day01-作业

1.总结kubernetes环境master节点及node节点各核心组件的功能

Master节点

Master节点中的组件主要有 controller manager,etcd,scheduler,api server,

1.schedule 的功能是通过通过api-server获取到需要创建pod的信息,通过调度算法为pod选择合适的node,并将信息写入etcd中。主要

2.etcd的功能是键值型数据库,用于存储相关的数据,在k8s中是非常重要的,一般建议做成高可用的状态,数据要定期备份,etcd主要保存了节点的具体信息,api-server会定期将各个节点的状态信息通过接口的方式存储到etcd数据库中。
3.api server的功能是 提供了各类资源对象的增删改查及watch等rest接口,所有的其他组件都是通过该前端进行交互,默认的端口hi是6443,默认监听所有的ip地址,访问时首先需要进行用户权限的认证,其次进行请求内容的检查,进行数据的检查。

4.controller manager的功能是 controller manager包括了一些子控制器,控制器作为集群内部的管理控制中心,负责集群内部node,pod副本,服务端点,命名空间,服务账号,资源定额的管理,当某个node意外宕机时,controller manager会及时发现并执行自动化修复流程,确保集群中pod副本始终处于预期的工作状态。

Node节点

Node节点主要有kubelet,kube-proxy 

1.kubelet的作用

node节点上的kubelet通过api server监听到kubernetes schedule 产生的pod的绑定信息,然后通过运行时组件获取相应的pod的清单,下载镜像,并启动容器。

通过预选策略和优选策略进行

2.kube-proxy的作用

为pod生成相应的网络规则,通过生成的网络规则进行报文的转发等,主要是ipvs 或 iptables 规则,ipvsadm -Ln 或 iptables -t nat -vnL 查看,运行在每个节点上,监听api server中服务对象的变化。

还有CNI,CSI,CRI等接口也很重要

CNI 容器网络接口 ,通过 calico 或 falannel等组件进行网络的通信,通过coredns进行dns的解析

CSI 容器存储接口 ,对接各种存储和本地存储的挂载等

CRI 容器运行时接口  docker 或 containerd 等

 

2.熟练容器运行时containerd的安装并优化配置文件

 

apt 安装方法

2.1 配置好apt源

root@master01:~# cat /etc/apt/sources.list

deb https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

#deb-src https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

#deb-src https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

#deb-src https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

# deb https://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

# deb-src https://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

#deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

2.2 apt update

2.3 apt-cache madison containerd

2.4 apt install containerd -y

2.5 拷贝containerd.service文件备用

root@master01:~# cat /lib/systemd/system/containerd.service

# Copyright The containerd Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

 

[Unit]

Description=containerd container runtime

Documentation=https://containerd.io

After=network.target local-fs.target

 

[Service]

ExecStartPre=-/sbin/modprobe overlay

ExecStart=/usr/bin/containerd

 

Type=notify

Delegate=yes

KillMode=process

Restart=always

RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNPROC=infinity

LimitCORE=infinity

LimitNOFILE=infinity

# Comment TasksMax if your systemd version does not supports it.

# Only systemd 226 and above support this version.

TasksMax=infinity

OOMScoreAdjust=-999

[Install]

WantedBy=multi-user.target

2.6 查看服务状态# systemctl status containerd

2.7 containerd -v 和 runc -v 查看版本

2.8 # mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml

2.9 优化配置文件 /etc/containerd/config.toml

sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]

  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]

    endpoint = ["https://vswm1ffz.mirror.aliyuncs.com"]

2.10 systemctl restart containerd.service

2.11 拷贝nerdctl的tar包,tar -xf nerdctl-1.3.0-linux-amd64.tar.gz

cp nerdctl /usr/local/bin/

mkdir /etc/nerdctl   

vim /etc/nerdctl/nerdctl.toml

namespace = "k8s.io"

debug = false

debug_full = false

insecure_registry = true

2.12 拷贝cni的tar包

mkdir /opt/cni/bin -p

tar -xf cni-plugins-linux-amd64-v1.2.0.tgz -C /opt/cni/bin/

2.13 nerdctl pull nginx

nerdctl run -it --rm -p 30080:80 --name nginx_test nginx

curl 10.0.5.1:30080

3.熟练nerdctl客户端的使用(实现docker命令的大部分功能),如镜像下载、容器创建与删除、查看容器日志等常规容器管理操作

 

# nerdctl namespace ls   查看nameapsce 
#nerdctl network ls       查看网络
#nerdctl network inspect 17f29b073143     查看具体的网络信息,子网等
#nerdctl images          查看镜像
#nerdctl top 容器id       查看容器的进程信息   
# nerdctl info 

4.在ubuntu 20.04或Centos 7.x并使用containerd作为容器运行时, 并使用kubeadm部署kubernetes 1.26.3

1).系统优化(内核参数及内核模块挂载),确保重启有效

实验环境:

Ubuntu 20.04

/etc/security/limits.conf 追加如下内容

 *                soft    core            unlimited

*                hard    core            unlimited

*                soft    nproc           1000000

*                hard    nproc           1000000

*                soft    nofile          1000000

*                hard    nofile          1000000

*                soft    memlock         32000

*                hard    memlock         32000

*                soft    msgqueue        8192000

*                hard    msgqueue        8192000

/etc/sysctl.conf  追加如下内容

net.ipv4.ip_forward=1

vm.max_map_count=262144

kernel.pid_max=4194303

fs.file-max=1000000

net.ipv4.tcp_max_tw_buckets=6000

net.netfilter.nf_conntrack_max=2097152

net.bridge.bridge-nf-call-ip6tables=1

net.bridge.bridge-nf-call-iptables=1

vm.swappiness=0

# swapoff -a 并取消swap挂载

重启系统

检查

# sysctl -a |grep nf-call

2).基于脚本自动化安装containerd

执行脚本安装 containerd

3).配置apt源并安装kubeadm、kubelet、kubectl

Master和node节点都执行,node节点不需要etcd,kube-apiserver,kube-controller-manager  

apt-get update && apt-get install -y apt-transport-https

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -

cat <<EOF >/etc/apt/sources.list.d/kubernetes.list

deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

EOF

apt-get update

apt install kubeadm=1.26.3-00 kubelet=1.26.3-00 kubectl=1.26.3-00 -y

kubeadm config images list

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.26.3

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.26.3

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.26.3

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.26.3

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.6-0

nerdctl pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.9.3

 

4).执行kubernetes初始化

# kubeadm init --apiserver-advertise-address=10.0.5.1 --apiserver-bind-port=6443 --kubernetes-version=v1.26.3 --pod-network-cidr=10.100.0.0/16 --service-cidr=10.200.0.0/16 --service-dns-domain=cluster.local --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

Node

kubeadm join 10.0.5.1:6443 --token eq2ccs.ggyczppnousnqzb1 --discovery-token-ca-cert-hash sha256:fd6c4cfe31efd719efd26c043d289b05cc4f9bc1f1da3f4859242631b03233ab

5).部署网络组组件calico

kubectl applf -f calico-ipip_ubuntu2004-k8s-1.26.x.yaml

6).部署nginx及java服务

 

7).部署官方dashboard

# kubectl apply -f dashboard-v2.7.0.yaml -f admin-user.yaml -f admin-secret.yaml

8).验证nginx及dashboard可以正常访问

#kubectl describe secret -n kubernetes-dashboard

# 修改ipvs规则

#kubectl edit cm -n kube-system kube-proxy

改完重启node,会发现在node上的pod节点进行重启一次

 

 

 

 

 

posted @ 2023-04-15 08:57  请你猜猜我是谁  阅读(31)  评论(0)    收藏  举报