Docker+Jenkins+Kubernetes学习笔记
Docker+Jenkins+Kubernetes
0、准备工作
修改云服务器主机名称
hostnamectl set-hostname "k-master" --static
获取服务器公有ip
curl ident.me
生成ssh key
ssh-keygen -t ed25519 -C "[email protected]"
cat ~/.ssh/id_ed25519.pub
1、Docker
1.1、基本概念
Client:操作Docker主机的客户端/命令行/UI
Docker_Host:安装Docker的主机
Docker daemon:运行在Docker主机上的Docker后台程序
Registry:Dcoker镜像仓库(Docker Hub)
Images:Docker镜像
Containers:由镜像启动起来的程序(实例)
1.2、安装
移除之前版本的docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安装docker依赖
yum install -y yum-utils
设置yum源
# 国外
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 国内
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看所有可用dokcer版本
[root@k8s-master ~]# yum list docker-ce --showduplicates | sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror, langpacks
docker-ce.x86_64 3:23.0.3-1.el7 docker-ce-stable
docker-ce.x86_64 3:23.0.2-1.el7 docker-ce-stable
docker-ce.x86_64 3:23.0.1-1.el7 docker-ce-stable
docker-ce.x86_64 3:23.0.0-1.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.6-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.5-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.24-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.23-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.22-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.21-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.20-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.19-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.18-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.17-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.16-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.15-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.14-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.13-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.12-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.11-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.10-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.0-3.el7 docker-ce-stable
安装docker
# 安装最新版本
yum -y install docker-ce docker-ce-cli containerd.io
# 安装指定版本
yum -y install docker-ce-19.03.9-3.el7 docker-ce-cli-19.03.9-3.el7 containerd.io
测试
docker -v
启动
systemctl enable docker --now
1.3、卸载
停止服务
systemctl stop docker
卸载docker
yum remove docker-ce docker-ce-cli containerd.io
删除镜像
rm -rf /var/lib/dockerrm -rf /var/lib/containerd
1.4、配置镜像加速
容器镜像服务->镜像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://12sotewv.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
1.5、镜像命令
镜像尽量挑选版本带alpine(精简版)、slim(瘦身版)
1、查看镜像
# 查看镜像
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
#--------------------------------------参数--------------------------------------
# -a 显示所有镜像
# -q 只显示id
- REPOSITORY:镜像名称
- TAG:镜像版本
- IMAGE ID:镜像的id
- CREATED:镜像的创建时间
- SIZE:镜像的大小
2、拉取镜像
[root@k8s-master ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
bb263680fed1: Pull complete
258f176fd226: Pull complete
a0bc35e70773: Pull complete
077b9569ff86: Pull complete
3082a16f3b61: Pull complete
7e9b29976cce: Pull complete
Digest: sha256:6650513efd1d27c1f8a5351cbd33edf85cc7e0d9d0fcb4ffb23d8fa89b601ba8
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@k8s-master ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
e048d0a38742: Pull complete
c7847c8a41cb: Pull complete
351a550f260d: Pull complete
8ce196d9d34f: Pull complete
17febb6f2030: Pull complete
d4e426841fb4: Pull complete
fda41038b9f8: Pull complete
f47aac56b41b: Pull complete
a4a90c369737: Pull complete
97091252395b: Pull complete
84fac29d61e9: Pull complete
Digest: sha256:8cf035b14977b26f4a47d98e85949a7dd35e641f88fc24aa4b466b36beecf9d6
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
#--------------------------------------参数--------------------------------------
# 不声明版本,默认版本为latest
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 3f8a00f137a0 12 days ago 142MB
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
3、移除镜像
[root@k8s-master ~]# docker rmi nginx:latest
Untagged: nginx:latest
Untagged: nginx@sha256:6650513efd1d27c1f8a5351cbd33edf85cc7e0d9d0fcb4ffb23d8fa89b601ba8
Deleted: sha256:3f8a00f137a0d2c8a2163a09901e28e2471999fde4efc2f9570b91f1c30acf94
Deleted: sha256:ccfe545858415bccd69b8edff4da7344d782985f22ad4398bdaa7358d3388d15
Deleted: sha256:e34f63c02e162795cc8a2b43d1a3ff0ccd6d3456ce12aebb74452e252d1ecb8a
Deleted: sha256:cf7515030d4de4fb66994e0d9fccbaf19fcfbf46f7dad8cf895051750b840128
