文章目录

展开

Kubernetes基础入门

官网:TP

kubeadm官方文档:TP

docker官方文档:TP

prometheus官方文档:TP

ansible安装k8s项目:TP

阿里云ACK:TP

亚马逊云EKS:TP

K8s介绍

https://kubernetes.io/zh-cn/docs/concepts/overview

Kubernetes 这个名字源于希腊语,意为“舵手”或“飞行员”。k8s 这个缩写是因为 k 和 s 之间有八个字符的关系

image-20230918154459575

k8s组件

两大主要组件master,node

  • master(控制平面组件 新版本叫Control Plane Components)

    • apiserver:司令部(所有组件之间沟通,都需要经过apiserver)
    • etcd:存储K8S所有数据的爹
    • scheduler:资源计算/资源调度
    • controller:控制器
  • node

    • kubelet:启动容器,创建pod
    • container runtime:容器运行时
    • kube-proxy:网络,端口映射

k8s安装方式

1)kubeadm

2)二进制

3)Rancher(高级版,k8s图形化界面)

4)Ansible

5)阿里云ACK、AWS的EKS

kubeadm部署

环境准备

主机名 IP 角色 配置推荐 安装软件
master-1 10.0.0.110 master 1C4G40G API Server、Controller、Scheduler、Kube-proxy、Kubelet、etcd
node-1 10.0.0.111 node1 1C2G40G Docker、Kubelet、Kube-proxy
node-2 10.0.0.112 node2 1C2G40G Docker、Kubelet、Kube-proxy

IP规划

三种Service IP
Pod IP 10.2.0.0
Cluster IP 10.1.0.0
Node IP 10.0.0.0

安装前环境优化(所有节点)

1)禁用swap

# 添加kubelet配置
cat >/etc/sysconfig/kubelet <<EOF
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF

swapoff -a

2)开启内核转发

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
EOF

3)文件描述符

cat >>/etc/sysctl.conf<<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
fs,file-max=52706963
fs.nr_open=52706963
EOF

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

4)免密登录(master-1)

[root@master-1 ~]# ssh-keygen
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.110
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.111
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.112

5)hosts解析

cat >>/etc/hosts<<EOF
10.0.0.110 master-1
10.0.0.111 node-1
10.0.0.112 node-2
EOF

for i in master-1 node-1 node-2;do ping -c1 -W1 $i;done

6)时间同步

yum install -y chrony
systemctl start chronyd
systemctl enable chronyd

7)加载ipvs模块

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

## 给ipvs脚本添加执行权限,并执行脚本
chmod +x /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules

## 检查是否加载成功
lsmod|grep -e 'ip_vs' -e 'nf_conntrack_ipv'

8)安装指定版本docker

## 下载docker官方源
[root@master-1 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo

## 更改成清华源
[root@master-1 ~]# sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo

## 安装指定版本docker
[root@master-1 ~]# yum install -y docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io

## 查看不同版本的docker-ce
yum list docker-ce --showduplicates

9)配置docker镜像加速和cgroup驱动

mkdir -p /etc/docker

cat >> /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

systemctl daemon-reload
systemctl restart docker

安装kubeadm(所有节点)

## 1.换源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

## 2.安装指定版本
yum install kubelet-1.19.3 kubeadm-1.19.3  kubectl-1.19.3  ipvsadm -y

kubelet:控制node节点启动容器(POD)
kubeadm:帮你安装K8S的
kubectl:操作k8s的命令

# 3.启动kubelet
systemctl start kubelet
systemctl enable kubelet

# 4.初始化集群(只需要master)
kubeadm init \
--apiserver-advertise-address=10.0.0.110 \
--image-repository registry.aliyuncs.com/google_containers  \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU

### 参数详解
# Master主节点ip (做负载均衡的话 就填负载均衡的ip 来实现Master集群)
--apiserver-advertise-address=10.0.0.110 \
# 拉取的阿里云镜像地址
--image-repository registry.aliyuncs.com/google_containers  \
# 指定安装的kubeadm的版本
--kubernetes-version=v1.19.3 \
# 指定 Cluster IP
--service-cidr=10.1.0.0/16 \
# 指定 Pod IP
--pod-network-cidr=10.2.0.0/16 \
# 指定使用根容器的dns
--service-dns-domain=cluster.local \
# 忽略Swap空间的警告
--ignore-preflight-errors=Swap \
# 忽略CUP的警告 因为默认会需要2个CUP
--ignore-preflight-errors=NumCPU

## 初始化完成后最后这一段保存下来
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
    --discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0 

## 如果没保存可以kubeadm reset重新初始化(所有节点)
[root@master-1 ~]# kubeadm reset
[root@node-1 ~]# kubeadm reset
[root@node-2 ~]# kubeadm reset
## 删除证书(master)
[root@master-1 ~]# rm -fr ~/.kube/*
## master重新初始化,node加入master 

## 上面有用的信息↓
## 主节点要进行的操作 在家目录下创建配置文件并授权
 mkdir -p $HOME/.kube
 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config
## node节点的操作 和主节点建立连接
kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
    --discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0 

##主节点创建配置文件并授权
[root@master-1 ~]# mkdir -p $HOME/.kube
[root@master-1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

## 查看集群节点
[root@master-1 ~]# kubectl get node
NAME       STATUS     ROLES    AGE     VERSION
master-1   NotReady   master   3h54m   v1.19.3

## 修改网络模式为ipvs
[root@master-1 ~]# kubectl edit cm kube-proxy -n kube-system
修改 mode:"" 为 mode:"ipvs"

## 重启服务
[root@master-1 ~]# kubectl -n kube-system get pod|grep kube-proxy|awk '{print "kubectl -n kube-system delete pod "$1}'|bash

## 查看kube-proxy
[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-vwjdz                   1/1     Running   0          26s

node加入master

[root@node-1 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
    --discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0 

[root@node-2 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
    --discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0 

[root@master-1 ~]# kubectl get node
NAME       STATUS     ROLES    AGE     VERSION
master-1   NotReady   master   4h1m    v1.19.3
node-1     NotReady   <none>   2m49s   v1.19.3
node-2     NotReady   <none>   2m44s   v1.19.3

[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-f4z2h                   1/1     Running   0          51m
kube-proxy-ts2tj                   1/1     Running   0          51m
kube-proxy-vwjdz                   1/1     Running   0          54m

配置flannel

# 1.下载flannel代码
打开网站下载:https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml

## 本地下载
- 原版
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel.yml
- 修改完成版本(下载这个忽略下面修改源码步骤)
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel_bernb.yml

## 修改源码,容器配置清单
Network:"10.2.0.0/16"
- --iface=eth0

containers:
      - name: kube-flannel
        image: docker.io/flannel/flannel:v0.22.3
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=eth0

## 执行flannel资源清单
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml 
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

## 拉镜像很慢提前下载好镜像(node-1 node-2导入就行)
[root@node-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_cni_v1.2.0.tgz
[root@node-2 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_v0.22.3.tgz
[root@node-1 ~]# docker load < flannel_cni_v1.2.0.tgz 
[root@node-1 ~]# docker load < flannel_v0.22.3.tgz 
[root@node-2 ~]# docker load < flannel_cni_v1.2.0.tgz 
[root@node-2 ~]# docker load < flannel_v0.22.3.tgz
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml 

## 查看flannel的pod
[root@master-1 ~]# kubectl get pod -n kube-flannel 
NAME                    READY   STATUS    RESTARTS   AGE
kube-flannel-ds-6tgvh   1/1     Running   0          111s
kube-flannel-ds-8cx9b   1/1     Running   0          111s
kube-flannel-ds-csl4g   1/1     Running   0          111s

## 查看节点状态
[root@master-1 ~]# kubectl get node
NAME       STATUS   ROLES    AGE   VERSION
master-1   Ready    master   21h   v1.19.3
node-1     Ready    <none>   17h   v1.19.3
node-2     Ready    <none>   17h   v1.19.3

