极客时间运维进阶训练营第十二周作业
1、使用 kubeadm 部署一个分布式的 Kubernetes 集群。
### 部署前检查 https://mp.weixin.qq.com/s/ySnENeuIIq98FQNLpF7mYw ping # 保证ip地址、主机名均能正常通讯 dmidecode --type 1 # 查看product__uuid 必须唯一 cat /sys/class/dmi/id/product_uuid # 查看product__uuid 必须唯一 ### 安装和处理时间服务器-all apt install -y chrony systemctl start chrony systemctl enable chrony systemctl status chrony ### 关闭swap-all swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab # systemctl --type swap # systemctl mask SWAP_DEV ### 关闭防火墙-all ufw disable ufw status ### 安装docker-all sudo apt-get -y update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" sudo apt-get -y update sudo apt-get -y install docker-ce systemctl restart docker.service && systemctl enable docker.service docker info tee /etc/docker/daemon.json << "EOF" { "registry-mirrors": [ "https://registry.docker-cn.com" ], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "200m" }, "storage-driver": "overlay2" } EOF systemctl daemon-reload && systemctl restart docker.service ### 安装cri-docker -all cd /usr/local/src/ &&\ curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb dpkg -i /usr/local/src/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb systemctl restart cri-docker.service && systemctl status cri-docker.service 注: 至此docker、cridocker安装完毕 ### 安装kubeadmin kubelet kubectl apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update apt-cache madison kubelet #apt-get install -y kubelet=1.26.0-00 kubeadm=1.26.0-00 kubectl=1.26.0-00 apt-get install -y kubelet kubeadm kubectl ### 配置cri-docker与kubelet 整合 cp /usr/lib/systemd/system/cri-docker.service{,.bak} sed -i 's@ExecStart.*@ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d@g' /usr/lib/systemd/system/cri-docker.service systemctl daemon-reload && systemctl restart cri-docker.service mkdir /etc/sysconfig -pv tee /etc/sysconfig/kubelet<< "EOF" KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock" EOF systemctl daemon-reload && systemctl restart cri-docker.service ### 初始化第一个节点 master-node1 执行 kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock --image-repository=registry.aliyuncs.com/google_containers ### 处理pause 容器 -all docker pull registry.aliyuncs.com/google_containers/pause:3.6 docker tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6 apt search kubeadm # 查看kubeadm 版本,需要设置到初始化命令中 flannal 默认使用10.244.0.0/16 这个网络,calico 使用 192.168.0.0/16 kubeadm init --control-plane-endpoint="kubeapi.magedu.com" --kubernetes-version=v1.26.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs --image-repository=registry.aliyuncs.com/google_containers echo ''' Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of the control-plane node running the following command on each as root: kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \ --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e \ --control-plane --certificate-key 15fcdb76ec93d9b71f8e0c576db3ecb7e3db89f514c6c389f69ba139fde94665 Please note that the certificate-key gives access to cluster sensitive data, keep it secret! As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use "kubeadm init phase upload-certs --upload-certs" to reload certs afterward. Then you can join any number of worker nodes by running the following on each as root: kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \ --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e ''' 文件 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubelet get nodes # 检查是否安装成功 ### 安装CNI flannel -all vm cd /usr/local/src && curl -O https://github.com/flannel-io/flannel/releases/download/v0.20.2/flanneld-amd64 mkdir /opt/bin -pv cp /usr/local/src/flanneld-amd64 /opt/bin/flanneld chmod +x /opt/bin/flanneld kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml # master01 执行即可 kubectl get pods -n kube-flannel # 验证flannel 安装情况 kubectl get nodes # 此时master 节点也运行正常 ### 添加node 节点-所有work节点运行 kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e --cri-socket unix:///run/cri-dockerd.sock ### master 验证 kubectl get nodes kubectl get pods -n kube-system
2、在集群上编排运行 demoapp,并使用 Service 完成 Pod 发现和服务发布。
### 测试创建 kubectl create deployment demoapp \ --image=ikubernetes/demoapp:v1.0 \ --replicas=3 \ --dry-run=client \ -o yaml ### 创建demoapp应用 kubectl create deployment demoapp \ --image=ikubernetes/demoapp:v1.0 \ --replicas=3 ### 验证 kubectl get deployments kubectl get deployment kubectl get deploy ### 列出特定资源类型下的所用对象 kubectl get pods kubectl get pods -o wide ### 删除指定pod kubectl delete pods demoapp-75f59c894-vxdk9 ## service 资源 ### 查看类型 kubectl create service --help Available Commands: clusterip Create a ClusterIP service 仅能集群内部访问 externalname Create an ExternalName service loadbalancer Create a LoadBalancer service nodeport Create a NodePort service 集群内部和外部都能访问 ### 验证命令 kubectl create service nodeport demoapp --tcp=80:80 --dry-run=client -o yaml ### 查看pod 资源标签 label kubectl get pods --show-labels ### 创建service 对象 kubectl create service nodeport demoapp --tcp=80:80 ### 验证 kubectl get services kubectl get endpoints
3、要求以配置文件的方式,在集群上编排运行 nginx,并使用 Service 完成 Pod 发现和服务发布。
tee nginx-deployment-demo.yaml << "EOF" apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx name: nginx spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx:alpine name: nginx EOF kubectl create -f nginx-deployment-demo.yaml kubectl get deployments kubectl get pods kubectl get pods -o wide tee nginx-service-demo.yaml << "EOF" apiVersion: v1 kind: Service metadata: labels: app: nginx name: nginx spec: ports: - name: 80-80 port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: NodePort EOF kubectl create -f nginx-service-demo.yaml kubectl get services 此时在外部通过任意节点都能访问nginx http://192.168.56.168:30754/ ### 查看日志 kubectl logs nginx-6c557cc74d-cw7jl ### 扩容nginx kubectl scale deployment nginx --replicas=6 kubectl get pods -o wide ### 所容nginx kubectl scale deployment nginx --replicas=4 kubectl get pods -o wide