k8s-基础入门
kubeadm-dind-cluster 工具来快速地部署一个 kubernetes 集群,并且在其上使用 kubectl 来熟练掌握集群的基本结构及概念。
知识点
- Kubernetes 集群的基本结构
- kubectl 的基本使用
- Resource 的基本概念
- Namespace 的基本概念
相关链接
kubeadm-dind-cluster 提供了一种非常简单的运行 kubernetes 集群的方式。我们可以使用预先提供的脚本直接运行一个 kubernetes 集群。本次实验所使用的 kubernetes 环境 为 1.15。
tom@ubuntu:~/Desktop/k8s/Code$ docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.5.1-docker) Server: ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: dial unix /var/run/docker.sock: connect: permission denied errors pretty printing info
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/
sudo groupadd docker #添加docker用户组 sudo gpasswd -a $XXX docker #检测当前用户是否已经在docker用户组中,其中XXX为用户名,例如我的,liangll sudo gpasswd -a $USER docker #将当前用户添加至docker用户组 newgrp docker #更新docker用户组
tom@ubuntu:~/Desktop/k8s/Code$ ./dind-cluster-v1.15.sh WARNING: No swap limit support usage: ./dind-cluster-v1.15.sh up ./dind-cluster-v1.15.sh reup ./dind-cluster-v1.15.sh down ./dind-cluster-v1.15.sh init kubeadm-args... ./dind-cluster-v1.15.sh join kubeadm-args... ./dind-cluster-v1.15.sh clean ./dind-cluster-v1.15.sh pause ./dind-cluster-v1.15.sh unpause ./dind-cluster-v1.15.sh snapshot ./dind-cluster-v1.15.sh restore ./dind-cluster-v1.15.sh copy-image [image_name] ./dind-cluster-v1.15.sh e2e [test-name-substring] ./dind-cluster-v1.15.sh e2e-serial [test-name-substring] ./dind-cluster-v1.15.sh dump ./dind-cluster-v1.15.sh dump64 ./dind-cluster-v1.15.sh split-dump ./dind-cluster-v1.15.sh split-dump64
需要用到的命令不多,直接用 up 就可以启动一个集群
由于 coredns 和 kubernetes-dashboard 启动需要消耗较长时间并且在实验环境中会启动失败,所以脚本中已经禁用了这两项。而且它们在实验中用到的地方不多,具体可以等到用到的时候再处理
从输出的结果来看,kubernetes 集群也是一个典型的 master-slave 架构。这样的结构中 master 节点上会部署很多控制组件,slave 上只需运行一些 agent 即可。
curl: (35) gnutls_handshake() failed: Error in the pull function
执行sudo apt-get install libcurl4-openssl-dev 执行此句时会把libcurl4-gnutls-dev这个包给删除先,然后再安装。这两个包是互相冲突的,安谁会把另一个先卸掉。 大概理解是,curl的依赖包中有libcurl4-gnutls-dev,这个是默认的,但我们需要libcurl4-openssl-dev,因为这个更好用,对https支持地更好
tom@ubuntu:~/Desktop/k8s/Code$ curl -V
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
小窍门
gpasswd -a cold root //将用户cold加入到root组 gpasswd -d cold root //将用户cold从root组中移出
kubectl 的基本使用
kubectl 是与 kubernetes 集群交互的一个命令行工具。我们可以用它来查看和管理 kubernetes 集群。kubernetes 对外通过 http 端口暴露服务,kubectl 正是通过与 kubernets api server 的 http 端口交互来操作集群。
tom@ubuntu:~/Desktop/k8s/Code$ sudo vim /etc/sysctl.conf
[sudo] password for tom:
tom@ubuntu:~/Desktop/k8s/Code$ sudo sysctl -p
vm.max_map_count = 655360
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
shiyanlou:~/ $ cat /etc/hosts [16:57:08] 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.20.102.125 iZrj92px5d0b9btkc0hzewZ iZrj92px5d0b9btkc0hzewZ 10.111.123.198 iZbp181owrnv9r9uzp4pt1Z iZbp181owrnv9r9uzp4pt1Z 10.111.126.135 iZbp18wjcayoy3u826rcpeZ iZbp18wjcayoy3u826rcpeZ 10.111.114.26 iZbp1967kgohhiwr38iwirZ iZbp1967kgohhiwr38iwirZ
tom@ubuntu:~/Desktop/3/docker2$ docker stop $(docker ps -aq) a7ffdde23269 540b166bc8d9 9e61e4b80a96 tom@ubuntu:~/Desktop/3/docker2$ docker rm $(docker ps -aq) a7ffdde23269 540b166bc8d9 9e61e4b80a96 tom@ubuntu:~/Desktop/3/docker2$ docker rmi $(docker images -q)
配置镜像加速器
针对Docker客户端版本大于 1.10.0 的用户
您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://19b12x6i.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
minikube
https://minikube.sigs.k8s.io/docs/start/
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube sudo usermod -aG docker $USER && newgrp docker