## 给角色打标签
[root@master-1 ~]# kubectl label node   node-1 node-role.kubernetes.io/node01=
node/node-1 labeled
[root@master-1 ~]# kubectl label node   node-2 node-role.kubernetes.io/node02=
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME       STATUS   ROLES    AGE   VERSION
master-1   Ready    master   21h   v1.19.3
node-1     Ready    node01   17h   v1.19.3
node-2     Ready    node02   17h   v1.19.3

## 删除标签
[root@master-1 ~]# kubectl label node   node-2 node-role.kubernetes.io/node02-
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME       STATUS   ROLES    AGE   VERSION
master-1   Ready    master   26h   v1.19.3
node-1     Ready    node01   22h   v1.19.3
node-2     Ready    <none>   22h   v1.19.3

k8s黑科技命令补全

1.安装bash-completion
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion 

2.应用kubectl的completion到系统环境
source <(kubectl completion bash) 
kubectl completion bash > /etc/bash_completion.d/kubectl

k8s图形化界面

## 下载
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/k8s_dashboard.tgz

## 解压
[root@master-1 ~]# tar xf k8s_dashboard.tgz

## 推送到node-1 node-2
[root@master-1 ~]# for i in node-1 node-2;do scp dashboard.v2.0.0.tar.gz metrics-scraper.v1.0.4.tar.gz $i:/root;done

## 导入镜像
[root@node-1 ~]# docker load < dashboard.v2.0.0.tar.gz 
[root@node-1 ~]# docker load < metrics-scraper.v1.0.4.tar.gz 
[root@node-2 ~]# docker load < dashboard.v2.0.0.tar.gz 
[root@node-2 ~]# docker load < metrics-scraper.v1.0.4.tar.gz

## 部署
[root@master-1 ~]# kubectl apply -f recommended-2.0.yaml 

## 授权
[root@master-1 ~]# kubectl create serviceaccount  dashboard-admin -n kubernetes-dashboard
[root@master-1 ~]# kubectl create clusterrolebinding  \
> dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin

## 获取token
[root@master-1 ~]# kubectl describe secrets \
> -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')

image-20230919150358810

image-20230919150536221

单机节点

image-20230919151533974

高可用架构

image-20230919151636625

kubeadm init \
--apiserver-advertise-address=mha.wodeyumengouwo.com \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU

pod创建流程

image-20230919151803994

K8S核心资源

pod资源

image-20230919152122483

pod运行状态

状态 描述
Pending(等待) Pod已经被K8S系统接受,但是有一个或多个容器,尚未创建,亦未运行。此阶段包括
等待Pod被调度的时间和通过网络下载镜像的时间
Running(运行) Pod已经绑定到某个节点(node),Pod中所有容器都已被创建,至少有一个容器仍在运
行,或者处于启动或重启状态
Succeeded(成功) Pod中所有容器都已成功终止,并且不会再重启
Failed(失败) Pod中所有容器都已成功终止,并且有一个容器是因为失败而终止
Unknown(未知) 因为某些原因无法获取Pod状态,这种情况,通常是因为与Pod所在主机通信失败

Namespace

Namespace(名称空间)是K8S中非常重要的一个概念,Namespace将集群内部的资源进行隔离划分。

在Namespace中,形成逻辑上的不同项目组或用户组。

Controller

Controller用来管理Pod。

Pod控制器的种类有很多:

  • RC Replication Controller 控制Pod有多个副本
  • RS ReplicaSet RC控制器的升级版
  • Deployment 推荐使用,功能强大,包含了RS控制器
  • DaemonSet 保证所有的Node节点上,有且只有一个Pod运行
  • StatefulSet 有状态的应用,为Pod提供唯一标识,它可以保证部署和scale的顺序

Service网络资源

Service也是K8S核心资源之一,Service定义了服务的入口地址,用来将后端的Pod服务暴露给外部的用户访问。

image-20230919152513030

Label

Label标签是K8S中非常重要的一个属性,Label标签就像身份证一样,可以用来识别K8S的对象。传统架构中,不同的服务应用之间通讯,都是通过IP和端口,但是在K8S中很多匹配关系都是通过标签来找。

image-20230919152606464