k8s实践

k8s实践20220804

virtualbox新建虚拟机,cpu 2核

虚拟机 ip
k8s-master 10.242.0.180
k8s-node1 10.242.0.181
k8s-node2 10.242.0.182

节点CPU核数必须是 :>= 2核 ,否则k8s无法启动

DNS网络: 最好设置为 本地网络连通的DNS,否则网络不通,无法下载一些镜像 linux内核: linux内核必须是 4 版本以上,因此必须把linux核心进行升级。

配置主机名解析(所有节点)

a.master节点

[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-master

b.node1节点

[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-node1

c.node2节点

[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-node2
关闭防火墙(所有节点)
[root@k8s-master ~]# systemctl stop firewalld.service
[root@k8s-master ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
关闭selinux(所有节点)
[root@k8s-master ~]# sed -i.bak 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@k8s-master ~]# setenforce 0
禁用swap,默认情况下系统的swap都是打开的(所有节点)
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# echo 'swapoff -a' >>/etc/rc.local
[root@k8s-master ~]#
配置ntp服务器
a.master节点
[root@k8s-master ~]# rpm -qa|grep ntp
fontpackages-filesystem-1.44-8.el7.noarch
ntp-4.2.6p5-29.el7.centos.2.x86_64
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
python-ntplib-0.3.2-1.el7.noarch
[root@k8s-master ~]# systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: di                                                                                                                 sabled)
   Active: inactive (dead)
[root@k8s-master ~]# systemctl stop chronyd
[root@k8s-master ~]# systemctl disable chronyd
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@k8s-master ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /us                                                                                                                 r/lib/systemd/system/ntpd.service.
[root@k8s-master ~]# systemctl start ntpd
[root@k8s-master ~]# vi /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0 iburst

[root@k8s-master ~]# systemctl restart ntpd
[root@k8s-master ~]# systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2022-08-04 16:16:51 CST; 13s ago
  Process: 6228 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 6229 (ntpd)
    Tasks: 1
   CGroup: /system.slice/ntpd.service
           └─6229 /usr/sbin/ntpd -u ntp:ntp -g

8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 5 virbr0 192.168.122.1 UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 6 lo ::1 UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 7 enp0s3 fe80::5be8:e38:b68e:a30d UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 8 enp0s8 fe80::2dde:dad2:57cc:433b UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listening on routing socket on fd #25 for interface updates
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c016 06 restart
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c011 01 freq_not_set
8月 04 16:16:51 k8s-master systemd[1]: Started Network Time Service.
8月 04 16:16:52 k8s-master ntpd[6229]: 0.0.0.0 c514 04 freq_mode
[root@k8s-master ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(0)        .LOCL.           5 l   53   64    1    0.000    0.000   0.000

b.node节点
[root@k8s-node1 ~]# vi /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 10.242.0.180 iburst
restrict 10.242.0.180 nomodify notrap noquery

[root@k8s-node1 ~]# ntpdate -u 10.242.0.180
 4 Aug 16:49:48 ntpdate[5850]: adjust time server 10.242.0.180 offset 0.009751 sec
[root@k8s-node1 ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@k8s-node1 ~]# systemctl start ntpd
[root@k8s-node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*k8s-master      LOCAL(0)         6 u    -   64    1    0.511   -5.559   0.027
[root@k8s-node1 ~]#

安装docker(所有节点)

[root@k8s-node2 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@k8s-node2 ~]# yum -y install docker-ce
[root@k8s-node1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@k8s-node1 ~]# systemctl start docker

# 配置镜像加速器。如果是中途更换的镜像加速器,需要先systemctl daemon-reload,然后再systemctl restart docker。
[root@k8s-master ~]# vi /etc/docker/daemon.json

{
  "registry-mirrors": ["https://p4y8tfz4.mirror.aliyuncs.com"]
}
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker

配置文件:/etc/sysctl.d/kubernetes.conf
[root@k8s-node2 ~]# vi /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-node2 ~]# sysctl -p /etc/sysctl.d/kubernetes.conf

