9.12 k8s
calico的部署
# ls
anaconda-ks.cfg k8s-ha-install kubeadm-config.yaml new.yaml token
# 切换 git 分⽀
[root@k8s-master ~]# cd k8s-ha-install/
[root@k8s-master k8s-ha-install]# git checkout manual-installation-v1.28.x && cd calico/
分支 manual-installation-v1.28.x 设置为跟踪来自 origin 的远程分支 manual-installation-v1.28.x。
切换到一个新分支 'manual-installation-v1.28.x'
[root@k8s-master calico]# ls
calico.yaml
[root@k8s-master calico]# pwd
/root/k8s-ha-install/calico
[root@k8s-master calico]# cat ~/new.yaml | grep Sub
podSubnet: 172.16.0.0/16
serviceSubnet: 10.96.0.0/16
[root@k8s-master calico]# vim calico.yaml
•
# 修改配置文件,将文件中的POD_CIDR替换成172.16.0.0/16
4801 value: "172.16.0.0/16"
•
[root@k8s-master calico]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6554b8b87f-m5wnb 0/1 Pending 0 94m
kube-system coredns-6554b8b87f-zz9cb 0/1 Pending 0 94m
kube-system etcd-k8s-master 1/1 Running 0 94m
kube-system kube-apiserver-k8s-master 1/1 Running 0 94m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 94m
kube-system kube-proxy-gtt6v 1/1 Running 0 94m
kube-system kube-proxy-snr8v 1/1 Running 0 59m
kube-system kube-proxy-z5hrs 1/1 Running 0 59m
kube-system kube-scheduler-k8s-master 1/1 Running 0 94m
•
# 创建pod
[root@k8s-master calico]# kubectl apply -f calico.yaml
•
# 查看日志
[root@k8s-master calico]# kubectl logs calico-node-9jp9m -n kube-system
•
# 出现问题就去节点查看日志
[root@k8s-node01 ~]# vim /var/log/messages
更新并重新启动,三台机器
# yum -y update
# reboot
查看容器和节点状态就差不多好了
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 19h v1.28.2
node1 Ready <none> 19h v1.28.2
node2 Ready <none> 19h v1.28.2
# kubectl get po -A
NAMESPACE NAME READY ST
kube-system calico-kube-controllers-6d48795585-hm9q7 1/1 Ru
kube-system calico-node-jcg6z 1/1 Ru
kube-system calico-node-kpjnw 1/1 Ru
kube-system calico-node-wkkcb 1/1 Ru
kube-system coredns-6554b8b87f-5lt5x 1/1 Ru
kube-system coredns-6554b8b87f-dqx6t 1/1 Ru
kube-system etcd-master 1/1 Ru
kube-system kube-apiserver-master 1/1 Ru
kube-system kube-controller-manager-master 1/1 Ru
kube-system kube-proxy-5rwvt 1/1 Ru
kube-system kube-proxy-5x555 1/1 Ru
kube-system kube-proxy-g79tw 1/1 Ru
kube-system kube-scheduler-master 1/1
创建节点
# 添加一个新的pod
[root@k8s-master calico]# kubectl run nginx0 --image=nginx
pod/nginx0 created
•
[root@k8s-master calico]# kubectl get po -Aowide|grep nginx
•
# 查看日志
[root@k8s-master calico]# kubectl logs nginx0
Error from server (BadRequest): container "nginx0" in pod "nginx0" is waiting to start: trying and failing to pull image
删除节点
[root@k8s-master calico]# kubectl delete pod nginx0
pod "nginx0" deleted
[root@k8s-master calico]# kubectl get po -Aowide|grep nginx
Metrics 部署
复制证书到所有节点
# scp /etc/kubernetes/pki/front-proxy-ca.crt node1:/etc/kubernetes
The authenticity of host 'node1 (192.168.1.12)' can't be establishe
ECDSA key fingerprint is SHA256:donghBpnwWMN6JmjNdCNwYJP179r2qC20tk
ECDSA key fingerprint is MD5:ec:83:ce:f2:5b:6c:ee:2a:04:80:86:48:ad
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1' (ECDSA) to the list of known hos
