k8s总结

作者: zwb_jianshu | 来源:发表于2019-07-27 16:02 被阅读0次

k8s容器编排

1:k8s集群的安装

1.1 k8s的架构

除了核心组件,还有一些推荐的Add-ons:

组件名称 说明
kube-dns 负责为整个集群提供DNS服务
Ingress Controller 为服务提供外网入口
Heapster 提供资源监控
Dashboard 提供GUI
Federation 提供跨可用区的集群
Fluentd-elasticsearch 提供集群日志采集、存储与查询

1.2:修改IP地址、主机和host解析

10.0.0.11 k8s-master  10.0.0.12 k8s-node-1  10.0.0.13 k8s-node-2

1.3:master节点安装etcd

yum install etcd -y

vim /etc/etcd/etcd.conf  
6行:ETCD_LISTEN_CLIENT_URLS="[http://0.0.0.0:2379](http://0.0.0.0:2379)"  
21行:ETCD_ADVERTISE_CLIENT_URLS="[http://10.0.0.11:2379](http://10.0.0.11:2379)"

systemctl start etcd.service  
systemctl enable etcd.service

etcdctl set testdir/testkey0 0  
etcdctl get testdir/testkey0

etcdctl -C [http://10.0.0.11:2379](http://10.0.0.11:2379) cluster-health

1.4:master节点安装kubernetes

yum install kubernetes-master.x86_64 -y

vim /etc/kubernetes/apiserver 
8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"  
11行:KUBE_API_PORT="--port=8080"  
17行:KUBE_ETCD_SERVERS="--etcd-servers=[http://10.0.0.11:2379](http://10.0.0.11:2379)"  
23行:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

vim /etc/kubernetes/config  
22行:KUBE_MASTER="--master=[http://10.0.0.11:8080](http://10.0.0.11:8080)"

systemctl enable kube-apiserver.service  
systemctl restart kube-apiserver.service  
systemctl enable kube-controller-manager.service  
systemctl restart kube-controller-manager.service  
systemctl enable kube-scheduler.service  
systemctl restart kube-scheduler.service

1.5:node节点安装kubernetes

yum install kubernetes-node.x86_64 -y

vim /etc/kubernetes/config 
22行:KUBE_MASTER="--master=[http://10.0.0.11:8080](http://10.0.0.11:8080)"

vim /etc/kubernetes/kubelet  
5行:KUBELET_ADDRESS="--address=0.0.0.0"  
8行:KUBELET_PORT="--port=10250"  
11行:KUBELET_HOSTNAME="--hostname-override=10.0.0.12"  
14行:KUBELET_API_SERVER="--api-servers=[http://10.0.0.11:8080](http://10.0.0.11:8080)"

systemctl enable kubelet.service  
systemctl start kubelet.service  
systemctl enable kube-proxy.service  
systemctl start kube-proxy.service

6:所有节点配置flannel网络

yum install flannel -y

sed -i 's#[http://127.0.0.1:2379#http://10.0.0.11:2379#g](http://127.0.0.1:2379#http://10.0.0.11:2379#g)' /etc/sysconfig/flanneld

master节点:  
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
yum install docker -y  
systemctl enable flanneld.service 
systemctl restart flanneld.service 
service docker restart  
systemctl restart kube-apiserver.service  
systemctl restart kube-controller-manager.service  
systemctl restart kube-scheduler.service

node节点:  
systemctl enable flanneld.service 
systemctl restart flanneld.service 
service docker restart  
systemctl restart kubelet.service  
systemctl restart kube-proxy.service

7:配置master为镜像仓库

#master节点  
vim /etc/sysconfig/docker  
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=[https://registry.docker-cn.com](https://registry.docker-cn.com) --insecure-registry=10.0.0.11:5000'
systemctl restart docker
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry

#node节点  
vim /etc/sysconfig/docker  
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'
systemctl restart docker

2:什么是k8s,k8s有什么功能?

