kubernetes专题
注:
- 本教程由羞涩梦整理同步发布,本人技术分享站点:blog.hukanfa.com
- 转发本文请备注原文链接,本文内容整理日期:2024-03-010
- csdn 博客名称:五维空间-影子,欢迎关注
1 集群规划
| 主机 | 主机名称 | 系统版本 | 内核版本 | cpu | 内存 |
|---|---|---|---|---|---|
| 192.168.26.1 | node1 | centos7.6 | 3.10.0-957.el7.x86_64 | 2 | 2 |
| 192.168.26.2 | node2 | centos7.6 | 3.10.0-957.el7.x86_64 | 2 | 2 |
| 192.168.26.3 | master | centos7.6 | 3.10.0-957.el7.x86_64 | 2 | 2 |
2 环境准备
2.1 添加主机解析
- 添加主机名称解析记录,在所有节点执⾏;
shell
echo "192.168.26.1 k8s-node01" >> /etc/hosts
echo "192.168.26.2 k8s-node02" >> /etc/hosts
echo "192.168.26.3 k8s-master" >> /etc/hosts- ping测试
shell
[root@hukanfa hukanfa]# ping k8s-master
PING k8s-master (192.168.26.3) 56(84) bytes of data.
64 bytes from k8s-master (192.168.26.3): icmp_seq=1 ttl=64 time=0.458 ms
64 bytes from k8s-master (192.168.26.3): icmp_seq=2 ttl=64 time=0.269 ms- 为了便于区分,更改节点主机名称
shell
# master
hostnamectl set-hostname k8s-master
# node
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node022.2 关闭防火墙
- 关闭Selinux防⽕墙,Firewalld防⽕墙,在所有节点执⾏;
shell
# 关闭firewalld
[root@hukanfa hukanfa]# systemctl stop firewalld && systemctl disable firewalld
[root@hukanfa hukanfa]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# 关闭 selinux
# ** 临时关闭
setenforce 0
# ** 永久关闭
vi /etc/sysconfig/selinux
SELINUX=disabled2.3 关闭swap
- 禁⽌k8s使⽤swap虚拟内存,在所有节点执⾏;
shell
# 临时
swapoff -a
# 永久
[root@hukanfa hukanfa]# sed -ri 's/.*swap.*/#&/' /etc/fstab
[root@hukanfa hukanfa]# cat /etc/fstab
#UUID=dac6c6c2-69cf-40bd-8bf6-a85bc7882231 swap swap defaults 0 02.4 修改内核
- 开启内核 ipv4 转发需要执⾏如下命令加载 br_netfilter 模块,在所有节点执⾏
shell
# 每个节点执行,只是临时,重启会关闭
modprobe br_netfilter
[root@k8s-master hukanfa]# lsmod | grep net
br_netfilter 22256 0
bridge 151336 1 br_netfilter-
重启后模块失效,下面是开机自动加载模块的脚本
- 在/etc/sysconfig/modules/目录下新建文件如下
shellcat > /etc/sysconfig/modules/br_netfilter.modules <<EOF #!/bin/bash modprobe -- br_netfilter EOF- 添加权限
shellchmod 755 /etc/sysconfig/modules/br_netfilter.modules source /etc/sysconfig/modules/br_netfilter.modules- 重启后 模块自动加载
shell[root@localhost ~]# lsmod |grep br_netfilter br_netfilter 22209 0 bridge 136173 1 br_netfilter -
创建/etc/sysctl.d/k8s.conf⽂件,添加如下内容:
shell
# 创建文件
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
# 刷新
sysctl -p /etc/sysctl.d/k8s.conf2.5 安装IPVS
- 开启内核 ipv4 转发需要执⾏如下命令加载 br_netfilter 模块,在所有节点执⾏
shell
# 所有节点执行
yum -y install ipset ipvsadm- 加载ipvs模块,在所有节点执⾏;
shell
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
shell
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4- 上⾯脚本创建了的/etc/sysconfig/modules/ipvs.modules⽂件,保证在节点重启后能⾃动加载所需模块。使⽤lsmod | grep -e ip_vs -e nf_conntrack_ipv4命令查看是否已经正确加载所需的内核模块
2.6 配置时间同步
- 为保证所有集群节点时间一致,需配置时间同步。所有节点执行
shell
# 安装
yum install chrony -y
# 启动并设置开机自启
systemctl enable chronyd --now
systemctl status chronyd
# 同步时间
[root@hukanfa hukanfa]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 139.199.215.251 2 6 17 41 -12ms[-3433us] +/- 50ms
^* chat.k-ten.de 2 6 17 40 -5716us[+2526us] +/- 135ms
^+ time.cloudflare.com 3 6 17 40 -14ms[-6030us] +/- 100ms
^+ makaki.miuku.net 3 6 17 40 +71ms[ +79ms] +/- 162ms
