Kubernetes官方从1.17版本开始,就具备了将Windows Server加入Kubernetes的能力,通过Kubernetes集群可以操作和纳管Windows Server机器上的容器,但是目前Kubernetes集群支持的Windows系统只有Windows Server。本文主要记录将Windows Server虚拟机加入到Kubernetes的详细过程。有参考大佬的文章,具体参考链接会在文末给出,本文做总结和补充(ps:过程比较漫长,步骤较多,还是有很多坑)
一、环境准备整体系统的版本要求,如何部署文章后续会给出详细步骤
Linux节点系统要求:
- Centos7(2处理器2核,8G内存,50G硬盘)
- Kubernetes版本:1.23.5
- Docker版本:20.10.14
Windows Server节点系统要求:
- Windows Server 2019(2处理器2核,8G内存,60G硬盘)
- Kubernetes版本:1.23.5
- Docker版本:20.10.9
注意:
-
Windows Server虚拟机需要开启虚拟化,如下所示:
-
Windows Server启动后先不要去主动升级系统(Windows Server加入集群的前提是需要安装一个指定的补丁KB4489899,主动升级可能会因为安装了别的补丁包带来冲突,导致不能安装该补丁,后续会说明为什么要安装该补丁)
| 名称 | 类型 | 系统 | Kubernetes组件 |
|---|---|---|---|
| master | master node | centos | kubeadm、kubectl、kubelet |
| node01 | worker node | centos | kubeadm、kubelet |
| win-g5fin5u6eod | worker node | Windows Server | kubeadm.exe、kubelet.exe |
通过kubeadm搭建集群,具体方法和步骤请查看之前的文章
注意事项:
-
使用flannel需要为iptables开启IPv4流处理,所有Linux节点都需要开启
# 1、为iptables开启IPv4流处理(集群搭建过程中已开启则略过此步骤) sudo sysctl net.bridge.bridge-nf-call-iptables=1
-
为docker配置镜像加速(可以在阿里云申请并开通免费的镜像加速服务)
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"] # 替换为自己的镜像加速地址 } EOF sudo systemctl daemon-reload sudo systemctl restart docker
# 1、下载flannel
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 2、修改kube-flannel.yaml(只有将Linux上的VNI设置为4096,port设置为4789;才能与Windows上的flannel实现通信,进而实现互操作),修改后如下所示:
...
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan",
"VNI": 4096, # 新增
"Port": 4789 # 新增
}
}
...
# 3、部署kube-flannel
kubectl apply -f kube-flannel.yaml
# 4、部署后,docker会拉取镜像并启动,部署成功后如下:
kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-65c54cc984-jvb8k 1/1 Running 0 4h50m
coredns-65c54cc984-lqx5c 1/1 Running 0 4h50m
etcd-master01 1/1 Running 0 4h50m
kube-apiserver-master01 1/1 Running 7 4h50m
kube-controller-manager-master01 1/1 Running 0 4h50m
kube-flannel-ds-brk4n 1/1 Running 0 4h48m
kube-flannel-ds-f5jwv 1/1 Running 0 4h48m
kube-proxy-9f56s 1/1 Running 0 4h50m
kube-proxy-hrk5w 1/1 Running 0 4h49m
kube-scheduler-master01 1/1 Running 0 4h50m
3、master节点部署兼容Windows版本的proxy和flannel
3.1、部署proxy
# 1、下载kube-proxy.yaml wget https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy.yml # 2、修改Kubernetes版本 ... image: sigwindowstools/kube-proxy:VERSION-nanoserver # 此处修改为Kubernetes版本一致即可,eg:v1.23.5 ... # 3、部署 kubectl apply -f kube-proxy.yaml # 4、部署完成后如下所示,会创建一个名为kube-proxy-windows的daemonset,但是就绪节点为0,观察其对应pod状态,会发现其一直处于pending状态,是因为此时Windows节点还没启动,所以此状态为正常状态,勿慌 kubectl get daemonset -A NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-system kube-flannel-ds 2 2 2 2 23.2、部署flannel5h2m kube-system kube-proxy 2 2 2 2 2 kubernetes.io/os=linux 5h4m kube-system kube-proxy-windows 1 1 0 0 0 kubernetes.io/os=windows 4h51m kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-65c54cc984-jvb8k 1/1 Running 0 5h6m kube-system coredns-65c54cc984-lqx5c 1/1 Running 0 5h6m kube-system etcd-master01 1/1 Running 0 5h6m kube-system kube-apiserver-master01 1/1 Running 7 5h6m kube-system kube-controller-manager-master01 1/1 Running 0 5h6m kube-system kube-flannel-ds-brk4n 1/1 Running 0 5h4m kube-system kube-flannel-ds-f5jwv 1/1 Running 0 5h4m kube-system kube-proxy-9f56s 1/1 Running 0 5h6m kube-system kube-proxy-hrk5w 1/1 Running 0 5h5m kube-system