Open WangShuXian6 opened 5 years ago
1 node(s) had taints that the pod didn't tolerate
默认 k8s 不允许往 master 节点装东西,强行设置下允许:
kubectl taint nodes --all node-role.kubernetes.io/master-
/proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 700 get_helm.sh
$ ./get_helm.sh
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash
helm version验证
helm completion bash > .helmrc
echo "source .helmrc" >> .bashrc
source .bashrc
Tab键补全helm子命令和参数了
helm init
为了便于将集群中的服务暴露到集群外部,需要使用Ingress。
接下来使用Helm将Nginx Ingress部署到Kubernetes上。
Nginx Ingress Controller被部署在Kubernetes的边缘节点上
kubectl label node node1 node-role.kubernetes.io/edge=
stable/nginx-ingress chart
的值文件ingress-nginx.yaml
controller:
replicaCount: 1
hostNetwork: true
nodeSelector:
node-role.kubernetes.io/edge: ''
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx-ingress
- key: component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: PreferNoSchedule
defaultBackend:
nodeSelector:
node-role.kubernetes.io/edge: ''
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: PreferNoSchedule
nginx ingress controller的副本数replicaCount为1,将被调度到node1这个边缘节点上。这里并没有指定nginx ingress controller service的externalIPs,而是通过hostNetwork: true设置nginx ingress controller使用宿主机网络
helm install stable/nginx-ingress \
-n nginx-ingress \
--namespace ingress-nginx \
-f ingress-nginx.yaml
kubectl get pod -n ingress-nginx -o wide
如果访问
http://192.168.99.11
返回default backend
,则部署完成。
kubernetes-dashboard.yaml:
image:
repository: k8s.gcr.io/kubernetes-dashboard-amd64
tag: v1.10.1
ingress:
enabled: true
hosts:
- k8s.xxx.com
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
tls:
- secretName: frognew-com-tls-secret
hosts:
- k8s.xxx.com
nodeSelector:
node-role.kubernetes.io/edge: ''
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: PreferNoSchedule
rbac:
clusterAdminRole: true
helm install stable/kubernetes-dashboard \
-n kubernetes-dashboard \
--namespace kube-system \
-f kubernetes-dashboard.yaml
kubectl -n kube-system get secret | grep kubernetes-dashboard-token
kubernetes-dashboard-token-pkm2s kubernetes.io/service-account-token 3 3m7s
kubectl describe -n kube-system secret/kubernetes-dashboard-token-pkm2s
k8s.xxx.com
为二级域名,在域名解析服务添加解析即可重新部署之前先删除
helm del --purge kubernetes-dashboard
https://github.com/kubernetes/ingress-nginx
https://kubernetes.github.io/ingress-nginx/
它围绕Kubernetes Ingress资源构建,使用ConfigMap存储NGINX配置
目标是组装配置文件(nginx.conf)
在任何配置文件发生更改后重新加载NGINX。
不会在仅影响upstream配置的更改上重新加载Nginx (即在部署应用程序时端点更改)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
裸机安装 服务 【LB模式 配合MetalLB】【NodePort 模式修改type即可】
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
apiVersion: extensions/v1
kind: Ingress
metadata:
name: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
namespace: default
spec:
rules:
- host: nginx.xxx.cn
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /?(.*)
apiVersion: extensions/v1
kind: Ingress
metadata:
name: ingress-mshk-top
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
namespace: default
spec:
rules:
- host: a.xxx.cn
http:
paths:
- backend:
serviceName: whoami-svc
servicePort: 80
path: /?(.*)
- host: b.xxx.cn
http:
paths:
- path: /whoami/?(.*)
backend:
serviceName: whoami-svc
servicePort: 80
- path: /nginx/?(.*)
backend:
serviceName: nginx-svc
servicePort: 80
kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.8.3/manifests/metallb.yaml
或者
helm install --name metallb stable/metallb
kubectl get pod -n metallb-system -o wide
kubectl get daemonset -n metallb-system
创建config.yaml提供IP池
wget https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/example-layer2-config.yaml
修改ip地址池和集群节点网段相同
kubectl apply -f example-layer2-config.yaml
example-layer2-config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: config
namespace: metallb-system
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.0.10-192.168.0.100
注意,地址池为真实物理节点的公网ip,必须为 xx.xxx.xx.xx-xx.xx.xx.xx 形式
若只有一个物理节点,即只有一个公网ip,则地址池为 例子:1.1.1.1-1.1.1.1
wget https://raw.githubusercontent.com/google/metallb/master/manifests/tutorial-2.yaml
将 apiVersion 版本修复为 v1 ,测试版已废弃
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
kubectl apply -f tutorial-2.yaml
kubectl get service
Kubernetes 安装
安装 docker
禁用SELinux
禁用防火墙
在Yum仓库中添加Kubernetes
安装Kubelet、Kubeadm、Kubectl和Kubernetes-CNI
手动启动docker和kubelet服务
启用
NET.BRIDGE.BRIDGE-NF-CALL-IPTABLES
内核选项禁用交换分区
初始化主节点
在主节点上运行kubectl
// 加载新配置 source ./.bashrc echo "[ -r ~/.bashrc ] && source ~/.bashrc" >> .bash_profile
配置容器网络 部署Weave Net插件
在本地使用集群