kubernetes
認識kubernetes
https://github.com/gjmzj/kubeaszphp
service是核心,service是由pod組成的,pod是由容器組成的,提供service的是容器,service和pod經過標籤關聯,pod運行在Node上,每一個pod都有一個特殊的容器叫pause(共享網絡、共享數據),其餘容器叫作業務容器,html
https://coding.net/u/aminglinux/p/yuanke_centos7/git/tree/master/k8snode
1.是一個開源的,用於管理雲平臺中多個主機上的容器化的應用,Kubernetes的目標是讓部署容器化的應用簡單而且高效(powerful),Kubernetes提供了應用部署,規劃,更新,維護的一種機制。python
http://docs.kubernetes.org.cn/227.htmlmysql
https://www.cnblogs.com/xhyan/p/6656062.htmllinux
https://www.cnblogs.com/fengjian2016/p/6392900.htmlnginx
https://kubernetes.io/zh/docs/tutorials/kubernetes-basics/git
2.安裝kubernetes,關閉防火牆github
[root@centos-01 ~]# systemctl stop firewalld [root@centos-01 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@centos-01 ~]# setenforce 0 setenforce: SELinux is disabled [root@centos-01 ~]#
3.安裝etcd(做用存儲kubernetes裏面的配置文件)和kubernetesweb
[root@centos-01 ~]# yum install -y etcd kubernetes
4.修改配置文件,將--selinux-enabled 改成 --selinux-enabled=false --insecure-registry gcr.io
[root@centos-01 ~]# vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
5.編輯apiserver配置文件,把--admission_control參數中的ServiceAccount刪除
[root@centos-01 ~]# vim /etc/kubernetes/apiserver
6.準備工做,安裝python-rhsm-certificates包,若是提示python-rhsm-certificates-1.19.10-1.el7_4.x86_64 被已安裝的 subscription-manager-rhsm-certificates1.20.11-1.el7.centos.x86_64 取代
yum install python-rhsm-certificates
[root@centos-01 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm --2018-12-11 04:01:39-- http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm 正在解析主機 mirror.centos.org (mirror.centos.org)... 213.184.126.230, 2605:9000:401:102::2 正在鏈接 mirror.centos.org (mirror.centos.org)|213.184.126.230|:80... 已鏈接。 已發出 HTTP 請求,正在等待迴應... 200 OK 長度:42188 (41K) [application/x-rpm] 正在保存至: 「python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm」 100%[======================================================================================>] 42,188 66.1KB/s 用時 0.6s 2018-12-11 04:01:40 (66.1 KB/s) - 已保存 「python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm」 [42188/42188]) [root@centos-01 ~]# rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm |cpio -iv --to-stdout ./etc/rhsm/ca/redhatuep.pem > /etc/rhsm/ca/redhat-uep.pem 17 塊 [root@centos-01 ~]#
7.配置docker加速器
vi /etc/docker/daemon.json//加入以下內容
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
8.按順序啓動全部服務(紅的是master節點上的,綠的是)
for s in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy do systemctl start $s done
9.建立一個rc文件
vim mysql-rc.yaml
apiVersion: v1
kind: ReplicationController #副本控制器RC
metadata:
name: mysql #RC的名稱,全局惟一
spec:
replicas: 1 #Pod副本的期待數量
selector:
app: mysql #符合目標的Pod擁有此標籤
template: #根據此模板建立Pod的副本(實例)
metadata:
labels:
app: mysql #Pod副本擁有的標籤,對應RC的Selector
spec:
containers: #Pod內容器的定義部分
- name: mysql #容器的名稱
image: mysql:5.6 #容器對應的Docker image
ports:
- containerPort: 3306 #容器應用監聽的端口號
env: #注入容器內的環境變量
- name: MYSQL_ROOT_PASSWORD
value: "123456"
10.建立rc
[root@centos-01 ~]# kubectl create -f mysql-rc.yaml replicationcontroller "mysql" created
查看是否pull成功了鏡像,若是沒有pull成功須要手動pull
docker images
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
docker pull mysql:5.6
11.查看命令幹了什麼
[root@centos-01 ~]# tail /var/log/messages(實際上是docker在下載mysql鏡像)
12.查看都有哪些rc
[root@centos-01 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 1 1 0 5m
13.查看pod狀態(狀態變成running說明沒問題)
[root@centos-01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-b57jv 0/1 Pending 0 7m [root@centos-01 ~]#
[root@centos-02 rhsm]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-n1jtc 1/1 Running 0 21m [root@centos-02 rhsm]#
14.查看service
[root@centos-01 ~]# kubectl get service
15.建立service(svc)文件
[root@centos-02 ~]# vim mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
[root@centos-02 ~]# kubectl create -f mysql-svc.yaml
service "mysql" created
[root@centos-02 ~]#
[root@centos-02 ~]# kubectl get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 35m
mysql 10.254.73.183(就是咱們的serviceIP) <none> 3306/TCP 35s
[root@centos-02 ~]#
16.安裝mysql
[root@centos-02 ~]# yum install -y mysql
17.這樣咱們就能夠經過10.254.73.183:3306訪問mysql了
