当EKS Distro遇见KubeSphere
scofield 菜鸟运维杂谈
简介
Amazon EKS Distro 是由 Amazon EKS 用于帮助创建可靠、安全的集群的 Kubernetes 发行版本。EKS Distro 包括开源 Kubernetes 的二进制文件和容器、etcd(集群配置数据库)、联网、存储插件,所有这些都经过兼容性测试。您可以在需要运行您应用程序的任何地方部署 EKS Distro。
安装snapd
yum install epel-release
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
安装eks
[root@qd01-stop-free015 log]# snap install eks --edge --classic
2021-02-18T16:03:45+08:00 INFO Waiting for automatic snapd restart...
Warning: /var/lib/snapd/snap/bin was not found in your $PATH. If you've not restarted your session
since you installed snapd, try doing that. Please see https://forum.snapcraft.io/t/9469
for more details.
eks (1.18/edge) v1.18.9 from Canonical✓ installed
启动EKS-D
eks start
验证EKS-D
为 kubectl 设置别名
alias kubectl='eks kubectl'
查看集群信息
]# kubectl cluster-info
Kubernetes master is running at https://127.0.0.1:16443
CoreDNS is running at https://127.0.0.1:16443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://127.0.0.1:16443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
]# kubectl get no -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
qd01-stop-free015 Ready <none> 45m v1.18.9-eks-1-18-1 10.26.29.205 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 containerd://1.3.7
从以上输出可以看出,EKS-D使用的容器运行环境是containerd,并不是docker。
再来看集群默认都启动的组件,如下可以看到,启动了网络calico、DNS系统coredns、监控metrics-server,存储hostpath-provisioner
]# kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/aws-iam-authenticator-cxzwj 1/1 Running 0 8m49s
kube-system pod/calico-node-bm4c2 1/1 Running 0 10m
kube-system pod/hostpath-provisioner-66667bf7f-cd6zb 1/1 Running 0 10m
kube-system pod/coredns-6788f546c9-p2xfw 1/1 Running 0 10m
kube-system pod/calico-kube-controllers-555fc8cc5c-5tf6l 1/1 Running 0 10m
kube-system pod/metrics-server-768748c8f4-rjtb2 1/1 Running 0 10m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 10m
kube-system service/kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 10m
kube-system service/metrics-server ClusterIP 10.152.183.146 <none> 443/TCP 10m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/aws-iam-authenticator 1 1 1 1 1 <none> 10m
kube-system daemonset.apps/calico-node 1 1 1 1 1 kubernetes.io/os=linux 10m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/hostpath-provisioner 1/1 1 1 10m
kube-system deployment.apps/coredns 1/1 1 1 10m
kube-system deployment.apps/calico-kube-controllers 1/1 1 1 10m
kube-system deployment.apps/metrics-server 1/1 1 1 10m
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/hostpath-provisioner-66667bf7f 1 1 1 10m
kube-system replicaset.apps/coredns-6788f546c9 1 1 1 10m
kube-system replicaset.apps/calico-kube-controllers-555fc8cc5c 1 1 1 10m
kube-system replicaset.apps/metrics-server-768748c8f4 1 1 1 10m
查看系统进程
]# netstat -nalupt|grep -i listen
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 11549/kubelet
tcp 0 0 0.0.0.0:25000 0.0.0.0:* LISTEN 10519/python3
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 10408/kube-proxy
tcp 0 0 0.0.0.0:10250 0.0.0.0:* LISTEN 11549/kubelet
tcp 0 0 127.0.0.1:9099 0.0.0.0:* LISTEN 15308/calico-node
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 14766/kube-schedule
tcp 0 0 127.0.0.1:10252 0.0.0.0:* LISTEN 14795/kube-controll
tcp 0 0 0.0.0.0:10255 0.0.0.0:* LISTEN 11549/kubelet
tcp 0 0 127.0.0.1:10256 0.0.0.0:* LISTEN 10408/kube-proxy
tcp 0 0 0.0.0.0:10257 0.0.0.0:* LISTEN 14795/kube-controll
tcp 0 0 127.0.0.1:21362 0.0.0.0:* LISTEN 14244/aws-iam-authe
tcp 0 0 0.0.0.0:10259 0.0.0.0:* LISTEN 14766/kube-schedule
tcp 0 0 0.0.0.0:21363 0.0.0.0:* LISTEN 14244/aws-iam-authe
tcp 0 0 127.0.0.1:19001 0.0.0.0:* LISTEN 14635/kube-apiserve
tcp 0 0 127.0.0.1:1338 0.0.0.0:* LISTEN 10537/containerd
tcp 0 0 0.0.0.0:16443 0.0.0.0:* LISTEN 14635/kube-apiserve
tcp 0 0 127.0.0.1:7483 0.0.0.0:* LISTEN 10537/containerd
客户端登录
EKS-D默认是没有web界面,不太友好,我们可以使用图形化界面连接集群,查看更多信息 1、获取config文件;
