Kubernetes Start

Kubernetes Start

最后发布时间
Oct 29, 2021 01:23 AM
Tags
k8s
cloud
Oct 13, 2021

1. minikube 部分

1.1 minikube 本地k8s节点搭建

阿里云文档:
Minikube - Kubernetes本地实验环境-阿里云开发者社区
易立 2017-10-07 174370浏览量 简介: 为了方便大家本地开发和体验Kubernetes,社区提供了可以在本机部署的Minikube。本文介绍利用阿里云的镜像地址在Windows/Mac/Linux上来部署和配置Minikube 为了方便大家开发和体验Kubernetes,社区提供了可以在本地部署的 Minikube 。由于网络访问原因,很多朋友无法直接使用minikube进行实验。在最新的Minikube中,已经提供了配置化的方式,可以帮助大家利用阿里云的镜像地址来获取所需Docker镜像和配置。 注: 先决条件 Minikube在不同操作系统上支持不同的驱动 注: 由于minikube复用了docker-machine,在其软件包中已经支持了相应的VirtualBox, VMware Fusion驱动 VT-x/AMD-v 虚拟化必须在 BIOS 中开启 在Windows环境下,如果开启了Hyper-V,不支持VirtualBox方式 安装Minikube 您可以参考 https://minikube.sigs.k8s.io/docs/start/ 安装配置,下面提供了阿里云团队构建的版本 注:有问题和需求请到 Github 提 issue, https://github.com/AliyunContainerService/minikube/issues Mac OSX curl -Lo minikube https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.23.1/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ Linux curl -Lo minikube https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.23.1/minikube-linux-amd64 &&
Minikube - Kubernetes本地实验环境-阿里云开发者社区

1.1.0. 下载minikube

minikube 文档 :

使用 virtualbox 作为vm 驱动, 阿里云作为中国区镜像

  • 标准创建
minikube start --vm-driver=virtualbox --image-mirror-country=cn --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.7.3.iso --registry-mirror=https://reg-mirror.qiniu.com
其中
--image-repository 为阿里云的谷歌镜像仓库,部署k8s 集群所需
--registry-mirror 为 k8s 中创建 docker 镜像加速
 
  • vbox 默认使用Nat模式
minikube start --vm-driver virtualbox --image-mirror-country cn --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.5.0.iso --registry-mirror=https://t66rq3da.mirror.aliyuncs.com
  • 推荐使用网易 docker 镜像
minikube start --vm-driver virtualbox --image-mirror-country cn --registry-mirror=http://hub-mirror.c.163.com
  • hyperv模式下
minikube start --registry-mirror=https://dockerhub.azk8s.cn --vm-driver="hyperv" --memory 4096 --hyperv-virtual-switch="minikube_switch" --image-mirror-country cn
 
其中 hyperv-virtual-switch 需要手动创建
 

1.2 minikube 卸载

  • Linux
    • minikube stop; minikube delete
      docker stop (docker ps -aq)
      rm -r ~/.kube ~/.minikube
      sudo rm /usr/local/bin/localkube /usr/local/bin/minikube
      systemctl stop '*kubelet*.mount'
      sudo rm -rf /etc/kubernetes/
      docker system prune -af --volumes
 
  • Mac
    • minikube stop; minikube delete &&
      docker stop $(docker ps -aq) &&
      rm -rf ~/.kube ~/.minikube &&
      sudo rm -rf /usr/local/bin/localkube /usr/local/bin/minikube &&
      launchctl stop '*kubelet*.mount' &&
      launchctl stop localkube.service &&
      launchctl disable localkube.service &&
      sudo rm -rf /etc/kubernetes/ &&
      docker system prune -af --volumes
 
 

 
 

基础

组件

 
notion image
 
kube-apiserver
 
 
 
 
 
 
 
 
 

常用资源

 
Name
Tags
version              String版本
kind	               String	Pod, Service
metadata	           Object	元数据
 

k8s 命令文档

Node 是什么?

创建 pod

文档地址

命令方式

kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster"

YAML 方式

# nginx-pods.yaml---# pod 版本apiVersion: v1# 类型 Podkind: Podmetadata:# Pod 名字  name: kube-nginx0  labels:  # 标签,标识同一类应用的 pod    name: kube-nginx0spec:# 容器  containers:  - name: nginx-gateway#   镜像名    image: nginx    resources:      limits:        memory: "128Mi"        cpu: "500m"    # 容器端口,应用端口    ports:      - containerPort: 80---apiVersion: v1kind: Podmetadata:  name: kube-nginx1  labels:    name: kube-nginx1spec:  containers:  - name: nginx-gateway    image: nginx    resources:      limits:        memory: "128Mi"        cpu: "500m"    ports:      - containerPort: 80
kubectl apply -f nginx-pods.yaml
创建 kube-nginx0kube-nginx1 两个 pods , 容器端口 80,

