k8s说明

k8s核心组件


image.png

k8s架构图


image.png

k8s扩展功能


image.png

开启XSHELL的多终端执行命令


image.png

kubernetes在centos7上的自动补全功能
kubectl 自动补全:
yum -y install epel-release
yum install -y bash-completion.noarch
yum -y install bash-completion-extras.noarch
k8s安装配置
相关的服务


image.png

机器配置说明
192.168.0.111 node01 (master和node 服务etcd,apiserver,controller-manager,scheduler,kubelet,kube-proxy,docker)
192.168.0.112 node02 (kuberlet,kube-proxy,docker)
192.168.0.113 node03 (kuberlet,kube-proxy,docker)
1、在Master上安装ETCD
yum install etcd -y
vi /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.111:2379"
设置开机自启动
[root@node01 ~]# systemctl restart etcd
[root@node01 ~]# systemctl enable etcd
2、安装kubernetes-master
yum install kubernetes-master -y
修改/etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

The port on the local server to listen on.

KUBE_API_PORT="--port=8080"

Port minions listen on

KUBELET_PORT="--kubelet-port=10250"

Comma separated list of nodes in the etcd cluster

KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.0.111:2379"

Address range to use for services

KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

default admission control policies

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

Add your own!

KUBE_API_ARGS=""

修改/etc/kubernetes/config

How the controller-manager, scheduler, and proxy find the apiserver

KUBE_MASTER="--master=http://192.168.0.111:8080"

启动服务和开机自启动
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service

systemctl enable kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl enable kube-scheduler.service

客户端安装
yum install kubernetes-node.x86_64 -y

vi /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.0.111:8080"
vi /etc/kubenetes/kubelet
KUBELET_ADDRESS="--address=192.168.0.112"

The port for the info server to serve on

KUBELET_PORT="--port=10250"

You may leave this blank to use the actual hostname

KUBELET_HOSTNAME="--hostname-override=node02"

location of the api-server

KUBELET_API_SERVER="--api-servers=http://192.168.0.111:8080"
启动
systemctl restart kubelet && systemctl restart kube-proxy && systemctl enable kubelet && systemctl enable kube-proxy

所有节点安装flannel
yum install flannel -y
vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.0.111:2379"
保存然后执行
etcdctl set /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
启动服务
systemctl start flanneld.service
systemctl enable flanneld.service
要重启下docker服务,IP段才会改成一样
systemctl restart docker

kubernetes的DOCKER之间不能PING
vi /usr/lib/systemd/system/docker.service
加入
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
重新加载
systemctl daemon-reload

yaml的文件类型
kubectl create -f nginx_pod.yaml
Error from server (ServerTimeout): error when creating "nginx_pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
报错
vi /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
ServiceAccount 这个删掉就好了
systemctl restart kube-apiserver.service
kubectl create -f nginx_pod.yaml 就可以
查看kubectl describe pod nginx

image.png

还在找redhat的,需要将/etc/kubernetes/kubelet
vi /etc/kubernetes/kubelet 修改为可以访问的
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"
systemctl restart kubelet.service
启用私有仓库
docker.io/registry
docker pull docker.io/registry
启动私有仓库
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
将下载的images打tag从本地上传到私有仓库
docker tag docker.io/tianyebj/pod-infrastructure:latest 192.168.0.111:5000/pod-infrastructure:latest
上传 docker push 192.168.0.111:5000/pod-infrastructure
上传 docker push 192.168.0.111:5000/nginx
vim /etc/sysconfig/docker,修改
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.0.111:5000'
还要修改
/etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.0.111:5000/pod-infrastructure"
查看容器的IPaddr
docker inspect 7849234b69a0 |grep -i network
容器与POD共用IP,所以容器是没有IP的

查看帮助
kind
metedata
spec
这些的层级关系帮助
kubectl explain pod.spec

进入POD查看
kubectl exec -it nginx /bin/bash
过滤多个值E,不区分大小写i
env |grep -iE 'kubernetes|home'

coredns的YAML文件地址
https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.base

有个小技巧,多行要一起删除一些东西,
可以用块操作,NOTEPAD按住,alt+选中内容
vim可以用 ctrl+v 进入列块操作,选中再删除

traefix和ingress配合解析,将所有域名下的都解析跳转到
upstream default_backend_traefix {
server 192.168.0.112:81 max_fails=3 fail_timeout=10s;
server 192.168.0.112:81 max_fails=3 fail_timeout=10s;
}

server {
server_name *.mydomn.com;

 location / {
         proxy_pass http://default_backend_traefix;
         proxy_set_header Host  $http_host;
         proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
            }

}

image.png

image.png

rbac建权


image.png

查看角色权限的yaml展示

kubectl get clusterrole cluster-admin -o yaml

dubbo架构


image.png

开发架构图


image.png

IT八荣八耻


image.png

jenki修改dockerfile


image.png

java底包


image.png

entrypoint配置


image.png

pipeline文件


image.png
image.png

常用十个参数


image.png

品一品


image.png

dubbo monitor


image.png

几种配置管理


image.png

生成configmap


image.png

apollo官网


image.png

image.png
image.png

我的阿里云加速
https://7fxv2421.mirror.aliyuncs.com

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容