kube-proxy-windows-hjrrj 0/0 Pending 0 4h51m kube-system kube-scheduler-master01 1/1 Running 0 5h6m
# 1、下载flannel-overlay.yaml wget https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-overlay.yml # 2、修改Windows网卡名称(需要查看Windows网卡名称,默认是Ethernet以太网卡,如果不是,则需要修改) wins cli process run --path /k/flannel/setup.exe --args "--mode=overlay --interface=Ethernet" # 如果不是,需要修改为Windows的默认网卡名称 wins cli route add --addresses 169.254.169.254 wins cli process run --path /k/flannel/flanneld.exe --args "--kube-subnet-mgr --kubeconfig-file /k/flannel/kubeconfig.yml" --envs "POD_NAME=$env:POD_NAME POD_NAMESPACE=$env:POD_NAMESPACE" # windows执行ipconfig,结果如下,则不需要修改: 以太网适配器 vEthernet (Ethernet0): 连接特定的 DNS 后缀 . . . . . . . : localdomain 本地链接 IPv6 地址. . . . . . . . : xxxx::xxxx:xxxx:xxxx:xxxxxxx IPv4 地址 . . . . . . . . . . . . : xxx.xxx.xxx.xxx 子网掩码 . . . . . . . . . . . . : xxx.xxx.xxx.xxx 默认网关. . . . . . . . . . . . . : xxx.xxx.xxx.xxx # 3、部署 kubectl apply -f flannel-overlay.yaml # 4、部署完成后如下所示,会创建一个名为kube-flannel-ds-windows-amd64的daemonset,和kube-proxy一样,此时就绪节点还是0,观察pod状态,会发现其对应pod一直处于pending状态,原因与kube-proxy一致,勿慌 kubectl get daemonset -A NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-system kube-flannel-ds 2 2 2 2 2三、配置Windows Server 3.1、安装补丁5h20m kube-system kube-flannel-ds-windows-amd64 1 1 0 0 0 5h9m kube-system kube-proxy 2 2 2 2 2 kubernetes.io/os=linux 5h22m kube-system kube-proxy-windows 1 1 0 0 0 kubernetes.io/os=windows 5h9m kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-65c54cc984-jvb8k 1/1 Running 0 5h25m kube-system coredns-65c54cc984-lqx5c 1/1 Running 0 5h25m kube-system etcd-master01 1/1 Running 0 5h26m kube-system kube-apiserver-master01 1/1 Running 7 5h26m kube-system kube-controller-manager-master01 1/1 Running 0 5h26m kube-system kube-flannel-ds-brk4n 1/1 Running 0 5h24m kube-system kube-flannel-ds-f5jwv 1/1 Running 0 5h24m kube-system kube-flannel-ds-windows-amd64-dqmtm 0/0 Pending 0 5h10m kube-system kube-proxy-9f56s 1/1 Running 0 5h25m kube-system kube-proxy-hrk5w 1/1 Running 0 5h24m kube-system kube-proxy-windows-hjrrj 0/0 Pending 0 5h10m kube-system kube-scheduler-master01 1/1 Running 0 5h26m
直接双击补丁文件等待安装完成即可(补丁下载链接在文末)
3.2、安装docker直接安装Docker Desktop也可以,但是需要将Docker切换到windows平台模式下,该过程可能会出现意料不到的小问题,所以此处直接通过PowerShell命令行安装Docker
# 1、安装docker Install-Module -Name DockerMsftProvider -Repository PSGallery -Force Install-Package -Name docker -ProviderName DockerMsftProvider Restart-Computer -Force # 2、配置docker,在目录C:ProgramDatadockerconfig创建文件daemon.json,并在该文件中添加镜像加速路径 # 3、重启Docker服务 Restart-Service docker # 4、在Poweroff中查看docker信息 docker info3.3、安装Kubernetes 3.3.1、下载文件
- PrepareNode.ps1部署脚本文件下载:https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/PrepareNode.ps1
- wins.exe下载地址:https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe
- hns.psm1脚本文件下载地址:https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1
- nssm-2.24.zip下载地址:https://k8stestinfrabinaries.blob.core.windows.net/nssm-mirror/nssm-2.24.zip
- Kubernetes二进制文件下载地址(版本需要与Linux集群一致,按照自己的版本修改URL即可):https://dl.k8s.io/v1.23.5/kubernetes-node-windows-amd64.tar.gz
- 在C盘根目录下,创建名为k(部署脚本中指定了名称)的文件夹,并将上一步下载的所有文件拷贝致该目录(留有备份)
- 右键编辑部署脚本,将DownloadFile函数的调用代码全部用#注释掉
- 将nssm-2.24.zip文件重命名为nssm.zip
