【运维】K8S集群部署系列之普通Node节点搭建(八)

最新推荐文章于 2023-06-08 11:32:54 发布
最新推荐文章于 2023-06-08 11:32:54 发布
阅读量9.8k 收藏 2
点赞数 1
分类专栏: k8s
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39974140/article/details/100664153
版权

系统环境

NodeIPCentOSkernelcpumemory
node1192.168.159.4CentOS Linux release 7.4.1708 (Core)3.10.0-693.el7.x86_64Intel® Core™ i5-7500 CPU @ 3.40GHz * 12G
node2192.168.159.5CentOS Linux release 7.4.1708 (Core)3.10.0-693.el7.x86_64Intel® Core™ i5-7500 CPU @ 3.40GHz * 12G

Node 软件环境

NodeIPetcddockerflannelkubeletkube-proxy
node13.3.13192.168.159.419.03.10.11.01.15.21.15.2
node23.3.13192.168.159.519.03.10.11.01.15.21.15.2

kubelet 服务普通安装

kubelet文档

kubelet 动态配置文件

kubelet的--config参数指定文件,定义kubelet的初始化参数。

cat << EOF > kubelet.conf 
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.159.4
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS: ["10.0.0.2"]
clusterDomain: cluster.local.
failSwapOn: false
authentication:
  anonymous:
    enabled: true
EOF

  • 参数解释

    名称参数释义
    kind资源类型
    apiVersionAPI版本,kind类型需要与API版本对应
    addresskubelet监听IP,0.0.0.0监听所有
    portkubelet服务端口,默认10250
    readOnlyPort没有认证授权的只读端口,默认10255
    cgroupDriver容器cgroup驱动,docker使用docker info |grep 'Cgroup Driver'查看
    clusterDNSPOD的DNS服务地址,与--service-cluster-ip-range指定有关
    clusterDomain集群域名,如果设置kubelet将配置所有容器除搜索主机域外还搜索该域
    failSwapOn主机swap开启,则kubelet启动失败
    authentication用户认证,anonymous: enabled: true 开启匿名请求,默认开启

kubelet 服务配置文件

cat > /opt/k8s/node/etc/kubelet.service.conf << EOF
KUBELET_INSECURE_OPTS="--config=/opt/k8s/node/etc/kubelet.conf \
--kubeconfig=/opt/k8s/node/etc/bootstrap.kubeconfig \
--hostname-override=192.168.159.4 \
--logtostderr=true \
--log-dir=/opt/k8s/node/log/kubelet \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 \
--v=2"
EOF

  • 参数解释

    名称参数释义
    --configkubelet初始化配置文件
    --kubeconfig定义如何连接kube-apiserver
    --hostname-override主机名,kubectl get nodesNAME字段
    --pod-infra-container-imagepause容器,Pod中用于共享网络的基础容器

kubelet 服务文件

cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=kubelet server
Documentation=https://kubernetes.io/docs/
After=docker.service
Requires=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/k8s/node/etc/kubelet.service.conf
ExecStart=/usr/local/bin/kubelet $KUBELET_INSECURE_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

kubelet 服务启动

启动
systemctl daemon-reload && systemctl start kubelet
验证
[root@master etc]# kubectl get nodes
NAME            STATUS   ROLES    AGE    VERSION
192.168.159.4   Ready    <none>   3d5h   v1.15.2

[root@master pki]# kubectl get ev
LAST SEEN   TYPE     REASON                    OBJECT               MESSAGE
111s        Normal   Starting                  node/192.168.159.4   Starting kubelet.
110s        Normal   NodeHasSufficientMemory   node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientMemory
110s        Normal   NodeHasNoDiskPressure     node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasNoDiskPressure
110s        Normal   NodeHasSufficientPID      node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientPID
110s        Normal   NodeAllocatableEnforced   node/192.168.159.4   Updated Node Allocatable limit across pods
109s        Normal   RegisteredNode            node/192.168.159.4   Node 192.168.159.4 event: Registered Node 192.168.159.4 in Controller
100s        Normal   NodeReady                 node/192.168.159.4   Node 192.168.159.4 status is now: NodeReady
journalctl -xe日志错误结局

错误一:iptables规则无法创建

WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION' failed: iptables v1.4.21: Couldn't load target `DOCKER-ISOLATION':No such file or directory

解决方案:

ip link delete docker0 && systemctl restart docker

错误二:iptables规则无法创建

9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741756    2875 prometheus.go:112] failed to register unfinished metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741765    2875 prometheus.go:126] failed to register unfinished metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741774    2875 prometheus.go:152] failed to register depth metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741783    2875 prometheus.go:164] failed to register adds metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741832    2875 prometheus.go:176] failed to register latency metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741878    2875 prometheus.go:188] failed to register work_duration metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741892    2875 prometheus.go:203] failed to register unfinished_work_seconds metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:17 master kube-apiserver[2875]: E0903 13:16:17.741902    2875 prometheus.go:216] failed to register longest_running_processor_microseconds metric admission_quota_controller: duplicate metrics collector registration attempted
9月 03 13:16:19 master systemd[1]: Started k8s apiserver.
9月 03 13:16:19 master kube-apiserver[2875]: E0903 13:16:19.410432    2875 controller.go:148] Unable to remove old endpoints from kubernetes service: StorageError: key not found, Code: 1, Key: /registry/masterleases/192.168.159.3, ResourceVersion: 0, AdditionalErrorMsg:

解决方案:
目前还没解决,但不影响k8s集群使用,预计在kubernetes下一个版本可以解决。issues#76956

kube-proxy 服务普通安装

kube-proxy文档

kube-proxy 动态配置文件

可以通过配置--write-config-to=kube-proxy.config,试启动kube-proxy输出配置模板。

cat << EOF > kube-proxy.config 
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
clientConnection:
  acceptContentTypes: ""
  burst: 10
  contentType: application/vnd.kubernetes.protobuf
  kubeconfig: /opt/k8s/node/etc/kube-proxy.kubeconfig
  qps: 5
clusterCIDR: 10.0.0.0/24
configSyncPeriod: 15m0s
conntrack:
  maxPerCore: 32768
  min: 0
  tcpCloseWaitTimeout: 1h0m0s
  tcpEstablishedTimeout: 24h0m0s
enableProfiling: false
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: 192.168.159.4
iptables:
  masqueradeAll: false
  masqueradeBit: 14
  minSyncPeriod: 0s
  syncPeriod: 30s
ipvs:
  excludeCIDRs: null
  minSyncPeriod: 0s
  scheduler: ""
  strictARP: false
  syncPeriod: 30s
kind: KubeProxyConfiguration
metricsBindAddress: 127.0.0.1:10249
mode: "iptables"
nodePortAddresses: null
oomScoreAdj: -999
portRange: ""
resourceContainer: /kube-proxy
udpIdleTimeout: 250ms
winkernel:
  enableDSR: false
  networkName: ""
  sourceVip: ""
EOF

kube-proxy 服务配置文件

cat << EOF > /opt/kubernetes/cfg/kube-proxy.service.conf
KUBE_PROXY_OPTS="--logtostderr=true \
--v=0 \
--kubeconfig=/opt/k8s/node/etc/kube-proxy.kubeconfig \
--config=/opt/k8s/node/etc/kube-proxy.config \
EOF

  • 参数解释

    名称参数释义
    --configkube-proxy动态配置文件,初始化kube-proxy启动参数,首次可以通过配置--write-config-to=[FileName]导出配置模板
    --kubeconfig定义如何连接kube-apiserver
    --hostname-override主机名,kubectl get nodesNAME字段

kube-proxy 服务文件

注意此处的服务Type不能设置为notify,否则无法正确显示服务状态

cat << EOF >  kube-proxy.service
[Unit]
Description=kube-proxy server
Documentation=https://kubernetes.io/docs/
After=network.target
Requires=network.target

[Service]
Type=simple
EnvironmentFile=/opt/k8s/node/etc/kube-proxy.service.conf
ExecStart=/usr/local/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

防火墙设置

firewall-cmd --zone=public --add-port=10256/udp --permanent
firewall-cmd reload

kube-proxy 服务启动

systemctl daemon-reload && systemctl start kube-proxy
验证
[root@master etc]# kubectl get ev
LAST SEEN   TYPE     REASON                    OBJECT               MESSAGE
56m         Normal   Starting                  node/192.168.159.4   Starting kubelet.
56m         Normal   NodeHasSufficientMemory   node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientMemory
56m         Normal   NodeHasNoDiskPressure     node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasNoDiskPressure
56m         Normal   NodeHasSufficientPID      node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientPID
56m         Normal   NodeAllocatableEnforced   node/192.168.159.4   Updated Node Allocatable limit across pods
56m         Normal   RegisteredNode            node/192.168.159.4   Node 192.168.159.4 event: Registered Node 192.168.159.4 in Controller
56m         Normal   NodeReady                 node/192.168.159.4   Node 192.168.159.4 status is now: NodeReady
38m         Normal   Starting                  node/192.168.159.4   Starting kubelet.
38m         Normal   NodeAllocatableEnforced   node/192.168.159.4   Updated Node Allocatable limit across pods
38m         Normal   NodeHasSufficientMemory   node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientMemory
38m         Normal   NodeHasNoDiskPressure     node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasNoDiskPressure
38m         Normal   NodeHasSufficientPID      node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientPID
26m         Normal   Starting                  node/192.168.159.4   Starting kubelet.
26m         Normal   NodeAllocatableEnforced   node/192.168.159.4   Updated Node Allocatable limit across pods
26m         Normal   NodeHasSufficientMemory   node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientMemory
26m         Normal   NodeHasNoDiskPressure     node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasNoDiskPressure
26m         Normal   NodeHasSufficientPID      node/192.168.159.4   Node 192.168.159.4 status is now: NodeHasSufficientPID

