K8S
添加主机名与IP 对应关系
hostnamectl set-hostname <newhostname>:指定新的hostname hostnamectl set-hostname k8s-node1 hostnamectl set-hostname k8s-node2 hostnamectl set-hostname k8s-node3
vi /etc/hosts 129.211.172.247 k8s-node1 129.211.162.21 k8s-node2 175.27.252.105 k8s-node3
环境网络配置
systemctl stop firewalld systemctl disable firewalld
关闭selinux: sed -i 's/enforcing/disabled/' /etc/selinux/config setenforce 0
关闭swap: swapoff -a 临时 sed -ri 's/.swap./#&/' /etc/fstab 永久 free -g 验证,swap 必须为 0;
将桥接的IPv4 流量传递到iptables 的链: cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system
置阿里云下载
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF
安装kubelet
yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
systemctl enable kubelet systemctl start kubelet
部署k8s-master
初始化一个节点
执行初始化 指定 address必须是节点1的 一定要 内网 公网容易错 启动不起来
kubeadm init
--apiserver-advertise-address=10.206.0.8
--image-repository registry.aliyuncs.com/google_containers
--kubernetes-version v1.17.3
--service-cidr=10.1.0.0/16
--pod-network-cidr=10.244.0.0/16
等待4分钟
测试 kubectl(主节点执行) mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入节点
kubeadm join 10.206.0.8:6443 --token 3huj45.g09h0s7xoyznvwxj
--discovery-token-ca-cert-hash sha256:29ac815a3c283ed8bcb34cf27e2e191f1f4a845895695050ecd8844ab17a59e7
ps token 过期怎么办 默认两小时 kubeadm token create --print-join-command 永远不失效 kubeadm token create --ttl 0 --print-join-command kubeadm join --token y1eyw5.ylg568kvohfdsfco --discovery-token-ca-cert-hash sha256: 6c35e4f73f72afd89bf1c8c303ee55677d2cdb1342d67bb23c852aba2efc7c73
kubectl get nodes 获取所有节点
安装Pod 网络插件(CNI)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml kubectl get pods -n kube-system 查看指定名称空间的 pods kubectl get pods –all-namespace 查看所有名称空间的 pods
$ ip link set cni0 down 如果网络出现问题,关闭 cni0,重启虚拟机继续测试执行 watch kubectl get pod -n kube-system -o wide 监控 pod 进度 等 3-10 分钟,完全都是 running 以后继续
入门操作 kubernetes 集群
1、部署一个 tomcat kubectl create deployment tomcat6 --image=tomcat:6.0.53-jre8 kubectl get pods -o wide 可以获取到 tomcat 信息
容灾恢复 只有有一个节点单机 会拉起另外一个节点 等待5分钟+
2、暴露 nginx 访问 kubectl expose deployment tomcat6 --port=80 --target-port=8080 --type=NodePort Pod 的 80 映射容器的 8080;service 会代理 Pod 的 80
3、动态扩容测试kubectl get deployment 应用升级 kubectl set image (--help 查看帮助) 扩容: kubectl scale --replicas=3 deployment tomcat6 扩容了多份,所有无论访问哪个 node 的指定端口,都可以访问到 tomcat6
5、删除kubectl get all kubectl delete deploy/nginx kubectl delete service/nginx-service
查看yum kubectl create deployment tomcat6 --image=tomcat:6.0.53-jre8 --dry-run -o yaml > tomact6.yaml 内容
应用一下 会有三个几点 kubectl apply -f tomact6.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tomcat6
name: tomcat6
spec:
replicas: 3
selector:
matchLabels:
app: tomcat6
template:
metadata:
labels:
app: tomcat6
spec:
containers:
- image: tomcat:6.0.53-jre8
name: tomcat
K8S 细节
1、kubectl 文档 https://kubernetes.io/zh/docs/reference/kubectl/overview/
2、资源类型 https://kubernetes.io/zh/docs/reference/kubectl/overview/
3、格式化输出 https://kubernetes.io/zh/docs/reference/kubectl/overview/
4、常用操作 https://kubernetes.io/zh/docs/reference/kubectl/overview/
5、命令参考 https://kubernetes.io/docs/reference/generated/kubectl/kubectl-command
部署组合 service 和pod tomact6 和nginx组合 kubectl apply -f tomact6-dev.yaml kubectl expose deployment tomcat6 --port=80 --target-port=8080 --type=NodePort --dry-run -o yaml vi tomact6-dev.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tomcat6
name: tomcat6
spec:
replicas: 3
selector:
matchLabels:
app: tomcat6
template:
metadata:
labels:
app: tomcat6
spec:
containers:
- image: tomcat:6.0.53-jre8
name: tomcat
---
apiVersion: v1
kind: Service
metadata:
labels:
app: tomcat6
name: tomcat6
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: tomcat6
type: NodePort
ingress 域名访问节点信息 kubectl apply -f ingress-controller.yaml
apiVersion: apps/v1 kind: Ingress metadata: name: web spec: rules:
