Kubernetes 操作&Dashboard
- Category: 電腦相關
- Last Updated: Tuesday, 25 September 2018 12:03
- Published: Monday, 11 June 2018 23:13
- Written by sam
建立幾項基本應用
目前全為空
root@ubuntu134:~# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-deployment-6c64f584bf-lftmq 0/1 Terminating 0 1d
default nginx-deployment-6c64f584bf-qqzd2 0/1 Terminating 0 1d
default nginx-deployment-6c64f584bf-sfw9k 0/1 Terminating 0 1d
kube-system etcd-ubuntu134 1/1 Running 4 6d
kube-system kube-apiserver-ubuntu134 1/1 Running 13 6d
kube-system kube-controller-manager-ubuntu134 1/1 Running 11 6d
kube-system kube-dns-86f4d74b45-cqcn5 3/3 Running 18 6d
kube-system kube-flannel-ds-gpdtl 1/1 Running 2 6d
kube-system kube-flannel-ds-h9wbd 1/1 Running 2 6d
kube-system kube-flannel-ds-v88g9 1/1 Running 2 6d
kube-system kube-proxy-5vch5 1/1 Running 2 6d
kube-system kube-proxy-87w56 1/1 Running 2 6d
kube-system kube-proxy-c4b88 1/1 Running 2 6d
kube-system kube-scheduler-ubuntu134 1/1 Running 11 6d
先建立pod -nginx
root@ubuntu134:~# cat nginx-1.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
以上為3份pods、nginx版本為latest、埠號80
root@ubuntu134:~# kubectl apply -f nginx-1.yml
deployment.apps "nginx-deployment" created
root@ubuntu134:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-deployment-64ff85b579-f2ns7 1/1 Running 0 2m
nginx-deployment-64ff85b579-lgrfx 1/1 Running 0 2m
nginx-deployment-64ff85b579-r5wv4 1/1 Running 0 2m檢查一下版本,的確是目前的新版1.15
root@ubuntu134:~# curl -I 172.24.2.30
HTTP/1.1 200 OK
Server: nginx/1.15.0
Date: Mon, 11 Jun 2018 04:27:40 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 05 Jun 2018 12:00:18 GMT
Connection: keep-alive
ETag: "5b167b52-264"
Accept-Ranges: bytes
嘗試更改版本成指定1.9.7,可以見到原理是逐一替換掉機器
root@ubuntu134:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-deployment-57c77cfc9-tsv5q 0/1 ContainerCreating 0 10s
nginx-deployment-64ff85b579-f2ns7 1/1 Running 0 5m
nginx-deployment-64ff85b579-lgrfx 1/1 Running 0 5m
nginx-deployment-64ff85b579-r5wv4 1/1 Running 0 5m
驗證一下版本
root@ubuntu134:~# curl -I 172.24.2.32
HTTP/1.1 200 OK
Server: nginx/1.9.7
Date: Mon, 11 Jun 2018 04:30:49 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Nov 2015 15:43:45 GMT
Connection: keep-alive
ETag: "564b4b31-264"
Accept-Ranges: bytes
再來是pod Volume
目前kubernetes 支援了許多包括iscsi, cephfs, rbd, nfs, azureDisk, awsEBS, glusterfs
但我目前環境都沒有用到
目前使用hostPath
一樣修改yml腳本
root@ubuntu134:~# cat nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- mountPath: /test-pd
name: data
ports:
- containerPort: 80
volumes:
- name: data
hostPath:
path: /root/test
相同的是一樣是nginx腳本,埠號80,多了 volumeMounts, volumes這兩項需要指定
啟動之後驗證
Node
root@ubuntu135:~/test# pwd
/root/test
root@ubuntu135:~/test# ls
a b c
Pod
root@ubuntu134:~# kubectl exec -it nginx-deployment-6c64f584bf-9dm2d -- /bin/bash
root@nginx-deployment-6c64f584bf-9dm2d:/# ls /test-pd/
a b c
或是一行指令不用登入
root@ubuntu134:~# kubectl exec nginx-deployment-6c64f584bf-9dm2d ls /test-pd
a
b
c再作一個emptyDir
root@ubuntu134:~# cat nginx-2.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- mountPath: /cache
name: cache-volume
ports:
- containerPort: 80
volumes:
- name: cache-volume
emptyDir: {}
root@ubuntu134:/var/lib/kubelet/pods# kubectl exec nginx-deployment-6b78c845cd-6q87w ls /
bin
boot
cache
再來是建了pod,還需要service才能使用外部存取
基本上建立了pod後,只會有Cluster IP (供內網使用
先基本的NodePort
root@ubuntu134:~# cat 80service.yml
apiVersion: v1
kind: Service
metadata:
name: service-example
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 31000
type: NodePort
這個方式是在node上開port號,能指定node ip 加上埠號,即可連接上我們pod的服務
它會自動幫忙porxy到其它的主機,以輪詢的方式
驗證
root@ubuntu134:~# kubectl apply -f 80service.yml
service "service-example" created
root@ubuntu134:~# kubectl describe service service-example
Name: service-example
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"service-example","namespace":"default"},"spec":{"ports":[{"name":"http","nodeP...
