k8s实践
k8s实践20220804
virtualbox新建虚拟机,cpu 2核
虚拟机 | ip | |
---|---|---|
k8s-master | 10.242.0.180 | |
k8s-node1 | 10.242.0.181 | |
k8s-node2 | 10.242.0.182 |
节点CPU核数必须是 :>= 2核 ,否则k8s无法启动
DNS网络: 最好设置为 本地网络连通的DNS,否则网络不通,无法下载一些镜像 linux内核: linux内核必须是 4 版本以上,因此必须把linux核心进行升级。
配置主机名解析(所有节点)
a.master节点
[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-master
b.node1节点
[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-node1
c.node2节点
[root@localhost ~]# vi /etc/hosts
10.242.0.180 k8s-master
10.242.0.181 k8s-node1
10.242.0.182 k8s-node2
hostnamectl --static set-hostname k8s-node2
关闭防火墙(所有节点)
[root@k8s-master ~]# systemctl stop firewalld.service
[root@k8s-master ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
关闭selinux(所有节点)
[root@k8s-master ~]# sed -i.bak 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@k8s-master ~]# setenforce 0
禁用swap,默认情况下系统的swap都是打开的(所有节点)
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# echo 'swapoff -a' >>/etc/rc.local
[root@k8s-master ~]#
配置ntp服务器
a.master节点
[root@k8s-master ~]# rpm -qa|grep ntp
fontpackages-filesystem-1.44-8.el7.noarch
ntp-4.2.6p5-29.el7.centos.2.x86_64
ntpdate-4.2.6p5-29.el7.centos.2.x86_64
python-ntplib-0.3.2-1.el7.noarch
[root@k8s-master ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: di sabled)
Active: inactive (dead)
[root@k8s-master ~]# systemctl stop chronyd
[root@k8s-master ~]# systemctl disable chronyd
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@k8s-master ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /us r/lib/systemd/system/ntpd.service.
[root@k8s-master ~]# systemctl start ntpd
[root@k8s-master ~]# vi /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0 iburst
[root@k8s-master ~]# systemctl restart ntpd
[root@k8s-master ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 16:16:51 CST; 13s ago
Process: 6228 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6229 (ntpd)
Tasks: 1
CGroup: /system.slice/ntpd.service
└─6229 /usr/sbin/ntpd -u ntp:ntp -g
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 5 virbr0 192.168.122.1 UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 6 lo ::1 UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 7 enp0s3 fe80::5be8:e38:b68e:a30d UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listen normally on 8 enp0s8 fe80::2dde:dad2:57cc:433b UDP 123
8月 04 16:16:51 k8s-master ntpd[6229]: Listening on routing socket on fd #25 for interface updates
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c016 06 restart
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
8月 04 16:16:51 k8s-master ntpd[6229]: 0.0.0.0 c011 01 freq_not_set
8月 04 16:16:51 k8s-master systemd[1]: Started Network Time Service.
8月 04 16:16:52 k8s-master ntpd[6229]: 0.0.0.0 c514 04 freq_mode
[root@k8s-master ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 5 l 53 64 1 0.000 0.000 0.000
b.node节点
[root@k8s-node1 ~]# vi /etc/ntp.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 10.242.0.180 iburst
restrict 10.242.0.180 nomodify notrap noquery
[root@k8s-node1 ~]# ntpdate -u 10.242.0.180
4 Aug 16:49:48 ntpdate[5850]: adjust time server 10.242.0.180 offset 0.009751 sec
[root@k8s-node1 ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@k8s-node1 ~]# systemctl start ntpd
[root@k8s-node1 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*k8s-master LOCAL(0) 6 u - 64 1 0.511 -5.559 0.027
[root@k8s-node1 ~]#
安装docker(所有节点)
[root@k8s-node2 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@k8s-node2 ~]# yum -y install docker-ce
[root@k8s-node1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@k8s-node1 ~]# systemctl start docker
# 配置镜像加速器。如果是中途更换的镜像加速器,需要先systemctl daemon-reload,然后再systemctl restart docker。
[root@k8s-master ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://p4y8tfz4.mirror.aliyuncs.com"]