[root@centos-02 ~]# mysql -uroot -p123456 -h10.254.73.183 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.6.42 MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]>
18.建立myweb
[root@centos-02 ~]# vim myweb-rc.yaml
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 1
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVICE_HOST
value: '10.254.73.183' #這裏的IP須要經過kubect get svc 查看mysql的cluster ip(10.254.73.183)
- name: MYSQL_SERVICE_PORT
value: '3306'
[root@centos-02 ~]# kubectl create -f myweb-rc.yaml replicationcontroller "myweb" created [root@centos-02 ~]#
19.查看pod
[root@centos-02 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-n1jtc 1/1 Running 0 2h myweb-1x5h9 0/1 ContainerCreating 0 1m [root@centos-02 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/mysql 5.6 a876cc5d29e4 3 weeks ago 256 MB registry.access.redhat.com/rhel7/pod-infrastructure latest 99965fb98423 14 months ago 209 MB [root@centos-02 ~]#
20.建立service
[root@centos-02 ~]# vim myweb-svc.yaml
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30001
selector:
app: myweb
[root@centos-02 ~]# kubectl create -f myweb-svc.yaml service "myweb" created [root@centos-02 ~]#
21.查看pod和service
[root@centos-02 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-n1jtc 1/1 Running 0 2h
myweb-1x5h9 1/1 Running 0 8m
[root@centos-02 ~]# kubectl get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 2h
mysql 10.254.73.183 <none> 3306/TCP 2h
myweb 10.254.51.166 <nodes> 8080:30001/TCP 1m
[root@centos-02 ~]#
22.訪問tomcat
[root@centos-02 ~]# curl -I 10.254.51.166:8080 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 13 Dec 2018 20:01:56 GMT [root@centos-02 ~]#
[root@centos-02 ~]# curl 10.254.51.166:8080/demo/
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>HPE University Docker&Kubernetes Learning</title>
</head>
<body align="center">
<h2>Congratulations!!</h2>
<br></br>
<input type="button" value="Add..." onclick="location.href='input.html'" >
<br></br>
<TABLE align="center" border="1" width="600px">
<TR>
<TD>Name</TD>
<TD>Level(Score)</TD>
</TR>
<TR>
<TD>google</TD>
<TD>100</TD>
</TR>
<TR>
<TD>docker</TD>
<TD>100</TD>
</TR>
<TR>
<TD>teacher</TD>
<TD>100</TD>
</TR>
<TR>
<TD>HPE</TD>
<TD>100</TD>
</TR>
<TR>
<TD>our team</TD>
<TD>100</TD>
</TR>
<TR>
<TD>me</TD>
<TD>100</TD>
</TR>
</TABLE>
</body>
</html>
[root@centos-02 ~]#
[root@centos-02 ~]# curl 192.168.242.132:30001/demo/
23.經過瀏覽器訪問,咱們發現默認FORWARD是DROP,咱們須要不FORWARD打開
[root@centos-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 4 packets, 248 bytes)
pkts bytes target prot opt in out source destination
537K 532M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
96 11569 DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
96 11569 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
78 10629 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
3 180 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3 packets, 156 bytes)
pkts bytes target prot opt in out source destination
507K 188M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
508K 188M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
96 11569 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-FIREWALL (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
Chain KUBE-SERVICES (1 references)
pkts bytes target prot opt in out source destination
[root@centos-02 ~]#
[root@centos-02 ~]# iptables -P FORWARD ACCEPT [root@centos-02 ~]#
24.成功訪問
25.咱們發現多了一個HPE_APP表
[root@centos-02 ~]# mysql -uroot -p123456 -h10.254.73.183 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 11 Server version: 5.6.42 MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | HPE_APP | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) MySQL [(none)]>
MySQL [(none)]> use HPE_APP; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MySQL [HPE_APP]> SHOW TABLES; +-------------------+ | Tables_in_HPE_APP | +-------------------+ | T_USERS | +-------------------+ 1 row in set (0.00 sec) MySQL [HPE_APP]> SELECT * FROM T_USERS; +----+-------------+-------+ | ID | USER_NAME | LEVEL | +----+-------------+-------+ | 1 | me | 100 | | 2 | our team | 100 | | 3 | HPE | 100 | | 4 | teacher | 100 | | 5 | docker | 100 | | 6 | google | 100 | | 7 | 15001316083 | 100 | +----+-------------+-------+ 7 rows in set (0.00 sec) MySQL [HPE_APP]>
