k8s搭建

最新推荐文章于 2023-08-03 22:50:38 发布
置顶 最新推荐文章于 2023-08-03 22:50:38 发布
阅读量330 收藏
点赞数 1
分类专栏: docker
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_37893887/article/details/91356919
版权

1、资源准备

master  192.168.187.164
work    192.168.187.165

1.1 允许使用root登陆

修改vim /etc/ssh/sshd_config文件将PermitRootLogin改为yes

# PermitRootLogin prohibit-password
PermitRootLogin yes

然后重启ssh即可

root@ubuntu16server:/home/yufeiliu/work# vim /etc/ssh/sshd_config
root@ubuntu16server:/home/yufeiliu/work#
root@ubuntu16server:/home/yufeiliu/work# /etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.

1.2 互相免密登陆

在master结点操作:

root@ubuntu16server:/home/yufeiliu# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4Lp1TB/wNgVgpAhcvc1CkJ2KgE8Vu6cbV6cywm5sX7Q root@ubuntu16server
The key's randomart image is:
+---[RSA 2048]----+
|...o=* o+..      |
|o o..o=o   .     |
| + .ooo+.   .    |
|  o .oo.oo .     |
|    . o.S *      |
|   . + = * o     |
|   .* = E .      |
|   .+B =         |
|   o+..          |
+----[SHA256]-----+
root@ubuntu16server:/home/yufeiliu#
root@ubuntu16server:/home/yufeiliu# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.187.165
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.187.165 (192.168.187.165)' can't be established.
ECDSA key fingerprint is SHA256:JGf+Uo2Ap1BOugBmfdlj8uNnsJw4acQTJzOPRCxuWpM.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.187.165's password:


Number of key(s) added: 1


Now try logging into the machine, with:   "ssh 'root@192.168.187.165'"
and check to make sure that only the key(s) you wanted were added.

这样master在访问work就不用输密码了,在work结点重新操作一次,便可以双向免密登陆

1.3 关闭swap

root@ubuntu16server:/home/yufeiliu# swapoff -a

 

2、生成证书

cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "kubernetes": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF

cat > ca-csr.json <<EOF
{
    "CN": "kubernetes",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing",
              "O": "k8s",
            "OU": "System"
        }
    ]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

cat > server-csr.json <<EOF
{
    "CN": "kubernetes",
    "hosts": [
      "10.0.0.1",
      "127.0.0.1",
      "192.168.187.164",
      "192.168.187.165",
      "kubernetes",
      "kubernetes.default",
      "kubernetes.default.svc",
      "kubernetes.default.svc.cluster",
      "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing",
            "O": "k8s",
            "OU": "System"
        }
    ]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server


cat > admin-csr.json <<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

cat > kube-proxy-csr.json <<EOF
{
  "CN": "system:kube-proxy",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy

3、安装etcd集群

这里我们只部署一台机器就可以了,不再部署集群,如果需要部署集群,请看k8s搭建(失败)

安装包:

[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# pwd
/home/yufeiliu/work/etcd


[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# ls
etcd  etcdctl

为了操作简单,我们全部采用命令行启动的方式,不再使用service方式启动

创建数据目录:

[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# mkdir /home/yufeiliu/work/etcd/xuanchi.etcd


[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# ls
etcd  etcdctl  start.sh  xuanchi.etcd

 

启动脚本:

[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# cat start.sh
nohup /home/yufeiliu/work/etcd/etcd --data-dir /home/yufeiliu/work/etcd/xuanchi.etcd --listen-client-urls https://192.168.187.164:2379 --advertise-client-urls https://192.168.187.164:2379 --initial-cluster-state new --client-cert-auth --cert-file=/home/yufeiliu/work/ssl/server.pem --key-file=/home/yufeiliu/work/ssl/server-key.pem --peer-client-cert-auth --peer-trusted-ca-file=/home/yufeiliu/work/ssl/ca.pem --trusted-ca-file=/home/yufeiliu/work/ssl/ca.pem --peer-cert-file=/home/yufeiliu/work/ssl/server.pem --peer-key-file=/home/yufeiliu/work/ssl/server-key.pem &

