Kubernetes工作流程:
1映跟、準(zhǔn)備好一個(gè)包含應(yīng)用程序的Deployment的yml文件,然后通過(guò)kubectl客戶端工具發(fā)送給ApiServer。
2、ApiServer接收到客戶端的請(qǐng)求并將資源內(nèi)容存儲(chǔ)到數(shù)據(jù)庫(kù)(etcd)中抛寝。
3、Controller組件(包括scheduler曙旭、replication盗舰、endpoint)監(jiān)控資源變化并作出反應(yīng)。
4桂躏、ReplicaSet檢查數(shù)據(jù)庫(kù)變化钻趋,創(chuàng)建期望數(shù)量的pod實(shí)例。
5剂习、Scheduler再次檢查數(shù)據(jù)庫(kù)變化蛮位,發(fā)現(xiàn)尚未被分配到具體執(zhí)行節(jié)點(diǎn)(node)的Pod较沪,然后根據(jù)一組相關(guān)規(guī)則將pod分配到可以運(yùn)行它們的節(jié)點(diǎn)上,并更新數(shù)據(jù)庫(kù)土至,記錄pod分配情況购对。
6、Kubelete監(jiān)控?cái)?shù)據(jù)庫(kù)變化陶因,管理后續(xù)pod的生命周期,發(fā)現(xiàn)被分配到它所在的節(jié)點(diǎn)上運(yùn)行的那些pod垂蜗。如果找到新pod楷扬,則會(huì)在該節(jié)點(diǎn)上運(yùn)行這個(gè)新pod。
7贴见、kuberproxy運(yùn)行在集群各個(gè)主機(jī)上烘苹,管理網(wǎng)絡(luò)通信,如服務(wù)發(fā)現(xiàn)片部、負(fù)載均衡镣衡。例如當(dāng)有數(shù)據(jù)發(fā)送到主機(jī)時(shí),將其路由到正確的pod或容器档悠。對(duì)于從主機(jī)上發(fā)出的數(shù)據(jù)廊鸥,它可以基于請(qǐng)求地址發(fā)現(xiàn)遠(yuǎn)程服務(wù)器,并將數(shù)據(jù)正確路由辖所,在某些情況下會(huì)使用輪訓(xùn)調(diào)度算法(Round-robin)將請(qǐng)求發(fā)送到集群中的多個(gè)實(shí)例惰说。
#####################################################################
top
#########################
ip ? ? ? ? ? ? name? ? info? system
192.168.11.144 master? 2c2G? ? ubuntu
192.168.11.145 node? ? ? 2c2G? ? ubuntu
all nodes
################################################
################################################
all nodes快速安裝 一步步
#########################
swapoff -a? #開(kāi)機(jī)時(shí)需要 關(guān)閉swap內(nèi)存
ufw disable
cp /etc/apt/sources.list /etc/apt/sources.list.default
echo "" >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse? ? ? ? ? ? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse? ? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse? ? ? ? ? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse? "? >> /etc/apt/sources.list
#####
apt-get update && apt-get install -y apt-transport-https
#####
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >/etc/apt/sources.list.d/kubernetes.list
#####
wget -qO- https://get.docker.com/ | sh
#####
sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable kubelet
all nodes詳細(xì)步驟
#########################
##disable swap
swapoff -a
##iptables
ufw disable
#分別更改hostname
hostnamectl set-hostname master
#添加域名解析
cat <<EOF >>/etc/hosts
192.168.11.144 master
192.168.11.145 node
EOF
#配置國(guó)內(nèi)apt源, 以下為阿里源缘回,將 /etc/apt/sources.list 中內(nèi)容替換如下
cp /etc/apt/sources.list /etc/apt/sources.list.default
echo "" >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse? ? ? ? ? ? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse? ? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse? ? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse? ? ? ? ? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse? ? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse? "? >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse? "? >> /etc/apt/sources.list
#配置國(guó)內(nèi)Kubernetes源
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >/etc/apt/sources.list.d/kubernetes.list
#配置國(guó)內(nèi)docker 源? ##不推薦吆视,用下面 wget -qO- https://get.docker.com/ | sh 的直接安裝
sudo apt install apt-transport-https ca-certificates software-properties-common curl
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \
$(lsb_release -cs) stable"
sudo apt update
###############
#安裝docker
wget -qO- https://get.docker.com/ | sh
#安裝k8s工具
sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable kubelet
master
################################################
################################################
##初始化? ##如果初始化失敗,可以用kubeadm reset 來(lái)清理環(huán)境
或者加上:? --ignore-preflight-errors=all
--pod-network-cidr=10.244.0.0/16? 由后面的 CNI 插件 flannel 的配置一致
kubeadm init --kubernetes-version=1.15.0 --apiserver-advertise-address=192.168.11.144 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.245.0.0/16 --pod-network-cidr=10.244.0.0/16? --ignore-preflight-errors=all
##執(zhí)行成功會(huì)出現(xiàn)如下節(jié)點(diǎn)加入cmd:
kubeadm join 192.168.11.144:6443 --token 65m73j.ok6rs1tbsyu5lm7h \