26.命令總結
[root@centos-02 ~]# kubectl create -f ^C [root@centos-02 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-n1jtc 1/1 Running 0 3h myweb-1x5h9 1/1 Running 0 25m [root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 1 1 1 3h myweb 1 1 1 25m [root@centos-02 ~]# kubectl get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.254.0.1 <none> 443/TCP 3h mysql 10.254.73.183 <none> 3306/TCP 2h myweb 10.254.51.166 <nodes> 8080:30001/TCP 18m [root@centos-02 ~]#
kubernetes相關概念
1.kubernetes從物理上劃分爲master節點和node節點
2.RC中動態修改pod副本數量,下面兩個rc分別有一個動態的pod,咱們動態調整成2個mysql pod
[root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 1 1 1 21h myweb 1 1 1 19h [root@centos-02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-n1jtc 1/1 Running 0 21h myweb-1x5h9 1/1 Running 0 19h [root@centos-02 ~]#
[root@centos-02 ~]# kubectl scale rc mysql --replicas=2 replicationcontroller "mysql" scaled [root@centos-02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-cc1tx 0/1 ContainerCreating 0 6s mysql-n1jtc 1/1 Running 0 21h myweb-1x5h9 1/1 Running 0 19h [root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 2 2 2 21h myweb 1 1 1 19h [root@centos-02 ~]#
3.刪除RC,RC對應的pod也會被刪除掉
[root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 2 2 2 22h myweb 1 1 1 19h [root@centos-02 ~]# kubectl delete rc myweb replicationcontroller "myweb" deleted [root@centos-02 ~]#
[root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 2 2 2 22h myweb 1 1 1 19h [root@centos-02 ~]# kubectl delete rc myweb replicationcontroller "myweb" deleted [root@centos-02 ~]# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 2 2 2 22h [root@centos-02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-cc1tx 1/1 Running 0 14m mysql-n1jtc 1/1 Running 0 22h [root@centos-02 ~]#
4.svc中仍是有myweb,須要手動刪掉
[root@centos-02 ~]# kubectl get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.254.0.1 <none> 443/TCP 22h mysql 10.254.73.183 <none> 3306/TCP 21h myweb 10.254.51.166 <nodes> 8080:30001/TCP 19h [root@centos-02 ~]#
[root@centos-02 ~]# kubectl delete svc myweb service "myweb" deleted [root@centos-02 ~]# kubectl get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.254.0.1 <none> 443/TCP 22h mysql 10.254.73.183 <none> 3306/TCP 21h [root@centos-02 ~]#
5.Deployment 在1.2版本引入的概念,目的是爲了解決pod編排問題,在內部使用了Replica Set,它和RC比較,類似度爲90%以上,能夠認爲 是RC的升級版。 跟RC比較,最大的一個特色是能夠知道pod部署的進度。
Deployment示例:
[root@centos-02 ~]# vim fr-dp.yaml
kind: Deployment
metadata:
name: frontend
spec:
replicas: 1
selector:
matchLabels:
tier: frontend
matchExpressions:
- {key: tier, operator: In, values: [frontend]}
template:
metadata:
labels:
app: app-demo
tier: frontend
spec:
containers:
- name: tomcat-demo
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
6.建立frontend
[root@centos-02 ~]# kubectl create -f fr-dp.yaml deployment "frontend" created [root@centos-02 ~]#
[root@centos-02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE frontend-141477217-20031 0/1 ContainerCreating 0 45s mysql-cc1tx 1/1 Running 0 1h mysql-n1jtc 1/1 Running 0 23h [root@centos-02 ~]#
[root@centos-02 ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE frontend 1 1 1 0 1m [root@centos-02 ~]#
7.查看pod狀況
[root@centos-02 ~]# kubectl describe pod frontend-141477217-20031
Name: frontend-141477217-20031
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Sat, 15 Dec 2018 00:15:50 +0800
Labels: app=app-demo
pod-template-hash=141477217
tier=frontend
Status: Pending
IP:
Controllers: ReplicaSet/frontend-141477217
Containers:
tomcat-demo:
Container ID:
Image: tomcat
Image ID:
Port: 8080/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
4m 4m 1 {default-scheduler } Normal Scheduled Successfully assigned frontend-141477217-20031 to 127.0.0.1
4m 4m 1 {kubelet 127.0.0.1} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod
using "ClusterFirst" policy. Falling back to DNSDefault policy.
