We bring together the world’s top developers, end users, and vendors and run the largest open source developer conferences. CNCF is part of the nonprofit Linux Foundation. 我们汇集了世界顶级开发人员、最终用户和供应商,并举办最大的开源开发人员会议。CNCF是非营利性Linux基金会的一部分。
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers
, service meshes
, microservices
, immutable infrastructure
, and declarative APIs
exemplify this approach.
云原生技术使组织能够在现代动态环境(如公有云、私有云和混合云)中构建和运行可扩展的应用程序。容器、服务网格、微服务、不可变基础结构和声明性 API 就是这种方法的例证。
These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. 这些技术支持松散耦合的系统,这些系统具有弹性、可管理和可观察性。结合强大的自动化功能,它们使工程师能够以最少的工作量频繁且可预测地进行高影响力的更改。
The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. 云原生计算基金会旨在通过培育和维持开源、供应商中立项目的生态系统来推动这种范式的采用。我们将最先进的模式民主化,使每个人都能获得这些创新。
为什么要移除 Dockershim
呢?
单机部署: docker-compose
$ apt install docker-compose -y
$ docker-compose version
$ vim docker-compose.yaml
version: "2"
services:
nginx-1:
image: nginx:1.14
ports:
- "8081:80"
nginx-2:
image: nginx:1.15
ports:
- "8082:80"
$ docker-compose up
# $ docker-compose up -d
# 以上案例实现了一行命令完成了需要多行命令才能完成的事情
多机部署: Kubernetes
安装步骤
# 删除swap分区
$ swapoff -a
$ vim /etc/fstab
# 注释掉 swap 行
$ free -g # 全部为 0
# 安装 docker 运行时
# https://docs.docker.com/engine/install/ubuntu/
# 安装 kubeadm - 无包管理器的情况
$ vim k8s_install.sh
Master 节点
#!/bin/bash
# Kubernetes部署环境要求:
#(1)一台或多台机器,操作系统CentOS 7.x-86_x64
#(2)硬件配置:内存2GB或2G+,CPU 2核或CPU 2核+;
#(3)集群内各个机器之间能相互通信;
#(4)集群内各个机器可以访问外网,需要拉取镜像;
#(5)禁止swap分区;
# 安装步骤
#1. 安装docker
#1.1 如果没有安装docker,则安装docker。会附带安装一个docker-compose
#
#2. 安装k8s
#2.1 初始化环境
#2.2 添加安装源
#2.3 安装kubelet、kubectl、kubeadmin
#2.4 安装master
#2.5 安装网络插件
set -e
# 安装日志
install_log=/var/log/install_k8s.log
tm=$(date +'%Y%m%d %T')
# 日志颜色
COLOR_G="\x1b[0;32m" # green
RESET="\x1b[0m"
function info(){
echo -e "${COLOR_G}[$tm] [Info] ${1}${RESET}"
}
function run_cmd(){
sh -c "$1 | $(tee -a "$install_log")"
}
function run_function(){
$1 | tee -a "$install_log"
}
function install_docker(){
info "1.使用脚本自动安装docker..."
curl -sSL https://get.docker.com | sh
info "2.启动 Docker CE..."
sudo systemctl enable docker
sudo systemctl start docker
info "3.添加镜像加速器..."
if [ ! -f "/etc/docker/daemon.json" ];then
touch /etc/docker/daemon.json
fi
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": [
"https://5ajk0rns.mirror.aliyuncs.com"
]
}
EOF
info "4.重新启动服务..."
sudo systemctl daemon-reload
sudo systemctl restart docker
info "5.测试 Docker 是否安装正确..."
docker run hello-world
info "6.检测..."
docker info
read -p "是否安装docker-compose?默认为 no. Enter [yes/no]:" is_compose
if [[ "$is_compose" == 'yes' ]];then
info "7.安装docker-compose"
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod a+x /usr/local/bin/docker-compose
# 8.验证是否安装成功
info "8.验证docker-compose是否安装成功..."
docker-compose -v
fi
}
function install_k8s() {
info "初始化k8s部署环境..."
init_env
info "添加k8s安装源..."
add_aliyun_repo
info "安装kubelet kubeadmin kubectl..."
install_kubelet_kubeadmin_kubectl
info "安装kubernetes master..."
yum -y install net-tools
if [[ ! "$(ps aux | grep 'kubernetes' | grep -v 'grep')" ]];then
kubeadmin_init
else
info "kubernetes master已经安装..."
fi
info "安装网络插件flannel..."
install_flannel
info "去污点..."
