kubernetes 1.24高可用集群二进制部署
kubeasz介绍
kubeasz github地址:
https://github.com/easzlab/kubeasz
软件结构
配置master 集群负载均衡与高可用
准备两台服务器部署keepalived与haproxy
1、配置haproxy
root@haproxyA:~# cat /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen k8s-6443 bind 192.168.100.188:6443 mode tcp server master1 192.168.100.2:6443 check inter 3s fall 3 rise 3 server master2 192.168.100.3:6443 check inter 3s fall 3 rise 3 server master3 192.168.100.4:6443 check inter 3s fall 3 rise 3
2、配置keepalived
Master:
root@haproxyA:~# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_20 } vrrp_instance VI_1 { state MASTER interface eth0 garp_master_delay 10 smtp_alert virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.100.188 dev eth0 label eth0:1 192.168.100.189 dev eth0 label eth0:2 192.168.100.190 dev eth0 label eth0:3 192.168.100.191 dev eth0 label eth0:4 192.168.100.192 dev eth0 label eth0:5 } }
Backup:
root@haproxyB:~# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_21 } vrrp_instance VI_1 { state BACKUP interface eth0 garp_master_delay 10 smtp_alert virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.100.188 dev eth0 label eth0:1 192.168.100.189 dev eth0 label eth0:2 192.168.100.190 dev eth0 label eth0:3 192.168.100.191 dev eth0 label eth0:4 192.168.100.192 dev eth0 label eth0:5 } }
启动haproxy和keepalived
root@haproxyA:~# systemctl restart haproxy keepalived root@haproxyB:~# systemctl restart haproxy keepalived
配置集群免密登录
设置所有节点都能够免密登录,并为每个节点设置python的软连接
root@deploy:~# apt install sshpass root@deploy:~# ssh-keygen
部署节点也执行python软连接
root@deploy:~# ln -sv /usr/bin/python3 /usr/bin/python root@deploy:~# cat key.sh #!/bin/bash IP=" 192.168.100.2 192.168.100.3 192.168.100.4 192.168.100.5 192.168.100.6 192.168.100.7 192.168.100.8 192.168.100.9 192.168.100.10 " for n in ${IP};do sshpass -p 123456 ssh-copy-id ${n} -o StrictHostKeyChecking=no echo "${n} done" ssh ${n} "ln -sv /usr/bin/python3 /usr/bin/python" echo "${n} /usr/bin/python3 done" done
配置hosts文件
root@deploy:/etc/kubeasz# cat /etc/hosts 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.100.15 harbor.cncf.net 192.168.100.2 master1 192.168.100.3 master2 192.168.100.4 master3 192.168.100.5 node1 192.168.100.6 node2 192.168.100.7 node3 192.168.100.8 etcd1 192.168.100.9 etcd2 192.168.100.10 etcd3
分发hosts文件到所有集群节点
root@deploy:~# for n in {2..10};do scp /etc/hosts 192.168.100.$n:/etc/;done
安装依赖组件
deploy节点安装ansible和git,也可以自行安装docker(可选)
root@deploy:~# apt install git ansible -y
配置时间同步
root@deploy:~ #for n in {2..10};do ssh 192.168.100.$n "apt install chrony -y;systemctl enable chrony --now";done
下载kubeasz
需要一台deploy部署服务器来安装kubeasz,并由这台服务器对k8s节点进行安装和管理。
下载kubeasz安装脚本
root@deploy:~# export release=3.3.1 root@deploy:~# wget https://github.com/easzlab/kubeasz/releases/download/${release}/ezdown root@deploy:~# chmod a+x ezdown
查看脚本,可以选择自定义kubernetes组件版本号;查看安装镜像手动拉去镜像到本地。该脚本以包含docker安装,如果本机如果已经安装docker则直接使用。
root@deploy:~# vim ezdown
下载镜像
下载kubeasz代码、二进制、默认容器镜像(更多关于ezdown的参数,运行./ezdown 查看)
root@deploy:~# ./ezdown -D
查看镜像
将deploy部署服务器下载好的所有镜像进行上传到本地harbor做一个归档备份
添加harbor域名解析
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# vim /etc/hosts 192.168.100.15 harbor.cncf.net
批量分发hosts问价到所有集群
