安装coredns
通过github获取kubernetes二进制文件(kubernetes.tar.gz、kubernetes-server-linux-amd64.tar.gz,kubernetes-node-linux-amd64.tar.gz,kubernetes-client-linux-amd64.tar.gz)
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#downloads-for-v1235
#解压二进制文件包
tar -zxvf kubernetes.tar.gz kubernetes-server-linux-amd64.tar.gz kubernetes-node-linux-amd64.tar.gz kubernetes-client-linux-amd64.tar.gz
#拷贝yaml文件到当前目录
/root/kubernetes/cluster/addons/dns/coredns/coredns.yaml.base ./coredns.yaml
#修改配置文件
#clusterIP信息可通过任意pod的/etc/resolv.conf文件获取
...
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes kubedocker.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
...
containers:
- name: coredns
image: coredns/coredns:1.8.7
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 80Mi
requests:
cpu: 100m
memory: 70Mi
...
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.100.0.2
...
#创建coreDnspod
kubectl apply -f coredns.yaml
#修改副本数
kubectl edit deployments coredns -n kube-system
部署dashboard
#yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
#修改镜像源与监听端口
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30043
selector:
k8s-app: kubernetes-dashboard
...
containers:
- name: kubernetes-dashboard
image: docker-harbor.com/kubernetesui/dashboard@sha256:0c82e96241aa683fe2f8fbdf43530e22863ac8bfaddb0d7d30b4e3a639d4e8c5
imagePullPolicy: Always
...
containers:
- name: dashboard-metrics-scraper
image: docker-harbor.com/kubernetesui/metrics-scraper@sha256:76eb73afa0198ac457c760887ed7ebfa2f58adc09205bd9667b3f76652077a71
...
#任意docker节点pull镜像
docker pull kubernetesui/dashboard:v2.5.1
docker pull kubernetesui/metrics-scraper:v1.0.7
#修改tag
docker tag kubernetesui/metrics-scraper:v1.0.7 docker-harbor.com/kubernetesui/metrics-scraper:v1.0.7
docker tag kubernetesui/dashboard:v2.5.1 docker-harbor.com/kubernetesui/dashboard:v2.5.1
#push镜像
docker push docker-harbor.com/kubernetesui/dashboard:v2.5.1
docker push docker-harbor.com/kubernetesui/metrics-scraper:v1.0.7
#部署dashboard
kubectl apply -f dashboard-2.5.1.yaml
#验证部署情况
kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-5488b94959-zhhlt 1/1 Running 0 95m 10.200.135.137 192.168.74.147 <none> <none>
kubernetes-dashboard-778987578c-vvd55 1/1 Running 0 108m 10.200.100.65 192.168.74.149 <none> <none>
#创建管理员账号
kubectl apply -f admin-user.yaml
#获取token
kubectl get secrets -n kubernetes-dashboard
NAME TYPE DATA AGE
admin-user-token-7klgc kubernetes.io/service-account-token 3 2d1h
default-token-j8lq7 kubernetes.io/service-account-token 3 2d2h
kubernetes-dashboard-certs Opaque 0 2d2h
kubernetes-dashboard-csrf Opaque 1 2d2h
kubernetes-dashboard-key-holder Opaque 2 2d2h
kubernetes-dashboard-token-tkqnx kubernetes.io/service-account-token 3 2d2h
kubectl describe secrets admin-user-token-7klgc -n kubernetes-dashboard
登录dashboard
单节点etcd备份与还原
#查看etcd状态
export NODE_IPS="192.168.74.144 192.168.74.145 192.168.74.146"
for ip in ${NODE_IPS};do ETCDCTL_API=3 /usr/local/bin/etcdctl --write-out=table endpoint status --endpoints=https://${ip}:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem;done
#节点数据备份
etcdctl snapshot save snapshot.db
-rw------- 1 root root 4272160 4月 22 21:01 snapshot.db
#节点数据还原
etcdctl snapshot restore snapshot.db --data-dir=/tmp/etcd/data
/tmp/etcd/data/member/snap/
-rw-r--r-- 1 root root 6490 4月 22 21:09 0000000000000001-0000000000000001.snap
-rw------- 1 root root 4272128 4月 22 21:09 db
-rw------- 1 root root 64000000 4月 22 21:09 /tmp/etcd/data/member/wal/0000000000000000-0000000000000000.wal
kubeazs备份集群节点与还原
#集群备份
./ezctl backup k8s-cluster1
ll clusters/k8s-cluster1/backup/
总用量 8216
-rw------- 1 root root 4202528 4月 22 21:21 snapshot_202204222121.db
-rw------- 1 root root 4202528 4月 22 21:21 snapshot.db
#删除pod
get pod -n linux66 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux66-nginx-deployment-7d8d8dcdf4-pbqn7 1/1 Running 0 3m55s 10.200.169.136 192.168.74.148 <none> <none>
kubectl delete -f nginx.yaml
deployment.apps "linux66-nginx-deployment" deleted
service "linux66-nginx-service" deleted
kubectl get pod -n linux66 -o wide
No resources found in linux66 namespace.
