一,kubernetes安裝的准備工作:
1,准備工作的各步驟請參見:
2, master節點默認不承擔node角色的工作,
我們這里為了在單機上做測試,允許master節點也運行pod
ip:192.168.219.130
hostname:kubemaster,
hostname和ip的對應也加入到了/etc/hosts
說明:劉宏締的架構森林是一個專注架構的博客,地址:https://www.cnblogs.com/architectforest
對應的源碼可以訪問這里獲取: https://github.com/liuhongdi/
說明:作者:劉宏締 郵箱: 371125307@qq.com
二,在kubemaster這台server上安裝kubernetes的kubelet/kubectl/kubeadm
1,新建kubernetes的repo
[root@kubemaster ~]# vi /etc/yum.repos.d/kubernetes.repo
內容:
[kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
2,安裝kube三大件:(當前版本均為:1.18.3)
說明:三大件的作用:
kubelet:是systemd管理的一個daemon,負責啟動pod和容器, 它是k8s中唯一在宿主機中啟動的后台進程; kubeadm: 負責安裝初始化集群,部署完成之后不會再使用 kubectl: k8s的命令行工具,是管理k8s使用的主要工具 用於管理pod/service
安裝:
[root@kubemaster ~]# dnf install kubectl kubelet kubeadm
說明:如果提示是否確定導入 GPG 公鑰,
輸入y后回車即可
3,查看安裝后的效果:查看版本:
[root@kubemaster ~]# kubectl version Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40",
GitTreeState:"clean", BuildDate:"2020-05-20T12:52:00Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"} The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@kubemaster ~]# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40",
GitTreeState:"clean", BuildDate:"2020-05-20T12:49:29Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
[root@kubemaster ~]# kubelet --version Kubernetes v1.18.3
4,把kubelet配置為自啟動
[root@centos8 ~]# systemctl enable kubelet.service Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service. [root@kubemaster ~]# systemctl is-enabled kubelet.service enabled
三,kubeadm 初始化kubenetes
1,執行初始化:
#--apiserver-advertise-address: apiserver的地址:使用本機的ip
#--image-repository:kubeadm 默認從官網k8s.grc.io下載所需鏡像,需要FQ才能訪問,所以用–image-repository指定阿里雲鏡像倉庫地址
[root@kubemaster ~]# kubeadm init --kubernetes-version=1.18.3 --apiserver-advertise-address=192.168.219.130 \
--image-repository registry.aliyuncs.com/google_containers
說明:此過程要下需下載kubenetes所需容器的鏡像,
速度稍慢,需要等待
如果另開一個終端執行ps,可以看到的它的子進程正在執行docker pull
[root@kubemaster ~]# ps auxfww ... root 1530 0.0 0.2 152904 10540 ? Ss 13:41 0:00 \_ sshd: root [priv] root 1666 0.0 0.1 152904 5392 ? S 13:41 0:00 | \_ sshd: root@pts/0 root 1673 0.0 0.1 25588 3980 pts/0 Ss 13:41 0:00 | \_ -bash root 8076 0.0 0.8 142068 32836 pts/0 Sl+ 14:22 0:00 | \_ kubeadm init --kubernetes-version=1.18.3 --apiserver-advertise-address=192.168.219.130 --image-repository registry.aliyuncs.com/google_containers root 8450 0.3 1.6 711476 63136 pts/0 Sl+ 14:24 0:00 | \_ docker pull registry.aliyuncs.com/google_containers/etcd:3.4.3-0 …
init輸出內容中需要注意的地方:
生成配置文件
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置網絡
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
添加worker node到集群
Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.219.130:6443 --token up139x.98qlng4m7qk61p0z \ --discovery-token-ca-cert-hash sha256:c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a73
2,查看init操作下載的images
