Oct 13, 2021
1. minikube 部分
1.1 minikube 本地k8s节点搭建
阿里云文档:
1.1.0. 下载minikube
minikube 文档 :
使用 virtualbox 作为vm 驱动, 阿里云作为中国区镜像
- 标准创建
minikube start --vm-driver=virtualbox --image-mirror-country=cn --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.7.3.iso --registry-mirror=https://reg-mirror.qiniu.com
其中
--image-repository
为阿里云的谷歌镜像仓库,部署k8s 集群所需--registry-mirror
为 k8s 中创建 docker 镜像加速- vbox 默认使用Nat模式
minikube start --vm-driver virtualbox --image-mirror-country cn --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.5.0.iso --registry-mirror=https://t66rq3da.mirror.aliyuncs.com
- 推荐使用网易 docker 镜像
minikube start --vm-driver virtualbox --image-mirror-country cn --registry-mirror=http://hub-mirror.c.163.com
- hyperv模式下
minikube start --registry-mirror=https://dockerhub.azk8s.cn --vm-driver="hyperv" --memory 4096 --hyperv-virtual-switch="minikube_switch" --image-mirror-country cn
其中 hyperv-virtual-switch 需要手动创建
1.2 minikube 卸载
- Linux
minikube stop; minikube delete docker stop (docker ps -aq) rm -r ~/.kube ~/.minikube sudo rm /usr/local/bin/localkube /usr/local/bin/minikube systemctl stop '*kubelet*.mount' sudo rm -rf /etc/kubernetes/ docker system prune -af --volumes
- Mac
minikube stop; minikube delete && docker stop $(docker ps -aq) && rm -rf ~/.kube ~/.minikube && sudo rm -rf /usr/local/bin/localkube /usr/local/bin/minikube && launchctl stop '*kubelet*.mount' && launchctl stop localkube.service && launchctl disable localkube.service && sudo rm -rf /etc/kubernetes/ && docker system prune -af --volumes
k3s 安装配置
k3s dashboard 获取登录Token
k3s kubectl -n kubernetes-dashboard create token admin-user
基础
组件
version String版本 kind String Pod, Service metadata Object 元数据 metadata.name String metadata.namespace String spec Object spec.containers[] List spec.containers[].name String 容器名称 spec.containers[].image String 镜像名称
k8s 命令文档
Node 是什么?
创建 pod
文档地址
命令方式
kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster"
YAML 方式
apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - image: nginx name: nginx ports: - containerPort: 80 name: http
kubectl apply -f nginx-pods.yaml
创建
kube-nginx0
和 kube-nginx1
两个 pods , 容器端口 80,查看 pods
kubectl get pods
kube-nginx0
的容器 ip 为172.17.0.4, docker id 为 b0fec6875bf6838a565460b5923a81f3d39f8b8bd9334b03f098292283be77cd
kubectl describe pod kube-nginx0
为 Pod 提供更新操作,创建 Deployments
文档地址
A Deployment controller provides declarative updates for Pods and ReplicaSets.
命令方式
kubectl create deployment nginx-deployment --image=nginx:1.7.9
此时你可以进行 pod , replicas 扩容
kubectl scale deployment nginx-deployment --replicas=4
YAML 方式 (推荐方式)
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80
暴露端口 , 创建 Services
文档地址
命令方式
kubectl expose [deployment | pod ] nginx-app --port=80 --name=nginx-http
kubectl expose pod kube-nginx0 --port 8080 --target-port=80 --name kube-nginx0-service
kubectl expose pod kube-nginx1 --port 8080 --target-port=80 --name kube-nginx1-service
暴露 kube-nginx1 pod 为 Service , pod 端口
--target-port
为 80 , service 端口 --port
为 8080, service 的 name 为 kube-nginx1-service
;YAML 方式
查看 Services
kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-nginx0-service ClusterIP 10.110.2.57 <none> 8080/TCP 132m kube-nginx1-service ClusterIP 10.110.160.24 <none> 8080/TCP 105m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d19h
此时产生两个 Services , kube-nginx0-service , kube-nginx1-service , IP 分别为 10.110.2.57,10.110.160.24 , 映射类型为 ClusterIP(默认方式)。
kubectl describe service kube-nginx0
172.17.0.4:80 为 pod 应用, 10.110.2.57 为 service ip ;
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-http-ingress spec: rules: - http: paths: - path: / backend: serviceName: nginx-http servicePort: 80 port: 8081 tls: - hosts: - a.com secretName: a.com.secret
是的,Caddyfile 是 caddy 服务的配置文件,可以用来配置 caddy 服务的各种参数,如:绑定的域名、端口号、SSL 证书等等信息。
暴露,访问服务方式
进入
minikube ssh
访问
curl 10.110.2.57:8080
curl 172.17.0.4:80
为同一应用;
–type 端口映射方式, 即有什么方法可以访问到 pod 应用?