- host: example.atguigu.com http: paths: - backend: serviceName: web servicePort: 80
报错
报错[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Pleas 解决 vim /etc/docker/daemon.json { "registry-mirrors": ["https://9p593175.mirror.aliyuncs.com"], "exec-opts":["native.cgroupdriver=systemd"] }
kubeadm reset #重置了没事的,反正之前也起不来~ y
https://blog.51cto.com/devingeng/2096495 [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [WARNING FileExisting-tc]: tc not found in system path [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.16. Latest validated version: 18.09 [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service' [preflight] Pulling images required for setting up a Kubernetes cluster
问题 [ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1 解决 echo "1" > /proc/sys/net/ipv4/ip_forward service network restart
安装KubeSphere
https://v2-1.docs.kubesphere.io/docs/zh-CN/installation/prerequisites/
前置环境
https://blog.csdn.net/u010502101/article/details/109791697
安装配置Helm
1、安装 helm(master 节点执行) Helm 是 Kubernetes 的包管理器。包管理器类似于我们在 Ubuntu 中使用的 apt、Centos 中使用的 yum 或者 Python 中的 pip 一样,能快速查找、下载和安装软件包。Helm 由客户端组件 helm 和服务端组件 Tiller 组成, 能够将一组 K8S 资源打包统一管理, 是查找、共享和使用为 Kubernetes 构建的软件的最佳方式。
1)、安装 #从官网下载最新版本的二进制安装包到本地:https://altwongblog-1301531589.cos.ap-shanghai.myqcloud.com//2022/202203/helm-v2.16.5-linux-amd64_1652543949265.tar.gz tar -xf helm*linux-amd64.tar.gz mv linux-amd64/helm /usr/local/bin/ cd ~ helm help helm env helm version
为Tiller赋RBAC权限
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin #cluster-admin是k8s中默认的管理员集群角色
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-syste
安装tiller
helm init --service-account tiller --skip-refresh
tiller-deploy-67cd845dff-vgf87 0/1 ImagePullBackOff 解决方法: 删除tiller deployment,顺带会一起删除tiller pod kubectl delete -n kube-system deployment tiller-deploy 重新镜像安装
helm init --service-account=tiller --tiller-image=registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0 --history-max 300
再次查看tiller pod状态 kubectl get pods -n kube-system
参照流程执行 kubectl get node -o wide 有污点 kubectl describe node k8s-node1 | grep Taint 去掉污点 kubectl taint nodes k8s-node1 node-role.kubernetes.io/master:NoSchedule-
安装 OpenEBS
helm 报错问题 换镜像地址 helm repo remove stable helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm install --namespace openebs --name openebs stable/openebs --version 1.5.0
正确上面不好用 kubectl apply -f https://openebs.github.io/charts/openebs-operator.yaml
安装 OpenEBS 后将自动创建 4 个 StorageClass,查看创建的 StorageClass
kubectl get sc
如下将 openebs-hostpath设置为 默认的 StorageClass
kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
在从新打上污点 kubectl taint nodes k8s-node1 node-role.kubernetes.io=master:NoSchedule
创建工作负载测试 StorageClass
最小化安装
编辑文件 https://altwongblog-1301531589.cos.ap-shanghai.myqcloud.com//2022/202203/kubespher-minimal_1652583329687.yaml 执行安装 kubectl apply -f kubespher-minimal.yaml 监控安装过程 kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
报错helm原因 问题解决 https://blog.csdn.net/qq_30019911/article/details/113747673 安装包 https://altwongblog-1301531589.cos.ap-shanghai.myqcloud.com//2022/202203/helm-v2.16.6-linux-amd64_1652585688128.tar.gz
从新装 kubectl delete -f kubespher-minimal.yaml
报错 kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
k8s如何删除处于terminating状态的ns资源 安装成功提示
访问 http://129.211.172.247:30880/dashboard Account: admin Password: P@88w0rd
安装后如何开启 Metrics-server 安装 开始为 True devops: enabled: True jenkinsMemoryLim: 2Gi jenkinsMemoryReq: 1500Mi jenkinsVolumeSize: 8Gi jenkinsJavaOpts_Xms: 512m jenkinsJavaOpts_Xmx: 512m jenkinsJavaOpts_MaxRAM: 2g sonarqube: enabled: False postgresqlVolumeSize: 8Gi wq保存自动安装 可以持续监控
多租户企业空间
学习地址 https://v2-1.docs.kubesphere.io/docs/zh-CN/quick-start/admin-quick-start/ 视频地址 https://www.bilibili.com/video/BV1np4y1C7Yf?p=356 创建秘钥 创建存储卷 创建应用
外网访问