[root@kubemaster ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.18.3 3439b7546f29 3 weeks ago 117MB registry.aliyuncs.com/google_containers/kube-apiserver v1.18.3 7e28efa976bd 3 weeks ago 173MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.18.3 da26705ccb4b 3 weeks ago 162MB registry.aliyuncs.com/google_containers/kube-scheduler v1.18.3 76216c34ed0c 3 weeks ago 95.3MB registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 4 months ago 683kB registry.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 4 months ago 43.8MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 7 months ago 288MB
3,添加kubectl的默認配置
注意:這些就是 kubeadm init的提示命令
按命令執行一遍即可:
生成.kube這個隱藏目錄
[root@kubemaster ~]# mkdir -p $HOME/.kube
把admin.conf復制為config文件
[root@kubemaster ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
配置config文件的所有者
[root@kubemaster ~]# chown $(id -u):$(id -g) $HOME/.kube/config
查看效果
[root@kubemaster ~]# ll .kube/config -rw------- 1 root root 5451 6月 16 18:25 .kube/config
四,安裝網絡插件
1,查看node/pod
查看node
[root@kubemaster ~]# kubectl get node NAME STATUS ROLES AGE VERSION kubemaster NotReady master 5m39s v1.18.3
查看pod
[root@kubemaster ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7ff77c879f-ttnr9 0/1 Pending 0 6m41s kube-system coredns-7ff77c879f-x5vps 0/1 Pending 0 6m41s kube-system etcd-kubemaster 1/1 Running 0 6m40s kube-system kube-apiserver-kubemaster 1/1 Running 0 6m40s kube-system kube-controller-manager-kubemaster 1/1 Running 0 6m40s kube-system kube-proxy-gs7q7 1/1 Running 0 6m40s kube-system kube-scheduler-kubemaster 1/1 Running 0 6m40s
說明:node狀態是NotReady
pod中coredns的狀態是Pending
原因在於我們還沒有安裝網絡pod
2,安裝calico
calico的用途?
calico是一個虛擬網絡解決方案,
它利用路由規則實現動態組網,
通過BGP協議通告路由
[root@kubemaster ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
然后稍后查看pod狀態:
[root@kubemaster ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-76d4774d89-nnp4h 1/1 Running 0 20m kube-system calico-node-xmmj4 1/1 Running 0 20m kube-system coredns-7ff77c879f-ttnr9 1/1 Running 0 36m kube-system coredns-7ff77c879f-x5vps 1/1 Running 0 36m kube-system etcd-kubemaster 1/1 Running 1 36m kube-system kube-apiserver-kubemaster 1/1 Running 1 36m kube-system kube-controller-manager-kubemaster 1/1 Running 1 36m kube-system kube-proxy-gs7q7 1/1 Running 1 36m kube-system kube-scheduler-kubemaster 1/1 Running 1 36m
狀態都是Running,表示網絡插件安裝無誤
查看node狀態:
[root@kubemaster ~]# kubectl get node NAME STATUS ROLES AGE VERSION kubemaster Ready master 41m v1.18.3
狀態已變成了Ready
查看calico安裝的鏡像:
[root@kubemaster ~]# docker images | grep calico calico/node v3.14.1 04a9b816c753 2 weeks ago 263MB calico/pod2daemon-flexvol v3.14.1 7f93af2e7e11 2 weeks ago 112MB calico/cni v3.14.1 35a7136bc71a 2 weeks ago 225MB calico/kube-controllers v3.14.1 ac08a3af350b 2 weeks ago 52.8MB
3,安裝colico后報錯的一個情況:
如果pod的狀態出現Init:ImagePullBackOff或Init:ErrImagePull,
表示docker在下載calico的鏡像時出錯:
可以在docker的配置文件中增加aliyun的鏡像地址:
例如:
[root@kubemaster ~]# more /etc/docker/daemon.json { "registry-mirrors":["https://o3trwnyj.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] }
修改完成后重啟docker服務即可:
[root@kubemaster ~]# systemctl restart docker
五,開啟單機模式:配置master節點也作為worker node可運行pod
1,刪除原有的taint設置
[root@kubemaster ~]# kubectl taint nodes kubemaster node-role.kubernetes.io/master-
node/kubemaster untainted
說明:此命令的作用是刪除taint
2,如何查看當前taint的情況?