配置k8s的yum仓库,安装kubeadm、kubelet、kubectl组件

[root@k8s-master ~]# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# 组件的版本要与下面kubernetes初始化时指定的版本保持一致。
[root@k8s-node2 ~]# yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
[root@k8s-node2 ~]# systemctl enable kubelet.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
# PS:此处无需启动kubelet,后续将节点join到集群时,会自动拉起。
k8s集群初始化(master节点操作)
[root@k8s-master ~]# kubeadm --help
Usage:
  kubeadm [command]
Available Commands:
  alpha             # 处于测试中不太完善的命令
  config            # 显示当前配置
  init              # 初始化集群
  join              # 各Node节点加入集群中时使用
  reset             # 每个节点都可以用,把配置还原到最初始的状态。
  upgrade           # 升级集群的版本。
# print参数也是有子命令的,使用下面命令可以查看集群初始化时的预设配置,其中一些与我们真实环境不匹配,可以在初始化时手动指定修改
[root@k8s-master ~]# kubeadm config print init-defaults
imageRepository: k8s.gcr.io			# 默认加载镜像的仓库,需要梯子才能访问,如果知道国内别的仓库有需要的镜像,初始化时可以手动指定仓库地址。
kind: ClusterConfiguration
kubernetesVersion: v1.18.0			# k8s版本,这是初始化会加载的配置,如果与你预期的版本不符,自行修改。
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12		# Service网络默认网段。
scheduler: {}
# 至于Pod网络间通讯,k8s只提供CNI,真正实现网络通信需要借助第三方插件,如flannel、calico,两者各有优劣。flannel的默认地址是10.244.0.0/16,calico的默认地址是192.168.0.0/16。不使用默认地址也可以,只要保证部署网路插件时yaml中指定的网段与k8s部署时指定的Pod网络网段一致就可。
初始化
kubeadm init \
--apiserver-advertise-address=10.242.0.180 \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
    --discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
查看集群信息
a.查看集群健康状态
[root@k8s-master ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok
etcd-0               Healthy   {"health":"true"}
scheduler            Healthy   ok
b.查看集群版本
[root@k8s-master ~]# kubectl version --short
Client Version: v1.18.0
Server Version: v1.18.0
c.查看集群信息
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://10.242.0.180:6443
KubeDNS is running at https://10.242.0.180:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
d.查看集群节点
[root@k8s-master ~]#  kubectl get node
NAME         STATUS     ROLES    AGE    VERSION
k8s-master   NotReady   master   6m1s   v1.18.0

上条命令表示master节点是NotReady的,通过看日志

tail -f /var/log/messages

发现是缺少网络插件,下面会安装。

[root@k8s-master ~]# tail -f /var/log/messages
Aug  4 18:51:32 k8s-master kubelet: E0804 18:51:32.195996   13422 kubelet.go:2187] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

PS:我们能够在master上查看集群信息,主要就是因为家目录下的.kube/config文件(admin.conf),也就是将这个文件拷贝到别的主机后,别的主机也可以使用查看集群的相关信息,并不建议这么做,存在一定的风险性。

部署calico网络插件(master节点)
  1. 上面在集群初始化时指定了Pod网络网段为10.244.0.0/16,calico的默认网段为192.168.0.0/16,所以我们需要先修改下配置文件
[root@k8s-master ~]# mkdir -p /server/k8s
[root@k8s-master ~]# cd /server/k8s/
[root@k8s-master k8s]# wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
[root@k8s-master k8s]# vi calico.yaml
            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16
  1. 安装calico网络插件。
[root@k8s-master k8s]# kubectl apply -f calico.yaml
error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"