查看 pods

kubectl get podsNAME          READY   STATUS    RESTARTS   AGEkube-nginx0   1/1     Running   1          115mkube-nginx1   1/1     Running   0          115m
kube-nginx0 的容器 ip 为172.17.0.4, docker id 为 b0fec6875bf6838a565460b5923a81f3d39f8b8bd9334b03f098292283be77cd
kubectl describe pod kube-nginx0Name:         kube-nginx0Namespace:    defaultPriority:     0Node:         minikube/10.0.2.15Start Time:   Fri, 15 Nov 2019 14:11:48 +0800Labels:       name=kube-nginx0....Status:       RunningIP:           172.17.0.4Containers:  nginx-gateway:    Container ID:   docker://b0fec6875bf6838a565460b5923a81f3d39f8b8bd9334b03f098292283be77cd    Image:          nginx    Image ID:       docker-pullable://nginx@sha256:922c815aa4df050d4df476e92daed4231f466acc8ee90e0e774951b0fd7195a4    Port:           80/TCP    Host Port:      0/TCP    State:          Running      Started:      Fri, 15 Nov 2019 14:48:41 +0800    Last State:     Terminated      Reason:       Completed      Exit Code:    0      Started:      Fri, 15 Nov 2019 14:11:59 +0800      Finished:     Fri, 15 Nov 2019 14:48:34 +0800    Ready:          True    Restart Count:  1    Limits:      cpu:     500m      memory:  128Mi    Requests:      cpu:        500m      memory:     128Mi    Environment:  <none>    Mounts:      /var/run/secrets/kubernetes.io/serviceaccount from default-token-cdnzv (ro).......

为 Pod 提供更新操作,创建 Deployments

文档地址

A Deployment controller provides declarative updates for Pods and ReplicaSets.

命令方式

kubectl create deployment nginx-deployment --image=nginx:1.7.9
此时你可以进行 pod , replicas 扩容
kubectl scale deployment nginx-deployment --replicas=4

YAML 方式 (推荐方式)

---apiVersion: apps/v1kind: Deploymentmetadata:  name: nginx-deployment  labels:    # 标识一组应用为 nginx-app    app: nginx-appspec:  # 指定应用 pods 副本数 3  replicas: 3   selector:    matchLabels:      app: nginx-deployment  template:    metadata:      labels:        app: nginx-deployment    spec:      containers:      - name: nginx-deployment        image: nginx:1.7.9        resources:          limits:            memory: "128Mi"            cpu: "500m"        ports:          #  暴露一组应用 pods 端口        - containerPort: 80

暴露端口 , 创建 Services

文档地址

命令方式

kubectl expose [deployment | pod ] nginx-app --port=80 --name=nginx-http
kubectl expose pod kube-nginx0 --port 8080 --target-port=80 --name kube-nginx0-service
kubectl expose pod kube-nginx1 --port 8080 --target-port=80 --name kube-nginx1-service
暴露 kube-nginx1 pod 为 Service , pod 端口 --target-port 为 80 , service 端口 --port 为 8080, service 的 name 为 kube-nginx1-service;

YAML 方式

查看 Services

kubectl get servicesNAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGEkube-nginx0-service       ClusterIP   10.110.2.57     <none>        8080/TCP   132mkube-nginx1-service       ClusterIP   10.110.160.24   <none>        8080/TCP   105mkubernetes                ClusterIP   10.96.0.1       <none>        443/TCP    2d19h
此时产生两个 Services , kube-nginx0-service , kube-nginx1-service , IP 分别为 10.110.2.57,10.110.160.24 , 映射类型为 ClusterIP(默认方式)。
kubectl describe service kube-nginx0Name:              kube-nginx0-serviceNamespace:         defaultLabels:            name=kube-nginx0Annotations:       <none>Selector:          name=kube-nginx0Type:              ClusterIPIP:                10.110.2.57Port:              <unset>  8080/TCPTargetPort:        80/TCPEndpoints:         172.17.0.4:80Session Affinity:  NoneEvents:            <none>
172.17.0.4:80 为 pod 应用, 10.110.2.57 为 service ip ;

暴露,访问服务方式

进入
minikube ssh
访问
curl 10.110.2.57:8080 curl 172.17.0.4:80
为同一应用;

–type 端口映射方式, 即有什么方法可以访问到 pod 应用?

