1. 设置主机名
hostnamectl set-hostname kube-master
编辑 /etc/hosts文件,加入以下内容
192.168.1.10 kube-master
2. 安装kubelet kubeadm kubectl
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet kubeadm kubectl
3. 获取镜像
docker pull mirrorgooglecontainers/kube-apiserver:v1.13.1
docker pull mirrorgooglecontainers/kube-controller-manager:v1.13.1
docker pull mirrorgooglecontainers/kube-scheduler:v1.13.1
docker pull mirrorgooglecontainers/kube-proxy:v1.13.1
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.2.24
docker pull coredns/coredns:1.2.6
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
docker tag mirrorgooglecontainers/kube-apiserver:v1.13.1 k8s.gcr.io/kube-apiserver:v1.13.1
docker tag mirrorgooglecontainers/kube-controller-manager:v1.13.1 k8s.gcr.io/kube-controller-manager:v1.13.1
docker tag mirrorgooglecontainers/kube-scheduler:v1.13.1 k8s.gcr.io/kube-scheduler:v1.13.1
docker tag mirrorgooglecontainers/kube-proxy:v1.13.1 k8s.gcr.io/kube-proxy:v1.13.1
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
docker rmi mirrorgooglecontainers/kube-apiserver:v1.13.1
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.13.1
docker rmi mirrorgooglecontainers/kube-scheduler:v1.13.1
docker rmi mirrorgooglecontainers/kube-proxy:v1.13.1
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.2.24
docker rmi coredns/coredns:1.2.6
docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
4.
sysctl net.bridge.bridge-nf-call-iptables=1
5. 初始化集群
kubeadm init --kubernetes-version=v1.13.1 --apiserver-advertise-address 192.168.1.9--pod-network-cidr=10.244.0.0/16
按照提示
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
提示里还有节点加入集群的命令
kubeadm join 192.168.1.9:6443 --token zeahie.t9g130gj74rdm43s --discovery-token-ca-cert-hash sha256:a618a7d2a2af25e084150125d457e4a4a207522e1b086d67ef8eb4da6940a885
6. 安装Pod网络插件,使Pod可以相互通信
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
7. 在node节点上
执行1-4
初始化节点
8. 回到master
master执行:watch kubectl get nodes,直到状态变为Ready
9. master参与工作负载(可选):
kubectl taint nodes node1 node-role.kubernetes.io/master-
kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-86c58d9df4-6rqvj 1/1 Running 0 8h 10.244.0.2 kube-master <none> <none>
kube-system coredns-86c58d9df4-qkzvn 1/1 Running 0 8h 10.244.0.3 kube-master <none> <none>
kube-system etcd-kube-master 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kube-system kube-apiserver-kube-master 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kube-system kube-controller-manager-kube-master 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kube-system kube-flannel-ds-amd64-79mpb 1/1 Running 0 8h 192.168.1.9 kube-node1 <none> <none>
kube-system kube-flannel-ds-amd64-sx5zf 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kube-system kube-proxy-6wkbj 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kube-system kube-proxy-p46cr 1/1 Running 0 8h 192.168.1.9 kube-node1 <none> <none>
kube-system kube-scheduler-kube-master 1/1 Running 0 8h 192.168.1.10 kube-master <none> <none>
kubectl create -f nginx.yaml --record
kubectl create -f nginx-srv.yaml --record
不同机器的本地镜像tag不同,部署不同机器会失败,需要建立镜像私有库
不添加ssl认证的仓库
mkdir /mnt/registry
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /mnt/registry:/var/lib/registry \
registry:2.6.2
vim /etc/sysconfig/docker
# 在OPTIONS下添加--insecure-registry=<host-ip>:5000
OPTIONS='--selinux-enabled --log-driver=json-file --signature-verification=false --insecure-registry=10.34.31.13:5000'
# 重启docker
systemctl restart docker
docker tag mybatis/springboothelloworld registry:5000/springboothelloworld
docker push registry:5000/springboothelloworld
curl -XGET http://registry:5000/v2/_catalog
curl -XGET http://registry:5000/v2/image_name/tags/list
apiVersion: apps/v1
kind: Deployment
metadata:
name: $project_name
labels:
app: $project_name
spec:
replicas: 2 #副本数
selector:
matchLabels:
app: $project_name
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 #滚动升级时会先启动1个pod
maxUnavailable: 1 #滚动升级时允许的最大Unavailable的pod个数
minReadySeconds: 120 #滚动升级时120s后认为该pod就绪
template:
metadata:
labels:
app: $project_name
spec:
terminationGracePeriodSeconds: 60 #k8s将会给应用发送SIGTERM信号,可以用来正确、优雅地关闭应用,默认为30秒
containers:
- name: $project_name
image: 192.168.1.10:5000/pailie_wallet_gateway:IMAGE_TAG
env:
- name: spring.profiles.active
value: SPRING_PROFILES_ACTIVE
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8888
volumeMounts:
- name: sdb
mountPath: /var/log/pailie_wallet_gateway
readinessProbe:
httpGet:
path: /actuator/health
port: 8888
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
failureThreshold: 1
livenessProbe:
httpGet:
path: /actuator/health
port: 8888
initialDelaySeconds: 40
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
volumes:
- name: sdb
hostPath:
path: /home/dev/log/pailie_wallet_gateway
---
apiVersion: v1
kind: Service
metadata:
name: $project_name
labels:
app: $project_name
spec:
selector:
app: $project_name
ports:
- port: SPRING_PORT
targetPort: 8888
安装node-exporer
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/scrape: 'true'
labels:
app: node-exporter
name: node-exporter
name: node-exporter
spec:
clusterIP: None
ports:
- name: scrape
port: 9100
protocol: TCP
selector:
app: node-exporter
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: node-exporter
spec:
template:
metadata:
labels:
app: node-exporter
name: node-exporter
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/tryk8s/node-exporter:latest
name: node-exporter
ports:
- containerPort: 9100
hostPort: 9100
name: scrape
hostNetwork: true
hostPID: true
curl 127.0.0.1:9100
curl -O https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
docker pull gcrxio/kubernetes-dashboard-amd64:v1.10.1
docker tag gcrxio/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
vi kubernetes-dashboard.yaml
增加 imagePullPolicy: IfNotPresent
kubectl create -f kubernetes-dashboard.yaml
创建一个cluster-admin角色的service account , 和一个clusterrolebinding, 以便访问所有的k8s资源
kubectl create serviceaccount cluster-admin-dashboard-sa
kubectl create clusterrolebinding cluster-admin-dashboard-sa \
--clusterrole=cluster-admin \
--serviceaccount=default:cluster-admin-dashboard-sa
CRI:kubelet 主要负责同容器运行时(比如 Docker 项目)打交道
CNI:调用网络插件和存储插件为容器配置网络
CSI:持久化存储
https://my.oschina.net/u/1013857/blog/2991314
https://segmentfault.com/a/1190000017530416
https://time.geekbang.org/column/article/23132