]# eks.config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBVENDQWVtZ0F3SUJBZ0lKQUpMM2RHalhRcThuTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmN4RlRBVEJnTlYKQkFNTURERXdMakUxTWk0eE9ETXVNVEFlRncweU1UQXlNVGt3TVRJeU1UbGFGdzB6TVRBeU1UY3dNVEl5TVRsYQpNQmN4RlRBVEJnTlZCQU1NRERFd0xqRTFNaTR4T0RNdU1UQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFLc2JUTkdITDVuOGFrdXcydTNFd0loNW83SHFNS25LVkcyRmJybmk5cFUwVnJIOGhGcEgKQmRCWjRGRXM0eUcxTmxqMWhTQXVLTjZVS2lkVlkwVE9ZOTlkSTVQNlVLKzBNdDlqc1NQRERyZ3dzbWNUYVF0RgpXZVRuancrSG90NUZ5YkVpbjU1U2VXS2JOSk5jeVFVazE1aHBXRUZxYXlhMVkvRk52Nk5FMkZmdlhDR01CTEhJClFpK2txdHpGZ1Y4VlFYMGpSc0ZpUzE0Z21ndnc0dnZlNGRtd2IvQ3FzTWxZUEZYU1pFYU5UQmVIeStlRDJ2YW8Kb0dCeExSUVBOVUZWRDhwOCt3NEMvRjJNY2p5VUtXWFBRd2FMbTQ5VE15dmdESmhRM2hacFVSOEZBdjRxcVI3NQp0OFg3cTJ0cnlOWHh5aEZ5WS9nUU9hby9US2I4b2RZa1l0TUNBd0VBQWFOUU1FNHdIUVlEVlIwT0JCWUVGRlhjCkE2VlZXVWFhTlZ6TkZESmlIdVQwaUtia01COEdBMVVkSXdRWU1CYUFGRlhjQTZWVldVYWFOVnpORkRKaUh1VDAKaUtia01Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURaRUl3ZlNwS3p4RGROeQp5YUxZYWgzaklLYUt1S1ZPcmhPcWNtWnBUT1pZc2Y3V0ZuZHdkTnhVWmE3UkFtNUZ0QlpqT1FncEx1SUR5V3JKCnZPWFc2M2lLVnlNbm1uRWZGWEdVdkFrTGMzN2U0bTVRWTdTTE95dThCdER0dUV2SmlMRVZZREl6eXozWGR2MzAKZkhudHVOT2d4alloUkUrOGdZUkFibVhoaDlvd2s2QVdzZG5SNHI3L0NTU0xncjNNWjNFcmFqK0xIUlBiUXBaRQp2VHg2cDhYSS9NTmpsU1RQQnpHWmcvTWk3ZDQ1RjZxYWpkT0xxZHBYc3ok55MzN1c0VhOEtsUGYwCjlIUVBLOEQ4RTgycWNLYUs1ek9oL0R2VGRNTEdCZkJtK2FtS0FlMkU1QkhPR3ExRG9DbHpEQlhaRHJNTFEwQVQKUDRQV0Eycz0KLS0tLS1FTkQgQ0VSVElGSUUtLS0tLQo=
server: https://10.26.29.1:16443
name: microk8s-cluster
contexts:
- context:
cluster: microk8s-cluster
user: admin
name: microk8s
current-context: microk8s
kind: Config
preferences: {}
users:
- name: admin
user:
token: MS9FcWRmVGZVTEo1QVZic3RvMVZ3WENWZlZhNWNZcWltd2tUQlhIY3JZdz0K
2、使用lens客户端登录 打开lens,添加新集群,把配置文件粘贴进去即可
连接到集群后就可以看到集群的更多信息了
使用kubesphere管理EKS-D
KubeSphere 是在 Kubernetes 之上构建的以应用为中心的多租户容器平台,提供全栈的 IT 自动化运维的能力,简化企业的 DevOps 工作流。KubeSphere 提供了运维友好的向导式操作界面,帮助企业快速构建一个强大和功能丰富的容器云平台。
1、在EKS-D上部署kubesphere 3.0.0
# 部署 KubeSphere v3.0.0
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/kubesphere-installer.yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/cluster-configuration.yaml
# 查看部署日志,看到如下输出表示成功
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://10.26.29.205:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After logging into the console, please check the
monitoring status of service components in
the "Cluster Management". If any service is not
ready, please wait patiently until all components
are ready.
2. Please modify the default password after login.
#####################################################
https://kubesphere.io 2021-02-19 10:06:32
#####################################################
现在我们可以使用http://10.26.29.205:30880 登录KubeSphere管理界面 2、登录kubesphere
登录失败
哦豁,账户没有激活,这是个小bug,需要打个补丁
# 部署完成后需执行如下两条命令规避兼容性问题,详情可参考:https://kubesphere.com.cn/forum/d/2217-account-is-not-active
kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/2c4b479ec65110f7910f913734b3d069409d72a8/roles/ks-core/prepare/files/ks-init/users.iam.kubesphere.io.yaml
kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/2c4b479ec65110f7910f913734b3d069409d72a8/roles/ks-core/prepare/files/ks-init/webhook-secret.yaml
kubectl -n kubesphere-system rollout restart deploy ks-controller-manager
重新登录成功
添加EKS-D节点
1、在已经运行eks的节点上获取加入集群的token
]# eks.add-node
From the node you wish to join to this cluster, run the following:
eks join 10.26.29.205:25000/1e896933cde2c4808cf3cb4de8957cd9
2、在新节点安装好eks以后,使用eks.join将新节点加入集群
]# eks.join 10.26.29.205:25000/1e896933cde2c4808cf3cb4de8957cd9
Contacting cluster at 10.26.29.205
Waiting for this node to finish joining the cluster. ..
3、验证节点
]# kubectl get no
NAME STATUS ROLES AGE VERSION
qd01-stop-free016 Ready <none> 14m v1.18.9-eks-1-18-1
qd01-stop-free015 Ready <none> 116m v1.18.9-eks-1-18-1
新节点已经添加完成
PS:文章会同步到dev.kubeops.net