🧙‍♂️
有求必应屋 /
Kubernetes Start
Search
Kubernetes Start

Kubernetes Start

最后发布时间
Last updated February 16, 2023
Tags
k8s
cloud
Oct 13, 2021
 
 

1. minikube 部分

1.1 minikube 本地k8s节点搭建

阿里云文档:
Minikube - Kubernetes本地实验环境-阿里云开发者社区
易立 2017-10-07 174370浏览量 简介: 为了方便大家本地开发和体验Kubernetes,社区提供了可以在本机部署的Minikube。本文介绍利用阿里云的镜像地址在Windows/Mac/Linux上来部署和配置Minikube 为了方便大家开发和体验Kubernetes,社区提供了可以在本地部署的 Minikube 。由于网络访问原因,很多朋友无法直接使用minikube进行实验。在最新的Minikube中,已经提供了配置化的方式,可以帮助大家利用阿里云的镜像地址来获取所需Docker镜像和配置。 注: 先决条件 Minikube在不同操作系统上支持不同的驱动 注: 由于minikube复用了docker-machine,在其软件包中已经支持了相应的VirtualBox, VMware Fusion驱动 VT-x/AMD-v 虚拟化必须在 BIOS 中开启 在Windows环境下,如果开启了Hyper-V,不支持VirtualBox方式 安装Minikube 您可以参考 https://minikube.sigs.k8s.io/docs/start/ 安装配置,下面提供了阿里云团队构建的版本 注:有问题和需求请到 Github 提 issue, https://github.com/AliyunContainerService/minikube/issues Mac OSX curl -Lo minikube https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.23.1/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ Linux curl -Lo minikube https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.23.1/minikube-linux-amd64 &&
Minikube - Kubernetes本地实验环境-阿里云开发者社区
https://yq.aliyun.com/articles/221687?spm=5176.10731542.0.0.52c420be1YcFqd](https://yq.aliyun.com/articles/221687?spm=5176.10731542.0.0.52c420be1YcFqd)
Minikube - Kubernetes本地实验环境-阿里云开发者社区

1.1.0. 下载minikube

minikube 文档 :
minikube start
minikube is local Kubernetes, focusing on making it easy to learn and develop for Kubernetes. All you need is Docker (or similarly compatible) container or a Virtual Machine environment, and Kubernetes is a single command away: minikube start Click on the buttons that describe your target platform.
minikube start
https://minikube.sigs.k8s.io/docs/start/?spm=a2c6h.12873639.0.0.ab202043sqpefe

使用 virtualbox 作为vm 驱动, 阿里云作为中国区镜像

  • 标准创建
minikube start --vm-driver=virtualbox --image-mirror-country=cn --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.7.3.iso --registry-mirror=https://reg-mirror.qiniu.com
其中
--image-repository 为阿里云的谷歌镜像仓库,部署k8s 集群所需
--registry-mirror 为 k8s 中创建 docker 镜像加速
 
  • vbox 默认使用Nat模式
minikube start --vm-driver virtualbox --image-mirror-country cn --iso-url=https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v1.5.0.iso --registry-mirror=https://t66rq3da.mirror.aliyuncs.com
  • 推荐使用网易 docker 镜像
minikube start --vm-driver virtualbox --image-mirror-country cn --registry-mirror=http://hub-mirror.c.163.com
  • hyperv模式下
minikube start --registry-mirror=https://dockerhub.azk8s.cn --vm-driver="hyperv" --memory 4096 --hyperv-virtual-switch="minikube_switch" --image-mirror-country cn
 
其中 hyperv-virtual-switch 需要手动创建
 

1.2 minikube 卸载

 
  • Linux
      • minikube stop; minikube delete
docker stop (docker ps -aq)
rm -r ~/.kube ~/.minikube
sudo rm /usr/local/bin/localkube /usr/local/bin/minikube
systemctl stop '*kubelet*.mount'
sudo rm -rf /etc/kubernetes/
docker system prune -af --volumes
 
  • Mac
      • minikube stop; minikube delete &&
docker stop $(docker ps -aq) &&
rm -rf ~/.kube ~/.minikube &&
sudo rm -rf /usr/local/bin/localkube /usr/local/bin/minikube &&
launchctl stop '*kubelet*.mount' &&
launchctl stop localkube.service &&
launchctl disable localkube.service &&
sudo rm -rf /etc/kubernetes/ &&
docker system prune -af --volumes
 
 
 
 
 

k3s 安装配置

k3s dashboard 获取登录Token

k3s kubectl -n kubernetes-dashboard create token admin-user
 
 

基础

组件

 
notion image
 
kube-apiserver
 
 
 
 
notion image
使用 Service 暴露您的应用
Objectives-- 目标 Learn about a Service in Kubernetes-- Understand how labels and LabelSelector objects relate to a Service-- Expose an application outside a Kubernetes cluster using a Service-- 了解 Kubernetes 中的 Service 了解 标签(Label) 和 标签选择器(Label Selector) 对象如何与 Service 关联 在 Kubernetes 集群外用 Service 暴露应用 Overview of Kubernetes Services-- Kubernetes Service 总览 Kubernetes Pods are mortal.
使用 Service 暴露您的应用
https://kubernetes.io/zh/docs/tutorials/kubernetes-basics/expose/expose-intro/
使用 Service 暴露您的应用
 
 
 
 
 
version              String版本
kind	               String	Pod, Service
metadata	           Object	元数据
metadata.name	       String	
metadata.namespace	 String	
spec	Object	
spec.containers[]	List	
spec.containers[].name	String	容器名称
spec.containers[].image	String	镜像名称
 

k8s 命令文档

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

Node 是什么?

