简介#
Kubernetes 是一个可移植,扩展的开源容器,服务管理平台,可以通过声明式配置文件自动部署,扩容缩容。
- 传统部署
传统部署无法定义资源边界,当多个应用同时部署在一台物理机器上时,有的应用可能会占用绝大的系统资源
- 虚拟化部署
虚拟化部署通过虚拟机将不同的应用隔离开来,但是应用之间互相访问的难度增加
- 容器化部署
容器化部署相比与虚拟化部署量级更轻,可以移植在云或者其他OS上
安装 Kubernetes#
安装kubernetes之前确保你已经安装了相关的依赖,kubernetes是一个容器管理平台
安装Docker
https://docs.docker.com/install安装 minikube
curl -Lo minikube http://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.3.0/minikube-darwin-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube启动 kubernetes
--vm-driver: hyperkit/virtualbox/none
minikube start --vm-driver=virtualbox --registry-mirror=https://dockerhub.azk8s.cn --memory=4096 disk-size=60000MB --mount --mount-string=/Users/jet/kubernetes/:/data/kubernetes --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
使用--vm-driver=none直接使用宿主机安装
minikube start --vm-driver=hyperkit --registry-mirror=https://dockerhub.azk8s.cn --memory=8192? --cpus=4 disk-size=60000MB --mount --mount-string=/Users/jet/kubernetes/:/data/kubernetes --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers集群安装#
Download KubeSphere to your Linux machine, move to the KubeSphere directory. For example, if the created directory is kubesphere-all-v2.1.1:
$ curl -L https://kubesphere.io/download/stable/latest > installer.tar.gz
$ tar -xzf installer.tar.gz
$ cd kubesphere-all-v2.1.1/scripts使用密码demo1/Demo123登录preview url
Kubernetes 对象#
- Pods#Pod是一个封装了应用的容器,包括了应用所需要的存储,网络IP和其他运行所需要的一切资源,是Kubernetes中一个最小的执行单元
- Deployments#Deployment控制器可以通过声明更新Pods和备份。可以通过Deployment控制器切换其状态,也可以定义新的副本集合
- Services#将一系列Pod暴露给外部作为一个服务,kubernetes为Pod分配了IP和DNS,可以通过他们来实现负载均衡
Kubernetes 集群#
Kubernetes集群包括了一系列的物理和虚拟机节点,这些节点包括分为两类,包括master节点和Node节点
- Master#
Master 节点维护着kubernetes集群状态,kubectl就是通过与Master节点的交互获取到Pod,Deployment,Service的信息
- Node#
Node 节点用来运行容器应用
部署一个Nginx服务#
部署有两种方式,一种是通过命令行按Pod,Deployment,Service按顺序部署,也可以通过yaml文件根据文件一次性部署
- 第一种方式
创建Pod
kubectl create pod nginx --image=nginx 创建Deployment
kubectl create deployment nginx上述两条命令等于
kubectl run nginx --image=nginx --port=80创建service
kubectl expose deployment nginx --port=80 --type=NodePort获取磁盘列表
kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-0ed527f4-7e74-4a1d-9bed-52db1d4ffc36 8Gi RWO Delete Terminating development/data-zookeeper-0 standard 11h
pvc-d9e60428-0559-4885-8cf5-57389307ad52 8Gi RWO Delete Bound development/data-redis-kafka-0 standard 11h
pvc-ead7dc2c-4bb5-45a1-b2b5-38f18ba7f5e7 8Gi RWO Delete Bound development/data-redis-zookeeper-0 standard 11h
pvc-f12fd689-8216-453b-b7be-08ae2fdec863 10Gi RWO Delete Terminating default/data-eerie-rodent-redis-ha-server-0 standard 12h
pvc-f3827108-df93-4bec-a15e-13073fa088a7 8Gi RWO Delete Terminating development/data-kafka-zookeeper-0 standard 11h
pvc-fa387209-36c7-4225-ba61-b240723dc3c3 8Gi RWO Delete Terminating development/data-kafka-0 standard 11h
创建磁盘
kubectl delete pv pvc-0ed527f4-7e74-4a1d-9bed-52db1d4ffc36- 第二种方式
创建nginx-deployment.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx-service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
nodePort: 30000
protocol: TCP
type: NodePort
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2 # tells deployment to run 2 pods matching the template
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80通过配置文件部署
kubectl apply -f nginx-deployment.yaml部署完成后可以在dashboard中查看相关的Pod,Deployment以及Service
如何访问服务#
查看集群信息
kubectl cluster-info
Kubernetes master is running at https://192.168.99.101:8443
KubeDNS is running at https://192.168.99.101:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.此时发现kubernetes的master ip 192.168.99.101地址与Nginx服务集群ip地址10.101.230.215 不在同一地址段,此时你无法通过Nginx ip地址直接访问Nginx服务
- 查看service列表
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d2h
nginx NodePort 10.101.230.215 <none> 80:31248/TCP 20h- 查看service 访问地址
minikube service nginx
|-----------|-------|-----------------------------|
| NAMESPACE | NAME | URL |
|-----------|-------|-----------------------------|
| default | nginx | http://192.168.99.101:31248 |
|-----------|-------|-----------------------------|
Opening kubernetes service default/nginx in default browser...还有一种方式可以通过kubectl的端口映射,将宿主机端口映射到服务地址端口也可以达到相同的效果
# nginx-7c45b84548-ws9c9 nginx 服务名
kubectl port-forward nginx-7c45b84548-ws9c9 9090:80
Forwarding from 127.0.0.1:9090 -> 80
Forwarding from [::1]:9090 -> 80创建用户#
- 生成证书
openssl genrsa -out jetqin.key 2048
openssl req -new -key jetqin.key -out jetqin.csr -subj "/CN=jetqin/O=dev"\n
cat jetqin.csr | base64 | tr -d '\n'- 根据kubernete cluster证书签名生成一个csr文件
openssl x509 -req \
-in jetqin.csr \
-CA ~/.minikube/ca.crt\
-CAkey ~/.minikube/ca.key\
-CAcreateserial \
-out jetqin.crt \
-days 500- 添加user
kubectl config set-credentials jetqin \
--client-certificate=jetqin.csr \
--client-key=jetqin.key- 创建证书签名请求
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: jetqin-csr
spec:
request: $(cat jetqin.csr | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- server auth
EOF
kubectl get csr- 批准证书签名请求
kubectl certificate approve jetqin-csr- 检查创建用户权限
kubectl auth can-i list pods --namespace ns-test --as jetqin- 创建角色
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: ns-test
name: ns-reader
rules:
- apiGroups: [""]
resources: ["pods", "services", "nodes"]
verbs: ["get","watch","list"]
EOF- 创建角色绑定
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: ns-test
subjects:
- kind: User
name: jetqin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: ns-reader
apiGroup: rbac.authorization.k8s.io
EOF- 添加context
kubectl config set-context dev-context \
--cluster=minikube \
--namespace=default \
--user=jetqin
kubectl config use-context dev-context
kubectl config current-context
本文暂时没有评论,来添加一个吧(●'◡'●)