k8s集群的部署其实不复杂,了解清晰集群的整体服务以后用kubeadm也好还是minikube,或者其他工具都会很清楚如何部署,但是没有科学上网很多事情就变得复杂了……之前的一篇(点击这里查看这篇文章)里面已经讲了如何用ali的容器景象服务来进行镜像的海外构建再转回本地,不过手动操作有些复杂。所以还是自动化的东西舒服啊,不用科学上网,也不用把一堆镜像先弄下来:)

镜像中转

我自己手动操作了几次,由于镜像有些多,于是创建了一个github上的Organizations,把中转需要的一些镜像加到其中,所有镜像的tag也都再各自Dockerfile的repo中创建相应的tag来一一对应进行维护。

中转的Dockerfile固定并且有了秩序以后,ali的容器镜像服务中也都创建相应的仓库,一一对应各个镜像,还好ali的一个仓库可以匹配多个构建规则,这样只需要将github中的Dockerfile的各个tag创建相应的规则即可:

多个构建规则

部署流程

有了Dockerfile,又通过Dockerfile有了能build镜像的地方,剩下的其实就是把镜像pull下来,改成原来的tag就行了,所以使用minikube的步骤就更简单了:

  • 安装minikube(以及相应的虚拟化,virtualbox, kvm或者hyperkit)
  • 启动minikube vm
  • pull镜像,改tag

前两个就不说了,没有什么复杂度,第三个这种东西,一个脚本就搞定了,->点击查看
由于k8s集群版本的不通所需要的镜像版本也各不相同,这个脚本就以k8s版本为branch来维护了,这里我的基本环境是这样的:

  • minikube: 0.26.0
  • k8s: 1.10.0

需要的镜像脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
# For k8s 1.10.0 in minikube 0.26 

# kube-addon-manager
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/kube-addon-manager:v8.6
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/kube-addon-manager:v8.6 k8s.gcr.io/kube-addon-manager:v8.6

# pause-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/pause-amd64:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1

# kubernetes-dashboard-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/kubernetes-dashboard-amd64:v1.8.1
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/kubernetes-dashboard-amd64:v1.8.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.1

# k8s-dns-dnsmasq-nanny-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-dnsmasq-nanny-amd64:1.14.5
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-dnsmasq-nanny-amd64:1.14.5 k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.5

# k8s-dns-sidecar-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-sidecar-amd64:1.14.5
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-sidecar-amd64:1.14.5 k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.5

# k8s-dns-kube-dns-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-kube-dns-amd64:1.14.5
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/k8s-dns-kube-dns-amd64:1.14.5 k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.5

# storage-provisioner
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/storage-provisioner:v1.8.1
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/storage-provisioner:v1.8.1 gcr.io/k8s-minikube/storage-provisioner:v1.8.1

# heapster-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-amd64:v1.5.0
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-amd64:v1.5.0 k8s.gcr.io/heapster-amd64:v1.5.0

# heapster-influxdb-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-influxdb-amd64:v1.3.3
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-influxdb-amd64:v1.3.3 k8s.gcr.io/heapster-influxdb-amd64:v1.3.3

# heapster-grafana-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-grafana-amd64:v4.4.3
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/heapster-grafana-amd64:v4.4.3 k8s.gcr.io/heapster-grafana-amd64:v4.4.3

# defaultbackend
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/defaultbackend:1.4
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/defaultbackend:1.4 k8s.gcr.io/defaultbackend:1.4

# tiller
docker pull registry.cn-hangzhou.aliyuncs.com/dck8s/tiller:v2.8.2
docker tag registry.cn-hangzhou.aliyuncs.com/dck8s/tiller:v2.8.2 gcr.io/kubernetes-helm/tiller:v2.8.2

开始部署

默认minikube已经装完了哦,从第二部开始执行,启动minikube虚拟机,我在windows下使用的virtualbox,管理员权限首先打开powershell,然后执行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
> minikube start  --vm-driver virtualbox --extra-config=apiserver.Authorization.Mode=RBAC --bootstrapper localkube
Starting local Kubernetes v1.10.0 cluster...
Starting VM...
Downloading Minikube ISO
 150.53 MB / 150.53 MB [============================================] 100.00% 0s
Getting VM IP address...
WARNING: The localkube bootstrapper is now deprecated and support for it
will be removed in a future release. Please consider switching to the kubeadm bootstrapper, which
is intended to replace the localkube bootstrapper. To disable this message, run
[minikube config set ShowBootstrapperDeprecationNotification false]
Moving files into cluster...
Downloading localkube binary
 173.54 MB / 173.54 MB [============================================] 100.00% 0s
 0 B / 65 B [----------------------------------------------------------]   0.00%
 65 B / 65 B [======================================================] 100.00% 0sSetting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.
Loading cached images from config file.

注:这里bootstrapper指定k8s的部署引擎,我使用的是localkube,但是这个版本的minikube默认已经使用kubeadm了,localkube将来是要废弃的,kubeadm的之后再尝试,所以这里还是需要手动指定到localkube的。我在这里启用了RBAC,我后面想操作service-catalog方便,所以这个是必须的,如果没有需要,RBAC不要开启,不然集群会起不来,当然下面有解决办法:)。

执行过程中会下载minikube虚拟机用的iso以及localkube程序。如果网络有问题可以手动下载然后放到自己用户的.minikube中相应的目录里。

查看下集群状态:

1
2
3
4
5
6
7
8
> minikube status -b localkube
WARNING: The localkube bootstrapper is now deprecated and support for it
will be removed in a future release. Please consider switching to the kubeadm bootstrapper, which
is intended to replace the localkube bootstrapper. To disable this message, run
[minikube config set ShowBootstrapperDeprecationNotification false]
minikube: Running
cluster: Running
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.100

显示集群已经启动,再通过kubectl查看一下:

1
2
3
> kubectl get pods --all-namespaces
NAMESPACE     NAME                          READY     STATUS              RESTARTS   AGE
kube-system   kube-addon-manager-minikube   0/1       ContainerCreating   0          2m

pod没有正常启动,如果查看log就能看到是pull镜像有问题,这时候就需要我们这次的方案了,登陆到minikube然后执行脚本即可:

1
2
3
4
$ minikube ssh
$ git clone https://github.com/k8simage/pullimage.git -b 1.10.0
$ cd pullimage
$ sh minikube_pull_images.sh

执行脚本就开始一个一个的从我们ali的中转站下载镜像啦,然后再一个一个的改tag。
这时候去喝杯茶然后再回来…

镜像都下完了:)从minikube虚拟机退出来,然后查看下各个pod的状况:

1
2
3
4
5
6
> kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS        RESTARTS   AGE
kube-system   kube-addon-manager-minikube             1/1       Running       0          31m
kube-system   kube-dns-6dcb57bcc8-7lkrx               3/3       Running       0          59s
kube-system   kubernetes-dashboard-5498ccf677-7xb88   1/1       Running       0          48s
kube-system   storage-provisioner                     1/1       Running       0          12m

所有pod都正常啦,然后打开dashboard看一下吧:

1
> minikube dashboard

开启RBAC解决办法

上面提到了如果开启了RBAC后会发现dns以及dashboard的pod不能启动,这时候执行:

1
kubectl create clusterrolebinding kube-system-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default

这样就解决了,如果执行了pod也没启动成功,就将pod删除,会自动重新创建就好了。

搞定

不用下镜像,不用翻墙,本地就搞定了k8s部署,碎觉啦!