 

测试:

[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# /home/yufeiliu/work/etcd/etcdctl --ca-file=/home/yufeiliu/work/ssl/ca.pem --cert-file=/home/yufeiliu/work/ssl/server.pem --key-file=/home/yufeiliu/work/ssl/server-key.pem --endpoints=https://192.168.187.164:2379 set key value
value


[root@ubuntu16server k8s-master /home/yufeiliu/work/etcd]
# /home/yufeiliu/work/etcd/etcdctl --ca-file=/home/yufeiliu/work/ssl/ca.pem --cert-file=/home/yufeiliu/work/ssl/server.pem --key-file=/home/yufeiliu/work/ssl/server-key.pem --endpoints=https://192.168.187.164:2379 get key
value

4、安装flannel

4.1 安装包

[root@ubuntu16server k8s-master /home/yufeiliu/work/flannel]
# ls
flanneld  mk-docker-opts.sh

4.2 初始化网络

/home/yufeiliu/work/etcd/etcdctl --ca-file=/home/yufeiliu/work/ssl/ca.pem --cert-file=/home/yufeiliu/work/ssl/server.pem --key-file=/home/yufeiliu/work/ssl/server-key.pem --endpoints=https://192.168.187.164:2379 set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'

 

4.3 启动脚本

[root@ubuntu16server k8s-master /home/yufeiliu/work/flannel]
# cat start.sh
nohup /home/yufeiliu/work/flannel/flanneld --ip-masq --etcd-endpoints=https://192.168.187.164:2379 -etcd-cafile=/home/yufeiliu/work/ssl/ca.pem -etcd-certfile=/home/yufeiliu/work/ssl/server.pem -etcd-keyfile=/home/yufeiliu/work/ssl/server-key.pem &
/home/yufeiliu/work/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /home/yufeiliu/work/flannel/subnet.env

 

4.3 验证

 

5、docker安装

nohup dockerd --bip=172.17.13.1/24 --ip-masq=false --mtu=1450 &

验证:

# ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:4f:8d:92:80
          inet addr:172.17.53.1  Bcast:172.17.53.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


ens33     Link encap:Ethernet  HWaddr 00:0c:29:cb:a1:8e
          inet addr:192.168.187.165  Bcast:192.168.187.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fecb:a18e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:150597 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11801 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:214347704 (214.3 MB)  TX bytes:1209026 (1.2 MB)


flannel.1 Link encap:Ethernet  HWaddr a2:d3:28:7a:76:28
          inet addr:172.17.53.0  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::a0d3:28ff:fe7a:7628/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:8 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:168 (168.0 B)  TX bytes:168 (168.0 B)


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:12136 (12.1 KB)  TX bytes:12136 (12.1 KB)

 

6、安装master

6.1 安装包

 

6.2 生成token

# cat k8s-token.sh
token=$(head -c 10 /dev/urandom |od -An -t x|tr -d ' ')


cat <<EOF >/home/yufeiliu/work/k8s/token.csv
${token},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF

执行脚本生成:

[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# ls
k8s-token.sh  kubernetes  token.csv

6.2 kube-apiserver

[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# cat k8s-apiserver.sh
nohup /home/yufeiliu/work/k8s/kubernetes/server/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.187.164:2379 --bind-address=192.168.187.164 --secure-port=6443 --advertise-address=192.168.187.164 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/home/yufeiliu/work/k8s/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/home/yufeiliu/work/ssl/server.pem  --tls-private-key-file=/home/yufeiliu/work/ssl/server-key.pem --client-ca-file=/home/yufeiliu/work/ssl/ca.pem --service-account-key-file=/home/yufeiliu/work/ssl/ca-key.pem --etcd-cafile=/home/yufeiliu/work/ssl/ca.pem --etcd-certfile=/home/yufeiliu/work/ssl/server.pem --etcd-keyfile=/home/yufeiliu/work/ssl/server-key.pem &

