K8s快速部署

节点规划

#k8smaster
10.0.0.11
#k8snode1
10.0.0.12
#k8snode2
10.0.0.13

所有节点安装docker环境及依赖

上传docker-k8s.tar到所有节点/opt目录后解压,k8s需要指定docker的版本,版本不匹配可能会出现不兼容

#master,node1,node2
#进入目录解压后全部安装
cd /opt
tar -xf docker-k8s.tar
cd /opt/pkg
yum localinstall -y *.rpm

上传k8s-master.zip到master节点/opt目录后解压

#master
#进入目录解压后全部安装
cd /opt
unzip k8s-master.zip
cd /opt/k8s-master
yum localinstall -y *.rpm

上传k8s-node.zip到node1,node2节点/opt目录后解压


#node1 node2
#解压后全部安装
cd /opt
tar -xf k8s-node.tar
yum localinstall -y *.rpm

配置主节点ETCD

#master
vim /etc/etcd/etcd.conf

#修改以下内容
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"

修改完成后重启并测试

#master
重启,并设置开机自动
systemctl restart etcd.service
systemctl enable etcd.service
#键值测试
etcdctl set name 1997sty
etcdctl get name

配置Master节点

#master
vi /etc/kubernetes/apiserver

#修改以下内容
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

修改完成后重启

#master
重启,并设置开机自动
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl start kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-scheduler.service

node节点配置

config

#node1,node2
vi /etc/kubernetes/config

#修改以下内容
KUBE_MASTER="--master=http://10.0.0.11:8080"

node1节点,kubelet

#node1
vi /etc/kubernetes/kubelet

#修改以下内容
KUBELET_ADDRESS="--address=10.0.0.12"
KUBELET_HOSTNAME="--hostname-override=10.0.0.12"
KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"

node2节点,kubelet

#node2
vi /etc/kubernetes/kubelet

#修改以下内容
KUBELET_ADDRESS="--address=10.0.0.13"
KUBELET_HOSTNAME="--hostname-override=10.0.0.13"
KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"

修改完成后重启

#node1,node2
systemctl enable kubelet.service
systemctl start kubelet.service
systemctl enable kube-proxy.service
systemctl start kube-proxy.service

验证节点状态

#master
kubectl get nodes

所有节点配置flannel网络

#更新yum源
curl  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#安装flannel
yum install flannel -y

所有节点

#master,node1,node2

yum install flannel -y
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld

master节点

#master
#选择网段
etcdctl mk /atomic.io/network/config '{"Network": "172.16.0.0/16"}'
etcdctl get /atomic.io/network/config
systemctl enable flanneld.service
systemctl start flanneld.service
systemctl restart docker
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service

node节点

#node1,node2
systemctl enable flanneld.service
systemctl start flanneld.service
systemctl restart docker
systemctl restart kubelet.service
systemctl restart kube-proxy.service

配置master为镜像仓库

#master
vi /etc/sysconfig/docker

#修改以下内容
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000'

#重启服务
systemctl restart docker

配置本地registry

#master
#生成registry容器
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry

#拉取镜像修改标签测试镜像仓库
docker pull nginx
docker tag nginx 10.0.0.11:5000/1997sty/nginx:v1
docker push 10.0.0.11:5000/1997sty/nginx:v1

node节点配置

#node1,node2
vi /etc/sysconfig/docker

#修改以下内容
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'

#重启服务
systemctl restart docker

拉取本地镜像测试

docker pull 10.0.0.11:5000/1997sty/nginx:v1

k8s核心资源管理

QQ图片20200520094545.png

PODS

创建第一个pod,创建所用的镜像是之前推送的nginx

#master
#创建目录
mkdir /opt/yml -p

#进入目录
cd /opt/yml

#创建yml文件
cat >k8s_pod.yml << EOF
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: 10.0.0.11:5000/1997sty/nginx:v1
      ports:
        - containerPort: 80
EOF