4m 4m 1 {kubelet 127.0.0.1} spec.containers{tomcat-demo} Normal Pulling pulling image "tomcat"
[root@centos-02 ~]#
8.查看下有沒有pull下來tomcat的鏡像
[root@centos-02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/tomcat latest 48dd385504b1 6 days ago 475 MB
docker.io/mysql 5.6 a876cc5d29e4 4 weeks ago 256 MB
registry.access.redhat.com/rhel7/pod-infrastructure latest 99965fb98423 14 months ago 209 MB
docker.io/kubeguide/tomcat-app v1 a29e200a18e9 2 years ago 358 MB
[root@centos-02 ~]#
9.HPA:在1.1版本,kubernetes官方發佈了HPA,實現pod的動態擴容、縮容,它屬於一種kubernetes的資源對象。它經過追蹤分析 RC控制的全部目標pod的負載變化狀況,來決定是否須要針對性地調整目標Pod的副本數,這是HPA的實現原理。
pod負載度量指標: 1)CpuUtilizationPercentage 目標pod全部副本自身的cpu利用率平用均值。一個pod自身的cpu利用率=該pod當前cpu的使用量/pod Request值。若是某 一個時刻,CPUUtilizationPercentage的值超過了80%,則斷定當前的pod已經不夠支撐業務,須要增長pod。 2)應用程序自定義的度量指標,好比服務每秒內的請求數(TPS或QPS) HPA示例: apiVerion: autosacling/v1 kind: HorizontalPodAutoscaler metadata: name: php-apache namespace: default spec: maxReplicas: 10 minReplicas: 1 scaleTargetRef: kind: Deployment name: php-apache targetCPUUtilizationPercentage: 90 說明:HPA控制的目標對象是一個名叫php-apache的Deployment裏的pod副本,當cpu平均值超過90%時就會擴容,pod副本 數控制範圍是1-10. 除了以上的xml文件定義HPA外,也能夠用命令行的方式來定義: kubectl autoscale deployment php-apache --cpu-percent=90 --min=1 --max=10
10.Service是kubernetes中最核心的資源對象之一,Service能夠理解成是微服務架構中的一個「微服務」,pod、RC、 Deployment都是爲Service提供嫁衣的。
簡單講一個service本質上是一組pod組成的一個集羣,前面咱們說過service和pod之間是經過Label來串起來的,相同Service的 pod的Label同樣。同一個service下的全部pod是經過kube-proxy實現負載均衡,而每一個service都會分配一個全局惟一的虛擬 ip,也叫作cluster ip。在該service整個生命週期內,cluster ip是不會改變的,而在kubernetes中還有一個dns服務,它把 service的name和cluster ip映射起來。
11.查看pod的IP地址以及端口
[root@centos-02 ~]# kubectl get endpoints NAME ENDPOINTS AGE kubernetes 192.168.242.132:6443 23h mysql 172.17.0.2:3306,172.17.0.4:3306 23h [root@centos-02 ~]#
12.查看service分配的cluster ip
[root@centos-02 ~]# kubectl get svc mysql -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-12-13T17:43:37Z
name: mysql
namespace: default
resourceVersion: "2329"
selfLink: /api/v1/namespaces/default/services/mysql
uid: 9ebfd5d8-fefe-11e8-b6e3-000c2959c2d2
spec:
clusterIP: 10.254.73.183
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: mysql
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
[root@centos-02 ~]#
13.Namespace當kubernetes集羣中存在多租戶的狀況下,就須要有一種機制實現每一個租戶的資源隔離。而namespace的目的就是爲了實現資 源隔離。
查看集羣全部的namespace
[root@centos-02 ~]# kubectl get namespace NAME STATUS AGE default Active 1d kube-system Active 1d [root@centos-02 ~]#
[root@centos-02 ~]# vim dev-ns.yaml apiVersion: v1 kind: Namespace metadata: name: dev
14.建立dev namespace
[root@centos-02 ~]# kubectl create -f dev-ns.yaml namespace "dev" created [root@centos-02 ~]#
15.獲取namespace
[root@centos-02 ~]# kubectl get ns
NAME STATUS AGE
default Active 1d
dev Active 37s
kube-system Active 1d
[root@centos-02 ~]#
16.定義pod
[root@centos-02 ~]# vim busybox-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: dev
spec:
containers:
- image: busybox
command:
- sleep
- "500"
name: busybox
[root@centos-02 ~]# kubectl create -f busybox-pod.yaml pod "busybox" created [root@centos-02 ~]#
