在CentOS 7上建立Minikube环境
在CentOS上运行Minikube的一些备注。如果在Linux上运行,我认为用kubeadm普通方式可能更好,但也许还有一些可用的插件和方便之处。
使用AWS,在CentOS 7上使用kubeadm安装Kubernetes 1.11。
使用AWS作为环境。省略了有关VPC和实例准备的记录,但可以参考上面的文章。
操作系统的基本准备工作更新操作系统。
sudo yum update
sudo yum update
更改主机名称。
sudo hostnamectl set-hostname --static minikube
确保重启后保持不变。
sudo vi /etc/cloud/cloud.cfg
请增加以下内容。
preserve_hostname: true
将主机名添加到hosts文件中。
10.0.0.59 minikube
重新启动一次,然后重新登录。
sudo reboot
安装Docker安装前提包。
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
设置Docker CE的仓库。
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
检查可安装的版本。
[centos@minikube ~]$ sudo yum list docker-ce --showduplicates | sort -r
* updates: ftp.iij.ad.jp
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
* extras: ftp.iij.ad.jp
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
* base: ftp.iij.ad.jp
Available Packages
[centos@minikube ~]$
需要指定安装官方推荐的版本17.03。如果要指定版本,同时还需要指定docker-ce-selinux并加上–setopt=obsoletes=0选项。
sudo yum install -y --setopt=obsoletes=0 docker-ce-17.03.2.ce docker-ce-selinux-17.03.2.ce
将Docker仓库设为禁用状态。如果以后需要使用,请在yum命令后加上–enablerepo=”docker-ce-stable”选项进行使用。
sudo yum-config-manager --disable docker-ce-stable
设置Docker守护进程在操作系统启动时自动启动,并启动之。
sudo systemctl enable docker && sudo systemctl start docker
确保CentOS用户可以执行Docker命令。
[centos@minikube ~]$ sudo gpasswd -a centos docker
ユーザ centos をグループ docker に追加
[centos@minikube ~]$ id centos
uid=1000(centos) gid=1000(centos) groups=1000(centos),4(adm),10(wheel),190(systemd-journal),994(docker)
[centos@minikube ~]$
请安装 kubectl 的CLI。在这里,可以使用 yum 进行安装,但我们只需简单地下载二进制文件并将其放置在 /usr/local/bin 目录中。
curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
chmod +x kubectl && \
sudo cp kubectl /usr/local/bin/ && \
rm kubectl
curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
chmod +x kubectl && \
sudo cp kubectl /usr/local/bin/ && \
rm kubectl
请事先确认版本。
[centos@minikube ~]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.1", GitCommit:"4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState:"clean", BuildDate:"2018-10-05T16:46:06Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[centos@minikube ~]$
安装Minikube
下载Minikube并放置二进制文件。
VERSION="v0.30.0"
curl -Lo minikube https://storage.googleapis.com/minikube/releases/$VERSION/minikube-linux-amd64 && \
chmod +x minikube && \
sudo cp minikube /usr/local/bin/ && \
rm minikube
VERSION="v0.30.0"
curl -Lo minikube https://storage.googleapis.com/minikube/releases/$VERSION/minikube-linux-amd64 && \
chmod +x minikube && \
sudo cp minikube /usr/local/bin/ && \
rm minikube
请确认版本。
[centos@minikube ~]$ minikube version
minikube version: v0.30.0
[centos@minikube ~]$
安装 socat 和 ebtables
[WARNING FileExisting-ebtables]: ebtables not found in system path
[WARNING FileExisting-socat]: socat not found in system path
[WARNING FileExisting-ebtables]: ebtables not found in system path
[WARNING FileExisting-socat]: socat not found in system path
由于Minikube启动时出现了上述警告,需要将socat安装好。尽管这是一个警告,但由于Helm也需要使用socat,所以还是需要将其安装好。
sudo yum -y install socat ebtables
安装cri-tools
[ERROR FileExisting-crictl]: crictl not found in system path
[ERROR FileExisting-crictl]: crictl not found in system path
因为Minikube无法在以上错误下启动,所以需要安装它。这是必要的。
VERSION="v1.12.0"
curl -LO https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
将路径添加到/usr/local/binCentOS的root用户默认情况下无法访问/usr/local/bin目录。即使在执行minikube start之前执行export PATH=/usr/local/bin:$PATH命令,当Minikube在内部使用sudo执行命令时,仍然无法访问该路径,从而导致cri-tools检查报错。为了解决这个问题,请进行以下设置调整。
sudo visudo
# Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/local/bin:/usr/bin
其他也许做一下以下步骤可能更好。
-
スワップを無効にする。今回はもともとswap領域がなかった。
sudo visudo
# Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/local/bin:/usr/bin
-
- スワップを無効にする。今回はもともとswap領域がなかった。
-
- SELinuxを無効にする。今回は有効のままだが大丈夫そうだった。
- Firewalldを停止する。今回はもともと停止していた。
启动Minikube启动Minikube并指定–vm-driver=none和–kubernetes-version=v1.11.1。
由于以下公式在GitHub上有一个可以在没有虚拟机驱动程序的情况下启动的脚本,您可以参考一下。
以root用户身份启动如果以root用户身份启动,则采用以下操作。在这种情况下,kubectl也是以root权限进行基本操作。
sudo -i
minikube start --vm-driver=none --kubernetes-version=v1.11.1
sudo -i
minikube start --vm-driver=none --kubernetes-version=v1.11.1
(实例)
[root@minikube ~]# minikube start --vm-driver=none --kubernetes-version=v1.11.1
Starting local Kubernetes v1.11.1 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Downloading kubeadm v1.11.1
Downloading kubelet v1.11.1
Finished Downloading kubeadm v1.11.1
Finished Downloading kubelet v1.11.1
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.
===================
WARNING: IT IS RECOMMENDED NOT TO RUN THE NONE DRIVER ON PERSONAL WORKSTATIONS
The 'none' driver will run an insecure kubernetes apiserver as root that may leave the host vulnerable to CSRF attacks
When using the none driver, the kubectl config and credentials generated will be root owned and will appear in the root home directory.
You will need to move the files to the appropriate location and then set the correct permissions. An example of this is below:
sudo mv /root/.kube $HOME/.kube # this will write over any previous configuration
sudo chown -R $USER $HOME/.kube
sudo chgrp -R $USER $HOME/.kube
sudo mv /root/.minikube $HOME/.minikube # this will write over any previous configuration
sudo chown -R $USER $HOME/.minikube
sudo chgrp -R $USER $HOME/.minikube
This can also be done automatically by setting the env var CHANGE_MINIKUBE_NONE_USER=true
Loading cached images from config file.
[root@minikube ~]#
如果想要在CentOS用户上执行kubeclt命令,需要先复制配置文件。
sudo cp -r /root/.kube $HOME/.kube
sudo chown -R $USER $HOME/.kube
sudo chgrp -R $USER $HOME/.kube
sudo cp -r /root/.minikube $HOME/.minikube
sudo chown -R $USER $HOME/.minikube
sudo chgrp -R $USER $HOME/.minikube
需要对复制的 `.kube/config` 文件进行修改。将其中的 `/root/.minikube/` 部分替换为 `/home/centos/`。
以非根用户身份启动
如果以非根用户身份启动,请执行以下操作。
export MINIKUBE_WANTUPDATENOTIFICATION=false # アップデートの情報を表示しない
export MINIKUBE_WANTREPORTERRORPROMPT=false # エラーレポートのプロンプトを表示しない
export MINIKUBE_HOME=$HOME
export CHANGE_MINIKUBE_NONE_USER=true # configファイルを自動的に適切な場所に移動して適切なパーミッションを設定する
mkdir -p $HOME/.kube
mkdir -p $HOME/.minikube
touch $HOME/.kube/config
export KUBECONFIG=$HOME/.kube/config
sudo -E minikube start --vm-driver=none --kubernetes-version=v1.11.1
export MINIKUBE_WANTUPDATENOTIFICATION=false # アップデートの情報を表示しない
export MINIKUBE_WANTREPORTERRORPROMPT=false # エラーレポートのプロンプトを表示しない
export MINIKUBE_HOME=$HOME
export CHANGE_MINIKUBE_NONE_USER=true # configファイルを自動的に適切な場所に移動して適切なパーミッションを設定する
mkdir -p $HOME/.kube
mkdir -p $HOME/.minikube
touch $HOME/.kube/config
export KUBECONFIG=$HOME/.kube/config
sudo -E minikube start --vm-driver=none --kubernetes-version=v1.11.1
(示例)
[centos@minikube ~]$ sudo -E minikube start --vm-driver=none --kubernetes-version=v1.11.1
Starting local Kubernetes v1.11.1 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Downloading kubeadm v1.11.1
Downloading kubelet v1.11.1
Finished Downloading kubeadm v1.11.1
Finished Downloading kubelet v1.11.1
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.
