环境
准备工作
1、更新yum
yum update
2、安装rhsm
yum install *rhsm*
3、安装证书
PS: 如果etc/rhsm/ca/有证书就跳过
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
4、校验证书
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
开始安装
1、下载k8s
yum install etcd kubernetes -y
2、修改
apiserver中得对外端口和KUBE_ADMISSION_CONTROL去掉SecurityContextDeny,ServiceAccount
修改KUBE_API_ADDRESS=“–insecure-bind-address=0.0.0.0”
cd /etc/kubernetes
vim apiserver
vim kubelet
修改KUBELET_ARGS=“–cluster-dns=10.0.0.110 --cluster-domain=cluster.local”
3、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
4、依次启动服务
systemctl start etcd
systemctl start docker
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl start kubelet
systemctl start kube-proxy
安装dashboard
1、docker拉取镜像
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
2、搭建kubernetes-dashboard
mkdir -p /opt/k8s_project/dashboard
cd /opt/k8s_project/dashboard
touch kubernetes-dashboard.yaml
3、编辑kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml
kubernetes-dashboard.yaml:
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key": "dedicated",
"operator": "Equal",
"value": "master",
"effect": "NoSchedule"
}
]
spec:
containers:
- name: kubernetes-dashboard
image: docker.io/siriuszg/kubernetes-dashboard-amd64:v1.5.1
imagePullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
- --apiserver-host=http://172.17.0.1:8080 #与服务apiserver相连
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
apiVersion: v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort #开启对外端口
ports:
- port: 80 #为内部CLUSTER-IP对应端口80
targetPort: 9090 #为容器内部所对应端口9090
nodePort: 30000 #对外端口为30000
selector:
app: kubernetes-dashboard
4、下载kubernetes-dashboard镜像
docker pull docker.io/siriuszg/kubernetes-dashboard-amd64:v1.5.1
5、创建kubernetes-dashboard命令
kubectl create -f kubernetes-dashboard.yaml
6、查看pods
kubectl get pods --all-namespaces -o wide
7、查看service
kubectl get svc --all-namespaces -o wide
PS:意外
如果出现类似以下情况:StartContainer" for “POD” with ImagePullBackOff: “Back-off pulling image “registry.access.redhat.com/rhel7/pod-infrastructure:latest””
重复一遍准备工作,一般是由于rhsm和pem没得
访问
1、直接用公网IP:port进行访问 eg:10.0.0.1:30000
PS:可能存在访问不通
再次运行关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
效果
常用命令
创建服务
kubectl create -f xxx.yaml
查看启动
kubectl get svc
kubectl get rc
kubectl get rc -o wide
查看pods
kubectl get pods
查看日志
kubectl describe pod mysql-rc-1h3n9
关闭服务
kubectl stop replicationcontroller mysql-rc
or
kubectl delete -f kubernetes-dashboard.yaml
eg:
# 关闭 foo.
$ kubectl stop replicationcontroller foo
# 通过标签`name=myLabel`来终止 pod 和 service。
$ kubectl stop pods,services -l name=myLabe
# 关闭由`service.json`定义的`service`。
$ kubectl stop -f service.json
# 关闭`path/to/resources`文件夹下所有资源。
$ kubectl stop -f path/to/resources
查看dns解析
nslookup name
docker常用命令
docker ps #查看运行容器
docker ps -a #查看所有容器
docker images 查看镜像
docker stop/start/restart xxx 停止、启动、重启
docker pull 拉取
...
安装mysql
mysql-rc.yaml:
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql-rc
labels:
name: mysql-rc
spec:
replicas: 1
selector:
name: mysql-pod
template:
metadata:
labels:
name: mysql-pod
spec:
containers:
- name: mysql
image: mysql
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "root"
mysql-svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: mysql-service
labels:
app: mysql
spec:
type: NodePort
selector:
app: mysql
ports:
- protocol : TCP
nodePort: 30306
port: 3306
targetPort: 3306
安装nginx
nginx-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-controller
spec:
replicas: 1
selector:
name: nginx
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- port: 8001 #内部CLUSTER-IP端口8001
targetPort: 80 #容器内部端口80
nodePort: 30001 #外网访问ip30001
selector:
name: nginx
模板yaml文件,(参考用)
apiVersion: v1
kind: pod
metadata:
name: String
namespace: String
labels:
- name: String
annotations:
- name: String
spec:
containers:
- name: String
image: String
imagePullPolicy: [Always|Never|IfNotPresent]
command: [String]
args: [String]
workingDir: String
volumeMounts:
- name: String
mountPath: String
readOnly: boolean
ports:
- name: String
containerPort: int
hostPort: int
protocol: String
env:
- name: String
value: String
resources:
limits:
cpu: Srting
memory: String
requeste:
cpu: String
memory: String
livenessProbe:
exec:
command: [String]
httpGet:
path: String
port: number
host: String
scheme: Srtring
httpHeaders:
- name: Stirng
value: String
tcpSocket:
port: number
initialDelaySeconds: 0
timeoutSeconds: 0
periodSeconds: 0
successThreshold: 0
failureThreshold: 0
securityContext:
privileged: falae
restartPolicy: [Always|Never|OnFailure]
nodeSelector: object
imagePullSecrets:
- name: String
hostNetwork: false
volumes:
- name: String
meptyDir: {}
hostPath:
path: string
secret:
secretName: String
item:
- key: String
path: String
configMap:
name: String
items:
- key: String
path: String