k8s核心组件
k8s架构图
k8s扩展功能
开启XSHELL的多终端执行命令
kubernetes在centos7上的自动补全功能
kubectl 自动补全:
yum -y install epel-release
yum install -y bash-completion.noarch
yum -y install bash-completion-extras.noarch
k8s安装配置
相关的服务
机器配置说明
192.168.0.111 node01 (master和node 服务etcd,apiserver,controller-manager,scheduler,kubelet,kube-proxy,docker)
192.168.0.112 node02 (kuberlet,kube-proxy,docker)
192.168.0.113 node03 (kuberlet,kube-proxy,docker)
1、在Master上安装ETCD
yum install etcd -y
vi /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.111:2379"
设置开机自启动
[root@node01 ~]# systemctl restart etcd
[root@node01 ~]# systemctl enable etcd
2、安装kubernetes-master
yum install kubernetes-master -y
修改/etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
Port minions listen on
KUBELET_PORT="--kubelet-port=10250"
Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.0.111:2379"
Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
Add your own!
KUBE_API_ARGS=""
修改/etc/kubernetes/config
How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://192.168.0.111:8080"
启动服务和开机自启动
systemctl restart kube-apiserver.service
systemctl restart kube-controller-manager.service
systemctl restart kube-scheduler.service
systemctl enable kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl enable kube-scheduler.service
客户端安装
yum install kubernetes-node.x86_64 -y
vi /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.0.111:8080"
vi /etc/kubenetes/kubelet
KUBELET_ADDRESS="--address=192.168.0.112"
The port for the info server to serve on
KUBELET_PORT="--port=10250"
You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=node02"
location of the api-server
KUBELET_API_SERVER="--api-servers=http://192.168.0.111:8080"
启动
systemctl restart kubelet && systemctl restart kube-proxy && systemctl enable kubelet && systemctl enable kube-proxy
所有节点安装flannel
yum install flannel -y
vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.0.111:2379"
保存然后执行
etcdctl set /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
启动服务
systemctl start flanneld.service
systemctl enable flanneld.service
要重启下docker服务,IP段才会改成一样
systemctl restart docker
kubernetes的DOCKER之间不能PING
vi /usr/lib/systemd/system/docker.service
加入
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
重新加载
systemctl daemon-reload
yaml的文件类型
kubectl create -f nginx_pod.yaml
Error from server (ServerTimeout): error when creating "nginx_pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
报错
vi /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
ServiceAccount 这个删掉就好了
systemctl restart kube-apiserver.service
kubectl create -f nginx_pod.yaml 就可以
查看kubectl describe pod nginx
还在找redhat的,需要将/etc/kubernetes/kubelet
vi /etc/kubernetes/kubelet 修改为可以访问的
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"
systemctl restart kubelet.service
启用私有仓库
docker.io/registry
docker pull docker.io/registry
启动私有仓库
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
将下载的images打tag从本地上传到私有仓库
docker tag docker.io/tianyebj/pod-infrastructure:latest 192.168.0.111:5000/pod-infrastructure:latest
上传 docker push 192.168.0.111:5000/pod-infrastructure
上传 docker push 192.168.0.111:5000/nginx
vim /etc/sysconfig/docker,修改
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.0.111:5000'
还要修改
/etc/kubernetes/kubelet
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.0.111:5000/pod-infrastructure"
查看容器的IPaddr
docker inspect 7849234b69a0 |grep -i network
容器与POD共用IP,所以容器是没有IP的
查看帮助
kind
metedata
spec
这些的层级关系帮助
kubectl explain pod.spec
进入POD查看
kubectl exec -it nginx /bin/bash
过滤多个值E,不区分大小写i
env |grep -iE 'kubernetes|home'
coredns的YAML文件地址
https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.base
有个小技巧,多行要一起删除一些东西,
可以用块操作,NOTEPAD按住,alt+选中内容
vim可以用 ctrl+v 进入列块操作,选中再删除
traefix和ingress配合解析,将所有域名下的都解析跳转到
upstream default_backend_traefix {
server 192.168.0.112:81 max_fails=3 fail_timeout=10s;
server 192.168.0.112:81 max_fails=3 fail_timeout=10s;
}
server {
server_name *.mydomn.com;
location / {
proxy_pass http://default_backend_traefix;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
rbac建权
查看角色权限的yaml展示
kubectl get clusterrole cluster-admin -o yaml
dubbo架构
开发架构图
IT八荣八耻
jenki修改dockerfile
java底包
entrypoint配置
pipeline文件
常用十个参数
品一品
dubbo monitor
几种配置管理
生成configmap
apollo官网
