k8s总结

作者: zwb_jianshu | 来源:发表于2019-07-27 16:02 被阅读0次

    k8s容器编排

    1:k8s集群的安装

    1.1 k8s的架构

    除了核心组件,还有一些推荐的Add-ons:

    组件名称 说明
    kube-dns 负责为整个集群提供DNS服务
    Ingress Controller 为服务提供外网入口
    Heapster 提供资源监控
    Dashboard 提供GUI
    Federation 提供跨可用区的集群
    Fluentd-elasticsearch 提供集群日志采集、存储与查询

    1.2:修改IP地址、主机和host解析

    10.0.0.11 k8s-master  10.0.0.12 k8s-node-1  10.0.0.13 k8s-node-2
    

    1.3:master节点安装etcd

    yum install etcd -y
    
    vim /etc/etcd/etcd.conf  
    6行:ETCD_LISTEN_CLIENT_URLS="[http://0.0.0.0:2379](http://0.0.0.0:2379)"  
    21行:ETCD_ADVERTISE_CLIENT_URLS="[http://10.0.0.11:2379](http://10.0.0.11:2379)"
    
    systemctl start etcd.service  
    systemctl enable etcd.service
    
    etcdctl set testdir/testkey0 0  
    etcdctl get testdir/testkey0
    
    etcdctl -C [http://10.0.0.11:2379](http://10.0.0.11:2379) cluster-health
    

    1.4:master节点安装kubernetes

    yum install kubernetes-master.x86_64 -y
    
    vim /etc/kubernetes/apiserver 
    8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"  
    11行:KUBE_API_PORT="--port=8080"  
    17行:KUBE_ETCD_SERVERS="--etcd-servers=[http://10.0.0.11:2379](http://10.0.0.11:2379)"  
    23行:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
    
    vim /etc/kubernetes/config  
    22行:KUBE_MASTER="--master=[http://10.0.0.11:8080](http://10.0.0.11:8080)"
    
    systemctl enable kube-apiserver.service  
    systemctl restart kube-apiserver.service  
    systemctl enable kube-controller-manager.service  
    systemctl restart kube-controller-manager.service  
    systemctl enable kube-scheduler.service  
    systemctl restart kube-scheduler.service
    

    1.5:node节点安装kubernetes

    yum install kubernetes-node.x86_64 -y
    
    vim /etc/kubernetes/config 
    22行:KUBE_MASTER="--master=[http://10.0.0.11:8080](http://10.0.0.11:8080)"
    
    vim /etc/kubernetes/kubelet  
    5行:KUBELET_ADDRESS="--address=0.0.0.0"  
    8行:KUBELET_PORT="--port=10250"  
    11行:KUBELET_HOSTNAME="--hostname-override=10.0.0.12"  
    14行:KUBELET_API_SERVER="--api-servers=[http://10.0.0.11:8080](http://10.0.0.11:8080)"
    
    systemctl enable kubelet.service  
    systemctl start kubelet.service  
    systemctl enable kube-proxy.service  
    systemctl start kube-proxy.service
    

    6:所有节点配置flannel网络

    yum install flannel -y
    
    sed -i 's#[http://127.0.0.1:2379#http://10.0.0.11:2379#g](http://127.0.0.1:2379#http://10.0.0.11:2379#g)' /etc/sysconfig/flanneld
    
    master节点:  
    etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
    yum install docker -y  
    systemctl enable flanneld.service 
    systemctl restart flanneld.service 
    service docker restart  
    systemctl restart kube-apiserver.service  
    systemctl restart kube-controller-manager.service  
    systemctl restart kube-scheduler.service
    
    node节点:  
    systemctl enable flanneld.service 
    systemctl restart flanneld.service 
    service docker restart  
    systemctl restart kubelet.service  
    systemctl restart kube-proxy.service
    

    7:配置master为镜像仓库

    #master节点  
    vim /etc/sysconfig/docker  
    OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=[https://registry.docker-cn.com](https://registry.docker-cn.com) --insecure-registry=10.0.0.11:5000'
    systemctl restart docker
    docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
    
    #node节点  
    vim /etc/sysconfig/docker  
    OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'
    systemctl restart docker
    

    2:什么是k8s,k8s有什么功能?