 

6.3 kube-controller-manger

[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# ls
k8s-apiserver.sh  k8s-controller-manger.sh  k8s-token.sh  kubernetes  nohup.out  token.csv


[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# cat k8s-controller-manger.sh
nohup /home/yufeiliu/work/k8s/kubernetes/server/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/home/yufeiliu/work/ssl/ca.pem --cluster-signing-key-file=/home/yufeiliu/work/ssl/ca-key.pem  --root-ca-file=/home/yufeiliu/work/ssl/ca.pem --service-account-private-key-file=/home/yufeiliu/work/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s &

 

6.4 kube-scheduler

[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# ls
k8s-apiserver.sh  k8s-controller-manger.sh  k8s-scheduler.sh  k8s-token.sh  kubernetes  nohup.out  token.csv


[root@ubuntu16server k8s-master /home/yufeiliu/work/k8s]
# cat k8s-scheduler.sh
nohup /home/yufeiliu/work/k8s/kubernetes/server/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect &

 

6.5 配置

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl delete clusterrolebinding kubelet-bootstrap
/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-cluster kubernetes --certificate-authority=/home/yufeiliu/work/ssl/ca.pem --embed-certs=true --server=https://192.168.187.164:6443 --kubeconfig=bootstrap.kubeconfig

# token是token.csv中的值
/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-credentials kubelet-bootstrap --token=8f2e917dbbecc54800006c2e --kubeconfig=bootstrap.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config use-context default --kubeconfig=bootstrap.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-cluster kubernetes --certificate-authority=/home/yufeiliu/work/ssl/ca.pem --embed-certs=true --server=https://192.168.187.164:6443 --kubeconfig=kube-proxy.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-credentials kube-proxy --client-certificate=/home/yufeiliu/work/ssl/kube-proxy.pem --client-key=/home/yufeiliu/work/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

可以得到:

[root@k8s-master k8s-master /root]
# ls
bootstrap.kubeconfig  kube-proxy.kubeconfig

需要将这两个配置文件传到work上

6.6 安装worker

安装包:

root@k8s-work:/home/yufeiliu/work/k8s# ls
bootstrap.kubeconfig  kubelet  kube-proxy  kube-proxy.kubeconfig

 

6.6.1 kubelet

配置文件

root@k8s-work:/home/yufeiliu/work/k8s# cat kubelet.config
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.187.165
port: 10250
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local.
failSwapOn: false
readOnlyPort: 10255
authentication:
  anonymous:
    enabled: true

kubelet启动脚本:

root@k8s-work:/home/yufeiliu/work/k8s# cat kubelet.sh
nohup /home/yufeiliu/work/k8s/kubelet --logtostderr=true --v=4 --address=192.168.187.165 --hostname-override=192.168.187.165 --kubeconfig=/home/yufeiliu/work/k8s/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/home/yufeiliu/work/k8s/bootstrap.kubeconfig --config=/home/yufeiliu/work/k8s/kubelet.config --cert-dir=/home/yufeiliu/work/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 &

 

6.6.2 kube-proxy

root@k8s-work:/home/yufeiliu/work/k8s# cat kube-proxy.sh
nohup /home/yufeiliu/work/k8s/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.187.165 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/home/yufeiliu/work/k8s/kube-proxy.kubeconfig &

 

