Kubernetes(k8s)
使用多機環境kubeadm部署
部署環境
master:192.168.11.25
node1:192.168.11.26
node2:192.168.11.27
準備工作
1.修改主機名
192.168.11.25:hostnamectl set-hostname master
192.168.11.26:hostnamectl set-hostname node1
192.168.11.27:hostnamectl set-hostname node2
2.關閉防火牆、selinux和swap
systemctl stop firewalld && systemctl disable firewalld
setenforce 0 && sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
3.添加域名解析:vim /etc/hosts
192.168.11.25 master
192.168.11.26 node1
192.168.11.27 node2
4.配置國內yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all && yum makecache
5.配置國內Kubernetes源:vim /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
6.安裝docker並啓動
yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce-18.09.6
systemctl start docker && systemctl enable docker
7.安裝軟件工具kubeadm、kubelet、kubectl並啓動kubelet
yum -y install kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2
systemctl start kubelet && systemctl enable kubelet
8.修改配置內核參數,將橋接的IPv4流量傳遞到iptables的鏈
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl --system
9.在所有的Kubernetes節點執行以下腳本
vim /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
補充:Kubernetes 1.15版本以上包括1.15版本需要以下準備工作
1.確認一下iptables filter表中FOWARD鏈的默認策略(pllicy)爲ACCEPT,並且下載一些組件
yum -y install ipset ipvsadm
iptables -P FORWARD ACCEPT
2.修改docker cgroup driver爲systemd並重啓docker
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
3.修改/etc/sysctl.d/k8s.conf添加下面一行,修改/etc/sysconfig/kubelet
vim /etc/sysctl.d/k8s.conf
vm.swappiness=0
sysctl -p /etc/sysctl.d/k8s.conf
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--fail-swap-on=false
部署master 節點
1.在master進行Kubernetes集羣初始化
kubeadm init --kubernetes-version=1.14.2 --apiserver-advertise-address=192.168.11.25 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
補充:這裏也可以自己手動拉取鏡像,通過kubeadm config images list命令列出需要拉取的鏡像
kubeadm join 192.168.11.25:6443 --token uh0vjw.28nn7hd86tqzygwy --discovery-token-ca-cert-hash sha256:4141547cfd6ecdfa6a9051b2625cf7a497068af86442e15a54d714cef08322bc
注意:該返回結果在其他node節點上添加節點時運行
2.配置kubectl工具
mkdir -p /root/.kube
cp /etc/kubernetes/admin.conf /root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config
如果你是root用戶直接運行該命令就行了:export KUBECONFIG=/etc/kubernetes/admin.conf
查看節點:kubectl get nodes
查看狀態:kubectl get cs
查看pods的運行狀態:kubectl get pods -n kube-system -owide
注意:必須全部都要Running狀態才行
3.部署flannel網絡
方法一:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
注意(如下圖所示):這裏因爲無法解析這個地址所以要在/etc/hosts文件裏添加地址解析再執行
方法二:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
方法三:下載kube-flannel.yml文件並修改
wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
vim kube-flannel.yml
安裝flannel:kubectl create -f kube-flannel.yml
部署node節點
只需要使node節點加如kubernetes集羣
這時候會用到在master上初始化羣集時會返回結果的內容,並在node節點上執行
kubeadm join 192.168.11.25:6443 --token uh0vjw.28nn7hd86tqzygwy --discovery-token-ca-cert-hash sha256:4141547cfd6ecdfa6a9051b2625cf7a497068af86442e15a54d714cef08322bc
部署Dashboard
1.創建Dashboard的yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
2.修改編輯kubernetes-dashboard.yaml文件
sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml
sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
Dashboard Service內容加入nodePort: 30001和type: NodePort兩項內容,將Dashboard訪問端口映射爲節點端口,以供外部訪問,並運行
kubectl create -f kubernetes-dashboard.yaml
3.檢查相關服務運行狀態
kubectl get deployment kubernetes-dashboard -n kube-system
kubectl get pods -n kube-system -o wide
kubectl get services -n kube-system
netstat -ntlp|grep 30001
4.在瀏覽器輸入Dashboard訪問地址:https://192.168.11.25:30001
5.查看訪問Dashboard的認證令牌
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
把這串祕鑰輸入到web頁面的令牌上登錄(不復制token: 如下圖所示)
登錄進入到k8s的web界面
kubectl工具常用命令
查看所有node信息:kubectl get node
查看RC和service列表:kubectl get rc,svc
顯示Node的詳細信息:kubectl describe node 192.168.0.212
顯示Pod的詳細信息:kubectl describe pod pod-name
根據yaml創建資源:kubectl create -f pod.yaml kubectl apply -f pod.yaml
#apply 可以重複執行,create 不行
基於pod.yaml定義的名稱刪除pod:kubectl delete -f pod.yaml
刪除所有包含某個label的pod和service:kubectl delete pod,svc -l name=label-name
刪除所有Pod:kubectl delete pod --all
查看endpoint列表:kubectl get endpoints
執行pod的date命令:
kubectl exec pod-name -- date
kubectl exec pod-name -- bash
kubectl exec pod-name -- ping 10.24.51.9
獲得pod中某個容器的TTY(相當於登錄容器):
kubectl exec -it pod-name -c container-name -- bash
#查看容器的日誌
kubectl logs pod-name
#實時查看日誌
kubectl logs -f pod-name
#若pod只有一個容器,可以不加-c
kubectl log pod-name -c container_name
查看註釋:
kubectl explain pod
kubectl explain pod.apiVersion
查看節點labels:kubectl get node --show-label