创建 pod

文档地址

https://kubernetes.io/docs/reference/kubectl/docker-cli-to-kubectl/

命令方式

kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster"

YAML 方式

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
    - image: nginx
      name: nginx
      ports:
        - containerPort: 80
          name: http
kubectl apply -f nginx-pods.yaml
创建 kube-nginx0kube-nginx1 两个 pods , 容器端口 80,

查看 pods

kubectl get pods
kube-nginx0 的容器 ip 为172.17.0.4,
docker id 为 b0fec6875bf6838a565460b5923a81f3d39f8b8bd9334b03f098292283be77cd
kubectl describe pod kube-nginx0

为 Pod 提供更新操作,创建 Deployments

文档地址

A Deployment controller provides declarative updates for Pods and ReplicaSets.
https://kubernetes.io/zh/docs/concepts/workloads/controllers/deployment/

命令方式

kubectl create deployment nginx-deployment --image=nginx:1.7.9
此时你可以进行 pod , replicas 扩容
kubectl scale deployment nginx-deployment --replicas=4

YAML 方式 (推荐方式)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

暴露端口 , 创建 Services

文档地址

Exposing an External IP Address to Access an Application in a Cluster
This page shows how to create a Kubernetes Service object that exposes an external IP address. Before you begin Install kubectl. Use a cloud provider like Google Kubernetes Engine or Amazon Web Services to create a Kubernetes cluster. This tutorial creates an external load balancer, which requires a cloud provider.
Exposing an External IP Address to Access an Application in a Cluster
https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/
Exposing an External IP Address to Access an Application in a Cluster

命令方式

kubectl expose [deployment | pod ] nginx-app --port=80 --name=nginx-http
kubectl expose pod kube-nginx0 --port 8080 --target-port=80 --name kube-nginx0-service
kubectl expose pod kube-nginx1 --port 8080 --target-port=80 --name kube-nginx1-service
暴露 kube-nginx1 pod 为 Service , pod 端口 --target-port 为 80 , service 端口 --port 为 8080, service 的 name 为 kube-nginx1-service;

YAML 方式

查看 Services

kubectl get services
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kube-nginx0-service       ClusterIP   10.110.2.57     <none>        8080/TCP   132m
kube-nginx1-service       ClusterIP   10.110.160.24   <none>        8080/TCP   105m
kubernetes                ClusterIP   10.96.0.1       <none>        443/TCP    2d19h
此时产生两个 Services , kube-nginx0-service , kube-nginx1-service , IP 分别为 10.110.2.57,10.110.160.24 , 映射类型为 ClusterIP(默认方式)。
kubectl describe service kube-nginx0
172.17.0.4:80 为 pod 应用, 10.110.2.57 为 service ip ;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-http-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: nginx-http
          servicePort: 80
    port: 8081
  tls:
  - hosts:
    - a.com
    secretName: a.com.secret
是的,Caddyfile 是 caddy 服务的配置文件,可以用来配置 caddy 服务的各种参数,如:绑定的域名、端口号、SSL 证书等等信息。

暴露,访问服务方式

进入
minikube ssh
访问
curl 10.110.2.57:8080 curl 172.17.0.4:80
为同一应用;

–type 端口映射方式, 即有什么方法可以访问到 pod 应用?

NodePort

LoadBalancer

ClusterIP(默认)

Ingress

Ingress

创建 nginx-ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: nginx.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-service
          servicePort: 80

文档地址

https://kubernetes.io/docs/concepts/services-networking/ingress/

YAML 配置

# nginx-ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingressmetadata:
# ingress name 为 nginx-ingress0  
	name: nginx-ingress0  
	# https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/  
	annotations:    
		kubernetes.io/ingress.class: nginx    
		ingress.kubernetes.io/rewrite-target: /    
		nginx.ingress.kubernetes.io/enable-cors: "true"    
		nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
			spec:  
				tls:  - hosts:    
								- a.com    
								secretName: a-secret  rules:#   域名,类似 servername  - host: a.com    http:        paths:        # 映射 Path           - path: /            backend:            # 所要映射的 service name              serviceName: kube-nginx0-service            # 所要映射的 service 端口              servicePort: 8080  - host: b.com    http:        paths:          - path: /            backend:              serviceName: kube-nginx1-service              servicePort: 8080
kubectl apply -f nginx-ingress.yaml
创建的 Ingress , ingress 名字为 nginx-ingress0 , servername 为 a.com ,所要映射的 service 为 kube-nginx0-service,端口为 8080;
  • 如果需要编辑已经存在的 ingress
kubectl edit ingress [ingress 名字 ,nginx-ingress0]