===================
WARNING: IT IS RECOMMENDED NOT TO RUN THE NONE DRIVER ON PERSONAL WORKSTATIONS
The 'none' driver will run an insecure kubernetes apiserver as root that may leave the host vulnerable to CSRF attacks
Loading cached images from config file.
[centos@minikube ~]$
删除Minikube环境如果启动Minikube失败或需要删除Minikube环境并重新开始,可以按照以下方法进行。
minikube stop
minikube delete
rm -rf $HOME/.minikube/ $HOME/.kube/
sudo rm -rf /etc/kubernetes
sudo rm -rf /data/minikube
sudo rm -rf /var/lib/kubelet
sudo rm -rf /var/lib/kubeadm.yaml
sudo rm -rf /etc/systemd/system/kubelet.service.d
安装Helm安装 Minikube 在这里没有直接关系,但最好还是进行安装。
VERSION="v2.11.0"
curl -LO https://storage.googleapis.com/kubernetes-helm/helm-$VERSION-linux-amd64.tar.gz
tar zxvf helm-$VERSION-linux-amd64.tar.gz
sudo cp linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64
rm -f helm-$VERSION-linux-amd64.tar.gz
[centos@minikube ~]$ sudo -i
[root@minikube ~]# helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
[root@minikube ~]#
[root@minikube ~]# helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
[root@minikube ~]#
minikube stop
minikube delete
rm -rf $HOME/.minikube/ $HOME/.kube/
sudo rm -rf /etc/kubernetes
sudo rm -rf /data/minikube
sudo rm -rf /var/lib/kubelet
sudo rm -rf /var/lib/kubeadm.yaml
sudo rm -rf /etc/systemd/system/kubelet.service.d
VERSION="v2.11.0"
curl -LO https://storage.googleapis.com/kubernetes-helm/helm-$VERSION-linux-amd64.tar.gz
tar zxvf helm-$VERSION-linux-amd64.tar.gz
sudo cp linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64
rm -f helm-$VERSION-linux-amd64.tar.gz
[centos@minikube ~]$ sudo -i
[root@minikube ~]# helm init
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
Happy Helming!
[root@minikube ~]#
[root@minikube ~]# helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
[root@minikube ~]#
如果要使CentOS用户能够使用Helm,可以让CentOS用户执行helm init命令。
[centos@minikube ~]$ helm init
Creating /home/centos/.helm
Creating /home/centos/.helm/repository
Creating /home/centos/.helm/repository/cache
Creating /home/centos/.helm/repository/local
Creating /home/centos/.helm/plugins
Creating /home/centos/.helm/starters
Creating /home/centos/.helm/cache/archive
Creating /home/centos/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /home/centos/.helm.
Warning: Tiller is already installed in the cluster.
(Use --client-only to suppress this message, or --upgrade to upgrade Tiller to the current version.)
Happy Helming!
[centos@minikube ~]$
