部署docker服務(在master節點上執行)
-
下載和分發 docker 二進制檔案
cd /opt/k8s/work wget https://download.docker.com/linux/static/stable/x86_64/docker-18.09.6.tgz tar -xvf docker-18.09.6.tgz -
分發二進制檔案到所有 worker 節點
cd /opt/k8s/work export node_ip=192.168.0.114 scp docker/* root@${node_ip}:/opt/k8s/bin/ ssh root@${node_ip} "chmod +x /opt/k8s/bin/*" -
創建docker服務啟動檔案
cd /opt/k8s/work cat > docker.service <<"EOF" [Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.io [Service] WorkingDirectory=/data/k8s/docker Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin" EnvironmentFile=-/run/flannel/docker ExecStart=/opt/k8s/bin/dockerd $DOCKER_NETWORK_OPTIONS ExecReload=/bin/kill -s HUP $MAINPID Restart=on-failure RestartSec=5 LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF-
EOF 前后有雙引號,這樣 bash 不會替換檔案中的變數,如 $DOCKER_NETWORK_OPTIONS (這些環境變數是 systemd 負責替換的,);
-
dockerd 運行時會呼叫其它 docker 命令,如 docker-proxy,所以需要將 docker 命令所在的目錄加到 PATH 環境變數中;
-
flanneld 啟動時將網路配置寫入 /run/flannel/docker 檔案中,dockerd 啟動前讀取該檔案中的環境變數 DOCKER_NETWORK_OPTIONS ,然后設定 docker0 網橋網段;
-
docker 從 1.13 版本開始,可能將 iptables FORWARD chain的默認策略設定為DROP,從而導致 ping 其它 Node 上的 Pod IP 失敗,遇到這種情況時,需要手動設定策略為 ACCEPT:
export node_ip=192.168.0.114 ssh root@${node_ip} "/sbin/iptables -P FORWARD ACCEPT"
-
-
分發 docker.service 檔案到所有 worker 機器:
cd /opt/k8s/work export node_ip=192.168.0.114 scp docker.service root@${node_ip}:/etc/systemd/system/ -
配置和分發 docker 組態檔
使用國內的倉庫鏡像服務器以加快 pull image 的速度,同時增加下載的并發數 (需要重啟 dockerd 生效):
cd /opt/k8s/work cat > docker-daemon.json <<EOF { "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://hub-mirror.c.163.com"], "max-concurrent-downloads": 20, "live-restore": true, "max-concurrent-uploads": 10, "data-root": "/data/k8s/docker/data", "log-opts": { "max-size": "100m", "max-file": "5" } } EOF -
分發 docker 組態檔到所有 worker 節點:
cd /opt/k8s/work export node_ip=192.168.0.114 ssh root@${node_ip} "mkdir -p /etc/docker/ /data/k8s/docker/data" scp docker-daemon.json root@${node_ip}:/etc/docker/daemon.json -
啟動 docker 服務
export node_ip=192.168.0.114 ssh root@${node_ip} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker" -
檢查服務運行狀態
export node_ip=192.168.0.114 ssh root@${node_ip} "systemctl status docker|grep Active"-
確保狀態為 active (running),否則查看日志,確認原因
-
如果出現例外,通過如下命令查看
journalctl -u docker
-
-
檢查 docker0 網橋
export node_ip=192.168.0.114 ssh root@${node_ip} "/sbin/ip addr show flannel.1 && /sbin/ip addr show docker0"-
確認各 worker 節點的 docker0 網橋和 flannel.1 介面的 IP 處于同一個網段中
輸出內容
export node_ip=192.168.0.114 root@master:/opt/k8s/work# ssh root@${node_ip} "/sbin/ip addr show flannel.1 && /sbin/ip addr show docker0" 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether f2:fc:0f:7e:98:e4 brd ff:ff:ff:ff:ff:ff inet 172.30.78.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::f0fc:fff:fe7e:98e4/64 scope link valid_lft forever preferred_lft forever 5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:fd:1f:8f:d8 brd ff:ff:ff:ff:ff:ff inet 172.30.78.1/24 brd 172.30.78.255 scope global docker0 valid_lft forever preferred_lft forever -
注意: 如果您的服務安裝順序不對或者機器環境比較復雜, docker服務早于flanneld服務安裝,此時 worker 節點的 docker0 網橋和 flannel.1 介面的 IP可能不會同處同一個網段下,這個時候請先停止docker服務, 手工洗掉docker0網卡,重新啟動docker服務后即可修復
systemctl stop docker ip link delete docker0 systemctl start docker
-
-
查看 docker 的狀態資訊
root@slave:/opt/k8s/work# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.09.6 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84 runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30 init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 5.0.0-23-generic Operating System: Ubuntu 18.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.741GiB Name: slave ID: IDMG:7A6F:UNTP:IWVM:ZBK5:VHJ4:STC5:UXZX:HQT6:UUNE:YDOC:I27L Docker Root Dir: /data/k8s/docker/data Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://docker.mirrors.ustc.edu.cn/ https://hub-mirror.c.163.com/ Live Restore Enabled: true Product License: Community Engine WARNING: No swap limit support
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/31175.html
標籤:其他