k8s学习
常用命令
k8s yaml文件名词释义及yaml模板
k8s部署及安装gitlab,jenkins,helm,nginx
使用Rancher快速搭建K8S
使用kubeadm快速搭建K8S
kubernetes-1.20 ingress-nginx 配置案例
k8s部署mysql案例,学习资源类型(nfs、pv、pvc、configmap、secret)
k8s参考网站
helm安装部署mysql
-
+
首页
k8s部署及安装gitlab,jenkins,helm,nginx
# 1、基本环境 ```shell systemctl stop firewalld && systemctl disable firewalld sed -i 's/enforcing/disabled/g' /etc/selinux/config; setenforce 0 ``` # 2、安装docker #安装必要的一些系统工具 ```shell sudo yum install -y yum-utils device-mapper-persistent-data lvm2 ``` #添加软件源信息 ```shell sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo ``` #更新并安装 Docker-CE ```shell sudo yum makecache fast sudo yum -y install docker-ce 或 curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun ``` 可选 #添加当前用户到docker组中允许普通用户运行docker命令,此步需要登出linux环境重新再登录方能生效 ```shell sudo usermod -aG docker $USER ``` #添加开机启动 ```shell sudo systemctl enable docker.service ``` #启动docker ```shell sudo systemctl start docker.service ``` #查看docker版本 ```shell docker version ``` 修改配置 ``` #修改docker启动方式为system启动 #修改docker数据路径 #增加docker加速站为清华大学加速站 vim /etc/docker/daemon.json { "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"], "exec-opts": ["native.cgroupdriver=systemd"], "graph" : "/data/docker" } systemctl daemon-reload systemctl restart docker ``` #验证docker环境是否能运行镜像 ```shell docker run hello-world ``` # 3、安装k8s #添加kubernetes源 ```shell #arm架构 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg exclude=kube* EOF #x86架构 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF ``` 加载源 ``` 执行yum clean all清除原有yum缓存。 执行yum makecache(刷新缓存)或者yum repolist all(查看所有配置可以使用的文件,会自动刷新缓存)。 ``` ``` #master、node加入etc/hosts vim /etc/hosts {ip1} master {ip2} node1 ``` #安装kubelet kubeadm kubectl ```shell #yum install -y kubelet kubeadm kubectl #k8s 1.24之后有调整,建议1.24之前版本, yum --showduplicates list kubelet #yum install -y kubelet-1.23.1-0 kubelet-1.23.1-0 kubeadm-1.23.1-0 ``` #配置内核参数 ```shell cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system sysctl -w net.ipv4.ip_forward=1 swapoff -a #关闭swap sed -ri 's/.*swap.*/#&/' /etc/fstab #永久关闭swap ``` #初始化master节点 ```shell systemctl enable kubelet.service systemctl start kubelet.service kubeadm init --kubernetes-version=v1.23.1 --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 ``` #–pod-network-cidr:选择一个 Pod 网络插件,并检查是否在 kubeadm 初始化过程中需要传入什么参数。这个取决于您选择的网络插件,您可能需要设置 --Pod-network-cidr 来指定网络驱动的CIDR。Kubernetes 支持多种网络方案,而且不同网络方案对 --pod-network-cidr有自己的要求,flannel设置为 10.244.0.0/16,calico设置为192.168.0.0/16 #–image-repository:Kubenetes默认Registries地址是k8s.gcr.io,国内无法访问,在1.13版本后可以增加–image-repository参数,将其指定为可访问的镜像地址,这里使用registry.aliyuncs.com/google_containers。 #配置 kubectl ```shell mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` ``` #node加入master集群命令 kubeadm token create --print-join-command #举例 kubeadm join 192.168.0.104:6443 --token 4ual51.gbgeu5r5ujfj17mr \ --discovery-token-ca-cert-hash sha256:14c2a981f770ec06c8ee68cb00b15ac0a799b89d1ddbca33b98da5e8d199b5c9 ``` **calico.yaml** [【附件】calico.yaml](/media/attachment/2022/05/calico.yaml) #安装flannel网络插件 ```shell #下面两个命令二选一 kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=v1.19.3 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` [【附件】flannel.yaml](/media/attachment/2022/05/flannel.yaml) #允许master节点调度 ``` kubectl taint nodes --all node-role.kubernetes.io/master- ``` #查看master节点状态为Ready ```shell #可能容器才创建,创建到运行需要时间,建议上述命令执行后,过几秒后查 kubectl get nodes kubectl -n kube-system get pods ``` 至此,Kubernetes 的 Master 节点就部署完成了。