k8s集群安装学习笔记一——Kubernetes安装部署
简介:
系统初始化
Kubeadm部署安装
搭建harbor
系统初始化
安装依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
设置系统主机名以及 Host 文件的相互解析
hostnamectl set-hostname <hostname>
在 master及每台node 添加 hosts:(或者大型环境使用DNS解析)
$ cat >> /etc/hosts << EOF 192.168.31.61 k8s-master 192.168.31.62 k8s-node1 192.168.31.63 k8s-node2 EOF
设置防火墙为 iptables 并清空规则
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
关闭 SELINUX,关闭swap(防止容器在swap虚拟内存上运行)
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
调整内核参数
cat > kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1 #开启网桥模式
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0 #新版本的可能已经弃用了这条,删除即可
vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.overcommit_memory=1 # 不检查物理内存是否够用
vm.panic_on_oom=0 # 开启 OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1 #禁用ipv6
net.netfilter.nf_conntrack_max=2310720
EOF
cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
sysctl -p /etc/sysctl.d/kubernetes.conf
同步系统时间
# 设置系统时区为 中国/上海 timedatectl set-timezone Asia/Shanghai # 将当前的 UTC 时间写入硬件时钟 timedatectl set-local-rtc 0 # 重启依赖于系统时间的服务 systemctl restart rsyslog systemctl restart crond
设置 rsyslogd 和 systemd journald
mkdir /var/log/journal # 持久化保存日志的目录 mkdir /etc/systemd/journald.conf.d cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF [Journal] # 持久化保存到磁盘 Storage=persistent # 压缩历史日志 Compress=yes SyncIntervalSec=5m RateLimitInterval=30s RateLimitBurst=1000 # 最大占用空间 10G SystemMaxUse=10G # 单日志文件最大 200M SystemMaxFileSize=200M # 日志保存时间 2 周 MaxRetentionSec=2week # 不将日志转发到 syslog ForwardToSyslog=no EOF systemctl restart systemd-journald
升级系统内核
CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs,导致运行的 Docker、Kubernetes 不稳定
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm # 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置,如果没有,再安装 一次! yum --enablerepo=elrepo-kernel install -y kernel-lt # 设置开机从新内核启动 grub2-set-default 'CentOS Linux (5.4.144-1.el7.elrepo.x86_64) 7 (Core)' cat /proc/version
Kubeadm部署安装
所有节点安装 Docker/kubeadm/kubelet
Kubernetes 默认 CRI( 容器运行时) 为 Docker, 因此先安装 Docker
kube-proxy开启ipvs的前置条件
modprobe br_netfilter cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
安装 Docker 软件
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum update -y && yum install -y docker-ce ## 创建 /etc/docker 目录 mkdir /etc/docker # 配置 daemon. cat > /etc/docker/daemon.json <<EOF { "registry-mirrors": ["https://3qidreil.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" } } EOF mkdir -p /etc/systemd/system/docker.service.d # 重启docker服务 systemctl daemon-reload && systemctl restart docker && systemctl enable docker
添加阿里云 YUM 软件源
$ cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装 kubeadm, kubelet 和 kubectl
由于版本更新频繁,这里指定版本号部署
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0 systemctl enable kubelet
至此,以上步骤所有节点(master/slave)都执行就对了
部署 Kubernetes Master
在 192.168.31.61( Master) 执行
第一种初始化方式:(推荐,方便,自动下载)
$ kubeadm init \ --apiserver-advertise-address=192.168.44.146 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.18.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
--apiserver-advertise-address=x.x.x.x :kubeadm使用eth0的默认网络接口(通常是内网IP)做为Master节点的advertise address,如果我们想使用不同的网络接口,该参数来设置
初始化注意:kubernetes 1.24+版本之后,docker必须要加装cir-docker,否则初始化会报错,以下可能出现的报错是因为本次实验使用的是最新版v1.27.2,之前实验的v1.18.0版本未发现下列错误。
如果安装的是1.24+版本,执行下面步骤:
#卸载原安装docker,以免冲突 yum -y remove docker docker-common #切换镜像源 wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install -y docker-ce systemctl start docker systemctl enable docker #查看并验证 docker info
如果安装后启动不了docker,报错如下:
failed to start daemon: error initializing graphdriver: overlay2: unknown option overlay2.override_kernel_check: overlay2
解决方法一:
添加一块支持overlay2存储的,步骤如下:
1.看下文件系统是否支持了ftype,1表示开启,0为关闭
[root@k8s-master docker]# xfs_info /|grep ftype naming =version 2 bsize=4096 ascii-ci=0 ftype=0
ftype没有开启的话,可重新添加一块专给docker使用的磁盘即可