front-proxy-ca.crt
您在 /var/spool/mail/root 中有新邮件
# scp /etc/kubernetes/pki/front-proxy-ca.crt node2:
The authenticity of host 'node2 (192.168.1.13)' can't be establishe
ECDSA key fingerprint is SHA256:donghBpnwWMN6JmjNdCNwYJP179r2qC20tk
ECDSA key fingerprint is MD5:ec:83:ce:f2:5b:6c:ee:2a:04:80:86:48:ad
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (ECDSA) to the list of known hos
front-proxy-ca.crt
安装metrics server
[root@k8s-master ~]# ls components.yaml
components.yaml
[root@k8s-master ~]# mkdir pods
[root@k8s-master ~]# mv components.yaml pods/
[root@k8s-master ~]# cd pods/
[root@k8s-master pods]# ls
components.yaml
[root@k8s-master pods]# cat components.yaml | wc -l
202
•
# 添加metric server的pod资源
[root@k8s-master pods]# kubectl create -f components.yaml
•
# 在kube-system命名空间下查看metrics server的pod运⾏状态
[root@k8s-master pods]# kubectl get po -A|grep metrics
kube-system metrics-server-79776b6d54-dmwk6 1/1 Running 0 2m26s
查看节点资源监控
# 查看node节点的系统资源使⽤情况
[root@k8s-master pods]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master 151m 7% 1099Mi 63%
k8s-node01 40m 4% 467Mi 53%
k8s-node02 39m 3% 483Mi 55%
[root@k8s-master pods]# kubectl top pods -A
搭建dashboard
1、安装dashboard
--cd /root/k8s-ha-install/dashboard
--ls
dashboard-user.yaml dashboard.yaml
--kubectl create -f .
2、设置svc模式
--kubectl edit svc kubernets-dashboard -n kubernets-dashboard
..
type:NodePort
..
--kubectl get svc kubernets-dashboard -n
浏览器访问
3、获得token
--kubectl create token admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6ImhvcW5UMVFUQzhtamNrcHEyWnFVV3R0aGMtTFRfOF9GeEFOdVVOeS11c2MifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzI2MTI1Mjk5LCJpYXQiOjE3MjYxMjE2OTksImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiYzJlYWI4ZTgtYTMyMC00NTI4LTgyOGYtMzk5NmNmZjkxODU1In19LCJuYmYiOjE3MjYxMjE2OTksInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbi11c2VyIn0.NpPA6L4XeXIDIZbm8aPVYYXLDSwEZvjhaz_urNbW-12y9CqHc4h66PDOhUPr1v0qqIXPOHA9jHF25EwGDk3QtNmtV5-MR8Te-n7rV-K_oM1QZNFvsQiit9nFlbvu7FuxxkyY_YjfW1IhWf1KuEsln_XOHGRHTMwxKN8xKUqFNjZTAc8UMKTp0hLEsf9Mi0oxxfHnd93tjxjyDhUDGxdFZOd2YNZGA-EWaPMuRcc5PdW3-5FIXUK12HZB7XT-X7R8uxhpboZuoO60Rxh-HPcz_mhNElAr0pDlzBcQeISVbqS5RaAtnKKuNEF5oouCifcMwCvtD137Hsuysn3379vZQg
添加更新
--kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"
date +'%s'
\"}}}}}" -n kube-system
访问测试
--curl 127.0.0.1:10249/proxyModeipvs
验证节点
--kubectl get nodeNAME STATUS ROLES AGE VERSIONmaster Ready control-plane 23h v1.28.2node1 Ready <none> 22h v1.28.2node2 Ready <none> 22h v1.28.2
查看服务的网段
--kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h
查看service pod宿主机的网段
--kubectl get svc
--kubectl get po -Aowide
测试创建参数
--kubectl create deploy cluster-test --image=registry.cn-beijing.aliyuncs.com/dotbalo/debug-tools -- sleep=3066
访问dnds443端口何53端口
--curl -k https:10.96.0.1:443
--curl http://10.96.0.10:53
#测试创建参数
[root@master ~]# kubectl create deploy cluster-test1 --image=registry.cn-beijing.aliyuncs.com/dotbalo/debug-tools -- sleep 3600
