K8s的master节点至少需要4G内存,2个CPU核,worker节点至少2G内存
一个 主节点中包含以下服务:
- 一个 API 服务(kube-apiserver) 端口6443
- 一个调度器(kube-scheduler) 端口 10251
- 各种各样的控制器(上图有两个控制器) 端口10252
- 一个存储系统(这个组件称为etcd),存储集群的状态、容器的设置、网络配置等数据。 端口2379-2380
另外KubeLet API的端口10250
/etc/kubernetes/manifests/ 目录,这里存放了 k8s 默认的控制平面组件的 YAML 文件。
.
├── etcd.yaml
├── kube-apiserver.yaml
├── kube-controller-manager.yaml
└── kube-scheduler.yamlK8s安装 ,在Docker for Windows中启用Kubernetes
git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop.git 进入下载的目录,cd k8s-for-docker-desktop git checkout v1.22.4 因为现在这个库最新就是v1.22.4 powershell管理员执行./load_images.ps1 再在Docker Desktop里勾选Enable Kubernetes 重启一下Docker
命令行执行 kubectl cluster-info 假如返回running就说明安装成功了
假如出现ps1脚本权限问题
.\load_images.ps1 : 无法加载文件 D:\\k8s\k8s-for-docker-desktop\load_images.ps1,因为在此系统上禁止运行脚本。 有关详细信息,请参阅 https:/go.microsoft.com/fwlink/?LinkID=135170 中的 about_Execution_Policies。 Get-ExecutionPolicy Restricted PS D:\k8s\k8s-for-docker-desktop> Set-ExecutionPolicy -ExecutionPolicy bypass
参考这篇.玩转容器编排
默认情况下没有安装DashBoard, 需要用下面命令安装, 现在github也要FQ了. 或者自己保存到其他地址
{ "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "services \"kubernetes-dashboard\" not found", "reason": "NotFound", "details": { "name": "kubernetes-dashboard", "kind": "services" }, "code": 404 }
安装 K8s DashBoard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
安装完后查找namespace
$ kubectl get ns NAME STATUS AGE default Active 55m kube-node-lease Active 56m kube-public Active 56m kube-system Active 56m kubernetes-dashboard Active 10s
安装后访问这个地址
假如出错,重新启动电脑试试
{ "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "no endpoints available for service \"kubernetes-dashboard\"", "reason": "ServiceUnavailable", "code": 503 }
正常访问地址,会出现登录界面
这样要先配置账号,才能拿到Token
kubectl get secret -n kubernetes-dashboard 现在secret里面没有token
NAME TYPE DATA AGE kubernetes-dashboard-certs Opaque 0 20m kubernetes-dashboard-csrf Opaque 1 20m kubernetes-dashboard-key-holder Opaque 2 20m
授权kube-system默认服务账号
kubectl apply -f https://raw.githubusercontent.com/AliyunContainerService/k8s-for-docker-desktop/master/kube-system-default.yaml
文件内容:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kube-system-default labels: k8s-app: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: default namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: default namespace: kube-system labels: k8s-app: kube-system annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token
$ kubectl apply -f https://raw.githubusercontent.com/AliyunContainerService/k8s-for-docker-desktop/master/kube-system-default.yaml clusterrolebinding.rbac.authorization.k8s.io/kube-system-default created secret/default created
对于Mac环境
TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
kubectl config set-credentials docker-desktop --token="${TOKEN}"
echo $TOKEN
对于Windows环境
$TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1]
kubectl config set-credentials docker-desktop --token="${TOKEN}"
echo $TOKEN
要建立集群,Master节点必须是Linux, windows是没有KubeAdm命令的, 那这样 windows下docker安装k8s有什么用呢?
