一. 常用镜像库
daocloud的docker镜像库: daocloud.io/library docker-hub的k8s镜像库: mirrorgooglecontainersaliyun的k8s镜像库:
registry.cn-hangzhou.aliyuncs.com/google-containersdocker镜像仓库
aliyun的docker镜像库web页面: https://cr.console.aliyun.com/cn-hangzhou/images google的镜像库web页面: https://console.cloud.google.com/gcr/images/google-containers?project=google-containers二.集群部署方式
- 方式1. minikube
Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,尝试Kubernetes或日常开发的用户使用。不能用于生产环境。 官方地址:https://kubernetes.io/docs/setup/minikube/- 方式2. kubeadm
Kubeadm也是一个工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。 官方地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/方式3. 直接使用epel-release yum源,缺点就是版本较低 1.5
方式4. 二进制包
三.Kubeadm 方式部署集群
kubeadm部署官方文档
kubeadm部署k8s高可用集群的官方文档
| 主机名 | 地址 | 角色 | 配置 |
|---|---|---|---|
| k8s-master | 192.168.246.166 | 主节点 | 2核4G |
| k8s-node1 | 192.168.246.167 | 工作节点 | 1核2G |
| k8s-node2 | 192.168.246.169 | 工作节点 | 1核2G |
4.1获取镜像(如果使用提前打包好的镜像,以下七个镜像三台节点都需要提前导入)
谷歌镜像[由于国内网络原因,无法下载,后续将采用阿里云镜像代替]
docker pull k8s.gcr.io/kube-apiserver:v1.20.2 docker pull k8s.gcr.io/kube-proxy:v1.20.2 docker pull k8s.gcr.io/kube-controller-manager:v1.20.2 docker pull k8s.gcr.io/kube-scheduler:v1.20.2 docker pull k8s.gcr.io/etcd:3.3.15 docker pull k8s.gcr.io/pause:3.1 docker pull k8s.gcr.io/coredns:1.6.2特别说明
所有机器都必须有镜像 每次部署都会有版本更新,具体版本要求,运行初始化过程失败会有版本提示 kubeadm的版本和镜像的版本必须是对应的4.2 安装docker[集群]
安装docker–三台机器都操作
# yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine # yum install -y yum-utils device-mapper-persistent-data lvm2 git # yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # yum install docker-ce -y 启动并设置开机启动
4.3 阿里仓库下载[集群]
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 # 下载完了之后需要将aliyun下载下来的所有镜像打成k8s.gcr.io/kube-controller-manager:v1.20.2这样的tag docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.2 k8s.gcr.io/kube-controller-manager:v1.20.2 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.2 k8s.gcr.io/kube-proxy:v1.20.2 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.2 k8s.gcr.io/kube-apiserver:v1.20.2 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.2 k8s.gcr.io/kube-scheduler:v1.20.2 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 k8s.gcr.io/coredns:1.7.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.24.4 集群部署[集群]
cat >> /etc/hosts <<EOF 192.168.200.36 kub-k8s-master 192.168.200.37 kub-k8s-node1 192.168.200.38 kub-k8s-node2 EOF 制作本地解析,修改主机名。相互解析4.5 集群环境配置[集群]
1.关闭防火墙: # systemctl disable firewalld --now 2.禁用SELinux: # setenforce 0 3.编辑文件/etc/selinux/config,将SELINUX修改为disabled,如下: # sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux SELINUX=disabled 4.时间同步 # timedatectl set-timezone Asia/Shanghai # yum install -y ntpdate # ntpdate ntp.aliyun.com 5.配置静态ip4.6 关闭系统Swap[集群]
Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动。
- 方法一: 通过kubelet的启动参数–fail-swap-on=false更改这个限制。
- 方法二: 关闭系统的Swap。
1.关闭swap分区 # swapoff -a 修改/etc/fstab文件,注释掉SWAP的自动挂载,使用free -m确认swap已经关闭。 2.注释掉swap分区: # sed -i 's/.*swap.*/#&/' /etc/fstab # free -m total used free shared buff/cache available Mem: 3935 144 3415 8 375 3518 Swap: 0 0 04.7 安装Kubeadm包[集群]