[root@kubemaster ~]# kubectl describe node kubemaster
Taints:一項的值如果是:<none>,表示刪除taint成功
說明:如果要取消master節點運行pod,使用下面的命令:
kubectl taint nodes kubemaster node-role.kubernetes.io/master=:NoSchedule
這個命令作用是指定:master上的taint權限是:一定不能被調度
三個取值的含義分別是:
NoSchedule: 一定不能被調度
PreferNoSchedule: 盡量不要調度
NoExecute: 不僅不會調度, 還會驅逐Node上已有的Pod
說明:默認值就是: node-role.kubernetes.io/master:NoSchedule
六,測試:在master上運行一個tomcat容器:
1,生成rc的配置文件
[root@kubemaster k8s]# vi tomcat-rc.yaml
內容:
apiVersion: v1 kind: ReplicationController metadata: name: tomcat-demo spec: replicas: 1 selector: app: tomcat-demo template: metadata: labels: app: tomcat-demo spec: containers: - name: tomcat-demo image: tomcat ports: - containerPort: 8080
2,創建rc
[root@kubemaster k8s]# kubectl apply -f tomcat-rc.yaml
replicationcontroller/tomcat-demo created
查看效果
[root@kubemaster k8s]# kubectl get pods NAME READY STATUS RESTARTS AGE tomcat-demo-7pnzw 0/1 ContainerCreating 0 23s
狀態變為running后可用:
[root@kubemaster k8s]# kubectl get pods NAME READY STATUS RESTARTS AGE tomcat-demo-7pnzw 1/1 Running 0 6m43s
查看ip:
[root@kubemaster k8s]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES tomcat-demo-7pnzw 1/1 Running 0 10m 172.16.141.7 kubemaster <none> <none>
在宿主機上用curl查看,這個默認是一個404報錯頁面,
[root@kubemaster k8s]# curl http://172.16.141.7:8080 <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title>
<style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;}
h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line {height:1px;background-color:#525D76;border:none;}</style></head>
<body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p>
<p><b>Description</b> The origin server did not find a current representation for the target resource
or is not willing to disclose that one exists.</p>
<hr class="line" /><h3>Apache Tomcat/9.0.36</h3>
</body></html>
因為webapps目錄下沒有可顯示的內容
我們登錄到容器手動調整一下:
登錄到tomcat容器,
[root@kubemaster k8s]# docker exec -it k8s_tomcat-demo_tomcat-demo-7pnzw_default_b59ef37a-6ffe-4ef1-b6dd-1b2186039294_0 /bin/bash
復制文件到webapps目錄下:
root@tomcat-demo-7pnzw:/usr/local/tomcat# cp -axv webapps.dist/* webapps/
用curl查看效果:
[root@kubemaster ~]# curl http://172.16.141.7:8080/ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title>Apache Tomcat/9.0.36</title> <link href="favicon.ico" rel="icon" type="image/x-icon" /> <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="tomcat.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <div id="navigation" class="curved container"> <span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span> <span id="nav-hosts"><a href="/docs/">Documentation</a></span> <span id="nav-config"><a href="/docs/config/">Configuration</a></span> <span id="nav-examples"><a href="/examples/">Examples</a></span> <span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span> <span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span> <span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span> <br class="separator" /> </div> …
可以正常顯示了
3,生成service配置文件
說明:service此處的作用是把容器端口映射到宿主機端口,允許通過宿主機ip訪問
[root@kubemaster k8s]# vi tomcat-svc.yaml
內容:
apiVersion: v1 kind: Service metadata: name: tomcat-demo spec: type: NodePort ports: - port: 8080 nodePort: 30010 selector: app: tomcat-demo
4,創建service
[root@kubemaster k8s]# kubectl apply -f tomcat-svc.yaml
service/tomcat-demo created
查看service是否創建成功?
[root@kubemaster k8s]# kubectl get service -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h <none> tomcat-demo NodePort 10.111.234.185 <none> 8080:30010/TCP 35s app=tomcat-demo
測試用瀏覽器從外部訪問:
如圖:
七,查看linux的版本
[root@kubemaster ~]# cat /etc/redhat-release CentOS Linux release 8.2.2004 (Core) [root@kubemaster ~]# uname -r 4.18.0-193.el8.x86_64