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# for n in {2..10};do scp /etc/hosts 192.168.100.$n:/etc/;done
创建证书存放路径
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# mkdir /etc/docker/certs.d/harbor.cncf.net -p
Harbor将证书发送给客户端
root@Harbor:/usr/local/harbor/certs# scp cncf.net.crt 192.168.100.16:/etc/docker/certs.d/harbor.cncf.net/
docker登录harbor
root@deploy:/etc/docker/certs.d# docker login harbor.cncf.net Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
上传镜像到harbor
上传pause镜像
root@deploy:/etc/docker/certs.d# docker tag easzlab/pause:3.7 harbor.cncf.net/baseimages/pause:3.7 root@deploy:/etc/docker/certs.d# docker push harbor.cncf.net/baseimages/pause:3.7
上传calico/node镜像
root@deploy:/etc/kubeasz# docker tag calico/node:v3.19.4 harbor.cncf.net/baseimages/calico/node:v3.19.4 root@deploy:/etc/kubeasz# docker push harbor.cncf.net/baseimages/calico/node:v3.19.4
上传calico/pod2daemon-flexvol镜像
root@deploy:~# docker tag calico/pod2daemon-flexvol:v3.19.4 harbor.cncf.net/baseimages/calico/pod2daemon-flexvol:v3.19.4 root@deploy:~# docker push harbor.cncf.net/baseimages/calico/pod2daemon-flexvol:v3.19.4
上传calico/cni镜像
root@deploy:~# docker tag calico/cni:v3.19.4 harbor.cncf.net/baseimages/calico/cni:v3.19.4 root@deploy:~# docker push harbor.cncf.net/baseimages/calico/cni:v3.19.4
上传calico/kube-controllers镜像
root@deploy:~# docker tag calico/kube-controllers:v3.19.4 harbor.cncf.net/baseimages/calico/kube-controllers:v3.19.4 root@deploy:~# docker push harbor.cncf.net/baseimages/calico/kube-controllers:v3.19.4
执行安装
ezctl脚本使用介绍
脚本运行成功后,所有文件(kubeasz代码、二进制、离线镜像)均已整理好放入目录/etc/kubeasz下
角色目录
/etc/kubeasz/roles/
剧本目录
/etc/kubeasz/playboos/
所有组件的二进制文件路径
/etc/kubeasz/bin/
查看/etc/kubeasz下的ezctl脚本文件,包含了ansible部署剧本,脚本使用方法
root@deploy:/etc/kubeasz# ./ezctl --help
参数介绍:
new <cluster> 创建一个新的k8s集群去部署,<cluster>为k8s集群名称
setup <cluster> <step> 对k8s集群进行步骤安装,<setup>为步骤名称
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
创建集群配置
创建自定义集群名称k8s-cluster1
root@deploy:/etc/kubeasz# ./ezctl new k8s-cluster1
会在当前/etc/kubeasz/clusters/创建一个名称为k8s-cluster1的文件夹并将ansible资源清单(hosts)和变量文件(config.yaml)放在这个目录下
进入集群配置目录
root@deploy:/etc/kubeasz# cd clusters/k8s-cluster1/
编辑资源清单文件
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# vim hosts # 'etcd' cluster should have odd member(s) (1,3,5,...) [etcd] #指定etcd集群地址 192.168.100.8 192.168.100.9 192.168.100.10 # master node(s) #指定k8s master集群地址 [kube_master] 192.168.100.2 192.168.100.3 # work node(s) #指定k8s node集群地址 [kube_node] 192.168.1.5 192.168.1.6 # [optional] harbor server, a private docker registry # 'NEW_INSTALL': 'true' to install a harbor server; 'false' to integrate with existed one [harbor] #192.168.1.8 NEW_INSTALL=false # [optional] loadbalance for accessing k8s from outside [ex_lb] #192.168.1.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443 #192.168.1.