[root@k8s-master ~]# fdisk -l 磁盘 /dev/sda:107.4 GB, 107374182400 字节,209715200 个扇区 ... 设备 Boot Start End Blocks Id System /dev/sda1 * 2048 1026047 512000 83 Linux /dev/sda2 1026048 209715199 104344576 8e Linux LVM 磁盘 /dev/sdb:42.9 GB, 42949672960 字节,83886080 个扇区 ... 磁盘 /dev/mapper/centos-root:106.8 GB, 106845700096 字节,208683008 个扇区 ... [root@k8s-master ~]# mkfs.xfs -n ftype=1 /dev/sdb meta-data=/dev/sdb isize=512 agcount=4, agsize=2621440 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=10485760, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=5120, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@k8s-master ~]# blkid /dev/sdb /dev/sdb: UUID="05293869-8bac-4f8d-8d38-e5094538cf5f" TYPE="xfs" [root@k8s-master ~]# cat /etc/fstab /dev/mapper/centos-root / xfs defaults 0 0 UUID=f0a19dd7-d67c-4e3d-803c-7da78fb04021 /boot xfs defaults 0 0 UUID=05293869-8bac-4f8d-8d38-e5094538cf5f /data xfs defaults 0 0 #挂载 [root@k8s-master ~]# mount -a [root@k8s-master ~]# xfs_info /data|grep ftype naming =version 2 bsize=4096 ascii-ci=0 ftype=1 #创建目录给docker使用 mkdir /data/docker #修改docker配置文件 vim /etc/docker/daemon.json { "data-root": "/data/docker", "registry-mirrors": ["https://3qidreil.mirror.aliyuncs.com"] } #启动 systemctl start docker
解决方法二:
重新安装系统,设置盘符文件系统格式为ext4
注意:初始化可能会出现的错误一:
error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running: output: time="2023-06-15T09:31:33+08:00" level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" , error: exit status 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher
解决方法
[root@k8s-master ~]# rm -rf /etc/containerd/config.toml [root@k8s-master ~]# systemctl restart containerd
然后再执行初始化即可,例:
kubeadm init \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.27.2 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
注意:初始化可能会出现的错误二:
... [kubelet-check] Initial timeout of 40s passed. Unfortunately, an error has occurred: timed out waiting for the condition This error is likely caused by: - The kubelet is not running - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled) If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands: - 'systemctl status kubelet' - 'journalctl -xeu kubelet' Additionally, a control plane component may have crashed or exited when started by the container runtime. To troubleshoot, list all containers using your preferred container runtimes CLI. Here is one example how you may list all running Kubernetes containers by using crictl: - 'crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock ps -a | grep kube | grep -v pause' Once you have found the failing container, you can inspect its logs with: - 'crictl --runtime-endpoint unix:///var/run/containerd/containerd.sock logs CONTAINERID' error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster To see the stack trace of this error execute with --v=5 or higher
按提示命令进一步查看有很多如下错误:journalctl -xeu kubelet 6月 15 10:23:49 k8s-master kubelet[4567]: E0615 10:23:49.335726 4567 remote_runtime.go:176] "RunPodSandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to get sandbox image \"registry.k8s.io/pause:3.6\": failed to pull image \"registry.k8s.io/pause:3.6\": failed to pull and unpack image \"registry.k8s.io/pause:3.6\": failed to resolve reference \"registry.k8s.io/pause:3.6\": failed to do request: Head \"https://asia-east1-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 74.125.204.82:443: i/o timeout" 6月 15 10:23:49 k8s-master kubelet[4567]: E0615 10:23:49.335864 4567 kuberuntime_sandbox.go:72] "Failed to create sandbox for pod" err="rpc error: code = Unknown desc = failed to get sandbox image \"registry.k8s.io/pause:3.6\": failed to pull image \"registry.k8s.io/pause:3.6\": failed to pull and unpack image \"registry.k8s.io/pause:3.6\": failed to resolve reference \"registry.k8s.io/pause:3.6\": failed to do request: Head \"https://asia-east1-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 74.125.204.82:443: i/o timeout" pod="kube-system/kube-scheduler-k8s-master"
