環(huán)境準(zhǔn)備

基礎(chǔ)環(huán)境說明

VMware + Centos7
PS：嘗試過在Centos 6.5上面執(zhí)行安裝临燃，發(fā)現(xiàn)安裝失敗膜廊，果斷轉(zhuǎn)向書本中推薦的Centos7
Centos7 minimal下載地址點擊鏈接

Centos7安裝Kubernetes

關(guān)閉防火墻

[root@spareribs ~]# systemctl disable firewalld
[root@spareribs ~]# systemctl stop firewalld

安裝etcd和kubernetes(會自動安裝Docker軟件)

安裝

# 由于centos mini版本沒有ifconfig和netstat的命令爪瓜。所以我安裝了net-tools的工具
[root@spareribs ~]# yum -y install net-tools
[root@spareribs ~]# yum install -g etcd kubernetes

k8s、etcd和Docker軟件版本查詢

# -----------------------k8s 軟件信息查詢
# 默認(rèn)安裝完成以后蝶缀，我看了一下k8s的版本，是v1.5.2 [時間: 2017.08.31]
[root@spareribs ~]# kubectl --version
Kubernetes v1.5.2

[root@spareribs ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}

# -----------------------docker 軟件信息查詢
[root@spareribs ~]# docker version  
Client:
 Version:         1.12.6
 API version:     1.24
 Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
 Go version:      go1.7.4
 Git commit:      88a4867/1.12.6
 Built:           Mon Jul  3 16:02:02 2017
 OS/Arch:         linux/amd64

Server:
 Version:         1.12.6
 API version:     1.24
 Package version: docker-1.12.6-32.git88a4867.el7.centos.x86_64
 Go version:      go1.7.4
 Git commit:      88a4867/1.12.6
 Built:           Mon Jul  3 16:02:02 2017
 OS/Arch:         linux/amd64

# -----------------------etcd 軟件信息查詢
[root@spareribs ~]# etcdctl --version
etcdctl version: 3.1.9
API version: 2

修改配置文件

修改Docker的OPTIONS配置

[root@spareribs ~]# vi /etc/sysconfig/docker
# OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io'

修改k8s APIserver的配置文件

[root@spareribs ~]# vi /etc/kubernetes/apiserver 
# KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

啟動服務(wù)

按順序啟動服務(wù)

[root@spareribs ~]# systemctl start etcd
[root@spareribs ~]# systemctl start docker
[root@spareribs ~]# systemctl start kube-apiserver
[root@spareribs ~]# systemctl start kube-controller-manager
[root@spareribs ~]# systemctl start kube-scheduler
[root@spareribs ~]# systemctl start kubelet
[root@spareribs ~]# systemctl start kube-proxy

查看當(dāng)前啟動的服務(wù)和端口

[root@spareribs ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:10250         0.0.0.0:*               LISTEN      2964/kubelet
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      2728/etcd
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      2728/etcd
tcp        0      0 127.0.0.1:10255         0.0.0.0:*               LISTEN      2964/kubelet
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2906/kube-apiserver
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1353/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1993/master
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      2964/kubelet
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      3008/kube-proxy
tcp6       0      0 :::10251                :::*                    LISTEN      2953/kube-scheduler
tcp6       0      0 :::6443                 :::*                    LISTEN      2906/kube-apiserver
tcp6       0      0 :::10252                :::*                    LISTEN      2941/kube-controlle
tcp6       0      0 :::22                   :::*                    LISTEN      1353/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1993/master
tcp6       0      0 :::4194                 :::*                    LISTEN      2964/kubelet

通過PS查看進程

#----------------這幾個進程分別對應(yīng)k8s
# kube-apiserver
# kube-controll
# kube-scheduler
# kubelet
# kube-proxy