# 查看时间同步
[root@hukanfa hukanfa]# date
Tue Jan 31 11:37:07 CST 20232.7 docker 配置调整
- 修改 /etc/docker/daemon.json
shell
# 添加以下配置
"exec-opts": ["native.cgroupdriver=systemd"],
# 重新加载
systemctl daemon-reload
systemctl restart docker3 kubeadm安装k8s-1.22.2-docker
kubernetes在V1.24起的版本的 kubelet 就彻底移除了dockershim,改为默认使用Containerd- 所以,此基于docker版本的安装请使用 kubernetes1.24 之前的版本
- 当然也可以使用 cri-dockerd 适配器来将 Docker Engine 与 Kubernetes 集成
- 这里使用的是 1.22.2 版本,与之对应的
docker版本为:20.10 - 优秀博文:https://www.51cto.com/article/710688.html
3.1 k8s-master端
提示:请先安装docker,这里就不另外说明docker安装
3.1.1 安装集群工具
- 配置 yum 源
shell
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpmpackage-key.gpg
EOF- yum 安装
- kubeadm:初始化集群的指令
- kubelet:在集群中的每个节点上⽤来启动 Pod 和容器等
- kubectl:⽤来与集群通信的命令⾏⼯具
shell
# 安装
yum install -y kubelet-1.22.2 kubeadm-1.22.2 kubectl-1.22.2
# 检查版本是否正确
kubeadm version
# 修改容器运行时,增加 --container-runtime-endpoint=unix:///var/run/docker.sock 配置
vi /usr/lib/systemd/system/kubelet.service
[Service]
ExecStart=/usr/bin/kubelet --container-runtime-endpoint=unix:///var/run/docker.sock
systemctl daemon-reload
# 确保docker处于运行状态
systemctl restart docker
systemctl restart kubelet
# 启动kubelet
systemctl enable kubelet --now
# 这时候kubelet是起不来的,因为还要执行下面的初始化操作
systemctl status kubelet3.1.2 初始化
- 配置kubernetes镜像源为阿里云
shell
kubeadm init \
--apiserver-advertise-address=192.168.26.3 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.2 \
--service-cidr=10.9.0.0/16 \
--pod-network-cidr=10.8.0.0/16
# --apiserver-advertise-address 指定APIServer节点地址
# --image-repository 指定镜像获取仓库
# --kuernetes-version 指定k8s运⾏版本
# --service-cidr 指定service运⾏⽹段(内部负载均衡的⽹段)
# --pod-network-cidr 指定pod运⾏⽹段- 初始化成功将出现如下提示
shell
...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.26.3:6443 --token g4ip2c.nbcrn0fudvmsf2k9 \
--discovery-token-ca-cert-hash sha256:d94493d03863d5fa826ea81ddc38658aea0d3cb38538bf8e473d87b2a9cbc30b - 初始化失败,重置操作
shell
# 重置
kubeadm reset
# 清理此目录下的文件
rm -rf /etc/kubernetes/manifests3.1.3普通用户操作配置
- 为了普通用户也能操作k8s相关命令,需要做如下配置
- 普通用户本地环境,配完可以使用相关命令了
- 如果想使用全局配置,请看下面的操作
shell
# 普通用户操作
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 如果不配置下面的全局设置,root 用户也需要执行上述的命令- 配置全局环境变量(可选)
- 需要给普通用户授权 /etc/kubernetes/admin.conf
shell
# 编辑
sudo vi /etc/profile
...
# kubernetes config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 刷新
source /etc/profile
# 验证
[hukanfa@k8s-master ~]$ echo $KUBECONFIG
/etc/kubernetes/admin.conf
# 未授权,普通用户报权限不足
[hukanfa@k8s-master .kube]$ kubectl get cs
error: error loading config file "/etc/kubernetes/admin.conf": open /etc/kubernetes/admin.conf: permission denied
# 授权
[root@k8s-master hukanfa]# chown -R hukanfa:hukanfa /etc/kubernetes/admin.conf 3.1.4 调整 scheduler 状态
- 初始化成功后,通过以下命令可以看到scheduler组件状态是 Unhealthy
shell
[hukanfa@k8s-master ~]$ kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""} - 修改配置文件 kube-scheduler.yaml
shell
[hukanfa@k8s-master ~]$ sudo vi /etc/kubernetes/manifests/kube-scheduler.yaml
spec:
containers:
- command:
...
- --bind-address=192.168.26.3
- --port=10251
...
livenessProbe:
failureThreshold: 8
httpGet:
host: 192.168.26.3
...