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443 # [optional] ntp server for the cluster [chrony] #192.168.1.1 [all:vars] # --------- Main Variables --------------- # Secure port for apiservers SECURE_PORT="6443" #指定apiserver端口号,默认即可 # Cluster container-runtime supported: docker, containerd # if k8s version >= 1.24, docker is not supported CONTAINER_RUNTIME="containerd" #指定容器运行时,与kubeasz版本兼容有关 # Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn CLUSTER_NETWORK="calico" #指定网络插件 # Service proxy mode of kube-proxy: 'iptables' or 'ipvs' PROXY_MODE="ipvs" #指定svc模式 # K8S Service CIDR, not overlap with node(host) networking SERVICE_CIDR="10.100.0.0/16" #指定svc网络地址 # Cluster CIDR (Pod CIDR), not overlap with node(host) networking CLUSTER_CIDR="10.200.0.0/16" #指定pod网络地址 # NodePort Range NODE_PORT_RANGE="30000-62767" #指定svc nodeport端口范围 # Cluster DNS Domain CLUSTER_DNS_DOMAIN="cluster.local" #指定集群节点dns后缀 # -------- Additional Variables (don't change the default value right now) --- # Binaries Directory bin_dir="/usr/local/bin" #指定集群节点二进制安装命令存放路径 # Deploy Directory (kubeasz workspace) base_dir="/etc/kubeasz" #指定kubeasz的配置目录 # Directory for a specific cluster cluster_dir="{{ base_dir }}/clusters/k8s-cluster1" #指定集群配置目录 # CA and other components cert/key Directory ca_dir="/etc/kubernetes/ssl" #指定证书签发路径
修改config.yaml修改安装k8s的组件配置
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# vim config.yml ############################ # prepare ############################ # 可选离线安装系统软件包 (offline|online) INSTALL_SOURCE: "online" # 可选进行系统安全加固 github.com/dev-sec/ansible-collection-hardening OS_HARDEN: false ############################ # role:deploy ############################ # default: ca will expire in 100 years # default: certs issued by the ca will expire in 50 years CA_EXPIRY: "876000h" CERT_EXPIRY: "438000h" # kubeconfig 配置参数 CLUSTER_NAME: "cluster1" CONTEXT_NAME: "context-{{ CLUSTER_NAME }}" # k8s version K8S_VER: "1.24.2" ############################ # role:etcd ############################ # 设置不同的wal目录,可以避免磁盘io竞争,提高性能 ETCD_DATA_DIR: "/var/lib/etcd" ETCD_WAL_DIR: "" ############################ # role:runtime [containerd,docker] ############################ # ------------------------------------------- containerd # [.]启用容器仓库镜像 ENABLE_MIRROR_REGISTRY: true # [containerd]基础容器镜像 SANDBOX_IMAGE: "harbor.cncf.net/baseimages/pause:3.7" #修改为本地镜像harbor仓库地址 # [containerd]容器持久化存储目录 CONTAINERD_STORAGE_DIR: "/var/lib/containerd" # ------------------------------------------- docker # [docker]容器存储目录 DOCKER_STORAGE_DIR: "/var/lib/docker" # [docker]开启Restful API ENABLE_REMOTE_API: false # [docker]信任的HTTP仓库 INSECURE_REG: '["http://easzlab.io.local:5000"]' ############################ # role:kube-master ############################ # k8s 集群 master 节点证书配置,可以添加多个ip和域名(比如增加公网ip和域名)#添加master 高可用和负载均衡的vip地址 MASTER_CERT_HOSTS: - "192.168.100.188" - "k8s.easzlab.io" #- "www.test.com" # node 节点上 pod 网段掩码长度(决定每个节点最多能分配的pod ip地址) # 如果flannel 使用 --kube-subnet-mgr 参数,那么它将读取该设置为每个节点分配pod网段 #calico地址网段长度默认为26位 # https://github.com/coreos/flannel/issues/847 NODE_CIDR_LEN: 24 ############################ # role:kube-node ############################ # Kubelet 根目录 KUBELET_ROOT_DIR: "/var/lib/kubelet" # node节点最大pod 数 #修改每个节点最大pod数量 MAX_PODS: 500 # 配置为kube组件(kubelet,kube-proxy,dockerd等)预留的资源量 # 数值设置详见templates/kubelet-config.yaml.j2 KUBE_RESERVED_ENABLED: "no" # k8s 官方不建议草率开启 system-reserved, 除非你基于长期监控,了解系统的资源占用状况; # 并且随着系统运行时间,需要适当增加资源预留,数值设置详见templates/kubelet-config.yaml.j2 # 系统预留设置基于 4c/8g 虚机,最小化安装系统服务,如果使用高性能物理机可以适当增加预留 # 另外,集群安装时候apiserver等资源占用会短时较大,建议至少预留1g内存 SYS_RESERVED_ENABLED: "no" ############################ # role:network [flannel,calico,cilium,kube-ovn,kube-router] ############################ # ------------------------------------------- flannel # [flannel]设置flannel 后端"host-gw","vxlan"等 FLANNEL_BACKEND: "vxlan" DIRECT_ROUTING: false # [flannel] flanneld_image: "quay.io/coreos/flannel:v0.10.0-amd64" flannelVer: "v0.15.1" flanneld_image: "easzlab.io.local:5000/easzlab/flannel:{{ flannelVer }}" # ------------------------------------------- calico # [calico]设置 CALICO_IPV4POOL_IPIP=“off”,可以提高网络性能,条件限制详见 docs/setup/calico.md CALICO_IPV4POOL_IPIP: "Always" # [calico]设置 calico-node使用的host IP,bgp邻居通过该地址建立,可手工指定也可以自动发现 IP_AUTODETECTION_METHOD: "can-reach={{ groups['kube_master'][0] }}" # [calico]设置calico 网络 backend: brid, vxlan, none CALICO_NETWORKING_BACKEND: "brid" # [calico]设置calico 是否使用route reflectors # 如果集群规模超过50个节点,建议启用该特性 CALICO_RR_ENABLED: false # CALICO_RR_NODES 配置route reflectors的节点,如果未设置默认使用集群master节点 # CALICO_RR_NODES: ["192.168.1.1", "192.168.1.2"] CALICO_RR_NODES: [] # [calico]更新支持calico 版本: [v3.3.x] [v3.4.x] [v3.8.x] [v3.15.x] calico_ver: "v3.19.4" # [calico]calico 主版本 calico_ver_main: "{{ calico_ver.split('.')[0] }}.{{ calico_ver.split('.')[1] }}" # ------------------------------------------- cilium # [cilium]镜像版本 cilium_ver: "1.11.6" cilium_connectivity_check: true cilium_hubble_enabled: false cilium_hubble_ui_enabled: false # ------------------------------------------- kube-ovn # [kube-ovn]选择 OVN DB and OVN Control Plane 节点,默认为第一个master节点 OVN_DB_NODE: "{{ groups['kube_master'][0] }}" # [kube-ovn]离线镜像tar包 kube_ovn_ver: "v1.5.3" # ------------------------------------------- kube-router # [kube-router]公有云上存在限制,一般需要始终开启 ipinip;自有环境可以设置为 "subnet" OVERLAY_TYPE: "full" # [kube-router]NetworkPolicy 支持开关 FIREWALL_ENABLE: true # [kube-router]kube-router 镜像版本 kube_router_ver: "v0.3.1" busybox_ver: "1.28.4" ############################ # role:cluster-addon ############################ # coredns 自动安装 dns_install: "no" #取消安装 corednsVer: "1.9.3" ENABLE_LOCAL_DNS_CACHE: false dnsNodeCacheVer: "1.21.1" # 设置 local dns cache 地址 LOCAL_DNS_CACHE: "169.254.20.10" # metric server 自动安装 metricsserver_install: "no" #取消安装 metricsVer: "v0.5.2" # dashboard 自动安装 #取消安装 dashboard_install: "no" dashboardVer: "v2.5.1" dashboardMetricsScraperVer: "v1.0.8" # prometheus 自动安装 #取消安装 prom_install: "no" prom_namespace: "monitor" prom_chart_ver: "35.5.1" # nfs-provisioner 自动安装 #取消安装 nfs_provisioner_install: "no" nfs_provisioner_namespace: "kube-system" nfs_provisioner_ver: "v4.0.2" nfs_storage_class: "managed-nfs-storage" nfs_server: "192.168.1.10" nfs_path: "/data/nfs" # network-check 自动安装 #取消安装 network_check_enabled: false network_check_schedule: "*/5 * * * *" ############################ # role:harbor ############################ # harbor version,完整版本号 HARBOR_VER: "v2.1.3" HARBOR_DOMAIN: "harbor.easzlab.io.local" HARBOR_TLS_PORT: 8443 # if set 'false', you need to put certs named harbor.pem and harbor-key.pem in directory 'down' HARBOR_SELF_SIGNED_CERT: true # install extra component HARBOR_WITH_NOTARY: false HARBOR_WITH_TRIVY: false HARBOR_WITH_CLAIR: false HARBOR_WITH_CHARTMUSEUM: true
初始化集群安装
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 01
