Kubernetes基础入门
官网:TP
kubeadm官方文档:TP
docker官方文档:TP
prometheus官方文档:TP
ansible安装k8s项目:TP
阿里云ACK:TP
亚马逊云EKS:TP
K8s介绍
https://kubernetes.io/zh-cn/docs/concepts/overview
Kubernetes 这个名字源于希腊语,意为“舵手”或“飞行员”。k8s 这个缩写是因为 k 和 s 之间有八个字符的关系
k8s组件
两大主要组件master,node
-
master(控制平面组件 新版本叫Control Plane Components)
- apiserver:司令部(所有组件之间沟通,都需要经过apiserver)
- etcd:存储K8S所有数据的爹
- scheduler:资源计算/资源调度
- controller:控制器
-
node
- kubelet:启动容器,创建pod
- container runtime:容器运行时
- kube-proxy:网络,端口映射
k8s安装方式
1)kubeadm
2)二进制
3)Rancher(高级版,k8s图形化界面)
4)Ansible
5)阿里云ACK、AWS的EKS
kubeadm部署
环境准备
主机名
IP
角色
配置推荐
安装软件
master-1
10.0.0.110
master
1C4G40G
API Server、Controller、Scheduler、Kube-proxy、Kubelet、etcd
node-1
10.0.0.111
node1
1C2G40G
Docker、Kubelet、Kube-proxy
node-2
10.0.0.112
node2
1C2G40G
Docker、Kubelet、Kube-proxy
IP规划
三种Service IP
Pod IP
10.2.0.0
Cluster IP
10.1.0.0
Node IP
10.0.0.0
安装前环境优化(所有节点)
| 主机名 | IP | 角色 | 配置推荐 | 安装软件 |
|---|---|---|---|---|
| master-1 | 10.0.0.110 | master | 1C4G40G | API Server、Controller、Scheduler、Kube-proxy、Kubelet、etcd |
| node-1 | 10.0.0.111 | node1 | 1C2G40G | Docker、Kubelet、Kube-proxy |
| node-2 | 10.0.0.112 | node2 | 1C2G40G | Docker、Kubelet、Kube-proxy |
| 三种Service IP | |
|---|---|
| Pod IP | 10.2.0.0 |
| Cluster IP | 10.1.0.0 |
| Node IP | 10.0.0.0 |
安装前环境优化(所有节点)
1)禁用swap
# 添加kubelet配置
cat >/etc/sysconfig/kubelet <<EOF
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF
swapoff -a2)开启内核转发
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
EOF3)文件描述符
cat >>/etc/sysctl.conf<<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
fs,file-max=52706963
fs.nr_open=52706963
EOF
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter4)免密登录(master-1)
[root@master-1 ~]# ssh-keygen
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.110
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.111
[root@master-1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 10.0.0.1125)hosts解析
cat >>/etc/hosts<<EOF
10.0.0.110 master-1
10.0.0.111 node-1
10.0.0.112 node-2
EOF
for i in master-1 node-1 node-2;do ping -c1 -W1 $i;done6)时间同步
yum install -y chrony
systemctl start chronyd
systemctl enable chronyd7)加载ipvs模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
## 给ipvs脚本添加执行权限,并执行脚本
chmod +x /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules
## 检查是否加载成功
lsmod|grep -e 'ip_vs' -e 'nf_conntrack_ipv'8)安装指定版本docker
## 下载docker官方源
[root@master-1 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
## 更改成清华源
[root@master-1 ~]# sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
## 安装指定版本docker
[root@master-1 ~]# yum install -y docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io
## 查看不同版本的docker-ce
yum list docker-ce --showduplicates9)配置docker镜像加速和cgroup驱动
mkdir -p /etc/docker
cat >> /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://wonf909n.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl restart docker安装kubeadm(所有节点)
## 1.换源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 2.安装指定版本
yum install kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3 ipvsadm -y
kubelet:控制node节点启动容器(POD)
kubeadm:帮你安装K8S的
kubectl:操作k8s的命令
# 3.启动kubelet
systemctl start kubelet
systemctl enable kubelet
# 4.初始化集群(只需要master)
kubeadm init \
--apiserver-advertise-address=10.0.0.110 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU
### 参数详解
# Master主节点ip (做负载均衡的话 就填负载均衡的ip 来实现Master集群)
--apiserver-advertise-address=10.0.0.110 \
# 拉取的阿里云镜像地址
--image-repository registry.aliyuncs.com/google_containers \