Deleted: sha256:1486739bc51436dd10d2bc1d45e130771c73d3aee35e49971905aa767d195342
Deleted: sha256:452008e5f3c114989bfc978a2829cf061f0868463f3553b4e20c964a41eda749
Deleted: sha256:4695cdfb426a05673a100e69d2fe9810d9ab2b3dd88ead97c6a3627246d83815
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
#--------------------------------------参数--------------------------------------
# docker rmi 镜像名称:镜像版本(不声明版本,默认版本为latest)
# -f 强制删除
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 2f66aad5324a 12 days ago 117MB
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
[root@VM-4-12-centos ~]# docker rmi 2f66aad5324a
Untagged: redis:latest
Untagged: redis@sha256:6a59f1cbb8d28ac484176d52c473494859a512ddba3ea62a547258cf16c9b3ae
Deleted: sha256:2f66aad5324aa9c60ecde39b98e85c5342212d290b50399d4ab01173b349fd42
Deleted: sha256:98ff323507c487cc05088a85a662a0e661cb1300e3acdccd702e16c597ef0816
Deleted: sha256:1e6f664c56497ac1cbe483d3957e25aaa10b7cb8b443c6abbf61c2951a02bddf
Deleted: sha256:2fcc15ff4a45cbab2c0cbb5d76ed1315959bb2cbae3707f67801a8c23ecca910
Deleted: sha256:5c8fb40c05b8edda1e3b30473768d50cff63f48e47845c587bf3f0a5920dccbc
Deleted: sha256:6b8d73641e09bcb724f5d6f947be2e1f3f629b2067c85b7bb28406e562eeb950
Deleted: sha256:4695cdfb426a05673a100e69d2fe9810d9ab2b3dd88ead97c6a3627246d83815
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
#--------------------------------------参数--------------------------------------
# docker rmi 镜像ID
# 删除多个镜像:docker rmi -f 镜像ID 镜像ID 镜像ID 镜像ID
# 删除全部的镜像:docker rmi -f $(docker images -aq)
1.6、容器命令
1、查看运行中的docker容器
[root@k8s-master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#--------------------------------------参数--------------------------------------
# -a :会列出当前服务器中所有的容器,无论是否在运行
# -s:会列出容器的文件大小(容器增加的大小/容器的虚拟大小)
# -q:仅列出CONTAINER ID 字段
# -l: 显示最后一个运行的容器(无论该容器目前处于什么状态)
# -n 数量x:显示最后 x 个运行容器,当x为1时和 -l 含义相同(无论该容器目前处于什么状态)
- CONTAINER ID:容器ID
- IMAGE:镜像名称
- COMMAND:运行容器时的命令
- CREATED:创建时间
- STATUS:状态
- created(已创建)
- restarting(重启中)
- running(运行中)
- removing(迁移中)
- paused(暂停)
- exited(停止)
- dead(死亡)
- PORTS:端口
- NAMES:容器的别名,在运行容器执行docker run 时可使用 --name进行指定
2、通过镜像运行容器
# 根据镜像创建容器(需要手动start)
docker create 镜像名:镜像版本
# 根据镜像创建容器(直接启动)
docker run 镜像名:镜像版本
[root@k8s-master /]# docker run -d nginx
127a6ca8f89d1a0e4eb188bead4682e17195468162b82831dea7e4ac8a545f36
[root@k8s-master /]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
127a6ca8f89d nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp boring_taussig
#--------------------------------------参数--------------------------------------
# --name="Name" 指定容器名称
# -d 后台方式运行
# -it 使用交互方式运行,进入容器查看内容
# -p 指定容器的端口
# -p ip:主机端口:容器端口
# -p 主机端口:容器端口(常用)
# p 容器端口
# --rm 容器退出时删除容器
#----------------------------------分割线---------------------------------
# exit 退出容器(停止运行)
# ctrl+p+q退出容器(不停止运行)
3、启动容器
# 启动容器
docker start 容器id
# 继续运行容器
docker unpause 容器id
# 重启容器
docker restart 容器id
[root@k8s-master /]# docker start 127a6ca8f89d
127a6ca8f89d
[root@k8s-master /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
127a6ca8f89d nginx "/docker-entrypoint.…" 2 minutes ago Up 3 seconds 80/tcp boring_taussig
4、停止容器
# 停止容器
docker stop 容器id
# 暂停容器
docker pause 容器id
# 强制停止容器
docker ki11 容器id
[root@k8s-master /]# docker stop 127a6ca8f89d
127a6ca8f89d
[root@k8s-master /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
127a6ca8f89d nginx "/docker-entrypoint.…" 58 seconds ago Exited (0) 21 seconds ago boring_taussig
5、移除容器
[root@k8s-master /]# docker rm 127a6ca8f89d
127a6ca8f89d
[root@k8s-master /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#--------------------------------------参数--------------------------------------
# -f 强制移除容器
6、端口映射
[root@k8s-master /]# docker run -d -p 88:80 nginx
18839e216c224a439006d7275d584aa647f6f6f564970bfe0e8712d0cadbe886
[root@k8s-master /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
18839e216c22 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:88->80/tcp, :::88->80/tcp infallible_chatelet
7、进入容器
#--------------------------------------参数--------------------------------------
# -f 强制移除容器[root@k8s-master /]# docker exec -it 18839e216c22 /bin/bash
root@18839e216c22:/# ls
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@18839e216c22:/# cd /usr/share/nginx/html/
root@18839e216c22:/usr/share/nginx# vim index.html
bash: vim: command not found