查看日志发现,是从registry.k8s.io拉取pause:3.6失败引起的
解决:修改 containerd 配置文件
# 自动生成配置文件 containerd config default > /etc/containerd/config.toml #修改配置文件记得重启服务 systemctl daemon-reload && systemctl restart containerd vim /etc/crictl.yaml runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false vim /etc/containerd/config.toml #修改,改用国内阿里云能访问到的地址 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" #保存,重启服务
然后重新初始化
#重置kubeadm kubeadm reset #初始化 kubeadm init \ --image-repository=registry.aliyuncs.com/google_containers \ --kubernetes-version=v1.27.2 \ --pod-network-cidr=10.244.0.0/16 \ --service-cidr=10.96.0.0/12 \ --ignore-preflight-errors=all
第二种初始化方式:(优点:速度快)
(能连上外网)后把镜像push下来打包手动初始化
把包上传至服务器
编写手动初始化脚本
vim load_images.sh ls /root/kubeadm-basic.images > /tmp/image-list.txt cd /root/kubeadm-basic.images for i in $(cat /tmp/image-list.txt) do docker load -i $i done rm -rf /tmp/image-list.txt
$ chmod a+x load-images.sh
$ ./load-images.sh
#获取默认初始化模板
kubeadm config print init-defaults > kubeadm-config.yaml
修改后如下:
localAPIEndpoint:
advertiseAddress: 192.168.66.10
kubernetesVersion: v1.15.1
networking:
podSubnet: "10.244.0.0/16" #pod的网段
serviceSubnet: 10.96.0.0/12
#并添加如下字段:
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs #把默认调度方式改为ipvs
#执行初始化
kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
#--experimental-upload-certs 自动颁发证书
查看上面日志(kubeadm-init.log)可以知道,还需要执行下面步骤:
使用kubectl命令行管理工具:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
#此时kubectl就可以使用了
#查看节点 $ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 4m13s v1.15.1
因为还没有构建flannel网络插件,所以上面状态的NotReady
构建flannel网络插件
mkdir -p install-k8s/core mv kubeadm-init.log kubeadm-config.yaml install-k8s/core cd install-k8s/ mkdir -p plugin/flannel cd plugin/flannel
#如果访问不了,可连接外网现下载下来,再上传服务器 wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml kubectl create -f kube-flannel.yml #可以通过flannel的资源清单创建相应文件 #查看pod运行状态(-n kube-system 指定名称空间-系统组件默认安装位置,必须指定,不加默认使用default的名称空间) kubectl get pod -n kube-system #可以查看到flannel组件运行了 #现在再查看节点(要稍等一会儿) kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master01 Ready master 4m13s v1.15.1
加入 Kubernetes Node
在192.168.1.12/13(Node)执行。
向集群添加新节点,执行在kubeadm-init.log输出的kubeadm join命令:
$ kubeadm join 192.168.1.11:6443 --token esce21.q6hetwm8si29qxwn \ --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5
注意:实验中v1.27.2使用上面命令添加节点时可能会报如下错误:
[preflight] Running pre-flight checks error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running: output: time="2023-06-15T15:15:26+08:00" level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService" , error: exit status 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher
解决:
[root@k8s-node1 ~]# vim /etc/containerd/config.toml [root@k8s-node1 ~]# rm -rf /etc/containerd/config.toml
然后重新执行kubeadm join即可
查看pod运行状态,可以看到新加入的节点正处于初始化状态中...
kubectl get pod -n kube-system
过一会儿后查看,即可看到新加入的节点也处于Ready状态了
kubectl get nodes
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:
kubeadm token create --print-join-command
注意:kubeadm join后,在master执行kubectl get pod -n kube-system可能会出现的问题:显示容器一直在创建中
[root@k8s-master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-7bdc4cb885-pdb7z 1/1 Running 0 3h57m coredns-7bdc4cb885-sc9lr 1/1 Running 0 3h57m etcd-k8s-master 1/1 Running 0 3h57m kube-apiserver-k8s-master 1/1 Running 0 3h57m kube-controller-manager-k8s-master 1/1 Running 2 3h57m kube-proxy-8zpvw 0/1 ContainerCreating 0 12m kube-proxy-9vfs9 1/1 Running 0 3h57m kube-proxy-bxjsz 0/1 ContainerCreating 0 12m kube-scheduler-k8s-master 1/1 Running 2 3h57m
查看容器详细信息
kubectl describe pod kube-proxy-8zpvw -n kube-system #报错信息 Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "registry.k8s.io/pause:3.6": failed to pull image "registry.k8s.io/pause:3.6": failed to pull and unpack image "registry.k8s.io/pause:3.6": failed to resolve reference "registry.k8s.io/pause:3.6": failed to do request: Head "https://asia-east1-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6": dial tcp 142.251.8.82:443: i/o timeout