NodePort
LoadBalancer
ClusterIP(默认)
Ingress
Ingress
创建 nginx-ingress
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: nginx.example.com http: paths: - path: / backend: serviceName: nginx-service servicePort: 80
文档地址
YAML 配置
# nginx-ingress.yaml --- apiVersion: extensions/v1beta1 kind: Ingressmetadata: # ingress name 为 nginx-ingress0 name: nginx-ingress0 # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ annotations: kubernetes.io/ingress.class: nginx ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS" spec: tls: - hosts: - a.com secretName: a-secret rules:# 域名,类似 servername - host: a.com http: paths: # 映射 Path - path: / backend: # 所要映射的 service name serviceName: kube-nginx0-service # 所要映射的 service 端口 servicePort: 8080 - host: b.com http: paths: - path: / backend: serviceName: kube-nginx1-service servicePort: 8080
kubectl apply -f nginx-ingress.yaml
创建的 Ingress , ingress 名字为 nginx-ingress0 , servername 为 a.com ,所要映射的 service 为 kube-nginx0-service,端口为 8080;
- 如果需要编辑已经存在的 ingress
kubectl edit ingress [ingress 名字 ,nginx-ingress0]
查看 Ingress
kubectl get ingress NAME HOSTS ADDRESS PORTS AG Enginx-ingress0 a.com,b.com 10.0.2.15 80 112m
kubectl describe ingress nginx-ingress0 Name: nginx-ingress0 Namespace: default Address: 10.0.2.15 Default backend: default-http-backend:80 (<none>) Rules: Host Path Backends ---- ---- -------- a.com / kube-nginx0-service:8080 (172.17.0.4:80) a.a.com / kube-nginx1-service:8080 (172.17.0.7:80)Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"nginx-ingress0","namespace":"default"},"spec":{"rules":[{"host":"a.com","http":{"paths":[{"backend":{"serviceName":"kube-nginx0-service","servicePort":8080},"path":"/"}]}}]}}Events: <none>
此时 ingress ,
a.com --> kube-nginx0-service:8080 (172.17.0.4:80)
b.com --> kube-nginx1-service:8080 (172.17.0.7:80)
;VirtualBOX 中配置
minikube 创建 k8s 时,会使用 nat 模式, * 只有进入 ssh 后才可以访问到 *, 此时需要配置 VirtualBOX NAT 映射方式即可才可以在宿主机访问。
img
通过 Ingress 访问
- 在宿主机配置 host
a.com 127.0.0.1
通过浏览器访问a.com:8080
。
- 通过 curl 访问
curl 127.0.0.1:8080 -H "Host: a.com"
SSL 配置
- 生成自签名证书
KEY_FILE=server.keyCERT_FILE=server.crtHOST=a.comCERT_NAME=a.com.secretopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
- 配置 tls
spec: tls: - hosts: - a.com secretName: a.com.secret
- 更新 ingress
kubectl apply -f nginx-ingress.yaml
Traefix
TODO
拓展
YAML 配置
# deployment-nginx.yaml---apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata: name: nginx-deploymentspec: selector: matchLabels: app: nginx replicas: 4 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80
创建一个 deployment ,其中包含 4 个 nginx 版本为 1.7.9 应用副本, 标签
app: nginx
;# deployment-nginx-update.yaml --- apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata: name: nginx-deploymentspec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx # Update the version of nginx from 1.7.9 to 1.8 image: nginx:1.8 ports: - containerPort: 80
更新 nginx-deployment , 根据
app: nginx
来匹配副本收缩到 2 , nginx 应用版本升级到 1.8;# deployment-nginx-scala.yamlapiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata: name: nginx-deploymentspec: selector: matchLabels: app: nginx replicas: 7 # Update the replicas from 2 to 4 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.8 ports: - containerPort: 80
更新 nginx-deployment , 根据
app: nginx
来匹配副本扩容到 7;命令配置
- 新增 nginx-deployment
此过程会创建 pod, deployment ,replicasSet。
不推荐使用
kubectl run nginx-deployment --image=nginx:1.7.9 --replicas=1 --port=80
kubectl create deployment nginx-deployment --image=nginx:1.7.9
- 更新nginx-deployment 中 nginx 副本版本
kubectl set image deployment nginx-deployment nginx=nginx:1.8 [--record]
- 更新 nginx-deployment yaml
kubectl edit deployment nginx-deployment
- 扩容 nginx-deployment 副本数为 10
kubectl scale deployment nginx-deployment --replicas=10
健康检查机制 Probe
说明
k8s集群使用的是1.7.7版本的,该版本中官方已经推荐使用Deployment代替Replication Controller(rc)了,Deployment继承了rc的全部功能外,还可以查看升级详细进度和状态,当升级出现问题的时候,可以使用回滚操作回滚到指定的版本,每一次对Deployment的操作,都会保存下来,变能方便的进行回滚操作了,另外对于每一次升级都可以随时暂停和启动,拥有多种升级方案:Recreate删除现在的Pod,重新创建
错误排查
kubectl describe pod frontend | grep -A 3 Events
Mi表示(1Mi=1024x1024),M表示(1M=1000x1000)(其它单位类推, 如Ki/K Gi/G)
Overlay 模型 https://yuerblog.cc/2018/11/10/overlay-network-model-and-flannel-practise/
k8s 驱除策略 https://k8smeetup.github.io/docs/tasks/administer-cluster/out-of-resource/
内存碎片化处理 sync;bash echo 3 > /proc/sys/vm/drop_caches