root@18839e216c22:/usr/share/nginx/html# echo "welcome to lianxin
" > index.html
root@18839e216c22:/usr/share/nginx/html# exit
exit
#--------------------------------------参数--------------------------------------
# --privileged 容器最高权限
8、提交容器改变
[root@k8s-master /]# docker commit -m="index.html change" -a="lianxin" 18839e216c22 lnginx:0.1
sha256:eb2b6543a33bdc5cb395936fe39bd7bc6b5d2bfbd844633e7afcb5fb6bca8125
[root@k8s-master /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lnginx 0.1 eb2b6543a33b 9 seconds ago 142MB
redis latest 2f66aad5324a 12 days ago 117MB
nginx latest 3f8a00f137a0 12 days ago 142MB
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
centos centos7 eeb6ee3f44bd 17 months ago 204MB
如果命令提交多次出现none的镜像,可以使用命令清除游离镜像
docker image prune
9、容器保存
保存为tar文件(export/import主要针对与容器,save/load主要针对于镜像)
[root@k8s-master ~]# docker save -o lnginx.tar lnginx:0.1
[root@k8s-master ~]# ls
lnginx.tar
#--------------------------------------tar文件使用--------------------------------------
# docker load -i lnginx.tar
推送到远程仓库
[root@VM-4-12-centos ~]# docker login -uxumeng1019
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#--------------------------------------分割线--------------------------------------
# docker logou:登出
#--------------------------------------分割线--------------------------------------
[root@VM-4-12-centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lnginx 0.1 eb2b6543a33b 25 minutes ago 142MB
redis latest 2f66aad5324a 12 days ago 117MB
nginx latest 3f8a00f137a0 12 days ago 142MB
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
centos centos7 eeb6ee3f44bd 17 months ago 204MB
[root@VM-4-12-centos ~]# docker tag lnginx:0.1 xumeng1019/lnginx:1.0
[root@VM-4-12-centos ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
lnginx 0.1 eb2b6543a33b 28 minutes ago 142MB
xumeng1019/lnginx 1.0 eb2b6543a33b 28 minutes ago 142MB
redis latest 2f66aad5324a 12 days ago 117MB
nginx latest 3f8a00f137a0 12 days ago 142MB
mysql 5.7 be16cf2d832a 2 weeks ago 455MB
centos centos7 eeb6ee3f44bd 17 months ago 204MB
[root@VM-4-12-centos ~]# docker push xumeng1019/lnginx:1.0
The push refers to repository [docker.io/xumeng1019/lnginx]
23af71e8b850: Pushed
3ea1bc01cbfe: Pushed
a76121a5b9fd: Pushed
2df186f5be5c: Pushed
21a95e83c568: Pushed
81e05d8cedf6: Pushed
4695cdfb426a: Pushed
1.0: digest: sha256:fc7a7e98bb370a6b63f90d1e1fe10ec2305af8f0ede397284c4ab386161ec78f size: 1778
#--------------------------------------登录后账户密码存储位置--------------------------------------
# /root/.docker/config.json.
10、挂载
bind mount:-v后面直接跟绝对路径
[root@k8s-master ~]# docker run -d --name="lnginx" -p 88:80 -v /root/lnginx/html:/usr/share/nginx/html nginx
a2c2346b2d60b6c3bf37b6affe2329af3726eebd3e82bcb64b59e2f3a371d617
[root@k8s-master ~]# echo "welcome to lianxin" > ./lnginx/html/index.html
volume(推荐):-v后面跟卷名(具名卷)或空(匿名卷)
[root@k8s-master ~]# docker run -d -p 81:80 --name nginx1 -v nginx:/usr/share/nginx/html nginx
f1951befcf50cfd0a42e3f23811881cb62f14f939ed4882f4dbbb8d2fb86c762
[root@k8s-master ~]# docker volume ls
DRIVER VOLUME NAME
local nginx
[root@k8s-master ~]# docker inspect nginx1
"Mounts": [
{
"Type": "volume",
"Name": "nginx",
"Source": "/var/lib/docker/volumes/nginx/_data",
"Destination": "/usr/share/nginx/html",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
],
[root@k8s-master _data]# docker run -d -p 82:80 --name nginx2 -v /usr/share/nginx/html nginx
19b1edd2270d7cce4b3df8e5f4710f37f8f3cd71f611c53c30fa2f07b52a8319
[root@k8s-master _data]# docker volume ls
DRIVER VOLUME NAME
local 145d59e5522f058fe86faa58f126e44a09a97ba22b020f6c96a2c9b27a7fcf5e
local nginx
[root@k8s-master _data]# docker inspect nginx2
"Mounts": [
{
"Type": "volume",
"Name": "145d59e5522f058fe86faa58f126e44a09a97ba22b020f6c96a2c9b27a7fcf5e",
"Source": "/var/lib/docker/volumes/145d59e5522f058fe86faa58f126e44a09a97ba22b020f6c96a2c9b27a7fcf5e/_data",
"Destination": "/usr/share/nginx/html",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
11、容器日志
[root@k8s-master conf]# docker logs a2c2346b2d60
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/02/21 17:27:58 [notice] 1#1: using the "epoll" event method
2023/02/21 17:27:58 [notice] 1#1: nginx/1.23.3
2023/02/21 17:27:58 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/02/21 17:27:58 [notice] 1#1: OS: Linux 3.10.0-1160.71.1.el7.x86_64
2023/02/21 17:27:58 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/02/21 17:27:58 [notice] 1#1: start worker processes
