K8S

Ubuntu 18.04安装

准备

• 一台master，两个node

• 镜像仓库（harbor或公有仓库）

关闭swap分区

sudo sed -ri 's/.*swap.*/#&/' /etc/fstab && sudo swapoff -a

安装kubeadm

sudo apt-get update && sudo  apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg  |  sudo apt-key add -
sudo bash -c 'cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF'
sudo apt-get update && sudo apt-get install -y kubelet kubeadm kubectl

容器Runtime

使用Docker

sudo apt install -y docker docker.io && sudo systemctl enable docker
# 改为systemd
sudo bash -c ' cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
EOF'
sudo systemctl restart docker

使用Contained

• 相比docker更纯粹，更专注于容器runtime
  https://kubernetes.io/docs/setup/production-environment/container-runtimes/

## prepare
sudo bash -c 'cat > /etc/modules-load.d/containerd.conf <<EOF
br_netfilter
EOF'
sudo bash -c 'cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF'
sudo sysctl --system

sudo apt-get update && sudo apt-get install -y containerd
# Configure containerd
sudo mkdir -p /etc/containerd
sudo bash -c 'containerd config default > /etc/containerd/config.toml'
sudo sed -i 's/systemd_cgroup = false/systemd_cgroup = true/' /etc/containerd/config.toml
# Restart containerd
sudo systemctl restart containerd

容器信息查看方法: sudo crictl -r unix:///run/containerd/containerd.sock pods

集群初始化

参数control-plane-endpoint为apiserver的外部负载均衡入口，创建高可用集群时需要
需要预先准备好，无准备可去掉此参数
upload-certs可一键作为master加入集群中，低版本参数可能时--experimental-upload-certs
使用upload-certs时，需妥善保存kubeadm init完成后生成的作为master加入的join命令，其可访问集群内部数据
使用kubeadm init phase upload-certs --upload-certs可刷新join命令

sudo kubeadm init \
  --apiserver-advertise-address=192.168.76.139 \
  --control-plane-endpoint=192.168.76.139:6443 \
  --upload-certs
  --image-repository registry.aliyuncs.com/google_containers \
  --pod-network-cidr=10.244.0.0/16 

配置kubectl

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

初始化flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

加入集群

在master节点运行 kubeadm token create --print-join-command
在node节点运行上面的输出来作为node节点
作为master加入时，依赖上方介绍的upload-certs和control-plane-endpoint参数
3主2从集群: kubectl get nodes -o wide

NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
main Ready master 23m v1.18.3 192.168.76.139 <none> Ubuntu 18.04.4 LTS 4.15.0-106-generic docker://19.3.6
main2 Ready master 7m9s v1.18.3 192.168.76.136 <none> Ubuntu 18.04.4 LTS 4.15.0-106-generic docker://19.3.6
main3 Ready master 17m v1.18.3 192.168.76.140 <none> Ubuntu 18.04.4 LTS 4.15.0-106-generic docker://19.3.6
vm2 Ready <none> 43s v1.18.3 192.168.76.137 <none> Ubuntu 18.04.4 LTS 4.15.0-106-generic docker://19.3.6
vm3 Ready <none> 7m55s v1.18.3 192.168.76.138 <none> Ubuntu 18.04.4 LTS 4.15.0-91-generic docker://19.3.6

创建Pod

echo 'apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
' | kubectl apply -f -

kubectl get pods 输出如下:

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-d46f5678b-4xk6v 1/1 Running 0 63s 10.244.2.4 vm3 <none> <none>
nginx-deployment-d46f5678b-t54mx 1/1 Running 0 63s 10.244.1.5 vm2 <none> <none>

删除任意一个pod，k8s都会再创建一个，保持数量为2

kubectl get deployment 输出如下:

NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-deployment 2/2 2 2 92s nginx nginx app=nginx

扩容: kubectl scale --replicas=3 deployment nginx-deployment

创建Service

echo 'apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
  - port: 8880
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx' | kubectl apply -f -

查看结果 kubectl get svc -o wide

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h <none>
nginx-svc ClusterIP 10.99.243.241 <none> 8880/TCP 54s app=nginx

转为NodePort模式:

echo 'apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  type: NodePort
  ports:
  - port: 8880
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx' | kubectl apply -f -

查看结果 kubectl get svc -o wide

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h <none>
nginx-svc NodePort 10.99.243.241 <none> 8880:30548/TCP 10m app=nginx

NodePort模式使所有节点都暴露了一个端口，可使用节点ip加暴露的端口来访问服务

使用Ingress来暴露服务