- 解压缩kubernetes-node-windows-amd64.tar.gz,从解压后的kubernetesnodebin目录下,取出kubeadm.exe和kubelet.exe文件到当前目录下
文件处理结果如下图所示:
# 1、以管理员运行PowerShell,并将路径切换到C:k cd C:k # 2、执行部署脚本(如果版本不同,需要修改版本参数) .PrepareNode.ps1 -KubernetesVersion v1.23.5 ## 注意,PrepareNode.ps1是Powershell的一个执行脚本,Windows Server会对所有可执行脚本进行认证,这个脚本不是官方的,所以会提示"未对文件PrepareNode.ps1进行数字签名。无法在当前系统上运行该脚本。",如果出现该提示,需要执行以下命令为脚本赋予权限,如下: Set-ExecutionPolicy -ExecutionPolicy UNRESTRICTED ## 执行该命令后,会出现提示,输入"A"(全是)后,重新执行第2步命令 # 如果执行过程中,出现错误,则需要按照文末的方式,重置Windows Server
注意:PrepareNode.ps1执行成功后,会在C盘根目录下生成几个文件夹,如下所示,至此,Kubernetes已经安装完成
# 1、在master节点上获取加入集群的命令 kubeadm token create --print-join-command # 直接拿输出结果在Windows节点的Powershell上执行(注意Powershell的执行方式) .kubeadm.exe join xxx.xxx.xxx.xxx:xxxx --token xxx --discovery-token-ca-cert-hash sha256:xxx # 加入完成后如下所示 kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-65c54cc984-jvb8k 1/1 Running 0 9h kube-system coredns-65c54cc984-lqx5c 1/1 Running 0 9h kube-system etcd-master01 1/1 Running 0 9h kube-system kube-apiserver-master01 1/1 Running 7 9h kube-system kube-controller-manager-master01 1/1 Running 0 9h kube-system kube-flannel-ds-brk4n 1/1 Running 0 9h kube-system kube-flannel-ds-f5jwv 1/1 Running 0 9h kube-system kube-flannel-ds-windows-amd64-dqmtm 1/1 Running 0 8h kube-system kube-proxy-9f56s 1/1 Running 0 9h kube-system kube-proxy-hrk5w 1/1 Running 0 9h kube-system kube-proxy-windows-hjrrj 1/1 Running 0 8h kube-system kube-scheduler-master01 1/1 Running 0 9h kubectl get daemonset -A NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-system kube-flannel-ds 2 2 2 2 2五、Windows卸载Kubernetes9h kube-system kube-flannel-ds-windows-amd64 1 1 1 1 1 8h kube-system kube-proxy 2 2 2 2 2 kubernetes.io/os=linux 9h kube-system kube-proxy-windows 1 1 1 1 1 kubernetes.io/os=windows 8h
以下命令通过以管理员身份打开的Powershell中执行
5.1、Windows脱离集群.kubeadm.exe reset5.2、删除docker network配置
# 1、查看docker network配置 docker network ls # 2、删除名称为host的docker network配置 docker network rm host5.3、停止并删除kubelet、rancher-wins服务
# 停止并删除kubelet sc.exe stop kubelet sc.exe delete kubelet # 停止并删除rancher-wins sc.exe stop rancher-wins sc.exe delete rancher-wins5.4、删除防火墙规则设置删除
依次打开:控制面板->系统和安全->Windows Defender 防火墙->允许的应用,在允许的应用界面。可以找到一条名称为kubelet的规则,如下所示,点选后删除即可
# 通过命令行重启或者手动重启都可以,这一步主要是停止一些Kubernetes的进程,比如kube-proxy、rancher等,需要注意的是,电脑重启后,需要在任务管理器中查看这些进程是否还在,如果还在,手动停止即可 Restart-Computer -Force5.6、删除脚本生成的文件
删除C盘根目录下etc、opt、run、share、var(这几个目录有就删掉), 重新复制nssm-2.24.zip到k文件夹下,并改名为nssm.zip,在删除过程中,如果出现被占用的提示,就是还存在Kubernetes相关的进程,关闭后重新删除即可
六、参考文章Kubernetes官方文档
-
Windows加入Kubernetes集群
https://kubernetes.io/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/
Micfosoft官方文档
-
脚本执行策略文档
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1
-
Windows容器相关
https://docs.microsoft.com/zh-cn/virtualization/windowscontainers/quick-start/run-your-first-container
https://docs.microsoft.com/zh-cn/virtualization/windowscontainers/manage-docker/manage-windows-dockerfile
其他参考
- https://www.cnblogs.com/Fengyinyong/p/14701996.html
- https://blog.csdn.net/Mr_rsq/article/details/116803503
kube-flannel:https://download.csdn.net/download/gulang0309/85189309
补丁KB4489488:https://www.tenforums.com/windows-10-news/128745-cumulative-update-kb4489899-windows-10-v1809-build-17763-379-mar-12-a.html