在work结点上启动了两个进程:

root@k8s-work:/home/yufeiliu/work/k8s# ps -aux | grep kube
root      3207  0.1  4.3 441704 62384 pts/0    Sl   18:30   0:00 /home/yufeiliu/work/k8s/kubelet --logtostderr=true --v=4 --address=192.168.187.165 --hostname-override=192.168.187.165 --kubeconfig=/home/yufeiliu/work/k8s/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/home/yufeiliu/work/k8s/bootstrap.kubeconfig --config=/home/yufeiliu/work/k8s/kubelet.config --cert-dir=/home/yufeiliu/work/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
root      3510  1.7  2.1 138988 31340 pts/0    Sl   18:34   0:00 /home/yufeiliu/work/k8s/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.187.165 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/home/yufeiliu/work/k8s/kube-proxy.kubeconfig

 

7、最终配置

在master结点上:

[root@k8s-master k8s-master /root]
# /home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl get csr
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-jLWlE-QtWWw-2S_qy21kf1d6o_BZVR9U2SU0at7wmDQ   7m33s   kubelet-bootstrap   Pending

 

这里面说明有一个结点需要加入集群,下面我们通过该请求:

[root@k8s-master k8s-master /root]
# kubectl certificate approve node-csr-jLWlE-QtWWw-2S_qy21kf1d6o_BZVR9U2SU0at7wmDQ
kubectl: command not found


[root@k8s-master k8s-master /root]
# /home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl  certificate approve node-csr-jLWlE-QtWWw-2S_qy21kf1d6o_BZVR9U2SU0at7wmDQ
certificatesigningrequest.certificates.k8s.io/node-csr-jLWlE-QtWWw-2S_qy21kf1d6o_BZVR9U2SU0at7wmDQ approved


[root@k8s-master k8s-master /root]
# /home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl get csr
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-jLWlE-QtWWw-2S_qy21kf1d6o_BZVR9U2SU0at7wmDQ   9m15s   kubelet-bootstrap   Approved,Issued


[root@k8s-master k8s-master /root]
# /home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl get nodes
NAME              STATUS   ROLES    AGE   VERSION
192.168.187.165   Ready    <none>   16s   v1.14.3

8、使用k8s部署服务

/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl run nginx --image=nginx
/home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl expose deployment nginx --port=80 --target-port=80 --name=nginx-svc
# /home/yufeiliu/work/k8s/kubernetes/server/bin/kubectl get pod
NAME                     READY   STATUS    RESTARTS   AGE
nginx-7db9fccd9b-2vzm9   1/1     Running   0          76m

 

 

 

 

 

 

 

 

 

 

 

 

 

 

