Docker & Kubernetes的入門實戰練習
前期準備
在開始以前,建議請先裝好虛擬機,或者租一個Linux雲服務器,本次重點任務是實踐,一共給你們準備了18個實戰的TASK。前端
DOCKER RECAP
首先咱們來複習一下Docker,也讓沒有安裝Docker的同窗來安裝一下環境。node
- 安裝依賴:
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
- 獲取GPG KEY:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-
- 添加私有APT源:
sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable"
- 安裝Docker
sudo apt-get install docker-ce docker-ce-cli containerd.io
- 修改配置
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://dockerhub.azk8s.cn",
"https://reg-mirror.qiniu.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"insecure-registries": ["0.0.0.0/0"],
"storage-driver": "overlay2"
}
TASK 1
啓動一個內有Web版2048遊戲的容器:python
docker run -d -P daocloud.io/daocloud/dao-2048
TASK 2
啓動一個本身的鏡像Registry服務:linux
docker service create --name registry --publish 5000:5000 registry:2
TASK 3
拉取一個Nginx鏡像,並推送到本身的Registry:nginx
docker pull nginx docker tag nginx 127.0.0.1:5000/nginx docker push 127.0.0.1:5000/nginx
TASK 4
此次咱們來構建一個基於OpenAPI的Web APP:git
- 安裝依賴:
pip3 install connexion flask_cors swagger-ui-bundle -i https://mirrors.aliyun.com/pypi/simple/
- 編寫API配置:
openapi: "3.0.0"
info:
title: Hello Pet
version: "1.0"
servers:
- url: http://localhost:9090/v1.0
paths:
/pets/{pet_id}:
get:
description: Returns pets based on ID
summary: Find pets by ID
operationId: app.get_pets_by_id
responses:
'200':
description: pet response
content:
'application/json' :
schema:
type: object
$ref: '#/components/schemas/Pet'
parameters:
- name: pet_id
in: path
description: ID of pet to use
required: true
schema:
type: integer
components:
schemas:
Pet:
type: object
required:
- petType
properties:
petType:
type: string
discriminator:
propertyName: petType
mapping:
dog: Dog
cat: Cat
lizard: Lizard
Cat:
allOf:
- $ref: '#/components/schemas/Pet'
- type: object
- 用Python寫後端API:
import connexion
from flask_cors import CORS
def get_pets_by_id(pet_id: int) -> list:
return [{
'name': 'lucky',
'petType': 'dog',
'bark': 'woof!'
},
{
'name': 'kitty',
'petType': 'cat',
'meow': 'meow!'
},
{
'name': 'jack',
'petType': 'lizard',
'loveRocks': True
}][pet_id%3]
if __name__ == '__main__':
app = connexion.FlaskApp(__name__, port=9090, specification_dir='./')
app.add_api('spec.yaml', arguments={'title': 'Simple Pet'})
CORS(app.app)
app.run()
- 運行服務:
python app.py
TASK 5
基於上一個TASK,進一步構建Pet應用的鏡像:github
- 寫一個Dockerfile:
FROM python:alpine-3.8 copy ./ /opt/app RUN pip3 install connexion swagger-ui-bundle flask_cors -i https://mirrors.aliyun.com/pypi/simple/ ENV PYTHONPATH /opt/app WORKDIR /opt/app CMD ["python", "app"]
- 構建鏡像:
docker build -t petapp -f ./Dockerfile .
