k8s notes
文章目录
教程
Docker Vs k8s(Kubernets)
集群(cluster)创建工具比较
- 参考
工具
MiniKube
- 单机,学习
Kind
- 一个 container 一个 node
Kubeadm
- 要求高
K3S
- 不使用 docker, 减配版 k8s
国内安装
- 教程
- 更全面教程
难点
安装 docker
1 2curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh安装 kubeadm kubectl kubelet
添加源
1 2 3 4 5#在 /etc/apt/source.list 添加 deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main # 或者 echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list解决 找不到 public key
1 2 3sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FEEA9169307EA071 8B57C5C2836F4BEB安装 kubeadm kubectl kubelet
1sudo apt -y install kubelet kubeadm kubectlbash completion
1 2 3 4 5 6kubectl completion bash >/etc/bash_completion.d/kubectl echo 'alias k=kubectl' >>~/.bashrc echo 'complete -F __start_kubectl k' >>~/.bashrc kubeadm completion bash >/etc/bash_completion.d/kubeadm
k8s docker 镜像
1 2 3sudo kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers sudo kubeadm init --control-plane-endpoint=inside --pod-network-cidr=10.11.0.0/16 --image-repository registry.aliyuncs.com/google_containers下载失败的 image, 从 docker hub 上令找,在 docker tag 处理
1 2 3 4 5# 另找到的源 sudo docker pull coredns/coredns:1.8.0 # 重命名 sudo docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
总步骤
工具安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33# install docker sudo apt install curl -y curl -fsSL https://get.docker.com -o get-docker.sh sudo sh ./get-docker.sh rm ./get-docker.sh sudo usermod -aG docker $USER # 安装 kubeadm kubelet kubectl echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list && \ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FEEA9169307EA071 8B57C5C2836F4BEB && \ sudo apt update && \ sudo apt -y install kubelet kubeadm kubectl && \ sudo kubectl completion bash |sudo tee /etc/bash_completion.d/kubectl && \ echo 'alias k=kubectl' >>~/.bashrc && \ echo 'complete -F __start_kubectl k' >>~/.bashrc && \ \ sudo kubeadm completion bash |sudo tee /etc/bash_completion.d/kubeadm && \ \ sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab && \ sudo swapoff -a sudo modprobe overlay sudo modprobe br_netfilter sudo tee /etc/sysctl.d/kubernetes.conf<<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sudo sysctl --systemkubeadm init
1 2 3 4 5 6 7 8 9 10 11# images download sudo kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers sudo kubeadm config images pull sudo docker pull coredns/coredns:1.8.0 sudo docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0 # 部署, 注意 cidr 选择 sudo kubeadm init --control-plane-endpoint=<...your master hostname> --pod-network-cidr=10.11.0.0/16 --image-repository registry.aliyuncs.com/google_containers sudo kubeadm init --control-plane-endpoint=kmaster --pod-network-cidr=10.11.0.0/16 --image-repository registry.aliyuncs.com/google_containers sudo kubeadm init --control-plane-endpoint=kmaster --pod-network-cidr=10.11.0.0/16
- 成功结果
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root:
kubeadm join inside:6443 –token 1ghtrm.yv2ndw8552tupu7w \ –discovery-token-ca-cert-hash sha256:6c85a03f5d91312b30078999143999d96c29aeef6f53851170acaaa5a6a31c82 \ –control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join inside:6443 –token 1ghtrm.yv2ndw8552tupu7w \ –discovery-token-ca-cert-hash sha256:6c85a03f5d91312b30078999143999d96c29aeef6f53851170acaaa5a6a31c82
deployment(Controller)
两种方式
kubectl run- yaml 配置文件,
kubectl apply -f your.yaml
部署信息查询
kubectl rollout status成功与否
1kubectl rollout status deployment <your-deployment>
简述信息
kubectl get deployment1kubectl get deployment <your-deployment>
详细信息
kubectl describe deployment
展示创建的 ReplicaSet
kubectl get replicaset
部署的 Pod
kubectl get pods
部署后操作
修改 image
kubectl set image deployment1kubectl set image deployment example-deployment nginx=nginx:latest --record
查看 部署过程
kubectl rollout history deployment
回滚
查看版本历史
kubectl rollout history deployment
查看具体版本
kubectl rollout history deployment ---revision=<version>
回退版本
kubectl rollout undo deployment --to-revision=<version>
修改 replicas 数量
kubectl scale --replicas=<new number> deployment <your-deployment>
暂停 与 重新启动
暂停
kubectl rollout deploy <your-deployment>
启动
kubectl rollout resume deploy <your-deployment>
Service 服务
类型
ClusterIP: 默认类型
- 只能在 Cluster 内部访问
NodePort
- 暴露在每一个 Node 的固定端口上
- 外部可以访问
- 访问形式:<NodeIP>:<NodePort>
LoadBalancer
- 云服务商提供,负载均衡
ExternalName
- 域名形式
- eg: foo.bar.example.com
辨析
yaml 配置文件
Deployment
需要有 selector 字段,下面包含 matchLabels 字段,再接 labels
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22apiVersion: apps/v1 kind: Deployment metadata: name: httpd-demo labels: app: httpd spec: replicas: 3 selector: #----------- 注意 matchLabels: app: httpd template: metadata: labels: app: httpd spec: containers: - name: httpd image: httpd:latest ports: - containerPort: 80
Service
selector 字段,下面不需要 matchLabels,直接跟 labels
1 2 3 4 5 6 7 8 9 10 11 12 13 14apiVersion: v1 kind: Service metadata: name: httpd-demo spec: type: NodePort selector: # ----------------- 注意 app: httpd ports: - protocol: TCP port: 8080 targetPort: 80 nodePort: 30036
问题
kubeadm join –v=5
- token 不识别问题
方法:生成新的 token
1 2 3 4 5 6 7 8# 生成token 错误解决方法 sudo cp ./.kube/ /root/ -r sudo kubeadm token create --print-join-command # 再次,worker 机器 sudo kubeadm join ...
Label
- 命令
kubectl label
service
port 解说
- 参考
targetPort :: docker export
- docker 内部真实的最初的 功能提供端口
port :: cluster port
- docker 映射到 cluster 中的端口
nodePort :: 节点 端口
- Node 对外部主机 暴露的可以访问的端口
对应映射关系
- docker
port–> cluastertargetPort–> 节点nodePort
- docker
数据包转发流程
- 发送到主机 Node –> nodePort
- 主机发送给 –> Service 监听端口 targetPort
- targetPort 再转发给 –> docker 容器
port
辨析
- deployment 中 也有一个
port - deployment port 需要等于 service targetPort
注意
如果 deployment port
!=service targetPort- 如果 targetPort 确实是 docker 内部应用提供服务的端口,无影响
命令方式创建
命令
1 2 3kubectl create service nodeport httpd-demo --node-port 30080 --tcp 8080:80 kubectl create service <servie-type> <service-name> --node-port <Your port> --tcp <targetPort>:<port(cluster port)>注意
这样创建一个与 service-name 相关的 selector
- 即:
selector: app=service-name
- 即:
文章作者
上次更新 2023-02-10 (97c415e)