}
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker
配置文件:/etc/sysctl.d/kubernetes.conf
[root@k8s-node2 ~]# vi /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-node2 ~]# sysctl -p /etc/sysctl.d/kubernetes.conf
配置k8s的yum仓库,安装kubeadm、kubelet、kubectl组件
[root@k8s-master ~]# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# 组件的版本要与下面kubernetes初始化时指定的版本保持一致。
[root@k8s-node2 ~]# yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
[root@k8s-node2 ~]# systemctl enable kubelet.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
# PS:此处无需启动kubelet,后续将节点join到集群时,会自动拉起。
k8s集群初始化(master节点操作)
[root@k8s-master ~]# kubeadm --help
Usage:
kubeadm [command]
Available Commands:
alpha # 处于测试中不太完善的命令
config # 显示当前配置
init # 初始化集群
join # 各Node节点加入集群中时使用
reset # 每个节点都可以用,把配置还原到最初始的状态。
upgrade # 升级集群的版本。
# print参数也是有子命令的,使用下面命令可以查看集群初始化时的预设配置,其中一些与我们真实环境不匹配,可以在初始化时手动指定修改
[root@k8s-master ~]# kubeadm config print init-defaults
imageRepository: k8s.gcr.io # 默认加载镜像的仓库,需要梯子才能访问,如果知道国内别的仓库有需要的镜像,初始化时可以手动指定仓库地址。
kind: ClusterConfiguration
kubernetesVersion: v1.18.0 # k8s版本,这是初始化会加载的配置,如果与你预期的版本不符,自行修改。
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12 # Service网络默认网段。
scheduler: {}
# 至于Pod网络间通讯,k8s只提供CNI,真正实现网络通信需要借助第三方插件,如flannel、calico,两者各有优劣。flannel的默认地址是10.244.0.0/16,calico的默认地址是192.168.0.0/16。不使用默认地址也可以,只要保证部署网路插件时yaml中指定的网段与k8s部署时指定的Pod网络网段一致就可。
初始化
kubeadm init \
--apiserver-advertise-address=10.242.0.180 \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
--discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
查看集群信息
a.查看集群健康状态
[root@k8s-master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
scheduler Healthy ok
b.查看集群版本
[root@k8s-master ~]# kubectl version --short
Client Version: v1.18.0
Server Version: v1.18.0
c.查看集群信息
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://10.242.0.180:6443
KubeDNS is running at https://10.242.0.180:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
d.查看集群节点
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 6m1s v1.18.0
上条命令表示master节点是NotReady的,通过看日志
tail -f /var/log/messages
发现是缺少网络插件,下面会安装。
[root@k8s-master ~]# tail -f /var/log/messages
Aug 4 18:51:32 k8s-master kubelet: E0804 18:51:32.195996 13422 kubelet.go:2187] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
PS:我们能够在master上查看集群信息,主要就是因为家目录下的.kube/config文件(admin.conf),也就是将这个文件拷贝到别的主机后,别的主机也可以使用查看集群的相关信息,并不建议这么做,存在一定的风险性。
部署calico网络插件(master节点)
- 上面在集群初始化时指定了Pod网络网段为10.244.0.0/16,calico的默认网段为192.168.0.0/16,所以我们需要先修改下配置文件
[root@k8s-master ~]# mkdir -p /server/k8s
[root@k8s-master ~]# cd /server/k8s/
[root@k8s-master k8s]# wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
[root@k8s-master k8s]# vi calico.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16
- 安装calico网络插件。
[root@k8s-master k8s]# kubectl apply -f calico.yaml
error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"
以上报错是由于k8s不支持当前calico版本的原因,可以在在官网查看版本是否兼容
[root@k8s-master k8s]# curl https://docs.projectcalico.org/v3.18/manifests/calico.yaml -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 184k 100 184k 0 0 133k 0 0:00:01 0:00:01 --:--:-- 133k
[root@k8s-master k8s]# ll
总用量 188
-rw-r--r--. 1 root root 189190 8月 4 19:03 calico.yaml
[root@k8s-master k8s]# vi calico.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16
[root@k8s-master k8s]# kubectl apply -f calico.yaml
configmap/calico-config created
查看插件安装状态(需要等几分钟)
[root@k8s-master k8s]# kubectl get pod -n kube-system -w
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7b5bcff94c-lkchg 1/1 Running 0 3m54s
calico-node-jngnv 1/1 Running 0 3m54s
coredns-7ff77c879f-72zdb 1/1 Running 0 25m
coredns-7ff77c879f-f224k 1/1 Running 0 25m
etcd-k8s-master 1/1 Running 0 26m
kube-apiserver-k8s-master 1/1 Running 0 26m
