准备虚拟机

在Openstack上开四个虚拟机，1个用作Kubernetes Master，3个用作Kubernetes Node

由于用到google的rpm包仓库（packages.cloud.google.com）和容器仓库（gcr.io），所以需要提前下载好需要的rpm包和容器镜像。

登陆所有4台机器安装kubelet和kubeadm

你将会安装如下软件包：

docker：容器运行时，被Kubernetes依赖kubelet：Kubernetes核心组件，他运行在集群中的所有节点上，用来启动容器和podskubectl：命令行工具，用来控制集群，只需要安装到kube-master上kubeadm：集群安装工具

在所有节点上执行以下命令：

tee /etc/yum.repos.d/docker.repo <<-'EOF'[dockerrepo]name=Docker Repositorybaseurl=https://yum.dockerproject.org/repo/main/centos/7/enabled=1gpgcheck=1gpgkey=https://yum.dockerproject.org/gpgEOFsetenforce 0# 升级内核，防止Ddashborad启动失败，https://github.com/rancher/rancher/issues/7436yum update -y kernelyum install -y docker-engine-1.12.6 docker-engine-selinux-1.12.6systemctl enable docker && systemctl start dockerreboot

下载需要的rpm包

通过yum命令下载

yum install -y --downloadonly --downloaddir=/root/kubernetes-el7-x86_64 kubelet kubeadm kubectl kubernetes-cnitar czvf kubernetes-el7-x86_64.tar.gz kubernetes-el7-x86_64

或者通过浏览器下载(需要)

# 可以通过下面网页找到要下载的rpm包地址https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/primary.xml# 在浏览访问下面链接下载https://packages.cloud.google.com/yum/pool/5612db97409141d7fd839e734d9ad3864dcc16a630b2a91c312589a0a0d960d0-kubeadm-1.6.0-0.alpha.0.2074.a092d8e0f95f52.x86_64.rpmhttps://packages.cloud.google.com/yum/pool/93af9d0fbd67365fa5bf3f85e3d36060138a62ab77e133e35f6cadc1fdc15299-kubectl-1.5.1-0.x86_64.rpmhttps://packages.cloud.google.com/yum/pool/8a299eb1db946b2bdf01c5d5c58ef959e7a9d9a0dd706e570028ebb14d48c42e-kubelet-1.5.1-0.x86_64.rpmhttps://packages.cloud.google.com/yum/pool/567600102f687e0f27bd1fd3d8211ec1cb12e71742221526bb4e14a412f4fdb5-kubernetes-cni-0.3.0.1-0.07a8a2.x86_64.rpm

下载并上传到所有四台机器上然后安装

# 安装依赖包# yum install -y ebtables socat# tar xzvf /tmp/kubernetes-el7-x86_64.tar.gzkubernetes-el7-x86_64/kubernetes-el7-x86_64/567600102f687e0f27bd1fd3d8211ec1cb12e71742221526bb4e14a412f4fdb5-kubernetes-cni-0.3.0.1-0.07a8a2.x86_64.rpmkubernetes-el7-x86_64/5612db97409141d7fd839e734d9ad3864dcc16a630b2a91c312589a0a0d960d0-kubeadm-1.6.0-0.alpha.0.2074.a092d8e0f95f52.x86_64.rpmkubernetes-el7-x86_64/8a299eb1db946b2bdf01c5d5c58ef959e7a9d9a0dd706e570028ebb14d48c42e-kubelet-1.5.1-0.x86_64.rpmkubernetes-el7-x86_64/93af9d0fbd67365fa5bf3f85e3d36060138a62ab77e133e35f6cadc1fdc15299-kubectl-1.5.1-0.x86_64.rpm# cd kubernetes-el7-x86_64/# rpm -ivh *warning: 5612db97409141d7fd839e734d9ad3864dcc16a630b2a91c312589a0a0d960d0-kubeadm-1.6.0-0.alpha.0.2074.a092d8e0f95f52.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 3e1ba8d5: NOKEYPreparing...                          ################################# [100%]Updating / installing...   1:kubelet-1.5.1-0                  ################################# [ 25%]   2:kubernetes-cni-0.3.0.1-0.07a8a2  ################################# [ 50%]   3:kubectl-1.5.1-0                  ################################# [ 75%]   4:kubeadm-1.6.0-0.alpha.0.2074.a092################################# [100%]# systemctl enable kubelet && systemctl start kubelet

通过hub.docker.com作为代理，提前下载好容器镜像

images=(kube-proxy-amd64:v1.5.3 kube-scheduler-amd64:v1.5.3 kube-controller-manager-amd64:v1.5.3 kube-apiserver-amd64:v1.5.3 etcd-amd64:3.0.14-kubeadm kube-discovery-amd64:1.0 pause-amd64:3.0 kubedns-amd64:1.9 dnsmasq-metrics-amd64:1.0 kube-dnsmasq-amd64:1.4 exechealthz-amd64:1.2)for imageName in ${images[@]} ; do  docker pull ist0ne/$imageName  docker tag ist0ne/$imageName gcr.io/google_containers/$imageName  docker rmi ist0ne/$imageNamedone

