网上一般都是 Centos 7 的教程比较多一点,这里用了 Centos 8 来搭建Kubernetes(以下简称‘k8s’),有几个方面还是需要注意的,各位看官请往下看。
K8S 搭建
环境准备
# 修改主机名
hostnamectl set-hostname master.k8s.wissy.com.cn
echo '10.222.190.158 master.k8s.wissy.com.cn' >> /etc/hosts
timedatectl set-timezone Asia/Shanghai
# 升级系统软件
yum update -y
dnf clean all
# 内核相关设置修改
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
cat <<EOF > c/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
setenforce 0
sysctl -w vm.max_map_count=262144
sysctl net.ipv4.ip_forward=1
# file: /etc/sysctl.d/99-sysctl.conf
vm.swappiness = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_no_pmtu_disc = 1
net.core.rps_sock_flow_entries = 32768
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
vm.max_map_count=262144
swapoff -a
# 安装Docker & kubeadm
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
dnf remove containerd.io
dnf install docker-ce
kill -TERM 1
systemctl daemon-reexec
systemctl enable docker
systemctl start docker
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
mkdir -p /etc/docker
cat <<EOF > /etc/docker/daemon.json
{"exec-opts": ["native.cgroupdriver=systemd"],"registry-mirrors":["https://reg-mirror.qiniu.com/"]}
EOF
systemctl restart docker
# 初始化K8S
kubeadm init --apiserver-advertise-address=10.222.190.158 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --service-dns-domain=wissy.com.cn
# 设置Master可以部署
kubectl taint node master.k8s.wissy.com.cn node-role.kubernetes.io/master-
kubectl label nodes master.k8s.wissy.com.cn edgenode=true
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
echo "alias k=kubectl" >> /etc/profile
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# Dashbord
#kubectl create serviceaccount dashboard-admin -n kube-system
#serviceaccount/dashboard-admin created
#kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --#serviceaccount=kube-system:dashboard-admin
#clusterrolebinding.rb
kubectl -n kube-system get secret | grep dashboard-admin
[root@k8s-master ~]# kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}'
kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}'
kubectl describe secret dashboard-admin-token-5wzdl -n kube-system
# traefik-ingress
K8S 生态圈
问题&难点
Pod里面的DNS无法连接到外网
# 查看日志大量的IP timeout
kubectl logs -f coredns-6d8c4cb4d-jkrtm -n kube-system
# 允许转发,并设置到永久配置,否则POD不能上网
firewall-cmd --zone=public --add-masquerade
firewall-cmd --runtime-to-permanent
Docker Compose 文件转换
Kompose
https://kubernetes.io/zh/docs/tasks/configure-pod-container/translate-compose-kubernetes/
yum install langpacks-zh_CN.noarch
yum groupinstall chinese-support -y
yum groupremove "GNOME"
其他命令
批量更新images
docker images|grep -v none|awk -v OFS=":" '{print $1,$2}'|xargs -l docker pull
批量删除 <none>的images
docker rmi `docker image ls -f dangling=true -q`
删除 k8s Exited 容器
docker ps -a |grep 'Exited'|grep 'k8s_'|awk '{print $1}'|xargs docker rm
kubectl rollout restart deploy <name>
kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'
for i in `docker images | grep '<none>'|awk '{print $1}'|grep -v '<none>'`;do
for m in `kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{"\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'|grep $i|awk '{print $1}'`;do
k get pods -A|grep 'siyuan-54b8dcf5d9-fcqkq'|awk '{print "kubectl delete pod",$2,"-n",$1}'|bash
done
done
自动更新
# 更新 images
docker images|grep -v none|awk -v OFS=":" '{print $1,$2}'|xargs -l docker pull
# 删除废弃的 images 和容器
docker rmi `docker image ls -f dangling=true -q`
docker ps -a |grep 'Exited'|grep 'k8s_'|awk '{print $1}'|xargs docker rm
# 重启更新的容器
for i in daemonset statefulset deploy;do
docker rmi `docker image ls -f dangling=true -q` 2>&1|\
grep 'image is being used by running container'|\
awk '{print $21}'|\
xargs -I {} docker inspect --format='{{.Name}}' {}|\
grep 'k8s_'|\
awk -F '_' '{print "kubectl rollout restart $i",$2,"-n",$4}'|\
bash;
done
Cron
54 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
54 0 * * * /bin/bash /data/k8s/description/updateImages.sh
评论区