#创建镜像
kubectl create -f k8s_pod.yml

第一次创建镜像可能会出现以下报错

failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
  • 解决方法:将准备好的镜像上传到本地,再推送到本地镜像仓库,修改所有节点的镜像配置文件,重启服务
#master
#从网上寻找资源registry.access.redhat.com/rhel7/pod-infrastructure:latest上传镜像到本地仓库
#进入目录上传镜像文件
cd /opt

#导入镜像
docker load -i pod-infrastructure-latest.tar.gz

#查看镜像并修改标签
docker images
docker tag docker.io/tianyebj/pod-infrastructure:latest 10.0.0.11:5000/1997sty/pod-infrastructure:latest

#推送镜像到本地仓库
docker push 10.0.0.11:5000/1997sty/pod-infrastructure:latest

修改所有节点的配置文件并重启服务,再尝试重新创建pod

#node1,node2

vi /etc/kubernetes/kubelet

#修改以下内容
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/1997sty/pod-infrastructure:latest"

#重启服务
systemctl restart kubelet.service

删除pod,重新创建pod

#master
#删除后重新创建
kubectl delete pod nginx
kubectl create -f k8s_pod.yml

当一个镜像更新以后,可以修改yml文件中的镜像信息,然后使用命令更新该pod

#master
#修改镜像标签并推送到本地仓库
docker pull nginx
docker tag docker.io/nginx:latest 10.0.0.11:5000/1997sty/nginx:v2
docker push 10.0.0.11:5000/1997sty/nginx:v2

#修改image信息
cat >k8s_pod.yml << EOF
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: 10.0.0.11:5000/1997sty/nginx:v2
      ports:
        - containerPort: 80
EOF

#更新pod
kubectl replace --force -f k8s_pod.yml

#查看pod信息
kubectl get pods

命令小结

  • kubectl create -f k8s_pod.yml : 根据yml文件创建容器
  • kubectl get pods : 查看所有pods信息
  • kubectl get pods -o wide : 查看所有pods详细信息
  • kubectl get pods nginx -o wide : 过滤查看pods详细信息
  • kubectl get pods -o wide -l app=web : 过滤查看pods详细信息
  • kubectl get pods -o wide --namespace=1997sty : 过滤查看pods详细信息
  • kubectl describe pods : 查看进度和报错情况
  • kubectl delete pod nginx : 删除容器
  • kubectl replace --force -f k8s_pod.yml : 替换容器

RC

ReplicationController,RC保证在同一时间能够运行指定数量的Pod副本,保证Pod总是可用.如果实际Pod数量比指定的多就结束掉多余的,如果实际数量比指定的少就启动缺少的.当Pod失败,被删除或被终结时RC会自动创建新的Pod来保证副本数量.所以即使只有一个Pod也应该使用RC来进行管理

#master
#创建目录
mkdir /opt/yml -p

#进入目录
cd /opt/yml

#创建yml文件
cat >k8s_nginx_rc.yml<<EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: nginxrc
spec:
  replicas: 3
  selector:
    app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 10.0.0.11:5000/1997sty/nginx:v2
        ports:
EOF

#创建镜像
kubectl create -f k8s_nginx_rc.yml

#查看创建的容器(会看到3个运行的容器)
kubectl get pods -o wide

#查看rc
kubectl get rc

#删除rc
kubectl delete rc nginxrc

副本数增加或减少

#master
#修改配置文件后用该命令再执行一次
kubectl replace -f k8s_nginx_rc.yml

#直接编辑配置(和vi操作类似,立即生效)
kubectl edit rc nginxrc

#修改当前副本数(立即生效)
kubectl scale rc nginxrc --replicas=4

滚动升级及回滚

#master
#复制一份配置文件,改动其中的部分参数比如name,image
cp k8s_nginx_rc.yml k8s_nginx1_rc.yml
#逐一升级
kubectl rolling-update nginxrc -f k8s_nginx1_rc.yml --update-period=10s

#在升级过程中,可以在原命令最后加上--rollback进行回退.如果升级完成,则不可以使用这条指令进行回退
kubectl rolling-update nginx nginx1 --update-period=10s --rollback

#如果升级完成后需要回滚,则进行反向操作
kubectl rolling-update nginx -f k8s_nginx_rc.yml --update-period=10s