# 指定安装的kubeadm的版本
--kubernetes-version=v1.19.3 \
# 指定 Cluster IP
--service-cidr=10.1.0.0/16 \
# 指定 Pod IP
--pod-network-cidr=10.2.0.0/16 \
# 指定使用根容器的dns
--service-dns-domain=cluster.local \
# 忽略Swap空间的警告
--ignore-preflight-errors=Swap \
# 忽略CUP的警告 因为默认会需要2个CUP
--ignore-preflight-errors=NumCPU
## 初始化完成后最后这一段保存下来
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
## 如果没保存可以kubeadm reset重新初始化(所有节点)
[root@master-1 ~]# kubeadm reset
[root@node-1 ~]# kubeadm reset
[root@node-2 ~]# kubeadm reset
## 删除证书(master)
[root@master-1 ~]# rm -fr ~/.kube/*
## master重新初始化,node加入master
## 上面有用的信息↓
## 主节点要进行的操作 在家目录下创建配置文件并授权
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
## node节点的操作 和主节点建立连接
kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
##主节点创建配置文件并授权
[root@master-1 ~]# mkdir -p $HOME/.kube
[root@master-1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
## 查看集群节点
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 3h54m v1.19.3
## 修改网络模式为ipvs
[root@master-1 ~]# kubectl edit cm kube-proxy -n kube-system
修改 mode:"" 为 mode:"ipvs"
## 重启服务
[root@master-1 ~]# kubectl -n kube-system get pod|grep kube-proxy|awk '{print "kubectl -n kube-system delete pod "$1}'|bash
## 查看kube-proxy
[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-vwjdz 1/1 Running 0 26s
node加入master
[root@node-1 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
[root@node-2 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 4h1m v1.19.3
node-1 NotReady <none> 2m49s v1.19.3
node-2 NotReady <none> 2m44s v1.19.3
[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-f4z2h 1/1 Running 0 51m
kube-proxy-ts2tj 1/1 Running 0 51m
kube-proxy-vwjdz 1/1 Running 0 54m
配置flannel
# 1.下载flannel代码
打开网站下载:https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml
## 本地下载
- 原版
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel.yml
- 修改完成版本(下载这个忽略下面修改源码步骤)
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel_bernb.yml
## 修改源码,容器配置清单
Network:"10.2.0.0/16"
- --iface=eth0
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.22.3
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth0
## 执行flannel资源清单
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
## 拉镜像很慢提前下载好镜像(node-1 node-2导入就行)
[root@node-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_cni_v1.2.0.tgz
[root@node-2 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_v0.22.3.tgz
[root@node-1 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-1 ~]# docker load < flannel_v0.22.3.tgz
[root@node-2 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-2 ~]# docker load < flannel_v0.22.3.tgz
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
## 查看flannel的pod
[root@master-1 ~]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-6tgvh 1/1 Running 0 111s
kube-flannel-ds-8cx9b 1/1 Running 0 111s
kube-flannel-ds-csl4g 1/1 Running 0 111s
## 查看节点状态
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready <none> 17h v1.19.3
node-2 Ready <none> 17h v1.19.3
## 给角色打标签
[root@master-1 ~]# kubectl label node node-1 node-role.kubernetes.io/node01=
node/node-1 labeled
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02=
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready node01 17h v1.19.3
node-2 Ready node02 17h v1.19.3
## 删除标签
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02-
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 26h v1.19.3
node-1 Ready node01 22h v1.19.3
node-2 Ready <none> 22h v1.19.3
k8s黑科技命令补全
1.安装bash-completion
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