kube-controller-manager-k8s-master 1/1 Running 1 26m
kube-proxy-xvzl6 1/1 Running 0 25m
kube-scheduler-k8s-master 1/1 Running 1 26m
## -n:指定名称空间 ## -w:实时查看pod状态。 ## READY状态取决于网速。
[root@k8s-master k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 58m v1.18.0
node节点加入集群
kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
--discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c
[root@k8s-node1 ~]# kubeadm join 10.242.0.180:6443 --token cyjwpu.xip6rpk1begx12lm \
> --discovery-token-ca-cert-hash sha256:12e2fdea8a88cf1e67f25e438fb3da4d871a43e5db0d869aa43908df0387488c
W0804 19:44:16.219681 2990 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.17. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@k8s-master k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 61m v1.18.0
k8s-node1 NotReady <none> 93s v1.18.0
Todo:暂时还未找到node节点状态为NotReady的原因
安装dashboard
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommendeyaml
[root@k8s-master ~]# vi recommended.yaml
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001 # 添加此行,此处端口可用范围为30000-32767。
selector:
k8s-app: kubernetes-dashboard
type: NodePort # 添加此行
[root@k8s-master ~]# kubectl apply -f recommended.yaml
[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-6b4884c9d5-xk45h 1/1 Running 0 4m37s
kubernetes-dashboard-7f99b75bf4-wwkxb 1/1 Running 0 4m37s
生成登录token
[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-66h75
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: c5e02604-5fe7-406d-b72a-25d1b48f1372
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImdGbVFEQVd5eVZMR2pNN1M4TnZ5aTdFOU1rZzU3NmhUYm92enVoc054Y2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNjZoNzUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzVlMDI2MDQtNWZlNy00MDZkLWI3MmEtMjVkMWI0OGYxMzcyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.s-ubWGu9-YR03eN5PEvuoss8w4GdPkA3Ud8bt313SATdTaW6Q1rY4NMC3nfA2FQ4PhyNOL0vmTsOWlsLqNPwEHltDaEVtw2M6RLIYMD2hofZm6pmu1KASnqmYKFaR0Ch3aTh4fA1jrnNQgnUS5lgJoDAtQPhwCNjq4CPllgXVkXROaXdiga0qmyF7TlzOFj57AYiwP2OkD9-xL081oXjvp9kjYQphWhMsaPSg48S3r24qBeybDzXqv_vwnltIYS0ieHD31Zp60DD4YFKY3jnBJghqgH8wvy5ABkVBIwVHf4_FSWDvWncVbZHId0vC_TdDG2krsYu80wyDFWeOUUtGw
[root@k8s-master ~]#
namespace
创建namespace
[root@master ~]# kubectl create ns dev
namespace/dev created
删除namespace
[root@master ~]# kubectl delete ns dev
namespace "dev" deleted
查看Pod基本信息
[root@master ~]# kubectl get pods -n dev
查看Pod的详细信息
[root@master ~]# kubectl describe pod nginx -n dev
删除指定Pod
# 删除指定Pod
[root@master ~]# kubectl delete pod nginx -n dev
pod "nginx" deleted
# 此时,显示删除Pod成功,但是再查询,发现又新产生了一个
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 21s
# 这是因为当前Pod是由Pod控制器创建的,控制器会监控Pod状况,一旦发现Pod死亡,会立即重建
# 此时要想删除Pod,必须删除Pod控制器
# 先来查询一下当前namespace下的Pod控制器
[root@master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 9m7s
# 接下来,删除此PodPod控制器
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted
# 稍等片刻,再查询Pod,发现Pod被删除了
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.
创建一个pod-nginx.yaml
内容如下
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: dev
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
name: pod
ports:
- name: nginx-port
containerPort: 82
protocol: TCP
创建:kubectl create -f pod-nginx.yaml
删除:kubectl delete -f pod-nginx.yaml
部署nginx
[root@k8s-master ~]# kubectl describe pod nginx -n dev
Name: nginx
Namespace: dev
Priority: 0
Node: <none>
Labels: <none>
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Containers:
pod:
Image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
Port: 82/TCP
Host Port: 0/TCP
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-7tkps (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
default-token-7tkps:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-7tkps
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate.