NodePort

LoadBalancer

ClusterIP(默认)

Ingress

Ingress

创建 nginx-ingress

文档地址

YAML 配置

# nginx-ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingressmetadata:
# ingress name 为 nginx-ingress0  
	name: nginx-ingress0  
	# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/  
	annotations:    
		kubernetes.io/ingress.class: nginx    
		ingress.kubernetes.io/rewrite-target: /    
		nginx.ingress.kubernetes.io/enable-cors: "true"    
		nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
			spec:  
				tls:  - hosts:    
								- a.com    
								secretName: a-secret  rules:#   域名,类似 servername  - host: a.com    http:        paths:        # 映射 Path           - path: /            backend:            # 所要映射的 service name              serviceName: kube-nginx0-service            # 所要映射的 service 端口              servicePort: 8080  - host: b.com    http:        paths:          - path: /            backend:              serviceName: kube-nginx1-service              servicePort: 8080
kubectl apply -f nginx-ingress.yaml
创建的 Ingress , ingress 名字为 nginx-ingress0 , servername 为 a.com ,所要映射的 service 为 kube-nginx0-service,端口为 8080;
  • 如果需要编辑已经存在的 ingress
kubectl edit ingress [ingress 名字 ,nginx-ingress0]

查看 Ingress

kubectl get ingress

NAME             HOSTS           ADDRESS     PORTS   AG
Enginx-ingress0   a.com,b.com     10.0.2.15   80      112m
kubectl describe ingress 
nginx-ingress0
Name:             nginx-ingress0
Namespace:        default
Address:          10.0.2.15
Default backend:  default-http-backend:80 (<none>)
Rules:  Host     Path  Backends  ----     ----  --------  a.com           /   kube-nginx0-service:8080 (172.17.0.4:80)  a.a.com           /   kube-nginx1-service:8080 (172.17.0.7:80)Annotations:  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"nginx-ingress0","namespace":"default"},"spec":{"rules":[{"host":"a.com","http":{"paths":[{"backend":{"serviceName":"kube-nginx0-service","servicePort":8080},"path":"/"}]}}]}}Events:  <none>
此时 ingress ,
a.com --> kube-nginx0-service:8080 (172.17.0.4:80)
b.com --> kube-nginx1-service:8080 (172.17.0.7:80);

VirtualBOX 中配置

minikube 创建 k8s 时,会使用 nat 模式, * 只有进入 ssh 后才可以访问到 *, 此时需要配置 VirtualBOX NAT 映射方式即可才可以在宿主机访问。
img

通过 Ingress 访问

  1. 在宿主机配置 host a.com 127.0.0.1 通过浏览器访问 a.com:8080
  1. 通过 curl 访问 curl 127.0.0.1:8080 -H "Host: a.com"

SSL 配置

  • 生成自签名证书
KEY_FILE=server.keyCERT_FILE=server.crtHOST=a.comCERT_NAME=a.com.secretopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
  • 配置 tls
spec:  tls:  - hosts:    - a.com    secretName: a.com.secret
  • 更新 ingress
kubectl apply -f nginx-ingress.yaml

Traefix

TODO

拓展

YAML 配置

# deployment-nginx.yaml---apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 4  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx        image: nginx:1.7.9        ports:        - containerPort: 80
创建一个 deployment ,其中包含 4 个 nginx 版本为 1.7.9 应用副本, 标签app: nginx;
#  deployment-nginx-update.yaml
---
apiVersion: apps/v1 
# for versions before 1.9.0 use 
apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 2  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx       # Update the version of nginx from 1.7.9 to 1.8        image: nginx:1.8        ports:        - containerPort: 80
更新 nginx-deployment , 根据 app: nginx 来匹配副本收缩到 2 , nginx 应用版本升级到 1.8;
# deployment-nginx-scala.yamlapiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 7 # Update the replicas from 2 to 4  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx        image: nginx:1.8        ports:        - containerPort: 80
更新 nginx-deployment , 根据 app: nginx 来匹配副本扩容到 7;

命令配置

  • 新增 nginx-deployment
此过程会创建 pod, deployment ,replicasSet。
不推荐使用
kubectl run nginx-deployment --image=nginx:1.7.9 --replicas=1 --port=80
kubectl create deployment nginx-deployment --image=nginx:1.7.9
  • 更新nginx-deployment 中 nginx 副本版本
kubectl set image deployment nginx-deployment nginx=nginx:1.8 [--record]
  • 更新 nginx-deployment yaml
kubectl edit deployment nginx-deployment
  • 扩容 nginx-deployment 副本数为 10
kubectl scale deployment nginx-deployment --replicas=10

健康检查机制 Probe

说明

k8s集群使用的是1.7.7版本的,该版本中官方已经推荐使用Deployment代替Replication Controller(rc)了,Deployment继承了rc的全部功能外,还可以查看升级详细进度和状态,当升级出现问题的时候,可以使用回滚操作回滚到指定的版本,每一次对Deployment的操作,都会保存下来,变能方便的进行回滚操作了,另外对于每一次升级都可以随时暂停和启动,拥有多种升级方案:Recreate删除现在的Pod,重新创建
错误排查
kubectl describe pod frontend | grep -A 3 Events
Mi表示(1Mi=1024x1024),M表示(1M=1000x1000)(其它单位类推, 如Ki/K Gi/G)
Overlay 模型 https://yuerblog.cc/2018/11/10/overlay-network-model-and-flannel-practise/
k8s 驱除策略 https://k8smeetup.github.io/docs/tasks/administer-cluster/out-of-resource/
内存碎片化处理 sync;bash echo 3 > /proc/sys/vm/drop_caches