2.应用kubectl的completion到系统环境
source <(kubectl completion bash)
kubectl completion bash > /etc/bash_completion.d/kubectl
k8s图形化界面
## 下载
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/k8s_dashboard.tgz
## 解压
[root@master-1 ~]# tar xf k8s_dashboard.tgz
## 推送到node-1 node-2
[root@master-1 ~]# for i in node-1 node-2;do scp dashboard.v2.0.0.tar.gz metrics-scraper.v1.0.4.tar.gz $i:/root;done
## 导入镜像
[root@node-1 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-1 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
[root@node-2 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-2 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
## 部署
[root@master-1 ~]# kubectl apply -f recommended-2.0.yaml
## 授权
[root@master-1 ~]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
[root@master-1 ~]# kubectl create clusterrolebinding \
> dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
## 获取token
[root@master-1 ~]# kubectl describe secrets \
> -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
## 1.换源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 2.安装指定版本
yum install kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3 ipvsadm -y
kubelet:控制node节点启动容器(POD)
kubeadm:帮你安装K8S的
kubectl:操作k8s的命令
# 3.启动kubelet
systemctl start kubelet
systemctl enable kubelet
# 4.初始化集群(只需要master)
kubeadm init \
--apiserver-advertise-address=10.0.0.110 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU
### 参数详解
# Master主节点ip (做负载均衡的话 就填负载均衡的ip 来实现Master集群)
--apiserver-advertise-address=10.0.0.110 \
# 拉取的阿里云镜像地址
--image-repository registry.aliyuncs.com/google_containers \
# 指定安装的kubeadm的版本
--kubernetes-version=v1.19.3 \
# 指定 Cluster IP
--service-cidr=10.1.0.0/16 \
# 指定 Pod IP
--pod-network-cidr=10.2.0.0/16 \
# 指定使用根容器的dns
--service-dns-domain=cluster.local \
# 忽略Swap空间的警告
--ignore-preflight-errors=Swap \
# 忽略CUP的警告 因为默认会需要2个CUP
--ignore-preflight-errors=NumCPU
## 初始化完成后最后这一段保存下来
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
## 如果没保存可以kubeadm reset重新初始化(所有节点)
[root@master-1 ~]# kubeadm reset
[root@node-1 ~]# kubeadm reset
[root@node-2 ~]# kubeadm reset
## 删除证书(master)
[root@master-1 ~]# rm -fr ~/.kube/*
## master重新初始化,node加入master
## 上面有用的信息↓
## 主节点要进行的操作 在家目录下创建配置文件并授权
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
## node节点的操作 和主节点建立连接
kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
##主节点创建配置文件并授权
[root@master-1 ~]# mkdir -p $HOME/.kube
[root@master-1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
## 查看集群节点
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 3h54m v1.19.3
## 修改网络模式为ipvs
[root@master-1 ~]# kubectl edit cm kube-proxy -n kube-system
修改 mode:"" 为 mode:"ipvs"
## 重启服务
[root@master-1 ~]# kubectl -n kube-system get pod|grep kube-proxy|awk '{print "kubectl -n kube-system delete pod "$1}'|bash
## 查看kube-proxy
[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-vwjdz 1/1 Running 0 26s[root@node-1 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
[root@node-2 ~]# kubeadm join 10.0.0.110:6443 --token dc5grt.gubbjdm6nbz2l2py \
--discovery-token-ca-cert-hash sha256:3aacf2bd173543af8374e9fa1a421fd24ad7b82c89aaeb3422395e6acc1ff1a0
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 4h1m v1.19.3
node-1 NotReady <none> 2m49s v1.19.3
node-2 NotReady <none> 2m44s v1.19.3
[root@master-1 ~]# kubectl get -n kube-system pod|grep 'kube-proxy'
kube-proxy-f4z2h 1/1 Running 0 51m
kube-proxy-ts2tj 1/1 Running 0 51m
kube-proxy-vwjdz 1/1 Running 0 54m配置flannel