配置源 # cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF所有节点: 1.安装对应版本 # yum install -y kubelet-1.20.2-0.x86_64 kubeadm-1.20.2-0.x86_64 kubectl-1.20.2-0.x86_64 ipvsadm 2.加载ipvs相关内核模块 # cat <<EOF > /etc/modules-load.d/ipvs.conf ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp ip_vs_sh nf_conntrack_ipv4 ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip EOF 4.配置: 配置转发相关参数,否则可能会出错 # cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness=0 EOF 5.使配置生效 # sysctl --system 6.如果net.bridge.bridge-nf-call-iptables报错,加载br_netfilter模块 # modprobe br_netfilter # sysctl -p /etc/sysctl.d/k8s.conf 重启服务器 7.查看是否加载成功 # lsmod | grep ip_vs4.8 配置启动kubelet[集群]
1.配置kubelet使用pause镜像 获取docker的cgroups # DOCKER_CGROUPS=$(docker info | grep 'Cgroup' | cut -d' ' -f4) # echo $DOCKER_CGROUPS ================================= 配置变量: [root@k8s-master ~]# DOCKER_CGROUPS=`docker info |grep 'Cgroup' | awk ' NR==1 {print $3}'` [root@k8s-master ~]# echo $DOCKER_CGROUPS cgroupfs 2.配置kubelet的cgroups # cat >/etc/sysconfig/kubelet<<EOF KUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=k8s.gcr.io/pause:3.2" EOF启动 # systemctl daemon-reload # systemctl enable kubelet && systemctl restart kubelet 在这里使用 # systemctl status kubelet,你会发现报错误信息; 10月 11 00:26:43 node1 systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a 10月 11 00:26:43 node1 systemd[1]: Unit kubelet.service entered failed state. 10月 11 00:26:43 node1 systemd[1]: kubelet.service failed. 运行 # journalctl -xefu kubelet 命令查看systemd日志才发现,真正的错误是: unable to load client CA file /etc/kubernetes/pki/ca.crt: open /etc/kubernetes/pki/ca.crt: no such file or directory #这个错误在运行kubeadm init 生成CA证书后会被自动解决,此处可先忽略。 #简单地说就是在kubeadm init 之前kubelet会不断重启。4.9 配置master节点[master]
运行初始化过程如下: [root@kub-k8s-master]# kubeadm init --kubernetes-version=v1.20.2 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.246.166 注: apiserver-advertise-address=192.168.246.166 ---master的ip地址。 --kubernetes-version=v1.20.2 --更具具体版本进行修改 如果报错会有版本提示,那就是有更新新版本了 [init] Using Kubernetes version: v1.20.2 [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.03.0-ce. Latest validated version: 18.09 [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Activating the kubelet service [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [kub-k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.246.166] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [kub-k8s-master localhost] and IPs [192.168.246.166 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [kub-k8s-master localhost] and IPs [192.168.246.166 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 24.575209 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see --upload-certs [mark-control-plane] Marking the node kub-k8s-master as control-plane by adding the label "node-role.kubernetes.io/master=''" [mark-control-plane] Marking the node kub-k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: 93erio.hbn2ti6z50he0lqs [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.246.166:6443 --token 93erio.hbn2ti6z50he0lqs \ --discovery-token-ca-cert-hash sha256:3bc60f06a19bd09f38f3e05e5cff4299011b7110ca3281796668f4edb29a56d9 #需要记住上面记录了完成的初始化输出的内容,根据输出的内容基本上可以看出手动初始化安装一个Kubernetes集群所需要的关键步骤。 