k8s是一个docker集群的管理工具

2.1 k8s的核心功能

自愈: 重新启动失败的容器,在节点不可用时,替换和重新调度节点上的容器,对用户定义的健康检查不响应的容器会被中止,并且在容器准备好服务之前不会把其向客户端广播。

弹性伸缩: 通过监控容器的cpu的负载值,如果这个平均高于80%,增加容器的数量,如果这个平均低于10%,减少容器的数量

服务的自动发现和负载均衡: 不需要修改您的应用程序来使用不熟悉的服务发现机制,Kubernetes 为容器提供了自己的 IP 地址和一组容器的单个 DNS 名称,并可以在它们之间进行负载均衡。

滚动升级和一键回滚: Kubernetes 逐渐部署对应用程序或其配置的更改,同时监视应用程序运行状况,以确保它不会同时终止所有实例。 如果出现问题,Kubernetes会为您恢复更改,利用日益增长的部署解决方案的生态系统。

2.2 k8s的历史

2.3 k8s的安装

yum安装 1.5
源码编译安装---难度最大 可以安装最新版
二进制安装---步骤繁琐 可以安装最新版 shell,ansible,saltstack
kubeadm 安装最容易, 网络 可以安装最新版
minikube 适合开发人员体验k8s, 网络

2.4 k8s的应用场景

k8s最适合跑微服务项目!

3:k8s常用的资源

3.1 创建pod资源

k8s yaml的主要组成
apiVersion: v1  api版本
kind: pod   资源类型
metadata:   属性
spec:       详细

k8s_pod.yaml
apiVersion: v1
kind: Pod
metadata:
 name: nginx
 labels:
 app: web
spec:
 containers:
 - name: nginx
 image: 10.0.0.11:5000/nginx:1.13
 ports:
 - containerPort: 80

pod资源:至少由两个容器组成,pod基础容器和业务容器组成
pod是k8s最小的资源单位

3.2 ReplicationController资源

rc:保证指定数量的pod始终存活,rc通过标签选择器来关联pod
k8s资源的常见操作:  
kubectl create -f xxx.yaml  
kubectl get pod|rc  
kubectl describe pod nginx  
kubectl delete pod nginx 
或者
kubectl delete -f xxx.yaml  
kubectl edit pod nginx

创建一个rc
apiVersion: v1
kind: ReplicationController
metadata:
 name: nginx
spec:
 replicas: 5
 selector:
 app: myweb
 template:
 metadata:
 labels:
 app: myweb
 spec:
 containers:
 - name: myweb
 image: 10.0.0.11:5000/nginx:1.13
 ports:
 - containerPort: 80

rc的滚动升级  新建一个nginx-rc1.15.yaml
升级  kubectl rolling-update nginx -f nginx-rc1.15.yaml --update-period=10s
回滚  kubectl rolling-update nginx2 -f nginx-rc.yaml --update-period=1s

3.3 service资源

service帮助pod暴露端口
创建一个service
apiVersion: v1
kind: Service
metadata:
 name: myweb
spec:
 type: NodePort
 ports:
 - port: 80
 nodePort: 30000
 targetPort: 80
 selector:
 app: myweb2

修改nodePort范围
vim  /etc/kubernetes/apiserver
KUBE_API_ARGS="--service-node-port-range=3000-50000"
service默认使用iptables来实现负载均衡,新版本中推荐使用lvs(四层负载均衡)

3.4 deployment资源

有rc在滚动升级之后,会造成服务访问中断,于是k8s引入了deployment资源
创建deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
 name: nginx-deployment
spec:
 replicas: 3
 template:
 metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: 10.0.0.11:5000/nginx:1.13
 ports:
 - containerPort: 80
 resources:
 limits:
 cpu: 100m
 requests:
 cpu: 100m

deployment升级和回滚
命令行创建deployment
kubectl run nginx --image=10.0.0.11:5000/nginx:1.13 --replicas=3 --record
命令行升级版本
kubectl set image deploy nginx nginx=10.0.0.11:5000/nginx:1.15
查看deployment所有历史版本
kubectl rollout history deployment nginx
deployment回滚到上一个版本
kubectl rollout undo deployment nginx
deployment回滚到指定版本
kubectl rollout undo deployment nginx --to-revision=2

3.5 tomcat+mysql练习

在k8s中容器之间相互访问,通过VIP地址!

4:k8s的附加组件

4.1 dns服务

安装dns服务
1:下载dns_docker镜像包
wget [http://192.168.21.201/docker_k8s_dns.tar.gz](http://192.168.21.201/docker_k8s_dns.tar.gz)
2:导入dns_docker镜像包(node2节点)
3:修改skydns-rc.yaml
spec:
 nodeSelector:
 kubernetes.io/hostname: k8s-node-2
 containers: 
4:创建dns服务
kubectl create -f skydns-rc.yaml
5:检查
kubectl get all --namespace=kube-system
6:修改所有node节点kubelet的配置文件
vim /etc/kubernetes/kubelet
KUBELET_ARGS="--cluster_dns=10.254.230.254 --cluster_domain=cluster.local"
systemctl restart kubelet

4.2 namespace命令空间

namespace做资源隔离

4.3 dashboard服务

1:上传并导入镜像,打标签
2:创建dashborad的deployment和service
3:访问[http://10.0.0.11:8080/ui/](http://10.0.0.11:8080/ui/)

5: k8s弹性伸缩

k8s弹性伸缩,需要附加插件heapster监控

5.1 安装heapster监控

1:上传并导入镜像,打标签
ls *.tar.gz 
for n in `ls *.tar.gz`;do docker load -i $n ;done  
docker tag docker.io/kubernetes/heapster_grafana:v2.6.0 10.0.0.11:5000/heapster_grafana:v2.6.0  
docker tag docker.io/kubernetes/heapster_influxdb:v0.5 10.0.0.11:5000/heapster_influxdb:v0.5  
docker tag docker.io/kubernetes/heapster:canary 10.0.0.11:5000/heapster:canary
2:上传配置文件,kubectl create -f .
3:打开dashboard验证

5.2 弹性伸缩

1:修改rc的配置文件
containers:
 - name: myweb
 image: 10.0.0.11:5000/nginx:1.13
 ports:
 - containerPort: 80
 resources:
 limits:
 cpu: 100m
 requests:
 cpu: 100m
2:创建弹性伸缩规则
kubectl autoscale -n qiangge replicationcontroller myweb --max=8 --min=1 --cpu-percent=8
3:测试
ab -n 1000000 -c 40 [http://172.16.28.6/index.html](http://172.16.28.6/index.html)
扩容截图
缩容:

6:持久化存储

pv: persistent volume
pvc: persistent volume claim

6.1:安装nfs服务端(10.0.0.11)

yum install nfs-utils.x86_64 -y
mkdir /data
vim /etc/exports
/data  10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
systemctl start rpcbind
systemctl start nfs

6.2:在node节点安装nfs客户端

yum install nfs-utils.x86_64 -y
showmount -e 10.0.0.11

6.3:创建pv和pvc

上传yaml配置文件,创建pv和pvc

6.4:创建mysql-rc,pod模板里使用volume

volumeMounts:
 - name: mysql
 mountPath: /var/lib/mysql
 volumes:
 - name: mysql
 persistentVolumeClaim:
 claimName: tomcat-mysql

6.5: 验证持久化

验证方法1:删除mysql的pod,数据库不丢
kubectl delete pod mysql-gt054
验证方法2:查看nfs服务端,是否有mysql的数据文件

7:与jenkins集成实现ci/cd

ip地址 服务 内存
10.0.0.11 kube-apiserver 8080 1G
10.0.0.12 jenkins(tomcat + jdk) 8080 1G
10.0.0.13 gitlab 8080,80 2G

