3个Kubernetes集群1个基于本地机器 [英] 3 Kubernetes clusters 1 base on local machine
问题描述
我想学习Kubernetes,并想在我的笔记本电脑上进行设置.
I would like to learn Kubernetes and would like to setup it on my laptop.
架构如下:
- 在笔记本电脑上创建4个Ubuntu 18.04服务器VM实例
- 4个虚拟机中的3个将是Kubernetes集群,而1个虚拟机将成为基础
- 通过SSH访问基本VM
对于虚拟化,我使用的是Virtual Box.
For virtualization, I am using Virtual Box.
问题是,如何实现?
推荐答案
要使用Virtualbox和Kubeadm在Ubuntu服务器上设置Kubernetes集群,请遵循以下步骤:
To set up Kubernetes Cluster on Ubuntu Servers with Virtualbox and Kubeadm follow this steps:
- 具有最低规格的虚拟机:
- 2个核心和2GB RAM用于主节点
- 1个核心,每个工作节点1GB
所有虚拟机都需要与Internet,主要主机以及彼此进行通信.可以通过各种方式来完成,例如:桥接网络,虚拟主机适配器等.下面的网络方案示例可以调整.
All of the virtual machines need to communicate with the Internet, main host and each other. It can be done through various means like: bridged networking, virtual hosts adapters etc. The networking scheme example below can be adjusted.
您可以手动执行所有操作,但是可以使用Ansible等自动化工具来加快配置过程.可以将其安装在虚拟化主机,其他虚拟机等上.
You can do all things manually but to speed up the configuration process you can use automation tool like Ansible. It can be installed on the virtualization host, another virtual machine etc.
- 刷新有关存储库中软件包的信息:
$ sudo apt update - 安装Python3的软件包管理器:
$ sudo apt install python3-pip - 安装Ansible软件包:
$ sudo pip3 install ansible
要不使用密码即可连接到虚拟机,您需要配置ssh密钥.下面的命令将创建一对ssh密钥(私有和公共),并允许您在不提供密码的情况下登录不同的系统.
$ ssh-keygen -t rsa -b 4096
这些密钥将在默认位置创建:/home/USER/.sshTo be able to connect to virtual machines without password you need to configure ssh keys. Command below will create a pair of ssh keys (private and public) and allow you to login to different systems without providing password.
$ ssh-keygen -t rsa -b 4096
These keys will be created in default location: /home/USER/.ssh下一步是将新创建的ssh密钥上载到所有虚拟机.
您需要为每个虚拟机调用:$ ssh-copy-id USER @ IP_ADDRESS
此命令会将您的公钥复制到authorized_keys文件,并允许您不用密码登录.Next step is to upload newly created ssh keys to all of the virtual machines.
For each of virtual machine you need to invoke:
$ ssh-copy-id USER@IP_ADDRESS
This command will copy your public key to the authorized_keys file and will allow you to login without password.默认情况下,仅通过密码无法使用ssh访问root帐户.可以使用ssh密钥(您之前创建的)对其进行访问.假设文件的默认配置,您可以将ssh目录从用户复制到根目录.
By default root account can't be accessed with ssh only by password. It can be accessed with ssh keys (which you created earlier). Assuming the default configurations of files you can copy the ssh directory from user to root directory.
此步骤需要在所有虚拟机上调用:
$ sudo cp -r/home/USER/.ssh/root/您可以通过在主主机上运行以下命令来检查它:
$ ssh root @ IP_ADDRESSYou can check it by running below command on main host:
$ ssh root@IP_ADDRESS如果可以不使用密码进行连接,则表示密钥配置正确.
If you can connect without password it means that the keys are configured correctly.
您需要检查Ansible是否可以连接到所有虚拟机.为此,您需要做两件事:
You need to check if Ansible can connect to all of the virtual machines. To do that you need 2 things:
- 主机文件,其中包含有关主机(在这种情况下为虚拟机)的信息
- Playbook 文件,其中包含您需要Ansible进行声明的内容
- Hosts file with information about hosts (virtual machines in that case)
- Playbook file with statements what you require from Ansible to do
示例主机文件:
[kubernetes:children] master nodes [kubernetes:vars] ansible_user=root ansible_port=22 [master] kubernetes-master ansible_host=10.0.0.10 [nodes] kubernetes-node1 ansible_host=10.0.0.11 kubernetes-node2 ansible_host=10.0.0.12 kubernetes-node3 ansible_host=10.0.0.13主机文件包含2个主要的主机组:
Hosts file consists of 2 main groups of hosts:
- master-为主节点创建的组
- 节点-为工作节点创建的组
特定于组的变量存储在 [kubernetes:vars] 部分中.
Variables specific to group are stored in section [kubernetes:vars].
示例剧本:
- name: Playbook for checking connection between hosts hosts: all gather_facts: no tasks: - name: Task to check the connection ping:上述手册的主要目的是检查主机与虚拟机之间的连接.
您可以通过调用以下命令来测试连接:$ ansible-playbook -i hosts_file ping.yamlMain purpose of above playbook is to check connection between host and virtual machines.