查看下载好的镜像

# docker imagesREPOSITORY                                               TAG                 IMAGE ID            CREATED             SIZEgcr.io/google_containers/kube-proxy-amd64                v1.5.3              932ee3606ada        12 days ago         173.5 MBgcr.io/google_containers/kube-scheduler-amd64            v1.5.3              cb0ce9bb60f9        12 days ago         54 MBgcr.io/google_containers/kube-controller-manager-amd64   v1.5.3              25304c6f1bb2        12 days ago         102.8 MBgcr.io/google_containers/kube-apiserver-amd64            v1.5.3              93d8b30a8f27        12 days ago         125.9 MBgcr.io/google_containers/etcd-amd64                      3.0.14-kubeadm      856e39ac7be3        3 months ago        174.9 MBgcr.io/google_containers/kubedns-amd64                   1.9                 26cf1ed9b144        3 months ago        47 MBgcr.io/google_containers/dnsmasq-metrics-amd64           1.0                 5271aabced07        3 months ago        14 MBgcr.io/google_containers/kube-dnsmasq-amd64              1.4                 3ec65756a89b        5 months ago        5.126 MBgcr.io/google_containers/kube-discovery-amd64            1.0                 c5e0c9a457fc        5 months ago        134.2 MBgcr.io/google_containers/exechealthz-amd64               1.2                 93a43bfb39bf        5 months ago        8.375 MBgcr.io/google_containers/pause-amd64                     3.0                 99e59f495ffa        9 months ago        746.9 kB

初始化k8s-master

[root@k8s-master ~]\# kubeadm init --use-kubernetes-version v1.5.3[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.[preflight] Running pre-flight checks[preflight] Starting the kubelet service[init] Using Kubernetes version: v1.5.3[tokens] Generated token: "976234.e91451d4305bc282"[certificates] Generated Certificate Authority key and certificate.[certificates] Generated API Server key and certificate[certificates] Generated Service Account signing keys[certificates] Created keys and certificates in "/etc/kubernetes/pki"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"[apiclient] Created API client, waiting for the control plane to become ready[apiclient] All control plane components are healthy after 30.791025 seconds[apiclient] Waiting for at least one node to register and become ready[apiclient] First node is ready after 17.501927 seconds[apiclient] Creating a test deployment[apiclient] Test deployment succeeded[token-discovery] Created the kube-discovery deployment, waiting for it to become ready[token-discovery] kube-discovery is ready after 3.502132 seconds[addons] Created essential addon: kube-proxy[addons] Created essential addon: kube-dnsYour Kubernetes master has initialized successfully!You should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:    http://kubernetes.io/docs/admin/addons/You can now join any number of machines by running the following on each node:kubeadm join --token=976234.e91451d4305bc282 192.168.101.146[root@k8s-master ~]\# kubectl get nodesNAME                   STATUS         AGEk8s-master.novalocal   Ready,master   1m

将k8s-node加入集群

[root@k8s-node1 ~]# kubeadm join --token=976234.e91451d4305bc282 192.168.101.146[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.[preflight] Running pre-flight checks[preflight] WARNING: kubelet service is not enabled, please run 'systemctl enable kubelet.service'[preflight] Starting the kubelet service[tokens] Validating provided token[discovery] Created cluster info discovery client, requesting info from "http://192.168.101.146:9898/cluster-info/v1/?token-id=976234"[discovery] Cluster info object received, verifying signature using given token[discovery] Cluster info signature and contents are valid, will use API endpoints [https://192.168.101.146:6443][bootstrap] Trying to connect to endpoint https://192.168.101.146:6443[bootstrap] Detected server version: v1.5.3[bootstrap] Successfully established connection with endpoint "https://192.168.101.146:6443"[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request[csr] Received signed certificate from the API server:Issuer: CN=kubernetes | Subject: CN=system:node:k8s-node1.novalocal | CA: falseNot before: 2017-02-28 04:44:00 +0000 UTC Not After: 2018-02-28 04:44:00 +0000 UTC[csr] Generating kubelet configuration[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"Node join complete:* Certificate signing request sent to master and response  received.* Kubelet informed of new secure connection details.Run 'kubectl get nodes' on the master to see this machine join.