2023/02/21 17:27:58 [notice] 1#1: start worker process 29
2023/02/21 17:27:58 [notice] 1#1: start worker process 30
2023/02/21 17:27:58 [notice] 1#1: start worker process 31
2023/02/21 17:27:58 [notice] 1#1: start worker process 32
2023/02/21 17:27:58 [notice] 1#1: start worker process 33
2023/02/21 17:27:58 [notice] 1#1: start worker process 34
2023/02/21 17:27:58 [notice] 1#1: start worker process 35
2023/02/21 17:27:58 [notice] 1#1: start worker process 36
2023/02/21 17:28:02 [error] 30#30: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 183.195.74.46, server: localhost, request: "GET / HTTP/1.1", host: "150.158.24.200:88"
183.195.74.46 - - [21/Feb/2023:17:28:02 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"
183.195.74.46 - - [21/Feb/2023:17:29:05 +0000] "GET / HTTP/1.1" 200 19 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"
92.118.39.82 - - [21/Feb/2023:17:30:52 +0000] "GET / HTTP/1.1" 200 19 "-" "-" "-"
92.118.39.82 - - [21/Feb/2023:17:30:53 +0000] "GET /cgi-bin/downloadFlile.cgi HTTP/1.1" 404 153 "-" "Hello World" "-"
2023/02/21 17:30:53 [error] 33#33: *5 open() "/usr/share/nginx/html/cgi-bin/downloadFlile.cgi" failed (2: No such file or directory), client: 92.118.39.82, server: localhost, request: "GET /cgi-bin/downloadFlile.cgi HTTP/1.1", host: "150.158.24.200:88"
#--------------------------------------参数--------------------------------------
# -f 跟踪日志
12、文件复制
[root@k8s-master ~]# docker cp a2c2346b2d60:/etc/nginx/nginx.conf /lnginx/conf/
Successfully copied 2.56kB to /lnginx/conf/
[root@k8s-master ~]# cd /lnginx/conf/
[root@k8s-master conf]# ls
nginx.conf
#--------------------------------------分割线--------------------------------------
# 反之亦然
# 把容器里的复制到外部
docker cp CONTAINER:path1 path2
# 把外部文件复制到容器里
docker cp path2 CONTAINER:path1
1.7、文件系统原理
1.8、Dockerfile
Dockerfile编写自己的docker镜像,一般由四部分组成
- 基础镜像信息
- 维护者信息
- 镜像操作指令
- 容器启动时执行指令
0、注释
# 这是dockerfile的注释
1、命令简介
| 指令 | 说明 |
|---|---|
| FROM | 指定基础镜像 |
| MAINTAINER | 指定开发者,被label取代了 |
| LABEL | 指定开发者等信息 |
| RUN | 指定构建镜像时执行的命令 |
| ENV | 指定环境变量,可以在运行时使用–env=传递参数 |
| ARG | 指定镜像构建的参数,可以在构建时使用–build-arg= 传递,会覆盖Dockerfile 中指定的同名参数 |
| ADD | 复制指定路径下的内容到容器中的dest路径下,路径为url会自动下载, 路径为tar文件,会自动解压 |
| COPY | 复制本地主机路径下的内容到镜像中的dest路径下,不会自动解压等 |
| WORKDIR | 配置工作目录,为后续的RUN、CMD、ENTRYPOINT指令配置工作目录 |
| VOLUME | 创建数据卷挂载点 |
| EXPOSE | 声明镜像内服务监听的端口 |
| CMD | 指定启动容器时默认的命令 |
| ENTRYPOINT | 指定镜像的默认入口.运行命令 v |
2、命令详解
FROM
指定基础镜像,必须为第一个命令
# 格式:
FROM
FROM :
FROM @
# 示例:
FROM apline
# 注意事项:
# tag或digest是可选的,如果不使用这两个值时,会使用latest版本的基础镜像
Label
指定开发者等信息
# 格式:
LABEL key=value key=value key=value
# 示例:
LABEL MAINTAINER="xumeng" EMAIL="[email protected]"
# 注意事项:
# 可以使用\进行换行
RUN
指定构建镜像时执行的命令
#格式:
RUN
RUN ["executable", "param1", "param2"]
#示例:
RUN echo 'hello world'
RUN ["echo",'hello world']
# 注意事项
# RUN 等同于RUN ["/bin/sh", "-c", ""]
ENV
指定环境变量,可以在运行时使用–env=传递参数
#格式:
ENV #之后的所有内容均会被视为其的组成部分,因此,一次只能设置一个变量
ENV = = #可以设置多个变量
#示例:
ENV myName John Doe
ENV myDog Rex The Dog
ENV myCat="fluffy"
# 注意事项
# 使用方法:`RUN echo ${myName}`
# 运行 时指定env的值:--env myName=xumeng
ARG
指定镜像构建的参数,可以在构建时使用–build-arg = 传递,会覆盖Dockerfile 中指定的同名参数
#格式:
ARG [=]
#示例:
ARG site
ARG build_user=www
# 注意事项
# 使用方法:`RUN echo $msg`
# 构建时指定arg的值:--build-arg build_user=ccc
ADD
复制指定路径下的内容到容器中的dest路径下,路径为url会自动下载, 路径为tar文件,会自动解压
#格式:
ADD ...
ADD ["",... ""] 用于支持包含空格的路径
#示例:
ADD hom* /dest/ # 添加所有以"hom"开头的文件
ADD hom?.txt /dest/ # ? 替代一个单字符,例如:"home.txt"
ADD test relativeDir/ # 添加 "test" 到 `WORKDIR`/relativeDir/
ADD test /absoluteDir/ # 添加 "test" 到 /absoluteDir/
ADD https://github.com/redis/redis/archive/7.0.10.tar.gz /dest/
# 注意事项
# 下载和解压并不会同步进行
COPY
复制本地主机路径下的内容到镜像中的dest路径下,不会自动解压等
#格式:
COPY <src>... <dest>
COPY ["" ,... "" ] 用于支持包含空格的路径
#示例:
COPY hom* /dest/ # 添加所有以"hom"开头的文件
COPY hom?.txt /dest/ # ? 替代一个单字符,例如:"home.txt"
COPY test relativeDir/ # 添加 "test" 到 `WORKDIR`/relativeDir/
COPY test /absoluteDir/ # 添加 "test" 到 /absoluteDir/
WORKDIR
为Dockerfile中跟随它的所有 RUN,CMD,ENTRYPOINT,COPY,ADD 指令设置工作目录
可在Dockerfile中多次使用,如果提供了相对路径,则它将相对于上一个WORKDIR指令的路径
同时也可以为容器交互进入指定目录
#格式:
WORKDIR /path/to/workdir
#示例:
WORKDIR /a (这时工作目录为/a)
WORKDIR b (这时工作目录为/a/b)
WORKDIR c (这时工作目录为/a/b/c)
VOLUME
把容器的某些文件夹映射到主机外部
注意:VOLUME和-v命令后面对于卷内容的修改会被丢弃
#格式:
VOLUME ["/path/to/dir"]
#示例:
VOLUME ["/data"]
VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"
EXPOSE
指定于外界交互的端口,但只是声明
#格式:
EXPOSE [...]