startupProbe:
failureThreshold: 24
httpGet:
host: 192.168.26.3- 重启kubelet
shell
[hukanfa@k8s-master ~]$ sudo systemctl restart kubelet- 再次确认 scheduler 状态
shell
[hukanfa@k8s-master ~]$ kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""}3.2 k8s-node端
3.2.1 安装集群工具
- 配置 yum 源
shell
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpmpackage-key.gpg
EOF- 安装工具
shell
yum install -y kubelet-1.22.2 kubeadm-1.22.2
# 修改容器运行时,增加 --container-runtime-endpoint=unix:///var/run/docker.sock 配置
vi /usr/lib/systemd/system/kubelet.service
[Service]
ExecStart=/usr/bin/kubelet --container-runtime-endpoint=unix:///var/run/docker.sock
systemctl daemon-reload
# 确保docker处于运行状态
systemctl restart docker
systemctl enable docker
systemctl restart kubelet
systemctl enable kubelet3.2.2 初始化
- master 初始化成功后会生成令牌,执行命令加入即可
shell
[root@k8s-node02 hukanfa]# kubeadm join 192.168.26.3:6443 --token g4ip2c.nbcrn0fudvmsf2k9 --discovery-token-ca-cert-hash sha256:d94493d03863d5fa826ea81ddc38658aea0d3cb38538bf8e473d87b2a9cbc30b
...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.- 令牌有效期24小时,可以在master节点生成新令牌命令
shell
[root@k8s-master ~]# kubeadm token create --print-join-command3.2.3 查看节点就绪状态
- master 节点查看
shell
[hukanfa@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 22h v1.22.2
k8s-node01 Ready <none> 45m v1.22.2
k8s-node02 Ready <none> 46m v1.22.23.3 安装网络插件 flannel (二选一)
提示:安装网络插件前,建议先执行 k8s-node 端初始化等操作
- 在没安装网络插件之前,集群间节点网络是不可达的
shell
# 状态为 NotReady
[hukanfa@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 17h v1.22.2- 命令一键安装 网络插件
shell
# network 改为master初始化时配置的 --pod-network-cidr=10.8.0.0/16
vi kube-flannel.yml
net-conf.json: |
{
"Network": "10.8.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
# 部署
[root@k8s-master hukanfa]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml- kube-flannel.yml 文件下载地址
- 不能使用上述地址情况下可选择下载
shell
链接:https://pan.baidu.com/s/1q3rIjXJMIY-VytNlSYBFVA?pwd=zr99 - 查看安装状态
shell
查看安装状态
[root@k8s-master hukanfa]# ip a | grep flannel
5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
inet 10.8.0.0/32 brd 10.8.0.0 scope global flannel.1- 查看节点网络状态
shell
[hukanfa@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 18h v1.22.2- 卸载flannel
shell
# 卸载
kubectl delete -f kube-flannel.yml
# 停掉网卡
ifconfig flannel.1 down
# 删除ip link
ip link delete flannel.1
# 重启kubelet
systemctl restart kubelet
# 清理目录文件,先重启kubelet后才能删除掉 cni 目录
rm -rf /var/lib/cni/
rm -f /etc/cni/net.d/*
# 查看节点网络状态
[root@k8s-master lib]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 18h v1.22.2注意:网络插件安装后,node的状态需要一定时间才能变为ready。因为需要拉取镜像等过程
3.4 安装网络插件 calico (二选一)
提示:安装网络插件前,建议先执行 k8s-node 端初始化等操作
- 下载地址
shell
# 在线地址
wget https://docs.projectcalico.org/manifests/calico.yaml
# 百度网盘地址
链接:https://pan.baidu.com/s/1gq02DmfhBwv28WMloDNRVw?pwd=0q3w - 修改配置
shell
vi calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
- name: CALICO_IPV4POOL_CIDR
value: "10.8.0.0/16"提示:其中IP为 kubeadm init 时候 pod-network-cidr 的IP
- 创建网络
- 当前环境采⽤FCalico模式
shell
[hukanfa@k8s-master ~]$ sudo kubectl apply -f calico.yaml- 查看容器运行状态
shell
[hukanfa@k8s-master ~]$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-68d86f8988-z6bx4 1/1 Running 0 176m
calico-node-vsqjb 1/1 Running 0 176m
calico-node-xlvxg 1/1 Running 0 43m
calico-node-z8dpk 1/1 Running 0 44m
coredns-7f6cbbb7b8-622gf 1/1 Running 0 21h
coredns-7f6cbbb7b8-ndtwj 1/1 Running 0 21h注意:只需要再master节点安装网络插件即可,会自动发现注册进来的node
- 卸载calico网络插件
shell
# 删除对象(master执行)
[hukanfa@k8s-master ~]$ kubectl delete -f calico.yaml
poddisruptionbudget.policy "calico-kube-controllers" deleted
serviceaccount "calico-kube-controllers" deleted
serviceaccount "calico-node" deleted
...
# 停掉网卡,删除Tunl0。(master|node执行)
[hukanfa@k8s-master ~]$ ip addr
...
8: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 10.8.235.192/32 scope global tunl0
valid_lft forever preferred_lft forever
[root@k8s-master hukanfa]# modprobe -r ipip
# 重启kubelet(master|node执行)
systemctl restart kubelet
# 清理目录文件,先重启kubelet后才能删除掉 cni 目录(master|node执行)
rm -rf /var/lib/cni/
rm -f /etc/cni/net.d/*
systemctl restart kubelet
# 查看节点网络状态
[root@k8s-master lib]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 18h v1.22.24 kubeadm安装k8s-1.26.0-container
- 建议使用
kubernetes 1.26.0及以上版本- 本次使用 1.26.0 版本
- 博文摘录:https://www.51cto.com/article/710688.html
4.1 container安装
- 关于
CgroupDriver说明- Linux 使用 cgroup 进行资源的隔离控制
- Centos 启动时使用 systemd(systemctl) 进行初始化系统,会生成一个 cgroup manager 去管理 cgroupfs
- 如果让 Containerd 直接去管理 cgroupfs ,又会生成一个 cgroup manager。
- 一个系统有两个 cgroup manager 很不稳定。所以我们需要配置 Containerd 直接使用 systemd 去管理 cgroupfs
4.1.1 下载安装
-
下载安装包(master|node)
- 在线下载
shell# 官网 https://github.com/containerd/containerd/releases/download/v1.6.16/containerd-1.6.16-linux-amd64.tar.gz- 百度网盘
shell# 链接 https://pan.baidu.com/s/1YWkq-63Q31IBXZMe3971-Q?pwd=njgz -
迁移配置文件(master|node)
- 创建解压目录,并解压
shell[hukanfa@k8s-master ~]$ mkdir containerd-1.6.16 [hukanfa@k8s-master ~]$ tar -zxvf containerd-1.6.16-linux-amd64.tar.gz -C containerd-1.6.16- 拷贝配置文件到 /usr/bin
shell[root@k8s-master hukanfa]# cd containerd-1.6.16 [root@k8s-master containerd-1.6.16]# cp bin/* /usr/bin/
4.1.2 调整config.toml
- 生成新的 config.toml 文件
shell
[root@k8s-master hukanfa]# containerd config default | tee /etc/containerd/config.toml-
config.toml 文件
- 修改如下
shell......省略部分...... enable_selinux = false selinux_category_range = 1024 # sandbox_image = "k8s.gcr.io/pause:3.6" # 注释上面那行,添加下面这行 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6" stats_collect_period = 10 systemd_cgroup = false ......省略部分...... privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] # 修改改为 true SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" ......省略部分...... [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] # endpoint = ["https://registry-1.docker.io"] # 注释上面那行,添加下面三行 endpoint = ["https://docker.mirrors.ustc.edu.cn"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"] endpoint = ["https://registry.aliyuncs.com/google_containers"] [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "" ......省略部分......- 百度网盘下载修改好的 config.toml 文件
shell# 链接 https://pan.baidu.com/s/1kFNBTADXXZ0XDMMx7MqNSA?pwd=n5r6
4.1.3 启动containerd
- 配置开机自启
shell
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl enable containerd --now4.2 nerdctl安装(可选)
-
nerdctl是 containerd 原生的命令行管理工具,兼容 docker 命令语法- nerdctl是一个较新的containerd工具,兼容Docker命令行工具
-
比ctr覆盖更全面,另外还支持docker-compose(不包括swarm)以及一些可选的高级特性
4.2.1 下载安装
-
github地址:https://github.com/containerd/nerdctl/releases
- 方式1:命令下载
shell# 网络受限 wget https://github.com/containerd/nerdctl/releases/download/v1.2.0/nerdctl-1.2.0-linux-amd64.tar.gz- 方式2:网盘
shell# 链接 https://pan.baidu.com/s/1pKc-XmLieOq-Dn27uOhhAQ?pwd=zjqd -
解压安装
- 上传到node节点
shell[hukanfa@k8s-node02 ~]$ ls nerdctl-1.2.0-linux-amd64.tar.gz- 解压
shell[root@k8s-node02 hukanfa]# tar -zxvf nerdctl-1.2.0-linux-amd64.tar.gz -C /usr/local/bin nerdctl containerd-rootless-setuptool.sh containerd-rootless.sh # 删掉 sh 脚本 [root@k8s-node02 bin]# rm -f containerd-rootless*.sh- 验证安装是否成功
shell[hukanfa@k8s-node02 ~]$ nerdctl --version nerdctl version 1.2.0
4.2.2 调整配置
-
nerdctl 获取的是默认命名空间镜像
- 如果查看kubernetes下载的镜像需要额外指定命名空间名称:k8s.io
shell# 输入nerdctl 会出现提示 [root@k8s-node02 hukanfa]# nerdctl nerdctl is a command line interface for containerd Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml- 创建nerdctl.toml
shell# 创建目录 [root@k8s-node02 hukanfa]# mkdir /etc/nerdctl # 创建文件 [root@k8s-node02 hukanfa]# echo 'namespace="k8s.io"' > /etc/nerdctl/nerdctl.toml [root@k8s-node02 hukanfa]# cat /etc/nerdctl/nerdctl.toml namespace="k8s.io"- 验证
shell# 更改后 [root@k8s-node02 hukanfa]# nerdctl image ls # 更改前 # [root@k8s-node02 hukanfa]# nerdctl -n k8s.io image
4.3 buildkit安装(可选)
4.3.1 简介
- nerdctl 精简版 无法直接通过 containerd 构建镜像,需要与 buildkit 组全使用以实现镜像构建,完整版 nerdctl 是可以的
- buildkit 项目是 Docker 公司开源出来的一个构建工具包,支持 OCI 标准的镜像构建
- buildkit 包含服务端和客户端,作用分别如下说明
- 服务端
buildkitd:当前支持 runc 和 containerd 作为 worker,默认是 runc - 客户端
buildctl:负责解析 Dockerfile,并向服务端 buildkitd 发出构建请求
- 服务端
4.3.2 部署
-
buildkit 是典型的 C/S 架构,client 和 server 可以不在一台服务器上。而 nerdctl 在构建镜像方面也可以作为 buildkitd 的客户端
-
buildkit 和 containerd 的版本对应关系
-
下载
shell
# 官网地址
wget https://github.com/moby/buildkit/releases/download/v0.10.6/buildkit-v0.10.6.linux-amd64.tar.gz
# 百度网盘下载,链接
链接:https://pan.baidu.com/s/1QNouSd4r_DMgskJBNvYyXA?pwd=hd51
# 解压
[hukanfa@k8s-master ~]$ mkdir buildkit-v0.10.6
[hukanfa@k8s-master ~]$ tar -zxvf buildkit-v0.10.6.linux-amd64.tar.gz -C buildkit-v0.10.6- 全局环境设置
shell
# bin 目录下的文件拷贝到 /usr/bin 下
[hukanfa@k8s-master ~]$ cd buildkit-v0.10.6
[hukanfa@k8s-master buildkit-v0.10.6]$ ls
bin
[root@k8s-master buildkit-v0.10.6]# cp -a bin/* /usr/bin
[root@k8s-master buildkit-v0.10.6]# which buildctl
/usr/bin/buildctl- 编写服务端 buildkitd 启动文件
shell
[root@k8s-master buildkit-v0.10.6]# cat > /etc/systemd/system/buildkit.service <<EOF
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF- 设置开机自启,并启动服务
shell
[root@k8s-master buildkit-v0.10.6]# systemctl enable buildkit --now
# 查看状态
[root@k8s-master buildkit-v0.10.6]# systemctl status buildkit
● buildkit.service - BuildKit
Loaded: loaded (/etc/systemd/system/buildkit.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-02-08 15:09:12 CST; 6s ago
Docs: https://github.com/moby/buildkit
Main PID: 16131 (buildkitd)
Tasks: 7
Memory: 17.5M
CGroup: /system.slice/buildkit.service
└─16131 /usr/bin/buildkitd --oci-worker=false --containerd-worker=true4.4 crictl安装
4.4.1 简介
crictl是 CRI 兼容的容器运行时命令行接口。- 你可以使用它来检查和调试 Kubernetes 节点上的容器运行时和应用程序
- crictl 和它的源代码在 cri-tools 代码库
- crictl 默认使用命名空间 k8s.io
4.4.2 下载安装
-
下载安装包
- 官网
shellhttps://github.com/kubernetes-sigs/cri-tools/releases/download/v1.26.0/crictl-v1.26.0-linux-amd64.tar.gz- 百度网盘
shell# 链接 https://pan.baidu.com/s/1vid1Uiq2oCtmro-vzmkFtQ?pwd=pm6x -
解压安装
- 解压
shell# 创建解压目录 mkdir crictl-v1.26.0 tar -zxvf crictl-v1.26.0-linux-amd64.tar.gz -C crictl-v1.26.0- 安装:拷贝配置文件到 /usr/bin
shell[root@k8s-master crictl-v1.26.0]# cd crictl-v1.26.0 [root@k8s-master crictl-v1.26.0]# cp crictl /usr/bin/ [root@k8s-master crictl-v1.26.0]# crictl --version crictl version v1.26.0
4.4.3 创建crictl.yaml
-
创建方式
- 方式一:手动创建
shell[root@k8s-master ~]# cat << EOF | tee /etc/crictl.yaml runtime-endpoint: "unix:///run/containerd/containerd.sock" image-endpoint: "unix:///run/containerd/containerd.sock" timeout: 10 debug: false pull-image-on-create: false disable-pull-on-run: false EOF- 方式二:自动生成
shellcrictl config runtime-endpoint -
重载
shell
# 重新加载
[root@k8s-master hukanfa]# systemctl daemon-reload4.5 k8s-master端
注意:需用 1.24.0 及以上版本 kubernetes- 本次选用较新版本:1.26.0
4.5.1 安装集群工具
- 配置 yum 源
shell
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF- 安装
- kubeadm:初始化集群的指令
- kubelet:在集群中的每个节点上⽤来启动 Pod 和容器等
- kubectl:⽤来与集群通信的命令⾏⼯具
shell
# 安装
yum install -y kubelet-1.26.0 kubeadm-1.26.0 kubectl-1.26.0
# 检查版本
[root@k8s-master hukanfa]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.0", GitCommit:"b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d", GitTreeState:"clean", BuildDate:"2022-12-08T19:57:06Z", GoVersion:"go1.19.4", Compiler:"gc", Platform:"linux/amd64"}
# 启动kubelet
[root@k8s-master hukanfa]# systemctl enable kubelet --now
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
# 这时候kubelet是起不来的,因为还要执行下面的初始化操作
systemctl status kubelet4.5.2 初始化
- 配置kubernetes镜像源为阿里云
shell
kubeadm init \
--apiserver-advertise-address=192.168.26.3 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.26.0 \
--service-cidr=10.9.0.0/16 \
--pod-network-cidr=10.8.0.0/16
# --apiserver-advertise-address 指定APIServer节点地址
# --image-repository 指定镜像获取仓库
# --kuernetes-version 指定k8s运⾏版本
# --service-cidr 指定service运⾏⽹段(内部负载均衡的⽹段)
# --pod-network-cidr 指定pod运⾏⽹段- 初始化成功将出现如下提示
shell
...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.26.3:6443 --token 0d8khw.iozdysywlz80qbgx \
--discovery-token-ca-cert-hash sha256:703975878fd456268499b4d34ef0e1553256bd3e79f3874f7b4789fd69fa2cf2- 初始化失败,重置操作
shell
# 重置
kubeadm reset
# 清理此目录下的文件
rm -rf /etc/kubernetes/manifests4.5.4 用户环境配置
- 为了普通用户也能操作k8s相关命令,需要做如下配置
- 普通用户本地环境,配完可以使用相关命令了
- 如果想使用全局配置,请看下面的操作
shell
# 普通用户操作
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 如果不配置下面的全局设置,root 用户也需要执行上述的命令- 配置全局环境变量(可选)
- 需要给普通用户授权 /etc/kubernetes/admin.conf
shell
# 编辑
sudo vi /etc/profile
...
# kubernetes config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 刷新
source /etc/profile
# 验证
[hukanfa@k8s-master ~]$ echo $KUBECONFIG
/etc/kubernetes/admin.conf
# 未授权,普通用户报权限不足
[hukanfa@k8s-master .kube]$ kubectl get cs
error: error loading config file "/etc/kubernetes/admin.conf": open /etc/kubernetes/admin.conf: permission denied
# 授权
[root@k8s-master hukanfa]# chown -R hukanfa:hukanfa /etc/kubernetes/admin.conf 4.5.5 确认组件运行状态
- 1.26 版本安装完后,关键组件的运行状态都是OK的
shell
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true","reason":""} 4.6 k8s-node端
4.6.1 安装集群工具
- 配置 yum 源
shell
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpmpackage-key.gpg
EOF- 安装工具
shell
yum install -y kubelet-1.26.0 kubeadm-1.26.0
# 启动
systemctl enable kubelet --now4.6.2 初始化
- master 初始化成功后会生成令牌,执行命令加入即可
shell
[root@k8s-node01 hukanfa]# kubeadm join 192.168.26.3:6443 --token 0d8khw.iozdysywlz80qbgx --discovery-token-ca-cert-hash sha256:703975878fd456268499b4d34ef0e1553256bd3e79f3874f7b4789fd69fa2cf2
...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.- 令牌有效期24小时,若过期可以在master节点生成新令牌命令
shell
#
# [root@k8s-master ~]# kubeadm token create --print-join-command4.6.3 查看节点就绪状态
- master 节点查看
shell
[hukanfa@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 22h v1.22.2
k8s-node01 Ready <none> 45m v1.22.2
k8s-node02 Ready <none> 46m v1.22.24.7 安装网络插件 flannel (二选一)
提示:安装网络插件前,建议先执行 k8s-node 端初始化等操作
- 在没安装网络插件之前,集群间节点网络是不可达的
shell
# 状态为 NotReady
[hukanfa@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane 81m v1.26.04.7.1 下载安装
- 线上下载
shell
#
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml- 网盘下载
shell
# 链接
https://pan.baidu.com/s/1q3rIjXJMIY-VytNlSYBFVA?pwd=zr99 - 修改配置
shell
# network 改为master初始化时配置的 --pod-network-cidr=10.8.0.0/16
vi kube-flannel.yml
net-conf.json: |
{
"Network": "10.8.0.0/16",
"Backend": {
"Type": "vxlan"
}
}- 安装
shell
[hukanfa@k8s-master ~]$ kubectl apply -f kube-flannel.yml
# 查看
[root@k8s-master hukanfa]# cd /run/flannel/
[root@k8s-master flannel]# ls
subnet.env
[root@k8s-master flannel]# cat subnet.env
FLANNEL_NETWORK=10.8.0.0/16
FLANNEL_SUBNET=10.8.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true4.7.2 创建状态查看
- 查看容器创建进度
shell
# 等待 coredns 容器创建
[hukanfa@k8s-master ~]$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5bbd96d687-k4gsp 0/1 Pending 0 99m
coredns-5bbd96d687-vnhlk 0/1 Pending 0 99m
# 查看详细
[hukanfa@k8s-master ~]$ kubectl describe pod coredns-5bbd96d687-2c8c5 -n kube-system- 查看网卡
shell
[root@k8s-master hukanfa]# ip a | grep flannel
5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
inet 10.8.0.0/32 scope global flannel.1- 查看节点状态
shell
[root@k8s-master hukanfa]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 19h v1.26.0
k8s-node01 Ready <none> 86m v1.26.0
k8s-node02 Ready <none> 78m v1.26.04.7.3 卸载flannel
shell
# 卸载(master)
kubectl delete -f kube-flannel.yml
# 停掉网卡
ifconfig flannel.1 down
# 删除ip link
ip link delete flannel.1
# 重启kubelet
systemctl restart kubelet
# 清理目录文件,先重启kubelet后才能删除掉 cni 目录
rm -rf /var/lib/cni/
rm -f /etc/cni/net.d/*
systemctl restart kubelet
# node节点额外步骤
ifconfig cni0 down
ip link delete cni0
systemctl restart kubelet
# 查看节点网络状态
[root@k8s-master hukanfa]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane 19h v1.26.0
k8s-node01 NotReady <none> 105m v1.26.0