17.咱們直接get pods不能查看到busybox,須要指定namespace爲dev查看
[root@centos-02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE frontend-141477217-20031 1/1 Running 0 1h mysql-cc1tx 1/1 Running 0 3h mysql-n1jtc 1/1 Running 0 1d [root@centos-02 ~]#
[root@centos-02 ~]# kubectl get pods -n dev NAME READY STATUS RESTARTS AGE busybox 1/1 Running 0 4m [root@centos-02 ~]#
[root@centos-02 ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default frontend-141477217-20031 1/1 Running 0 1h default mysql-cc1tx 1/1 Running 0 3h default mysql-n1jtc 1/1 Running 0 1d dev busybox 1/1 Running 0 5m [root@centos-02 ~]#
kubectl get pods -n dev
kubectl命令用法
語法: kubectl [command] [TYPE] [NAME] [flags] 1 command:子命令,用於操做Kubernetes集羣資源對象的命令,如create, delete, describe, get, apply等 2 TYPE:資源對象的類型,如pod, service, rc, deployment, node等,能夠單數、複數以及簡寫(pod, pods, po/service, services, svc) 3 NAME:資源對象的名稱,不指定則返回全部,如get pod 會返回全部pod, get pod nginx, 只返回nginx這個pod 4 flags:kubectl子命令的可選參數,例如-n 指定namespace,-s 指定apiserver的URL
資源對象類型列表 能夠用這個命令獲取到: kubectl explain 或 kubectl api-resources
名稱 簡寫 componentsstatuses cs daemonsets ds deployment deploy events ev endpoints ep horizontalpodautoscalers hpa ingresses ing jobs limitranges limits nodes no namspaces ns pods po persistentvolumes pv persistentvolumeclaims pvc resourcequotas quota replicationcontrollers rc secrets serviceaccounts sa services svc
特殊用法: kubectl get pods pod1 pod2 kubectl get pod/pod1 rc/rc1 kubectl create -f pod1.yaml -f rc1.yaml -f service1.yaml
kubectl子命令 主要包括對資源的建立、刪除、查看、修改、配置、運行等 kubectl --help 能夠查看全部子命令 kubectl參數 kubectl options 能夠查看支持的參數,例如--namespace指定所在namespace kubectl輸出格式 kubectl命令能夠用多種格式對結果進行顯示,輸出格式經過-o參數指定: -o支持的格式有 輸出格式 說明 custom-columns=<spec> 根據自定義列名進行輸出,逗號分隔 custom-columns-file=<filename> 從文件中獲取自定義列名進行輸出 json 以JSON格式顯示結果 jsonpath=<template> 輸出jasonpath表達式定義的字段信息 jasonpath-file=<filename> 輸出jsonpath表達式定義的字段信息,來源於文件 name 僅輸出資源對象的名稱 wide 輸出更多信息,好比會輸出node名 yaml 以yaml格式輸出 舉例: kubectl get pod -o wide kubectl get pod -o yaml kubectl get pod -o custom-columns=NAME:.metadata.name,RESC:.metadata.resourceVersion kubectl get pod --sort-by=.metadata.name //按name排序 kubectl命令示例: 1)建立資源對象 根據yaml文件建立service和deployment kubectl create -f my-service.yaml -f my-deploy.yaml 也能夠指定一個目錄,這樣能夠一次性根據該目錄下全部yaml或json文件定義資源 kubectl create -f <directory> 2)查看資源對象 查看全部pod kubectl get pods 查看deployment和service kubectl get deploy,svc 3)描述資源對象 顯示node的詳細信息 kubectl describe nodes <node-name> 顯示pod的詳細信息 kubectl describe pods/<pod-name> 顯示deployment管理的pod信息 kubectl describe pods <deployment-name> 4)刪除資源對象 基於yaml文件刪除 kubectl delete -f pod.yaml 刪除全部包含某個label的pod和service kubectl delete po,svc -l name=<lable-name> 刪除全部pod kubectl delete po --all 5)執行容器的命令 在pod中執行某個命令,如date kubectl exec <pod-name> date //pod-name若是不加,默認會選擇第一個pod 指定pod的某個容器執行命令 kubectl exec <pod-name> date 進入到pod的容器裏 kubectl exec -it <pod-name> bash 6)查看容器日誌 kubectl logs <pod-name> 能夠動態查看,相似於tail -f kubectl logs -f <pod-name> -c <container-name>