#示例:
EXPOSE 80 443
EXPOSE 8080
EXPOSE 11211/tcp 11211/udp
CMD
指定启动容器时默认的命令,可被替换(但常用于给ENTRYPOINT提供参数)
多个CMD前面的会被覆盖
#格式:
CMD ["executable","param1","param2"] (执行可执行文件,优先)
CMD ["param1","param2"] (设置了ENTRYPOINT,则直接调用ENTRYPOINT添加参数)
CMD command param1 param2 (执行shell内部命令)
#示例:
CMD echo "This is a test."
CMD ["/usr/bin/wc","--help"]
ENTRYPOINT
指定启动容器时默认的命令,不可被替换
多个ENTRYPOINT前面的会被覆盖
#格式:
ENTRYPOINT ["executable", "param1", "param2"] (可执行文件, 优先)
ENTRYPOINT command param1 param2 (shell内部命令)
#示例:
FROM ubuntu
ENTRYPOINT ["top", "-b"]
CMD ["-c"]
3、构建镜像
[root@VM-4-11-centos vue-demo]# docker build -t vuedemo:0.1 .
#--------------------------------------参数--------------------------------------
# --build-arg build_user=ccc 设置镜像创建时的变量
# --no-cache 创建镜像的过程不使用缓存
# -t 镜像的名字及tag
4、Vue项目示例
项目链接:https://pan.baidu.com/s/1OMGYFPJLJVTd2SrnGj1Vxg?pwd=sw4l
FROM node:16.20.0-alpine as builder
COPY ./ /dest
WORKDIR /dest
RUN npm config set registry https://registry.npm.taobao.org/ && \
npm install && \
npm run build
FROM nginx:alpine3.17
COPY --from=builder /dest/dist /usr/share/nginx/html
EXPOSE 80
5、SpringCloud项目示例
项目链接:https://pan.baidu.com/s/1Zw9Z34qOoI2gVGMKB4fUpw?pwd=ufjx
FROM maven:3.6.0-alpine as builder
COPY ./ /dest
WORKDIR /dest
COPY settings.xml /usr/share/maven/conf/settings.xml
RUN mvn package
FROM openjdk:8-jdk-alpine
ENV appName=demo1
ENV appPort=10001
COPY --from=builder /dest/$appName/target/*.jar /app/$appName.jar
WORKDIR /app
RUN ls -l
EXPOSE $appPort
ENTRYPOINT ["sh", "-c", "java -jar $appName.jar"]
1.9、部署示例
1、Nginx
docker run -d -p 80:80 -v nginx:/etc/nginx --name nginx-ialso nginx:alpine3.17
2、Tomcat
# 注意webapps下刚开始是没有文件的
docker run -d -p 8080:8080 -v tomcat:/usr/local/tomcat/webapps --name tomcat tomcat:9.0.73-jdk8-corretto
3、Mysql
docker run -d -p 3306:3306 --name mysql -v mysql-data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
4、Redis
docker run -d -p 6379:6379 -v redis-config:/etc/redis/redis.conf -v redis-data:/data redis:7.0-alpine
2、Jenkins
2.1、基本概念
Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件项目可以进行持续集成。
2.2、安装
文件包:https://pan.baidu.com/s/1uhSpic2bZVBDE-jynycdpg?pwd=lggi
本来打算使用jenkinsci/blueocean,后来在使用过程中发现这个镜像坑比较多,还是决定自己用Dockerfile做一个
# Build: docker build --no-cache --force-rm -t jenkinsci ./
# Run: docker run -d -u root -p 80:8080 --name jenkinsci -v jenkins_home:/root/.jenkins -v /var/run/docker.sock:/var/run/docker.sock --restart=always jenkinsci
# Into: docker exec -it jenkinsci /bin/bash
FROM centos:centos7
COPY ./ /dest
WORKDIR /dest
RUN rpm -ivh jdk-11.0.16_linux-x64_bin.rpm && \
rpm -ivh jenkins-2.362-1.1.noarch.rpm && \
\cp jenkins /etc/sysconfig/jenkins && \
chmod 777 -R /var/lib/jenkins && \
yum -y install fontconfig && \
yum -y install git && \
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && \
yum -y install docker-ce-cli-20.10.5-3.el7
VOLUME ["/root/.jenkins"]
EXPOSE 8080
WORKDIR /
ENTRYPOINT ["jenkins"]
构建镜像
docker build --no-cache -t jenkinsci .
启动镜像
docker run -d -u root -p 80:8080 --name jenkinsci -v jenkins_home:/root/.jenkins -v /var/run/docker.sock:/var/run/docker.sock --restart=always jenkinsci
进入容器
docker exec -it jenkinsci /bin/bash
2.3、配置
http://150.158.24.200/
获取解锁密码
[root@cicd ~]# docker logs jenkinsci
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
7aa5995e44fb4c47b20a1da291ed3d00
This may also be found at: /root/.jenkins/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
自定义插件
创建用户
实例配置
配置完成
2.4、插件
Jenkins->Manage Jenkins->Manage Plugins->Available
Credentials Binding Plugin
Gitee
Pipeline
Email Extension Template
2.5、凭证
Jenkins->Manage Jenkins->Manage Credentials->global
1、username-password
2、ssh-key
2.6、Git hook
jenkins配置gitee webhook
gitee配置推送hook
2.7、全局工具配置
Jenkins->Manage Jenkins->Global Tool Configuration
1、JDK
JDK8:https://pan.baidu.com/s/1JcpZtQYNDrFLUl00CdhNNw?pwd=bweh
2、Maven
Maven3.6:https://pan.baidu.com/s/1rEQOUN2BdAP0cpoifRnLqQ?pwd=k9g3
3、全局工具配置测试
pipeline {
agent any
tools {
jdk "JDK8u221"
maven "Maven3.6.3"
}
stages {
stage('Environment Check') {
steps {
sh 'java -version'
sh 'mvn -v'
}
}
}
}
2.8、Pipeline
0、生成器
1、存放位置
jenkins中维护
项目中维护
pipeline {
agent any
stages {
stage('Pull') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '6a6543d1-3262-4f96-a4b5-4259a9a5c038', url: 'https://gitee.com/lianxing2233/springcloud-demo.git']])
}
}
stage('Build') {
steps {
sh 'docker build --no-cache --force-rm -t springcloud-demo:latest ./'
sh 'docker images'
}
}
}
post {
always {
emailext(
to: "[email protected]",
subject: 'CICD:${PROJECT_NAME} - Build # ${BUILD_NUMBER} - ${BUILD_STATUS}!',
body: '${FILE,path="email.html"}'
)
}
}
}
2、下载代码
pipeline {
agent any
stages {
stage('Pull') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '6a6543d1-3262-4f96-a4b5-4259a9a5c038', url: 'https://gitee.com/lianxing2233/vue-demo.git']])
}
}
}
}
3、构建镜像
pipeline {
agent any
stages {
stage('Pull') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '6a6543d1-3262-4f96-a4b5-4259a9a5c038', url: 'https://gitee.com/lianxing2233/vue-demo.git']])
}
}
stage('Build') {
steps {
sh 'docker build --no-cache -t vue-demo ./'
sh 'docker images'
}
}
}
}
2.9、推送镜像
阿里云->容器镜像服务->个人实例
1、创建命名空间
2、创建镜像仓库
3、登录到阿里云镜像仓库
docker login -u USERNAME -p PASSWORD registry.cn-hangzhou.aliyuncs.com
4、推送镜像
docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/ialso/jenkinsci:[镜像版本号]
docker push registry.cn-hangzhou.aliyuncs.com/ialso/jenkinsci:[镜像版本号]
5、整合到Pipeline
生成密钥引用片段
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-irTX4pNH-1681659008933)(C:\Users\lianxin\AppData\Roaming\Typora\typora-user-images\image-20230415211744044.png)]
pipeline {
agent any
stages {
stage('Pull') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '6a6543d1-3262-4f96-a4b5-4259a9a5c038', url: 'https://gitee.com/lianxing2233/vue-demo.git']])
}
}
stage('Build') {
steps {
sh 'docker build --no-cache --force-rm -t vue-demo:latest ./'
sh 'docker images'
}
}
stage('Push') {
steps {
withCredentials([usernamePassword(credentialsId: 'ed4d4a17-85bb-4395-a6a6-abb439c2301a', passwordVariable: 'AliyuPassword', usernameVariable: 'AliyuUsername')]) {
sh 'docker login -u ${AliyuUsername} -p ${AliyuPassword} registry.cn-hangzhou.aliyuncs.com'
}
sh 'docker tag vue-demo:latest registry.cn-hangzhou.aliyuncs.com/ialso/vue-demo:latest'
sh 'docker push registry.cn-hangzhou.aliyuncs.com/ialso/vue-demo:latest'
}
}
}
post {
always {
emailext(
to: "[email protected]",
subject: 'CICD:${PROJECT_NAME} - Build # ${BUILD_NUMBER} - ${BUILD_STATUS}!',
body: '${FILE,path="email.html"}'
)
}
}
}
2.10、邮件配置
1、获取邮箱授权码
QQ邮箱->设置->账户->POP3/IMAP/SMTP/Exchange/CardDAV/CalDAV服务->管理服务->生成授权码
xkdqwhuiwjoxdcia
2、配置jenkins管理员邮箱
Jenkins->Manage Jenkins->Configure System-> Jenkins Location
3、配置
Jenkins->Manage Jenkins->Configure System->Extended E-mail Notification
4、测试邮件功能
Jenkins->Manage Jenkins->Configure System->E-mail Notification
5、整合至Freestyle
6、整合至Pipeline
email.html
DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>${ENV,var="JOB_NAME"}-${BUILD_NUMBER}title>
head>
<body leftmargin="8" marginwidth="0" topmargin="8" marginheight="4" offset="0">
<table width="95%" cellpadding="0" cellspacing="0"
style="font-size: 11pt; font-family: Tahoma,Arial,Helvetica,sans-serif">
<tr>
<td>THIS EMAIL IS SENT BY JENKINS AUTOMATICALLY, PLEASE DON'T REPLY!td>
tr>
<tr>
<td>
<h2>
<font color="#0000FF">BUILD RESULT - ${BUILD_STATUS}font>
h2>
td>
tr>
<tr>
<td><br />
<b>
<font color="#0B610B">DETAILS:font>
b>
<ht size="2" width="100%" byte="center" />
td>
tr>
<tr>
<td>
<ul>
<li>PROJECT NAME : ${PROJECT_NAME}li>
<li>PROJECT URL : <a href="${PROJECT_URL}">${PROJECT_URL}a>li>
<li>BUILD NUMBER : ${BUILD_NUMBER}li>
<li>STARTED BY : ${CAUSE}li>
<li>BUILD URL : <a href="${BUILD_URL}">${BUILD_URL}a>li>
<li>BUILD LOG : <a href="${BUILD_URL}console">${BUILD_URL}consolea>li>
<li>BUILD WORKFLOW : <a
href="${PROJECT_URL}workflow-stage">${PROJECT_URL}workflow-stagea>li>
ul>
td>
tr>
<tr>
<td>
<font color="#0B610B">BUILD LOG (LAST 200 ROWS):font>b>
<hr size="2" width="100%" byte="center" />
td>
tr>
<tr>
<td><textarea cols="80" rows="30" readonly="readonly"
style="font-family: Courier New">${BUILD_LOG,maxLines=200,escapeHtml=true}textarea>
td>
tr>
table>
body>
html>
pipeline
pipeline {
agent any
stages {
stage('Pull') {
steps {
checkout scmGit(branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: '6a6543d1-3262-4f96-a4b5-4259a9a5c038', url: 'https://gitee.com/lianxing2233/vue-demo.git']])
}
}
stage('Build') {
steps {
sh 'docker build --no-cache --force-rm -t vue-demo:latest ./'
sh 'docker images'
}
}
}
post {
always {
emailext(
to: "[email protected]",
subject: 'CICD:${PROJECT_NAME} - Build # ${BUILD_NUMBER} - ${BUILD_STATUS}!',
body: '${FILE,path="email.html"}'
)
}
}
}
2.10、常见问题
安装后有时候还会出现jenkins与linux时间不一致,可以在Manage Jenkins->Script Console,执行下面命令
System.setProperty('org.apache.commons.jelly.tags.fmt.timeZone', 'Asia/Shanghai')
3、kubernetes
3.1、简介
用于自动部署、扩缩和管理容器化应用程序的开源系统,支持自动化部署、大规模可伸缩。
3.2、架构
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-q1yJqY20-1681659008934)(C:\Users\lianxin\Pictures\kubernetes.png)]
1、Control Plane
对集群做出全局决策
Controller manager
在主节点上运行控制器的组件,包含
- 节点控制器(Node Controller)
- 任务控制器(Job controller)
- 端点控制器(Endpoints Controller)
- 服务帐户和令牌控制器(Service Account & Token Controllers)
Etcd
保存 Kubernetes 所有集群数据的后台键值数据库
Scheduler
监视新创建的、未指定运行节点(node)的Pods,选择节点让 Pod 在上面运行
Api server
Kubernetes API服务
2、Node
kubelet
节点(node)上运行的代理
kube-proxy
节点上运行的网络代理
3.3、安装
节点规划
| 主机名称 | 主机IP |
|---|---|
| k-master | 150.158.187.211 |
| k-cluster1 | 124.223.4.217 |
| k-cluster2 | 124.222.59.241 |
| k-cluster3 | 150.158.24.200 |
1、安装docker
#!/bin/bash
# remove old docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# install dependents
yum install -y yum-utils
# set yum repo
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# install docker
yum install -y docker-ce-20.10.5-3.el7 docker-ce-cli-20.10.5-3.el7 containerd.io
# start
systemctl enable docker --now
# docker config
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://12sotewv.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
2、安装准备
vim prepare.sh
#!/bin/bash
# set SELinux permissive(disable)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# close swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
# permit iptables
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# flush
sudo sysctl --system
3、安装kubernetes
vim install.sh
#!/bin/bash
# set Kubernetes repo
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# installKubernetes
sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
4、启动
systemctl enable kubelet --now
3.4、卸载
yum -y remove kubelet kubeadm kubectl
sudo kubeadm reset -f
sudo rm -rvf $HOME/.kube
sudo rm -rvf ~/.kube/
sudo rm -rvf /etc/kubernetes/
sudo rm -rvf /etc/systemd/system/kubelet.service.d
sudo rm -rvf /etc/systemd/system/kubelet.service
sudo rm -rvf /usr/bin/kube*
sudo rm -rvf /etc/cni
sudo rm -rvf /opt/cni
sudo rm -rvf /var/lib/etcd
sudo rm -rvf /var/etcd
3.5、虚拟网卡
如果所有服务器可以内网联通则无需此步骤
1、使用公网IP建立虚拟网卡
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=150.158.187.211
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
2、重启网卡服务
systemctl restart network
3、查看效果
ifconfig
3.6、初始化主节点
节点规划
| 主机名称 | 主机IP |
|---|---|
| k-master | 150.158.187.211 |
| k-cluster1 | 124.223.4.217 |
| k-cluster2 | 124.222.59.241 |
| k-cluster3 | 150.158.24.200 |
1、初始化
kubeadm init \
--apiserver-advertise-address=150.158.187.211 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
2、初始化常见错误1
[root@k-master ~]# kubeadm init \
> --apiserver-advertise-address=150.158.187.211 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.20.9 \
> --service-cidr=10.96.0.0/16 \
> --pod-network-cidr=192.168.0.0/16
[init] Using Kubernetes version: v1.20.9
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.5. Latest validated version: 19.03
