k8s实战安装过程
1.创建服务实例
centos 7.9.4 版本
配置服务hostname
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-worker1
hostnamectl set-hostname k8s-worker2
2.centos 安装docker
https://docs.docker.com/engine/install/centos/
移出以前的docker包
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
配置yum源
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
#以下是在安装k8s的时候使用
yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6
启动docker
systemctl enable docker --now
配置加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
3.docker命令实战
找镜像
docker pull nginx #下载最新版
镜像名:版本名(标签)
docker pull nginx:1.20.1
docker pull redis #下载最新
docker pull redis:6.2.4
## 下载来的镜像都在本地
docker images #查看所有镜像
redis = redis:latest
docker rmi 镜像名:版本号/镜像id
启动容器
启动nginx应用容器,并映射88端口,测试的访问
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
【docker run 设置项 镜像名 】 镜像启动运行的命令(镜像里面默认有的,一般不会写)
# -d:后台运行
# --restart=always: 开机自启
docker run --name=mynginx -d --restart=always -p 88:80 nginx
# 查看正在运行的容器
docker ps
# 查看所有
docker ps -a
# 删除停止的容器
docker rm 容器id/名字
docker rm -f mynginx #强制删除正在运行中的
#停止容器
docker stop 容器id/名字
#再次启动
docker start 容器id/名字
#应用开机自启
docker update 容器id/名字 --restart=always
修改容器内容
# 进入容器内部的系统,修改容器内容
docker exec -it 容器id /bin/bash
# 挂载数据到外部修改
docker run --name=mynginx \
-d --restart=always \
-p 88:80 -v /data/html:/usr/share/nginx/html:ro \
nginx
# 修改页面只需要去 主机的 /data/html
提交改变
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
docker commit -a "leifengyang" -m "首页变化" 341d81f7504f guignginx:v1.0
镜像传输
# 将镜像保存成压缩包
docker save -o abc.tar guignginx:v1.0
# 别的机器加载这个镜像
docker load -i abc.tar
# 离线安装
推送到远程仓库
docker tag local-image:tagname new-repo:tagname
docker push new-repo:tagname
# 把旧镜像的名字,改成仓库要求的新版名字
docker tag guignginx:v1.0 leifengyang/guignginx:v1.0
# 登录到docker hub
docker login
docker logout(推送完成镜像后退出)
# 推送
docker push leifengyang/guignginx:v1.0
# 别的机器下载
docker pull leifengyang/guignginx:v1.0
补充
docker logs 容器名/id 排错
docker exec -it 容器id /bin/bash
# docker 经常修改nginx配置文件
docker run -d -p 80:80 \
-v /data/html:/usr/share/nginx/html:ro \
-v /data/conf/nginx.conf:/etc/nginx/nginx.conf \
--name mynginx-02 \
nginx
#把容器指定位置的东西复制出来
docker cp 5eff66eec7e1:/etc/nginx/nginx.conf /data/conf/nginx.conf
#把外面的内容复制到容器里面
docker cp /data/conf/nginx.conf 5eff66eec7e1:/etc/nginx/nginx.conf
4.创建自己的docker应用
1、编写自己的应用
编写一个HelloWorld应用
示例代码: https://gitee.com/leifengyang/java-demo.git
2、将应用打包成镜像
编写Dockerfile将自己的应用打包镜像
1、以前
Java为例
- SpringBoot打包成可执行jar
- 把jar包上传给服务
- 服务器运行java -jar
2、现在
所有机器都安装Docker,任何应用都是镜像,所有机器都可以运行
3、怎么打包-Dockerfile
FROM openjdk:8-jdk-slim
LABEL maintainer=leifengyang
COPY target/*.jar /app.jar
ENTRYPOINT ["java","-jar","/app.jar"]
docker build -t java-demo:v1.0 .
4、启动容器
docker run -d -p 8080:8080 --name myjava-app java-demo:v1.0
分享镜像
# 登录docker hub
docker login
#给旧镜像起名
docker tag java-demo:v1.0 leifengyang/java-demo:v1.0
# 推送到docker hub
docker push leifengyang/java-demo:v1.0
# 别的机器
docker pull leifengyang/java-demo:v1.0
# 别的机器运行
docker run -d -p 8080:8080 --name myjava-app java-demo:v1.0
5、部署中间件
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
#redis使用自定义配置文件启动
docker run -v /data/redis/redis.conf:/etc/redis/redis.conf \
-v /data/redis/data:/data \
-d --name myredis \
-p 6379:6379 \
redis:latest redis-server /etc/redis/redis.conf
5、k8s安装
1、基础环境
#各个机器设置自己的域名
hostnamectl set-hostname xxxx
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
2、安装kubelet、kubeadm、kubectl
每台机器都需要先安装kubelet,安装完成后kubelet 现在每隔几秒就会重启,因为它陷入了一个等待 kubeadm 指令的死循环
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
使用kubeadm在master机器上引导集群安装
下载各个机器需要的镜像
sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.9
kube-proxy:v1.20.9
kube-controller-manager:v1.20.9
kube-scheduler:v1.20.9
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
EOF
chmod +x ./images.sh && ./images.sh
初始化master节点
#所有机器添加master域名映射,以下需要修改为自己的
echo "172.19.143.4 cluster-endpoint" >> /etc/hosts
#主节点初始化
kubeadm init \
--apiserver-advertise-address=172.19.143.4 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
#所有网络范围不重叠
成功以后会显示如下提示命令
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join cluster-endpoint:6443 --token thl4hd.53wfd5wpz1eairvu \
--discovery-token-ca-cert-hash sha256:c3df8f156cca5db0ae1fa0a9a5ce2ac56cc003b7ca492693b570d76133b6a6b3 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join cluster-endpoint:6443 --token thl4hd.53wfd5wpz1eairvu \
--discovery-token-ca-cert-hash sha256:c3df8f156cca5db0ae1fa0a9a5ce2ac56cc003b7ca492693b570d76133b6a6b3
重新安装k8s的做法
kubeadm rest;
kubeadm init \
--apiserver-advertise-address=172.19.143.4 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
启动会报错,需要删除
rm -rf /etc/kubernetes/manifests/kube-apiserver.yaml
rm -rf /etc/kubernetes/manifests/kube-controller-manager.yaml
rm -rf /etc/kubernetes/manifests/kube-scheduler.yaml
rm -rf /etc/kubernetes/manifests/etcd.yaml
rm -rf /var/lib/etcd/*
#查看集群所有节点
kubectl get nodes
#根据配置文件,给集群创建资源
kubectl apply -f xxxx.yaml
#查看集群部署了哪些应用?
