1. 安装 pullk8s 工具,此工具可以通过 hub.docker.com 的 opsdockerimage 仓库下载k8s所需的 k8s.gcr.io 或 gcr.io 镜像,无需自己翻墙,每天更新一次,包括所有image 的全平台的所有tags。
$ sudo curl -L "https://raw.githubusercontent.com/OpsDocker/pullk8s/main/pullk8s.sh" -o /usr/local/bin/pullk8s
$ sudo chmod +x /usr/local/bin/pullk8spullk8s COMMAND [NAME[:TAG|@DIGEST]] [OPTIONS]
Pull gcr.io's image for hub.docker.com
Commands:
check Check gcr.io's fail pull images.
pull Pull an image or a repository
Options:
--microk8s If use MicroK8s release.
Examples:
pullk8s pull gcr.io/google_containers/etcd:2.0.12
pullk8s pull k8s.gcr.io/etcd:2.0.12
pullk8s pull k8s.gcr.io/pause:3.6 --microk8s
pullk8s check --microk8s2. 安装 snap ,Ubuntu 目前已经支持。其他系统的安装见 Installing snapd | Snapcraft documentation
1. 安装 microk8s
$ sudo snap install microk8s --classic
microk8s (1.22/stable) v1.22.2 from Canonical✓ installed安装结束后,要进行下一步检查,查看那些 google 容器 pull 失败。
2. 检查被屏蔽的 gcr.io 或 k8s.gcr.io 容器名称
# pullk8s check --microk8s
k8s.gcr.io/pause:3.1- 此时提示的 k8s.gcr.io/pause:3.1 就是pull 失败的容器名称
- 因 microk8s 启动需要时间,可能要执行多次才能看到失败的容器名称,
3. 使用 pullk8s 拉取失败的镜像,并导入到 pod 空间中
# pullk8s pull k8s.gcr.io/pause:3.1 --microk8s
Pull pause:3.1 ...
3.1: Pulling from opsdockerimage/pause
Digest: sha256:f78411e19d84a252e53bff71a4407a5686c46983a2c2eeed83929b888179acea
Status: Downloaded newer image for opsdockerimage/pause:3.1
docker.io/opsdockerimage/pause:3.1
Untagged: opsdockerimage/pause:3.1
Untagged: opsdockerimage/pause@sha256:f78411e19d84a252e53bff71a4407a5686c46983a2c2eeed83929b888179acea
unpacking k8s.gcr.io/pause:3.1 (sha256:0968e31df05b727234888883ba43ccaa4ec75566113c75065af5a6124b62d93c)...done4. 查看Pod运行状态
# microk8s kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-node-24q47 1/1 Running 0 5m4s
kube-system calico-kube-controllers-58c9b7bcc5-ktpzk 1/1 Running 0 5m4s5. 根据自己的需要,安装仪表板、DNS、私有化Registry、流量及路由控制器等k8s组件
# microk8s enable dashboard dns registry istio安装完成后,依然要进行步骤2、3的检查pull失败及pullk8s拉取操作。直到所有pod都是 Running
1. 获取 token 密钥
# token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
# microk8s kubectl -n kube-system describe secret $token2. 映射端口到外部网卡
# microk8s kubectl port-forward -n kube-system --address=0.0.0.0 service/kubernetes-dashboard 10443:4433. 浏览器访问
https://127.0.0.1:10443
其他常用命令:
命令 | 说明 |
microk8s dashboard-proxy | 配置仪表板访问代理 |
microk8s start | 启动 microk8s |
microk8s stop | 停止 microk8s |
snap alias microk8s.kubectl kubectl | 设置别名 |
microk8s kubectl get all --all-namespace | 查看所有命名空间所有pod及服务的状态 |
翻阅网上很多文章,都是讲到安装 MicroK8s 就结束了,然后干什么呢?当然是如何部署我们的应用了,这里首先涉及到访问控制,下面以以 Istio 为例:
1. 安装 Istio,如果 二.5 步骤命令行,没有安装 Istio 则执行一下命令:
# microk8s enable istio2. 查看是否配置了外部访问IP ,若EXTRNAL-IP值是<none>或持续显示<pending>则需要步骤3的配置IP
# microk8s kubectl get service -n istio-system istio-ingressgateway
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.152.183.179 192.168.0.23 15021:30040/TCP,80:31999/TCP,443:32633/TCP,31400:32459/TCP,15443:32530/TCP 4d22h3. 配置外部访问IP:
# microk8s kubectl -n istio-system edit service/istio-ingressgateway进入编辑后,在 spec 下添加你的外部访问IP,修改后 wq 推出即生效:
spec:
externalIPs:
- 192.168.0.234. 允许sidecar:
Istio 提供了一种无入侵式的应用部署方式,即在创建 Pod 时触发 Sidecar 的注入过程,将Envoy的扩展版本作为代理布署到每个微服务中,而方法是在则会个namespace添加一个标签。
$ microk8s kubectl label namespace default istio-injection=enabled
# 查看 default 是否成功添加 label
$ microk8s kubectl get namespaces --show-labels
NAME STATUS AGE LABELS
kube-system Active 4d23h kubernetes.io/metadata.name=kube-system
kube-public Active 4d23h kubernetes.io/metadata.name=kube-public
