openyurt安装
windows上编译yurtctl安装工具
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOPROXY=https://goproxy.cn,direct go build yurtctl.go准备k8s集群
使用yurtctl工具构建openyurt集群
方式一:
使用yurtctl来将原生 K8s 集群转换成 OpenYurt 集群,其中--cloud-nodes=需指定k8s云端节点,未指定节点则不会被打上openyurt.io/is-edge-worker=false的标签,并被当作是edge-node
yurtctl convert --yurt-controller-manager-image=registry.cn-hangzhou.aliyuncs.com/openyurt/yurt-controller-manager:v0.4.1 --yurt-tunnel-agent-image=registry.cn-hangzhou.aliyuncs.com/openyurt/yurt-tunnel-agent:v0.4.1 --yurt-tunnel-server-image=registry.cn-hangzhou.aliyuncs.com/openyurt/yurt-tunnel-server:v0.4.1 --yurtctl-servant-image=registry.cn-hangzhou.aliyuncs.com/openyurt/yurtctl-servant:v0.4.1 --yurthub-image=registry.cn-hangzhou.aliyuncs.com/openyurt/yurthub:v0.4.1 --cloud-nodes=m-1 --kubeadm-conf-path=/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf --deploy-yurttunnel运行结果如下:
安装过程中遇到的问题:
问题1:run servant job错误;通过下面几种截图可知,使用yurtctl安装工具的版本为v0.4,而是用的yurtctl-servant-image的镜像版本为v0.2;修改镜像版本为v0.4
问题2:节点的kubelet service配置与默认的不同,需自己指定,默认kubelet service路径为/etc/systemd/system/kubelet.service.d/10-kubeadm.conf,修改为/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
问题3:yurtctl会使用节点上默认的kubeconfig,n-1上的kubeconfig文件不是云端集群的,所以提升nodes "n-1" not found
方式二:使用yurtctl join 命令将边缘节点加入云端集群中
yurtctl join 10.13.0.195:6443 --token z0sjok.8d7zpa5m1v4fbwn0 --node-type=edge-node --discovery-token-unsafe-skip-ca-verification --v=5测试openyurt集群在边缘侧的能力
1、准备环境,m-1为云端master节点,n-2为云端work节点,n-1为yurt边端节点
2、测试一下原生 K8s及openYurt集群在云管边架构中对云边运维的支持和对云边网络断开时的反应
从云端部署一个测试应用 nginx,具体的部署yaml如下:
apiVersion: v1
kind: Pod
metadata:
name: nginx-n-1
namespace: yurt
spec:
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 5
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 5
nodeSelector:
kubernetes.io/hostname: n-1
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
hostPort: 8080查看部署结果:
[root@m-1 ~]<20210823 16:44:32># kubectl get po -owide -n yurt | grep nginx
nginx-n-1 1/1 Running 0 10m 10.241.172.152 n-1
nginx-n-2 1/1 Running 0 9m43s 10.241.220.194 n-2
测试常用的集群运维指令,包括 logs、exec、port-forward
openyurt边端节点n-1
[root@m-1 ~]<20210823 17:15:30># kubectl logs nginx-n-1 -n yurt
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh[root@m-1 ~]<20210823 17:15:44># kubectl exec nginx-n-1 -n yurt -it sh
# ls
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@m-1 ~]<20210823 17:16:03># kubectl port-forward pod/nginx-n-1 8888:80 -n yurt
Forwarding from 127.0.0.1:8888 -> 80
Forwarding from [::1]:8888 -> 80
云端work节点n-2
[root@m-1 ~]<20210823 17:15:30># kubectl logs nginx-n-2 -n yurt
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh[root@m-1 ~]<20210823 17:15:44># kubectl exec nginx-n-2 -n yurt -it sh
# ls
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var[root@m-1 ~]<20210823 17:16:03># kubectl port-forward pod/nginx-n-2 8888:80 -n yurt
Forwarding from 127.0.0.1:8888 -> 80
Forwarding from [::1]:8888 -> 80
测试断网后,对pod的影响
边缘节点n-1开启自治,为自治节点添加node.beta.alibabacloud.com/autonomy=true注解,openyurt集群node-controller组件对添加了该注解的节点进行特殊处理,将不会驱除该自治节点下的pod
kubectl annotate node n-1 node.beta.alibabacloud.com/autonomy=true模拟断网,配置ipatables将n-1,n-2与云端集群断开连接
iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -I OUTPUT -d 10.13.0.195 -j DROP断开连接后的node和pod状态
[root@m-1 ~]<20210823 18:29:21># kubectl get node
NAME STATUS ROLES AGE VERSION
m-1 Ready master 279d v1.16.4
n-1 NotReady279d v1.16.4
n-2 NotReady6h34m v1.16.4
[root@m-1 ~]<20210823 18:29:47># kubectl get po -o wide -n yurt
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-n-1 1/1 Running 0 15m 10.241.172.155 n-1
nginx-n-2 1/1 Terminating 0 15m 10.241.220.209 n-2
[root@n-1 ~]<20210823 18:39:36># docker ps | grep nginx-n-1
7ccca64cdf39 dd34e67e3371 "/docker-entrypoint.…" 33 minutes ago Up 33 minutes k8s_nginx_nginx-n-1_yurt_aba2dfee-b448-442f-b5d9-d1d32e588284_0
77925f3ca960 k8s.gcr.io/pause:3.1 "/pause" 33 minutes ago Up 33 minutes k8s_POD_nginx-n-1_yurt_aba2dfee-b448-442f-b5d9-d1d32e588284_0
[root@n-2 ~]<20210823 18:27:56># docker ps | grep nginx-n-2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93440128603a bc9a0695f571 "/docker-entrypoint.…" 19 minutes ago Up 19 minutes k8s_nginx_nginx-n-2_yurt_2e48a9d3-14d5-481c-905b-3a7cbacde986_0
309247b5a1bf k8s.gcr.io/pause:3.1 "/pause" 19 minutes ago Up 19 minutes k8s_POD_nginx-n-2_yurt_2e48a9d3-14d5-481c-905b-3a7cbacde986_0
断网重连后pod的状态
[root@m-1 ~]<20210823 18:37:19># kubectl get po -o wide -n yurt
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-n-1 1/1 Running 0 22m 10.241.172.155 n-1
[root@n-1 ~]<20210823 18:39:36># docker ps | grep nginx-n-1
7ccca64cdf39 dd34e67e3371 "/docker-entrypoint.…" 33 minutes ago Up 33 minutes k8s_nginx_nginx-n-1_yurt_aba2dfee-b448-442f-b5d9-d1d32e588284_0
77925f3ca960 k8s.gcr.io/pause:3.1 "/pause" 33 minutes ago Up 33 minutes k8s_POD_nginx-n-1_yurt_aba2dfee-b448-442f-b5d9-d1d32e588284_0
[root@n-2 ~]<20210823 18:36:27># docker ps | grep nginx-n-2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES