kubernetes 实战之基于flannel的LNMP容器化
环境配置
- OS: Ubuntu 20.04.4
- Kubernetes:v1.24.3
- Container Runtime: Docker CE 20.10.17
- CRI:cri-dockerd v0.2.5
(1)借助于chronyd服务(程序包名称chrony)设定各节点时间精确同步;
(2)通过DNS完成各节点的主机名称解析;
(3)各节点禁用所有的Swap设备;
(4)各节点禁用默认配置的iptables防火墙服务
前面俩篇以及介绍过如何执行初始化命令了,此处就不一一赘述了,下面进入正题
初始环境
kubeadm reset --cri-socket unix:///run/cri-dockerd.sock
rm -rf /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni /etc/cni/net.d
设置阿里云k8s镜像仓库
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com",
"https://reg-mirror.qiniu.com",
"https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "200m"
},
"storage-driver": "overlay2"
}
cat <<EOF >/etc/apt/sources.list.d/kubernetes.listdeb
https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
vim /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
mkdir /etc/sysconfig/ -p
cd /etc/sysconfig
vim kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
systemctl daemon-reload
systemctl restart docker.service cri-docker.service kubelet.service
systemctl status docker.service cri-docker.service kubelet.service
拉取镜像
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --cri-socket unix:///run/cri-dockerd.sock
#打包镜像传输到其它机器
方法一:for i in `docker images |awk 'NR>=2{print $1":"$2}'`;do docker save $i -o $i.tar;done
方法二:docker save `docker images |awk 'NR>=2{print $1":"$2}'` -o alll.tar
方法三:docker image save `docker image ls --format "{{.Repository}}:{{.Tag}}"` -o all.tar
#删除镜像
docker rmi `docker images`
#加载flanneld插件,本地拉取镜像并初始化
mkdir /opt/bin/ -p
chmod +x /opt/bin/flanneld
kubectl apply -f kube-flannel.yml
#master初始化
kubeadm init --control-plane-endpoint="kubeapi.magedu.com" --kubernetes-version=v1.24.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs --image-repository=registry.aliyuncs.com/google_containers
kubectl get nodes -n kube-system
#从节点node加入
kubeadm join kubeapi.magedu.com:6443 --token dmogta.xjdwwunlmjk4q0xg --discovery-token-ca-cert-hash sha256:98e5b710c3ee1bc8b5bca0654bd28ded8e0f4e3fcc436f8017de58663cf958bc --cri-socket unix:///run/cri-dockerd.sock
方法二
#master初始化
vim kube-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
kind: InitConfiguration
localAPIEndpoint:
# 这里的地址即为初始化的控制平面第一个节点的IP地址;
advertiseAddress: 172.29.1.10
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
# 第一个控制平面节点的主机名称;
name: master01.magedu.com
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
# 控制平面的接入端点,我们这里选择适配到kubeapi.magedu.com这一域名上;
controlPlaneEndpoint: "master01.magedu.com:6443"
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.24.3
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# 用于配置kube-proxy上为Service指定的代理模式,默认为iptables;
mode: "ipvs"
kubeadm init --config kube-config.yaml --upload-certs
*按提示操作
#join加入其他节点
kubeadm join master01.magedu.com:6443 --token s9y76e.dqq72esyi0wowfg9 --discovery-token-ca-cert-hash sha256:deb5e9a16ed511d21f20e258e3950deae03195971185309c0c0c99ebde621d41 --control-plane --certificate-key c1f82fce929210074d308d5ab4496941c65cdb5e268019001b1ee18ddd81a0e3 --cri-socket unix:///run/cri-dockerd.sock
#初始化node join加入
kubeadm join master01.magedu.com:6443 --token s9y76e.dqq72esyi0wowfg9 \
--discovery-token-ca-cert-hash sha256:deb5e9a16ed511d21f20e258e3950deae03195971185309c0c0c99ebde621d41 --cri-socket unix:///run/cri-dockerd.sock
安装nginx,做4层负载均衡
#stream为4层代理,upstream为7层代理
stream {
upstream apiservers {
server k8s-master01.robin.org:6443 max_fails=2 fail_timeout=30s;
server k8s-master02.robin.org:6443 max_fails=2 fail_timeout=30s;
server k8s-master03.robin.org:6443 max_fails=2 fail_timeout=30s;
}
server {
listen 6443;
proxy_pass apiservers;
}
}
创建apply声明,在本地拉起对应镜像并运行
vim wordpress.yaml
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Pod
metadata:
name: wordpress
namespace: wordpress
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: wordpress
ports:
- containerPort: 80
name: wdport
env:
- name: WORDPRESS_DB_HOST
value: 127.0.0.1:3306
- name: WORDPRESS_DB_USER
value: wordpress
- name: WORDPRESS_DB_PASSWORD
value: wordpress
imagePullPolicy: IfNotPresent
- name: mysql
image: mysql:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
name: dbport
env:
- name: MYSQL_ROOT_PASSWORD
value: dayi123
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_USER
value: wordpress
- name: MYSQL_PASSWORD
value: wordpress
volumeMounts:
- name: db
mountPath: /var/lib/mysql
volumes:
- name: db
hostPath:
path: /var/lib/mysql
---
apiVersion: v1
kind: Service
metadata:
labels:
app: wordpress
name: wp-svc
namespace: wordpress
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 80
selector:
app: wordpress
type: NodePort
kubectl apply -f wordpress.yaml
4121
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