以上报错是由于k8s不支持当前calico版本的原因,可以在在官网查看版本是否兼容

[root@k8s-master k8s]# curl https://docs.projectcalico.org/v3.18/manifests/calico.yaml -O
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  184k  100  184k    0     0   133k      0  0:00:01  0:00:01 --:--:--  133k
[root@k8s-master k8s]# ll
总用量 188
-rw-r--r--. 1 root root 189190 8月   4 19:03 calico.yaml
[root@k8s-master k8s]# vi calico.yaml
            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16
[root@k8s-master k8s]# kubectl apply -f calico.yaml
configmap/calico-config created

查看插件安装状态(需要等几分钟)

[root@k8s-master k8s]# kubectl get pod -n kube-system -w
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-7b5bcff94c-lkchg   1/1     Running   0          3m54s
calico-node-jngnv                          1/1     Running   0          3m54s
coredns-7ff77c879f-72zdb                   1/1     Running   0          25m
coredns-7ff77c879f-f224k                   1/1     Running   0          25m
etcd-k8s-master                            1/1     Running   0          26m
kube-apiserver-k8s-master                  1/1     Running   0          26m
kube-controller-manager-k8s-master         1/1     Running   1          26m
kube-proxy-xvzl6                           1/1     Running   0          25m
kube-scheduler-k8s-master                  1/1     Running   1          26m

## -n:指定名称空间 ## -w:实时查看pod状态。 ## READY状态取决于网速。

[root@k8s-master k8s]# kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   58m   v1.18.0
node节点加入集群
kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
    --discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c

[root@k8s-node1 ~]# kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
>     --discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c
W0804 19:44:16.219681    2990 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.17. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@k8s-master k8s]# kubectl get node
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   Ready      master   61m   v1.18.0
k8s-node1    NotReady   <none>   93s   v1.18.0

Todo:暂时还未找到node节点状态为NotReady的原因

安装dashboard
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommendeyaml
[root@k8s-master ~]# vi recommended.yaml
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001			# 添加此行,此处端口可用范围为30000-32767。
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort		# 添加此行
[root@k8s-master ~]# kubectl apply -f recommended.yaml
[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-xk45h   1/1     Running   0          4m37s
kubernetes-dashboard-7f99b75bf4-wwkxb        1/1     Running   0          4m37s


生成登录token

[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-66h75
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: c5e02604-5fe7-406d-b72a-25d1b48f1372

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImdGbVFEQVd5eVZMR2pNN1M4TnZ5aTdFOU1rZzU3NmhUYm92enVoc054Y2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNjZoNzUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzVlMDI2MDQtNWZlNy00MDZkLWI3MmEtMjVkMWI0OGYxMzcyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.s-ubWGu9-YR03eN5PEvuoss8w4GdPkA3Ud8bt313SATdTaW6Q1rY4NMC3nfA2FQ4PhyNOL0vmTsOWlsLqNPwEHltDaEVtw2M6RLIYMD2hofZm6pmu1KASnqmYKFaR0Ch3aTh4fA1jrnNQgnUS5lgJoDAtQPhwCNjq4CPllgXVkXROaXdiga0qmyF7TlzOFj57AYiwP2OkD9-xL081oXjvp9kjYQphWhMsaPSg48S3r24qBeybDzXqv_vwnltIYS0ieHD31Zp60DD4YFKY3jnBJghqgH8wvy5ABkVBIwVHf4_FSWDvWncVbZHId0vC_TdDG2krsYu80wyDFWeOUUtGw
[root@k8s-master ~]#

namespace
创建namespace

[root@master ~]# kubectl create ns dev
namespace/dev created

删除namespace

[root@master ~]# kubectl delete ns dev
namespace "dev" deleted

查看Pod基本信息

[root@master ~]# kubectl get pods -n dev

查看Pod的详细信息

[root@master ~]# kubectl describe pod nginx -n dev

删除指定Pod
# 删除指定Pod
[root@master ~]# kubectl delete pod nginx -n dev
pod "nginx" deleted

# 此时,显示删除Pod成功,但是再查询,发现又新产生了一个 
[root@master ~]# kubectl get pods -n dev
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          21s