同样按照上面master出现过的问题解决下即可/etc/containerd/config.toml
[root@k8s-node1 ~]# containerd config default > /etc/containerd/config.toml [root@k8s-node1 ~]# systemctl daemon-reload && systemctl restart containerd [root@k8s-node1 ~]# vim /etc/crictl.yaml
... [root@k8s-node1 ~]# vim /etc/containerd/config.toml
... [root@k8s-node1 ~]# systemctl daemon-reload && systemctl restart containerd
稍后再查看就正常了
[root@k8s-master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-7bdc4cb885-pdb7z 1/1 Running 0 4h12m coredns-7bdc4cb885-sc9lr 1/1 Running 0 4h12m etcd-k8s-master 1/1 Running 0 4h12m kube-apiserver-k8s-master 1/1 Running 0 4h12m kube-controller-manager-k8s-master 1/1 Running 2 4h12m kube-proxy-8zpvw 1/1 Running 0 26m kube-proxy-9vfs9 1/1 Running 0 4h12m kube-proxy-bxjsz 1/1 Running 0 27m kube-scheduler-k8s-master 1/1 Running 2 4h12m
再查看节点信息
[root@k8s-master ~]# kubectl get node -n kube-system NAME STATUS ROLES AGE VERSION k8s-master Ready control-plane 4h15m v1.27.2 k8s-node1 Ready <none> 30m v1.27.3 k8s-node2 Ready <none> 29m v1.27.3
正常
将k8s与harbor仓库连接起来
搭建harbor
Harbor官方地址: https://github.com/vmware/harbor/releases
先安装docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
给docker-compose添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
查看docker-compose是否安装成功
$ docker-compose -version docker-compose version 1.25.0, build 0a186604
下载Harbor的压缩包(本次安装 v2.0.1)
wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-offline-installer-v2.0.1.tgz
tar -xzf harbor-offline-installer-v2.0.1.tgz mkdir /opt/harbor mv harbor/* /opt/harbor cd /opt/harbor
修改Harbor的配置,没有的话复制harbor.yml.tmpl
vi harbor.yml 修改hostname和port hostname: 192.168.1.1 #harbor服务访问IP/域名 port: 85
安装Harbor
./prepare ./install.sh #如果需要支持存储helm的chart包,添加如下参数 ./install.sh --with-chartmuseum
访问
192.168.1.1:85 默认用户名密码admin/Harbor12345 账号密码可在配置文件里修改
启动、停止Harbor
docker-compose up -d 启动 docker-compose stop 停止 docker-compose restart 重新启动
推送镜像验证
先需要将仓库添加到docker配置里面
$ vim /etc/docker/daemon.json { "insecure-registries": ["192.168.1.1:85"] } $ systemctl restart docker
下载测试镜像
docker pull library/nginx:laster
给镜像重新打标签
docker tag library/nginx:laster 192.168.1.1:85/library/nginx:latest
登录Harbor仓库
[root@k8s-n1 harbor]# docker login 192.168.1.1:85
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像(推送命令可在harbor后台查看)
[root@k8s-n1 harbor]# docker push 192.168.1.1:85/library/nginx:latest The push refers to repository [192.168.1.1:85/library/nginx] 6c7de695ede3: Pushed 2f4accd375d9: Pushed ffc9b21953f4: Pushed latest: digest: sha256:8269a7352a7dad1f8b3dc83284f195bac72027dd50279422d363d49311ab7d9b size: 948
其他docker客户端下载测试
指定镜像仓库地址
$ vim /etc/docker/daemon.json { "insecure-registries": ["192.168.1.1:85"] } $ systemctl restart docker
下载测试镜像
docker pull 192.168.1.1:85/library/nginx:laster
测试k8s和harbor的连通性
创建一个deployment控制器来管理容器
kubectl run nginx-deployment --image=192.168.1.1:85/library/nginx:laster --port=80 --replicas=1
--image :指定镜像为harbor仓库的镜像
--port : 指定端口,不写默认也有
--replicas=1 :指定副本数为1,如果删除一个,为了保持副本数为1,就会自动创建一个新的补齐
#查看在每个 Deployment revision 中执行了哪些命令 kubectl get deployment #deployment会链接 ReplicaSet(rs),查看rs结果差不多 kubectl get rs #查看pod运行状态 kubectl get pod #查看pod运行状态及容器信息(包括启动时间、IP及在哪个节点运行) kubectl get pod -o wide #例如查到在A节点运行的,登录A节点使用docker命令可查看运行的容器 docker ps -a |grep nginx
删除一个pod
kubectl get pod
kubectl delete pod nginx-deployment-85756b779-shc41
扩容副本数(减压)
kubectl get deployment kubectl scale --replcas=3 deployment/nginx-deployment
测试 kubernetes 集群
在 Kubernetes 集群中创建一个 pod, 验证是否正常运行:
$ kubectl create deployment nginx-deploymen--image=nginx $ kubectl expose deployment nginx-deployment --port=80 --type=NodePort $ kubectl get pod,svc
kubectl expose deployment nginx-deploymen --port=8080 --target-port=80 kubectl get svc #得到NodeIP (service)
#访问
curl NodeIP:8080 #(会轮训访问三个副本)
注:上面k8s的deployment创建pod方式仅为测试操作,仅供初学了解,实际应用中基本通过资源清单的方式创建。
好记性不如烂笔头,最难不过坚持