玄尺
关注
专栏目录
K8S搭建(centos)四、安装K8S
分享式获得也是一种学习的态度
01-23 2033
每个人都有惰性,但不断学习是好好生活的根本,共勉!
k8s搭建(超详细,保姆级教程)
qq_44150902的博客
06-23 2万+
这里就不赘述,想要了解的朋友直接去这里深入了解什么是K8S。我准备了2台机器172.168.200.130(master)、172.168.200.131(node1),也测试了2台是内网互通。 所有机器都必须安装docker环境。 选择19.3.9版本安装 4.2、安装Kubernetes 所有机器配置自己的hostname(不能是localhost)172.168.200.130机器我配置为master,172.168.200.131为node1。 所有机器必须关闭swap分区,不为0则说明没有关闭;
云原生--k8s之yaml与json
a_b_e_l_的博客
11-05 2486
空格是不可见的,所以看起来字符较少,但是如果你计算实际的空格是必要的,以便正确解释 YAML以及正确的缩进,你会发现 YAML 实际上需要比 JSON 更多的字符。开发人员喜欢JSON,因为它是JavaScript的子集,并且可以在JavaScript内部直接解释和编写,还可以使用简写方式声明JSON,在使用不带空格的典型变量名时,键中不需要双引号。4.python中模型的配置文件都是yaml格式----脱机处理, yaml利用空格缩进表示层级,只要具有相同的缩进就具有相同的层级,而且缩进只能用空格.
k8s——创建YAML和JSON格式资源对象与port详解
m0_47161295的博客
10-12 2791
这里写目录标题1.创建资源对象方法1.1 JSON格式1.2 YAML格式1.3 查看api-versions1.4 创建yaml文件1.5 使用yaml文件创建文件1.6 创建service的yaml文件1.7 使用service的yaml文件创建服务1.8 自动测试命令的正确性,并不执行创建1.9 查看生成yaml格式、json格式1.10 将现有资源导出为yaml文件1.11 将现有资源生成模板1.12 将现有的资源生成模板输出展示并保存到文件中1.13 查看字段帮助信息2. 详解k8s中的port
K8S------Kubernetes二进制搭建中的脚本文件集合
下雨天的放羊娃的博客
08-13 554
目录etcd-cert.shetcd.shflannel.sh etcd-cert.sh #!/bin/bash #配置证书生成策略,让 CA 软件知道颁发有什么功能的证书,生成用来签发其他组件证书的根证书 cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "87600h" }, "profiles": { "www": { "expiry"
二进制方式搭建K8S集群
ripper821的博客
07-03 984
二进制方式搭建K8S集群 一、准备(所有机器都需要操作) 角色 IP 组件 ubuntu-server1(master) 192.168.71.11 kube-apiserver kube-controller-manager kube-scheduller etcd ubuntu-server2(node) 192.168.71.12 kubelet kube-proxy docker etcd ubuntu-server3(node) 192.168.71.13 kubelet
二进制安装k8s
weixin_43370473的博客
07-18 882
1、系统概述 2、自签Etcd SSL证书 3、Etcd数据库集群部署 4、Node安装Docker 5、Flannel容器集群网络部署 6、自签APIServer SSL证书 7、部署Master组件 8、生产Node kubeconfig文件 9、部署Node组件 10、安装nginx 11、安装keepalived 12、节点发现 13、运行一个测试示例 1、系统概述 操作系统版本:CentOS7.5 k8s版本:1.12 系统要求:关闭swap、selinux、iptables 具体信息: 拓扑图
k8s搭建Nacos集群
05-26
k8s搭建Nacos集群,制作Java运行容器镜像,再制作Nacos镜像 Nacos版本是:2.1.0 说明: 如果想搭建:2.2.0也根据文档步骤操作即可
k8s搭建Kubernetes(k8s)集群用到的部署CNI网络插件
最新发布
02-21
问题场景:由于k8s安装master一直处于NotReady状态查看日志出现 failed to find plugin “flannel” in path [/opt/cni/bin]【CentOS7.9】(ps:不需要积分) 解决办法:下载CNI插件,在此提供amd和arm,其他可访问链接...
k8s搭建rabbitmq集群
11-30
kubernetes搭建rabbitmq集群,只需创建好相应的pv即可,无需修改,依次执行
Kubernetes高可用集群二进制部署(四)部署kubectl和kube-controller-manager、kube-scheduler
Lifelong learning
08-03 1282
scheduler通过 kubernetes 的监测(Watch)机制来发现集群中新创建且尚未被调度到 Node 上的 Pod。 scheduler会将发现的每一个未调度的 Pod 调度到一个合适的 Node 上来运行。 scheduler会依据下文的调度原则来做出调度选择。Controller Manager作为集群内部的管理控制中心,负责集群内的Node、Pod副本、服务端点(Endpoint)、命名空间(Namespace)、服务账号(ServiceAccount)、资源定额(ResourceQuot