其中有以下关键内容: [kubelet] 生成kubelet的配置文件”/var/lib/kubelet/config.yaml” [certificates]生成相关的各种证书 [kubeconfig]生成相关的kubeconfig文件 [bootstraptoken]生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到 配置使用kubectl 如下操作在master节点操作 [root@kub-k8s-master ~]# rm -rf $HOME/.kube [root@kub-k8s-master ~]# mkdir -p $HOME/.kube [root@kub-k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@kub-k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config 查看node节点 [root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady master 2m41s v1.20.2初始化报错,或者node节点加入集群报错:该问题是因为docker驱动和k8s驱动不一致导致的,修改为一致即可
4.10 配置使用网络插件[master]
#提前将calico的镜像导入(最好所有节点都导入,因为不清楚calico会起在哪个节点上),要不然还会去官网拉镜像,特别慢 # 版本差异 https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/requirements #> 部署calico网络插件 curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O kubectl apply -f calico.yaml # kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-6d9cdcd744-8jt5g 1/1 Running 0 6m50s kube-system calico-node-rkz4s 1/1 Running 0 6m50s kube-system coredns-74ff55c5b-bcfzg 1/1 Running 0 52m kube-system coredns-74ff55c5b-qxl6z 1/1 Running 0 52m kube-system etcd-kub-k8s-master 1/1 Running 0 53m kube-system kube-apiserver-kub-k8s-master 1/1 Running 0 53m kube-system kube-controller-manager-kub-k8s-master 1/1 Running 0 53m kube-system kube-proxy-gfhkf 1/1 Running 0 52m kube-system kube-scheduler-kub-k8s-master 1/1 Running 0 53m docker.io/calico/node:v3.20.6 docker.io/calico/pod2daemon-flexvol:v3.20.6 docker.io/calico/cni:v3.20.6 docker.io/calico/kube-controllers:v3.20.6以上查看pod可能coredns和calico可能是pending,这是因为下载calico的镜像,需要等,直到全部为running
node节点上也会自动下载calico镜像,如果node节点上没有下载calico镜像,那么下面的加入集群可能会有问题,如果集群中node节点为notready,用以下命令查看calico的pod信息:
kubectl describe pod calico-kube-controllers-577f77cb5c-k4lc5 -n kube-system
如果报错如下:
则修改calico.yaml指定网卡
- name: IP_AUTODETECTION_METHOD value: "interface=ens33"4.11 node加入集群[node]
配置node节点加入集群: 如果报错开启ip转发: # sysctl -w net.ipv4.ip_forward=1 在所有node节点操作,此命令为初始化master成功后返回的结果 # kubeadm join 192.168.246.166:6443 --token 93erio.hbn2ti6z50he0lqs \ --discovery-token-ca-cert-hash sha256:3bc60f06a19bd09f38f3e05e5cff4299011b7110ca3281796668f4edb29a56d94.12 后续检查[master]
各种检测: 1.查看pods: [root@kub-k8s-master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-5644d7b6d9-sm8hs 1/1 Running 0 39m coredns-5644d7b6d9-vddll 1/1 Running 0 39m etcd-kub-k8s-master 1/1 Running 0 37m kube-apiserver-kub-k8s-master 1/1 Running 0 38m kube-controller-manager-kub-k8s-master 1/1 Running 0 38m kube-flannel-ds-amd64-9wgd8 1/1 Running 0 38m kube-flannel-ds-amd64-lffc8 1/1 Running 0 2m11s kube-flannel-ds-amd64-m8kk2 1/1 Running 0 2m2s kube-proxy-dwq9l 1/1 Running 0 2m2s kube-proxy-l77lz 1/1 Running 0 2m11s kube-proxy-sgphs 1/1 Running 0 39m kube-scheduler-kub-k8s-master 1/1 Running 0 37m 2.查看节点: [root@kub-k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION kub-k8s-master Ready master 43m v1.20.2 kub-k8s-node1 Ready <none> 6m46s v1.20.2 kub-k8s-node2 Ready <none> 6m37s v1.20.2 到此集群配置完成错误整理