[root@spareribs ~]# ps -auxwww | grep kube
kube       8977  0.9  3.5 127928 65888 ?        Ssl  04:35   0:00 /usr/bin/kube-apiserver --logtostderr=true --v=0 --etcd-servers=http://127.0.0.1:2379 --insecure-bind-address=127.0.0.1 --allow-privileged=false --service-cluster-ip-range=10.254.0.0/16 --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota

kube       8987  0.8  2.2 282604 42872 ?        Ssl  04:35   0:00 /usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://127.0.0.1:8080

kube       8997  0.1  1.9 270720 35752 ?        Ssl  04:35   0:00 /usr/bin/kube-scheduler --logtostderr=true --v=0 --master=http://127.0.0.1:8080

root       9007  1.3  2.6 503800 49536 ?        Ssl  04:35   0:01 /usr/bin/kubelet --logtostderr=true --v=0 --api-servers=http://127.0.0.1:8080 --address=127.0.0.1 --hostname-override=127.0.0.1 --allow-privileged=false --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest

root       9017  0.6  1.9 420552 36728 ?        Ssl  04:35   0:00 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=http://127.0.0.1:8080


#----------------這個進程是etcd
[root@spareribs ~]# ps -auxwww | grep etcd
etcd       8819  0.6  1.9 10708308 35960 ?      Ssl  04:35   0:01 /usr/bin/etcd --name=default --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://localhost:2379

#----------------這兩個進程是docker
[root@spareribs ~]# ps -auxwww | grep docker
root       8864  0.1  1.4 559076 26648 ?        Ssl  04:35   0:00 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --selinux-enabled=false --insecure-registry gcr.io
root       8868  0.0  0.4 262960  7832 ?        Ssl  04:35   0:00 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime docker-runc --runtime-args --systemd-cgroup=true

啟動Mysql服務(wù)

定義Mysql RC文件

分析

• kind：資源的對象類型赊瞬，eg：ReplicationController 表示是一個RC
• spec：RC的相關(guān)屬性定義
• spec.selector：表示是RC的Pod標(biāo)簽（Label）選擇器，即監(jiān)控和管理擁有這些標(biāo)簽的Pod實例薯蝎，確保當(dāng)前集群上始終有且僅有replicas個Pod實例在運行
• spec.replicas：表示Pos實例運行的數(shù)量
• spec.template：當(dāng)Pod數(shù)量小于replicas是谤绳，RC會根據(jù)spec.template定義的Pod模版來生成一個新的Pod實例
• spec.template.metadata.labels: 指定了該Pod的標(biāo)簽缩筛，必須匹配之前的spec.selector，否則RC每次創(chuàng)建的Pod都無法被selector識別瞎抛，到時候會成為一個死循環(huán)

[root@spareribs ~]# cat mysql-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"

各個字段說明

• kind：副本控制器RC
• metadata.name：RC的名稱桐臊，全局唯一
• spec.selector.app：符合目標(biāo)的Pod擁有此標(biāo)簽
• spec.replicas：Pod副本期待數(shù)量
• spec.template：根據(jù)此模版創(chuàng)建Pod的副本（實例）
• spec.template.metadata.labels：Pod副本擁有的標(biāo)簽断凶，對應(yīng)RC的Selector
• spec.template.spec.containers：Pod內(nèi)容器的定義部分
• spec.template.spec.containers.name：容器的名字
• spec.template.spec.containers.iamge：容器對應(yīng)的Docker Image
• spec.template.spec.containers.ports.containerPort：容器對應(yīng)的端口號
• spec.template.spec.containers.ports.env：注入到容器內(nèi)的環(huán)境變量

發(fā)布Mysql RC文件到集群中

[root@spareribs ~]# kubectl create -f mysql-rc.yaml
replicationcontroller "mysql" created

查詢Mysql RC信息和Pod信息

Mysql RC

• 從RC定義創(chuàng)建的Pod需要花一定的時間等待认烁，特別是第一次拉取容器的鏡像需要一段時間，所以Pod的狀態(tài)一開始有可能是Pending舶沛，最終才變?yōu)镽unning稽穆。

[root@spareribs ~]# kubectl get rc
NAME      DESIRED   CURRENT   READY     AGE
mysql     1         1         1         1m

[root@spareribs ~]# kubectl get pods
NAME          READY     STATUS    RESTARTS   AGE
mysql-rfrvk   1/1       Running   0          22s

