- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2024-9-16 17:00:09
|
显示全部楼层
1. token过期处理, T4 e% W# m$ O- F* r; v
k8s的令牌默认24小时过期,逾期需要重新加入
5 H) w; p& J& L; `9 r2 l$ z7 \
. k) x& r5 G/ T6 P* J' R3 s) }1.1 master节点创建新令牌5 }( x+ h9 {! f ~: f; I2 y: _7 f
## 在master节点
: P0 x- f% }2 @( k5 S4 F# kubeadm token create --print-join-command& e1 \' q4 I2 N. C; `1 C& E M
4 A; J# @' n4 L6 z9 _8 S% ][root@master1 admin]# kubeadm token create --print-join-command
$ \5 S. o( Z2 P* h* A; X" ]! T; D; |W0705 23:14:39.436166 7030 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]" O! v1 e& q, A/ R; v
kubeadm join master.k8s.io:6443 --token ime4yx.8fb5jsv0smqkk0aq --discovery-token-ca-cert-hash sha256:ffb3b09434cb153048558614e774221d0ef8107e4f824a415e2f41e84f6ac0b1 + x& V- }, Q/ A+ I# w7 C
* c! N- \' ]1 P9 g
4 R. J4 y7 h( H8 z1.2 worker节点或者master集群节点执行命令
, P; z* \# m7 e## 集群的其他master节点, 有 --control-plane7 g5 u: J2 y& n7 V7 `
kubeadm join master.k8s.io:6443 --token ime4yx.8fb5jsv0smqkk0aq \
- o& E6 J9 G6 K2 K+ f$ y3 p- w' c --discovery-token-ca-cert-hash sha256:ffb3b09434cb153048558614e774221d0ef8107e4f824a415e2f41e84f6ac0b1
1 F F! }$ J [( k* x4 f- ` --control-plane8 [/ k$ \2 W8 x% a, D
2 \/ O* p% X, y: u$ D
## 集群的worker节点 , 没有 --control-plane. y: X; Y# R4 M C
kubeadm join master.k8s.io:6443 --token ime4yx.8fb5jsv0smqkk0aq \
: N1 r6 g6 b& N3 Q --discovery-token-ca-cert-hash sha256:ffb3b09434cb153048558614e774221d0ef8107e4f824a415e2f41e84f6ac0b1
+ s: a! v* c& q6 Y) t) X5 v
8 n% N$ \; W, d) G, e6 b' n- }3 J2. 部署dashboard6 l+ V0 a$ D) n/ D
2.1 Kubernetes 官方提供的可视化界面0 h. I3 H7 W/ M) A: `
URL: https://github.com/kubernetes/dashboard; a% D1 w& l- q- e" G8 e+ W
17 P) U# Y4 ~1 I
2.2 下载k8s dashboard
8 E4 _% W0 u0 A5 X! \2 @, K6 Q# 命令:kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
2 J+ \; b4 o. V, a9 i% t, T% }7 ?; E+ H% X, x
# 或者先下载:wget --no-check-certificate https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
- Q* P6 o6 t0 C5 J' K, h& ~; S! V# 再应用 kubectl apply -f recommended.yaml
q3 p9 P3 `+ @8 M; a9 k" F9 k
4 Q4 U" B( S4 z" B; M% j" [5 {7 S
[root@master1 admin]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml. J, [; M4 B% r! P6 f! x/ u
namespace/kubernetes-dashboard created
9 z% z+ P. J/ U3 T5 k; N( qserviceaccount/kubernetes-dashboard created
) P. o& [! w$ q; k+ i ?service/kubernetes-dashboard created
3 u1 k" ]9 ?& I, E N1 b, vsecret/kubernetes-dashboard-certs created' ?' _& ?& `) ]$ [+ y
secret/kubernetes-dashboard-csrf created, T0 K9 O0 S6 y
secret/kubernetes-dashboard-key-holder created$ ?. y1 |" \( j& I0 q% Z
configmap/kubernetes-dashboard-settings created( `2 ~; t$ K' Y. k& i
role.rbac.authorization.k8s.io/kubernetes-dashboard created
. k! S- f! G* W7 t o& W2 Pclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
9 |- p3 o# ]7 a) H6 urolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created' j4 q# S7 p4 L- H* z
