1. Deploy a single control plane cluster
Article directory
1.1 Basic environment preparation
1.1.1 Hardware Preparation
Machine configuration: 2-core CPU, 4G memory, 40G system disk
System: Ubuntu 16.04.6 LTS
Number of machines: 3 (master01 node01 node02)
1.1.2 System Environment Configuration
Modify the configuration static hostname
hostnamectl set-hostname node01 --static
hostnamectl set-hostname node02 --static
hostnamectl set-hostname master01 --static
Modify the hosts table to keep the file content consistent for all nodes in the cluster
#Kubernetes
172.31.53.87 master01
172.31.53.88 node01
172.31.53.86 node02
Configure server time uniformity
close firewalld
ufw disable
Turn off SELinux
ubuntu默认关闭SELinux
close swap
# 临时关闭
swapoff -a
# 永久关闭
注释掉/etc/fstab下的swap一行
Turn on parameter auto-completion and cancel the bash-completion comment
vim /etc/bash.bashrc
# enable bash completion in interactive shells
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
source /etc/bash.bashrc
1.1.3 Docker environment preparation
Update apt package index
apt-get update
Install packages to allow apt to use repositories over HTTPS
apt-get -y install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Install the add-apt-repository tool
apt-get -y install software-properties-common
Add stable repository
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
Update apt package index
apt-get update
View Docker version
apt-cache madison docker-ce
Install the latest version of docker-ce
apt-get -y install docker-ce docker-ce-cli containerd.io
docker info
Fixed issue: WARNING: No swap limit support (warning that docker does not support memory limit under OS), this warning does not occur on RPM-based systems, which have these features enabled by default. Workaround: vim /etc/default/grub add or edit the GRUB_CMDLINE_LINUX line to add these two key-value pairs "cgroup_enable=memory swapaccount=1", for example:
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1 net.ifnames=0 vga=792 console=tty0 console=ttyS0,115200n8 noibrs"
Execute the command to update grub and reboot the machine
update-grub && reboot
After docker version 1.13, the default policy of the FORWARD chain in the system iptables is set to DROP, and the ACCEPT rule is added for the container connected to the docker0 bridge. The temporary solution:
iptables -P FORWARD ACCEPT
Permanent solution:
vim /lib/systemd/system/docker.service
# 在[Service]下添加:
ExecStartPost=/sbin/iptables -P FORWARD ACCEPT
systemctl daemon-reload && systemctl restart docker.service
set daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ezdhou8v.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload && systemctl restart docker.service
1.1.4 kubeadm environment preparation
Configure apt library, install kubeadm, kubelet, kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
Turn on these settings so that packets passing through the bridge are processed by the iptables rules on the host system, off by default, set to 1 to enable
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
1.2 Create a single control plane cluster
1.2.1 Initialize the cluster
Detailed command
kubeadm config upload from-file: ConfigMap is generated by uploading the configuration file to the cluster;
kubeadm config upload from-flags: Generate ConfigMap from configuration parameters;
kubeadm config view: View the configuration values in the current cluster;
kubeadm config print init-defaults: output the content of the default parameter file of kubeadm init;
kubeadm config print join-defaults: output the content of the default parameter file of kubeadm join;
kubeadm config migrate: perform configuration conversion between old and new versions;
kubeadm config images list: List the required image list;
kubeadm config images pull: pull the image to the local;