k8s-node02 NotReady <none> 96m v1.26.0注意:网络插件安装后,node的状态需要一定时间才能变为ready。因为需要拉取镜像等过程
4.8 安装网络插件 calico (二选一)
4.8.1 下载安装
提示:安装网络插件前,建议先执行 k8s-node 端初始化等操作
- 下载地址
shell
# 在线地址
wget https://docs.projectcalico.org/manifests/calico.yaml
# 百度网盘地址
链接:https://pan.baidu.com/s/1gq02DmfhBwv28WMloDNRVw?pwd=0q3w - 修改配置
shell
vi calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
- name: CALICO_IPV4POOL_CIDR
value: "10.8.0.0/16"提示:其中IP为 kubeadm init 时候 pod-network-cidr 的IP
4.8.2 创建网络
- 当前环境采⽤FCalico模式
shell
[hukanfa@k8s-master ~]$ sudo kubectl apply -f calico.yaml- 查看容器运行状态
shell
[hukanfa@k8s-master ~]$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-68d86f8988-z6bx4 1/1 Running 0 176m
calico-node-vsqjb 1/1 Running 0 176m
calico-node-xlvxg 1/1 Running 0 43m
calico-node-z8dpk 1/1 Running 0 44m
coredns-7f6cbbb7b8-622gf 1/1 Running 0 21h
coredns-7f6cbbb7b8-ndtwj 1/1 Running 0 21h
# 节点网络就绪状态
[root@k8s-master hukanfa]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 3d17h v1.26.0
k8s-node01 Ready <none> 2d23h v1.26.0
k8s-node02 Ready <none> 2d23h v1.26.0注意:只需要再master节点安装网络插件即可,会自动发现注册进来的node
4.8.3 卸载calico
- 卸载calico网络插件
shell
# 删除对象(master执行)
[hukanfa@k8s-master ~]$ kubectl delete -f calico.yaml
poddisruptionbudget.policy "calico-kube-controllers" deleted
serviceaccount "calico-kube-controllers" deleted
serviceaccount "calico-node" deleted
...
# 停掉网卡,删除Tunl0。(master|node执行)
[hukanfa@k8s-master ~]$ ip addr
...
8: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 10.8.235.192/32 scope global tunl0
valid_lft forever preferred_lft forever
[root@k8s-master hukanfa]# modprobe -r ipip
# 重启kubelet(master|node执行)
systemctl restart kubelet
# 清理目录文件,先重启kubelet后才能删除掉 cni 目录(master|node执行)
rm -rf /var/lib/cni/
rm -f /etc/cni/net.d/*
systemctl restart kubelet
# 查看节点网络状态
[root@k8s-master lib]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 18h v1.22.25 kubectl命令自动补全
简介
kubectl 的 Bash 补全脚本可以用命令 kubectl completion bash 生成。 在 Shell 中导入(Sourcing)补全脚本,将启用 kubectl 自动补全功能。
然而,补全脚本依赖于工具 bash-completion, 所以要先安装它(可以用命令 type _init_completion 检查 bash-completion 是否已安装)。
5.1 安装 bash-completion
- 此工具主要实现 k8s 命令的自动补全功能
shell
# 官方说明地址
https://kubernetes.io/zh/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/
# 安装 bash-completion
yum install bash-completion -y
# 重新加载shell
source /usr/share/bash-completion/bash_completion
# 再输入命令 type _init_completion 来验证 bash-completion 的安装状态5.2 启用kubectl 自动补全功能
-
通过上一步骤,kubectl 补全脚本已经导入(sourced)到 Shell 会话中。
-
接下来通过以下两种方法
- 方法1,推荐使用全局设置
shell# 当前用户 echo 'source <(kubectl completion bash)' >>~/.bashrc # 全局设置 kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null- 方法2,如果 kubectl 有关联的别名,你可以扩展 Shell 补全来适配此别名:
shellecho 'alias k=kubectl' >>~/.bashrc echo 'complete -o default -F __start_kubectl k' >>~/.bashrc
说明:bash-completion 负责导入 /etc/bash_completion.d 目录中的所有补全脚本
5.3 使用自动补全
- 上述两种方式的效果相同。
- 重新加载 Shell 后,kubectl 自动补全功能即可生效。
- 若要在当前 Shell 会话中启用 Bash 补全功能,需要运行
exec bash命令 - 使用 Tab 键补全
shell
[hukanfa@k8s-master ~]$ exec bash
[hukanfa@k8s-master ~]$ kubectl get
apiservices.apiregistration.k8s.io ippools.crd.projectcalico.org
bgpconfigurations.crd.projectcalico.org ipreservations.crd.projectcalico.org
bgppeers.crd.projectcalico.org jobs.batch
...6 Ingress-nginx安装
- Ingress 是什么?