# 1.下载flannel代码
打开网站下载:https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml
## 本地下载
- 原版
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel.yml
- 修改完成版本(下载这个忽略下面修改源码步骤)
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel_bernb.yml
## 修改源码,容器配置清单
Network:"10.2.0.0/16"
- --iface=eth0
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.22.3
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth0
## 执行flannel资源清单
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
## 拉镜像很慢提前下载好镜像(node-1 node-2导入就行)
[root@node-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_cni_v1.2.0.tgz
[root@node-2 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_v0.22.3.tgz
[root@node-1 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-1 ~]# docker load < flannel_v0.22.3.tgz
[root@node-2 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-2 ~]# docker load < flannel_v0.22.3.tgz
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
## 查看flannel的pod
[root@master-1 ~]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-6tgvh 1/1 Running 0 111s
kube-flannel-ds-8cx9b 1/1 Running 0 111s
kube-flannel-ds-csl4g 1/1 Running 0 111s
## 查看节点状态
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready <none> 17h v1.19.3
node-2 Ready <none> 17h v1.19.3
## 给角色打标签
[root@master-1 ~]# kubectl label node node-1 node-role.kubernetes.io/node01=
node/node-1 labeled
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02=
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready node01 17h v1.19.3
node-2 Ready node02 17h v1.19.3
## 删除标签
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02-
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 26h v1.19.3
node-1 Ready node01 22h v1.19.3
node-2 Ready <none> 22h v1.19.3
k8s黑科技命令补全
1.安装bash-completion
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
2.应用kubectl的completion到系统环境
source <(kubectl completion bash)
kubectl completion bash > /etc/bash_completion.d/kubectl
k8s图形化界面
## 下载
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/k8s_dashboard.tgz
## 解压
[root@master-1 ~]# tar xf k8s_dashboard.tgz
## 推送到node-1 node-2
[root@master-1 ~]# for i in node-1 node-2;do scp dashboard.v2.0.0.tar.gz metrics-scraper.v1.0.4.tar.gz $i:/root;done
## 导入镜像
[root@node-1 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-1 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
[root@node-2 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-2 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
## 部署
[root@master-1 ~]# kubectl apply -f recommended-2.0.yaml
## 授权
[root@master-1 ~]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
[root@master-1 ~]# kubectl create clusterrolebinding \
> dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
## 获取token
[root@master-1 ~]# kubectl describe secrets \
> -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
# 1.下载flannel代码
打开网站下载:https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml
## 本地下载
- 原版
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel.yml
- 修改完成版本(下载这个忽略下面修改源码步骤)
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/kube-flannel_bernb.yml
## 修改源码,容器配置清单
Network:"10.2.0.0/16"
- --iface=eth0
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.22.3
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth0
## 执行flannel资源清单
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
## 拉镜像很慢提前下载好镜像(node-1 node-2导入就行)
[root@node-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_cni_v1.2.0.tgz
[root@node-2 ~]# wget https://download.wodeyumengouwo.com/kubernetes/flannel_v0.22.3.tgz