    k8s是一个docker集群的管理工具
    

    2.1 k8s的核心功能

    自愈: 重新启动失败的容器,在节点不可用时,替换和重新调度节点上的容器,对用户定义的健康检查不响应的容器会被中止,并且在容器准备好服务之前不会把其向客户端广播。
    
    弹性伸缩: 通过监控容器的cpu的负载值,如果这个平均高于80%,增加容器的数量,如果这个平均低于10%,减少容器的数量
    
    服务的自动发现和负载均衡: 不需要修改您的应用程序来使用不熟悉的服务发现机制,Kubernetes 为容器提供了自己的 IP 地址和一组容器的单个 DNS 名称,并可以在它们之间进行负载均衡。
    
    滚动升级和一键回滚: Kubernetes 逐渐部署对应用程序或其配置的更改,同时监视应用程序运行状况,以确保它不会同时终止所有实例。 如果出现问题,Kubernetes会为您恢复更改,利用日益增长的部署解决方案的生态系统。
    

    2.2 k8s的历史

    2.3 k8s的安装

    yum安装 1.5
    源码编译安装---难度最大 可以安装最新版
    二进制安装---步骤繁琐 可以安装最新版 shell,ansible,saltstack
    kubeadm 安装最容易, 网络 可以安装最新版
    minikube 适合开发人员体验k8s, 网络
    

    2.4 k8s的应用场景

    k8s最适合跑微服务项目!
    

    3:k8s常用的资源

    3.1 创建pod资源

    k8s yaml的主要组成
    apiVersion: v1  api版本
    kind: pod   资源类型
    metadata:   属性
    spec:       详细
    
    k8s_pod.yaml
    apiVersion: v1
    kind: Pod
    metadata:
     name: nginx
     labels:
     app: web
    spec:
     containers:
     - name: nginx
     image: 10.0.0.11:5000/nginx:1.13
     ports:
     - containerPort: 80
    
    pod资源:至少由两个容器组成,pod基础容器和业务容器组成
    pod是k8s最小的资源单位
    

    3.2 ReplicationController资源

    rc:保证指定数量的pod始终存活,rc通过标签选择器来关联pod
    k8s资源的常见操作:  
    kubectl create -f xxx.yaml  
    kubectl get pod|rc  
    kubectl describe pod nginx  
    kubectl delete pod nginx 
    或者
    kubectl delete -f xxx.yaml  
    kubectl edit pod nginx
    
    创建一个rc
    apiVersion: v1
    kind: ReplicationController
    metadata:
     name: nginx
    spec:
     replicas: 5
     selector:
     app: myweb
     template:
     metadata:
     labels:
     app: myweb
     spec:
     containers:
     - name: myweb
     image: 10.0.0.11:5000/nginx:1.13
     ports:
     - containerPort: 80
    
    rc的滚动升级  新建一个nginx-rc1.15.yaml
    升级  kubectl rolling-update nginx -f nginx-rc1.15.yaml --update-period=10s
    回滚  kubectl rolling-update nginx2 -f nginx-rc.yaml --update-period=1s
    

    3.3 service资源

    service帮助pod暴露端口
    创建一个service
    apiVersion: v1
    kind: Service
    metadata:
     name: myweb
    spec:
     type: NodePort
     ports:
     - port: 80
     nodePort: 30000
     targetPort: 80
     selector:
     app: myweb2
    
    修改nodePort范围
    vim  /etc/kubernetes/apiserver
    KUBE_API_ARGS="--service-node-port-range=3000-50000"
    service默认使用iptables来实现负载均衡,新版本中推荐使用lvs(四层负载均衡)
    

    3.4 deployment资源

    有rc在滚动升级之后,会造成服务访问中断,于是k8s引入了deployment资源
    创建deployment
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
     name: nginx-deployment
    spec:
     replicas: 3
     template:
     metadata:
     labels:
     app: nginx
     spec:
     containers:
     - name: nginx
     image: 10.0.0.11:5000/nginx:1.13
     ports:
     - containerPort: 80
     resources:
     limits:
     cpu: 100m
     requests:
     cpu: 100m
    
    deployment升级和回滚
    命令行创建deployment
    kubectl run nginx --image=10.0.0.11:5000/nginx:1.13 --replicas=3 --record
    命令行升级版本
    kubectl set image deploy nginx nginx=10.0.0.11:5000/nginx:1.15
    查看deployment所有历史版本
    kubectl rollout history deployment nginx
    deployment回滚到上一个版本
    kubectl rollout undo deployment nginx
    deployment回滚到指定版本
    kubectl rollout undo deployment nginx --to-revision=2
    

    3.5 tomcat+mysql练习

    在k8s中容器之间相互访问,通过VIP地址!
    