#还原
./ezctl restore k8s-cluster1
kubectl get pod -n linux66 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux66-nginx-deployment-7d8d8dcdf4-pbqn7 0/1 ContainerCreating 1 7m27s <none> 192.168.74.148 <none> <none>
master与node节点升级
#升级master
#停止master节点服务
systemctl stop kube-apiserver.service kube-controller-manager.service kube-scheduler.service kube-proxy.service kubelet.service
#拷贝文件到bin目录
cd /root/kubernetes/server/bin/
cp kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl /usr/local/bin/
#启动master节点服务
systemctl restart kube-apiserver.service kube-controller-manager.service kube-scheduler.service kube-proxy.service kubelet.service
#验证版本
kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.74.144 Ready,SchedulingDisabled master 5d20h v1.23.5
192.168.74.145 Ready,SchedulingDisabled master 5d20h v1.23.1
192.168.74.146 Ready,SchedulingDisabled master 5d20h v1.23.1
192.168.74.147 Ready node 5d20h v1.23.1
192.168.74.148 Ready node 5d20h v1.23.1
#升级node节点
#驱逐pod
kubectl drain 192.168.74.147 --force --ignore-daemonsets --delete-emptydir-data
#停止node节点服务
systemctl stop kubelet.service kube-proxy.service
#拷贝二进制文件到node节点
scp kubelet kube-proxy kubectl 192.168.74.147:/usr/local/bin/
#重启node节点服务
systemctl restart kubelet.service kube-proxy.service
#取消node节点SchedulingDisabled状态
kubectl uncordon 192.168.74.147
#替换kubeazss二进制文件
cp kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy kubectl /etc/kubeasz/bin/
node节点扩容
#初始化node节点
#升级系统内核
# 载入公钥
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# 安装ELRepo
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 载入elrepo-kernel元数据
yum --disablerepo=\* --enablerepo=elrepo-kernel repolist
# 安装长期支持版本的kernel
yum --disablerepo=\* --enablerepo=elrepo-kernel install -y kernel-lt.x86_64
# 删除旧版本工具包
yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
# 安装新版本工具包
#默认启动的顺序是从0开始,新内核是从头插入(目前位置在0,而4.4.4的是在1),所以需要选择0。
grub2-set-default 0
#重启并检查
reboot
#添加node节点免密登录
ssh-copy-id -i ~/.ssh/id_rsa.put 192.168.74.149
#通过kubeazs扩容node节点
./ezctl add-node k8s-cluster1 192.168.74.149
#验证扩容节点信息
kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.74.144 Ready,SchedulingDisabled master 5d21h v1.23.5
192.168.74.145 Ready,SchedulingDisabled master 5d21h v1.23.5
192.168.74.146 Ready,SchedulingDisabled master 5d21h v1.23.5
192.168.74.147 Ready node 5d21h v1.23.5
192.168.74.148 Ready node 5d21h v1.23.5
192.168.74.149 Ready node 23m v1.23.5