極客時間運維進階訓練營第十二週作業

1、使用 kubeadm 部署一個分佈式的 Kubernetes 集羣。

### 部署前檢查
https://mp.weixin.qq.com/s/ySnENeuIIq98FQNLpF7mYw

ping  # 保證ip地址、主機名均能正常通訊
dmidecode --type 1  # 查看product__uuid 必須唯一
 cat /sys/class/dmi/id/product_uuid  # 查看product__uuid 必須唯一

 ### 安裝和處理時間服務器-all
apt install -y chrony
systemctl  start chrony
systemctl  enable chrony
systemctl  status chrony

### 關閉swap-all
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
# systemctl --type swap
# systemctl mask SWAP_DEV

### 關閉防火牆-all
ufw disable
ufw status

### 安裝docker-all

sudo apt-get -y update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt-get -y install docker-ce
systemctl  restart  docker.service && systemctl  enable  docker.service
docker info


tee  /etc/docker/daemon.json << "EOF"
{
"registry-mirrors": [
  "https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
  "max-size": "200m"
},
"storage-driver": "overlay2"
}

EOF

systemctl daemon-reload && systemctl  restart  docker.service

### 安裝cri-docker -all
 cd /usr/local/src/ &&\
 curl  -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
dpkg -i /usr/local/src/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
systemctl restart  cri-docker.service && systemctl  status  cri-docker.service
注： 至此docker、cridocker安裝完畢

### 安裝kubeadmin kubelet kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-cache  madison  kubelet
#apt-get install -y kubelet=1.26.0-00  kubeadm=1.26.0-00 kubectl=1.26.0-00
apt-get install -y kubelet  kubeadm kubectl

### 配置cri-docker與kubelet 整合
cp /usr/lib/systemd/system/cri-docker.service{,.bak}
sed -i 's@ExecStart.*@ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d@g' /usr/lib/systemd/system/cri-docker.service
systemctl daemon-reload && systemctl restart cri-docker.service

mkdir /etc/sysconfig -pv
tee /etc/sysconfig/kubelet<< "EOF"
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
EOF
systemctl daemon-reload && systemctl restart cri-docker.service

### 初始化第一個節點 master-node1 執行
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock --image-repository=registry.aliyuncs.com/google_containers

### 處理pause 容器 -all
docker pull registry.aliyuncs.com/google_containers/pause:3.6
docker tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6

apt search kubeadm  # 查看kubeadm 版本,需要設置到初始化命令中

flannal 默認使用10.244.0.0/16 這個網絡，calico 使用 192.168.0.0/16

kubeadm init --control-plane-endpoint="kubeapi.magedu.com" --kubernetes-version=v1.26.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs  --image-repository=registry.aliyuncs.com/google_containers

echo '''
 Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \
        --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e \
        --control-plane --certificate-key 15fcdb76ec93d9b71f8e0c576db3ecb7e3db89f514c6c389f69ba139fde94665

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \
        --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e

'''

文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubelet get nodes  # 檢查是否安裝成功

### 安裝CNI flannel -all vm
cd /usr/local/src  && curl -O https://github.com/flannel-io/flannel/releases/download/v0.20.2/flanneld-amd64

mkdir /opt/bin -pv
cp /usr/local/src/flanneld-amd64 /opt/bin/flanneld
chmod +x /opt/bin/flanneld

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml   # master01 執行即可

 kubectl get pods -n kube-flannel # 驗證flannel 安裝情況
 kubectl get nodes        # 此時master 節點也運行正常

### 添加node 節點-所有work節點運行

kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc  --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e --cri-socket unix:///run/cri-dockerd.sock

### master 驗證
kubectl get nodes
kubectl  get pods -n kube-system

2、在集羣上編排運行 demoapp，並使用 Service 完成 Pod 發現和服務發佈。

### 測試創建
kubectl create  deployment demoapp  \
  --image=ikubernetes/demoapp:v1.0 \
  --replicas=3 \
  --dry-run=client \
  -o yaml

### 創建demoapp應用
kubectl create  deployment demoapp  \
  --image=ikubernetes/demoapp:v1.0 \
  --replicas=3

### 驗證
 kubectl  get deployments
 kubectl  get deployment
 kubectl  get deploy

### 列出特定資源類型下的所用對象
kubectl get pods
kubectl get pods -o wide

### 刪除指定pod
kubectl  delete  pods demoapp-75f59c894-vxdk9

## service 資源
### 查看類型
kubectl  create service --help
Available Commands:
  clusterip      Create a ClusterIP service       僅能集羣內部訪問
  externalname   Create an ExternalName service
  loadbalancer   Create a LoadBalancer service
  nodeport       Create a NodePort service        集羣內部和外部都能訪問
### 驗證命令
kubectl create service nodeport demoapp --tcp=80:80 --dry-run=client -o yaml

### 查看pod 資源標籤 label
kubectl get pods --show-labels
### 創建service 對象
kubectl create service nodeport demoapp --tcp=80:80
### 驗證
kubectl get services
kubectl get endpoints

3、要求以配置文件的方式，在集羣上編排運行 nginx，並使用 Service 完成 Pod 發現和服務發佈。

tee nginx-deployment-demo.yaml << "EOF"
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:alpine
        name: nginx

EOF
kubectl create -f  nginx-deployment-demo.yaml

 kubectl get deployments
kubectl  get pods
kubectl  get pods -o wide

tee nginx-service-demo.yaml << "EOF"
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  ports:
  - name: 80-80
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: NodePort
EOF

kubectl create -f nginx-service-demo.yaml
kubectl  get services

此時在外部通過任意節點都能訪問nginx
http://192.168.56.168:30754/

### 查看日誌
kubectl logs nginx-6c557cc74d-cw7jl

### 擴容nginx
kubectl scale deployment nginx --replicas=6
 kubectl get pods  -o wide

### 所容nginx
kubectl scale deployment nginx --replicas=4
kubectl get pods  -o wide