    4:k8s的附加组件

    4.1 dns服务

    安装dns服务
    1:下载dns_docker镜像包
    wget [http://192.168.21.201/docker_k8s_dns.tar.gz](http://192.168.21.201/docker_k8s_dns.tar.gz)
    2:导入dns_docker镜像包(node2节点)
    3:修改skydns-rc.yaml
    spec:
     nodeSelector:
     kubernetes.io/hostname: k8s-node-2
     containers: 
    4:创建dns服务
    kubectl create -f skydns-rc.yaml
    5:检查
    kubectl get all --namespace=kube-system
    6:修改所有node节点kubelet的配置文件
    vim /etc/kubernetes/kubelet
    KUBELET_ARGS="--cluster_dns=10.254.230.254 --cluster_domain=cluster.local"
    systemctl restart kubelet
    

    4.2 namespace命令空间

    namespace做资源隔离
    

    4.3 dashboard服务

    1:上传并导入镜像,打标签
    2:创建dashborad的deployment和service
    3:访问[http://10.0.0.11:8080/ui/](http://10.0.0.11:8080/ui/)
    

    5: k8s弹性伸缩

    k8s弹性伸缩,需要附加插件heapster监控
    

    5.1 安装heapster监控

    1:上传并导入镜像,打标签
    ls *.tar.gz 
    for n in `ls *.tar.gz`;do docker load -i $n ;done  
    docker tag docker.io/kubernetes/heapster_grafana:v2.6.0 10.0.0.11:5000/heapster_grafana:v2.6.0  
    docker tag docker.io/kubernetes/heapster_influxdb:v0.5 10.0.0.11:5000/heapster_influxdb:v0.5  
    docker tag docker.io/kubernetes/heapster:canary 10.0.0.11:5000/heapster:canary
    2:上传配置文件,kubectl create -f .
    3:打开dashboard验证
    

    5.2 弹性伸缩

    1:修改rc的配置文件
    containers:
     - name: myweb
     image: 10.0.0.11:5000/nginx:1.13
     ports:
     - containerPort: 80
     resources:
     limits:
     cpu: 100m
     requests:
     cpu: 100m
    2:创建弹性伸缩规则
    kubectl autoscale -n qiangge replicationcontroller myweb --max=8 --min=1 --cpu-percent=8
    3:测试
    ab -n 1000000 -c 40 [http://172.16.28.6/index.html](http://172.16.28.6/index.html)
    扩容截图
    缩容:
    

    6:持久化存储

    pv: persistent volume
    pvc: persistent volume claim
    

    6.1:安装nfs服务端(10.0.0.11)

    yum install nfs-utils.x86_64 -y
    mkdir /data
    vim /etc/exports
    /data  10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
    systemctl start rpcbind
    systemctl start nfs
    

    6.2:在node节点安装nfs客户端

    yum install nfs-utils.x86_64 -y
    showmount -e 10.0.0.11
    

    6.3:创建pv和pvc

    上传yaml配置文件,创建pv和pvc
    

    6.4:创建mysql-rc,pod模板里使用volume

    volumeMounts:
     - name: mysql
     mountPath: /var/lib/mysql
     volumes:
     - name: mysql
     persistentVolumeClaim:
     claimName: tomcat-mysql
    

    6.5: 验证持久化

    验证方法1:删除mysql的pod,数据库不丢
    kubectl delete pod mysql-gt054
    验证方法2:查看nfs服务端,是否有mysql的数据文件
    

    7:与jenkins集成实现ci/cd

    ip地址 服务 内存
    10.0.0.11 kube-apiserver 8080 1G
    10.0.0.12 jenkins(tomcat + jdk) 8080 1G
    10.0.0.13 gitlab 8080,80 2G