命令小结

  • kubectl create -f k8s_nginx_rc.yml : 根据yml文件创建容器
  • kubectl get pods : 查看所有pods信息
  • kubectl get pods -o wide : 查看所有pods详细信息
  • kubectl delete rc nginx : 删除nginx的rc
  • kubectl get rc : 查看所有rc信息
  • kubectl scale rc RCNAME --replicas=4 : 修改复制集个数为4个
  • kubectl rolling-update OLDRCNAME -f NEWRCFILE --update-period=5s : 对容器逐个升级间隔5秒
  • kubectl rolling-update OLDRCNAME NEWRCNAME --rollback : 升级过程中回滚

depolyment

Deployment对象,顾名思义,是用于部署应用的对象.它使Kubernetes中最常用的一个对象,它为ReplicaSet和Pod的创建提供了一种声明式的定义方法,从而无需像前两篇文章中那样手动创建ReplicaSet和Pod对象(使用Deployment而不直接创建ReplicaSet是因为Deployment对象拥有许多ReplicaSet没有的特性,例如滚动升级和回滚).

#master
#创建目录
mkdir /opt/yml -p

#进入目录
cd /opt/yml

#创建yml文件
cat >k8s_nginx_dev.yml<<EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 10.0.0.11:5000/1997sty/nginx:v2
        ports:
        - containerPort: 80
EOF

#创建镜像
kubectl create -f k8s_nginx_dev.yml

#查看创建的容器(会看到2个运行的容器)
kubectl get pods -o wide

#查看deployment
kubectl get deployment

#删除deployment
kubectl delete deployment nginx

deployment滚动升级

#master
#滚动升级镜像
kubectl set image deployment/nginx nginx=10.0.0.11:5000/1997sty/nginx:v1
#回滚操作
kubectl rollout undo deployment/nginx

实现自动pod伸缩

  • horizontalpodautoscalers(HPA)
#master
#当资源使用到80%时,再启动一个pod,至少启动2个pod,最多6个pod
kubectl autoscale deployment nginx --min=2 --max=6 --cpu-percent=80

#查看配置
kubectl get hpa

#修改配置
kubectl edit hpa nginx

命令小结

  • kubectl create -f k8s_nginx_dev.yml : 根据yml文件创建容器
  • kubectl get pods : 查看所有pods信息
  • kubectl get pods -o wide : 查看所有pods详细信息
  • kubectl delete deployment nginx : 删除nginx的deployment
  • kubectl get deployment : 查看所有deployment信息
  • kubectl autoscale deployment nginx --min=2 --max=6 --cpu-percent=80 : 实现自动pod伸缩
  • kubectl set image deployment/nginx nginx=10.0.0.11:5000/1997sty/nginx:v1 : deployment滚动升级
  • kubectl rollout undo deployment/nginx : deployment回滚

Service

Service可以看作是一组提供相同服务的Pod对外的访问接口.借助Service,应用可以方便地实现服务发现和负载均衡.

#master
#创建目录
mkdir /opt/yml -p

#进入目录
cd /opt/yml

#创建yml文件
cat >k8s_nginx_svc.yml<<EOF
apiVersion: v1
kind: Service
metadata:
  name: nginxsvc
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30001
  selector:
    app: nginx
EOF

#创建Service
kubectl create -f k8s_nginx_svc.yml

#查看创建的svc
kubectl get svc

#curl验证
curl -I 10.0.0.12:30001
curl -I 10.0.0.13:30001

k8s实现wordpress项目

准备NFS共享存储

#master
#安装服务,创建目录
yum install -y nfs-utils-*
mkdir /data /code

#编辑文件
vim /etc/exports

/data 10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
/code 10.0.0.0/24(rw,async,no_root_squash,no_all_squash)

#启动服务
systemctl restart rpcbind
systemctl restart nfs
systemctl enable rpcbind
systemctl enable nfs

