k8s-基础入门

 

kubeadm-dind-cluster 工具来快速地部署一个 kubernetes 集群,并且在其上使用 kubectl 来熟练掌握集群的基本结构及概念。

 

知识点

  • Kubernetes 集群的基本结构
  • kubectl 的基本使用
  • Resource 的基本概念
  • Namespace 的基本概念

相关链接

 

 kubeadm-dind-cluster 提供了一种非常简单的运行 kubernetes 集群的方式。我们可以使用预先提供的脚本直接运行一个 kubernetes 集群。本次实验所使用的 kubernetes 环境 为 1.15。

?
1
2
3
4
5
6
7
8
9
10
11
tom@ubuntu:~/Desktop/k8s/Code$ docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
 
Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info

  

ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/

 

?
1
2
3
4
sudo groupadd docker          #添加docker用户组
sudo gpasswd -a $XXX docker   #检测当前用户是否已经在docker用户组中,其中XXX为用户名,例如我的,liangll
sudo gpasswd -a $USER docker  #将当前用户添加至docker用户组
newgrp docker                 #更新docker用户组

  

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
tom@ubuntu:~/Desktop/k8s/Code$ ./dind-cluster-v1.15.sh
WARNING: No swap limit support
usage:
  ./dind-cluster-v1.15.sh up
  ./dind-cluster-v1.15.sh reup
  ./dind-cluster-v1.15.sh down
  ./dind-cluster-v1.15.sh init kubeadm-args...
  ./dind-cluster-v1.15.sh join kubeadm-args...
  ./dind-cluster-v1.15.sh clean
  ./dind-cluster-v1.15.sh pause
  ./dind-cluster-v1.15.sh unpause
  ./dind-cluster-v1.15.sh snapshot
  ./dind-cluster-v1.15.sh restore
  ./dind-cluster-v1.15.sh copy-image [image_name]
  ./dind-cluster-v1.15.sh e2e [test-name-substring]
  ./dind-cluster-v1.15.sh e2e-serial [test-name-substring]
  ./dind-cluster-v1.15.sh dump
  ./dind-cluster-v1.15.sh dump64
  ./dind-cluster-v1.15.sh split-dump
  ./dind-cluster-v1.15.sh split-dump64

  

 

需要用到的命令不多,直接用 up 就可以启动一个集群

由于 coredns 和 kubernetes-dashboard 启动需要消耗较长时间并且在实验环境中会启动失败,所以脚本中已经禁用了这两项。而且它们在实验中用到的地方不多,具体可以等到用到的时候再处理

从输出的结果来看,kubernetes 集群也是一个典型的 master-slave 架构。这样的结构中 master 节点上会部署很多控制组件,slave 上只需运行一些 agent 即可。

curl: (35) gnutls_handshake() failed: Error in the pull function

?
1
2
3
执行sudo apt-get install libcurl4-openssl-dev
执行此句时会把libcurl4-gnutls-dev这个包给删除先,然后再安装。这两个包是互相冲突的,安谁会把另一个先卸掉。
大概理解是,curl的依赖包中有libcurl4-gnutls-dev,这个是默认的,但我们需要libcurl4-openssl-dev,因为这个更好用,对https支持地更好<br><br>

tom@ubuntu:~/Desktop/k8s/Code$ curl -V
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

 

  

 小窍门

?
1
2
gpasswd -a cold root //将用户cold加入到root组
gpasswd -d cold root //将用户cold从root组中移出

  

kubectl 的基本使用

kubectl 是与 kubernetes 集群交互的一个命令行工具。我们可以用它来查看和管理 kubernetes 集群。kubernetes 对外通过 http 端口暴露服务,kubectl 正是通过与 kubernets api server 的 http 端口交互来操作集群。

 

 

?
1
 

tom@ubuntu:~/Desktop/k8s/Code$ sudo vim /etc/sysctl.conf
[sudo] password for tom:
tom@ubuntu:~/Desktop/k8s/Code$ sudo sysctl -p
vm.max_map_count = 655360
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2

  

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
shiyanlou:~/ $ cat /etc/hosts                                        [16:57:08]
127.0.0.1   localhost
 
# The following lines are desirable for IPv6 capable hosts
::1 localhost   ip6-localhost   ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 
172.20.102.125  iZrj92px5d0b9btkc0hzewZ iZrj92px5d0b9btkc0hzewZ
 
10.111.123.198  iZbp181owrnv9r9uzp4pt1Z iZbp181owrnv9r9uzp4pt1Z
 
10.111.126.135  iZbp18wjcayoy3u826rcpeZ iZbp18wjcayoy3u826rcpeZ
 
10.111.114.26   iZbp1967kgohhiwr38iwirZ iZbp1967kgohhiwr38iwirZ

  

?
1
2
3
4
5
6
7
8
9
tom@ubuntu:~/Desktop/3/docker2$ docker stop $(docker ps -aq)
a7ffdde23269
540b166bc8d9
9e61e4b80a96
tom@ubuntu:~/Desktop/3/docker2$ docker rm  $(docker ps -aq)
a7ffdde23269
540b166bc8d9
9e61e4b80a96
tom@ubuntu:~/Desktop/3/docker2$ docker rmi  $(docker images -q)

  

?
1
2
3
4
5
6
7
8
9
10
11
12
13
配置镜像加速器
针对Docker客户端版本大于 1.10.0 的用户
 
您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器
 
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://19b12x6i.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

