Kubernetes

部署K8s

本文主要是介绍部署K8s,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

部署K8s

  • 准备工作
  • 所有节点安装Docker/kubeadm/kubelet

实验环境:

角色IP系统
master192.168.164.141centos8
node1192.168.164.143centos8
node2192.168.164.144centos8

准备工作


1、设置主机名、关闭三台主机的防火墙和selinux、还有swap分区空间
这一步的操作是三台主机都要做的

//设置主机名
[root@master ~]# hostnamectl set-hostname master.example.com
[root@master ~]# bash
[root@master ~]# hostname
master.example.com

[root@node1 ~]# hostnamectl set-hostname node1.example.com
[root@node1 ~]# bash
[root@node1 ~]# hostname
node1.example.com

[root@node2 ~]# hostnamectl set-hostname node2.example.com
[root@node2 ~]# bash
[root@node2 ~]# hostname
node2.example.com

//关闭防护墙
[root@master ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

//关闭selinux
[root@master ~]# vim /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@master ~]# setenforce 0



//关闭swap分区空间
[root@master ~]# vim /etc/fstab 
# 
# /etc/fstab
# Created by anaconda on Fri Nov 12 08:04:53 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cs-root     /                       xfs     defaults        0 0
UUID=b63f82a7-55fa-4e7c-b94e-71f1a1e3cb74 /boot                   xfs     defaults        0 0

# 把下面一行删除掉即可
# 把下面一行删除掉即可
/dev/mapper/cs-swap     none                    swap    defaults        0 0

2、master配置DNS域名解析、IPv4流量传递到iptables的链。
node节点无需任何操作

//master主机上配置域名解析,让三台主机可以互通
[root@master ~]# vim /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

#添加以下三行内容
192.168.164.141 master master.example.com
192.168.164.143 node1 node1.example.com
192.168.164.144 node2 node2.example.com



//master上配置流量传递
[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# cat /etc/sysctl.d/k8s.conf 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

[root@master ~]# sysctl --system    //让刚刚修改的配置生效
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
net.core.optmem_max = 81920
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...    //成功读取到新添加的配置文件
* Applying /etc/sysctl.conf ...

3、时间同步、免密登陆
时间同步是所有主机都要做的,这里就拿master为例。而免密登陆是在master上操作,node节点无需任何操作

[root@master ~]# yum clean all    //清理缓存
21 文件已删除
[root@master ~]# yum makecache    //建立新的缓存,这样速度快而且还不会出现问题
CentOS Stream 8 - AppStream    11 MB/s |  18 MB     00:01    
CentOS Stream 8 - BaseOS      9.9 MB/s |  16 MB     00:01    
CentOS Stream 8 - Extras       26 kB/s |  16 kB     00:00    
Extra Packages for Enterprise 263 kB/s | 980 kB     00:03    
Extra Packages for Enterprise  18 kB/s | 137 kB     00:07    
Extra Packages for Enterprise 2.7 MB/s |  11 MB     00:04    
元数据缓存已建立。

//安装chrony时间同步
[root@master ~]# yum -y install chrony
[root@node1 ~]# yum -y install chrony
[root@node2 ~]# yum -y install chrony

//配置chrony、并设置开机自启
[root@master ~]# vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst

[root@master ~]# systemctl enable --now chronyd    //开机自启
Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.
[root@master ~]# systemctl status chrony
chronyd.service      chrony-wait.service
[root@master ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; e>
   Active: active (running) since Fri 2021-12-17 20:44:11 CST>
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 84243 ExecStartPost=/usr/libexec/chrony-helper upd>
  Process: 84239 ExecStart=/usr/sbin/chronyd $OPTIONS (code=e>
 Main PID: 84241 (chronyd)
    Tasks: 1 (limit: 23484)
   Memory: 2.1M
   CGroup: /system.slice/chronyd.service
           └─84241 /usr/sbin/chronyd

12月 17 20:44:11 master.example.com systemd[1]: Starting NTP >
12月 17 20:44:11 master.example.com chronyd[84241]: chronyd v>
12月 17 20:44:11 master.example.com chronyd[84241]: Using rig>
12月 17 20:44:11 master.example.com systemd[1]: Started NTP c>
12月 17 20:44:19 master.example.com chronyd[84241]: Selected >
12月 17 20:44:19 master.example.com chronyd[84241]: System cl>