#查看挂载情况
showmount -e

准备mysql,Wordpress相关的配置文件

#master
#创建目录
mkdir /opt/yml -p
mkdir /data
mkdir /code
#进入目录
cd /opt/yml

#MYSQL PV定义
cat > nfs_pv_data.yml<<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0001
  labels:
    pv: nfs001
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  nfs:
    path: "/data"
    server: 10.0.0.11
    readOnly: false
EOF

#Wordpress PV定义
cat > nfs_pv_code.yml<<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0002
  labels:
    pv: nfs002
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  nfs:
    path: "/code"
    server: 10.0.0.11
    readOnly: false
EOF

#MySQL PVC定义
cat > nfs_pvc_mysql.yml<<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc0001
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      pv: nfs001
EOF

#Wordpress PVC定义
cat > nfs_pvc_wp.yml<<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc0002
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  selector:
    matchLabels:
      pv: nfs002
EOF

#创建pv和pvc
kubectl create -f nfs_pv_data.yml
kubectl create -f nfs_pvc_mysql.yml
kubectl create -f nfs_pv_code.yml
kubectl create -f nfs_pvc_wp.yml

mysql rc定义

  • 上传docker-mysql-5.7.tar.gz/opt
#master
#进入目录
cd /opt

#导入镜像
docker load -i docker-mysql-5.7.tar.gz

#修改标签并上传到本地仓库
docker tag b7dc06006192 10.0.0.11:5000/1997sty/mysql:5.7
docker push 10.0.0.11:5000/1997sty/mysql:5.7

#生成yaml文件
cat >mysql-rc.yaml << EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: docker.io/mysql:5.7
        ports:
        - containerPort: 3306
        volumeMounts:
        - name: nfs-vol
          mountPath: /var/lib/mysql
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "somewordpress"
        - name: MYSQL_DATABASE
          value: "wordpress"
        - name: MYSQL_USER
          value: "wordpress"
        - name: MYSQL_PASSWORD
          value: "wordpress"
      volumes:
      - name: nfs-vol
        persistentVolumeClaim:
          claimName: pvc0001
EOF

#生成rc
kubectl create -f mysql-rc.yaml

MYSQL svc定义

#master
cat > mysql-svc.yaml<<EOF
apiVersion: v1
kind: Service
metadata:
  name: mysql
spec:
  type: NodePort
  ports:
    - port: 3306
      nodePort: 30336
  selector:
    app: mysql
EOF

#生成svc
kubectl create -f mysql-svc.yaml

wordpress rc定义

  • 上传wordpress-latest.tar.gz/opt
#master
#进入目录
cd /opt

#导入镜像
docker load -i wordpress-latest.tar.gz

#修改标签并上传到本地仓库
docker tag e8cebf03929c 10.0.0.11:5000/1997sty/wordpress:latest
docker push 10.0.0.11:5000/1997sty/wordpress:latest

#获取mysql的地址
#获取到的ip填入WORDPRESS_DB_HOST的value中
kubectl get svc mysql

#生成yaml文件
cat >myweb-rc.yaml << EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 1
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: docker.io/wordpress:latest
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nfs-vol
          mountPath: /var/www/html
        env:
        - name: WORDPRESS_DB_HOST
          value: '10.254.251.90'
        - name: WORDPRESS_DB_USER
          value: 'wordpress'
        - name: WORDPRESS_DB_PASSWORD
          value: 'wordpress'
      volumes:
      - name: nfs-vol
        persistentVolumeClaim:
          claimName: pvc0002
EOF

#生成rc
kubectl create -f myweb-rc.yaml

wordpress svc定义

#master
cat > myweb-svc.yaml<<EOF
apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30008
  selector:
    app: myweb
EOF

#生成svc
kubectl create -f myweb-svc.yaml

访问测试

[root@master ~]# kubectl get pod -o wide
NAME          READY     STATUS    RESTARTS   AGE       IP            NODE
mysql-x1s6h   1/1       Running   0          36m       172.16.57.2   10.0.0.12
myweb-p9jf1   1/1       Running   0          14m       172.16.42.2   10.0.0.13
  • mysql: 地址10.0.0.12:30336,用户wordpress,密码wordpress
  • web: 地址10.0.0.13:30008