202 | k8s-master02 | master节点 |
| 10.1.104.203 | k8s-master03 | master节点 |
| 10.1.104.204 | k8s-nginx | 负载均衡节点,实际生产中应为HA架构 |
| 10.1.104.205 | k8s-node01 | node节点 |
| 10.1.104.206 | k8s-node02 | node节点 |
| 10.1.104.207 | k8s-node03 | node节点 |
部署worker节点(docker)
安装worker节点需要的依赖包(k8s-deploy):
安装worker节点需要的依赖包:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "yum install -y epel-release"
ssh root@${node_ip} "yum install -y conntrack ipvsadm ntp ntpdate ipset jq iptables curl sysstat libseccomp && modprobe ip_vs"
done- 若master节点也需作为work节点,则此处变量需要改成${NODE_IPS[@]。
下载和分发docker二进制文件(k8s-deploy):
分发worker节点所需的二进制文件:
cd /opt/k8s/work
wget http://download.wenjun1984.cn/Kubernetes/Docker/docker-18.09.6.tgz
tar -xvf docker-18.09.6.tgz
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp docker/* root@${node_ip}:/opt/k8s/bin/
ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
done创建docker服务文件:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
cat > docker.service << "EOF"
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
WorkingDirectory=##DOCKER_DIR##
Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin"
EnvironmentFile=-/run/flannel/docker
ExecStart=/opt/k8s/bin/dockerd $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF- EOF前后有双引号,这样bash不会替换文档中的变量,如$DOCKER_NETWORK_OPTIONS。
- flanneld启动时将网络配置写入/run/flannel/docker文件中,dockerd启动前读取该文件中的环境变量$DOCKER_NETWORK_OPTIONS,然后设置docker0网桥网段。
- 如果指定了多个EnvironmentFile选项,则必须将/run/flannel/docker放在最后(确保docker0使用flanneld 生成的 bip 参数)。
- docker需要以root权限运行。
将docker服务文件分发到各worker节点:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
sed -i -e "s|##DOCKER_DIR##|${DOCKER_DIR}|" docker.service
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp docker.service root@${node_ip}:/etc/systemd/system/
done创建docker配置文件:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
cat > docker-daemon.json << EOF
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://hub-mirror.c.163.com"],
"insecure-registries": ["docker02:35000"],
"max-concurrent-downloads": 20,
"live-restore": true,
"max-concurrent-uploads": 10,
"debug": true,
"data-root": "${DOCKER_DIR}/data",
"exec-root": "${DOCKER_DIR}/exec",
"log-opts": {
"max-size": "100m",
"max-file": "5"
}
}
EOF将docker配置文件分发到各worker节点:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "mkdir -p /etc/docker/ ${DOCKER_DIR}/{data,exec}"
scp docker-daemon.json root@${node_ip}:/etc/docker/daemon.json
done启动docker并检测运行状态(k8s-deploy):
启动各worker节点的docker服务:
cd /opt/k8s/work
source /opt/k8s/bin/environment.sh
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker"
done确认各worker节点docker服务正常启动:
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl status docker|grep Active"
done
检测各worker节点docker0和flannel是否在同一网段中:
for node_ip in ${NODE_NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "/usr/sbin/ip addr show flannel.1 && /usr/sbin/ip addr show docker0"
done
- 如果docker0网桥和flannel.1接口的IP不处于同一个网段下,则先停止docker服务, 手工删除docker0网卡,重新启动docker服务后即可修复:
systemctl stop docker ip link delete docker0 systemctl start docker
使用docker info检测每个实例,确保进程正常启动。
文档更新时间: 2020-10-22 15:55 作者:闻骏