如果只需要一个单节点的 Kubernetes,现在你就可以使用了。部署参考:https://blog.csdn.net/networken/article/details/84991940 ``` #k8s命令补全 yum -y install bash-completion source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc ``` ``` #解决node节点加入集群失败,Node节点出现这个报错:The connection to the server localhost:8080 was refused - did you specify the ri 解决如下: 1、#在Master节点运行下面命令将admin.conf文件拷贝到从节点: sudo scp /etc/kubernetes/admin.conf root@{node_ip}:~ 2、#在Node节点运行下面命令配置环境变量: export KUBECONFIG=$HOME/admin.conf ``` # 4、部署rancher并导入k8s #rancher安装 ```shell docker pull rancher/rancher:stable docker run -d --restart=unless-stopped --name rancher-server -v /data/rancher/:/var/lib/rancher/ -p 8088:80 -p 8443:443 --privileged rancher/rancher:stable ``` #页面访问 ![](/media/202302//1677051583.6106274.png) #设置初始密码 ``` #查密码 docker logs container-id 2>&1 | grep "Bootstrap Password:" [root@localhost /]# docker logs 7a808eb955ac 2>&1 | grep "Bootstrap Password:" 2022/03/13 13:28:53 [INFO] Bootstrap Password: qst8b2ld7t5fgnt9bvl644ccfgznln8srkvxfqpcv7bpwr5nbd9h79 [root@localhost /]# ``` 登陆到`k8s Master`主机 ``` curl --insecure -sfL https://172.16.215.133/v3/import/jtlznlcjmdvp9rtvgk75mzzqxsw8bwfwhld7hwrgbcxt5vvjxc64cp_c-8kxk5.yaml | kubectl apply -f - ``` 一些k8s命令 查看所有pod ``` kubectl get pods --all-namespaces -o wide ``` 查看某个pod日志 ``` kubectl logs cattle-cluster-agent-65b74b775c-b2q5l -n cattle-system ``` k8s删除pod方式 `# 获取pod` ``` kubectl get pods -n cattle-system ``` `# 删除pod ` ``` kubectl delete pod cattle-cluster-agent-6d9b5d97b9-fspbr -n cattle-system ``` `# 获取deployment ` ``` kubectl get deployment -n cattle-system ``` `# 删除deployment ` ``` kubectl delete deployment cattle-cluster-agent -n cattle-system ``` # 5、基于k8s部署gitlab `# 创建命名空间gitlab` ```shell kubectl create namespace gitlab ``` `# 编辑gitlab_depoyment.yaml` ```shell vim gitlab_delpoyment.yaml ``` ```yaml apiVersion: apps/v1 kind: Deployment metadata: namespace: gitlab name: gitlab-deployment spec: selector: matchLabels: app: gitlab template: metadata: labels: app: gitlab spec: containers: - name: gitlab image: gitlab/gitlab-ce:14.0.7-ce.0 #镜像名称 ports: - containerPort: 80 ``` `# 执行` ```shell kubectl apply -f gitlab_delpoyment.yaml ``` #部署service ```shell vim gitlab_service.yaml ``` ```yaml apiVersion: v1 kind: Service metadata: namespace: gitlab name: gitlab-service spec: selector: app: gitlab type: NodePort ports: - protocol: TCP port: 80 targetPort: 80 nodePort: 30880 ``` ```shell kubectl apply -f gitlab_service.yaml ``` # 6、安装helm ```shell wget https://get.helm.sh/helm-v3.4.0-linux-amd64.tar.gz tar fx helm-v3.4.0-linux-amd64.tar.gz cp linux-amd64/helm /usr/local/bin helm version ``` # 7、安装harbor ```shell #安装harbor kubectl create namespace harbor wget https://github.com/goharbor/harbor-helm/archive/v1.5.0.tar.gz tar fx v1.5.0.tar.gz cd harbor-helm-1.5.0/ #创建证书 mkdir harbor cd harbor # 获得证书 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt # 生成证书签名请求 openssl req -newkey rsa:4096 -nodes -sha256 -keyout tls.key -out tls.csr # 生成证书 openssl x509 -req -days 3650 -in tls.