运行nginx示例

运行前环境

[root@master etc]# kubectl get nodes
NAME            STATUS   ROLES    AGE   VERSION
192.168.159.4   Ready    <none>   71m   v1.15.2
[root@master etc]# kubectl get rc
No resources found.
[root@master etc]# kubectl get pods
No resources found.

创建Deployment

master运行

kubectl run --generator=run-pod/v1 nginx-test --image=nginx --replicas=1 --port=80

运行结果

[root@master etc]# kubectl get rs
NAME                    DESIRED   CURRENT   READY   AGE
nginx-test-86bdc44976   1         0         0       9m4s

错误提示

Error from server (ServerTimeout): No API token found for service account "default", retry after the token is automatically created and added to the service account

错误原因
issues#11355

在kube-apiserver的准入控件选项中包含ServiceAccount,必须在kube-apiserver启动参数中配置--service-account-key-file,
并且在kube-controller-manager启动参数中配置--service_account_private_key_file

解决方案

#生成api token
openssl genrsa -out /opt/k8s/master/pki/serviceaccount.key 2048

#修改kube-apiserver启动参数
cat << EOF > /opt/k8s/master/etc/kube-apiserver.conf \
#[Options]
KUBE_APISERVER_INSECURE_OPTS="--etcd-servers=https://192.168.159.3:2379,https://192.168.159.4:2379 \
--etcd-cafile=/opt/etcd/pki/ca.pem \
--etcd-certfile=/opt/etcd/pki/etcdctl.pem \
--etcd-keyfile=/opt/etcd/pki/etcdctl-key.pem \
--insecure-bind-address=0.0.0.0 \
--insecure-port=8080 \
--service-cluster-ip-range=10.0.0.0/24 \
--service-node-port-range=30000-50000 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--logtostderr=true \
--service-account-key-file=/opt/k8s/master/pki/serviceaccount.key \
--log-dir=/opt/k8s/master/log/kube-apiserver \
--v=2"
EOF
#重启kube-apiserver
systemctl daemon-reload && systemctl restart kube-apiserver

#修改kube-controller-manager启动参数
cat << EOF > /opt/k8s/master/etc/kube-controller-manager.conf 
#[Options]
KUBE_CONTROLLER_MANAGER_INSECURE_OPTS="--master=192.168.159.3:8080 \
--leader-elect=true \
--address=0.0.0.0 \
--port=10252 \
--service-cluster-ip-range=10.0.0.0/24 \
--service-account-private-key-file=/opt/k8s/master/pki/serviceaccount.key \
--logtostderr=true \
--log-dir=/opt/k8s/master/log/kube-controller-manager \
--v=2"
EOF
#重启kube-controller-manager
systemctl daemon-reload && systemctl restart kube-controller-manager
#删除已创建rs,此时将自动启动新rs
kubectl delete rs nginx-test-86bdc44976

查看状态

# 此时pods在创建阶段
[root@master etc]# kubectl get rs
NAME                    DESIRED   CURRENT   READY   AGE
nginx-test-86bdc44976   1         1         0       3s
[root@master etc]# kubectl get pods
NAME                          READY   STATUS              RESTARTS   AGE
nginx-test-86bdc44976-4mpqp   0/1     ContainerCreating   0          23s

# 等待一会儿后再次查看
[root@master etc]# kubectl get rs
NAME                    DESIRED   CURRENT   READY   AGE
nginx-test-86bdc44976   1         1         1       92s
[root@master etc]# kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
nginx-test-86bdc44976-4mpqp   1/1     Running   0          2m38s