You can test the connection by invoking command:
$ ansible-playbook -i hosts_file ping.yaml此命令的输出应如下所示:
Output of this command should be like this:
PLAY [Playbook for checking connection between hosts] ***************************************************** TASK [Task to check the connection] *********************************************************************** ok: [kubernetes-node1] ok: [kubernetes-node2] ok: [kubernetes-node3] ok: [kubernetes-master] PLAY RECAP ************************************************************************************************ kubernetes-master : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 kubernetes-node1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 kubernetes-node2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 kubernetes-node3 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0上面的输出证明Ansible和虚拟机之间的连接已成功.
The output above proves that connection between Ansible and virtual machines have been successful.
可以使用Ansible配置主机名.每个虚拟机应通过其主机名与每个虚拟机连接.Ansible可以修改主机名以及/etc/hosts文件.剧本示例: hostname.yaml
Hostnames can be configured with Ansible. Each vm should connect with each vm by their hostnames. Ansible can modify hostnames as well as /etc/hosts file. Example playbook: hostname.yaml
使用Kubernetes时需要禁用掉期.剧本示例: disable_swap.yaml
Swap needs to be disabled when working with Kubernetes. Example playbook: disable_swap.yaml
在配置之前需要一些软件包.所有这些都可以使用Ansible安装:
剧本示例: apt_install.yamlSome packages are required before provisioning. All of them can be installed with Ansible:
Example playbook: apt_install.yaml在此示例中,您将安装Docker作为您的CRI.剧本 docker_install.yaml 将:
In this example you will install Docker as your CRI. Playbook docker_install.yaml will:
- 为Docker添加apt签名键
- 添加Docker的存储库
- 安装具有特定版本的Docker(推荐最新版本)
[警告IsDockerSystemdCheck]:检测到"cgroupfs"作为Docker cgroup驱动程序.推荐的驱动程序是"systemd"
在部署Kubernetes集群时,kubeadm将给出有关Docker cgroup驱动程序的上述警告.创建了剧本 docker_configure.yaml 即可解决此问题.
When deploying Kubernetes cluster kubeadm will give above warning about Docker cgroup driver. Playbook docker_configure.yaml was created to resolve this issue.
在集群部署之前,需要安装Kubernetes的一些核心组件.剧本 kubetools_install.yaml 将:
There are some core components of Kubernetes that need to be installed before cluster deployment. Playbook kubetools_install.yaml will:
- 对于主节点和工作节点:
- 为Kubernetes添加适当的签名密钥
- 添加Kubernetes存储库
- 安装kubelet和kubeadm
- 安装kubectl
Playbook reboot.yaml 将重新引导所有虚拟机.
Playbook reboot.yaml will reboot all the virtual machines.
成功完成上述所有步骤后,即可创建集群.以下命令将初始化集群:
After successfully completing all the steps above, cluster can be created. Command below will initialize a cluster:
$ kubeadm init --apiserver-advertise-address = IP_ADDRESS_OF_MASTER_NODE --pod-network-cidr = 192.168.0.0/16Kubeadm可以发出有关CPU数量的警告.可以通过将附加参数传递给kubeadm init命令来忽略它:
-ignore-preflight-errors = NumCPUKubeadm can give warning about number of CPU's. It can be ignored by passing additional argument to kubeadm init command:
--ignore-preflight-errors=NumCPU成功的kubeadm设置应输出类似以下内容:
Sucessful kubeadm provisioning should output something similar to this:
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.0.0.10:6443 --token SECRET-TOKEN \ --discovery-token-ca-cert-hash sha256:SECRET-CA-CERT-HASH为所有工作节点复制kubeadm连接命令:
Copy kubeadm join command for all the worker nodes:
kubeadm join 10.0.0.10:6443 --token SECRET-TOKEN \ --discovery-token-ca-cert-hash sha256:SECRET-CA-CERT-HASH以普通用户身份运行以下命令:
Run commands below as regular user:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config部署容器网络接口(CNI)
CNI负责Pod和节点之间的联网.有很多示例,例如:
Deploying Container Network Interface (CNI)
CNI is responsible for networking between pods and nodes. There are many examples like:
- 绒布
- Calico
- 编织
- 多胞胎
下面的命令将安装Calico:
Command below will install Calico:
$ kubectl apply -f https://docs.projectcalico.org/v3.10/manifests/calico.yaml从kubeadm init输出在所有工作节点上运行先前存储的命令:
Run previously stored command from kubeadm init output on all worker nodes:
kubeadm join 10.0.0.10:6443 --token SECRET-TOKEN \ --discovery-token-ca-cert-hash sha256:SECRET-CA-CERT-HASH所有工作节点均应输出:
All of the worker nodes should output:
This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.测试:
以常规用户身份在主节点上运行以下命令,以检查节点是否正确连接:
Testing:
Run below command on master node as regular user to check if nodes are properly connected:
$ kubectl获取节点此命令的输出:
NAME STATUS ROLES AGE VERSION kubernetes-master Ready master 115m v1.16.2 kubernetes-node1 Ready <none> 106m v1.16.2 kubernetes-node2 Ready <none> 105m v1.16.2 kubernetes-node3 Ready <none> 105m v1.16.2以上输出得出结论,所有节点均已正确配置.
Above output concludes that all the nodes are configured correctly.
现在可以将Pod部署在集群上!
这篇关于3个Kubernetes集群1个基于本地机器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