? ? --discovery-token-ca-cert-hash sha256:d42ae01be24f317ab32245c4923ef4f99025c0f6c0b93ca25807300059abdb02
##token過(guò)期,重新生成
kubeadm token create --print-join-command
all node
################################################
################################################
##添加token? admin.conf文件來(lái)自master酥宴,用于獲取master 的 kubectl 權(quán)限
mkdir -p /root/.kube
cp -i /etc/kubernetes/admin.conf? /root/.kube/config
#scp? /etc/kubernetes/admin.conf root@node:/root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config
node
################################################
################################################
##節(jié)點(diǎn) 加入集群
ssh node 主機(jī):
kubeadm join 192.168.11.144:6443 --token ev0juo.z4c46l9h1i0i8tf8 \
? ? --discovery-token-ca-cert-hash sha256:f0e1c706859bacb3b6d8cc40f27b6fdf5af2fce8b889137ee0163c3454ac1378 --ignore-preflight-errors=all
##查看節(jié)點(diǎn)
kubectl get nodes
kubectl describe node node
##加入超時(shí)
swapoff -a
kubeadm reset
systemctl daemon-reload
systemctl restart kubelet
ufw disable
再次執(zhí)行加入節(jié)點(diǎn)的命令
node status
################################################
################################################
kubectl get nodes?
## notready 逐一查看:這里是鏡像拉取失敗
kubectl get pod --all-namespaces
kubectl describe pod XXX --namespace=XXX
##更新需要的鏡像:
ssh master
cat $HOME/imagepath.txt
quay.io/coreos/flannel:v0.11.0-amd64
wget -O- https://raw.githubusercontent.com/zhwill/LinuxShell/master/pull-aliyun-images.sh | sh
kubectl get nodes? -n monitoring -o wide
node roles
################################################
################################################
為節(jié)點(diǎn)名為 node 的添加master角色
kubectl label nodes node node-role.kubernetes.io/master=?
為節(jié)點(diǎn)名為 node 的添加node角色
kubectl label nodes node node-role.kubernetes.io/node=
為節(jié)點(diǎn)名為 node 的去除master角色
kubectl label nodes node node-role.kubernetes.io/master-
##允許 master 作pod部署? 1 node(s) had taints that the pod didn't tolerate
kubectl taint nodes --all node-role.kubernetes.io/master-
CNI 網(wǎng)絡(luò)? flannel
################################################
################################################
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#這個(gè)文件默認(rèn)使用 10.244.0.0/16? 的網(wǎng)段啦吧,所以前面 kubeadm init 梗概為默認(rèn)的 網(wǎng)段
#kubectl get svc,pod -n kube-system
#當(dāng)某個(gè)節(jié)點(diǎn)被重啟或者還原快照后,需要重啟虛擬機(jī)以保證網(wǎng)絡(luò)連接
運(yùn)行第一個(gè) pod
################################################
################################################
apiVersion: v1
kind: Pod
metadata:
? name: nginx
spec:? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? containers:
? - name: nginx
? ? image: nginx:1.7.9
? ? ports:
? ? - containerPort: 80
? ? ? ? ? ? ? ? ? ? ? ? ?
kubectl create namespace test-hope
kubectl create -f nginx-pod.yaml? -n test-hope
kubectl describe? pod nginx -n test-hope
###查看詳細(xì)信息時(shí) err:? /run/flannel/subnet.env
scp master: /run/flannel/subnet.env ---> node
## error : failed: rpc error: code = Unknown desc = NetworkPlugin cni failed to set up pod "nginx-8586cf59-rm4sh_default" network: failed to set bridge addr: "cni0" already has an IP address different from 10.244.2.1/24
################################################
################################################
節(jié)點(diǎn)主機(jī) node:
###########
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker
master: 獲取master的join token
###########
kubeadm token create --print-join-command
master: 集群日志查看
###########
journalctl -xefu kubelet
CoreDns 域名測(cè)試
################################################
################################################
vim dig.yaml
apiVersion: v1
kind: Pod
metadata:
? name: dig
? namespace: test-hope
spec:
? containers:
? - name: dig
? ? image:? docker.io/azukiapp/dig
? ? command:
? ? ? - sleep
? ? ? - "3600"
? ? imagePullPolicy: IfNotPresent
? restartPolicy: Always
? ? ? ? ? ? ? ? ? ? ? ? ?
dig-test:
kubectl exec -ti dig -n ingress-nginx? -- nslookup myservice.ingress-nginx
kubectl exec -ti dig -n ingress-nginx? -- nslookup www.baidu.cn