#> 如果集群初始化失败:(每个节点都要执行,然后从4.9开始重新初始化) $ kubeadm reset -f; ipvsadm --clear; rm -rf ~/.kube $ systemctl restart kubelet #> 如果忘记token值 $ kubeadm token create --print-join-command $ kubeadm init phase upload-certs --upload-certs四.集群部署Dashboard
5.1 部署Dashboard
镜像名字:kubernetesui/dashboard:v2.4.0 # kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml # kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard # 注意将 type: ClusterIP 改为 type: NodePort # kubectl get svc -A |grep kubernetes-dashboard kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.107.179.10 <none> 8000/TCP 38s kubernetes-dashboard kubernetes-dashboard NodePort 10.110.18.72 <none> 443:32231/TCP 38s5.2 创建访问账号
#创建访问账号,准备一个yaml文件; vi dash.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard # kubectl apply -f dash.yaml5.3 获取访问令牌
#获取访问令牌 # kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" eyJhbGciOiJSUzI1NiIsImtpZCI6ImhRa2Q3UDFGempzb3VneVdUS0R0dk50SHlwUHExc0tuT21SOTdWQkczaG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXBmbGxyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlNDk0MTFhYS0zOTVhLTRkYzUtYmZmYS04MDZiODE3M2VmZWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.k3Gd9vRF6gP3Zxy89x14y4I2RCGn232bGLo9A5iEmeMl6BRPdJXZPbwy9fm3OT6ZjVc7LHiRgArczjZuCU3Sis4tIA_24A55h74WQE_JTeiZ5XnSGRknYQRHFSqyBrTaTxgDJb-O-DHol8GQLQjr6gIPzppHc-RhWhUFFNnPVP1nr2MLFBkvIT_qAcbHP6McFf2N6IsYwVFuvyIO77qWcmyFlgSr8a3A0INEJYB2bFPRL82rNc41c0TsUwOguQbJYrDA9lBqVpSff_7Uk_-7ycabZclbZX1HPz2-F59LQW7NWQy7biZw5b25AZaXAG3kL3SDuRRBoMNS92MmDFsVyA5.4 浏览器访问
火狐可直接访问
如果想谷歌访问:保持焦点在页面内,鼠标在页面空白处点击(不选中任何按钮),直接输入“thisisunsafe”,输完后按回车键,就可以正常访问网页。
任意节点ip+端口[上面查看到为32231] https://192.168.246.216:32231/ 使用token登录另外一种图形化插件:
kuboard
docker run -d
–restart=unless-stopped
–name=kuboard
-p 80:80/tcp
-p 10081:10081/udp
-p 10081:10081/tcp
-e KUBOARD_ENDPOINT=“http://kuboard.my-company.com:80”
-e KUBOARD_AGENT_SERVER_UDP_PORT=“10081”
-e KUBOARD_AGENT_SERVER_TCP_PORT=“10081”
-v /root/kuboard-data:/data
eipwork/kuboard:v3.1.7.1
账号:admin
密码:Kuboard123
五.集群常用指令
5.1 基础控制指令
# 查看对应资源: 状态 $ kubectl get <SOURCE_NAME> -n <NAMESPACE> -o wide # 查看对应资源: 事件信息 $ kubectl describe <SOURCE_NAME> <SOURCE_NAME_RANDOM_ID> -n <NAMESPACE> kubectl describe pod kube-proxy-fdvbt -n kube-system # 查看pod资源: 日志 $ kubectl logs -f <SOURCE_NAME_RANDOM_ID> [CONTINER_NAME] -n <NAMESPACE> # 创建资源: 根据资源清单 $ kubectl apply[or create] -f <SOURCE_FILENAME>.yaml # 删除资源: 根据资源清单 $ kubectl delete -f <SOURCE_FILENAME>.yaml # 修改资源: 根据反射出的etcd中的配置内容, 生产中不允许该项操作, 且命令禁止 $ kubectl edit <SOURCE_NAME> <SOURCE_NAME_RANDOM_ID> -n <NAMESPACE>5.2 命令实践
# 查看node状态 $ kubectl get node # -o wide 显示更加详细的信息 # 查看service对象 $ kubectl get svc 或者 kubectl get service # 查看kube-system名称空间内的Pod $ kubectl get pod -n kube-system # 查看所有名称空间内的pod $ kubectl get pod -A # 查看集群信息 $ kubectl cluster-info # 查看各组件信息 $ kubectl -s