搭建kubernetes集羣(ansible-playbook)-1
1.軟硬件限制(詳情見https://coding.net/u/aminglinux/p/yuanke_centos7/git/tree/master/k8s)
cpu和內存 master:至少1核兩g,推薦兩核4g,node至少1核2g
linux系統內核版本至少3.10,推薦centos7/RHEL7
docker 至少1.9版本,推薦1.12+
etcd至少2.0版本,推薦3.0+
2.四臺機器所有執行
yum update yum install epel-release yum install python
3.deploy節點安裝和準備ansible
(1)130服務器安裝pip
yum install -y python-pip git
(2)升級pip源
pip install pip --upgrade -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
(3)安裝ansible (pip和yum挺像的主要用於安裝python下的插件),若是這種方式安裝失敗用yum安裝(yum list|grep ansible、 yum install -y ansible)
[root@centos-04 ~]# pip install --no-cache-dir ansible -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
Installing collected packages: MarkupSafe, jinja2, PyYAML, idna, enum34, six, pycparser, cffi, asn1crypto, cryptography, pynacl, pyasn1, bcrypt, paramiko, ansible Running setup.py install for PyYAML ... done Running setup.py install for pycparser ... done Running setup.py install for ansible ... done Successfully installed MarkupSafe-1.1.0 PyYAML-3.13 ansible-2.7.5 asn1crypto-0.24.0 bcrypt-3.1.5 cffi-1.11.5 cryptography-2.4.2 enum34-1.1.6 idna-2.8 jinja2-2.10 paramiko-2.4.2 pyasn1-0.4.4
pycparser-2.19 pynacl-1.3.0 six-1.12.0 [root@centos-04 ~]#
deploy節點配置免密碼登陸
1.生成密鑰對
[root@centos-04 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:qrghr27RSPWCV5mBazMJiT6V3KDX0+s9twBLSnjemac root@centos-04 The key's randomart image is: +---[RSA 2048]----+ |. o.=.+ | |.o.*.=. | |..=.=o . | | =.O... . | |. *.+o +S | | o .+ =.* | |. o o.* = . | | + o . o + . | |+o+.. E . | +----[SHA256]-----+ [root@centos-04 ~]#
[root@centos-04 ~]# for ip in 130 131 132 133; do ssh-copy-id 192.168.242.$ip; done
2.登陸各個機器測試(ctrl+d退出)
[root@centos-04 ~]# for ip in 130 131 132 133; do ssh 192.168.242.$ip; done Last login: Tue Dec 18 19:04:47 2018 from 192.168.242.1 [root@centos-04 ~]# 登出 Connection to 192.168.242.130 closed. Last login: Tue Dec 18 19:08:23 2018 from 192.168.242.1 ABRT 已檢測到 '4' 個問題。預瞭解詳細信息請執行:abrt-cli list --since 1545131303 [root@centos-01 ~]# 登出 Connection to 192.168.242.131 closed. Last login: Tue Dec 18 19:08:14 2018 from 192.168.242.1 [root@centos-02 ~]# 登出 Connection to 192.168.242.132 closed. Last login: Tue Dec 18 19:06:44 2018 from 192.168.242.1 [root@centos-03 ~]# 登出 Connection to 192.168.242.133 closed. [root@centos-04 ~]#
deploy上編排k8s
[root@centos-04 ~]# git clone https://github.com/gjmzj/kubeasz.git [root@centos-04 ~]# mkdir -p /etc/ansible [root@centos-04 ~]# mv kubeasz/* /etc/ansible/
[root@centos-04 ~]# cd /etc/ansible/ [root@centos-04 ansible]# du -sh 2.6M . [root@centos-04 ansible]# ls 01.prepare.yml 05.kube-node.yml 20.addnode.yml 24.restore.yml bin manifests tools 02.etcd.yml 06.network.yml 21.addmaster.yml 90.setup.yml docs pics 03.docker.yml 07.cluster-addon.yml 22.upgrade.yml 99.clean.yml down README.md 04.kube-master.yml 11.harbor.yml 23.backup.yml ansible.cfg example roles [root@centos-04 ansible]#
配置集羣參數
[root@centos-04 ansible]# cp example/hosts.m-masters.example hosts [root@centos-04 ansible]#