[WARNING Hostname]: hostname "k-master" could not be reached
[WARNING Hostname]: hostname "k-master": lookup k-master on 183.60.83.19:53: no such host
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
此时执行下面的命令
echo "1" > /proc/sys/net/ipv4/ip_forward
3、初始化成功
[root@k-master ~]# kubeadm init \
> --apiserver-advertise-address=150.158.187.211 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.20.9 \
> --service-cidr=10.96.0.0/16 \
> --pod-network-cidr=192.168.0.0/16
[init] Using Kubernetes version: v1.20.9
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.5. Latest validated version: 19.03
[WARNING Hostname]: hostname "k-master" could not be reached
[WARNING Hostname]: hostname "k-master": lookup k-master on 183.60.83.19:53: no such host
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 150.158.187.211]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k-master localhost] and IPs [150.158.187.211 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k-master localhost] and IPs [150.158.187.211 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 15.502637 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k-master as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node k-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: llukay.o7amg6bstg9abts3
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 150.158.187.211:6443 --token llukay.o7amg6bstg9abts3 \
--discovery-token-ca-cert-hash sha256:2f6c42689f5d5189947239997224916c94003cf9ed92220487ace5032206b4b9
4、后续步骤
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
5、设置网络组件
curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O
kubectl apply -f calico.yaml
6、注意事项
如果忘记了令牌,可以使用下面的命令来创建新的令牌
# 获取新join命令
kubeadm token create --print-join-command
每次初始化失败/加入失败都需要进行重置
kubeadm reset
3.7、加入从节点
[root@k-cluster1 ~]# kubeadm join 150.158.187.211:6443 --token llukay.o7amg6bstg9abts3 \
> --discovery-token-ca-cert-hash sha256:2f6c42689f5d5189947239997224916c94003cf9ed92220487ace5032206b4b9
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.5. Latest validated version: 19.03
[WARNING Hostname]: hostname "k-cluster1" could not be reached
[WARNING Hostname]: hostname "k-cluster1": lookup k-cluster1 on 183.60.83.19:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
3.8、kubectl命令
# 获取节点信息(只能在主节点使用)
[root@k-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k-cluster1 Ready <none> 10m v1.20.9
k-cluster2 Ready <none> 10m v1.20.9
k-cluster3 Ready <none> 10m v1.20.9
k-master Ready control-plane,master 13m v1.20.9
# 根据配置文件,给集群创建资源
kubectl apply -f calico.yaml
# 查看集群部署的应用
[root@k-master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-577f77cb5c-5jwch 1/1 Running 0 5m23s
kube-system calico-node-9wphc 1/1 Running 0 5m23s
kube-system calico-node-gkjpt 0/1 Running 0 5m23s
kube-system calico-node-qv47h 1/1 Running 0 5m23s
kube-system calico-node-rvcrh 1/1 Running 0 5m23s
kube-system coredns-7f89b7bc75-bbkfz 1/1 Running 0 16m
kube-system coredns-7f89b7bc75-m46t5 1/1 Running 0 16m
kube-system etcd-k-master 1/1 Running 0 16m
kube-system kube-apiserver-k-master 1/1 Running 0 16m
kube-system kube-controller-manager-k-master 1/1 Running 0 16m
kube-system kube-proxy-87hgc 1/1 Running 0 14m
kube-system kube-proxy-ksk4m 1/1 Running 0 16m
kube-system kube-proxy-nkmsl 1/1 Running 0 14m
kube-system kube-proxy-w4qdj 1/1 Running 0 14m
kube-system kube-scheduler-k-master 1/1 Running 0 16m
3.9、部署可视化界面
[root@k-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@k-master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-577f77cb5c-5jwch 1/1 Running 0 17m
kube-system calico-node-9wphc 1/1 Running 0 17m
kube-system calico-node-gkjpt 0/1 Running 0 17m
kube-system calico-node-qv47h 1/1 Running 0 17m
kube-system calico-node-rvcrh 1/1 Running 0 17m
kube-system coredns-7f89b7bc75-bbkfz 1/1 Running 0 28m
kube-system coredns-7f89b7bc75-m46t5 1/1 Running 0 28m
kube-system etcd-k-master 1/1 Running 0 28m
kube-system kube-apiserver-k-master 1/1 Running 0 28m
kube-system kube-controller-manager-k-master 1/1 Running 0 28m
kube-system kube-proxy-87hgc 1/1 Running 0 26m
kube-system kube-proxy-ksk4m 1/1 Running 0 28m
kube-system kube-proxy-nkmsl 1/1 Running 0 26m
kube-system kube-proxy-w4qdj 1/1 Running 0 26m
kube-system kube-scheduler-k-master 1/1 Running 0 28m
kubernetes-dashboard dashboard-metrics-scraper-79c5968bdc-mdhxx 1/1 Running 0 55s
kubernetes-dashboard kubernetes-dashboard-658485d5c7-k2ds5 1/1 Running 0 55s