minikube start Interact with your cluster If you already have kubectl installed, you can now use it to access your shiny new cluster: kubectl get po -A Alternatively, minikube can download the appropriate version of kubectl, if you don’t mind the double-dashes in the command-line: minikube kubectl -- get po -A Initially, some services such as the storage-provisioner, may not yet be in a Running state. This is a normal condition during cluster bring-up, and will resolve itself momentarily. For additional insight into your cluster state, minikube bundles the Kubernetes Dashboard, allowing you to get easily acclimated to your new environment: minikube dashboard 4Deploy applications Create a sample deployment and expose it on port 8080: kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment hello-minikube --type=NodePort --port=8080 It may take a moment, but your deployment will soon show up when you run: kubectl get services hello-minikube The easiest way to access this service is to let minikube launch a web browser for you: minikube service hello-minikube Alternatively, use kubectl to forward the port: kubectl port-forward service/hello-minikube 7080:8080 Tada! Your application is now available at http://localhost:7080/ LoadBalancer deployments To access a LoadBalancer deployment, use the “minikube tunnel” command. Here is an example deployment: kubectl create deployment balanced --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment balanced --type=LoadBalancer --port=8080 In another window, start the tunnel to create a routable IP for the ‘balanced’ deployment: minikube tunnel To find the routable IP, run this command and examine the EXTERNAL-IP column: kubectl get services balanced Your deployment is now available at <EXTERNAL-IP>:8080 5Manage your cluster Pause Kubernetes without impacting deployed applications: minikube pause Halt the cluster: minikube stop Increase the default memory limit (requires a restart): minikube config set memory 16384 Browse the catalog of easily installed Kubernetes services: minikube addons list Create a second cluster running an older Kubernetes release: minikube start -p aged --kubernetes-version=v1.16.1 Delete all of the minikube clusters: minikube delete --all
docker批量导入镜像
ll *.image|awk '{print $NF}'|sed -r 's#(.*)#docker load -i 1#' |bash
使用一段时间Docker之后,本地会有很多的没用了的镜像,逐条手动删除很费时,所以弄个脚本批量删除,如下,删除以192.168.33.10开头的镜像名称,只要这个镜像没有被使用,会被删除。
List-1
docker images|awk '{print $1":"$2}'|grep 192.168.33.10|xargs -t docker rmi
如下若是,除了mysql、postgresql、kibana、elastic、mongo除外的没有在运行的容器会被删除,xargs的-t参数会打印出执行的命令
List-2
docker ps -a|egrep -v 'mysql|post|kiban|elas|mongo'|awk '{print $1}'|xargs -t docker rm
有些时候会有些<none>的镜像,如下List-3,可能是临时产生的,删除这种镜像,直接用List-1中的是不行的
List-3
mjduan@mjduan:/opt/tmp/images$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> fb522ae76d1c 3 days ago 993MB
<none> <none> 4966b6e23631 3 days ago 662MB
<none> <none> 3d30ff829e3d 3 days ago 738MB
<none> <none> 82d66f605ccd 3 days ago 738MB
<none> <none> 53df78f6d849 3 days ago 683MB
<none> <none> dd914a092541 3 days ago 738MB
List-4
#这种,注意awk中要用 隔开,后面的awk才能得到我们想要的$2
docker images|awk '{print $1" "$3}'|grep "<none"|awk '{print $2}'| xargs -t docker rmi
#或者下面这种
docker images|grep "<none"|awk '{print $3}'|xargs -t docker rmi
docker批量导出镜像
docker将镜像上传到仓库
使用python
import os
import subprocess
import re
if __name__ == "__main__":
# sudo docker login --username=15088694571 registry.cn-hangzhou.aliyuncs.com 987654321qwe
p = subprocess.Popen('docker images', shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
for line in p.stdout.readlines():
#print(line)
m = re.match(r'([^s]*s*)s([^s]*s)', line.decode("utf-8"))
# print(m.group(1).strip('')+""+m.group(2).strip(''))
iname = m.group(1).strip()
itag = m.group(2).strip()
tarname = iname+":"+itag
filename = iname.split("/")[-1].strip()
targetname = "registry.cn-hangzhou.aliyuncs.com/lzj123/"+filename+":"+itag
cmd = "docker tag "+tarname+" "+ targetname
print("cmd-----------------------------")
print(cmd)
os.system(cmd)
#docker tag 37bb9c63c8b2 registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816
cmd2 = "docker push "+" "+ targetname
print(cmd2)
# sudo docker push registry-vpc.cn-hangzhou.aliyuncs.com/acs/agent:0.7-dfb6816
os.system(cmd2)
print("cmd-----------------------------")
retval = p.wait()