docker ps === kubectl get pods -A
# 运行中的应用在docker里面叫容器,在k8s里面叫Pod
kubectl get pods -A
设置.kube/config
复制上面命令
安装网络组件
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -O
# 3.25 版本会有calico-node启动不成功,且无法安装kubeshphere, 需要换成3.20版本的yaml
curl https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml -O
kubectl apply -f calico.yaml
4、加入node节点
kubeadm join cluster-endpoint:6443 --token thl4hd.53wfd5wpz1eairvu \
--discovery-token-ca-cert-hash sha256:c3df8f156cca5db0ae1fa0a9a5ce2ac56cc003b7ca492693b570d76133b6a6b3
新令牌
kubeadm token create --print-join-command
*高可用部署方式,也是在这一步的时候,使用添加主节点的命令即可*
6、部署dashboard
1、部署
kubernetes官方提供的可视化界面
https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
设置端口访问
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
type: ClusterIP 改为 type: NodePort
kubectl get svc -A |grep kubernetes-dashboard
## 找到端口,在安全组放行
访问: https://集群任意IP:端口 https://8.130.66.225:32350/
创建访问账号
#创建访问账号,准备一个yaml文件; vi dash.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
kubectl apply -f dash.yaml
获取令牌访问
#获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6IktfWkF2QXhISnNqTmRhM25FVFBMeUtzalpUWlItNTliYjVJRUt2bnFNZFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXE4bDl6Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxNzZjZmZkMi1kYmZkLTRlMTItODE0ZS01ZDZlMDYzNjVhM2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.XBz7DlWAVUnaRrGWcV7FHjnlYXl0nwsmCfAt59qGExt6uc4_p_Sqm4IQs6UbhStpdoo32OK8BdYiB1zlmrBk0MmwhIEnXsURTNW4ITae40M8F_Gw78u5p-mWU_0baZcoD_NZALHLxUnB1_XcWiJZ6czery48jkWtPq7Wt96D01ONW3wjRy3JEXOUVXNkkbX6yCZWHhNAlK_7nBGc7tOztyECbLNr3NZPayFoQ7MhcYB7hhh2Zu8Cglwj-CQO2NDs36QV9-jWNAZ3UoEAR9h6pRAmWtzQu68E7C5ZBeEDQFWWBI3BjvAhR7fCWxq0ExYsj7jmilSWj3_sF8sBtjplDA
6、k8s 实战
NameSpace 操作
kubectl create ns hello
kubectl delete ns hello
apiVersion: v1
kind: Namespace
metadata:
name: hello
POD操作
kubectl run mynginx --image=nginx
# 查看default名称空间的Pod
kubectl get pod
# 描述
kubectl describe pod 你自己的Pod名字
# 删除
kubectl delete pod Pod名字
# 查看Pod的运行日志
kubectl logs Pod名字
# 每个Pod - k8s都会分配一个ip
kubectl get pod -owide
# 使用Pod的ip+pod里面运行容器的端口
curl 192.168.169.136
# 集群中的任意一个机器以及任意的应用都能通过Pod分配的ip来访问这个Pod
安装nginx
1、创建namespace
nginx-namespace.yaml
apiVersion: v1 #类型为Namespace
kind: Namespace #类型为Namespace
metadata:
name: ns-test #命名空间名称
labels:
name: label-test #pod标签
#创建
kubectl create -f nginx-namespace.yaml
#查询
kubectl get namespace
2、创建Pod
一般不直接create pod,而是通过controller来创建pod。deployment为其中一种controller
nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: ns-test
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
#创建
kubectl create -f nginx-deployment.yaml
#查询
kubectl get deployment -n ns-test
#或 kubectl get pods -n ns-test
kubectl get pods -o wide -n ns-test
3、创建service
vim nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
namespace: ns-test
name: nginx-service
spec:
selector:
app: nginx
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 31111
#执行
kubectl create -f nginx-service.yaml
#查询
kubectl get svc nginx-service -o wide -n ns-test
部署ingress
安装
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
#修改镜像
vi deploy.yaml
#将image的值改为如下值:
registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
# 检查安装的结果
kubectl get pod,svc -n ingress-nginx
# 最后别忘记把svc暴露的端口要放行
如果遇到
service clusterIP 访问不通的情况
https://blog.csdn.net/shelutai/article/details/122734242?utm_medium=distribute.pc_relevant.none-task-blog-2defaultbaidujs_baidulandingword~default-0-122734242-blog-122384878.pc_relevant_3mothn_strategy_recovery&spm=1001.2101.3001.4242.1&utm_relevant_index=3