[root@centos-04 ansible]# vim hosts (根據實際狀況修改IP地址)
[deploy]
192.168.242.130 NTP_ENABLED=no
[etcd] 192.168.242.130 NODE_NAME=etcd1 192.168.242.131 NODE_NAME=etcd2 192.168.242.132 NODE_NAME=etcd3
[kube-master]
192.168.242.130
192.168.242.133
[lb] 192.168.242.130 LB_IF="ens33" LB_ROLE=backup
192.168.242.133 LB_IF="eno16777736" LB_ROLE=master
[kube-node] 192.168.242.131 192.168.242.132
K8S_VER="v1.11"
MASTER_IP="192.168.242.150"
從百度雲網盤下載二進制文件 https://pan.baidu.com/s/1c4RFaA#list/path=%2F 能夠根據本身所需版本,下載對應的tar包,這裏我下載1.11 通過一番折騰,最終把k8s.1-11-2.tar.gz的tar包放到了depoly上,上傳包-解壓-移動到bin目錄
[root@centos-04 ~]# rz rz waiting to receive. Starting zmodem transfer. Press Ctrl+C to cancel. 100% 214046 KB 9306 KB/s 00:00:23 0 Errorss [root@centos-04 ~]# ls anaconda-ks.cfg k8s.1-11-3.tar.gz kubeasz [root@centos-04 ~]#
tar zxvf k8s.1-11-2.tar.gz mv bin/* /etc/ansible/bin/
[root@centos-04 ~]# cd /etc/ansible/bin/ [root@centos-04 bin]# ls bridge docker dockerd etcdctl kube-controller-manager loopback calicoctl docker-compose docker-init flannel kubectl portmap cfssl docker-containerd docker-proxy helm kubelet readme.md cfssl-certinfo docker-containerd-ctr docker-runc host-local kube-proxy cfssljson docker-containerd-shim etcd kube-apiserver kube-scheduler [root@centos-04 bin]#
建立證書和安裝準備
[root@centos-04 ansible]# ansible-playbook 01.prepare.yml
安裝etcd集羣
[root@centos-04 ansible]# ansible-playbook 02.etcd.yml
檢查etcd節點健康情況:(若是提示etcdctl命令不存在,先執行bash)
for ip in 130 131 132 ; do ETCDCTL_API=3 etcdctl --endpoints=https://192.168.242.$ip:2379 -- cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint healt; done
安裝docker
ansible-playbook 03.docker.yml
安裝master節點
ansible-playbook 04.kube-master.yml
查看集羣狀態
kubectl get componentstatus
安裝node節點
[root@centos-04 ansible]# ansible-playbook 05.kube-node.yml
查看node節點
kubectl get nodes
部署集羣網絡
ansible-playbook 06.network.yml
kubectl get pod -n kube-system
安裝集羣插件(dns, dashboard)
ansible-playbook 07.cluster-addon.yml
查看kube-system namespace下的服務
kubectl get svc -n kube-system
一步到位安裝(上面七步能夠直接用下面命令)
ansible-playbook 90.setup.yml
查看集羣信息:
kubectl cluster-info
查看node/pod使用資源狀況:
kubectl top node kubectl top pod --all-namespaces
測試DNS
建立nginx service
kubectl run nginx --image=nginx --expose --port=80
建立busybox 測試pod
kubectl run busybox --rm -it --image=busybox /bin/sh //進入到busybox內部 nslookup nginx.default.svc.cluster.local //結果以下 Server: 10.68.0.2 Address: 10.68.0.2:53 Name: nginx.default.svc.cluster.local Address: 10.68.9.156
備份和恢復
[root@centos-04 ~]# cd [root@centos-04 ~]# kubectl run mysql --image=mysql:5.6 --expose --port=3306 (自動建立mysql的service和mysql的deployment)
建立備份目錄
[root@centos-04 ~]# mkdir -p /backup/k8s [root@centos-04 ~]#
備份etcd數據
[root@centos-04 ~]# ETCDCTL_API=3 etcdctl snapshot save /backup/k8s/snapshot.db
備份ca證書
[root@centos-04 ~]# cp /etc/kubernetes/ssl/ca* /backup/k8s/ [root@centos-04 ~]#
模擬集羣崩潰
deploy節點執行 ansible-playbook /etc/ansible/99.clean.yml
恢復步驟以下(在deploy節點):
恢復ca證書(我靠有問題,完了完了,咱們用戶一鍵安裝從新安裝一遍吧)
mkdir -p /etc/kubernetes/ssl cp /backup/k8s/ca* /etc/kubernetes/ssl/