https://api-server:6443 get componentstatuses # 查看各资源对象对应的api版本 $ kubectl explain pod # 查看帮助信息 $ kubectl explain deployment $ kubectl explain deployment.spec $ kubectl explain deployment.spec.replicas5.3 备注
问题一 查看各组件信息,可能会发现错误 $ kubectl -s https://192.168.96.143:6443 get componentstatuses Warning: v1 ComponentStatus is deprecated in v1.19+ NAME STATUS MESSAGE ERROR scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused etcd-0 Healthy {"health":"true"} 问题一解决 $ vim /etc/kubernetes/manifests/kube-scheduler.yaml 10 spec: 11 containers: 12 - command: 13 - kube-scheduler 14 - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf 15 - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf 16 - --bind-address=127.0.0.1 17 - --kubeconfig=/etc/kubernetes/scheduler.conf 18 - --leader-elect=true 19 - --port=0 # 将此行注释或删除 $ vim /etc/kubernetes/manifests/kube-controller-manager.yaml 10 spec: 11 containers: 12 - command: 13 - kube-controller-manager 14 - --allocate-node-cidrs=true 15 - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf 16 - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf 17 - --bind-address=127.0.0.1 18 - --client-ca-file=/etc/kubernetes/pki/ca.crt 19 - --cluster-cidr=10.244.0.0/16 20 - --cluster-name=kubernetes 21 - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt 22 - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key 23 - --controllers=*,bootstrapsigner,tokencleaner 24 - --kubeconfig=/etc/kubernetes/controller-manager.conf 25 - --port=0 # 将此行注释或删除 $ systemctl restart kubelet $ kubectl -s https://192.168.96.143:6443 get componentstatuses Warning: v1 ComponentStatus is deprecated in v1.19+ NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"}六.Yaml语法解析
YAML是一个类似 XML、JSON 的标记性语言。它强调以数据为中心,并不是以标识语言为重点。因而YAML本身的定义比较简单,号称"一种人性化的数据格式语言"。
YAML的语法比较简单,主要有下面几个: 1、大小写敏感 2、使用缩进表示层级关系 3、缩进不允许使用tab,只允许空格( 低版本限制 ) 4、缩进的空格数不重要,只要相同层级的元素左对齐即可 5、'#'表示注释 YAML支持以下几种数据类型: 1、纯量:单个的、不可再分的值 2、对象:键值对的集合,又称为映射(mapping)/ 哈希(hash) / 字典(dictionary) 3、数组:一组按次序排列的值,又称为序列(sequence) / 列表(list) 补充说明: 1、书写yaml切记: 后面要加一个空格 2、如果需要将多段yaml配置放在一个文件中,中间要使用---分隔举个例子,通过声明式配置yaml 创建名称空间
$ vim namespace.yaml apiVersion: v1 #api版本 kind: Namespace #资源对象类型 metadata: name: webserver $ kubectl apply -f namespace.yaml 查看命名空间: $ kubectl get namespace 或 $ kubectl get ns # 如果通过命令行创建 $ kubectl create namespace webserver # 删除名称空间[注意,这将删除名称空间下的所有资源] $ kubectl delete namespace webserver
义比较简单,号称"一种人性化的数据格式语言"。
YAML的语法比较简单,主要有下面几个: 1、大小写敏感 2、使用缩进表示层级关系 3、缩进不允许使用tab,只允许空格( 低版本限制 ) 4、缩进的空格数不重要,只要相同层级的元素左对齐即可 5、'#'表示注释 YAML支持以下几种数据类型: 1、纯量:单个的、不可再分的值 2、对象:键值对的集合,又称为映射(mapping)/ 哈希(hash) / 字典(dictionary) 3、数组:一组按次序排列的值,又称为序列(sequence) / 列表(list) 补充说明: 1、书写yaml切记: 后面要加一个空格 2、如果需要将多段yaml配置放在一个文件中,中间要使用---分隔举个例子,通过声明式配置yaml 创建名称空间
$ vim namespace.yaml apiVersion: v1 #api版本 kind: Namespace #资源对象类型 metadata: name: webserver $ kubectl apply -f namespace.yaml 查看命名空间: $ kubectl get namespace 或 $ kubectl get ns # 如果通过命令行创建 $ kubectl create namespace webserver # 删除名称空间[注意,这将删除名称空间下的所有资源] $ kubectl delete namespace webserver