# 这是因为当前Pod是由Pod控制器创建的,控制器会监控Pod状况,一旦发现Pod死亡,会立即重建
# 此时要想删除Pod,必须删除Pod控制器

# 先来查询一下当前namespace下的Pod控制器
[root@master ~]# kubectl get deploy -n  dev
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   1/1     1            1           9m7s

# 接下来,删除此PodPod控制器
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted

# 稍等片刻,再查询Pod,发现Pod被删除了
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.
创建一个pod-nginx.yaml

内容如下

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: dev
spec:
  containers:
  - image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
    name: pod
    ports:
    - name: nginx-port
      containerPort: 82
      protocol: TCP

创建:kubectl create -f pod-nginx.yaml

删除:kubectl delete -f pod-nginx.yaml

部署nginx


[root@k8s-master ~]# kubectl describe pod nginx -n dev
Name:         nginx
Namespace:    dev
Priority:     0
Node:         <none>
Labels:       <none>
Annotations:  <none>
Status:       Pending
IP:
IPs:          <none>
Containers:
  pod:
    Image:        registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
    Port:         82/TCP
    Host Port:    0/TCP
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-7tkps (ro)
Conditions:
  Type           Status
  PodScheduled   False
Volumes:
  default-token-7tkps:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-7tkps
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason            Age        From               Message
  ----     ------            ----       ----               -------
  Warning  FailedScheduling  <unknown>  default-scheduler  0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.
  Warning  FailedScheduling  <unknown>  default-scheduler  0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.
[root@k8s-master ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
node/k8s-master untainted
[root@k8s-master ~]# kubectl get pods -n dev
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          5m26s
  • 允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-
  • 设置不允许调度
kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule

污点可选参数

  • NoSchedule: 一定不能被调度
  • PreferNoSchedule: 尽量不要调度
  • NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod
Label用于给某个资源对象定义标识
1.增加标识
[root@k8s-master ~]# kubectl label pod nginx version=1.0 -n dev
pod/nginx labeled
[root@k8s-master ~]# kubectl get pod nginx -n dev --show-labels
NAME    READY   STATUS    RESTARTS   AGE     LABELS
nginx   1/1     Running   0          2m51s   version=1.0
2.更新标识
[root@k8s-master ~]# kubectl label pod nginx version=2.0 -n dev --overwrite
pod/nginx labeled
[root@k8s-master ~]# kubectl get pod nginx -n dev --show-labels
NAME    READY   STATUS    RESTARTS   AGE     LABELS
nginx   1/1     Running   0          3m45s   version=2.0
kubectl label pod nginx version:2.1 -n dev --overwrite

配置方式:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: dev
  labels:
    version: "3.0" 
    env: "test"
spec:
  containers:
  - image: nginx:latest
    name: pod
    ports:
    - name: nginx-port
      containerPort: 80
      protocol: TCP
Deployment

在kubernetes中,Pod是最小的控制单元,但是kubernetes很少直接控制Pod,一般都是通过Pod控制器来完成的。Pod控制器用于pod的管理,确保pod资源符合预期的状态,当pod的资源出现故障时,会尝试进行重启或重建pod。

在kubernetes中Pod控制器的种类有很多,本章节只介绍一种:Deployment。

# 命令格式: kubectl create deployment 名称  [参数] 
# --image  指定pod的镜像
# --port   指定端口
# --replicas  指定创建pod数量
# --namespace  指定namespace
[root@master ~]# kubectl create deploy nginx --image=nginx:latest --port=80 --replicas=3 -n dev

创建一个deploy-nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: dev
spec:
  replicas: 3
  selector:
    matchLabels:
      run: nginx
  template:
    metadata:
      labels:
        run: nginx
    spec:
      containers:
      - image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP

创建:kubectl create -f deploy-nginx.yaml

删除:kubectl delete -f deploy-nginx.yaml

查看创建的Pod
[root@k8s-master ~]# kubectl get pods -n dev
NAME                     READY   STATUS    RESTARTS   AGE
nginx-7f99fc475c-hx9js   1/1     Running   0          71s
nginx-7f99fc475c-jkzvm   1/1     Running   0          71s
nginx-7f99fc475c-zhfkg   1/1     Running   0          71s
查看deployment的信息
[root@k8s-master ~]# kubectl get deploy -n dev
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   3/3     3            3           2m4s