[root@centos-04 ~]# cp /backup/k8s/ca* /etc/kubernetes/ssl/ cp: 沒法獲取"/backup/k8s/ca*" 的文件狀態(stat): 沒有那個文件或目錄 [root@centos-04 ~]#
ansible-playbook 90.setup.yml
檢查etcd是否成功
for ip in 130 131 132 ; do ETCDCTL_API=3 etcdctl --endpoints=https://192.168.242.$ip:2379 -- cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint healt; done
檢查master節點的集羣狀態
kubectl get componentstatus
查看node節點
kubectl get nodes
查看kube-system namespace下的服務
kubectl get svc -n kube-system
查看集羣信息
kubectl cluster-info
建立nginx
[root@centos-04 ansible]# kubectl run nginx --image=nginx --expose --port=80
建立mysql
[root@centos-04 ansible]# history |grep run |grep mysql 935 kubectl run mysql --image=mysql:5.6 --expose --port=3306 958 history |grep run |grep mysql [root@centos-04 ansible]# kubectl run mysql --image=mysql:5.6 --expose --port=3306
查看pod所在的節點(能夠看到ip)
kubectl get pod -o wide
刪除某個節點
建立mysql失敗查看logs發現須要建立初始化密碼
咱們從新備份
執行clear
ansible-playbook /etc/ansible/99.clean.yml
恢復ca證書
mkdir -p /etc/kubernetes/ssl cp /backup/k8s/ca* /etc/kubernetes/ssl/
重建集羣
cd /etc/ansible ansible-playbook 01.prepare.yml ansible-playbook 02.etcd.yml ansible-playbook 03.docker.yml ansible-playbook 04.kube-master.yml ansible-playbook 05.kube-node.yml
恢復etcd數據
中止服務
ansible etcd -m service -a 'name=etcd state=stopped'
清空文件
ansible etcd -m file -a 'name=/var/lib/etcd/member/ state=absent'
登陸全部的etcd節點,參照本etcd節點/etc/systemd/system/etcd.service的服務文件,替換以下{{}}中變量後執行(在每臺機器執行下面的命令都須要修改對應的紅色部分,改成對應的etcd* 和對應的ip)
cd /backup/k8s/ ETCDCTL_API=3 etcdctl snapshot restore snapshot.db \ --name etcd1 \ --initialcluster etcd1=https://192.168.242.130:2380,etcd2=https://192.168.242.131:2380,etcd3=https://192.168.242.132:2380 \ --initial-cluster-token etcd-cluster-0 \ --initial-advertise-peer-urls https://192.168.111.128:2380
將128服務器的backup目錄拷貝到129 130服務器
執行上面的步驟後,會生成{{ NODE_NAME }}.etcd目錄(三臺機器都執行下面的對應命令)
cp -r etcd1.etcd/member /var/lib/etcd/ systemctl restart etcd
檢查是否都好了
在deploy節點重建網絡
ansible-playbook /etc/ansible/tools/change_k8s_network.yml
不想手動恢復,能夠用ansible自動恢復 須要一鍵備份
ansible-playbook /etc/ansible/23.backup.yml
檢查/etc/ansible/roles/cluster-backup/files目錄下是否有文件
tree /etc/ansible/roles/cluster-backup/files/ //以下 ├── ca # 集羣CA 相關備份 │ ├── ca-config.json │ ├── ca.csr │ ├── ca-csr.json │ ├── ca-key.pem │ └── ca.pem ├── hosts # ansible hosts備份 │ ├── hosts # 最近的備份 │ └── hosts-201807231642 ├── readme.md └── snapshot # etcd 數據備份 ├── snapshot-201807231642.db └── snapshot.db # 最近的備份
模擬故障:
ansible-playbook /etc/ansible/99.clean.yml
修改文件/etc/ansible/roles/cluster-restore/defaults/main.yml,指定要恢復的etcd快照備份,若是不修改就是最新的一次
恢復操做:
ansible-playbook /etc/ansible/24.restore.yml ansible-playbook /etc/ansible/tools/change_k8s_network.yml
相關文章
- 1. Kubernetes/1.Kubernetes基礎
- 2. kubernetes之九–kubernetes deployment
- 3. kubernetes之十–kubernetes service
- 4. kubernetes之八–kubernetes ReplicaSet
- 5. KUBERNETES之Kubernetes Workloads(Kubernetes 做業管理)二
- 6. kubernetes
- 7. Kubernetes
- 更多相關文章...
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。