- 啓動容器:
docker run petapp
TASK 6
繼續,咱們來發布Pet應用,來嘗試把它發佈到咱們剛剛啓動的私有Registry。web
TASK 7
體驗Potainer管理容器:docker
docker run -d -p 9000:9000 \ --name portainer --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ portainer/portainer
K8S RECAP
接下來咱們來複習一下Kubernetes,首先是幾個基本的組件:shell
- etcd:etcd 用於 Kubernetes 的後端存儲。全部集羣數據都存儲在此處,始終爲您的 Kubernetes 集羣的 etcd 數據提供備份計劃。
- API Server:kube-apiserver對外暴露了Kubernetes API。它是的 Kubernetes 前端控制層。它被設計爲水平擴展,即經過部署更多實例來縮放。
- controller manager:kube-controller-manager運行控制器,它們是處理集羣中常規任務的後臺線程。邏輯上,每一個控制器是一個單獨的進程,但爲了下降複雜性,它們都被編譯成獨立的可執行文件,並在單個進程中運行。
- scheduler:kube-scheduler監視沒有分配節點的新建立的 Pod,選擇一個節點供他們運行。
TASK 8
咱們如今來用kubeadm 安裝 k8s。
準備工做
- 三臺節點 (systemd 管理的)
- 好比debian, ubuntu, fedora, centos等
- 能夠是雲端節點或者虛擬機
- 分配好ip
- 配置好ssh 容許 root 登陸
- 開啓ipforward
- 關閉swap分區
硬件要求
- master節點 內存2核3G(最小2G)
- node節點 內存2核2G
配置 /etc/hosts
172.19.0.21 debian-21 172.19.0.22 debian-22 172.19.0.23 debian-23
安裝/開啓 ssh
apt install openssh-server vim /etc/ssh/sshd_config
PermitRootLogin yes
開啓 ipv4 的 forward機制
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl --system
關閉swap
註釋掉swap分區:
vim /etc/fstab
swapoff -a
安裝docker運行時(略)
具體請看以前Docker的部分。
安裝 MASTER NODE/ CONTROL PLANE
使用kubeadm安裝 control plane:
apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update apt-get install -y kubelet kubeadm kubectl
使用以下腳本:
images=(
kube-apiserver:v1.17.0
kube-controller-manager:v1.17.0
kube-scheduler:v1.17.0
kube-proxy:v1.17.0
pause:3.1
etcd:3.4.3-0
coredns:1.6.5
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done
kubeadm init --apiserver-advertise-address 172.19.0.31 --pod-network-cidr 10.30.0.0/16 --service-cidr 10.31.0.0/16
這個時候,彷佛仍是比較順暢的,部分輸出以下:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.19.0.31:6443 --token ay1y19.hyemvesfsl66wiic \
--discovery-token-ca-cert-hash sha256:b98a644c2f163ec19996599856b2d9b537ec78a0e61d920251239ec3131e5430
master節點運行:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
node節點運行(在node節點搭建完成後進行):
kubeadm join 172.19.0.31:6443 --token ay1y19.hyemvesfsl66wiic \
--discovery-token-ca-cert-hash sha256:b98a644c2f163ec19996599856b2d9b537ec78a0e61d920251239ec3131e5430
kubectl apply -f flannel.yaml
flannel.yaml:
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.30.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-amd64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.11.0-amd64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- arm64
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.11.0-arm64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-arm64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- arm
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.11.0-arm
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-arm
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-ppc64le
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.11.0-ppc64le
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-ppc64le
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-s390x
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.11.0-s390x
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.11.0-s390x
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
flannel 國內鏡像:
docker pull quay-mirror.qiniu.com/coreos/flannel:v0.11.0 docker tag quay-mirror.qiniu.com/coreos/flannel:v0.11.0 quay.io/coreos/flannel:v0.11.0-amd64
部署Node節點
部份內容和master節點雷同, 好比運行時安裝與配置, kubelet安裝。
- 拉取國內鏡像。
- 部署kubelet, 配置join加入集羣。
TASK 9
部署petapp到k8s集羣。
(擴展:掛載在nginx後,scale到4個pod,建立NodePortService)
kubectl運行的三種方式
- Generators (Run, Expose)
kubectl run --generator=run-pod/v1 nginx --image=nginx --image-pull-policy=IfNotPresent
- 用解釋的方法(Create)
kubectl create deployment --image=nginx nginx
- 用聲明的方法(Apply)
# deployment.yaml
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
kubectl apply -f https://k8s.io/examples/application/deployment.yaml
K8S:存儲部分
TASK 10
emptyDir
當 Pod 指定到某個節點上時,首先建立的是一個 emptyDir 卷,而且只要 Pod 在該節點上運行,卷就一直存在。 就像它的名稱表示的那樣,卷最初是空的。 儘管 Pod 中的容器掛載 emptyDir 卷的路徑可能相同也可能不一樣,可是這些容器均可以讀寫 emptyDir 卷中相同的文件。 當 Pod 由於某些緣由被從節點上刪除時,emptyDir 卷中的數據也會永久刪除。
掛載一個emptyDir的pod
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
TASK 11
搭建NFS(Network File System)
service端的安裝
安裝包:
sudo apt-get install nfs-kernel-server nfs-common
建立共享目錄:
sudo mkdir -p /var/nfsshare/xxx sudo chmod -R 777 /var/nfsshare/xxx