所有三个节点均加入集群：

[root@k8s-master ~]# kubectl get nodesNAME                   STATUS         AGEk8s-master.novalocal   Ready,master   2mk8s-node1.novalocal    Ready          37sk8s-node2.novalocal    Ready          35sk8s-node3.novalocal    Ready          31s

部署pod网络

为了不同节点上的pods进行通信，需要安装pod网络插件。这里使用Weave Net，也可以用Calico和Canal

[root@k8s-master ~]# kubectl apply -f https://git.io/weave-kubedaemonset "weave-net" created[root@k8s-master ~]# kubectl get pods --all-namespacesNAMESPACE     NAME                                           READY     STATUS    RESTARTS   AGEkube-system   dummy-2088944543-swbl5                         1/1       Running   0          57mkube-system   etcd-k8s-master.novalocal                      1/1       Running   0          56mkube-system   kube-apiserver-k8s-master.novalocal            1/1       Running   0          58mkube-system   kube-controller-manager-k8s-master.novalocal   1/1       Running   0          58mkube-system   kube-discovery-1769846148-x0wzj                1/1       Running   0          57mkube-system   kube-dns-2924299975-lvxmt                      4/4       Running   0          57mkube-system   kube-proxy-krr45                               1/1       Running   0          55mkube-system   kube-proxy-lnr90                               1/1       Running   0          55mkube-system   kube-proxy-m7wch                               1/1       Running   0          57mkube-system   kube-proxy-td1jr                               1/1       Running   0          55mkube-system   kube-scheduler-k8s-master.novalocal            1/1       Running   0          56mkube-system   weave-net-b034k                                2/2       Running   0          50mkube-system   weave-net-mncwx                                2/2       Running   0          50mkube-system   weave-net-mpsqn                                2/2       Running   0          50mkube-system   weave-net-r4c88                                2/2       Running   0          50m

需要等一会，待 kube-dns部署完成。

部署微服务

创建sock-shop命名空间

[root@k8s-master ~]# kubectl create namespace sock-shopnamespace "sock-shop" created

部署sock-shop服务

[root@k8s-master ~]# kubectl apply -n sock-shop -f "https://github.com/microservices-demo/microservices-demo/blob/master/deploy/kubernetes/complete-demo.yaml?raw=true"namespace "sock-shop" configureddeployment "cart-db" createdservice "cart-db" createddeployment "cart" createdservice "cart" createddeployment "catalogue-db" createdservice "catalogue-db" createddeployment "catalogue" createdservice "catalogue" createddeployment "front-end" createdservice "front-end" createddeployment "orders-db" createdservice "orders-db" createddeployment "orders" createdservice "orders" createddeployment "payment" createdservice "payment" createddeployment "queue-master" createdservice "queue-master" createddeployment "rabbitmq" createdservice "rabbitmq" createddeployment "shipping" createdservice "shipping" createddeployment "user-db" createdservice "user-db" createddeployment "user" createdservice "user" createddeployment "zipkin" createdservice "zipkin" createddeployment "zipkin-mysql" createdservice "zipkin-mysql" createddeployment "zipkin-cron" created

查看front-end服务部署情况

[root@k8s-master ~]# kubectl describe svc front-end -n sock-shopName:           front-endNamespace:      sock-shopLabels:         name=front-endSelector:       name=front-endType:           NodePortIP:         10.108.209.191Port:           
     
       80/TCPNodePort:       
      
        30001/TCPEndpoints:      10.44.0.2:8079Session Affinity:   NoneNo events.[root@k8s-master ~]# kubectl get pods -n sock-shopNAME                            READY     STATUS              RESTARTS   AGEcart-2733362716-m3mq2           1/1       Running             0          45mcart-db-2053818980-fdmw9        1/1       Running             0          45mcatalogue-3179692907-4bt8v      1/1       Running             0          45mcatalogue-db-2290683463-4g5vl   1/1       Running             0          45mfront-end-2489554388-7r98g      1/1       Running             0          45morders-3248148685-1k1g2         1/1       Running             0          45morders-db-3277638702-9t6vl      1/1       Running             0          45mpayment-1230586184-q8b75        1/1       Running             0          45mqueue-master-1190579278-l0pkg   1/1       Running             0          45mrabbitmq-3472039365-rv21j       1/1       Running             0          45mshipping-595972932-2v8pr        1/1       Running             0          45muser-937712604-8m7zd            1/1       Running             0          45muser-db-431019311-0qvfr         1/1       Running             0          45mzipkin-3759864772-b8v93         1/1       Running             0          45mzipkin-cron-1577918700-66s4n    1/1       Running             0          45mzipkin-mysql-1199230279-pnd6m   1/1       Running             0          45m
      
     

打开Openstack的防火墙规则，允许TCP 30001端口被访问，访问：

 

参考文档：

 

 

http://yoyolive.com/2017/02/27/Kubernetes-1-5-3-Local-Install/

https://mritd.me/2016/10/29/set-up-kubernetes-cluster-by-kubeadm/#22%E9%95%9C%E5%83%8F%E4%BB%8E%E5%93%AA%E6%9D%A5