参考Kubernetes in Action中文版 附录里的安装虚拟机和CentOS, 阿里云镜像地址 http://mirrors.aliyun.com/centos/7/isos/x86_64
安装时记得选开启网卡,不然就麻烦.(手工命令开启请看这里)
Kubernetes的源要改成阿里云的镜像,关闭gpgcheck
cat /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
看看kubeadm init会做什么事情 kubeadm/design_v1.10.md at main · kubernetes/kubeadm · GitHub
最好先运行这句 ,把APIserver,controller,scheduler,proxy,pause,etcd,coredns的镜像先下载下来
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
kubeadm init --image-repository registry.aliyuncs.com/google_containers -v=5
?? Intial timeout of 40s passed 解决阿里云ECS下kubeadm部署k8s无法指定公网IP(作废)
?? port 10250 is in use ==== kubeadm reset
systemctl status kubelet 显示 error getting node 'node master.k8s' not found Error getting node“ err=“node \“master\“ not found
CentOS7安装Containerd, 不然Kubeadm init 时会出错containerd.sock, 电脑重启后,也要先启动containerd
# 安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的 yum install -y yum-utils device-mapper-persistent-data lvm2 # 设置 yum 源 # yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install containerd -y $ containerd config default > /etc/containerd/config.toml $ systemctl restart containerd $ systemctl status containerd # 替换 containerd 默认的 sand_box 镜像,编辑 /etc/containerd/config.toml sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2" # 重启containerd $ systemctl daemon-reload $ systemctl restart containerd
============================================
MiniKube
电脑内存没有16G以上的就不要安装K8S了, 可以安装个MiniKube
但是默认的MiniKube start命令,可能因为网络原因,会这样
* Microsoft Windows 10 Pro 10.0.19043 Build 19043 上的 minikube v1.25.1 * 自动选择 docker 驱动 * Starting control plane node minikube in cluster minikube * Pulling base image ... * Downloading Kubernetes v1.23.1 preload ... > preloaded-images-k8s-v16-v1...: 504.42 MiB / 504.42 MiB 100.00% 13.75 Mi > index.docker.io/kicbase/sta...: 378.98 MiB / 378.98 MiB 100.00% 3.15 MiB ! minikube was unable to download gcr.io/k8s-minikube/kicbase:v0.0.29, but successfully downloaded docker.io/kicbase/stable:v0.0.29 as a fallback image * Creating docker container (CPUs=2, Memory=2200MB) ...\ E0123 23:23:34.083236 17156 kic.go:267] icacls failed applying permissions - err - [%!s(<nil>)], output - [�Ѵ������ļ�: C:\Users\zt\.minikube\machines\minikube\id_rsa �ѳɹ����� 1 ���ļ�; ���� 0 ���ļ�ʱʧ��] ! This container is having trouble accessing https://k8s.gcr.io * To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ * 正在 Docker 20.10.12 中准备 Kubernetes v1.23.1… - kubelet.housekeeping-interval=5m - Generating certificates and keys ... - Booting up control plane ... - Configuring RBAC rules ... * Verifying Kubernetes components... ! Executing "docker container inspect minikube --format={{.State.Status}}" took an unusually long time: 2.0620287s * Restarting the docker service may improve performance. - Using image gcr.io/k8s-minikube/storage-provisioner:v5 * Enabled addons: default-storageclass * Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
加多一个参数 minikube start --image-mirror-country='cn'
* Microsoft Windows 10 Pro 10.0.19043 Build 19043 上的 minikube v1.25.1 * 根据现有的配置文件使用 docker 驱动程序 * Starting control plane node minikube in cluster minikube * Pulling base image ... * Restarting existing docker container for "minikube" ... ! This container is having trouble accessing https://k8s.gcr.io * To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ * 正在 Docker 20.10.12 中准备 Kubernetes v1.23.1… - kubelet.housekeeping-interval=5m - Generating certificates and keys ... - Booting up control plane ... - Configuring RBAC rules ... * Verifying Kubernetes components... ! Executing "docker container inspect minikube --format={{.State.Status}}" took an unusually long time: 2.0050415s * Restarting the docker service may improve performance. - Using image kubernetesui/dashboard:v2.3.1 - Using image kubernetesui/metrics-scraper:v1.0.7 - Using image gcr.io/k8s-minikube/storage-provisioner:v5 * Enabled addons: storage-provisioner, dashboard, default-storageclass * Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
它自带看板, 运行 minikube dashboard 就可以
部署一个helloworld应用,镜像地址可以把k8s.gcr.io 改成 registry.cn-hangzhou.aliyuncs.com/google_containers/
kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment hello-minikube --type=NodePort --port=8080
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube NodePort 10.97.8.166 <none> 8080:32329/TCP 113s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21m |-----------|----------------|-------------|---------------------------| | NAMESPACE | NAME | TARGET PORT | URL | |-----------|----------------|-------------|---------------------------| | default | hello-minikube | 8080 | http://192.168.49.2:32329 | |-----------|----------------|-------------|---------------------------| * Starting tunnel for service hello-minikube. |-----------|----------------|-------------|------------------------| | NAMESPACE | NAME | TARGET PORT | URL | |-----------|----------------|-------------|------------------------| | default | hello-minikube | | http://127.0.0.1:57620 | |-----------|----------------|-------------|------------------------| * 正通过默认浏览器打开服务 default/hello-minikube... ! Because you are using a Docker driver on windows, the terminal needs to be open to run it.