//master上做免密登陆,做这一步前要确保可以在master上ping通每个node
[root@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wp5Ud+MXV0+ly3TI9V+jq/HV59YKc9kyJW2/RN7/Ojo root@master.example.com
The key's randomart image is:
+---[RSA 3072]----+
|                *|
|             . =+|
|        . . o *.*|
|     . . . o +.*+|
|      + S   ..=.=|
|     o o     .+*+|
|      o    .o.=+B|
|            E+++*|
|           ..+o*=|
+----[SHA256]-----+


//把master上密码传给所有人包括自己
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id node1
[root@master ~]# ssh-copy-id node2

准备工作完成后把所有的主机全部重启一遍

所有节点安装Docker/kubeadm/kubelet

这一部分的操作是所有主机都要做的,同样是以master为例,如果有特殊配置会罗列出来

Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。


1、所有主机安装Docker(包括master),这里以master为例

//下载docker-ce的仓库源
[root@master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# 如果没有wget直接用yum下载即可  yum -y install wget

--2021-12-17 21:02:55--  https://mirrors.aliyun.com/docker-ce/
linux/centos/docker-ce.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 119.96
.71.243, 119.96.71.242, 119.96.71.239, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|119.96.71.243
|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2081 (2.0K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/docker-ce.repo”

/etc/yum.repos. 100%[=====>]   2.03K  --.-KB/s  用时 0s      

2021-12-17 21:02:55 (43.2 MB/s) - 已保存 “/etc/yum.repos.d/doc
ker-ce.repo” [2081/2081])

[root@master ~]# ls /etc/yum.repos.d/
CentOS-Stream-AppStream.repo  CentOS-Stream-HighAvailability.repo  docker-ce.repo          epel-playground.repo
CentOS-Stream-BaseOS.repo     CentOS-Stream-Media.repo             epel-modular.repo       epel.repo
CentOS-Stream-Debuginfo.repo  CentOS-Stream-PowerTools.repo        epel-next.repo          epel-testing-modular.repo
CentOS-Stream-Extras.repo     CentOS-Stream-RealTime.repo          epel-next-testing.repo  epel-testing.repo



//安装Docker
[root@master ~]# systemctl enable --now docker

[root@master ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

//查看版本号
[root@master ~]# docker --version
Docker version 20.10.12, build e91ed57
[root@node1 ~]# docker --version
Docker version 20.10.12, build e91ed57
[root@node2 ~]# docker --version
Docker version 20.10.12, build e91ed57


//配置Docker的加速器
[root@master ~]# cat > /etc/docker/daemon.json << EOF
> {
>   "registry-mirrors": ["https://h8ln3iuy.mirror.aliyuncs.com"], //加速器的地址
>   "exec-opts": ["native.cgroupdriver=systemd"],  //使用原生的systemctl控制
>   "log-driver": "json-file",   //日志的格式
>   "log-opts": {       //日志的参数
>     "max-size": "100m"   //日志单个文件最大100MB,如果超过100就会回滚,会自动再创建一个文件记录日志
>   },
>   "storage-driver": "overlay2"  //存储的驱动
> }
> EOF

2、添加kubernetes(K8s工具)阿里云YUM软件源
添加阿里云的kubernetes,便于安装工具
kubernetes源的地址

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

3、安装kubeadm,kubelet和kubectl

[root@master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0

[root@master ~]# systemctl enable kubelet  //值设置开机自启,但是不启动
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.

4、部署Kubernetes Master
master主机上操作;初始化一个集群

[root@master ~]# kubeadm init --apiserver-advertise-address=192.168.164.141 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.20.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16

# --apiserver-advertise-address=192.168.164.141 //master主机的IP
# --image-repository registry.aliyuncs.com/google_containers  //使用阿里云的谷歌镜像仓库,因为国内登陆不了谷歌官网
# --kubernetes-version v1.20.0 //kubernetes版本号
# --service-cidr=10.96.0.0/12  //service的网段
# --pod-network-cidr=10.244.0.0/16  //pod的网段