查看 Ingress

kubectl get ingress

NAME             HOSTS           ADDRESS     PORTS   AG
Enginx-ingress0   a.com,b.com     10.0.2.15   80      112m
kubectl describe ingress 
nginx-ingress0
Name:             nginx-ingress0
Namespace:        default
Address:          10.0.2.15
Default backend:  default-http-backend:80 (<none>)
Rules:  Host     Path  Backends  ----     ----  --------  a.com           /   kube-nginx0-service:8080 (172.17.0.4:80)  a.a.com           /   kube-nginx1-service:8080 (172.17.0.7:80)Annotations:  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"nginx-ingress0","namespace":"default"},"spec":{"rules":[{"host":"a.com","http":{"paths":[{"backend":{"serviceName":"kube-nginx0-service","servicePort":8080},"path":"/"}]}}]}}Events:  <none>
此时 ingress ,
a.com --> kube-nginx0-service:8080 (172.17.0.4:80)
b.com --> kube-nginx1-service:8080 (172.17.0.7:80);

VirtualBOX 中配置

minikube 创建 k8s 时,会使用 nat 模式, * 只有进入 ssh 后才可以访问到 *, 此时需要配置 VirtualBOX NAT 映射方式即可才可以在宿主机访问。
img

通过 Ingress 访问

  1. 在宿主机配置 host a.com 127.0.0.1 通过浏览器访问 a.com:8080
  1. 通过 curl 访问 curl 127.0.0.1:8080 -H "Host: a.com"

SSL 配置

  • 生成自签名证书
KEY_FILE=server.keyCERT_FILE=server.crtHOST=a.comCERT_NAME=a.com.secretopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
  • 配置 tls
spec:  
	tls:  
		- hosts:    
			- a.com    
		secretName: a.com.secret
  • 更新 ingress
kubectl apply -f nginx-ingress.yaml

Traefix

TODO

拓展

YAML 配置

# deployment-nginx.yaml---apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 4  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx        image: nginx:1.7.9        ports:        - containerPort: 80
创建一个 deployment ,其中包含 4 个 nginx 版本为 1.7.9 应用副本, 标签app: nginx;
#  deployment-nginx-update.yaml
---
apiVersion: apps/v1 
# for versions before 1.9.0 use 
apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 2  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx       # Update the version of nginx from 1.7.9 to 1.8        image: nginx:1.8        ports:        - containerPort: 80
更新 nginx-deployment , 根据 app: nginx 来匹配副本收缩到 2 , nginx 应用版本升级到 1.8;
# deployment-nginx-scala.yamlapiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2kind: Deploymentmetadata:  name: nginx-deploymentspec:  selector:    matchLabels:      app: nginx  replicas: 7 # Update the replicas from 2 to 4  template:    metadata:      labels:        app: nginx    spec:      containers:      - name: nginx        image: nginx:1.8        ports:        - containerPort: 80
更新 nginx-deployment , 根据 app: nginx 来匹配副本扩容到 7;

命令配置

  • 新增 nginx-deployment
此过程会创建 pod, deployment ,replicasSet。
不推荐使用
kubectl run nginx-deployment --image=nginx:1.7.9 --replicas=1 --port=80
kubectl create deployment nginx-deployment --image=nginx:1.7.9
  • 更新nginx-deployment 中 nginx 副本版本
kubectl set image deployment nginx-deployment nginx=nginx:1.8 [--record]
  • 更新 nginx-deployment yaml
kubectl edit deployment nginx-deployment
  • 扩容 nginx-deployment 副本数为 10
kubectl scale deployment nginx-deployment --replicas=10

健康检查机制 Probe

说明

k8s集群使用的是1.7.7版本的,该版本中官方已经推荐使用Deployment代替Replication Controller(rc)了,Deployment继承了rc的全部功能外,还可以查看升级详细进度和状态,当升级出现问题的时候,可以使用回滚操作回滚到指定的版本,每一次对Deployment的操作,都会保存下来,变能方便的进行回滚操作了,另外对于每一次升级都可以随时暂停和启动,拥有多种升级方案:Recreate删除现在的Pod,重新创建
错误排查
kubectl describe pod frontend | grep -A 3 Events
Mi表示(1Mi=1024x1024),M表示(1M=1000x1000)(其它单位类推, 如Ki/K Gi/G)
Overlay 模型 https://yuerblog.cc/2018/11/10/overlay-network-model-and-flannel-practise/
k8s 驱除策略 https://k8smeetup.github.io/docs/tasks/administer-cluster/out-of-resource/
内存碎片化处理 sync;bash echo 3 > /proc/sys/vm/drop_caches
Copyright 2023 Helixcs