[root@k8s-master ~]# kubectl get deploy -n dev -o wide
NAME    READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES                                           SELECTOR
nginx   3/3     3            3           2m25s   nginx        registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx   run=nginx
# UP-TO-DATE:成功升级的副本数量
# AVAILABLE:可用副本的数量

查看deployment的详细信息
[root@k8s-master ~]# kubectl describe deploy nginx -n dev
Name:                   nginx
Namespace:              dev
CreationTimestamp:      Fri, 05 Aug 2022 14:37:11 +0800
Labels:                 <none>
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               run=nginx
Replicas:               3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  run=nginx
  Containers:
   nginx:
    Image:        registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
    Port:         80/TCP
    Host Port:    0/TCP
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   nginx-7f99fc475c (3/3 replicas created)
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  3m22s  deployment-controller  Scaled up replica set nginx-7f99fc475c to 3

# 删除 
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted
Service

通过上节课的学习,已经能够利用Deployment来创建一组Pod来提供具有高可用性的服务。

虽然每个Pod都会分配一个单独的Pod IP,然而却存在如下两问题:

Pod IP 会随着Pod的重建产生变化
Pod IP 仅仅是集群内可见的虚拟IP,外部无法访问
这样对于访问这个服务带来了难度。因此,kubernetes设计了Service来解决这个问题。

Service可以看作是一组同类Pod对外的访问接口。借助Service,应用可以方便地实现服务发现和负载均衡。

操作一:创建集群内部可访问的Service
# 暴露Service
[root@master ~]# kubectl expose deploy nginx --name=svc-nginx1 --type=ClusterIP --port=80 --target-port=80 -n dev
service/svc-nginx1 exposed

# 查看service
[root@master ~]# kubectl get svc svc-nginx1 -n dev -o wide
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE     SELECTOR
svc-nginx1   ClusterIP   10.109.179.231   <none>        80/TCP    3m51s   run=nginx

操作二:创建集群外部也可访问的Service
# 上面创建的Service的type类型为ClusterIP,这个ip地址只用集群内部可访问
# 如果需要创建外部也可以访问的Service,需要修改type为NodePort
[root@master ~]# kubectl expose deploy nginx --name=svc-nginx2 --type=NodePort --port=80 --target-port=80 -n dev
service/svc-nginx2 exposed

# 此时查看,会发现出现了NodePort类型的Service,而且有一对Port(80:31928/TC)
[root@master ~]# kubectl get svc  svc-nginx2  -n dev -o wide
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE    SELECTOR
svc-nginx2    NodePort    10.100.94.0      <none>        80:31928/TCP   9s     run=nginx

删除Service

登录后复制
[root@master ~]# kubectl delete svc svc-nginx-1 -n dev service "svc-nginx-1" deleted

创建一个svc-nginx.yaml,内容如下

apiVersion: v1
kind: Service
metadata:
  name: svc-nginx
  namespace: dev
spec:
  clusterIP: 10.109.179.231 #固定svc的内网ip
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: ClusterIP

创建:kubectl create -f svc-nginx.yaml

删除:kubectl delete -f svc-nginx.yaml

kubectl get svc svc-nginx -n dev -o wide

apiVersion: v1
kind: Service
metadata:
  name: svc-nginx
  namespace: dev 
spec:
  clusterIP: 10.109.179.231 #固定svc的内网ip
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30099
  selector:
    run: nginx
  type: NodePort

kubectl create -f nginx-service.yaml

【配置说明】:

kind: Service表示yaml文件创建的是一个Service

metadata表示这个Service的元信息

metadata.name 是Service的名称 nginx-deployment1

metadata.labels 是Service的标签 即:app=nginx

metadata.namespace 是Service的命名空间,此处选择的是第一步创建的命名空间nginx

sepc是Service的详细配置说明

sepc.type 取值NodePort 表示这个Service的类型是一个节点端口转发类型

sepc.selector 表示这个Service是将带标签的哪些pods做为一个集合对外通过服务

sepc.ports.port 是Service绑定的端口

sepc.ports.name: nginx-service80 表示Service服务的名称
sepc.ports.protocol: TCP 表示Service转发请求到容器的协议是TCP,我们部署的http的nginx服务,因此选择协议为TCP
sepc.ports.targetPort: 80 表示Service转发外部请求到容器的目标端口80,即deployment的pod容器对外开放的容器端口80

sepc.ports.nodePort: 31090 表示Service对外开放的节点端口

【k8s】使用k8s部署一个简单的nginx服务
https://blog.51cto.com/u_15069450/4243950

[root@k8s-master ~]# kubectl create -f deploy-nginx.yaml
deployment.apps/nginx created
[root@k8s-master ~]# kubectl create -f svc-nginx.yaml
service/svc-nginx created
[root@k8s-master ~]# kubectl get pod -o wide -n dev
NAME                     READY   STATUS    RESTARTS   AGE   IP               NODE         NOMINATED NODE   READINESS GATES
nginx-7f99fc475c-9jvsp   1/1     Running   0          26s   10.244.235.213   k8s-master   <none>           <none>
nginx-7f99fc475c-svrck   1/1     Running   0          26s   10.244.235.212   k8s-master   <none>           <none>
nginx-7f99fc475c-vs9nm   1/1     Running   0          26s   10.244.235.211   k8s-master   <none>           <none>
[root@k8s-master ~]# kubectl get service -n dev
NAME        TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
svc-nginx   NodePort   10.109.179.231   <none>        80:30099/TCP   28s
[root@k8s-master ~]# kubectl describe service svc-nginx -n dev
Name:                     svc-nginx
Namespace:                dev
Labels:                   <none>
Annotations:              <none>
Selector:                 run=nginx
Type:                     NodePort
IP:                       10.109.179.231
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  30099/TCP
Endpoints:                10.244.235.211:80,10.244.235.212:80,10.244.235.213:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@k8s-master ~]#

image-20220808094811375

查询服务列表:kubectl get service -n dev

查询服务详情: kubectl describe service svc-nginx -n dev

pod扩缩容

手动扩缩容:kubectl scale deployment deployname -n namespace --replicas=x;

也可用kubectl edit对deployment进行编辑后apply


[root@k8s-master ~]# kubectl get deploy -n dev
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   3/3     3            3           105m
[root@k8s-master ~]# kubectl scale deployment nginx -n dev --replicas=2
deployment.apps/nginx scaled
[root@k8s-master ~]# kubectl get deploy -n dev
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   2/2     2            2           105m
[root@k8s-master ~]# kubectl scale deployment nginx -n dev --replicas=3
deployment.apps/nginx scaled
[root@k8s-master ~]# kubectl get deploy -n dev
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   3/3     3            3           3h20m
[root@k8s-master ~]# kubectl get pod -n dev
NAME                     READY   STATUS    RESTARTS   AGE
nginx-7f99fc475c-694nf   1/1     Running   0          35s
nginx-7f99fc475c-svrck   1/1     Running   0          3h20m
nginx-7f99fc475c-vs9nm   1/1     Running   0          3h20m

查看POD日志
[root@k8s-master ~]# kubectl get pod -n dev
NAME                     READY   STATUS    RESTARTS   AGE
nginx-7f99fc475c-694nf   1/1     Running   0          35s
nginx-7f99fc475c-svrck   1/1     Running   0          3h20m
nginx-7f99fc475c-vs9nm   1/1     Running   0          3h20m
[root@k8s-master ~]# kubectl logs -f nginx-7f99fc475c-694nf -n dev
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up

posted @ 2022-08-12 15:35  Zoey Chou  阅读(470)  评论(0编辑  收藏  举报