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt #harbor-harbor-ingress为secret名字 kubectl create secret generic harbor-harbor-ingress --from-file=tls.crt --from-file=tls.key --from-file=ca.crt -n harbor #查看证书过期时间 openssl x509 -in ca.crt -noout -dates kubectl get secrets/harbor-harbor-ingress -n harbor -o jsonpath="{.data.ca\.crt}" | base64 --decode -----BEGIN CERTIFICATE----- MIIC9DCCAdygAwIBAgIQS7zjdWHqFMC7RsAd3jYT/DANBgkqhkiG9w0BAQsFADAU MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjAxMDI4MDc1MDAwWhcNMjExMDI4MDc1 MDAwWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCuu51lc9wZ2n1cXjn36cyNsUgZmDBJbJ9GMBjNHXa7ctEZQJdo cMhFr315qxteeeZicNgnmlf00ETz6q9mRSXvfezY82yBdsYz2ZeLLcHfLdl5yu7J RCSwTOAvOGPUvZIkkCU4L/2WCsfZrHLLMzQTnrT2LVYyzI9QkZMW2biafjfPdAC3 XVY+FPd6jUYpLXb5pEKuRusFTJWSP4Lu6Jw1f+ZwgMhyRWVmDVZlBPtcX8s108Fb R097n3bvZ4YujM4HYTZ8dEKdj5jwxbNWntMLNYPkK7lgxWuwZJ0tzuWGZQI0qQzg s9DFnetUeUnbMZ0F65iKaQW1CEBO+UajPyQDAgMBAAGjQjBAMA4GA1UdDwEB/wQE AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAK6ii5qshCaUednjcvOieHoCu1CsCIURK D6Zq5RoCdvU0v70s9fK5XohYMjw5InwYEYSTB05H2kbePjk+D4BgRmmg7Svc6Dr0 rsRfFCkG+cQFQ6/lf5flerAGCHGIsxJ2MLSG5P5s81wOPMRtwSF2bhZIcvjchPZE 1ExCQFeRkqgEP1zy3++XW5BL77k8pR0uK2NI16VM6GzT4IR7lEfrlYgjGEPjWma+ ZxL5UprZofuxkfiFzTcEUHqvmwMZo2Iwros5ARPtJikbeHn7BbSMBX2U4HOqHih9 6661XWyZAhdCC2NlPYeF+1Bd7rRLWyH7MU5BDVodvX7WesXmmbkFsg== -----END CERTIFICATE----- #创建证书 mkdir -pv /etc/docker/certs.d/core.harbor.domain/ cat <<EOF > /etc/docker/certs.d/core.harbor.domain/ca.crt -----BEGIN CERTIFICATE----- MIIC9DCCAdygAwIBAgIQS7zjdWHqFMC7RsAd3jYT/DANBgkqhkiG9w0BAQsFADAU MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjAxMDI4MDc1MDAwWhcNMjExMDI4MDc1 MDAwWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCuu51lc9wZ2n1cXjn36cyNsUgZmDBJbJ9GMBjNHXa7ctEZQJdo cMhFr315qxteeeZicNgnmlf00ETz6q9mRSXvfezY82yBdsYz2ZeLLcHfLdl5yu7J RCSwTOAvOGPUvZIkkCU4L/2WCsfZrHLLMzQTnrT2LVYyzI9QkZMW2biafjfPdAC3 XVY+FPd6jUYpLXb5pEKuRusFTJWSP4Lu6Jw1f+ZwgMhyRWVmDVZlBPtcX8s108Fb R097n3bvZ4YujM4HYTZ8dEKdj5jwxbNWntMLNYPkK7lgxWuwZJ0tzuWGZQI0qQzg s9DFnetUeUnbMZ0F65iKaQW1CEBO+UajPyQDAgMBAAGjQjBAMA4GA1UdDwEB/wQE AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAK6ii5qshCaUednjcvOieHoCu1CsCIURK D6Zq5RoCdvU0v70s9fK5XohYMjw5InwYEYSTB05H2kbePjk+D4BgRmmg7Svc6Dr0 rsRfFCkG+cQFQ6/lf5flerAGCHGIsxJ2MLSG5P5s81wOPMRtwSF2bhZIcvjchPZE 1ExCQFeRkqgEP1zy3++XW5BL77k8pR0uK2NI16VM6GzT4IR7lEfrlYgjGEPjWma+ ZxL5UprZofuxkfiFzTcEUHqvmwMZo2Iwros5ARPtJikbeHn7BbSMBX2U4HOqHih9 6661XWyZAhdCC2NlPYeF+1Bd7rRLWyH7MU5BDVodvX7WesXmmbkFsg== -----END CERTIFICATE----- EOF #添加6个可持久化卷 yum install nfs-utils -y systemctl start nfs chkconfig nfs on cat <<EOF > /etc/exports /data/harbor/data01 192.168.0.0/24(rw,no_root_squash) /data/harbor/data02 192.168.0.0/24(rw,no_root_squash) /data/harbor/data03 192.168.0.0/24(rw,no_root_squash) /data/harbor/data04 192.168.0.0/24(rw,no_root_squash) /data/harbor/data05 192.168.0.0/24(rw,no_root_squash) /data/harbor/data06 192.168.0.0/24(rw,no_root_squash) EOF mkdir -p /data/harbor/data0{1..6} exportfs -arv systemctl restart nfs chmod 777 /data/harbor/* #脚本创建pv和pvc #cat <<EOF | kubectl create -f - for i in {1..6}; do cat <<EOF > /data/harbor/data0${i}.yaml apiVersion: v1 kind: PersistentVolume metadata: name: harbor-data0${i} spec: capacity: storage: 2Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Delete nfs: path: /data/harbor/data0${i} server: 192.168.0.104 #本地IP地址 --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: harbor-data0${i} namespace: harbor spec: accessModes: - ReadWriteMany resources: requests: storage: 2Gi EOF done ``` ```shell #修改values.yaml [root@ecs-50b0 harbor-helm-1.5.0]# diff values.yaml values1.yaml 5c5 < type: nodePort --- > type: ingress 18,19c18,19 < # tls certificatcore.harbor.domaine is configured in the ingress controller, choose this option < certSource: secret --- > # tls certificate is configured in the ingress controller, choose this option > certSource: auto 28c28 < secretName: "harbor-harbor-ingress" --- > secretName: "" 36c36 < core: core.harbor.domain --- > core: core.harbor.domain 108c108 < externalURL: https://119.13.83.82:30003 --- > externalURL: https://core.harbor.domain 197c197 < existingClaim: "harbor-data01" --- > existingClaim: "" 206c206 < existingClaim: "harbor-data02" --- > existingClaim: "" 212c212 < existingClaim: "harbor-data03" --- > existingClaim: "" 220c220 < existingClaim: "harbor-data04" --- > existingClaim: "" 228c228 < existingClaim: "harbor-data05" --- > existingClaim: "" 234c234 < existingClaim: "harbor-data06" --- > existingClaim: "" #安装harbor helm install harbor --debug --namespace harbor . #卸载harbor helm uninstall harbor --debug --namespace harbor ``` # 8、Jenkins 创建Jenkins-k8s命令空间 ```shell kubectl create namespace jenkins-k8s ``` 配置Jenkins的nfs共享存储目录 ``` mkdir -p /data/jenkins vim /etc/exports /data/jenkins *(rw,no_root_squash) exportfs -arv systemctl restart nfs ``` 创建pv和pvc的yaml文件 ```shell mkdir jenkins && cd jenkins ``` ```shell cat <<EOF > jenkins-pv.yaml apiVersion: v1 kind: PersistentVolume metadata: name: jenkins-k8s-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteMany nfs: server: 192.168.0.104 path: /data/jenkins --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: jenkins-k8s-pvc namespace: jenkins-k8s spec: resources: requests: storage: 10Gi accessModes: - ReadWriteMany EOF done ``` 创建Jenkins-deployment.yaml ```shell cat <<EOF > jenkins-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: jenkins namespace: jenkins-k8s spec: replicas: 1 selector: matchLabels: app: jenkins template: metadata: labels: app: jenkins spec: serviceAccount: jenkins-k8s-sa containers: - name: jenkins image: jenkins/jenkins:centos7 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: web protocol: TCP - containerPort: 50000 name: agent protocol: TCP resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 60 timeoutSeconds: 5 failureThreshold: 12 volumeMounts: - name: jenkins-volume subPath: jenkins-home mountPath: /var/jenkins_home volumes: - name: jenkins-volume persistentVolumeClaim: claimName: jenkins-k8s-pvc EOF done ``` 创建Jenkins-service.yaml ```shell cat <<EOF > jenkins-service.yaml apiVersion: v1 kind: Service metadata: name: jenkins-service namespace: jenkins-k8s labels: app: jenkins spec: selector: app: jenkins type: NodePort ports: - name: web port: 8080 targetPort: web nodePort: 30001 - name: agent port: 50000 targetPort: agent EOF done ``` 运行yaml文件 ``` kubectl apply -f jenkins-pv.yaml kubectl apply -f jenkins-deployment.yaml kubectl apply -f jenkins-service.yaml ``` **查看 Jenkins Pod 启动日志** ```javascript kubectl logs $(kubectl get pods -n jenkins-k8s | awk '{print $1}' | grep jenkins) -n jenkins-k8s ```
admin
2023年2月22日 15:39
转发文档
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
Markdown文件
分享
链接
类型
密码
更新密码