[root@k8s-master ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
node/k8s-master untainted
[root@k8s-master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 5m26s
- 允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-
- 设置不允许调度
kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule
污点可选参数
- NoSchedule: 一定不能被调度
- PreferNoSchedule: 尽量不要调度
- NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod
Label用于给某个资源对象定义标识
1.增加标识
[root@k8s-master ~]# kubectl label pod nginx version=1.0 -n dev
pod/nginx labeled
[root@k8s-master ~]# kubectl get pod nginx -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 2m51s version=1.0
2.更新标识
[root@k8s-master ~]# kubectl label pod nginx version=2.0 -n dev --overwrite
pod/nginx labeled
[root@k8s-master ~]# kubectl get pod nginx -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 3m45s version=2.0
kubectl label pod nginx version:2.1 -n dev --overwrite
配置方式:
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: dev
labels:
version: "3.0"
env: "test"
spec:
containers:
- image: nginx:latest
name: pod
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
Deployment
在kubernetes中,Pod是最小的控制单元,但是kubernetes很少直接控制Pod,一般都是通过Pod控制器来完成的。Pod控制器用于pod的管理,确保pod资源符合预期的状态,当pod的资源出现故障时,会尝试进行重启或重建pod。
在kubernetes中Pod控制器的种类有很多,本章节只介绍一种:Deployment。
# 命令格式: kubectl create deployment 名称 [参数]
# --image 指定pod的镜像
# --port 指定端口
# --replicas 指定创建pod数量
# --namespace 指定namespace
[root@master ~]# kubectl create deploy nginx --image=nginx:latest --port=80 --replicas=3 -n dev
创建一个deploy-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
run: nginx
template:
metadata:
labels:
run: nginx
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
name: nginx
ports:
- containerPort: 80
protocol: TCP
创建:kubectl create -f deploy-nginx.yaml
删除:kubectl delete -f deploy-nginx.yaml
查看创建的Pod
[root@k8s-master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-7f99fc475c-hx9js 1/1 Running 0 71s
nginx-7f99fc475c-jkzvm 1/1 Running 0 71s
nginx-7f99fc475c-zhfkg 1/1 Running 0 71s
查看deployment的信息
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 2m4s
[root@k8s-master ~]# kubectl get deploy -n dev -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 2m25s nginx registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx run=nginx
# UP-TO-DATE:成功升级的副本数量
# AVAILABLE:可用副本的数量
查看deployment的详细信息
[root@k8s-master ~]# kubectl describe deploy nginx -n dev
Name: nginx
Namespace: dev
CreationTimestamp: Fri, 05 Aug 2022 14:37:11 +0800
Labels: <none>
Annotations: deployment.kubernetes.io/revision: 1
Selector: run=nginx
Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: run=nginx
Containers:
nginx:
Image: registry.cn-hangzhou.aliyuncs.com/zoeyqq/nginx
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-7f99fc475c (3/3 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 3m22s deployment-controller Scaled up replica set nginx-7f99fc475c to 3
# 删除
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted
Service
通过上节课的学习,已经能够利用Deployment来创建一组Pod来提供具有高可用性的服务。
虽然每个Pod都会分配一个单独的Pod IP,然而却存在如下两问题:
Pod IP 会随着Pod的重建产生变化
Pod IP 仅仅是集群内可见的虚拟IP,外部无法访问
这样对于访问这个服务带来了难度。因此,kubernetes设计了Service来解决这个问题。
Service可以看作是一组同类Pod对外的访问接口。借助Service,应用可以方便地实现服务发现和负载均衡。
操作一:创建集群内部可访问的Service
# 暴露Service
[root@master ~]# kubectl expose deploy nginx --name=svc-nginx1 --type=ClusterIP --port=80 --target-port=80 -n dev
service/svc-nginx1 exposed
# 查看service
[root@master ~]# kubectl get svc svc-nginx1 -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
svc-nginx1 ClusterIP 10.109.179.231 <none> 80/TCP 3m51s run=nginx
操作二:创建集群外部也可访问的Service
# 上面创建的Service的type类型为ClusterIP,这个ip地址只用集群内部可访问
# 如果需要创建外部也可以访问的Service,需要修改type为NodePort
[root@master ~]# kubectl expose deploy nginx --name=svc-nginx2 --type=NodePort --port=80 --target-port=80 -n dev
