K8S
kubernetes(K8S)是什么
Kubernetes(常簡稱為K8S)是用于自動部署、擴展和管理容器化(containerized)應用程序的開源系統。系統由google設計并捐贈給Cloud Native Computing Foundation(今屬linux基金會)來使用。
它旨在提供“跨主機集群的自動部署、擴展以及運行應用程序容器的平臺”。它支持一系列容器工具, 包括Docker等。我們可以將Docker看成Kubernetes內部使用的低級別組件。
為什么要使用kubernetes
Docker這個新興的容器化技術當前應用越來越廣,并且其從單機走向集群也稱為必然,而云計算的蓬勃發展正在加速這一進程。kubernetes作為當前普遍被業界廣泛認可和看好的docker分布式系統解決方案,前景非常可觀。
使用Kubernetes可以做什么:
- 自動化容器的部署和復制
- 隨時擴展或收縮容器規模
- 將容器組織成組,并且提供容器間的負載均衡
- 很容易地升級應用程序容器的新版本
- 提供容器彈性,如果容器失效就替換它
部署環境準備
機器信息
機器信息
關閉防火墻及selinux
# systemctl stop firewalld # systemctl disable firewalld # setenforce 0
修改hosts
172.17.0.218 k8sm-218 172.17.0.219 k8s-219 172.17.0.220 k8s-220
增加網絡轉發
# cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF # sysctl --system //使配置生效
安裝組件
安裝指定版本Docker
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # yum install docker-ce-18.06.1.ce-3.el7 -y # systemctl start docker # systemctl enable docker
安裝指定版本kubelet,kubeadm,kubectl
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # yum install kubelet-1.13.3 -y # yum install kubeadm-1.13.3 -y # yum install kubectl-1.13.3 -y # systemctl enable kubelet
初始化master
# kubeadm init --kubernetes-version=v1.13.3 --apiserver-advertise-address=172.17.0.218 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
參數含義:
--kubernetes-version:指定kubeadm版本;
--pod-network-cidr:指定pod所屬網絡
--image-repository 指定下載源
--service-cidr:指定service網段,負載均衡ip
--ignore-preflight-errors=Swap/all:忽略 swap/所有 報錯
初始化成功結果
Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl Apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 172.17.0.218:6443 --token ai3bxc.zgq33i1sbdybhnci --discovery-token-ca-cert-hash sha256:20cb9ccc07e2612bc3b31bd7b5e8909bdbd3d293e7c7f4c18dbee6f62ea94788
增加kubectl權限訪問
此處為初始化成功輸出的內容,復制即可
# mkdir -p $HOME/.kube # sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config # sudo chown $(id -u):$(id -g) $HOME/.kube/config
安裝pod網絡組件
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
增加node到集群里
// master初始化后的命令 # kubeadm join 172.17.0.218:6443 --token ai3bxc.zgq33i1sbdybhnci --discovery-token-ca-cert-hash sha256:20cb9ccc07e2612bc3b31bd7b5e8909bdbd3d293e7c7f4c18dbee6f62ea94788
master節點查看node狀態
# kubectl get node NAME STATUS ROLES AGE VERSION k8s-219 Ready <none> 112m v1.13.3 k8s-220 Ready <none> 113m v1.13.3 k8sm-218 Ready master 162m v1.13.3
部署webui dashboard
下載官方的yaml文件:
# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改兩個地方
第一個是修改鏡像,kubernetes-dashboard.yaml配置文件112行
90 # ------------------- Dashboard Deployment ------------------- # 91 92 kind: Deployment 93 apiVersion: apps/v1 94 metadata: 95 labels: 96 k8s-app: kubernetes-dashboard 97 name: kubernetes-dashboard 98 namespace: kube-system 99 spec: 100 replicas: 1 101 revisionHistoryLimit: 10 102 selector: 103 matchLabels: 104 k8s-app: kubernetes-dashboard 105 template: 106 metadata: 107 labels: 108 k8s-app: kubernetes-dashboard 109 spec: 110 containers: 111 - name: kubernetes-dashboard 112 #image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 113 image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.0 114 ports: 115 - containerPort: 8443 116 protocol: TCP
第二個是添加一個type,指定端口類型為 NodePort,這樣外界可以通過地址 nodeIP:nodePort 訪問 dashboard,kubernetes-dashboard.yaml配置文件158行:
148 # ------------------- Dashboard Service ------------------- # 149 150 kind: Service 151 apiVersion: v1 152 metadata: 153 labels: 154 k8s-app: kubernetes-dashboard 155 name: kubernetes-dashboard 156 namespace: kube-system 157 spec: 158 type: NodePort 159 ports: 160 - port: 443 161 targetPort: 8443 162 selector: 163 k8s-app: kubernetes-dashboard
部署到k8s集群
# kubectl apply -f kubernetes-dashboard.yaml # kubectl get pods -n kube-system |grep dashboard kubernetes-dashboard-6685cb584f-xlk2h 1/1 Running 0 98s # kubectl get pods,svc -n kube-system NAME READY STATUS RESTARTS AGE pod/coreDNS-78d4cf999f-5hcjm 1/1 Running 0 3h21m pod/coredns-78d4cf999f-6mlql 1/1 Running 0 3h21m pod/etcd-k8sm-218 1/1 Running 0 3h20m pod/kube-apiserver-k8sm-218 1/1 Running 0 3h19m pod/kube-controller-manager-k8sm-218 1/1 Running 0 3h20m pod/kube-flannel-ds-amd64-6kfhg 1/1 Running 0 3h13m pod/kube-flannel-ds-amd64-c4fr4 1/1 Running 0 152m pod/kube-flannel-ds-amd64-qhc2w 1/1 Running 0 151m pod/kube-proxy-7hntq 1/1 Running 0 151m pod/kube-proxy-b4txb 1/1 Running 0 3h21m pod/kube-proxy-bz529 1/1 Running 0 152m pod/kube-scheduler-k8sm-218 1/1 Running 0 3h20m pod/kubernetes-dashboard-6685cb584f-xlk2h 1/1 Running 0 3m5s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 3h21m service/kubernetes-dashboard NodePort 10.104.4.26 <none> 443:31667/TCP 3m5s
通過https訪問ui
登錄頁
Token (令牌) 認證方式登錄
1)授權 (所有 namespace )
// 創建serviceaccount # kubectl create serviceaccount dashboard-serviceaccount -n kube-system // 創建clusterrolebinding # kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-serviceaccount
2)獲取令牌(用于網頁登錄)
// 查看口令列表 # kubectl get secret -n kube-system |grep dashboard-serviceaccount-token dashboard-serviceaccount-token-f45wg kubernetes.io/service-account-token 3 22s // 獲取口令 # kubectl describe secret dashboard-serviceaccount-token-f45wg -n kube-system
3)將獲取到的token放在令牌里
輸入token
4)登錄成功
K8S UI
至此,K8S集群+Dashboard搭建成功!
后記
此篇不涉及理論,面向對象是剛接觸K8S的朋友,最小成本來搭建一套K8S集群,以最快時間來看到效果,增加學習的信心^_^
