碼上快樂

相關內容    簡體    繁體

k8s內運行ubuntu容器

本文轉載自   查看原文   2020-01-09 17:53   1268 

k8s內運行ubuntu鏡像

環境

互相能訪問的4台機器master,node01,node02,node03,4核心,內存8G
使用root操作

安裝k8s

在master安裝docker、kubeadm

添加kubernetes軟件源:

在/etc/apt/sorce.list中添加一行:deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main

添加秘鑰 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 6A030B21BA07F4FB

更新
apt update

安裝docker、kubeadm
apt install -y docker.io kubeadm

初始化k8s

查詢需要下載的鏡像:kubeadm config images list
比如1.17.0需要的是:

k8s.gcr.io/kube-apiserver:v1.17.0
k8s.gcr.io/kube-controller-manager:v1.17.0
k8s.gcr.io/kube-scheduler:v1.17.0
k8s.gcr.io/kube-proxy:v1.17.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5

利用國內的倉庫下載需要的鏡像:

  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.17.0
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.17.0
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.17.0
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
  docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5

將鏡像打上標記,使k8s能識別:

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.17.0 k8s.gcr.io/kube-apiserver:v1.17.0
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0 k8s.gcr.io/kube-controller-manager:v1.17.0
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.17.0 k8s.gcr.io/kube-scheduler:v1.17.0
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.17.0 k8s.gcr.io/kube-proxy:v1.17.0
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
  docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5

關閉swap:swapoff -a

初始化k8s:kubeadm init

初始化成功的信息如下:


Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.8.61:6443 --token xh3fjq.f5kzistanapm6ar1 \
    --discovery-token-ca-cert-hash sha256:63c15d5be7a677165c7867187dd063dd5ed72b3d51c8f99b61a3efe3dade029b

根據上面的提示,依次執行:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

然后在https://kubernetes.io/docs/concepts/cluster-administration/addons/選擇一個網絡插件,這里使用的是weave net

添加weave net插件:

kubectl apply -n kube-system -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

將節點加入到集群中

在每一個節點安裝docker、kubeadm:

apt install docker.io kubeadm -y

在24小時內在節點執行master安裝k8s后的提示信息,例如:

kubeadm join 192.168.8.61:6443 --token xh3fjq.f5kzistanapm6ar1 \ --discovery-token-ca-cert-hash sha256:63c15d5be7a677165c7867187dd063dd5ed72b3d51c8f99b61a3efe3dade029b

在master下查看node的加入情況:

root@desktop:~# kubectl get node
NAME      STATUS     ROLES    AGE    VERSION
desktop   Ready      master   125m   v1.17.0
node01    Ready      <none>   117m   v1.17.0
node02    NotReady   <none>   116m   v1.17.0
node03    Ready      <none>   104m   v1.17.0

如果狀態是NotReady,可能是節點沒有禁用swap。

安裝dashboard

使用yaml安裝dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml

創建 ServiceAccount 和 ClusterRoleBinding,創建一個 auth.yaml,內容如下:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

執行 kubectl apply -f auth.yaml

獲得token:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

輸出的信息如下:

root@desktop:~# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-vpr7v
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: f44f954e-581c-4b9f-88a7-98e566442ed8

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ik41c1ZnR2tIRU4tNktOQV84YzQ0UUNGZzhQRHZPZENsRjkza21iejQ4M2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXZwcjd2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmNDRmOTU0ZS01ODFjLTRiOWYtODhhNy05OGU1NjY0NDJlZDgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.a3Bj81-2xIHsSJ0isP6qXjmpazJmh1bkn3tjaQefOmrLUmgmnrEsDMobeD-6YasJ0i4Iq69hT8ITWRr5XyZ1MZx7ueGwsqdGzYQIgnGS5xIUISi7sJjRQ_K9aoh29WaL4WBBkiOQb8xBOShH7-Lp72a6EqZnko5UkorolLNJzquow27sDc4gcB-c8wRs_bl2hD-BuraPremQlBhleKgsab49xUWjgE45GYIW46nzmqwPTl-B6MBUNyj442WrHecf7Yy50mgf6lXFVHzkHaHjcWH3OfgKu7GV3WBoc0K6oLen2R5awYmJe31sLcoFFBp64MRfbhO3kGGRboXTqRUeEQ

記錄下token,以便登錄bashboard。

啟動proxy:

kubectl procy

然后登錄 dashboard,使用token方式登錄:

Screenshot from 2020-01-09 17-22-52

運行ubuntu鏡像

下載鏡像

每一個節點都需要下載ubuntu:

docker pull ubuntu

編寫yaml

myubuntu.yaml如下:

apiVersion: v1
kind: Pod
metadata:
 #Pod的名稱,全局唯一
 name: myubuntu
 labels:
  name: myubuntu
spec:
  #設置存儲卷
  volumes:
   - name: myubuntulogs
     hostPath:
      path: /home/user/myubuntu
  containers:
   #容器名稱
   - name: myubuntu
     #容器對應的Docker Image
     image: ubuntu
     command: [ "/bin/bash", "-c", "--" ]
     args: [ "while true; do sleep 3600; done;" ]
     volumeMounts:
      - mountPath: /mydata-log
        name: myubuntulogs

創建pod:kubectl apply -f myubuntu.yaml

打開dashboard,選擇Pod->myubuntu ,右鍵點擊exec,在dashboard進入ubuntu容器:

Pod

檢查網絡設置:

在容器內下載常用的網絡工具:

apt install net-tools inetutils-ping -y

檢查路由:

root@myubuntu:/# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.44.0.0       0.0.0.0         UG    0      0        0 eth0
10.32.0.0       0.0.0.0         255.240.0.0     U     0      0        0 eth0

特別感謝yytlmm博主


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 k8s運行容器之deployment(三) k8s運行容器之Job(四) k8s之容器 k8s之CRI(容器運行時接口) k8s (二) pod: 運行於 Kubernetes 中的容器 作為k8s容器運行時,containerd跟docker的對比 K8S 容器運行時安全設置 【K8s任務】獲取正在運行容器的 Shell k8s運行容器之deployment(三)--技術流ken k8s運行容器之Job(四)--技術流ken
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM