Kubernetes CKA certified operation and maintenance engineer's notes - kubernetes cluster construction

1. Two ways to deploy K8s in production environment

  • kubeadm
    Kubedm is a tool that provides kubedm init and kubedm join for rapid deployment of Kubernetes clusters.
    Deployment address: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
  • Binary
    It is recommended to download the binary package of the distribution from the official and manually deploy each component to form a Kubernetes cluster.
    Download address: https://github.com/kubernetes/kubernetes/releases

2. Recommended server hardware configuration

3. Quickly deploy a K8s cluster using kubedm

# Create a Master node
kubeadm init
# Add a Node to the current cluster
kubeadm join <Master Nodal IP And ports>

3.1 installation requirements

Before you start, you need to meet the following conditions to deploy Kubernetes cluster machines:

  • One or more machines, operating system CentOS7.x-86_x64, recommended 7.5-7.8
  • Hardware configuration: 2GB or more RAM, 2 CPUs or more CPUs, 30GB or more hard disk, 2C4G is recommended
  • Network interworking between all machines in the cluster
  • You can access the external network. You need to pull the image. If you can't connect to the network, find a server that can connect to the network for docker pull/load/save and other operations
  • Prohibit swap partition to prevent memory overflow and falling on disk, resulting in slow speed and affecting work efficiency

3.2 preparation environment

roleIP
k8s-master10.0.0.61
k8s-node110.0.0.62
k8s-node210.0.0.63
Turn off firewall (all nodes execute):
[root@k8s-cka-master01 ~]# systemctl stop firewalld
[root@k8s-cka-master01 ~]# systemctl disable firewalld

close selinux(All nodes:
[root@k8s-cka-master01 ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config     # permanent
[root@k8s-cka-master01 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     disabled - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of disabled.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

[root@k8s-cka-master01 ~]# setenforce 0   # Temporarily Closed
setenforce: SELinux is disabled   # Because I have closed it, there will be this display. If it is not closed, it will be closed normally

close swap(All nodes:
[root@k8s-cka-master01 ~]# swapoff -a   # temporary
[root@k8s-cka-master01 ~]# vim /etc/fstab  # Permanently, comment out swap
[root@k8s-cka-master01 ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Sun Jul 26 16:55:01 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos_mobanji01-root /                       xfs     defaults        0 0
UUID=95be88d4-4459-4996-a8cf-6d2fa2aa6344 /boot                   xfs     defaults        0 0
#/dev/mapper/centos_mobanji01-swap swap                    swap    defaults        0 0

Set host name (all nodes execute):
[root@k8s-cka-master01 ~]# hostnamectl set-hostname K8S-master
[root@k8s-cka-master01 ~]# bash
bash
[root@k8s-master ~]# 

stay master add to hosts(Just master Settings under node:
[root@k8s-master ~]# cat >> /etc/hosts << EOF   
10.0.0.61 k8s-master
10.0.0.62 k8s-node1
10.0.0.63 k8s-node2
EOF
[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.61 k8s-master
10.0.0.62 k8s-node1
10.0.0.63 k8s-node2

To be bridged IPv4 Flow transfer to iptables Chain of (executed by all nodes):
[root@k8s-master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@k8s-master ~]# sysctl --system        # take effect
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
* Applying /etc/sysctl.conf ...

time synchronization (All nodes execute): 
[root@k8s-master ~]# yum install ntpdate -y
Loaded plugins: fastestmirror
Determining fastest mirrors
....
Installed:
  ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2  
                                                               
Complete!
[root@k8s-master ~]# ntpdate time.windows.com
21 Nov 18:13:28 ntpdate[3724]: adjust time server 52.231.114.183 offset 0.007273 sec

3.3 install docker / kubedm / kubelet [all nodes]

By default, the CRI (container runtime) of Kubernetes is Docker, so Docker is installed first.

3.3.1 installing Docker

[root@k8s-master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@k8s-master ~]# yum -y install docker-ce
[root@k8s-master ~]# systemctl enable docker && systemctl start docker

To configure the image download accelerator:

[root@k8s-master ~]# cat > /etc/docker/daemon.json << EOF
{
 "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# docker info

3.3.2 add alicloud YUM software source

[root@k8s-master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

3.3.3 install kubedm, kubelet and kubectl

Due to frequent version updates, the version number deployment is specified here:

[root@k8s-master ~]# yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
[root@k8s-master ~]# systemctl enable kubelet

3.4 deployment of Kubernetes Master

https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#initializing-your-control-plane-node

Execute at 10.0.0.61 (Master).

[root@k8s-master ~]# kubeadm init \
>  --apiserver-advertise-address=10.0.0.61 \
>  --image-repository registry.aliyuncs.com/google_containers \
>  --kubernetes-version v1.19.0 \
>  --service-cidr=10.96.0.0/12 \
>  --pod-network-cidr=10.244.0.0/16 \
>  --ignore-preflight-errors=all
  • – apiserver advertisement address
  • – the image repository cannot be accessed in China because the default image address is k8s.gcr.io. Here, specify the Alibaba cloud image warehouse address
  • – kubernetes version k8s version, consistent with the above installation
  • – service CIDR cluster internal virtual network, Pod unified access portal
  • – pod network CIDR pod network, which is consistent with the CNI network component yaml deployed below

Or use the configuration file to boot:

[root@k8s-master ~]# vi kubeadm.conf
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
imageRepository: registry.aliyuncs.com/google_containers 
networking:
  podSubnet: 10.244.0.0/16 
  serviceSubnet: 10.96.0.0/12 

[root@k8s-master ~]# kubeadm init --config kubeadm.conf --ignore-preflight-errors=all  


[root@k8s-master ~]# docker image ls
REPOSITORY                                                        TAG                 IMAGE ID            CREATED             SIZE
10.0.0.65/library/tomcat                                          <none>              b9479c1bc4c6        12 months ago       459MB
10.0.0.65/library/nginx                                           <none>              c345bbeb41b9        12 months ago       397MB
calico/node                                                       v3.16.5             c1fa37765208        12 months ago       163MB
calico/pod2daemon-flexvol                                         v3.16.5             178cfd5d2400        12 months ago       21.9MB
calico/cni                                                        v3.16.5             9165569ec236        12 months ago       133MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.19.0             bc9c328f379c        15 months ago       118MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.19.0             09d665d529d0        15 months ago       111MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.19.0             1b74e93ece2f        15 months ago       119MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.19.0             cbdc8369d8b1        15 months ago       45.7MB
registry.aliyuncs.com/google_containers/etcd                      3.4.9-1             d4ca8726196c        17 months ago       253MB
registry.aliyuncs.com/google_containers/coredns                   1.7.0               bfe3a36ebd25        17 months ago       45.2MB
registry.aliyuncs.com/google_containers/pause                     3.2                 80d28bedfe5d        21 months ago       683kB

Kubedm init workflow

kubeadm Component container deployment (image), kubelet No containerization, systemctl
 Binary daemon  systemctl

kubeadm init Workflow:
1,Installation environment check, e.g swapoff Is it off? Does the machine configuration meet or not
2,Download Image kubeadm config images pull
3,Generate certificate and save path/etc/kubernetes/pki(k8s,etcd)
4,[kubeconfig] generate kubeconfig Files, other component connections apiserver
5,[kubelet-start] generate kubelet Profile and launch
6,[control-plane] start-up master Node component
7,Store some configuration files in configmap Used for initial pulling of other nodes
8,[mark-control-plane] to master The node is stained and not allowed to pod Run on it
9,[bootstrap-token] Automatically as kubelet Issue certificate
10,[addons] Install plug-ins CoreDNS kube-proxy
Last copy kubectl For tools kubeconfig To the default path.
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Output other nodes join master Command for:
kubeadm join 10.0.0.61:6443 --token 3abvx6.5em4yxz9fwzsroyi \
    --discovery-token-ca-cert-hash sha256:a2ce75ca1be016a9a679e2c5c4e9e4f8c97ed148dad6936edda6947a7e33aa97

Problems encountered

# Problem: Controller Manager and scheduler status are unhealthy
[root@k8s-master kubernetes]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
controller-manager   Unhealthy   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused   
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
etcd-0               Healthy     {"health":"true"}    
     
# terms of settlement: 
# Comment out the -- port=0 of kube-controller-manager.yaml and kube-scheduler.yaml under / etc / kubernetes / manifest                                                                   
[root@k8s-master kubernetes]# cd
[root@k8s-master ~]# cd /etc/kubernetes/manifests/
[root@k8s-master manifests]# ll
total 16
-rw------- 1 root root 2109 Nov 21 23:18 etcd.yaml
-rw------- 1 root root 3166 Nov 21 23:18 kube-apiserver.yaml
-rw------- 1 root root 2858 Nov 21 23:18 kube-controller-manager.yaml
-rw------- 1 root root 1413 Nov 21 23:18 kube-scheduler.yaml
[root@k8s-master manifests]# 
[root@k8s-master manifests]# ll
total 16
-rw------- 1 root root 2109 Nov 21 23:18 etcd.yaml
-rw------- 1 root root 3166 Nov 21 23:18 kube-apiserver.yaml
-rw------- 1 root root 2858 Nov 21 23:18 kube-controller-manager.yaml
-rw------- 1 root root 1413 Nov 21 23:18 kube-scheduler.yaml
[root@k8s-master manifests]# vim kube-controller-manager.yaml 
[root@k8s-master ~]# cat /etc/kubernetes/manifests/kube-controller-manager.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cluster-cidr=10.244.0.0/16
    - --cluster-name=kubernetes
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --node-cidr-mask-size=24
    #- --port=0
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --root-ca-file=/etc/kubernetes/pki/ca.crt
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --service-cluster-ip-range=10.96.0.0/12
    - --use-service-account-credentials=true
...
[root@k8s-master manifests]# vim kube-scheduler.yaml 
[root@k8s-master ~]# cat /etc/kubernetes/manifests/kube-scheduler.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-scheduler
    tier: control-plane
  name: kube-scheduler
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-scheduler
    - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
    - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf
    - --bind-address=127.0.0.1
    - --kubeconfig=/etc/kubernetes/scheduler.conf
    - --leader-elect=true
    #- --port=0
    image: registry.aliyuncs.com/google_containers/kube-scheduler:v1.19.0
    imagePullPolicy: IfNotPresent
    ...
# Problem solving
[root@k8s-master manifests]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}

3.5 join Kubernetes Node

Execute at 10.0.0.62/63 (Node).
Add a new node to the cluster and execute the kubedm join command output in kubedm init:

[root@k8s-node1 ~]# kubeadm join 10.0.0.61:6443 --token 3abvx6.5em4yxz9fwzsroyi \
     --discovery-token-ca-cert-hash sha256:a2ce75ca1be016a9a679e2c5c4e9e4f8c97ed148dad6936edda6947a7e33aa97

Problems encountered:

# Problem: execute the kubectl join command on the node, and then execute kubectl get nodes. The error is as follows
[root@k8s-node2 ~]# kubectl get nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?

# Solve the problem: transfer the / etc/kubernetes/admin.conf of the master node to the node server, mv to the / etc/kubernetes directory
[root@k8s-master ~]# scp .kube/config root@10.0.0.62:~
The authenticity of host '10.0.0.62 (10.0.0.62)' can't be established.
ECDSA key fingerprint is SHA256:OWuZy2NmY2roM1RqIamUATXYA+wqXai6nqsA1LesvjU.
ECDSA key fingerprint is MD5:04:af:eb:98:a5:8d:e0:a4:b4:16:29:80:8e:f9:e6:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.62' (ECDSA) to the list of known hosts.
root@10.0.0.62's password: 
Permission denied, please try again.
root@10.0.0.62's password: 
config                                                    100% 5565     1.3MB/s   00:00
[root@k8s-node1 ~]# mv config .kube/
perhaps
[root@k8s-node2 ~]# mv admin.conf /etc/kubernetes/
[root@k8s-node2 ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   11h   v1.19.0
k8s-node1    Ready    <none>   11h   v1.19.0
k8s-node2    Ready    <none>   11h   v1.19.0
[root@k8s-node2 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"} 
# Problem solving

The default token is valid for 24 hours. When it expires, the token will not be available. In this case, you need to re create the token, as follows:

$ kubeadm token create
$ kubeadm token list
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

$ kubeadm join 192.168.31.61:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

Or directly generate a quick command: kubedm token create -- print join command

https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/

3.6 deployment container network (CNI)

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#pod-network
Note: only one of the following needs to be deployed. Calico is recommended.
Calico is a pure three-tier data center network solution. Calico supports a wide range of platforms, including Kubernetes, OpenStack, etc.
Calico implements an efficient virtual router (vRouter) in each computing node using Linux Kernel to be responsible for data forwarding, and each vRouter is responsible for transmitting the routing information of its workload to the whole calico network through BGP protocol.
In addition, Calico project also implements Kubernetes network policy and provides ACL function.
https://docs.projectcalico.org/getting-started/kubernetes/quickstart

$ wget https://docs.projectcalico.org/manifests/calico.yaml

After downloading, you also need to modify the Pod network defined in it (CALICO_IPV4POOL_CIDR), which is the same as that specified in kubedm init (10.244.0.0 / 16)
Application list after modification:

[root@k8s-master ~]# kubectl apply -f calico.yaml
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                      READY   STATUS    RESTARTS   AGE
calico-kube-controllers-97769f7c7-z6npb   1/1     Running   0          8m18s
calico-node-4pwdc                         1/1     Running   0          8m18s
calico-node-9r6zd                         1/1     Running   0          8m18s
calico-node-vqzdj                         1/1     Running   0          8m18s
coredns-6d56c8448f-gcgrh                  1/1     Running   0          26m
coredns-6d56c8448f-tbsmv                  1/1     Running   0          26m
etcd-k8s-master                           1/1     Running   0          26m
kube-apiserver-k8s-master                 1/1     Running   0          26m
kube-controller-manager-k8s-master        1/1     Running   0          26m
kube-proxy-5qpgc                          1/1     Running   0          22m
kube-proxy-q2xfq                          1/1     Running   0          22m
kube-proxy-tvzpd                          1/1     Running   0          26m
kube-scheduler-k8s-master                 1/1     Running   0          26m

3.7 testing kubernetes clusters

  • Verify Pod operation
  • Verify Pod network communication
  • Verify DNS resolution

Create a pod in the Kubernetes cluster and verify that it works normally:

$ kubectl create deployment nginx --image=nginx
$ kubectl expose deployment nginx --port=80 --type=NodePort
$ kubectl get pod,svc
[root@k8s-master ~]# kubectl create deployment web --image=nginx
deployment.apps/web created
[root@k8s-master ~]# kubectl get pods
NAME                  READY   STATUS              RESTARTS   AGE
web-96d5df5c8-ghb6g   0/1     ContainerCreating   0          17s
[root@k8s-master ~]# kubectl expose deployment web --port=80 --target-port=80 --type=NodePort
service/web exposed
[root@k8s-master ~]# kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
web-96d5df5c8-ghb6g   1/1     Running   0          2m38s
[root@k8s-master ~]# kubectl get pods,svc
NAME                      READY   STATUS    RESTARTS   AGE
pod/web-96d5df5c8-ghb6g   1/1     Running   0          2m48s

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        12h
service/web          NodePort    10.96.132.243   <none>        80:31340/TCP   16s

# View pod log
[root@k8s-master ~]# kubectl logs web-96d5df5c8-ghb6g -f
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/11/22 03:30:28 [notice] 1#1: using the "epoll" event method
2021/11/22 03:30:28 [notice] 1#1: nginx/1.21.4
2021/11/22 03:30:28 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2021/11/22 03:30:28 [notice] 1#1: OS: Linux 3.10.0-1160.45.1.el7.x86_64
2021/11/22 03:30:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/11/22 03:30:28 [notice] 1#1: start worker processes
2021/11/22 03:30:28 [notice] 1#1: start worker process 31
2021/11/22 03:30:28 [notice] 1#1: start worker process 32
10.0.0.62 - - [22/Nov/2021:03:34:04 +0000] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
2021/11/22 03:34:04 [error] 31#31: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.0.0.62, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.62:31340", referrer: "http://10.0.0.62:31340/"
10.0.0.62 - - [22/Nov/2021:03:34:04 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://10.0.0.62:31340/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"




10.0.0.62 - - [22/Nov/2021:03:38:29 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.62 - - [22/Nov/2021:03:38:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.244.169.128 - - [22/Nov/2021:03:40:10 +0000] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.244.169.128 - - [22/Nov/2021:03:40:10 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://10.0.0.63:31340/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
2021/11/22 03:40:10 [error] 31#31: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.244.169.128, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.63:31340", referrer: "http://10.0.0.63:31340/"
10.244.169.128 - - [22/Nov/2021:03:40:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.244.169.128 - - [22/Nov/2021:03:40:15 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"

# Verify pod network communication
[root@k8s-master ~]# kubectl get pods -o wide
NAME                  READY   STATUS    RESTARTS   AGE   IP             NODE        NOMINATED NODE   READINESS GATES
web-96d5df5c8-ghb6g   1/1     Running   0          11m   10.244.36.66   k8s-node1   <none>           <none>
[root@k8s-node1 kubernetes]# ping 10.244.36.66
PING 10.244.36.66 (10.244.36.66) 56(84) bytes of data.
64 bytes from 10.244.36.66: icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from 10.244.36.66: icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from 10.244.36.66: icmp_seq=3 ttl=64 time=0.145 ms
^C
--- 10.244.36.66 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.063/0.098/0.145/0.035 ms

#Verify DNS resolution
[root@k8s-master ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        12h
web          NodePort    10.96.132.243   <none>        80:31340/TCP   11m

Access address: http://NodeIP:Port

3.8 deploying Dashboard

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

The default Dashboard can only be accessed inside the cluster. Modify the Service to NodePort type and expose it to the outside:

$ vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
...
$ kubectl apply -f recommended.yaml
$ kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-gl8nr   1/1     Running   0          13m
kubernetes-dashboard-7f99b75bf4-89cds        1/1     Running   0          13m
[root@k8s-master ~]# vim kubernertes-dashboard.yaml 
[root@k8s-master ~]# kubectl apply -f kubernertes-dashboard.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7b59f7d4df-jxb4b   1/1     Running   0          3m28s
kubernetes-dashboard-5dbf55bd9d-zpr7t        1/1     Running   0          3m28s
[root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.108.245.81   <none>        8000/TCP        5h47m
kubernetes-dashboard        NodePort    10.99.22.58     <none>        443:30001/TCP   5h47m

Access address: https://NodeIP:30001

The client logs in using HTTPS

Create a service account and bind the default cluster admin administrator cluster role:

# Create user
$ kubectl create serviceaccount dashboard-admin -n kube-system
# User authorization
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# Get user Token
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-wnt6h
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: f2277e2c-4c4d-401c-a0fa-f48110f6e259

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImVJVEZNbVB3Y0xXMWVWMU1xYk9RdUVPdFhvM1ByTUdZY2xjS0I0anhjMlkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4td250NmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjIyNzdlMmMtNGM0ZC00MDFjLWEwZmEtZjQ4MTEwZjZlMjU5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.hcxJhsSGcgwpoQnRqeWIZLFRZM4kp0itTPYJjFuSpUOLObiLfBcQqXq4zCNAAYI3axpilv0kQA5A-l_clqpTmEKQzSa2wwx5KA-V-KNHVJ9animI691INL_5Qe9O7qyF6QybnOeVXm6K-VaC2a-njAigF_0VcSweX3VdVg9Qr0ck_RsbyerP-Hhxuo-6uep_V0AfeD4ex3OE8DTlZtktAjvvalm0hNPMq-cWVdPENe-ml7Gk0NC8iyNGNbvkwk4-z3vYj2C_4Vx3JxXTAiPRqneg_NSQKsR6H7lvZ6bPvG1OW1CeZ52JiFVErdSowRh32G5sIoF7dzQFBLYiAk6mYw

Log in to the Dashboard using the output token.

View pod log

Some problems encountered during construction
1. calico node pod status CrashLoopBackOff

  • There is a problem with the configuration file
  • Host network card name is unconventional
    - name: IP_AUTODETECTION_METHOD
    value: "interface=eth0"

2. Downloading images is slow or even timeout ImagePullBackOff
You can manually pull docker on each node

3. Kubedm init, join initialization failed
Kubedm reset clears the kubedm execution record of the current machine

4. Troubleshooting ideas for calico pod startup failure:
kubectl describe pod calico-node-b2lkr -n kube-system
kubectl logs calico-node-b2lkr -n kube-system

5. kubectl get cs health check failed
vi /etc/kubernetes/manifests/kube-scheduler.yaml
#-- port=0 comment out this parameter
kubectl delete pod kube-scheduler-k8s-master -n kube-system

4. K8s CNI network model

How do two Docker hosts realize container interworking?
Existing problems:
1. The two docker host networks are independent
2. How to uniformly manage the container ip of multiple docker hosts
3. The network segment of the two docker hosts is a docker internal network
If you want to access container 1 to container 2, you need to use the host network. container1 -> docker1 <-> docker2 -> container2
The technologies to realize this cross host container communication include flannel, calico and so on.

Selection basis of CNI network components:

  • Server size
  • Support function
  • performance
    Q:
    1. These k8s node segments are managed uniformly to ensure that each container is assigned different IP addresses
    2. Do you want to know which docker host to forward?
    3. How to realize this forwarding (send from the container on docker host 1 to the container on another docker host)

A:
1. Assign a unique network segment to each docker host
2. Make records of the network segments that each docker host should respond to
3. You can use iptables or use the host as a router to configure the routing table

K8s is a flat network.

That is, all deployed network components must meet the following requirements:

  • One Pod and one IP
  • All pods can communicate directly with any other Pod
  • All nodes can communicate directly with all pods
  • The IP address obtained by the Pod is the same as that of other pods or nodes when communicating with them

Mainstream network components include Flannel, Calico, etc

Calico

Calico is a pure three-tier data center network solution. Calico supports a wide range of platforms, including Kubernetes, OpenStack, etc.

Calico implements an efficient virtual router (vRouter) in each computing node using Linux Kernel to be responsible for data forwarding, and each vRouter is responsible for transmitting the routing information of its workload to the whole calico network through BGP protocol.

In addition, Calico project also implements Kubernetes network policy and provides ACL function.

Calico deployment:

wget https://docs.projectcalico.org/manifests/calico.yaml

After downloading, you also need to modify the Pod network (CALICO_IPV4POOL_CIDR) defined in it, which is the same as that specified in kubedm init

kubectl apply -f calico.yaml
kubectl get pods -n kube-system

Flannel

Flannel is a network component maintained by CoreOS. Flannel provides globally unique IP for each Pod. Flannel uses ETCD to store the relationship between Pod subnet and Node IP. The flanneld daemon runs on each host and is responsible for maintaining ETCD information and routing packets.

Flannel deployment:

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.11.0-amd64#g" kube-flannel.yml

5. kubectl command line management tool

Kubectl uses the kubeconfig authentication file to connect to the K8s cluster, and uses the kubectl config command to generate the kubeconfig file.

kubeconfig connects to K8s authentication file

apiVersion: v1
kind: Config
#colony
clusters:
-cluster:
  certificate-authority-data:
  server: https://192.168.31.61:6443
 name: kubernetes

#context
contexts:
-context:
  cluster: kubernetes
  user: kubernetes-admin
 name: kubernetes-admin@kubernetes

#Current context
current-context: kubernetes-admin@kubernetes

#Client authentication
users:
-name: kubernetes-admin
 user:
  client-certificate-data:
  client-key-data:

Official document reference address: https://kubernetes.io/zh/docs/reference/kubectl/overview/

typecommanddescribe
Basic commandcreateCreate a resource by file name or standard input
Basic commandexposeCreate Service for Deployment, Pod
Basic commandrunRunning a specific mirror in a cluster
Basic commandsetSet specific functions on the object
Basic commandexplainDocument references
Basic commandgetDisplays one or more resources
Basic commandeditUse the system editor to edit a resource.
Basic commanddeleteDelete a resource through a file name, standard input, resource name, or label selector.
Deployment commandrolloutManage the publishing of Deployment and daemon resources (such as status, publishing records, rollback, etc.)
Deployment commandrolling-update
Deployment commandscaleExpand or shrink the number of pods for Deployment, ReplicaSet, RC, or Job resources
Deployment commandautoscaleConfigure auto scaling rules for deploy, RS and RC (depending on metrics server and hpa)
Cluster management commandcertificateModify certificate resource
Cluster management commandcluster-infoDisplay cluster information
Cluster management commandtopView resource utilization (dependent on metrics server)
Cluster management commandcordonMarked node is not schedulable
Cluster management commanduncordonMarked node schedulable
Cluster management commanddrainExpel the application on the node and prepare for offline maintenance
Cluster management commandtaintModify node taint tag
Troubleshooting and debugging commandsdescribeShow resource details
Troubleshooting and debugging commandslogsView the Pod content container log. If the Pod has multiple containers, the - c parameter specifies the container name
Troubleshooting and debugging commandsattachA container attached to the Pod
Troubleshooting and debugging commandsexecExecute the command inside the container
Troubleshooting and debugging commandsport-forwardCreate local port mapping for Pod
Troubleshooting and debugging commandsproxyCreate a proxy for KubernetesAPIserver
Troubleshooting and debugging commandscpCopy files or directories into the container or from the container
Advanced commandapplyCreate / update resource from file name or standard input
Advanced commandpatchUse the patch method to modify and update some fields of resources
Advanced commandreplaceReplace a resource from a file name or standard input
Advanced commandconvertConverting object definitions between different API versions
set commandlabelSet and update labels for resources
set commandannotateSet and update comments for resources
set commandcompletionKubectl tool auto completion, source < (kubectl completion bash) (dependent on bash completion)
Other commandsapi-resourcesView all resources
Other commandsapi-versionsPrint supported API versions
Other commandsconfigModify kubeconfig file (used to access API, such as configuring authentication information)
Other commandshelpAll command help
Other commandsversionView kubectl and k8s versions

kubectl create supports the creation of resources
Available Commands:

clusterroleCreate a ClusterRole.
clusterrolebindingCreate a ClusterRoleBinding for a particular ClusterRole
configmapCreate a configmap from a local file, directory or literal value
cronjobCreate a cronjob with the specified name.
deploymentCreate a deployment with the specified name.
jobCreate a job with the specified name.
namespaceCreate a namespace with the specified name
poddisruptionbudgetCreate a pod disruption budget with the specified name.
priorityclassCreate a priorityclass with the specified name.
quotaCreate a quota with the specified name.
roleCreate a role with single rule.
rolebindingCreate a RoleBinding for a particular Role or ClusterRole
secretCreate a secret using specified subcommand
serviceCreate a service using specified subcommand.
serviceaccountCreate a service account with the specified name
[root@k8s-master ~]# yum install bash-completion -y
[root@k8s-master ~]# source <(kubectl completion bash)
If you can't complete it, execute it bash´╝îReuse source Import it again, and then you can complete it


[root@k8s-master ~]# kubectl version 
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:23:04Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}


Quick deployment of a website
To deploy a mirror using the Deployment controller:
kubectl create deployment web --image=lizhenliang/java-demo
kubectl get deploy,pods
Expose the Pod using Service:
kubectl expose deployment web --port=80 --type=NodePort --target-port=8080 --name=web
kubectl get service
Access application:
http://NodeIP:Port #The port is randomly generated and obtained through get svc

[root@k8s-master ~]# kubectl create deployment my-dep --image=lizhenliang/demo --replicas=3
deployment.apps/my-dep created
[root@k8s-master ~]# kubectl get pods
NAME                     READY   STATUS              RESTARTS   AGE
my-dep-99596b7c8-8tt6f   0/1     ContainerCreating   0          26s
my-dep-99596b7c8-9xgn4   0/1     ImagePullBackOff    0          26s
my-dep-99596b7c8-lpbzt   0/1     ContainerCreating   0          26s
web-96d5df5c8-ghb6g      1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get pods
NAME                     READY   STATUS              RESTARTS   AGE
my-dep-99596b7c8-8tt6f   0/1     ImagePullBackOff    0          64s
my-dep-99596b7c8-9xgn4   0/1     ImagePullBackOff    0          64s
my-dep-99596b7c8-lpbzt   0/1     ContainerCreating   0          64s
web-96d5df5c8-ghb6g      1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get deployments
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
my-dep   0/3     3            0           96s
web      1/1     1            1           2d18h
[root@k8s-master ~]# kubectl delete deployments my-dep
deployment.apps "my-dep" deleted
[root@k8s-master ~]# kubectl get deployments
NAME   READY   UP-TO-DATE   AVAILABLE   AGE
web    1/1     1            1           2d18h
[root@k8s-master ~]# kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
web-96d5df5c8-ghb6g   1/1     Running   0          2d18h

[root@k8s-master ~]# kubectl create deployment my-dep --image=lizhenliang/java-demo --replicas=3
deployment.apps/my-dep created
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS              RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   0/1     ContainerCreating   0          7s
my-dep-5f8dfc8c78-f4ln4   0/1     ContainerCreating   0          7s
my-dep-5f8dfc8c78-j9fqp   0/1     ContainerCreating   0          7s
web-96d5df5c8-ghb6g       1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS              RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   0/1     ContainerCreating   0          48s
my-dep-5f8dfc8c78-f4ln4   0/1     ContainerCreating   0          48s
my-dep-5f8dfc8c78-j9fqp   0/1     ContainerCreating   0          48s
web-96d5df5c8-ghb6g       1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   1/1     Running   0          69s
my-dep-5f8dfc8c78-f4ln4   1/1     Running   0          69s
my-dep-5f8dfc8c78-j9fqp   1/1     Running   0          69s
web-96d5df5c8-ghb6g       1/1     Running   0          2d18h

[root@k8s-master ~]# kubectl create deployment my-dep --image=lizhenliang/java-demo --replicas=3
deployment.apps/my-dep created
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS              RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   0/1     ContainerCreating   0          7s
my-dep-5f8dfc8c78-f4ln4   0/1     ContainerCreating   0          7s
my-dep-5f8dfc8c78-j9fqp   0/1     ContainerCreating   0          7s
web-96d5df5c8-ghb6g       1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS              RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   0/1     ContainerCreating   0          48s
my-dep-5f8dfc8c78-f4ln4   0/1     ContainerCreating   0          48s
my-dep-5f8dfc8c78-j9fqp   0/1     ContainerCreating   0          48s
web-96d5df5c8-ghb6g       1/1     Running             0          2d18h
[root@k8s-master ~]# kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   1/1     Running   0          69s
my-dep-5f8dfc8c78-f4ln4   1/1     Running   0          69s
my-dep-5f8dfc8c78-j9fqp   1/1     Running   0          69s
web-96d5df5c8-ghb6g       1/1     Running   0          2d18h
[root@k8s-master ~]# kubectl expose deployment my-dep --port=80 --target-port=8080 --type=NodePort
service/my-dep exposed
[root@k8s-master ~]# kubectl get service
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        3d6h
my-dep       NodePort    10.111.199.51   <none>        80:31734/TCP   18s
web          NodePort    10.96.132.243   <none>        80:31340/TCP   2d18h
[root@k8s-master ~]# kubectl get ep
NAME         ENDPOINTS                                                 AGE
kubernetes   10.0.0.61:6443                                            3d6h
my-dep       10.244.169.134:8080,10.244.36.69:8080,10.244.36.70:8080   40s
web          10.244.36.66:80                                           2d18h

Resource concept

  • Pod
    • Minimum deployment unit
    • A collection of containers
    • Containers in a Pod share a network namespace
    • Pod is short
  • Controllers
    • Deployment: stateless application deployment
    • Stateful set: stateful application deployment
    • Daemon set: ensure that all nodes run the same Pod
    • Job: one time task
    • Cronjob: scheduled task

Higher level objects, deploy and manage Pod

  • Service
    • Prevent Pod loss
    • Define access policies for a set of pods
  • Label: label, attached to a resource, used to associate objects, query and filter
    Label management
    Kubectl get pods -- show labels # view resource Tags
    Kubectl get Pods - L app = my dep # list resources by tag
[root@k8s-master ~]# kubectl get pods --show-labels
NAME                      READY   STATUS    RESTARTS   AGE     LABELS
my-dep-5f8dfc8c78-dvxp8   1/1     Running   0          13m     app=my-dep,pod-template-hash=5f8dfc8c78
my-dep-5f8dfc8c78-f4ln4   1/1     Running   0          13m     app=my-dep,pod-template-hash=5f8dfc8c78
my-dep-5f8dfc8c78-j9fqp   1/1     Running   0          13m     app=my-dep,pod-template-hash=5f8dfc8c78
web-96d5df5c8-ghb6g       1/1     Running   0          2d18h   app=web,pod-template-hash=96d5df5c8
[root@k8s-master ~]# kubectl get pods -l app=my-dep
NAME                      READY   STATUS    RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   1/1     Running   0          14m
my-dep-5f8dfc8c78-f4ln4   1/1     Running   0          14m
my-dep-5f8dfc8c78-j9fqp   1/1     Running   0          14m
  • Namespaces: a namespace that logically isolates objects
    Namespace
    Namespaces was introduced for:
    • Resource isolation
    • Permission control on namespace

-n parameter specifies the namespace

[root@k8s-master ~]# kubectl get namespaces 
NAME                   STATUS   AGE
default                Active   3d7h
kube-node-lease        Active   3d7h
kube-public            Active   3d7h
kube-system            Active   3d7h
kubernetes-dashboard   Active   2d14h
[root@k8s-master ~]# kubectl create namespace test
namespace/test created
[root@k8s-master ~]# kubectl get namespaces 
NAME                   STATUS   AGE
default                Active   3d7h
kube-node-lease        Active   3d7h
kube-public            Active   3d7h
kube-system            Active   3d7h
kubernetes-dashboard   Active   2d15h
test                   Active   8s
[root@k8s-master ~]# kubectl create deployment my-dep --image=lizhenliang/java-demo --replicas=3 -n test
deployment.apps/my-dep created
[root@k8s-master ~]# kubectl get pods -n test
NAME                      READY   STATUS              RESTARTS   AGE
my-dep-5f8dfc8c78-58sdk   0/1     ContainerCreating   0          21s
my-dep-5f8dfc8c78-77cld   0/1     ContainerCreating   0          21s
my-dep-5f8dfc8c78-965w7   0/1     ContainerCreating   0          21s
[root@k8s-master ~]# kubectl get pods -n default 
NAME                      READY   STATUS    RESTARTS   AGE
my-dep-5f8dfc8c78-dvxp8   1/1     Running   0          62m
my-dep-5f8dfc8c78-f4ln4   1/1     Running   0          62m
my-dep-5f8dfc8c78-j9fqp   1/1     Running   0          62m
web-96d5df5c8-ghb6g       1/1     Running   0          2d19h
[root@k8s-master ~]# kubectl get pods,deployment -n test
NAME                          READY   STATUS    RESTARTS   AGE
pod/my-dep-5f8dfc8c78-58sdk   1/1     Running   0          69s
pod/my-dep-5f8dfc8c78-77cld   1/1     Running   0          69s
pod/my-dep-5f8dfc8c78-965w7   1/1     Running   0          69s

NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/my-dep   3/3     3            3           69s
[root@k8s-master ~]# kubectl edit svc my-dep
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-11-24T21:47:28Z"
  labels:
    app: my-dep
  name: my-dep
  namespace: default
  resourceVersion: "207081"
  selfLink: /api/v1/namespaces/default/services/my-dep
  uid: 34ae1f85-94a5-4c67-bfb4-9f73e2277f55
spec:
  clusterIP: 10.111.199.51
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 31734
    port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: my-dep
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}
  

Homework after class:

1. Build a K8s cluster using kubedm

2. Create a new namespace and create a pod in the namespace

  • Namespace name: cka
  • Pod Name: pod-01
  • Mirroring: nginx

3. Create a deployment and expose the Service

  • Name: liang-666
  • Mirroring: nginx

4. Lists the specified tag pod under the namespace

  • Namespace name: Kube system
  • Label: k8s app = Kube DNS

Keywords: Linux Operation & Maintenance server

Added by dbdbdb on Thu, 25 Nov 2021 01:02:13 +0200