[root@node-1 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-1 ~]# docker load < flannel_v0.22.3.tgz
[root@node-2 ~]# docker load < flannel_cni_v1.2.0.tgz
[root@node-2 ~]# docker load < flannel_v0.22.3.tgz
[root@master-1 ~]# kubectl apply -f kube-flannel_bernb.yml
## 查看flannel的pod
[root@master-1 ~]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-6tgvh 1/1 Running 0 111s
kube-flannel-ds-8cx9b 1/1 Running 0 111s
kube-flannel-ds-csl4g 1/1 Running 0 111s
## 查看节点状态
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready <none> 17h v1.19.3
node-2 Ready <none> 17h v1.19.3
## 给角色打标签
[root@master-1 ~]# kubectl label node node-1 node-role.kubernetes.io/node01=
node/node-1 labeled
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02=
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 21h v1.19.3
node-1 Ready node01 17h v1.19.3
node-2 Ready node02 17h v1.19.3
## 删除标签
[root@master-1 ~]# kubectl label node node-2 node-role.kubernetes.io/node02-
node/node-2 labeled
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 26h v1.19.3
node-1 Ready node01 22h v1.19.3
node-2 Ready <none> 22h v1.19.31.安装bash-completion
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
2.应用kubectl的completion到系统环境
source <(kubectl completion bash)
kubectl completion bash > /etc/bash_completion.d/kubectl## 下载
[root@master-1 ~]# wget https://download.wodeyumengouwo.com/kubernetes/k8s_dashboard.tgz
## 解压
[root@master-1 ~]# tar xf k8s_dashboard.tgz
## 推送到node-1 node-2
[root@master-1 ~]# for i in node-1 node-2;do scp dashboard.v2.0.0.tar.gz metrics-scraper.v1.0.4.tar.gz $i:/root;done
## 导入镜像
[root@node-1 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-1 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
[root@node-2 ~]# docker load < dashboard.v2.0.0.tar.gz
[root@node-2 ~]# docker load < metrics-scraper.v1.0.4.tar.gz
## 部署
[root@master-1 ~]# kubectl apply -f recommended-2.0.yaml
## 授权
[root@master-1 ~]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
[root@master-1 ~]# kubectl create clusterrolebinding \
> dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
## 获取token
[root@master-1 ~]# kubectl describe secrets \
> -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
单机节点
高可用架构
kubeadm init \
--apiserver-advertise-address=mha.wodeyumengouwo.com \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPUpod创建流程
K8S核心资源
pod资源
pod运行状态
状态 描述
Pending(等待) Pod已经被K8S系统接受,但是有一个或多个容器,尚未创建,亦未运行。此阶段包括
等待Pod被调度的时间和通过网络下载镜像的时间
Running(运行) Pod已经绑定到某个节点(node),Pod中所有容器都已被创建,至少有一个容器仍在运
行,或者处于启动或重启状态
Succeeded(成功) Pod中所有容器都已成功终止,并且不会再重启
Failed(失败) Pod中所有容器都已成功终止,并且有一个容器是因为失败而终止
Unknown(未知) 因为某些原因无法获取Pod状态,这种情况,通常是因为与Pod所在主机通信失败
状态 描述
Pending(等待) Pod已经被K8S系统接受,但是有一个或多个容器,尚未创建,亦未运行。此阶段包括
等待Pod被调度的时间和通过网络下载镜像的时间
Running(运行) Pod已经绑定到某个节点(node),Pod中所有容器都已被创建,至少有一个容器仍在运
行,或者处于启动或重启状态
Succeeded(成功) Pod中所有容器都已成功终止,并且不会再重启
Failed(失败) Pod中所有容器都已成功终止,并且有一个容器是因为失败而终止
Unknown(未知) 因为某些原因无法获取Pod状态,这种情况,通常是因为与Pod所在主机通信失败Namespace
Namespace(名称空间)是K8S中非常重要的一个概念,Namespace将集群内部的资源进行隔离划分。
在Namespace中,形成逻辑上的不同项目组或用户组。
Controller
Controller用来管理Pod。
Pod控制器的种类有很多:
- RC Replication Controller 控制Pod有多个副本
- RS ReplicaSet RC控制器的升级版
- Deployment 推荐使用,功能强大,包含了RS控制器
- DaemonSet 保证所有的Node节点上,有且只有一个Pod运行
- StatefulSet 有状态的应用,为Pod提供唯一标识,它可以保证部署和scale的顺序
Service网络资源
Service也是K8S核心资源之一,Service定义了服务的入口地址,用来将后端的Pod服务暴露给外部的用户访问。
Label
Label标签是K8S中非常重要的一个属性,Label标签就像身份证一样,可以用来识别K8S的对象。传统架构中,不同的服务应用之间通讯,都是通过IP和端口,但是在K8S中很多匹配关系都是通过标签来找。