7.1: 安装gitlab并上传代码

#a:安装
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm
yum localinstall gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm -y
#b:配置
vim /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.13'
prometheus_monitoring['enable'] = false
#c:应用并启动服务
gitlab-ctl reconfigure
#使用浏览器访问http://10.0.0.13,修改root用户密码,创建project
#上传代码到git仓库
cd /srv/
rz -E
unzip xiaoniaofeifei.zip 
rm -fr xiaoniaofeifei.zip 
​
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
git init
git remote add origin http://10.0.0.13/root/xiaoniao.git
git add .
git commit -m "Initial commit"
git push -u origin master

7.2 安装jenkins,并自动构建docker镜像

1:安装jenkins

cd /opt/
rz -E
rpm -ivh jdk-8u102-linux-x64.rpm 
mkdir /app
tar xf apache-tomcat-8.0.27.tar.gz -C /app
rm -fr /app/apache-tomcat-8.0.27/webapps/*
mv jenkins.war /app/apache-tomcat-8.0.27/webapps/ROOT.war
tar xf jenkin-data.tar.gz -C /root
/app/apache-tomcat-8.0.27/bin/startup.sh 
netstat -lntup

2:访问jenkins

访问[http://10.0.0.12:8080/,](http://10.0.0.12:8080/,)默认账号密码admin:123456

3:配置jenkins拉取gitlab代码凭据

a:在jenkins上生成秘钥对
ssh-keygen -t rsa
b:复制公钥粘贴gitlab上
c:jenkins上创建全局凭据

4:拉取代码测试

5:编写dockerfile并测试

#vim dockerfile
FROM 10.0.0.11:5000/nginx:1.13
add .  /usr/share/nginx/html
#添加docker build构建时不add的文件  vim .dockerignore  dockerfile
docker build -t xiaoniao:v1 .  docker run -d -p 88:80 xiaoniao:v1
打开浏览器测试访问xiaoniaofeifei的项目

6:上传dockerfile和.dockerignore到私有仓库

git add docker .dockerignore  git commit -m "fisrt commit"  git push -u origin master

7:点击jenkins立即构建,自动构建docker镜像并上传到私有仓库

修改jenkins 工程配置
docker build -t 10.0.0.11:5000/test:v$BUILD_ID .  docker push 10.0.0.11:5000/test:v$BUILD_ID

7.3 jenkins自动部署应用到k8s

kubectl -s 10.0.0.11:8080 get nodes
if [ -f /tmp/xiaoniao.lock ];then
 docker  build  -t  10.0.0.11:5000/xiaoniao:v$BUILD_ID  .
 docker  push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
 kubectl -s 10.0.0.11:8080 set image  -n xiaoniao deploy xiaoniao xiaoniao=10.0.0.11:5000/xiaoniao:v$BUILD_ID
 echo "更新成功"
else
 docker  build  -t  10.0.0.11:5000/xiaoniao:v$BUILD_ID  .
 docker  push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
 kubectl  -s 10.0.0.11:8080  create  namespace  xiaoniao
 kubectl  -s 10.0.0.11:8080  run   xiaoniao  -n xiaoniao  --image=10.0.0.11:5000/xiaoniao:v$BUILD_ID --replicas=3 --record
 kubectl  -s 10.0.0.11:8080   expose -n xiaoniao deployment xiaoniao --port=80 --type=NodePort
 port=`kubectl -s 10.0.0.11:8080  get svc -n xiaoniao|grep -oP '(?<=80:)\d+'`
 echo "你的项目地址访问是http://10.0.0.13:$port"
 touch /tmp/xiaoniao.lock
fi

jenkins一键回滚
kubectl -s 10.0.0.11:8080 rollout undo -n xiaoniao deployment xiaoniao

相关文章

网友评论

      本文标题:k8s总结

      本文链接:https://www.haomeiwen.com/subject/rgjerctx.html