- Ingress 公开从集群外部到集群内服务的 HTTP 和HTTPS 路由。
- 流量路由由 Ingress 资源上定义的规则控制
- Ingress 可为 Service 提供外部可访问的 URL、负载均衡流量、终止 SSL/TLS,以及基于名称的虚拟托管
- lngress 控制器 通常负责通过负载均衡器来实现 ngress,尽管它也可以配置边缘路由器或其他前端来帮助处理流量。
6.1 下载yaml文件
-
方式1:官方提供yaml
- 受国内网络限制
shellkubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml -
方式2:从github下载
shell
https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/cloud/deploy.yaml- 方式3: 网盘
- 来源方式2,但是已经修改好的
shell
# 链接
https://pan.baidu.com/s/1xidq4qyiKpkiT9S33Y8x5w?pwd=wr2u 6.2 镜像准备
-
所需镜像如下,node节点下载
ube-webhook-certgen
shell# 下载 [hukanfa@k8s-node02 ~]$ crictl pull dyrnq/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 Image is up to date for sha256:057e08108889890dcd4bf6db63f2c72d24b0ddba549cafc2ea3ceea67599b990 # 修改tag , 因为deploy.yaml中要求的镜像前缀是 registry.k8s.io nerdctl tag dyrnq/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # 删除原镜像 nerdctl rmi dyrnq/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6ingress-nginx-controller
shell# 下载 [hukanfa@k8s-node02 ~]$ crictl pull dyrnq/ingress-nginx-controller:v1.5.1 Image is up to date for sha256:f2e1146a6d96ac8eebb251284f45f8569f5879c6ec894ae1335d26617d36af2d # 修改tag nerdctl tag dyrnq/ingress-nginx-controller:v1.5.1 registry.k8s.io/ingress-nginx/controller:v1.5.1 # 删除原镜像 nerdctl rmi dyrnq/ingress-nginx-controller:v1.5.1
6.3 修改deploy.yaml
-
修改为 1.6.2 对应的镜像版本信息
- 修改 controller
shellimage: registry.k8s.io/ingress-nginx/controller:v1.5.1- 修改 kube-webhook-certgen ,有2处
shellimage: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 -
修改他处
- 检索 LoadBalancer
shell# 修改为ClusterIP # type: LoadBalancer type: NodePort- 检索 Deployment
shell# ⽤DaemonSet确保每个节点都部署Ingress # kind: Deployment kind: DaemonSet- 检索 dnsPolicy
shell# 优先使⽤集群内的DNS解析服务 dnsPolicy: ClusterFirstWithHostNet # 将80和443监听在宿主机节点上(⾃⾏添加) hostNetwork: true # 节点选择器(选择哪些节点部署Ingress,默认所有) nodeSelector: # 如果节点有node-role=ingress 并且os=linux的标签,则在节点上运⾏Ingress Pod node-role: ingress
注:以上修改好的文件可直接下载,请看 1.6.1 网盘下载
6.4 部署和卸载
-
先为node节点打标签
- 标签:node-role: ingress
shell# 查看节点标签 [hukanfa@k8s-master ~]$ kubectl get node --show-labels # 打标签 [hukanfa@k8s-master ~]$ kubectl get node NAME STATUS ROLES AGE VERSION k8s-master Ready control-plane 13d v1.26.0 k8s-node01 Ready <none> 13d v1.26.0 k8s-node02 Ready <none> 13d v1.26.0 [hukanfa@k8s-master ~]$ kubectl label node k8s-node01 node-role=ingress [hukanfa@k8s-master ~]$ kubectl label node k8s-node02 node-role=ingress -
运行部署
shell
[hukanfa@k8s-master temp]$ kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
serviceaccount/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
configmap/ingress-nginx-controller created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
daemonset.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created-
验证部署结果
- 查看命名空间
shell# 多出来 ingress-nginx [hukanfa@k8s-master temp]$ kubectl get namespace NAME STATUS AGE default Active 13d ingress-nginx Active 5m48s kube-node-lease Active 13d kube-public Active 13d kube-system Active 13d- 检查 ingress-controller 状态
shell# 以下状态为正常 [hukanfa@k8s-master temp]$ kubectl get pod -n ingress-nginx -o wide | awk '{print $1,$2,$3,$6,$7}' NAME READY STATUS IP NODE ingress-nginx-admission-create-w5d6w 0/1 Completed 10.8.58.236 k8s-node02 ingress-nginx-admission-patch-p2whq 0/1 Completed 10.8.85.208 k8s-node01 ingress-nginx-controller-5bpsw 1/1 Running 192.168.26.2 k8s-node02 ingress-nginx-controller-xzrlg 1/1 Running 192.168.26.1 k8s-node01- 查看 service
shell[hukanfa@k8s-master temp]$ kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP PORT(S) AGE ingress-nginx-controller NodePort 10.9.244.17 80:30349/TCP,443:31256/TCP 26m ingress-nginx-controller-admission ClusterIP 10.9.222.249 443/TCP 26m -
卸载
shell
[hukanfa@k8s-master temp]$ kubectl delete -f deploy.yaml