什么是 deployment
deployment 是对 pods 和 ReplicaSet 的定义,定义了 pods 和 ReplicaSet 的定义和实现形式等。
如下为 deployment 的定义
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: apps
`/v1`
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.12.2
ports:
- containerPort: 80
metadata 指明了服务名为 nginx-deployment, 标签为 nginx,
spec 指定了 pod 的正本为 3 个,每个 pod 容器镜像为 ngix:1.12.2, 容器端暴漏的端口为 80
接下来咱们启动 deployment
1
kubectl create -f deployment_nginx.yml
会显示:”nginx-deployment deployment has been created”
咱们执行
1
kubectl get deployment
查看 deployment 状态
1
2
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-deployment 3 3 3 3 9s
能够看到 deployment 启动了三个 pod,并且三个 pod 都是可用的。
1
kubectl get rs
能够看到 ReplicaSet 的状态为启动了 3 个 pod,都是就绪状态
接下来能够查看下 pod
1
kubectl get pods
显示 deployment 详细信息
1
kubectl get deployment -o wide
咱们也能够更新 deployment 的 image
1
kubectl
set
image deployment nginx-deployment nginx=nginx:1.1.13
咱们能够回滚 deployment 版本
1
kubectl rollout undo deployment nginx-deployment
查看 deployment 的历史信息
1
kubectl rollout
history
deployment nginx-deployment
将 deployment 服务裸露进来
1
kubectl expose deployment nginx-deployment --
`type`=NodePort
终端会提醒服务曾经裸露进来
1
service nginx-deployment exposed
咱们接下来查看下 service 信息
1
kubectl get svc
会显示服务映射的端口和地址
装置 kubeadm
基于 ubuntu 配置 k8s 环境
1
hostnamectl
set
`-`hostname
k8s-master
设置好后能够查看下咱们的配置
1
tail
/etc/hosts
查看防火墙状态
1
sudo
apt-get
install
ufw
敞开长期分区
1
swapoff -a
更新 https
1
apt-get update && apt-get
install
-y apt-transport-https
获取 gpg
1
curl -fsSL https:
`//mirrors.aliyun.com
/kubernetes/apt/doc/apt-key`.gpg | apt-key add -
新增源
1
add-apt-repository
"deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"
更新 apt
1
apt-get update
查看 1.15 最新版本
1
apt-cache madison kubelet kubectl kubeadm |
`grep
‘1.15.4-00’
//` 查看 1.15 的最新版本
装置指定版本的工具
1
apt
install
-y kubelet=1.15.4-00 kubectl=1.15.4-00 kubeadm=1.15.4-00
//
` 装置指定的版本 `
kubelet 禁用 swap
1
2
3
4
5
tee
/etc/default/kubelet
<<-
`’EOF’`
KUBELET_EXTRA_ARGS=
`”–fail-swap-on=false”`
EOF
systemctl daemon-reload && systemctl restart kubelet
初始化 k8s
1
2
3
4
5
kubeadm init
--kubernetes-version=v1.15.4
--image-repository registry.aliyuncs.com
`/google_containers
`
--pod-network-cidr=10.24.0.0
`/16
`
--ignore-preflight-errors=Swap
在以后账户下执行,kubectl 配置调用
1
2
3
mkdir
-p $HOME/.kube
cp
-i
/etc/kubernetes/admin
`.conf $HOME/.kube`/config
chown
$(
`id
-u):$(id` `-g) $HOME/.kube
/config`
应用 fannel 的 overlay 网络实现多节点 pod 通信
1
kubectl apply -f https:
`//raw.githubusercontent.com
/coreos/flannel/master/Documentation/kube-flannel`.yml
查看 pods 信息
1
kubectl get pods -A
配置 dashboard
1
kubectl apply -f https:
`//raw.githubusercontent.com
/kubernetes/dashboard/v2.0.0-beta4
/aio/deploy/recommended`.yaml
配置后查看 pod 信息
1
get pods -A
查看 namespaces 信息
1
kubectl get namespaces
能够查看所有的 namespaces 信息
设置好网络模式后,接下来查看下 apiserver 裸露的地址
1
kubectl cluster-info
显示如下
1
2
3
4
5
Kubernetes master is running at https:
`//172`.17.0.9:6443
Heapster is running at https:
`//172.17.0.9:6443
/api/v1/namespaces/kube-system/services/heapster/proxy`
KubeDNS is running at https:
`//172.17.0.9:6443
/api/v1/namespaces/kube-system/services/kube-dns:dns
/proxy`
monitoring-grafana is running at https:
`//172.17.0.9:6443
/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy`
monitoring-influxdb is running at https:
`//172.17.0.9:6443
/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy`
如果外网拜访,换成外网地址就行了。
我本人 dashboard 的拜访地址:
1
https:
`//81.68.86.146:6443
/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:
/proxy/`
因为拜访 dashboard 须要权限
1. 创立服务账号
首先创立一个叫 admin-user 的服务账号,并放在 kube-system 名称空间下:
1
2
3
4
5
6
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
执行 kubectl create 命令:
1
kubectl create -f admin-user.yaml
2. 绑定角色
默认状况下,kubeadm 创立集群时曾经创立了 admin 角色,咱们间接绑定即可:
1
2
3
4
5
6
7
8
9
10
11
12
13
# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io
`/v1beta1`
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
执行 kubectl create 命令:
1
kubectl create -f admin-user-role-binding.yaml
3. 获取 Token
当初咱们须要找到新创建的用户的 Token,以便用来登录 dashboard:
1
2
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret |
grep
admin-user |
awk
'{print $
1}')
4 制作证书
k8s 默认启动了证书验证,咱们创立证书
1
2
3
4
5
6
# 生成 client-certificate-data
grep
'client-certificate-data'
~/.kube
`/config
|
head
-n 1 |
awk
‘{print $2}’
|
base64
-d >> kubecfg.crt`
# 生成 client-key-data
grep
'client-key-data'
~/.kube
`/config
|
head
-n 1 |
awk
‘{print $2}’
|
base64
-d >> kubecfg.key`
# 生成 p12
openssl pkcs12 -
`export
-clcerts -inkey kubecfg.key –`in
kubecfg.crt -out kubecfg.p12 -name
"kubernetes-client"
而后咱们将 kubecfg.p12 copy 到 windows 双击装置证书即可。
而后 chrome 关上地址:
1
https:
`//81.68.86.146:6443
/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:
/proxy/`
单节点 k8s, 默认 pod 不被调度在 master 节点, 须要设置去污点
1
kubectl taint nodes --all node-role.kubernetes.io
`/master-
//` 去污点,master 节点能够被调度
输入如下
1
node
`/k8s-master
untainted`
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…
https://github.com/threebb10/…
https://www.github.com/threeb…
http://github.com/threebb10/w…