  

 

 

minikube

https://minikube.sigs.k8s.io/docs/start/

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
 sudo install minikube-linux-amd64 /usr/local/bin/minikube
sudo usermod -aG docker $USER && newgrp docker<br><br>
minikube start
 
Interact with your cluster
If you already have kubectl installed, you can now use it to access your shiny new cluster:
 
kubectl get po -A
Alternatively, minikube can download the appropriate version of kubectl, if you don’t mind the double-dashes in the command-line:
 
minikube kubectl -- get po -A
Initially, some services such as the storage-provisioner, may not yet be in a Running state. This is a normal condition during cluster bring-up, and will resolve itself momentarily. For additional insight into your cluster state, minikube bundles the Kubernetes Dashboard, allowing you to get easily acclimated to your new environment:
 
minikube dashboard
4Deploy applications
Create a sample deployment and expose it on port 8080:
 
kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4
kubectl expose deployment hello-minikube --type=NodePort --port=8080
It may take a moment, but your deployment will soon show up when you run:
 
kubectl get services hello-minikube
The easiest way to access this service is to let minikube launch a web browser for you:
 
minikube service hello-minikube
Alternatively, use kubectl to forward the port:
 
kubectl port-forward service/hello-minikube 7080:8080
Tada! Your application is now available at http://localhost:7080/
 
LoadBalancer deployments
To access a LoadBalancer deployment, use the “minikube tunnel” command. Here is an example deployment:
 
kubectl create deployment balanced --image=k8s.gcr.io/echoserver:1.4 
kubectl expose deployment balanced --type=LoadBalancer --port=8080
In another window, start the tunnel to create a routable IP for the ‘balanced’ deployment:
 
minikube tunnel
To find the routable IP, run this command and examine the EXTERNAL-IP column:
 
kubectl get services balanced
Your deployment is now available at <EXTERNAL-IP>:8080
 
5Manage your cluster
Pause Kubernetes without impacting deployed applications:
 
minikube pause
Halt the cluster:
 
minikube stop
Increase the default memory limit (requires a restart):
 
minikube config set memory 16384
Browse the catalog of easily installed Kubernetes services:
 
minikube addons list
Create a second cluster running an older Kubernetes release:
 
minikube start -p aged --kubernetes-version=v1.16.1
Delete all of the minikube clusters:
 
minikube delete --all

  

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
docker批量导入镜像
 
ll *.image|awk '{print $NF}'|sed -r 's#(.*)#docker load -i \1#' |bash
 
使用一段时间Docker之后,本地会有很多的没用了的镜像,逐条手动删除很费时,所以弄个脚本批量删除,如下,删除以192.168.33.10开头的镜像名称,只要这个镜像没有被使用,会被删除。
 
    List-1
 
docker images|awk '{print $1":"$2}'|grep 192.168.33.10|xargs -t docker rmi
    如下若是,除了mysql、postgresql、kibana、elastic、mongo除外的没有在运行的容器会被删除,xargs的-t参数会打印出执行的命令
 
    List-2
 
docker ps -a|egrep -v 'mysql|post|kiban|elas|mongo'|awk '{print $1}'|xargs -t docker rm
    有些时候会有些<none>的镜像,如下List-3,可能是临时产生的,删除这种镜像,直接用List-1中的是不行的
 
    List-3
 
mjduan@mjduan:/opt/tmp/images$ docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             SIZE
<none>                                 <none>              fb522ae76d1c        3 days ago          993MB
<none>                                 <none>              4966b6e23631        3 days ago          662MB
<none>                                 <none>              3d30ff829e3d        3 days ago          738MB
<none>                                 <none>              82d66f605ccd        3 days ago          738MB
<none>                                 <none>              53df78f6d849        3 days ago          683MB
<none>                                 <none>              dd914a092541        3 days ago          738MB
    List-4
 
#这种,注意awk中要用\t隔开,后面的awk才能得到我们想要的$2
docker images|awk '{print  $1"\t"$3}'|grep "<none"|awk '{print $2}'| xargs -t docker rmi
#或者下面这种
docker images|grep "<none"|awk '{print $3}'|xargs -t docker rmi

  docker批量导出镜像

 

docker将镜像上传到仓库

使用python

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import os
import subprocess
import re
if __name__ == "__main__":
    # sudo docker login --username=15088694571 registry.cn-hangzhou.aliyuncs.com  987654321qwe
 
    p = subprocess.Popen('docker images', shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    for line in p.stdout.readlines():
        #print(line)
        m = re.match(r'([^\s]*\s*)\s([^\s]*\s)', line.decode("utf-8"))
#       print(m.group(1).strip('')+""+m.group(2).strip(''))
        iname = m.group(1).strip()
        itag = m.group(2).strip()
        tarname   = iname+":"+itag
         
        filename = iname.split("/")[-1].strip()
        targetname = "registry.cn-hangzhou.aliyuncs.com/lzj123/"+filename+":"+itag
         
        cmd = "docker tag "+tarname+"  "+ targetname
        print("cmd-----------------------------")
        print(cmd)
        os.system(cmd)
       #docker tag 37bb9c63c8b2 registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816
 
        cmd2 = "docker push "+"  "+ targetname
        print(cmd2)
       # sudo docker push registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816
        os.system(cmd2)
 
        print("cmd-----------------------------")
    retval = p.wait()