k8s集群二进制安装--kube-apiserver部署
归来仍少年
09-28 1419
4.master上kube-apiserver部署 4.1 生成apiserver的证书 cd /root/TLS/k8s #配置ca-config vi ca-config.json { “signing”: { “default”: { “expiry”: “87600h” }, “profiles”: { “kubernetes”: { “expiry”: “87600h”, “usages”: [ “signing”, “key encipherment”, “server auth”, “clie
K8S常见错误、原因及处理方法
学亮编程手记
07-16 1万+
OOMKilled: Pod 的内存使用超出了 resources.limits 中的限制,被强制杀死。 CrashLoopBackoff: Pod 进入 崩溃-重启循环,重启间隔时间从 10 20 40 80 一直翻倍到上限 300 秒,然后以 300 秒为间隔无限重启。 Pod 一直 Pending: 这说明没有任何节点能满足 Pod 的要求,容器无法被调度。比如端口被别的容器用 hostPort 占用,节点有污点等。 FailedCreateSandBox: Failed create pod sa.
[云原生k8s] k8s的CA证书创建和使用及ETCD集群
m0_71521555的博客
11-03 1771
CA证书及ETCD集群部署
Kubernetes简称k8s(超详细教程)
xiaozhen的博客库
05-19 4647
一:服务架构分析 K8S架构图 1:Kubernetes简介 Kubernetes是Google在2014年开源的容器集群管理系统,简称K8S K8S用于容器化应用程序的部署,扩展和管理 K8S提供了容器的编排,资源调度,弹性伸缩,部署管理,服务发现一系列功能 Kubernetes目标是让部署容器化应用简单高效 官方网站是http://www.kubernetes.io 2:k8s特性 1:自我修复 在节点故障时重新启动失败的容器,替换和重新部署,保证预期的副本数量;杀死健康检查失败的容器,并且在未准备好
k8s+docker实战(长篇)
热门推荐
qq_37175369的博客
04-10 4万+
文章所有用到的文件都在这个压缩包里链接:https://pan.baidu.com/s/1ib7pUGtEDp_DqsuO5jOrAA 密码:vvtx首先本文参照Hek_watermelon的博客编写,解决了部署中遇到的一些问题,传送门https://blog.csdn.net/hekanhyde/article/details/78595236下面开始安装dockerCentos 6yum in...
k8s技术预研14--kubernetes API详解
watermelonbig的专栏
07-13 5693
1、kubernetes API概述Kubernetes API是集群系统中的重要组成部分,Kubernetes中各种资源(对象)的数据通过该API接口被提交到后端的持久化存储(etcd)中,Kubernetes集群中的各部件之间通过该API接口实现解耦合,同时Kubernetes集群中一个重要且便捷的管理工具kubectl也是通过访问该API接口实现其强大的管理功能的。Kubernetes AP...
kubelet启动常见问题
知行合一 止于至善
03-05 1万+
kubelet无法启动,最常见的问题之一在于cgroup-driver的设定不正确,以下列出问题示例和对应方法。
k8s证书认证
weixin_33955681的博客
06-21 4758
kubernetes 提供了多种安全认证机制, 其中对于集群通讯间可采用 TLS(https) 双向认证机制,也可采用基于 Token 或用户名密码的单向 tls 认证。k8s一般在内网部署,采用私有 IP 地址进行通讯,权威CA只能签署域名证书,我们这里采用自建CA。创建TLS证书和秘钥步鄹1.下载安装SSL,下载cfssl工具:https://pkg.cfssl.org/...
k8s搭建prometheus grafana
08-01
k8s搭建prometheus和grafana可以通过使用Deployment方式进行部署。在生产环境中,建议使用StatefulSet方式进行部署集群,过程与Deployment类似。你可以在个人的GitHub上找到相关的部署代码和配置信息。[1] 如果你想了解更多关于k8s搭建prometheus和grafana的详细步骤和配置信息,你可以参考以下章节: - 第一章:裸机部署k8s集群 - 第二章:部署应用到k8s集群 - 第三章:service简单使用 - 第四章:StatefulSet简单使用 - 第五章:存储(storage) - 第六章:配置storageclass使用nfs动态申领本地磁盘空间 - 第七章:配置ConfigMap & Secret - 第八章:Helm构建MySQL - 第九章:kubernetes-dashboard安装 - 第十章:kube-prometheus-stack全家桶搭建(Grafana Prometheus)[2] 此外,你还可以在Artifact Hub官网上找到更多关于kube-prometheus-stack的信息和资源。[3]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值