查看docker运行容器,此时docker上运行了nginx和pause两个镜像容器

[root@node1 etc]# docker ps -a
CONTAINER ID        IMAGE                                                                 COMMAND                  CREATED             STATUS              PORTS               NAMES
9701588f688c        nginx                                                                 "nginx -g 'daemon of…"   7 minutes ago       Up 7 minutes                            k8s_nginx-test_nginx-test-86bdc44976-4mpqp_default_f9ad575a-083f-495d-bafe-3c0350825976_0
29ce807cf3eb        registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0   "/pause"                 8 minutes ago       Up 8 minutes                            k8s_POD_nginx-test-86bdc44976-4mpqp_default_f9ad575a-083f-495d-bafe-3c0350825976_0

创建nginx对外服务

[root@master etc]# kubectl expose rs nginx-test-86bdc44976 --port=80 --target-port=80 --type=LoadBalancer
service/nginx-test-86bdc44976 exposed

[root@master etc]# kubectl get svc
NAME                    TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP      10.0.0.1     <none>        443/TCP        18h
nginx-test-86bdc44976   LoadBalancer   10.0.0.249   <pending>     80:49869/TCP   20m

查看服务信息
[root@master etc]# kubectl describe svc nginx-test-86bdc44976
Name:                     nginx-test-86bdc44976
Namespace:                default
Labels:                   pod-template-hash=86bdc44976
                          run=nginx-test
Annotations:              <none>
Selector:                 pod-template-hash=86bdc44976,run=nginx-test
Type:                     LoadBalancer
IP:                       10.0.0.249
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  49869/TCP
Endpoints:                172.112.0.2:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

查看pods运行在哪个Node节点
[root@master etc]# kubectl get pod -o wide
NAME                          READY   STATUS    RESTARTS   AGE   IP            NODE            NOMINATED NODE   READINESS GATES
nginx-test-86bdc44976-4mpqp   1/1     Running   1          16h   172.112.0.2   192.168.159.4   <none>           <none>