kube-node-lease Active 4d23h kubernetes.io/metadata.name=kube-node-lease
container-registry Active 4d23h kubernetes.io/metadata.name=container-registry
istio-system Active 4d23h kubernetes.io/metadata.name=istio-system
default Active 4d23h istio-injection=enabled,kubernetes.io/metadata.name=default5.部署应用
创建文件 nginx 静态服务器配置文件 nginx-deployment.yaml,配置 v1/v2 两个版本:
##################################################
# ConfigMap to copy simple text to NGINX
##################################################
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-static-files
namespace: default
data:
echo.txt.v2: |-
Hello, This is Service1!!!
echo.txt.v1: |-
Hello, This is Service2!!!
---
##################################################
# Deployment to create NGINX Containers
##################################################
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-v2
labels:
deploy: nginx
version: "2"
spec:
replicas: 2
selector:
matchLabels:
app: nginx
version: "2"
template:
metadata:
labels:
app: nginx
version: "2"
spec:
containers:
- name: nginx
image: nginx:1.17.9
ports:
- containerPort: 80
volumeMounts:
- name: echo-txt
mountPath: /usr/share/nginx/html/echo
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 2
periodSeconds: 10
volumes:
- name: echo-txt
configMap:
name: nginx-static-files
items:
- key: echo.txt.v2
path: test.txt
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-v1
labels:
deploy: nginx
version: "1"
spec:
replicas: 2
selector:
matchLabels:
app: nginx
version: "1"
template:
metadata:
labels:
app: nginx
version: "1"
spec:
containers:
- name: nginx
image: nginx:1.17.9
ports:
- containerPort: 80
volumeMounts:
- name: echo-txt
mountPath: /usr/share/nginx/html/echo
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 2
periodSeconds: 10
volumes:
- name: echo-txt
configMap:
name: nginx-static-files
items:
- key: echo.txt.v1
path: test.txt
---
##################################################
# NGINX Services
##################################################
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
service: nginx
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- name: http
protocol: TCP
port: 80执行:
# microk8s kubectl apply -f nginx-deployment.yaml6. 配置访问路由规则
创建文件 nginx Gateway、虚拟服务配置文件 nginx-gateway.yaml,绑定域名 test.mynginx.com 并配置权重50/50,将流量平均分配给 v1/v2:
########################################
# Destination Rule
########################################
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: nginx
spec:
host: nginx-svc
subsets:
- name: v2
labels:
app: nginx
version: "2"
- name: v1
labels:
app: nginx
version: "1"
---
########################################
# Gateway
########################################
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
name: http
number: 80
protocol: HTTP
hosts:
- "*"
---
########################################
# VirtualService
########################################
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx
spec:
hosts:
- "test.mynginx.com"
gateways:
- nginx-gateway
http:
- route:
- destination:
host: nginx-svc
port:
number: 80
subset: v2
weight: 50
- destination:
host: nginx-svc
port:
number: 80
subset: v1
weight: 50执行:
# microk8s kubectl apply -f nginx-gateway.yaml7.访问应用 在客户端电脑,添加 Host 域名,配置 C:\Windows\System32\drivers\etc\hosts
192.168.0.23 test.mynginx.com保存后,在浏览器访问:http://test.mynginx.com/echo/test.txt
强制刷新 Ctrl+F5,可以看到随机返回 Server1/Server2。
