极客时间运维进阶训练营第十二周作业

1、使用 kubeadm 部署一个分布式的 Kubernetes 集群。

### 部署前检查
https://mp.weixin.qq.com/s/ySnENeuIIq98FQNLpF7mYw

ping  # 保证ip地址、主机名均能正常通讯
dmidecode --type 1  # 查看product__uuid 必须唯一
 cat /sys/class/dmi/id/product_uuid  # 查看product__uuid 必须唯一

 ### 安装和处理时间服务器-all
apt install -y chrony
systemctl  start chrony
systemctl  enable chrony
systemctl  status chrony

### 关闭swap-all
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
# systemctl --type swap
# systemctl mask SWAP_DEV

### 关闭防火墙-all
ufw disable
ufw status

### 安装docker-all

sudo apt-get -y update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt-get -y install docker-ce
systemctl  restart  docker.service && systemctl  enable  docker.service
docker info


tee  /etc/docker/daemon.json << "EOF"
{
"registry-mirrors": [
  "https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
  "max-size": "200m"
},
"storage-driver": "overlay2"
}

EOF

systemctl daemon-reload && systemctl  restart  docker.service

### 安装cri-docker -all
 cd /usr/local/src/ &&\
 curl  -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
dpkg -i /usr/local/src/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
systemctl restart  cri-docker.service && systemctl  status  cri-docker.service
注： 至此docker、cridocker安装完毕

### 安装kubeadmin kubelet kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-cache  madison  kubelet
#apt-get install -y kubelet=1.26.0-00  kubeadm=1.26.0-00 kubectl=1.26.0-00
apt-get install -y kubelet  kubeadm kubectl

### 配置cri-docker与kubelet 整合
cp /usr/lib/systemd/system/cri-docker.service{,.bak}
sed -i 's@ExecStart.*@ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d@g' /usr/lib/systemd/system/cri-docker.service
systemctl daemon-reload && systemctl restart cri-docker.service

mkdir /etc/sysconfig -pv
tee /etc/sysconfig/kubelet<< "EOF"
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
EOF
systemctl daemon-reload && systemctl restart cri-docker.service

### 初始化第一个节点 master-node1 执行
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock --image-repository=registry.aliyuncs.com/google_containers

### 处理pause 容器 -all
docker pull registry.aliyuncs.com/google_containers/pause:3.6
docker tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6

apt search kubeadm  # 查看kubeadm 版本,需要设置到初始化命令中

flannal 默认使用10.244.0.0/16 这个网络，calico 使用 192.168.0.0/16

kubeadm init --control-plane-endpoint="kubeapi.magedu.com" --kubernetes-version=v1.26.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs  --image-repository=registry.aliyuncs.com/google_containers

echo '''
 Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \
        --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e \
        --control-plane --certificate-key 15fcdb76ec93d9b71f8e0c576db3ecb7e3db89f514c6c389f69ba139fde94665

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc \
        --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e

'''

文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubelet get nodes  # 检查是否安装成功

### 安装CNI flannel -all vm
cd /usr/local/src  && curl -O https://github.com/flannel-io/flannel/releases/download/v0.20.2/flanneld-amd64

mkdir /opt/bin -pv
cp /usr/local/src/flanneld-amd64 /opt/bin/flanneld
chmod +x /opt/bin/flanneld

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml   # master01 执行即可

 kubectl get pods -n kube-flannel # 验证flannel 安装情况
 kubectl get nodes        # 此时master 节点也运行正常

### 添加node 节点-所有work节点运行

kubeadm join kubeapi.magedu.com:6443 --token o3q1jt.4wbm5cbgf1j2t6vc  --discovery-token-ca-cert-hash sha256:59dfb190c57b763ced37d308f1f82b989596f6bf4245c8e70ec6d9a52176193e --cri-socket unix:///run/cri-dockerd.sock

### master 验证
kubectl get nodes
kubectl  get pods -n kube-system

2、在集群上编排运行 demoapp，并使用 Service 完成 Pod 发现和服务发布。

### 测试创建
kubectl create  deployment demoapp  \
  --image=ikubernetes/demoapp:v1.0 \
  --replicas=3 \
  --dry-run=client \
  -o yaml

### 创建demoapp应用
kubectl create  deployment demoapp  \
  --image=ikubernetes/demoapp:v1.0 \
  --replicas=3

### 验证
 kubectl  get deployments
 kubectl  get deployment
 kubectl  get deploy

### 列出特定资源类型下的所用对象
kubectl get pods
kubectl get pods -o wide

### 删除指定pod
kubectl  delete  pods demoapp-75f59c894-vxdk9

## service 资源
### 查看类型
kubectl  create service --help
Available Commands:
  clusterip      Create a ClusterIP service       仅能集群内部访问
  externalname   Create an ExternalName service
  loadbalancer   Create a LoadBalancer service
  nodeport       Create a NodePort service        集群内部和外部都能访问
### 验证命令
kubectl create service nodeport demoapp --tcp=80:80 --dry-run=client -o yaml

### 查看pod 资源标签 label
kubectl get pods --show-labels
### 创建service 对象
kubectl create service nodeport demoapp --tcp=80:80
### 验证
kubectl get services
kubectl get endpoints

3、要求以配置文件的方式，在集群上编排运行 nginx，并使用 Service 完成 Pod 发现和服务发布。

tee nginx-deployment-demo.yaml << "EOF"
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:alpine
        name: nginx

EOF
kubectl create -f  nginx-deployment-demo.yaml

 kubectl get deployments
kubectl  get pods
kubectl  get pods -o wide

tee nginx-service-demo.yaml << "EOF"
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  ports:
  - name: 80-80
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: NodePort
EOF

kubectl create -f nginx-service-demo.yaml
kubectl  get services

此时在外部通过任意节点都能访问nginx
http://192.168.56.168:30754/

### 查看日志
kubectl logs nginx-6c557cc74d-cw7jl

### 扩容nginx
kubectl scale deployment nginx --replicas=6
 kubectl get pods  -o wide

### 所容nginx
kubectl scale deployment nginx --replicas=4
kubectl get pods  -o wide