使用kube-aws在AWS上快速搭建Kubernetes集群
总结
CloudFormation を 使用した Kubernetes セットアップツール kube-aws で AWS 上に Kubernetes 環境を構築する
特徴として以下の機能がある
-
- ELB integration for Kubernetes Services allows for traffic ingress to selected microservices
-
- Worker machines are deployed in an Auto Scaling group for effortless scaling
- Full TLS is set up between Kubernetes components and users interacting with kubectl
请参考以下链接了解如何在AWS上使用Kubernetes:
https://coreos.com/kubernetes/docs/latest/kubernetes-on-aws.html
环境 (huan jing)
2016/01/14时点所构建的内容如下:
-
- CoreOS-alpha-891.0.0
-
- Docker version 1.9.1, build 4419fdb-dirty
- kubernetes v1.1.2
将会创建一个主节点以及使用AutoScalingGroup创建的工作节点。
步驟
kube-aws を適当な場所にダウンロードして解凍
$ wget https://github.com/coreos/coreos-kubernetes/releases/download/v0.3.0/kube-aws-linux-amd64.tar.gz
$ tar zxvf kube-aws-linux-amd64.tar.gz
kube-aws的使用方法
$ ./kube-aws --help
Manage Kubernetes clusters on AWS
Usage:
kube-aws [command]
Available Commands:
destroy Destroy an existing Kubernetes cluster
render Render a CloudFormation template
status Describe an existing Kubernetes cluster
up Create a new Kubernetes cluster
version Print version information and exit
help Help about any command
Flags:
--aws-debug[=false]: Log debug information from aws-sdk-go library
--config="cluster.yaml": Location of kube-aws cluster config file
Use "kube-aws [command] --help" for more information about a command.
设置 AWS 凭证
$ export AWS_ACCESS_KEY_ID="AKXXXXXXXXXXXXXXXXXX"
$ export AWS_SECRET_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
下载示例的 Kubernetes 集群配置文件。
$ curl --silent --location https://raw.githubusercontent.com/coreos/coreos-kubernetes/master/multi-node/aws/cluster.yaml.example > cluster.yaml
集群配置
$ vi cluster.yaml
# Unique name of Kubernetes cluster. In order to deploy
# more than one cluster into the same AWS account, this
# name must not conflict with an existing cluster.
clusterName: "kubernetes"
# Name of the SSH keypair already loaded into the AWS
# account being used to deploy this cluster.
keyName: "{AWSに登録した Key pair name}"
# Region to provision Kubernetes cluster
region: "ap-northeast-1"
# Availability Zone to provision Kubernetes cluster
availabilityZone: "ap-northeast-1a"
# DNS name routable to the Kubernetes controller nodes
# from worker nodes and external clients. The deployer
# is responsible for making this name routable
externalDNSName: "{Kubernetes API にアクセスする際のドメイン名}"
# Instance type for controller node
controllerInstanceType: "t2.micro"
# Disk size (GiB) for controller node
controllerRootVolumeSize: 10
# Number of worker nodes to create
workerCount: 3
# Instance type for worker nodes
workerInstanceType: "t2.micro"
# Disk size (GiB) for worker nodes
workerRootVolumeSize: 10
# Location of kube-aws artifacts used to deploy a new
# Kubernetes cluster. The necessary artifacts are already
# available in a public S3 bucket matching the version
# of the kube-aws tool. This parameter is typically
# overwritten only for development purposes.
#artifactURL: https://coreos-kubernetes.s3.amazonaws.com/<VERSION>
# CIDR for Kubernetes VPC
vpcCIDR: "10.0.0.0/16"
# CIDR for Kubernetes subnet
instanceCIDR: "10.0.0.0/24"
# IP Address for controller in Kubernetes subnet
controllerIP: 10.0.0.50
# CIDR for all service IP addresses
serviceCIDR: "10.3.0.0/24"
# CIDR for all pod IP addresses
podCIDR: "10.2.0.0/16"
# IP address of Kubernetes controller service (must be contained by serviceCIDR)
kubernetesServiceIP: "10.3.0.1"
# IP address of Kubernetes dns service (must be contained by serviceCIDR)
dnsServiceIP: "10.3.0.10"
4台でクラスタ構築
– master :1台
– worker node:3台 (AutoScalingGroup)
デプロイ
$ ./kube-aws up
Initialized TLS infrastructure
Wrote kubeconfig to /home/***/kube-aws/clusters/kubernetes/kubeconfig
Waiting for cluster creation...
Successfully created cluster
Cluster Name: kubernetes
Controller IP: xxx.xxx.xxx.xxx(EIP が表示される)
请注意,由kube-aws创建的用于Kubernetes认证的密钥和证书只能使用90天。
PRODUCTION NOTE: the TLS keys and certificates generated by kube-aws should not be used to deploy a production Kubernetes cluster. Each component certificate is only valid for 90 days, while the CA is valid for 365 days. If deploying a production Kubernetes cluster, consider establishing PKI independently of this tool first.
使域名能夠進行訪問
$ sudo vi /etc/hosts
追加事項如下
{Controller IP} {cluster.yaml に設定した externalDNSName}
使用kubectl命令时,请指定已创建的clusters/{clusterName}/kubeconfig文件进行执行。
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig cluster-info
Kubernetes master is running at https://{externalDNSName}
KubeDNS is running at https://{externalDNSName}/api/v1/proxy/namespaces/kube-system/services/kube-dns
node 確認
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig get nodes
NAME LABELS STATUS AGE
ip-10-0-0-171.ap-northeast-1.compute.internal kubernetes.io/hostname=ip-10-0-0-171.ap-northeast-1.compute.internal Ready 7m
ip-10-0-0-172.ap-northeast-1.compute.internal kubernetes.io/hostname=ip-10-0-0-172.ap-northeast-1.compute.internal Ready 7m
ip-10-0-0-173.ap-northeast-1.compute.internal kubernetes.io/hostname=ip-10-0-0-173.ap-northeast-1.compute.internal Ready 7m
使用以下命令即可查看 CloudFormation 模板。
$ ./kube-aws render
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"EmptyAvailabilityZone": {
"Fn::Equals": [
{
"Ref": "AvailabilityZone"
},
""
]
}
},
"Description": "kube-aws Kubernetes cluster",
"Mappings": {
"RegionMap": {
"ap-northeast-1": {
...snip...
尝试使用Kubernetes 构建WordPress
根据示例创建宣言文件。
mysql データベース用の EBS Volume 作成
$ aws ec2 create-volume --availability-zone ap-northeast-1a --size 10 --volume-type gp2
记下显示的VolumeId
创建 MySQL Pod
apiVersion: v1
kind: Pod
metadata:
name: mysql
labels:
name: mysql
spec:
containers:
- resources:
limits :
cpu: 0.5
image: mysql:5.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: yourpassword
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
awsElasticBlockStore:
volumeID: aws://ap-northeast-1a/{上で作成した VolumeID}
fsType: ext4
创建Pod
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig create -f mysql.yaml
pod "mysql" created
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig get pod
NAME READY STATUS RESTARTS AGE
mysql 1/1 Running 0 5m
创建MySQL服务
apiVersion: v1
kind: Service
metadata:
labels:
name: mysql
name: mysql
spec:
ports:
- port: 3306
selector:
name: mysql
提供服务
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig create -f mysql-service.yaml
service "mysql" created
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig get svc
NAME CLUSTER_IP EXTERNAL_IP PORT(S) SELECTOR AGE
kubernetes 10.3.0.1 <none> 443/TCP <none> 1h
mysql 10.3.0.170 <none> 3306/TCP name=mysql 5m
为WordPress数据创建EBS卷。
$ aws ec2 create-volume --availability-zone ap-northeast-1a --size 10 --volume-type gp2
记下显示的VolumeId。
创建WordPress Pod
apiVersion: v1
kind: Pod
metadata:
name: wordpress
labels:
name: wordpress
spec:
containers:
- image: wordpress
name: wordpress
env:
- name: WORDPRESS_DB_PASSWORD
value: yourpassword
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
awsElasticBlockStore:
volumeID: aws://ap-northeast-1a/{上で作成した VolumeID}
fsType: ext4
创造 Pod
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig create -f wordpress.yaml
pod "mysql" wordpress
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig get pod
NAME READY STATUS RESTARTS AGE
mysql 1/1 Running 0 8m
wordpress 1/1 Running 0 5m
WordPress Service 作成
apiVersion: v1
kind: Service
metadata:
labels:
name: wpfrontend
name: wpfrontend
spec:
ports:
- port: 80
selector:
name: wordpress
type: LoadBalancer
服务创建
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig create -f wordpress-service.yaml
service "mysql" created
$ kubectl --kubeconfig=clusters/kubernetes/kubeconfig get svc
NAME CLUSTER_IP EXTERNAL_IP PORT(S) SELECTOR AGE
kubernetes 10.3.0.1 <none> 443/TCP <none> 55m
mysql 10.3.0.170 <none> 3306/TCP name=mysql 9m
wpfrontend 10.3.0.130 80/TCP name=wordpress 5m
Service 作成の際に type: LoadBalancer を指定すると、自動で ELB が作成されるので確認
$ aws elb describe-load-balancers
{
"LoadBalancerDescriptions": [
{
"Subnets": [
...snip...
通过浏览器访问所显示的DNS名称。
當WordPress的設置畫面顯示出來時,就可以了。
打掃
kubernetes で作成された LoadBalancer(ELB)、ELB 用 SecurityGroup は CloudFormation 管理外となり、削除されないので手動で実行
$ aws elb delete-load-balancer --load-balancer-name={LoadBalancerName}
删除也可以
$ aws ec2 delete-volume --volume-id={VolumeID}
摧毁
$ ./kube-aws destroy
Destroyed cluster