安装
首先咱们简单的介绍一下Docker三个重要的概念:
docker-machine是解决docker运行环境问题;
dcoker-compose主要是解决本地docker容器编排问题;
docker-swarm是解决多主机多个容器调度部署得问题。
那么清楚了上面的概念,就容易给K8s定位了,简单来说K8s是开源的容器集群管理系统,与Docker Swarm组成目前主流的两大开源的容器集群管理系统,他们可以实现容器集群的自动化部署、自动扩缩容、维护等功能。它既是一款容器编排工具,也是全新的基于容器技术的分布式架构领先方案。而两者的区别就在于Swarm定位于简单的管理简单集群,K8s定位于大型关系复杂的集群。
安装参考,很完善的一篇安装文章:https://www.kubernetes.org.cn/5462.html
遇到的问题总结一下:
1、安装kubernetes-dashboard Web管理面板,Google Chrome、Microsoft Edge访问时可能会出现NET::ERR_CERT_INVALID ssl证书错误问题,如果你直接使用Mozilla Firefox访问是不会出现的,原因是由于物理机的浏览器证书不可用。我们可以生成一个私有证书或者使用公有证书,下面开始配置证书:
1、首先我们需要确认生成了Dashboard的认证Token
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
2、查看kubernetes-dashboard 容器跑在哪台node节点上,这里可以看到kubernetes-dashboard跑在node2上
[root@master ~]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-bccdc95cf-9vhbr 1/1 Running 0 19h 10.244.0.2 master <none> <none>
coredns-bccdc95cf-tcrnv 1/1 Running 0 19h 10.244.0.3 master <none> <none>
etcd-master 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kube-apiserver-master 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kube-controller-manager-master 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kube-flannel-ds-amd64-4kxc9 1/1 Running 0 19h 192.168.1.24 node2 <none> <none>
kube-flannel-ds-amd64-6k6lh 1/1 Running 0 19h 192.168.1.177 node1 <none> <none>
kube-flannel-ds-amd64-78l7h 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kube-proxy-7nbgx 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kube-proxy-gr8fz 1/1 Running 0 19h 192.168.1.177 node1 <none> <none>
kube-proxy-mhmhq 1/1 Running 0 19h 192.168.1.24 node2 <none> <none>
kube-scheduler-master 1/1 Running 0 19h 192.168.1.58 master <none> <none>
kubernetes-dashboard-59b5cb5c6b-hdr2h 1/1 Running 0 19h 10.244.2.2 node2 <none> <none>
3、在node2节点上查看kubernetes-dashboard容器ID
[root@node2 ~]# docker ps | grep dashboard
c5d9d164d6ba loveone/kubernetes-dashboard-amd64 "/dashboard --insecu…" 20 hours ago Up 17 hours k8s_kubernetes-dashboard_kubernetes-dashboard-59b5cb5c6b-hdr2h_kube-system_b9e549c7-b2b0-4f9c-b92a-2c27570f932e_0
0d5848014352 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" 20 hours ago Up 20 hours k8s_POD_kubernetes-dashboard-59b5cb5c6b-hdr2h_kube-system_b9e549c7-b2b0-4f9c-b92a-2c27570f932e_0
4、查看kubernetes-dashboard容器certs所挂载的宿主主机目录,这里我省略部分不需要的信息
[root@node2 ~]# docker inspect c5d9d164d6ba
[
"Mounts": [
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-certs",
"Destination": "/certs",
"Mode": "ro,Z",
"RW": false,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~empty-dir/tmp-volume",
"Destination": "/tmp",
"Mode": "Z",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-token-h6gpv",
"Destination": "/var/run/secrets/kubernetes.io/serviceaccount",
"Mode": "ro,Z",
"RW": false,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/etc-hosts",
"Destination": "/etc/hosts",
"Mode": "Z",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/containers/kubernetes-dashboard/e8836662",
"Destination": "/dev/termination-log",
"Mode": "Z",
"RW": true,
"Propagation": "rprivate"
}
]
]
5、这里以私有证书配置,生成dashboard证书,信息随意填写即可
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
openssl req -new -key dashboard.key -out dashboard.csr
##生成证书申请文件 opensslreq-new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr
[root@Compro private]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Country Name (2 letter code) [XX]:CN 国家
State or Province Name (full name) []:beijing 城市
Locality Name (eg, city) [Default City]:haidian 地区
Organization Name (eg, company) [Default Company Ltd]:xiaomag.com 公司
Organizational Unit Name (eg, section) []:FBI 部门
Common Name (eg, your name or your server's hostname) []:www.xiaomag.com 指定给谁用
Email Address []:[email protected] 邮箱
openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
6、将生成的dashboard.crt和dashboard.key放到certs对应的宿主主机的souce目录
scp dashboard.crt dashboard.key 192.168.1.58:/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-certs
7、重启kubernetes-dashboard容器,选择Token选项填入之前生成好的Token即可
docker restart c5d9d164d6ba
这时候可能会发现是英文界面,这是因为dashboard将以您在Chrome中配置的首选语言显示,这时我们需要改变浏览器所配置的语言顺序后刷新网页。