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
" N0 J% n# O) T4 R1 E3 mdeployment.apps/kubernetes-dashboard created
9 R; z' S- f- O0 R0 H* y2 R& Kservice/dashboard-metrics-scraper created
# U. b6 d* i- F6 u5 v( @deployment.apps/dashboard-metrics-scraper created( e' C$ }6 r* h. e
# J; ^6 B/ P/ z' B6 f
检查:) y4 D. X0 C" N0 e. s7 s
5 ~/ M% I8 v8 E- |7 i# d[root@master1 admin]# kubectl get pods -A
" U8 M- e$ y# W& l; `: y8 |. H1 ENAMESPACE NAME READY STATUS RESTARTS AGE- l$ H, \: J0 E! ]& J: ~) v7 h+ f5 l
kubernetes-dashboard dashboard-metrics-scraper-78f5d9f487-s854v 1/1 Running 0 4m8s
. @* |& E2 s. ukubernetes-dashboard kubernetes-dashboard-6bc5cb8879-8zjj2 1/1 Running 0 4m8s
h- E( ^0 E, l8 D( p0 ^" o3 [1
( E1 n7 `% w5 j+ W( M/ p; G2
& F, L3 B' g1 l% V+ U. r; B2 Z/ ^' B3* B% c0 a! R" u0 O5 z
4
5 u9 ?; z) |$ @- a+ p6 x, o3 v8 i. D2.3 设置访问端口 W2 ?# [- g2 K& L( k
[root@master1 admin]# kubectl get svc -o wide -A" K; F$ i+ \9 A/ \' B% F
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR' _8 ]) @& q' u
default javademo1 NodePort 10.1.230.223 <none> 8111:31880/TCP 2d23h app=javademo1
& S4 n; }* `8 f0 z7 |7 ?0 F. _default kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 3d <none>+ V) q! p5 b, a5 Y) Q3 J u3 L) b
kube-system kube-dns ClusterIP 10.1.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d k8s-app=kube-dns
7 _( ?( r3 }& K O4 r# Skubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.1.110.33 <none> 8000/TCP 8m24s k8s-app=dashboard-metrics-scraper
: o7 v9 ~5 [& ~8 Ukubernetes-dashboard kubernetes-dashboard ClusterIP 10.1.179.158 <none> 443/TCP 8m24s k8s-app=kubernetes-dashboard
+ r7 ]' Q$ d" d q[root@master1 admin]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
* D1 {4 i m; D" G( R/ qservice/kubernetes-dashboard edited
) N$ `$ y8 q. k& E7 t' r, B- L# v J! O1 S! w
其中的 type: ClusterIP 改为 type: NodePort
& y$ {) Z, O( R' q! e& q) Z, Q0 i# v* P$ v# C* K
1 w) X8 y7 E1 Q8 s可以看到,dashboard的端口变成了30798: W! h8 d8 C, j( P
- Q9 E I1 W: M' v# 命令: kubectl get svc -A | grep kubernetes-dashboard
4 V- F3 y) O+ O, k- }- e# 或者: kubectl get svc -o wide -A
5 H' ?9 \) {" f* z5 h: n* |+ Y[root@master1 admin]# kubectl get svc -o wide -A8 U& {5 j: f6 ]* r) f+ P& g; N T# m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR& A) D8 d: L- y, c8 w: Q# d# _
default javademo1 NodePort 10.1.230.223 <none> 8111:31880/TCP 2d23h app=javademo16 e: v1 `( B% e% i$ @0 M1 E
default kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 3d <none>
: F: X( I9 Z7 h" H7 D9 i& @kube-system kube-dns ClusterIP 10.1.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d k8s-app=kube-dns
& x( u7 u& ^( U0 R" K7 C( K1 D$ H- m5 z$ qkubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.1.110.33 <none> 8000/TCP 12m k8s-app=dashboard-metrics-scraper