Configure kubeadm parameter auto-completion
# 查看completion帮助
kubeadm completion -h
# 配置自动补全
source <(kubeadm completion bash)
echo "source <(kubeadm completion bash)" >> ~/.bashrc
source ~/.bashrc
Generate configuration file
kubeadm config print init-defaults > init-defaults.yaml
vim init-defaults.yaml修改:
clusterName: Cluster01
advertiseAddress: 172.24.51.176
imageRepository: registry.aliyuncs.com/google_containers
perform initialization
kubeadm init --config init-defaults.yaml
or
kubeadm init --apiserver-advertise-address=172.24.205.51 --image-repository=registry.aliyuncs.com/google_containers
# 执行完初始化保存最后输出的结果到文件:管理用户配置、部署网络、添加节点相关信息.如果在初始化集群的时候出现报错,请执行 kubeadm reset 命令执行重置,解决提示的报错后在执行初始化操作。
1.2.2 kubectl configuration file
root user
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /root/.bashrc
source /root/.bashrc
non-root user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
1.2.3 Automatic completion of kubectl parameters
View completion help
kubectl completion -h
Add kubectl autocompletion to current shell
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
1.2.4 Kubernetes Network
kubectl apply -f https://docs.projectcalico.org/v3.22/manifests/calico.yaml
# 指定网卡名称
kubectl -n kube-system edit daemonsets.apps calico-node
spec:
containers:
- env:
- name: IP_AUTODETECTION_METHOD # 添加该环境变量
value: interface=eth0 # 指定内网网卡名称,按事实情况修改
1.2.5 Nodes resource management
1.2.5.1 Add Node node
# 创建token (Master01节点执行)
kubeadm token create
# 永久token
kubeadm token create --ttl 0
# 查看token (Master01节点执行)
kubeadm token list
# 获取discovery-token-ca-cert-hash值(Master01节点执行)
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
# 添加work节点到kubernetes集群(work node节点执行)
kubeadm join <api-server-ip:port> --token <toke> --discovery-token-ca-cert-hash sha256:<discovery-token-ca-cert-hash>
kubeadm token create --print-join-command
# 自动生成以下命令,直接加入节点
kubeadm join 172.21.184.81:6443 --token jde7q3.bv4ehxnyxfe04m56 --discovery-token-ca-cert-hash sha256:cde3bc85a4fbc5bdb0e78a532d0fa0fbc301485f7d86806c06ea59f6f9610032
1.2.5.2 Delete Node node
# 删除节点
kubectl delete nodes <node_name>
# 删除/etc/kubernetes目录
rm -rf /etc/kubernetes/
# ssh到<node_name>执行清理残留操作
kubeadm reset
# 清理Iptables
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
或者
# 清理IPVS
ipvsadm -C
1.3 Verification
# 检查组件状态是否正常
kubectl get componentstatuses
# 查看集群系统信息
kubectl cluster-info
# 查看核心组件是否运行正常(Running)
kubectl -n kube-system get pod
# 每次重启之后,删除非Up状态的容器
docker ps -a | grep -v Up | xargs docker rm -f
Article directory
2. Nodes resource management
2.1 View brief information about resources
kubectl get nodes
# 解析:
NAME:node的名称
STATUS:node的状态
ROLES: node的角色
AGE:node的生命周期
VERSION:kubernetes版本
2.2 View extended information of resources
kubectl get nodes -o wide
# 解析:
INTERNAL-IP::内部IP
EXTERNAL-IP:外部IP
OS-IMAGE:系统版本
KERNEL-VERSION;系统内核版本
CONTAINER-RUNTIME:container runtime的版本
2.3 Viewing the details of a resource
kubectl describe nodes master01
# 解析:
capacity:描述节点上的总资源:CPU、内存和可以调度到节点上的最pod数量;
allocatable: 描述可分配的资源;
conditions:
MemoryPressure:
status: True 节点内存存在压力或者不足
status: False 节点内存正常无压力
DiskPressure:
status: True 磁盘容量存在压力或者容量低
status: False 磁盘容量正常无压力
PIDPressure:
status: True 进程上存在压力或者进程过多
status: False 进程正常无压力
Ready:
status: True 节点是健康正常
status: False 节点不健康
OutOfDisk:
status: True 如果节点上没有足够的空闲空间来添加新的pod
status: False 节点上有空闲的空间
NetworkUnavailable:
status: True 节点的网络配置不正确
status: False 节点的网络配置正确
2.4 View the yaml file format of the resource
kubectl get nodes master01 -o yaml
2.5 View the json file format of the resource
kubectl get nodes master01 -o json
Article directory
3. Label and Annotation
3.1 Label
View tag information for a resource
kubectl get nodes --show-labels
或者
kubectl describe nodes node01
Add and delete Label, Key must exist and be unique, Value can be empty and not unique
