安装docker
// 安装docker
$ yum install -y docker-ce
// 开机启动 && 启动服务
$ systemctl enable docker && systemctl start docker
添加国内yum源
mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all && yum makecache
添加kubernetes.repo源
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装kubelet kubeadm kubectl(并设置开机启动,我这里是1.14.3版本)
yum install -y kubelet-1.14.3 kubeadm-1.14.3 kubectl-1.14.3
systemctl enable kubelet && systemctl start kubelet
初始化k8s,这里初始化有点久,耐心等待
kubeadm init --kubernetes-version=1.14.3 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
添加flannel网络
cat <<EOF> /etc/cni/net.d/10-flannel.conf
{"name":"cbr0","type":"flannel","delegate": {"isDefaultGateway": true}}
EOF
mkdir /usr/share/oci-umount/oci-umount.d -p
mkdir /run/flannel/
cat <<EOF> /run/flannel/subnet.env
FLANNEL_NETWORK=172.100.1.0/16
FLANNEL_SUBNET=172.100.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
kubectl apply -f kube-flannel.yml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.9.1
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.9.1
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "100m"
memory: "200Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
master允许运行节点
kubectl taint nodes --all node-role.kubernetes.io/master-
提示找不到kubectl
cp /etc/kubernetes/admin.conf ~/.kube/config
查看命令
//查看所有pod
kubectl get pods --all-namespaces
//查看指定名称空间下的pod
kubectl get pods -n kube-system
//查看节点错误信息
journalctl -f -u kubelet
//查看节点
kubectl get node
//查看服务
kubectl get svc
//查看rc
kubectl get rc
//查看deployment部署
kubectl get deployment
//查看pod信息
kubectl describe pod [PodName] -n kube-system
//查看pod日志
kubectl logs -f [PodName] -n kube-system
部署rc
apiVersion: v1
kind: ReplicationController
metadata:
name: tibos-test
spec:
replicas: 1
selector:
name: tibos-test
template:
metadata:
labels:
name: tibos-test
spec:
containers:
- name: tibos-test
image: tibos.test
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
部署svc
apiVersion: v1
kind: Service
metadata:
name: tibos-test
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
targetPort: 80
name: http
nodePort: 30099
selector:
name: tibos-test
部署Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tibos-ingress
spec:
rules:
- host: wmowm.com
http:
paths:
# 配置Context Path
- path: /test
backend:
serviceName: tibos-test
servicePort: 80
# 配置Context Path
- path: /test/v2
backend:
serviceName: tibos-test-v2
servicePort: 80
部署ConfigMap
apiVersion: v1
data:
appsettings.json: |
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AppSettings": {
"test": "666",
"test2": "第二个版本"
},
"AllowedHosts": "*"
}
kind: ConfigMap
metadata:
creationTimestamp: null
name: appsettings
namespace: default
部署Deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tibos-test-v5
spec:
selector:
matchLabels:
app: tibos-test-v5
template:
metadata:
labels:
app: tibos-test-v5
spec:
containers:
- name: tibos-test-v5
image: tibos.test.v5
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
volumeMounts:
- mountPath: /app/appsettings.json
name: test
readOnly: true
subPath: appsettings.json
volumes:
- configMap:
defaultMode: 420
name: appsettings
name: test
部署仪盘表
kubectl apply -f http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
//允许外部访问
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$'
//赋予admin权限,方便访问
cat kubernetes-dashboard.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
//再次加载仪盘表
kubectl apply -f kubernetes-dashboard.yaml
//启动代理,并挂载在后台运行
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' 1>/dev/null 2>&1 &
//访问地址
http://10.0.1.157:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
滚动升级
//rc
kubectl rolling-update tibos-test-v5 --image=tibos.test.v5
//deployments
kubectl set image deployment/tibos-test-v5 tibos-test-v5=tibos.test.v5
pod无法访问外网,节点添加一条路由规则
/sbin/iptables -t nat -I POSTROUTING -s 172.30.60.0/24 -j MASQUERADE