在 /etc/exports 加入:
/var/nfsshare/xxx xxx.xxx.xxx.*(rw,sync,no_root_squash,no_all_squash)
或者相似:
/var/nfsshare/xxx *(rw,sync,no_root_squash,no_all_squash)
啓動服務:
/etc/init.d/nfs-kernel-server restart
TASK 12
pvc與pv的綁定
hostpath 掛載:
kind: PersistentVolume
metadata:
name: data
namespace: data
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /home/data
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data
namespace: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
volumeName: "data"
使用nfs捲進行掛載:
apiVersion: v1
kind: PersistentVolume
metadata:
name: data
namespace: data
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
nfs:
# FIXME: use the right IP
server: 172.19.0.11
path: "/var/nfsshare/data"
persistentVolumeReclaimPolicy: Recycle
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data
namespace: data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
volumeName: "data"
K8S:網絡部分
TASK 13
nginx ingress controller的安裝
配置nginx ingress controller
咱們這裏使用獨立的ingress controller, 能夠使用 nginx-ingress。nginx ingress controller能夠使用多種方式部署(好比pod或daemonset),也能夠使用helm完成部署。
這裏給出daemonset直接配置的部署方式:
kubectl apply -f common/ns-and-sa.yaml kubectl apply -f common/default-server-secret.yaml kubectl apply -f common/nginx-config.yaml kubectl apply -f rbac/rbac.yaml kubectl apply -f daemon-set/nginx-ingress.yaml
一些自定義的配置, 須要修改common/nginx-config.yaml, 好比:
kind: ConfigMap apiVersion: v1 metadata: name: nginx-config namespace: nginx-ingress data: proxy-connect-timeout: "10s" proxy-read-timeout: "10s" client-max-body-size: "100m"
TASK 14
根據域名的不一樣將流量導向指定的app
apple-app
kind: Pod
apiVersion: v1
metadata:
name: apple-app
labels:
app: apple
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=apple"
---
kind: Service
apiVersion: v1
metadata:
name: apple-service
spec:
selector:
app: apple
ports:
- port: 5678 # Default port for image
banana-app
kind: Pod
apiVersion: v1
metadata:
name: banana-app
labels:
app: banana
spec:
containers:
- name: banana-app
image: hashicorp/http-echo
args:
- "-text=banana"
---
kind: Service
apiVersion: v1
metadata:
name: banana-service
spec:
selector:
app: banana
ports:
- port: 5678 # Default port for image
kubectl apply -f apple.yaml
kubectl apply -f banana.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
- path: /banana
backend:
serviceName: banana-service
servicePort: 5678
kubectl apply -f apple.yaml kubectl apply -f banana.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
- path: /banana
backend:
serviceName: banana-service
servicePort: 5678
kubectl apply -f ingress.yaml
K8S:監控部分
TASK 15
metric server的安裝
- 手動安裝metrics-server:
git clone https://github.com/kubernetes-incubator/metrics-server.git cd metrics-server/ kubectl create -f deploy/1.8+/
- 拉取國內鏡像
images=(
metrics-server-amd64:v0.3.6
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName gcr.io/google_containers/$imageName
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done
deploy前要修改參數, 找到
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
args:
- --cert-dir=/tmp
- --secure-port=4443
注意添加args
--kubelet-insecure-tls=true --kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP
TASK 16
kube dashboard的安裝
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml
TASK 17
使用kubectl top以及kube dashboard觀察k8s平臺的指標
建立訪問用的USER
admin-user-sa.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
admin-user-crb.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard root@debian-11:~/app/dashboard# cat admin-user-crb.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
獲取secret token
kubectl -n kubernetes-dashboard describe secret `kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}'`
進階實戰
TASK 18
建立Node節點,動手配置TLS加入kube集羣。
相關文章
- 1. Kubernetes 入門練習
- 2. Docker入門實戰
- 3. Docker——入門實戰
- 4. docker入門實戰
- 5. Docker 入門實戰
- 6. docker實戰練習(一)
- 7. Kubernetes入門與進階實戰培訓
- 8. JQ入門學習實戰演練
- 9. 3.kubernetes快速入門— kubernetes入門到實戰【入門+進階篇】
- 10. Kubernetes 入門到進階實戰
- 更多相關文章...
- • Memcached入門教程 - NoSQL教程
- • Spring DI(依賴注入)的實現方式:屬性注入和構造注入 - Spring教程
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Kubernetes 入門練習
- 2. Docker入門實戰
- 3. Docker——入門實戰
- 4. docker入門實戰
- 5. Docker 入門實戰
- 6. docker實戰練習(一)
- 7. Kubernetes入門與進階實戰培訓
- 8. JQ入門學習實戰演練
- 9. 3.kubernetes快速入門— kubernetes入門到實戰【入門+進階篇】
- 10. Kubernetes 入門到進階實戰