# 添加Label
kubectl label nodes node01 node-role.kubernetes.io/work=
# 删除Label
kubectl label nodes node01 node-role.kubernetes.io/work-
View the role of node
kubectl get nodes
3.2 Annotation
View Annotation
kubectl describe resource_type resource_name
Add and delete Annotation, #Key must exist and be unique, Value can be empty and not unique
添加Annotation
kubectl annotate resource_type resource_name key=value
# 删除Annotation
kubectl annotate resource_type resource_name key-
Article directory
4-5. Kubernetes API、Resources与Namespaces
4. Kubernetes API与Resources
4.1 api-resources
View Kubernetes resources
kubectl api-resources
4.2 api-versions
View Kubernetes api-version
kubectl api-versions
5. Namespaces
5.1 View the namespace under the current cluster
kubectl get namespaces
5.2 Creation and deletion of Namespaces
# 创建
kubectl create namespace test
# 删除
kubectl delete namespaces demo
# yaml创建
cat << EOF > my-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: demo
EOF
# 执行yaml文件创建namespaces
kubectl apply -f ./my-namespace.yaml
# 通过yaml文件删除namespaces
kubectl delete -f my-namespace.yaml
Article directory
6. Workload pods
6.1 Create Pod
Create a Pod from the command line
kubectl run --image=nginx test
View Pods
kubectl get pod
Yaml file creation – specify Namespace
apiVersion: v1
kind: Namespace
metadata:
name: nginx-example
---
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod01
namespace: nginx-example
spec:
containers:
- name: pod-nginx
image: nginx
imagePullPolicy: IfNotPresent
Introduction to Pods
查看pod的状态
kubectl get pods
NAMESPACE:所属namespace
NAME: Pod名字
READY: Pod 是否为READY
STATUS: Pod状态
RESTARTS:容器的重启次数
AGE:生命周期
imagePullPolicy:
Always:每次都下载镜像(默认);
Never:只使用本地镜像,从不下载;
IfNotPresent:只有当本地没有的时候才下载镜像;
restartPolicy:
Always:除了Running状态都重启容器;
OnFailure:失败状态才重启容器;
Never:无论失败或者完成状态都不重启容器;
Create multiple-containers.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod01
spec:
containers:
- name: pod-nginx
image: nginx
- name: pod-tomcat
image: tomcat
6.2 Setting resource requests and limits for pods
Create memory-request-limit.yaml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo-ctr
image: polinux/stress
resources:
limits:
memory: "200Mi"
requests:
memory: "100Mi"
command: ["stress"]
args: ["--vm", "1", "--vm-bytes", "250M", "--vm-hang", "1"]
Create cpu-request-limit.yaml
apiVersion: v1
kind: Pod
metadata:
name: cpu-demo
spec:
containers:
- name: cpu-demo-ctr
image: vish/stress
resources:
limits:
cpu: "1"
requests:
cpu: "0.5"
args:
- -cpus
- "2"
6.3 Login container operation
# pod封装一个容器
kubectl exec -it memory-demo bash
kubectl exec -it memory-demo -- ls /sbin
# pod封装多个容器
kubectl exec -it -c memory-demo-ctr-2 memory-demo bash
kubectl exec -it -c memory-demo-ctr-2 memory-demo -- ls /root
6.4 Use of apply, edit and patch
# apply的使用
kubectl apply -f
# edit的使用
kubectl edit <TYPE> <NAME>
# patch的使用
kubectl get <TYPE> <NAME> -o json
kubectl patch <TYPE> <NAME> -p '{"metadata": {"labels": {"app": "damon"}}}'
6.5 Init Containers
Create init-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp01
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'echo The myapp is running! && sleep 3600']
- name: myapp02
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init01
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'echo The app is complete! && sleep 10']
- name: init02
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'echo The init02 is complete! && sleep 10']
6.6 static Pods
The default storage path of the Static Pod deployed by kubeadm in the kubernetes cluster is: /etc/kubernetes/manifests/
Modify the Static Pod storage path:
方法一:
修改/var/lib/kubelet/config.yaml
修改staticPodPath: /etc/kubernetes/manifests
方法二:
修改/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
在KUBELET_CONFIG_ARGS后添加参数:--pod-manifest-path=<绝对路径>