    7.1: 安装gitlab并上传代码

    #a:安装
    wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm
    yum localinstall gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm -y
    #b:配置
    vim /etc/gitlab/gitlab.rb
    external_url 'http://10.0.0.13'
    prometheus_monitoring['enable'] = false
    #c:应用并启动服务
    gitlab-ctl reconfigure
    #使用浏览器访问http://10.0.0.13,修改root用户密码,创建project
    #上传代码到git仓库
    cd /srv/
    rz -E
    unzip xiaoniaofeifei.zip 
    rm -fr xiaoniaofeifei.zip 
    ​
    git config --global user.name "Administrator"
    git config --global user.email "admin@example.com"
    git init
    git remote add origin http://10.0.0.13/root/xiaoniao.git
    git add .
    git commit -m "Initial commit"
    git push -u origin master
    

    7.2 安装jenkins,并自动构建docker镜像

    1:安装jenkins

    cd /opt/
    rz -E
    rpm -ivh jdk-8u102-linux-x64.rpm 
    mkdir /app
    tar xf apache-tomcat-8.0.27.tar.gz -C /app
    rm -fr /app/apache-tomcat-8.0.27/webapps/*
    mv jenkins.war /app/apache-tomcat-8.0.27/webapps/ROOT.war
    tar xf jenkin-data.tar.gz -C /root
    /app/apache-tomcat-8.0.27/bin/startup.sh 
    netstat -lntup
    

    2:访问jenkins

    访问[http://10.0.0.12:8080/,](http://10.0.0.12:8080/,)默认账号密码admin:123456
    

    3:配置jenkins拉取gitlab代码凭据

    a:在jenkins上生成秘钥对
    ssh-keygen -t rsa
    b:复制公钥粘贴gitlab上
    c:jenkins上创建全局凭据
    

    4:拉取代码测试

    5:编写dockerfile并测试

    #vim dockerfile
    FROM 10.0.0.11:5000/nginx:1.13
    add .  /usr/share/nginx/html
    #添加docker build构建时不add的文件  vim .dockerignore  dockerfile
    docker build -t xiaoniao:v1 .  docker run -d -p 88:80 xiaoniao:v1
    打开浏览器测试访问xiaoniaofeifei的项目
    

    6:上传dockerfile和.dockerignore到私有仓库

    git add docker .dockerignore  git commit -m "fisrt commit"  git push -u origin master
    

    7:点击jenkins立即构建,自动构建docker镜像并上传到私有仓库

    修改jenkins 工程配置
    docker build -t 10.0.0.11:5000/test:v$BUILD_ID .  docker push 10.0.0.11:5000/test:v$BUILD_ID
    

    7.3 jenkins自动部署应用到k8s

    kubectl -s 10.0.0.11:8080 get nodes
    if [ -f /tmp/xiaoniao.lock ];then
     docker  build  -t  10.0.0.11:5000/xiaoniao:v$BUILD_ID  .
     docker  push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
     kubectl -s 10.0.0.11:8080 set image  -n xiaoniao deploy xiaoniao xiaoniao=10.0.0.11:5000/xiaoniao:v$BUILD_ID
     echo "更新成功"
    else
     docker  build  -t  10.0.0.11:5000/xiaoniao:v$BUILD_ID  .
     docker  push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
     kubectl  -s 10.0.0.11:8080  create  namespace  xiaoniao
     kubectl  -s 10.0.0.11:8080  run   xiaoniao  -n xiaoniao  --image=10.0.0.11:5000/xiaoniao:v$BUILD_ID --replicas=3 --record
     kubectl  -s 10.0.0.11:8080   expose -n xiaoniao deployment xiaoniao --port=80 --type=NodePort
     port=`kubectl -s 10.0.0.11:8080  get svc -n xiaoniao|grep -oP '(?<=80:)\d+'`
     echo "你的项目地址访问是http://10.0.0.13:$port"
     touch /tmp/xiaoniao.lock
    fi
    
    jenkins一键回滚
    kubectl -s 10.0.0.11:8080 rollout undo -n xiaoniao deployment xiaoniao
    

    相关文章

      网友评论

          本文标题:k8s总结

          本文链接:https://www.haomeiwen.com/subject/rgjerctx.html