service/svc-nginx2 exposed
# 此时查看,会发现出现了NodePort类型的Service,而且有一对Port(80:31928/TC)
[root@master ~]# kubectl get svc svc-nginx2 -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
svc-nginx2 NodePort 10.100.94.0 <none> 80:31928/TCP 9s run=nginx
删除Service
登录后复制
[root@master ~]# kubectl delete svc svc-nginx-1 -n dev service "svc-nginx-1" deleted
创建一个svc-nginx.yaml,内容如下
apiVersion: v1
kind: Service
metadata:
name: svc-nginx
namespace: dev
spec:
clusterIP: 10.109.179.231 #固定svc的内网ip
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: nginx
type: ClusterIP
创建:kubectl create -f svc-nginx.yaml
删除:kubectl delete -f svc-nginx.yaml
kubectl get svc svc-nginx -n dev -o wide
apiVersion: v1
kind: Service
metadata:
name: svc-nginx
namespace: dev
spec:
clusterIP: 10.109.179.231 #固定svc的内网ip
ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: 30099
selector:
run: nginx
type: NodePort
kubectl create -f nginx-service.yaml
【配置说明】:
kind: Service表示yaml文件创建的是一个Service
metadata表示这个Service的元信息
metadata.name 是Service的名称 nginx-deployment1
metadata.labels 是Service的标签 即:app=nginx
metadata.namespace 是Service的命名空间,此处选择的是第一步创建的命名空间nginx
sepc是Service的详细配置说明
sepc.type 取值NodePort 表示这个Service的类型是一个节点端口转发类型
sepc.selector 表示这个Service是将带标签的哪些pods做为一个集合对外通过服务
sepc.ports.port 是Service绑定的端口
sepc.ports.name: nginx-service80 表示Service服务的名称
sepc.ports.protocol: TCP 表示Service转发请求到容器的协议是TCP,我们部署的http的nginx服务,因此选择协议为TCP
sepc.ports.targetPort: 80 表示Service转发外部请求到容器的目标端口80,即deployment的pod容器对外开放的容器端口80
sepc.ports.nodePort: 31090 表示Service对外开放的节点端口
【k8s】使用k8s部署一个简单的nginx服务
https://blog.51cto.com/u_15069450/4243950
[root@k8s-master ~]# kubectl create -f deploy-nginx.yaml
deployment.apps/nginx created
[root@k8s-master ~]# kubectl create -f svc-nginx.yaml
service/svc-nginx created
[root@k8s-master ~]# kubectl get pod -o wide -n dev
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-7f99fc475c-9jvsp 1/1 Running 0 26s 10.244.235.213 k8s-master <none> <none>
nginx-7f99fc475c-svrck 1/1 Running 0 26s 10.244.235.212 k8s-master <none> <none>
nginx-7f99fc475c-vs9nm 1/1 Running 0 26s 10.244.235.211 k8s-master <none> <none>
[root@k8s-master ~]# kubectl get service -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc-nginx NodePort 10.109.179.231 <none> 80:30099/TCP 28s
[root@k8s-master ~]# kubectl describe service svc-nginx -n dev
Name: svc-nginx
Namespace: dev
Labels: <none>
Annotations: <none>
Selector: run=nginx
Type: NodePort
IP: 10.109.179.231
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30099/TCP
Endpoints: 10.244.235.211:80,10.244.235.212:80,10.244.235.213:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[root@k8s-master ~]#
查询服务列表:kubectl get service -n dev
查询服务详情: kubectl describe service svc-nginx -n dev
pod扩缩容
手动扩缩容:kubectl scale deployment deployname -n namespace --replicas=x;
也可用kubectl edit对deployment进行编辑后apply
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 105m
[root@k8s-master ~]# kubectl scale deployment nginx -n dev --replicas=2
deployment.apps/nginx scaled
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 2/2 2 2 105m
[root@k8s-master ~]# kubectl scale deployment nginx -n dev --replicas=3
deployment.apps/nginx scaled
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 3h20m
[root@k8s-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
nginx-7f99fc475c-694nf 1/1 Running 0 35s
nginx-7f99fc475c-svrck 1/1 Running 0 3h20m
nginx-7f99fc475c-vs9nm 1/1 Running 0 3h20m
查看POD日志
[root@k8s-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
nginx-7f99fc475c-694nf 1/1 Running 0 35s
nginx-7f99fc475c-svrck 1/1 Running 0 3h20m
nginx-7f99fc475c-vs9nm 1/1 Running 0 3h20m
[root@k8s-master ~]# kubectl logs -f nginx-7f99fc475c-694nf -n dev
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up