deployment.apps/cluster-test1 created
您在 /var/spool/mail/root 中有新邮件
[root@master ~]# kubectl get po -A|grep cluster-test1
default cluster-test1-54575cf56c-92grp 1/1 Running 0 7s
#进入创建的节点中
[root@master ~]# kubectl exec -it cluster-test1-54575cf56c-92grp -- bash
(07:29 cluster-test1-54575cf56c-92grp:/) ifconfig
eth0 Link encap:Ethernet HWaddr f6:21:45:f6:45:29
inet addr:172.16.104.8 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: fe80::f421:45ff:fef6:4529/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1480 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:446 (446.0 B) TX bytes:656 (656.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
(1 07:29 cluster-test1-54575cf56c-92grp:/) nslookup kubernetes
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
(07:30 cluster-test1-54575cf56c-92grp:/) nslookup kube-dns.kube-system
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kube-dns.kube-system.svc.cluster.local
Address: 10.96.0.10
(07:30 cluster-test1-54575cf56c-92grp:/) exit
exit
您在 /var/spool/mail/root 中有新邮件
#访问dns的443端口和53端口
[root@master ~]# curl -k https://10.96.0.1:443
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
[root@master ~]# curl http://10.96.0.10:53
curl: (52) Empty reply from server
kubernetes自动补齐
常用指令
1、自动补齐
--yum -y install bash-completion //安装自动补齐
--source <(kubectl completion bash)
创建节点 [root@k8s-master ~]# kubectl run nginx1 --image nginx pod/nginx1 created [root@k8s-master ~]# kubectl get po -A 删除节点
[root@k8s-master ~]# kubectl delete pod nginx1 pod "nginx1" deleted
--echo "source <(kubectl completion bash)" >>~/.bashrc //设置开机自启
2、基础指令
# 删除节点
[root@k8s-master ~]# kubectl delete pod cluster-test-64b7b9cbf-jjmmh
pod "cluster-test-64b7b9cbf-jjmmh" deleted
•
# 节点还在
[root@k8s-master ~]# kubectl get po -A|grep cluster-test
default cluster-test-64b7b9cbf-dnn2m 0/1 ContainerCreating 0 20s
default cluster-test0-58689d5d5d-qr4mv 1/1 Running 0 34m
•
# 使用deployment删除
[root@k8s-master ~]# kubectl delete deployment cluster-test
deployment.apps "cluster-test" deleted
•
# 已删除
[root@k8s-master ~]# kubectl get po -A|grep cluster-test
编写yaml文件-创建节点
# vim pods/abc.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox-sleep
spec:
containers:
- name: busybox
image: busybox:1.28
args:
- sleep
- "1000"
[root@k8s-master ~]# cd pods/
[root@k8s-master pods]# ls
abc.yaml components.yaml
[root@k8s-master pods]# kubectl create -f abc.yaml
[root@k8s-master pods]# kubectl create -f abc.yaml
pod/busybox-sleep created
[root@k8s-master pods]# kubectl get po -A|grep busybox-sleep
default busybox-sleep 1/1 Running 0 3s
[root@k8s-master pods]# kubectl delete pod busybox-sleep
pod "busybox-sleep" deleted
[root@k8s-master pods]# kubectl get po -A|grep busy
编写json文件
vim pods/abc.json
{
"apiVersion":"v1",
"kind":"Pod",
"metadata":{
"name":"busybox-sleep000"
},
"spec":{
"containers":[
{
"name":"busybox000",
"image":"busybox:1.28",
"args":[
"sleep",
"1000"
]
}
]
}
}