//执行上面那个命令的拉取过程
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master.example.com] and IPs [10.96.0.1 192.168.164.141]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master.example.com] and IPs [192.168.164.141 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master.example.com] and IPs [192.168.164.141 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 15.510333 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master.example.com as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node master.example.com as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: jdrms8.yoqjpoeylkx9o25x
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:
# 如果你想启用使用集群的话就要用下面的命令;如果是普通用户就执行下面的操作

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:
# 如果你是管理员用户就执行下面的操作,但是我们一般不会这样操作。 
# 因为这是临时的,我们需要做成永久生效的。下面会有教程
  export KUBECONFIG=/etc/kubernetes/admin.conf
# 设置一个环境变量告诉系统使用的哪个配置文件

You should now deploy a pod network to the cluster.
# 你需要设置一个pod网络到集群中,使用下面的命令
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.164.141:6443 --token jdrms8.yoqjpoeylkx9o25x \
    --discovery-token-ca-cert-hash sha256:0200386756147a66bde1724467396fceba045de5bd845dc7f427d29732d44766 


//查看拉取下来的镜像
[root@master ~]# docker images
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-proxy                v1.20.0    10cc881966cf   12 months ago   118MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.20.0    3138b6e3d471   12 months ago   46.4MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.20.0    ca9843d3b545   12 months ago   122MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.20.0    b9fa1895dcaa   12 months ago   116MB
registry.aliyuncs.com/google_containers/etcd                      3.4.13-0   0369cf4303ff   15 months ago   253MB
registry.aliyuncs.com/google_containers/coredns                   1.7.0      bfe3a36ebd25   18 months ago   45.2MB
registry.aliyuncs.com/google_containers/pause                     3.2        80d28bedfe5d   22 months ago   683kB




//根据官方推荐的方式做管理员的操作 把环境变量写成永久的
[root@master kubernetes]# pwd
/etc/kubernetes
[root@master kubernetes]# echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' > /etc/profile.d/k8s.sh
[root@master kubernetes]#  source /etc/profile.d/k8s.sh

//查看是否有控制节点
[root@master ~]# kubectl get nodes
NAME                 STATUS     ROLES                  AGE   VERSION
master.example.com(master主机)  NotReady(没有准备好)   control-plane,master   22m   v1.20.0

5、安装Pod网络插件(CNI)
做一步前要确保主机可以正常访问quay.io这个registery(仓库),因为是从红帽官方的quay.io拉取镜像

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Unable to connect to the server: net/http: TLS handshake timeout
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created // created 创建完成,出现这个表示完成
clusterrole.rbac.authorization.k8s.io/flannel created    //created 创建完成
clusterrolebinding.rbac.authorization.k8s.io/flannel created  //created 创建完成
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created  //created 创建完成

# 如果下载不下来或者很慢就先把文件下载到本地,然后指定文件路径即可

6、 加入Kubernetes Node
在初始化集群的时候会反馈很多的信息,其中最后一句话是最重要的,这句话是一个命令,是在node端执行的,表示将node主机添加到k8s集群中

到所有的节点上执行这个命令 node1和node2

//node1上执行此命令
[root@node1 ~]# kubeadm join 192.168.164.141:6443 --token jdrms8.yoqjpoeylkx9o25x \
>     --discovery-token-ca-cert-hash sha256:0200386756147a66bde1724467396fceba045de5bd845dc7f427d29732d44766 
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
        [WARNING Hostname]: hostname "node1.example.com" could not be reached
        [WARNING Hostname]: hostname "node1.example.com": lookup node1.example.com on 114.114.114.114:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.


//node2上执行命令
[root@node2 ~]# kubeadm join 192.168.164.141:6443 --token jdrms8.yoqjpoeylkx9o25x \
>     --discovery-token-ca-cert-hash sha256:0200386756147a66bde1724467396fceba045de5bd845dc7f427d29732d44766 
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
        [WARNING Hostname]: hostname "node1.example.com" could not be reached
        [WARNING Hostname]: hostname "node1.example.com": lookup node1.example.com on 114.114.114.114:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.