6 ^% V( B6 }, k/ W- ?! p( [! tkubernetes-dashboard kubernetes-dashboard NodePort 10.1.179.158 <none> 443:30798/TCP 12m k8s-app=kubernetes-dashboard
0 {5 I# x; G2 c3 P! h) q3 r7 r) E* b1 O
& w$ `+ ?6 N9 F( C- `- i3 q4 ~1 u4 I/ s
2.4 登录& l/ m7 g" w0 }, E: }2 k
2.4.1 创建登录用户(masternode)
6 m2 R: O" a( q5 l: dURL: https://192.168.8.190:30798/ P s0 z9 I/ @
创建一个登录账号的文件:dash-user.yaml
* _7 I+ a8 v; w( V9 {内容: 把一个集群账号admin-user创建出来' d% e+ S' v: w! k3 J8 k
5 ~0 K+ ~2 ^' x# M& A$ W
# dash-user.yaml
8 c5 M; k" n6 K4 v8 Y% _1 M( U2 lapiVersion: v10 @. X6 |5 J: [$ O5 N1 B: n
kind: ServiceAccount! }) `+ l" K1 N# _% }
metadata:" a# D' ^$ p/ }7 s# X& w
name: admin-user
! L1 R; |4 C4 U namespace: kubernetes-dashboard. F _+ t" F: Z- g6 K) P
---* @2 n' S% W' v D4 `
apiVersion: rbac.authorization.k8s.io/v17 X3 y0 Z0 @. t
kind: ClusterRoleBinding, {& l2 l% F5 j/ ]9 z9 w; V4 W
metadata:
3 K& V5 H# d+ y name: admin-user+ [% e7 V" T7 q; I- S$ L% q
roleRef:$ M7 `" M0 `& Y6 t
apiGroup: rbac.authorization.k8s.io0 N; F3 M3 U" b. w# z) F& N2 Z. u
kind: ClusterRole1 c3 L3 w; a- Z" O8 _$ ~2 _# j L
name: cluster-admin
. u! l3 x% e5 }' Jsubjects:
4 u' m9 y& I; ~1 ^- kind: ServiceAccount
/ H F# @. t/ V name: admin-user% b8 R3 a8 ^! w# l
namespace: kubernetes-dashboard
5 o% T* x$ v6 d& g% W/ r# A& z% f* _$ v- E; K
## 应用
$ D t8 T2 A! M) j% j[root@master1 ~]# kubectl apply -f dash-user.yaml
& X# n+ a. D; n; a! Aserviceaccount/admin-user created
" x% g! w# \7 P' k" `clusterrolebinding.rbac.authorization.k8s.io/admin-user created4 b5 b4 f% c2 o
, V3 R3 H: p: t7 `2.4.2 获取新建用户的访问令牌" V/ b. b7 V) W/ _. d* X
命令:% D$ z6 k, Z( F3 h% W' c4 M( K
1 `# G7 W5 o6 U4 M3 wkubectl -n kubernetes-dashboard \# q" P% Q- E' c$ J' Q7 V- c
get secret $(kubectl -n kubernetes-dashboard get sa/admin-user \: N/ k" y! x, k$ Q' ^
-o jsonpath="{.secrets[0].name}") \
3 y1 z7 J6 A9 y+ k) I1 D-o go-template="{{.data.token | base64decode}}"+ x7 k! ]$ F' p
4 N# g0 y( g9 Q( o. `! c执行后会出现一串令牌,复制后粘贴在dashboard的token输入框中即可6 H) R' T& I8 z: U4 V2 ?
" z9 g; G4 X2 H7 T e. u( D
( y7 Y/ L5 {$ M3. 工作负载deployment
# @' [+ {7 D0 ? a控制Pod,使Pod拥有多副本,自愈,扩缩容等能力
8 P& Q& ^3 l2 b# z2 ]" @$ d0 T/ }5 Y+ \# S
# 清除所有Pod,比较下面两个命令有何不同效果?
+ Q6 u8 G4 {9 d; l$ gkubectl run mynginx --image=nginx, S& j; l4 f: l5 {. R, x
+ Z' P% |+ w! Rkubectl create deployment mytomcat --image=tomcat:8.5.68, |$ G+ V7 W" ?7 N+ P6 e
# 自愈能力
# h2 h$ ~5 e8 I) p& P- a# 删除之后,k8s会重新启动一个tomcat。除非删除deployment+ r5 m* O1 z: \4 w: k$ a" K, h. j
$ x7 i8 U$ W% Z3 t4 J
3.1 多副本
. G+ j5 S- }6 D$ X! `3.1.1 命令行方式:' J4 u3 L4 F) ~8 k8 c8 {( E2 i* @
kubectl create deployment my-dep --image=nginx --replicas=3
- E g5 {6 s$ j8 z; n$ P; l- s
6 `4 g+ x, ]. G, ?3.1.2
3 z. m" O* a2 P: |+ ` ~5 O9 |yaml文件方式1 [# W9 q$ {+ \
( {, g" b* I# u8 Y9 e uapiVersion: apps/v1
$ \$ W3 k' a8 }0 x4 I: Kkind: Deployment. Y( B$ y7 R$ H
metadata:
1 l4 R: W0 |6 h$ Y* Y labels:/ z2 q' ^4 Q$ S; g+ p3 {* O; F
app: my-dep
- n" @, d1 x) n# j) v) q; L name: my-dep8 t; {2 J& ^4 N r
spec:2 s p1 V0 X- J! V V
replicas: 3
# g, z9 _6 `; [' d) a2 d( Z selector:2 ~7 h( }+ W. m3 H
matchLabels: u! E0 X/ M- [0 I+ s. y$ H
app: my-dep) o4 z) h+ h2 @& A2 @
template:
5 c1 l6 P# T/ B2 `+ P: D) R metadata:
7 d/ [0 `) o; d0 ? labels:6 O. p ?4 ?) \- V2 @
app: my-dep
" H; ]4 G2 ^. e* l- e- v spec:" m% M) \/ M: s& h7 |4 w8 p
containers:* ~5 G' l* z9 l' F/ ]" T
- image: nginx+ r7 B; P3 [: M, j4 | J$ O
name: nginx
. X1 C7 z6 x; V7 E$ l2 L, ^. F
% u( V4 l7 P+ {6 t3.2 扩缩容
0 i Y8 i4 I8 z. s" S* |- D$ L: D3.2.1 使用scale方式2 D, R4 |6 |2 |$ [/ i8 @+ e
kubectl scale --replicas=5 deployment/my-dep
3 T# E1 K( M7 _( x% m+ S
0 x4 N. B2 P; U2 [3.2.2 修改deployment方式
. V- e% K/ X; y5 F3 zkubectl edit deployment my-dep3 u( V6 f+ M! s* k* v% r
8 I- C( g) A: \- f: W#修改 replicas 的值& j |3 [: _! k7 v
8 l" N) o+ X. j3.3 自愈&故障转移 p* u k& B; k0 w. A; E7 M
● 停机5 E- c" C8 T4 f! D- O0 V. c
● 删除Pod5 r8 a: [0 ?. u# r, K& L9 I
● 容器崩溃
' V G# t) A7 Q● ....# X3 n' F; p: \% t4 ]
( I; p) `" X% m" c1 v- J! t
3.4 滚动更新
& n \5 o _; t5 l3.4.1 直接使用命令3 r. P, B0 ?+ j$ x5 u* q
在以deployment创建一个nginx的情况下/ s5 n+ P0 e% F3 M" J$ l8 d
( ^7 n$ o5 |0 c {9 o
## 设置新版本, 该命令会是k8s去下载版本为1.16.1的nginx镜像。! d& i7 ~# ]0 G# r/ ?* a4 x
## 同理,也可以使k8s去指定仓库拉取指定版本的某镜像(比如某服务的新版本)
9 ?# s" N) H/ Ikubectl set image deployment/my-dep nginx=nginx:1.16.1 --record
m2 _& Q& y0 d' ? gkubectl rollout status deployment/my-dep
5 O8 X H1 p A3 [7 h9 C0 j; t" v" y2 U- Z% j" F
3.4.2 修改deployment的内容
, u% p. J J+ [; W5 Z/ T## 修改image的版本
. R( A( [4 U( i) l( lkubectl edit deployment/my-dep
; U* }1 h- h- J/ a$ ^ `$ q7 X4 u# ~
% E$ d7 ]+ ?6 p( H4 S3.5 版本回退: l0 X1 C3 j6 n% e i; b! h
#历史记录
5 ~) D" G% k" Q3 P+ nkubectl rollout history deployment/my-dep
; y- o& R* R2 ~5 R6 W: r6 Z, ]8 q+ z" |9 y5 P8 D+ S# n
#查看某个历史详情6 y, N) I6 u; j; {3 b3 e8 O
kubectl rollout history deployment/my-dep --revision=2
, s$ `, N/ t1 ?; Y! \; _8 r+ C$ Q& `- U/ ?2 B: J: R- c
#回滚(回到上次)
2 ]% r# @! e& g. T0 Okubectl rollout undo deployment/my-dep
. n2 Y8 R; ~% s* D G, Z% Z6 W
/ ~5 v' h2 m) T#回滚(回到指定版本) J- J z5 E7 c; i' b
kubectl rollout undo deployment/my-dep --to-revision=2 J ]# Y% |3 j2 x' A6 Y
/ h1 p4 ~, {: j5 b y- i5 }& o+ y: h更多:7 f- L4 m' b5 z& o8 o
, Z2 X% ]3 P$ T: o4 z
除了Deployment,k8s还有 StatefulSet 、DaemonSet 、Job 等 类型资源。/ k R* P3 k! A9 {" b5 i+ F, {
我们都称为 工作负载。% A, s: b! p. ^) u- J/ O* U
有状态应用使用 StatefulSet 部署,无状态应用使用 Deployment 部署+ v/ @0 r8 p5 T
url: https://kubernetes.io/zh/docs/concepts/workloads/controllers/* k) E; i* w) f3 y9 f ^
1 }$ n. `9 z' `8 i: G. f" \
3.6 工作负载小总结
$ ~% B: T! x; r U/ I* C ]6 Z1 `- H/ I/ l7 Z6 t, `
dashboard中的工作负载 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2024-9-16 17:00:07
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