[root@spareribs ~]# docker ps | grep mysql

定義一個Service文件

分析

• metadata.name：是Sevice的服務(wù)名（ServuceName）
• spec.ports.port：定義了Sevice的虛擬端口
• spec.selector：確定了哪些Pod副本（實例）對應(yīng)到本服務(wù)

[root@spareribs ~]# vi mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: mysql
spec:
  ports:
  - port: 3306
  selector:
    app: mysql

各個字段說明

• kind：標(biāo)明是Kubernetes Services
• metadata.name：Service的全局唯一名稱
• spec.ports.port：Service提供服務(wù)的端口號
• spec.selector：Service對應(yīng)的Pod擁有這里定義的標(biāo)簽

發(fā)布Mysql SVC文件到集群中

[root@spareribs ~]# kubectl create -f mysql-svc.yaml
service "mysql" created

查詢SVC文件信息

分析

• Mysql服務(wù)被分配了一個值為10.254.209.200的虛擬IP地址（CLUSTER-IP）舌镶，Kubernetes集群中創(chuàng)建的Pod就可以通過Services的10.254.209.200（Cluster IP）+ 3306（端口號）來鏈接和訪問
• Cluster IP由Kubenrnetes自動分配豪娜，其他的Pod無法預(yù)先知道某個Services的Cluster IP地址
• Kubenrnetes利用Linux的環(huán)境變量（Environment Variable）來解決這個問題瘤载，Sevice的名字唯一卖擅，容器可以從環(huán)境變量中或i渠道Service對應(yīng)的Cluster IP地址和端口，從而發(fā)起TCP/IP鏈接請求

[root@spareribs ~]# kubectl get svc
NAME         CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   10.254.0.1       <none>        443/TCP          22h
mysql        10.254.209.200   <none>        3306/TCP         7s

啟動Tomcat應(yīng)用

定義Tomcat RC文件

分析

• MYSQL_SERVICE_HOST這個環(huán)境變量對應(yīng)Mysql服務(wù)的服務(wù)名（svc）

# myweb rc
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 5
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: mysql
        image: kubeguide/tomcat-app:v1
        ports:
        - containerPort: 8080
        env:
        - {name: MYSQL_SERVICE_HOST,value: 'mysql'}
        - {name: MYSQL_SERVICE_PORT,value: '3306'}

發(fā)布Tomcat RC文件到集群中

[root@spareribs ~]# kubectl create -f myweb-rc.yaml
replicationcontroller "myweb" created

查詢Tomcat RC信息

Tomcat RC

[root@spareribs ~]# kubectl get rc
NAME      DESIRED   CURRENT   READY     AGE
mysql     1         1         1         1h
myweb     5         5         5         30s

[root@spareribs ~]# kubectl get pods
NAME          READY     STATUS    RESTARTS   AGE
mysql-rfrvk   1/1       Running   0          1h
myweb-3zt4g   1/1       Running   0          33s
myweb-5d263   1/1       Running   0          33s
myweb-9p8nb   1/1       Running   0          33s
myweb-zgcvn   1/1       Running   0          33s
myweb-zvj9c   1/1       Running   0          33s

[root@spareribs ~]# docker ps | grep myweb

定義一個Service文件

• spec.type：NodePort和spec.ports.nodePort：30001，標(biāo)明Service開啟了NodePort方式的外網(wǎng)訪問模式锨匆，可以通過30001這個端口訪問myweb（對應(yīng)到8080的虛擬端口上）

apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  type: NodePort
  ports:
  - port: 8080
    nodePort: 30001
  selector:
    app: myweb

發(fā)布Tomcat SVC文件到集群中

[root@spareribs ~]# kubectl create -f myweb-svc.yaml
service "myweb" created

查詢Tomcat SVC信息

[root@spareribs ~]# kubectl get svc
NAME         CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   10.254.0.1       <none>        443/TCP          23h
mysql        10.254.209.200   <none>        3306/TCP         1h
myweb        10.254.216.52    <nodes>       8080:30001/TCP   7s

訪問測試(尚未成功恐锣，提示權(quán)限受限)

帶我深入熟悉后再研究下這個怎么解決