//然后去master上查看受控节点的状态
[root@master ~]# kubectl get nodes
NAME                 STATUS     ROLES                  AGE     VERSION
master.example.com   Ready      control-plane,master   39m     v1.20.0
node1.example.com    NotReady   <none>                 2m52s   v1.20.0
node2.example.com    NotReady   <none>                 78s     v1.20.0
# 这个时候node1和node2是没有准备好的转态,这是正常的,因为后台还在拉取一些镜像,需要等待一会

[root@master ~]# kubectl get nodes
NAME                 STATUS   ROLES                  AGE     VERSION
master.example.com   Ready    control-plane,master   43m     v1.20.0
node1.example.com    Ready    <none>                 6m44s   v1.20.0
node2.example.com    Ready    <none>                 5m10s   v1.20.0

7、管理容器

[root@master ~]# kubectl get ns  //查看所有的名称空间类型
NAME              STATUS   AGE
default           Active   46m
kube-node-lease   Active   46m
kube-public       Active   46m
kube-system       Active   46m   //自动运行的容器都是属于这一类

//查看现有的容器状态
查看容器的状态的时候要指定名称空间
[root@master ~]# kubectl get pods -n kube-system
# pods:所有的容器; -n:指定名称空间

NAME                                         READY   STATUS    RESTARTS   AGE
coredns-7f89b7bc75-b25b7                     1/1     Running   0          49m
coredns-7f89b7bc75-fspzk                     1/1     Running   0          49m
etcd-master.example.com                      1/1     Running   0          50m
kube-apiserver-master.example.com            1/1     Running   0          50m
kube-controller-manager-master.example.com   1/1     Running   0          50m
kube-flannel-ds-dxgrv                        1/1     Running   0          11m
kube-flannel-ds-px4zx                        1/1     Running   0          20m
kube-flannel-ds-rlxs2                        1/1     Running   0          13m
kube-proxy-dhw8n                             1/1     Running   0          13m
kube-proxy-rbrtl                             1/1     Running   0          49m
kube-proxy-zpr2t                             1/1     Running   0          11m
kube-scheduler-master.example.com            1/1     Running   0          50m


//查看容器时在那个主机上运行、IP是多少
[root@master ~]# kubectl get pods -n kube-system -o wide
NAME                                         READY   STATUS    RESTARTS   AGE   IP                NODE                 NOMINATED NODE   READINESS GATES
coredns-7f89b7bc75-b25b7                     1/1     Running   0          51m   10.244.0.2        master.example.com   <none>           <none>
coredns-7f89b7bc75-fspzk                     1/1     Running   0          51m   10.244.0.3        master.example.com   <none>           <none>
etcd-master.example.com                      1/1     Running   0          51m   192.168.164.141   master.example.com   <none>           <none>
kube-apiserver-master.example.com            1/1     Running   0          51m   192.168.164.141   master.example.com   <none>           <none>
kube-controller-manager-master.example.com   1/1     Running   0          51m   192.168.164.141   master.example.com   <none>           <none>
kube-flannel-ds-dxgrv                        1/1     Running   0          13m   192.168.164.144   node2.example.com    <none>           <none>
kube-flannel-ds-px4zx                        1/1     Running   0          21m   192.168.164.141   master.example.com   <none>           <none>
kube-flannel-ds-rlxs2                        1/1     Running   0          14m   192.168.164.143   node1.example.com    <none>           <none>
kube-proxy-dhw8n                             1/1     Running   0          14m   192.168.164.143   node1.example.com    <none>           <none>
kube-proxy-rbrtl                             1/1     Running   0          51m   192.168.164.141   master.example.com   <none>           <none>
kube-proxy-zpr2t                             1/1     Running   0          13m   192.168.164.144   node2.example.com    <none>           <none>
kube-scheduler-master.example.com            1/1     Running   0          51m   192.168.164.141   master.example.com   <none>           <none>

8、测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:

[root@master ~]# kubectl create deployment nginx --image nginx
deployment.apps/nginx created
# 创建一个deployment类型的的容器 名字叫nginx 镜像使用nginx


//暴露端口号
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
# 暴露deployment类型中的nginx  端口号为80 类型为节点端口
# 这里的暴露是service的端口号,而且他是有IP的。因为我们访问容器时访问的service的IP地址
  
//查看service的IP地址、端口号等
[root@master ~]# kubectl get svc   
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        58m
nginx        NodePort    10.106.17.133(serviceIP地址)   <none>        80:31177/TCP   38s (暴露的是80端口)

//访问测试
[root@master ~]# curl http://10.106.17.133
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

这篇关于部署K8s的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!