Kubernetes工作流程:
1、准备好一个包含应用程序的Deployment的yml文件,然后通过kubectl客户端工具发送给ApiServer。
2、ApiServer接收到客户端的请求并将资源内容存储到数据库(etcd)中。
3、Controller组件(包括scheduler、replication、endpoint)监控资源变化并作出反应。
4、ReplicaSet检查数据库变化,创建期望数量的pod实例。
5、Scheduler再次检查数据库变化,发现尚未被分配到具体执行节点(node)的Pod,然后根据一组相关规则将pod分配到可以运行它们的节点上,并更新数据库,记录pod分配情况。
6、Kubelete监控数据库变化,管理后续pod的生命周期,发现被分配到它所在的节点上运行的那些pod。如果找到新pod,则会在该节点上运行这个新pod。
7、kuberproxy运行在集群各个主机上,管理网络通信,如服务发现、负载均衡。例如当有数据发送到主机时,将其路由到正确的pod或容器。对于从主机上发出的数据,它可以基于请求地址发现远程服务器,并将数据正确路由,在某些情况下会使用轮训调度算法(Round-robin)将请求发送到集群中的多个实例。
#####################################################################
top
#########################
ip name info system
192.168.11.144 master 2c2G ubuntu
192.168.11.145 node 2c2G ubuntu
all nodes
################################################
################################################
all nodes快速安装 一步步
#########################
swapoff -a #开机时需要 关闭swap内存
ufw disable
cp /etc/apt/sources.list /etc/apt/sources.list.default
echo "" >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse " >> /etc/apt/sources.list
#####
apt-get update && apt-get install -y apt-transport-https
#####
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >/etc/apt/sources.list.d/kubernetes.list
#####
wget -qO- https://get.docker.com/ | sh
#####
sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable kubelet
all nodes详细步骤
#########################
##disable swap
swapoff -a
##iptables
ufw disable
#分别更改hostname
hostnamectl set-hostname master
#添加域名解析
cat <
192.168.11.144 master
192.168.11.145 node
EOF
#配置国内apt源, 以下为阿里源,将 /etc/apt/sources.list 中内容替换如下
cp /etc/apt/sources.list /etc/apt/sources.list.default
echo "" >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse " >> /etc/apt/sources.list
echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse " >> /etc/apt/sources.list
#配置国内Kubernetes源
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >/etc/apt/sources.list.d/kubernetes.list
#配置国内docker 源 ##不推荐,用下面 wget -qO- https://get.docker.com/ | sh 的直接安装
sudo apt install apt-transport-https ca-certificates software-properties-common curl
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \
$(lsb_release -cs) stable"
sudo apt update
###############
#安装docker
wget -qO- https://get.docker.com/ | sh
#安装k8s工具
sudo apt-get install -y kubelet kubeadm kubectl kubernetes-cni
systemctl enable kubelet
master
################################################
################################################
##初始化 ##如果初始化失败,可以用kubeadm reset 来清理环境
或者加上: --ignore-preflight-errors=all
--pod-network-cidr=10.244.0.0/16 由后面的 CNI 插件 flannel 的配置一致
kubeadm init --kubernetes-version=1.15.0 --apiserver-advertise-address=192.168.11.144 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.245.0.0/16 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all
##执行成功会出现如下节点加入cmd:
kubeadm join 192.168.11.144:6443 --token 65m73j.ok6rs1tbsyu5lm7h \
--discovery-token-ca-cert-hash sha256:d42ae01be24f317ab32245c4923ef4f99025c0f6c0b93ca25807300059abdb02
##token过期,重新生成
kubeadm token create --print-join-command
all node
################################################
################################################
##添加token admin.conf文件来自master,用于获取master 的 kubectl 权限
mkdir -p /root/.kube
cp -i /etc/kubernetes/admin.conf /root/.kube/config
#scp /etc/kubernetes/admin.conf root@node:/root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config
node
################################################
################################################
##节点 加入集群
ssh node 主机:
kubeadm join 192.168.11.144:6443 --token ev0juo.z4c46l9h1i0i8tf8 \
--discovery-token-ca-cert-hash sha256:f0e1c706859bacb3b6d8cc40f27b6fdf5af2fce8b889137ee0163c3454ac1378 --ignore-preflight-errors=all
##查看节点
kubectl get nodes
kubectl describe node node
##加入超时
swapoff -a
kubeadm reset
systemctl daemon-reload
systemctl restart kubelet
ufw disable
再次执行加入节点的命令
node status
################################################
################################################
kubectl get nodes
## notready 逐一查看:这里是镜像拉取失败
kubectl get pod --all-namespaces
kubectl describe pod XXX --namespace=XXX
##更新需要的镜像:
ssh master
cat $HOME/imagepath.txt
quay.io/coreos/flannel:v0.11.0-amd64
wget -O- https://raw.githubusercontent.com/zhwill/LinuxShell/master/pull-aliyun-images.sh | sh
kubectl get nodes -n monitoring -o wide
node roles
################################################
################################################
为节点名为 node 的添加master角色
kubectl label nodes node node-role.kubernetes.io/master=
为节点名为 node 的添加node角色
kubectl label nodes node node-role.kubernetes.io/node=
为节点名为 node 的去除master角色
kubectl label nodes node node-role.kubernetes.io/master-
##允许 master 作pod部署 1 node(s) had taints that the pod didn't tolerate
kubectl taint nodes --all node-role.kubernetes.io/master-
CNI 网络 flannel
################################################
################################################
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#这个文件默认使用 10.244.0.0/16 的网段,所以前面 kubeadm init 梗概为默认的 网段
#kubectl get svc,pod -n kube-system
#当某个节点被重启或者还原快照后,需要重启虚拟机以保证网络连接
运行第一个 pod
################################################
################################################
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
kubectl create namespace test-hope
kubectl create -f nginx-pod.yaml -n test-hope
kubectl describe pod nginx -n test-hope
###查看详细信息时 err: /run/flannel/subnet.env
scp master: /run/flannel/subnet.env ---> node
## error : failed: rpc error: code = Unknown desc = NetworkPlugin cni failed to set up pod "nginx-8586cf59-rm4sh_default" network: failed to set bridge addr: "cni0" already has an IP address different from 10.244.2.1/24
################################################
################################################
节点主机 node:
###########
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker
master: 获取master的join token
###########
kubeadm token create --print-join-command
master: 集群日志查看
###########
journalctl -xefu kubelet
CoreDns 域名测试
################################################
################################################
vim dig.yaml
apiVersion: v1
kind: Pod
metadata:
name: dig
namespace: test-hope
spec:
containers:
- name: dig
image: docker.io/azukiapp/dig
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
dig-test:
kubectl exec -ti dig -n ingress-nginx -- nslookup myservice.ingress-nginx
kubectl exec -ti dig -n ingress-nginx -- nslookup www.baidu.cn