Selector: app=nginx
Type: NodePort
IP: 10.100.139.209
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 31000/TCP
Endpoints: 172.24.1.28:80,172.24.1.29:80,172.24.2.35:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
root@ubuntu134:~# curl 192.168.9.134:31000
1
root@ubuntu134:~# curl 192.168.9.134:31000
2
root@ubuntu134:~# curl 192.168.9.134:31000
3大致先記錄…餘下再補
幾個常用指令記錄
檔案傳送(和scp大致相同語法
copy to
root@ubuntu134:~# kubectl cp server nginx-deployment-6b78c845cd-98hdr:/tmp
copy from
root@ubuntu134:~# kubectl cp nginx-deployment-6b78c845cd-98hdr:/tmp/server ./server-1
root@ubuntu134:~# kubectl get events
LAST SEEN FIRST SEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE
48m 6d 7 ubuntu134.1535a7723c1ea3c9 Node Warning SystemOOM kubelet, ubuntu134 System OOM encountered
48m 5d 7 ubuntu134.1535e9dac0e463d9 Node Warning ContainerGCFailed kubelet, ubuntu134 rpc error: code = DeadlineExceeded desc = context deadline exceeded
root@ubuntu134:~# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-deployment 2 2 2 2 1d
root@ubuntu134:~# kubectl get rs
NAME DESIRED CURRENT READY AGE
nginx-deployment-6b78c845cd 2 2 2 1d
root@ubuntu134:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:17:39Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
root@ubuntu134:~# kubectl -n kube-system logs -c kube-flannel kube-flannel-ds-gpdtl
I0606 07:07:37.864231 1 main.go:475] Determining IP address of default interface
I0606 07:07:38.662158 1 main.go:488] Using interface with name ens33 and address 192.168.9.135
I0606 07:07:38.662299 1 main.go:505] Defaulting external address to interface address (192.168.9.135)
I0606 07:07:41.678859 1 kube.go:131] Waiting 10m0s for node controller to sync
I0606 07:07:41.761439 1 kube.go:294] Starting kube subnet manager
I0606 07:07:42.761796 1 kube.go:138] Node controller sync successful
I0606 07:07:42.761860 1 main.go:235] Created subnet manager: Kubernetes Subnet Manager - ubuntu135
root@ubuntu134:~# kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}'
172.24.0.0/24 172.24.1.0/24 172.24.2.0/24
Dashboard
root@ubuntu134:~# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-deployment-6b78c845cd-98hdr 1/1 Running 0 1d
default nginx-deployment-6b78c845cd-m8hbd 1/1 Running 0 1d
kube-system etcd-ubuntu134 1/1 Running 4 8d
kube-system kube-apiserver-ubuntu134 1/1 Running 15 8d
kube-system kube-controller-manager-ubuntu134 1/1 Running 13 8d
kube-system kube-dns-86f4d74b45-cqcn5 3/3 Running 18 8d
kube-system kube-flannel-ds-gpdtl 1/1 Running 2 8d
kube-system kube-flannel-ds-h9wbd 1/1 Running 2 8d
kube-system kube-flannel-ds-v88g9 1/1 Running 2 8d
kube-system kube-proxy-5vch5 1/1 Running 2 8d
kube-system kube-proxy-87w56 1/1 Running 2 8d
kube-system kube-proxy-c4b88 1/1 Running 2 8d
kube-system kube-scheduler-ubuntu134 1/1 Running 13 8d
目前未有Dashboard
wget 目的是要修改內部設定為我們之前說的NodePort,這樣方便別的網段主機訪問
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
root@ubuntu134:~# vi kubernetes-dashboard.yaml
root@ubuntu134:~# kubectl apply -f kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
root@ubuntu134:~# kubectl -n kube-system get svc kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.100.150.9 <none> 443:32000/TCP 40s開browser
開帳號Service Account
root@ubuntu134:~# cat sam-kubeconfig.yml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: sam
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: sam
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sam
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcileroot@ubuntu134:~# kubectl -n kube-system get secret|grep sam-token
sam-token-g7d86 kubernetes.io/service-account-token 3 23s
root@ubuntu134:~# kubectl -n kube-system describe secret sam-token-g7d86
Name: sam-token-g7d86
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=sam
kubernetes.io/service-account.uid=72ec7933-6f7a-11e8-b9f6-000c29f79c07
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: 長長一串
ca.crt: 1025 bytes
namespace: 11 bytes
再於登錄畫面中選擇token登入,並貼上即可,或是加到kubeconfig裡,以另一個方式驗證
###20180925###
root@ubuntu134:~/dashboard# cat dashboard-controller.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccountName: dashboard
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
ports:
- containerPort: 9090
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
root@ubuntu134:~/dashboard# cat dashboard-rbac.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
root@ubuntu134:~/dashboard# cat dashboard-service.yml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 80
targetPort: 9090