在node1节点开放对应的NodePort

firewall-cmd --zone public --add-port 49869 --permanent
firewall-cmd --reload

通过浏览器访问nginx
在这里插入图片描述

至此,k8s普通集群服务搭建完毕,接下来我们将继续探讨集群的token和TLS验证以及k8s滚动升级等问题。

Let's Golang
关注
  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
ansible一键部署k8s1.16集群新增node节点-二进制-参考
06-28
ansible一键部署k8s1.16集群新增node节点—二进制—参考
kubelet not ready 问题排查
Standup-jb的博客
10-20 5813
背景 使用kubectl 发现Node不正常。然后查看Node的日志出现如下 Warning ImageGCFailed 53s kubelet, 192.168.60.31 failed to get imageFs info: unable to find data in memory cache Normal NodeHasSufficientMemory 53s kubelet, 192.168.60.31 Node 192.168.60.31
(1) Kubernetes基本概念和术语
一切有为法,如梦亦如幻,如露亦如电,应作如是观。
06-11 7842
kubernetes是一个完备的分布式系统支撑平台,大部分概念如Node、Pod、Replication Controller、Service等都可以看作是一种。
Kubernetes 核心对象概览详解
小楼一夜听春雨,深巷明朝卖杏花
06-29 928
之前说了k8s对象共性的部分,包括typemeta定义了这个对象是什么,metadata定义了对象是谁,以及spec是用户的期望,往往都是用户输入的,status是对象的状态,一般是由控制器去更新。typemeta和metadata是所有对象共性共有的,spec每个对象长的不一样。 Node是Pod真正运行的主机,可以物理机,也可以是虚拟机。为了管理Pod,每个Node节点上至少要运行container runtime ·(比如 Docker 或者 Rkt)、Kubelet和 Kube-proxy服务。
Node与namespace
Kubernetes enthusiasts
02-03 2208
一、节点管理 kubectl命令 集群中的管理操作几乎都可以使用kubectl命令完成 [root@master ~]# kubectl -h 查看集群信息 [root@master1 ~]# kubectl cluster-info Kubernetes master is running at https://192.168.122.11:6443 CoreDNS is running at https://192.168.122.11:6443/api/v1/namespaces/kube-sy
Kubernetes In Action :2、开始使用Kubernetes和Docker
沛哥儿的专栏
09-13 576
本章内容涵盖在深入学习Kubernetes的概念之前,先来看看如何创建一个简单的应用,把它打包成容器镜像并在远端的Kubernetes集群(如托管在Google Kubernetes Engine中)或本地单节点集群中运行。这会对整个Kubernetes体系有较好的了解,并且会让接下来几个章节对Kubernetes基本概念的学习变得简单。正如在之前章节所介绍的,在Kubernetes中运行应用需要打包好的容器镜像。本节将会对Docker的使用做简单的介绍。接下来的几节中将会介绍:首先,需要在Linux主机上
k8s节点资源耗尽处理
Kason_iWiki
10-08 501
文章目录事件背景处理思路检查当前pod运行状态检查events记录磁盘占用查看 事件背景 前场一线运维同学反馈收到Pod 重启告警邮件 过去2分钟内 集群存在Pod重启操作 处理思路 检查当前pod运行状态 可以看出当前pod都是处于正常状态运行; 发现事件中确实有记录pod重建过程,接着往下排查为什么会出现重建 检查events记录 重要信息: 11m Normal Starting node/10.238.14.170 Starting
k8s集群部署hello应用实例
最新发布
10-20
在本教程中,我们将深入探讨如何在Kubernetes(k8s集群部署一个名为"hello"的应用程序实例。Kubernetes是一种流行的容器编排系统,它允许开发者和运维人员高效地管理和扩展微服务应用程序。 首先,理解...
搭建K8S集群.docx
12-30
搭建Kubernetes(K8S集群是现代云原生应用部署的关键步骤,它涉及多个组件的配置和管理。以下是对K8S集群搭建过程的详细解释: 首先,我们需要准备虚拟机环境来模拟实际的K8S集群。在这个例子中,我们使用Windows...
最新搭建高可用K8S集群文档 (基于K8S 1.15)
10-19
搭建一个高可用的Kubernetes (K8S) 集群是现代云原生应用部署的基础,特别是对于大型企业或需要高稳定性的服务而言。在这个过程中,K8S 1.15 版本提供了稳定性和性能的良好平衡。以下是根据提供的信息详细说明的搭建...
基于docker使用kubespray工具部署高可用K8S集群(国内互联网方案二)部署资源包
04-25
在IT行业中,Kubernetes(K8S)已成为容器编排的事实标准,而Kubespray则是一个强大的工具,用于自动化Kubernetes集群部署、扩展和管理。这篇博客文章提供了基于Docker在国内互联网环境下使用Kubespray部署高可用...
介绍 k8s event 数据收集以及事件集监控
dw_li的博客
06-08 383
node-problem-detector 官网地址: https://github.com/kubernetes/node-problem-detector。kube-eventer 官网地址: https://github.com/AliyunContainerService/kube-eventer。使用 K8s 集群,我们关注业务、容器、集群三个层面稳定性,最基础的依赖是 K8s node 要稳定。3、搭建 开源组件kube-event & node-problem-detector。
Microk8s多机安装
明训的专栏
06-11 1568
Canonical为Microk8s增加了高可用性,使其可以随时部署到生产环境。至少部署三个节点后,Microk8s会自动扩展控制平面,以便在多个节点上运行API服务。
node节点的资源限制
运维玄德公
08-15 752
1. 节点信息总览 1.1 master 信息输出如下 1.2 node信息如下 2. 配置docker的 cgroup驱动 3. 配置kubelete的cgroup驱动 3.1 配置文件 3.2 默认配置 3.3 修改如下 3.4 修改kubelet 启动文件 4. 重启服务查看结果
centos7 开启80端口
01-19 237
centos的防火墙改成了firewall,不再叫iptables,开放端口的方法如下: firewall-cmd --zone=public --add-port=80/tcp --permanent 命令含义: --zone #作用域 --add-port=80/tcp #添...
【kubernetes/k8s源码分析】kube-apiserver 启动
热门推荐
zhonglinzhang
03-29 1万+
kubernetes v1.12 一. 序言 主要实现了功能 一个是请求的路由和处理,简单说就是监听一个端口,把接收到的请求正确地转到相应的处理逻辑上,另一个功能就是认证及权限控制 集群管理 资源配额控制 集群安全机制 kube-apiserver  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,Defa...
k8s相关问题及解决
fdggdg的博客
02-06 262
k8s问题解决
kubernetes 实践一:基本概念和架构
dilucheng1575的博客
09-23 303
这里记录kubernetes学习和使用过程中的内容。 CentOS7 k8s-1.13 flanneld-0.10 docker-18.06 etcd-3.3 kubernetes基本概念 kubernetes,又称k8s,是现今最流行的开源容器编排系统,是Google公司其内部十几年容器经验和技术的结晶,著名软件Google Borg的开源版本。它包含了以下特性: 自动化装箱:在...
K8S 1.23 metrics-server及cadvisor 杂记
weixin_40455124的博客
06-06 1022
metrics-server是取代heapster,需要开启aggregate(默认开启),k8s建议生产环境开启tls认证以保障node安全。 aggregate可以查看top pod及node :kubectl -n kube-system top podmetrics-server 还支持custom metric和external metric (比如keda),这些metric都可以用于HPAmetric-server 还增加了summary 查看,如以下命令: kubectl get --raw
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值