1. Kubernetes简介
Kubernetes(k8s)是谷歌开源的容器编排平台,用于自动化部署、扩展和管理容器化应用程序。它具有以下特点:
- 开源
- 容器化
- 自动部署
- 扩展
- 高可用
2. Kubernetes架构
Kubernetes遵循主从式架构设计,主要分为工作节点(Node)组件和控制平面组件。
2.1 控制平面组件
- Kubernetes Master:集群的主要控制单元,用于管理工作负载并指导整个系统的通信。
- Kube-APIServer:提供集群网关,是整个集群的控制中枢。
- Scheduler:负责资源调度,将Pod调度到对应的主机上。
- Controller Manager:负责维护集群的状态,如故障检测、内存垃圾回收等。
- etcd:用于可靠的存储集群的配置数据,是一种持久性、轻量型、分布式的键值数据存储组件。
2.2 工作节点组件
- Kubelet:在Node节点上运行,负责维护Pod的生命周期。
- Kube-Proxy:负责为服务提供集群内部的服务发现和应用的负载均衡。
- 容器运行时:如Docker,负责镜像管理和Pod和容器的真正运行。
3. 为什么需要Kubernetes
随着容器化项目的增多,管理容器变得越来越复杂,Kubernetes提供了以下优势:
- 自动化部署和回滚
- 扩缩容
- 服务发现和负载均衡
- 隔离环境
- 统一配置管理
4. Kubeadm快速安装Kubernetes集群
Kubeadm是Kubernetes官方提供的集群安装工具,可以快速安装和初始化Kubernetes集群。
1.实验环境
主机名 | IP地址 | 操作系统 | 主要软件 |
k8s-master | 192.168.10.101 | CentOS 7.9 | Docker CE, Kube-apiserver, Kube-controllermanager, Kubescheduler, Kubelet ,Etcd, Kube-proxy |
k8s-node01 | 192.168.10.102 | CentOS 7.9 | Docker CE, Kubectl, Kube-proxy, Calico |
k8s-node02 | 192.168.10.103 | CentOS 7.9 | Docker CE, Kubectl, Kube-proxy Calico |
2.基础环境准备(三台主机都需要执行)
升级内核
# 删除现有的yum仓库配置文件
rm -rf /etc/yum.repos.d/*# 添加CentOS Base仓库
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo# 添加EPEL仓库
curl -o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo# 清除yum缓存
yum clean all# 更新系统
yum -y update# 升级系统
yum -y upgrade# 导入elrepo的GPG密钥
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org# 安装elrepo仓库
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm# 启用elrepo仓库并安装最新的Linux内核
yum --enablerepo=elrepo-kernel install -y kernel-ml-devel kernel-ml# 设置默认内核启动顺序
grub2-set-default 0# 重启系统
reboot
3:部署docker环境(三台主机都需要)
可以去看这个文章01 Docker概念和部署-CSDN博客https://blog.csdn.net/qq_51678989/article/details/142024581?spm=1001.2014.3001.5501
4:部署Kubernetes集群
(1)配置三台主机的主机名
主机一
hostnamectl set-hostname k8s-master
bash
主机二
hostnamectl set-hostname k8s-node01
bash
主机三
hostnamectl set-hostname k8s-node02
bash
(2) 在三台主机上绑定hosts
cat <<EOF>>/etc/hosts
192.168.10.101 k8s-master
192.168.10.102 k8s-node01
192.168.10.103 k8s-node02
EOF
(3) 关闭交换分区
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
(4) 在三台主机上安装常用软件
yum -y install vim wget net-tools lrzsz
(5) 配置kubarnetes的YUM源三台主机都要配置
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpgrrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.al
EOF
(6)安装kubelet,kubeadm,kubectl
yum -y install kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
(8)生产初始化配置文件(只在mater节点修改)
[root@k8s-master ~]# kubeadm config print init-defaults > init-config.yaml
[root@k8s-master ~]# vim init-config.yaml apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.10.101 //端口bindPort: 6443
nodeRegistration:criSocket: /var/run/dockershim.sockimagePullPolicy: IfNotPresentname: k8s-master //名字taints: null
---
apiServer:timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.23.0
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12podSubnet: 10.244.0.0/16 //增加访问地址
scheduler: {}
(9)导入镜像
链接: 百度网盘 请输入提取码 提取码: rmgq 复制这段内容后打开百度网盘手机App,操作更方便哦
(10)初始化
[root@k8s-master ~]# kubeadm init --config=init-config.yaml
kubeadm join 192.168.10.101:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:ec16f88acf12c7186e5fa237ab03615b3b2bedd212080aee087ddea1933b6942
看见这个算初始化成功
(11) 让其他节点加入
node1
[root@k8s-node01 ~]# kubeadm join 192.168.10.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:ec16f88acf12c7186e5fa237ab03615b3b2bedd212080aee087ddea1933b6942node2
[root@k8s-node02 ~]# kubeadm join 192.168.10.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:ec16f88acf12c7186e5fa237ab03615b3b2bedd212080aee087ddea1933b6942
(12)配置环境
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
(13)导入calico.yaml包
已经下载好的
链接: 百度网盘 请输入提取码 提取码: 7a67 复制这段内容后打开百度网盘手机App,操作更方便哦
官网获取
wget https://docs.projectcalico.org/manifests/calico.yaml
(14) 部署 Calico 网络
[root@k8s-master ~]# kubectl apply -f calico.yaml
[root@k8s-master ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-64cc74d646-l2d94 1/1 Running 0 28s
kube-system calico-node-697r4 1/1 Running 0 28s
kube-system calico-node-cl4n9 1/1 Running 0 28s
kube-system calico-node-xzgjr 1/1 Running 0 28s
kube-system coredns-6d8c4cb4d-9fsq7 1/1 Running 0 11m
kube-system coredns-6d8c4cb4d-l8wr4 1/1 Running 0 11m
kube-system etcd-k8s-master 1/1 Running 0 11m
kube-system kube-apiserver-k8s-master 1/1 Running 0 11m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 11m
kube-system kube-proxy-97rxx 1/1 Running 0 9m24s
kube-system kube-proxy-kd5fz 1/1 Running 0 10m
kube-system kube-proxy-t75pz 1/1 Running 0 11m
kube-system kube-scheduler-k8s-master 1/1 Running 0 11m
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 12m v1.23.0
k8s-node01 Ready <none> 11m v1.23.0
k8s-node02 Ready <none> 9m53s v1.23.0
[root@k8s-master ~]#
(15)查看利用情况
[root@k8s-master ~]# kubectl top node
error: Metrics API not available
#发现没有
(16)获取Kubernetes 的命令行工具包
链接: 百度网盘 请输入提取码 提取码: mdwc 复制这段内容后打开百度网盘手机App,操作更方便哦
(17)查询利用率
[root@k8s-master ~]# kubectl create -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@k8s-master ~]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master 118m 5% 1443Mi 38%
k8s-node01 65m 3% 799Mi 21%
k8s-node02 78m 3% 1988Mi 52%
[root@k8s-master ~]#
(17)图形化界面
该链接提供了图形化
链接: 百度网盘 请输入提取码 提取码: vcih 复制这段内容后打开百度网盘手机App,操作更方便哦
[root@k8s-master ~]# mkdir -p /opt/k8s/dashboard //创建一个目录
[root@k8s-master ~]# cd /opt/k8s/dashboard/
[root@k8s-master dashboard]# rz -E //把链接的包拉出来
rz waiting to receive.
[root@k8s-master dashboard]# kubectl create -f .
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@k8s-master ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-64cc74d646-7npbs 1/1 Running 0 4m2s
kube-system calico-node-7z94t 1/1 Running 0 4m2s
kube-system calico-node-b65zv 1/1 Running 0 4m2s
kube-system calico-node-hsgvn 1/1 Running 0 4m2s
kube-system coredns-6d8c4cb4d-nhttz 1/1 Running 0 7m13s
kube-system coredns-6d8c4cb4d-twbxs 1/1 Running 0 7m13s
kube-system etcd-k8s-master 1/1 Running 0 7m28s
kube-system kube-apiserver-k8s-master 1/1 Running 0 7m28s
kube-system kube-controller-manager-k8s-master 1/1 Running 0 7m28s
kube-system kube-proxy-8qnjf 1/1 Running 0 7m13s
kube-system kube-proxy-m8426 1/1 Running 0 5m41s
kube-system kube-proxy-xjb6k 1/1 Running 0 5m45s
kube-system kube-scheduler-k8s-master 1/1 Running 0 7m28s
kube-system metrics-server-66bdc46d86-nht4z 1/1 Running 0 3m21s
kubernetes-dashboard dashboard-metrics-scraper-7fcdff5f4c-mnnrl 1/1 Running 0 2m21s
kubernetes-dashboard kubernetes-dashboard-df74f58f9-zjnj8 1/1 Running 0 2m21s
(18)获取token
[root@k8s-master ~]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard //修改一下端口改成31245
[root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.103.197.81 <none> 8000/TCP 7m5s
kubernetes-dashboard NodePort 10.110.1.207 <none> 443:31245/TCP 7m5s[root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin -user | awk '{print $1}')token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjlmeExvcUp6ZFBZaUQwZXE4cXQ3U3JOZzcwU2RfVFlDVWZXN3lzWVVPMzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJ0dGwtY29udHJvbGxlci10b2tlbi13eDI0OCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ0dGwtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwODQ4ZGU2LTY1NjMtNGMwZi1iYWNhLWRlN2JmMzU4N2Q2ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTp0dGwtY29udHJvbGxlciJ9.akwFAPPwWS18Jb7NtyL9C7mXl6gHJWEzT_EqyND5BFJdGnP56kXJKO68MHy0KEoJboAtQE-vVlFQTBkFsNPEYJ2L-AQ6UjQObgiMPUfFTuWAu2KsqjAwQDv-THT72KTwx0N0F9KRpWZ9OHbvTsHztMrGfWMrZAHRBKEv6IBPAsL0C0OQujqE3Tx6Z7Fno8iHt5cYaanwsZV9DXw5-6WVhejMUjQMGcAMGIjiLRLqhgjC3LRguhPyakt0bgp57oa77FOK71T_b3D1kDtAOqjghbji4BagloA48odsCFBHEzl6xv3UH9glQsf9cAFCkFHr9TRQ9IYx8jIC4L7DjPZI2g
--test-type --ignore-certificate-errors在谷歌属性添加
复制token输入浏览器中