剧本文件为:/etc/kubeasz/playbooks/01.preare.yml
剧本角色执行文件:/etc/kubeasz/roles/prepare/tasks
部署etcd集群
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 02
剧本文件为:/etc/kubeasz/playbooks/02.etcd.yml
剧本角色执行文件:/etc/kubeasz/roles/etcd/tasks
登录etcd集群查看节点状态
root@etcd1:~# export NODE_IPS="192.168.100.8 192.168.100.9 192.168.100.10" root@etcd1:~# for n in ${NODE_IPS};do etcdctl --endpoints=https://${n}:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem endpoint health;done
root@etcd1:~# for n in ${NODE_IPS};do etcdctl --endpoints=https://${n}:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem --write-out=table endpoint status;done
部署集群runtime
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
修改containerd的配置文件,添加本地集群的harbor镜像仓库验证
root@deploy:/etc/kubeasz# cd roles/containerd/templates/ root@deploy:/etc/kubeasz/roles/containerd/templates# vim config.toml.j2 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.cncf.net"] endpoint = ["https://harbor.cncf.net"] [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.cncf.net".tls] insecure_skip_verify = true [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.cncf.net".auth] username = "admin" password = "123456"
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 03
剧本文件为:/etc/kubeasz/playbooks/03.runtime.yml
剧本角色执行文件:/etc/kubeasz/roles/containerd/tasks
部署k8s master
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 04
剧本文件:/etc/kubeasz/playbooks/04.kube-master.yml
剧本角色执行文件:/etc/kubeasz/roles/kube-master/tasks
kubenetes Master节点验证
部署k8s node
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 05
剧本文件:/etc/kubeasz/playbooks/05.kube-node.yml
剧本角色执行文件:/etc/kubeasz/roles/kube-node/tasks/
节点验证
root@master1:~# kubectl get nodes
部署网络插件calico
root@deploy:/etc/kubeasz/clusters/k8s-cluster1# cd /etc/kubeasz/ root@deploy:/etc/kubeasz# ./ezctl setup --help
将镜像统一修改为本地harbor的镜像仓库地址
root@deploy:/etc/kubeasz# cd roles/calico/templates/ root@deploy:/etc/kubeasz/roles/calico/templates# vim calico-v3.19.yaml.j2
修改calico-cni镜像仓库地址
修改calico/pod2daemon-flexvol镜像仓库地址
修改calico/node镜像仓库地址
修改calico/kube-controllers镜像仓库地址
root@deploy:/etc/kubeasz# ./ezctl setup k8s-cluster1 06
剧本文件:/etc/kubeasz/playbooks/06.network.yml
剧本角色执行文件:/etc/kubeasz/roles/calico/tasks
节点验证:
简单测试k8s
root@deploy:/etc/kubeasz# kubectl create ns test root@deploy:~# kubectl config set-context --namespace test --current root@deploy:~# kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * context-cluster1 cluster1 admin test root@deploy:~# kubectl run test --image=centos:7.9.2009 sleep 100000 root@deploy:~# kubectl run test2 --image=centos:7.9.2009 sleep 100000 root@deploy:~# kubectl run test3 --image=centos:7.9.2009 sleep 100000 root@deploy:~# kubectl get pods NAME READY STATUS RESTARTS AGE test 0/1 ContainerCreating 0 3s
测试pod网络:
1、测试不同node下的pod网络
2、测试外网的网络访问
kubernetes集群维护
节点维护
1、添加master节点
root@deploy:/etc/kubeasz# ./ezctl add-master k8s-cluster1 192.168.100.4
验证节点
2、添加node节点
root@deploy:/etc/kubeasz# ./ezctl add-node k8s-cluster1 192.168.100.7
验证node节点
本文来自博客园,作者:PunchLinux,转载请注明原文链接:https://www.cnblogs.com/punchlinux/p/16524596.html
分类:
kubernetes
标签:
第二周
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 记一次.NET内存居高不下排查解决与启示