映射宿主机端口 kubectl port-forward service/hello-minikube 7080:8080
Forwarding from 127.0.0.1:7080 -> 8080 Forwarding from [::1]:7080 -> 8080 Handling connection for 7080 Handling connection for 7080
假如我们再新建一个Service是LoadBalancer
kubectl create deployment balanced --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment balanced --type=LoadBalancer --port=8080 这个执行之后在DashBoard看到服务是黄色的 执行minikube tunnel 这个命令就变成绿色,终止这个命令又变回黄色
minikube start | minikube (k8s.io)
KubeCtl 常用命令
kubectl cluster-info
Kubernetes control plane is running at https://172.17.0.69:8443 KubeDNS is running at https://172.17.0.69:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubectl get nodes
NAME STATUS ROLES AGE VERSION minikube Ready control-plane,master 6m38s v1.20.2
kubectl get pods //列出Pod列表
NAME READY STATUS RESTARTS AGE kubernetes-bootcamp-fb5c67579-8r9wm 1/1 Running 0 10m
kubectl describe pods
Name: kubernetes-bootcamp-fb5c67579-8r9wm Namespace: default Priority: 0 Node: minikube/172.17.0.66 Start Time: Mon, 17 Jan 2022 06:44:28 +0000 Labels: app=kubernetes-bootcamp pod-template-hash=fb5c67579 Annotations: <none> Status: Running IP: 172.18.0.4
//定义一个POD_NAME的变量, 下面的命令就不用记住
export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
$ echo Name of the Pod: $POD_NAME
Name of the Pod: kubernetes-bootcamp-fb5c67579-8r9wm
$ kubectl logs $POD_NAME
Kubernetes Bootcamp App Started At: 2022-01-17T06:44:30.281Z | Running On: kubernetes-bootcamp-fb5c67579-8r9wm Running On: kubernetes-bootcamp-fb5c67579-8r9wm | Total Requests: 1 | App Uptime: 1746.765 seconds | Log Time: 2022-01-17T07:13:37.046Z
kubectl exec -ti $POD_NAME -- bash //从K8s控制台进入POD的终端, 注意 --的前后都有一个空格,退出就用exit
kubectl get services //列出Services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h
kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080 //暴露一个服务
kubectl get services //暴露后重新查一次服务
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h kubernetes-bootcamp NodePort 10.97.242.226 <none> 8080:31388/TCP 5s
==========================================
部署一个Demo应用(gcr.io/google-samples/kubernetes-bootcamp:v1)
这是一个类似HelloWorld的镜像,. 官方文档示例 交互式教程 - 部署应用 | Kubernetes
在学习了Docker之后, 我们知道一般来说拉取镜像会非常简单:
docker pull ubuntu:latest
Docker镜像获取(gcr.io等)但这个网址是访问不到的,下面提供几种方法:
从Docker Hub搜索 (或者其他仓库) 从国内仓库中拉取,这里推荐阿里云的仓库
如果没有配置的话,默认的仓库是Docker Hub这里以 kubernetes-bootcamp:v1为例:
D:\MyFirstMicroService>docker search kubernetes-bootcamp:v1
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hhitzhl/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1 0 [OK]
928981943/sample gcr.io/google-samples/kubernetes-bootcamp:v1 0
dawnsky/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1 0
loveone/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1… 0
mricheng/kubernete-bootcamp1 gcr.io/google-samples/kubernetes-bootcamp:v1 0
里面会显示可以下载的镜像列表,一般来说,会有从google自动拉取的镜像:
docker pull <image you found> // 拉取镜像
docker tag <image you found> gcr.io/google-samples/kubernetes-bootcamp:v1// tag成google的镜像
docker rmi <image you found> // 删除原来的镜像(其实是untagged)
//国内访问不了gcr.io,需要在dockerhub下载,重新打tag后,执行部署命令
kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
deployment.apps/kubernetes-bootcamp created
kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-bootcamp 1/1 1 1 65s
如果要删除部署, 则执行 kubectl delete deployment kubernetes-bootcamp
如果你只是把deployment的Pod删除掉,他会自动恢复的.
========================================
怎样手动把Docker-Compose.yml 启动的容器,发布到K8S里
Docker的Image 要先上传到仓库(本地自建或者直接用网上的,比如阿里云,自己注册一下就好了)
找到 本地build过的image, docker-compose images
Container Repository Tag Image Id Size
------------------------------------------------------------------------------
db mongo 4.2.8 d9775815948b 387.8 MB
history history latest fa700b969a63 89.42 MB
rabbit rabbitmq 3.8.5-management d55229deb03e 186.6 MB
recommendations recommendations latest 86895b3a3a10 89.42 MB
video-streaming video-streaming latest 6f530d38053f 89.41 MB
-----假设我们要把RabbitMq上传到K8s, 打Tag
docker tag d55229deb03e <阿里云的镜像仓库地址>:rabbitmq3.8.5
------推送到仓库-----------------------------------------
docker push<阿里云的镜像仓库地址>:rabbitmq3.8.5
//K8s使用Image,正常是用yaml来配置的,这里简化用run -------------
kubectl run rabbit --image=<阿里云的镜像仓库地址>:rabbitmq3.8.5
pod/rabbit created