kubectl taint nodes --all node-role.kubernetes.io/master-
}
# 初始化部署环境
function init_env() {
info "关闭防火墙"
# systemctl stop firewalld
# systemctl disable firewalld
info "关闭selinux"
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
source /etc/selinux/config
info "关闭swap(k8s禁止虚拟内存以提高性能)"
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
info "设置网桥参数"
cat <<-EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system #生效
sysctl -w net.ipv4.ip_forward=1
info "时间同步"
yum install ntpdate -y
ntpdate time.windows.com
}
# 添加aliyun安装源
function add_aliyun_repo() {
cat > /etc/yum.repos.d/kubernetes.repo <<- EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
}
function install_kubelet_kubeadmin_kubectl() {
yum install kubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4 -y
systemctl enable kubelet.service
info "确认kubelet kubeadmin kubectl是否安装成功"
yum list installed | grep kubelet
yum list installed | grep kubeadm
yum list installed | grep kubectl
kubelet --version
}
function kubeadmin_init() {
sleep 1
read -p "请输入master ip地址:" ip
kubeadm init --apiserver-advertise-address="${ip}" --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.4 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
mkdir -p "$HOME"/.kube
sudo cp -i /etc/kubernetes/admin.conf "$HOME"/.kube/config
sudo chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config
}
function install_flannel() {
yum -y install wget
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
}
# 安装docker
read -p "是否安装docker?默认为:no. Enter [yes/no]:" is_docker
if [[ "$is_docker" == 'yes' ]];then
run_function "install_docker"
fi
# 安装k8s
read -p "是否安装k8s?默认为:no. Enter [yes/no]:" is_k8s
if [[ "$is_k8s" == 'yes' ]];then
run_function "install_k8s"
fi
[root@kubeedge-k8s ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-fbz7g 1/1 Running 0 91s
kube-system coredns-6d56c8448f-w5rn5 0/1 Running 0 91s
kube-system coredns-6d56c8448f-zztpn 0/1 Running 0 91s
kube-system etcd-kubeedge-k8s.novalocal 1/1 Running 0 107s
kube-system kube-apiserver-kubeedge-k8s.novalocal 1/1 Running 0 107s
kube-system kube-controller-manager-kubeedge-k8s.novalocal 1/1 Running 0 107s
kube-system kube-proxy-hsh8j 1/1 Running 0 91s
kube-system kube-scheduler-kubeedge-k8s.novalocal 1/1 Running 0 107s
[root@kubeedge-k8s ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kubeedge-k8s.novalocal Ready master 115s v1.19.4
Node 节点
/var/log/install_k8s.log
#!/bin/bash
# Kubernetes部署环境要求:
#(1)一台或多台机器,操作系统CentOS 7.x-86_x64
#(2)硬件配置:内存2GB或2G+,CPU 2核或CPU 2核+;
#(3)集群内各个机器之间能相互通信;
#(4)集群内各个机器可以访问外网,需要拉取镜像;
#(5)禁止swap分区;
# 安装步骤
#1. 安装docker
#1.1 如果没有安装docker,则安装docker。会附带安装一个docker-compose
#
#2. 安装k8s
#2.1 初始化环境
#2.2 添加安装源
#2.3 安装kubelet、kubectl、kubeadmin
#2.4 安装worker-node
#2.5 安装网络插件
set -e
# 安装日志
install_log=/var/log/install_k8s.log
tm=$(date +'%Y%m%d %T')
# 日志颜色
COLOR_G="\x1b[0;32m" # green
RESET="\x1b[0m"
function info(){
echo -e "${COLOR_G}[$tm] [Info] ${1}${RESET}"
}
function run_cmd(){
sh -c "$1 | $(tee -a "$install_log")"
}
function run_function(){
$1 | tee -a "$install_log"
}
function install_docker(){
info "1.使用脚本安装docker..."
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#yum install -y docker-ce
#yum install -y docker-ce-19.03.9-3.el7
yum install -y docker-ce-20.10.17-3.el7
info "2.启动 Docker CE..."
sudo systemctl enable docker
sudo systemctl start docker
info "3.添加镜像加速器..."
if [ ! -f "/etc/docker/daemon.json" ];then
touch /etc/docker/daemon.json
fi
cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://4txtc8r4.mirror.aliyuncs.com"]
}
EOF
info "4.重新启动服务..."
sudo gpasswd -a ${USER} docker && newgrp - docker # 将当前用户加入到docker组(获取执行docker的权限)
sudo systemctl daemon-reload
sudo systemctl restart docker
info "5.测试 Docker 是否安装正确..."
docker -v
info "6.检测..."
docker info
read -p "是否安装docker-compose?默认为 no. Enter [yes/no]:" is_compose
if [[ "$is_compose" == 'yes' ]];then
info "7.安装docker-compose"
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod a+x /usr/local/bin/docker-compose
if [ -f "/usr/bin/docker-compose" ];then
sudo rm -f /usr/bin/docker-compose
fi
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose # 创建快捷方式
# 8.验证是否安装成功
info "8.验证docker-compose是否安装成功..."
docker-compose -v
fi
}
function install_k8s() {
info "初始化k8s部署环境..."
init_env
info "添加k8s安装源..."
add_aliyun_repo
info "安装kubelet kubeadmin kubectl..."
install_kubelet_kubeadmin_kubectl
info "加入集群kubernetes..."
yum install -y net-tools
if [[ ! "$(ps aux | grep 'kubernetes' | grep -v 'grep')" ]];then
kubeadmin_init
else
info "已加入集群kubernetes..."
fi
info "安装网络插件flannel..."
install_flannel
}
# 初始化部署环境
function init_env() {
info "关闭防火墙"
#systemctl stop firewalld
#systemctl disable firewalld
info "关闭selinux"
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
source /etc/selinux/config
info "关闭swap(k8s禁止虚拟内存以提高性能)"
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
info "设置网桥参数"
cat <<-EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system #生效
sysctl -w net.ipv4.ip_forward=1
info "时间同步"
yum install -y ntpdate
ntpdate time.windows.com
}
# 添加aliyun安装源
function add_aliyun_repo() {
cat > /etc/yum.repos.d/kubernetes.repo <<- EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
}
function install_kubelet_kubeadmin_kubectl() {
#yum install -y kubelet kubeadm kubectl
yum install -y kubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4
#yum install -y kubelet-1.20.2 kubeadm-1.20.2 kubectl-1.20.2
systemctl enable kubelet.service
info "确认kubelet kubeadmin kubectl是否安装成功"
yum list installed | grep kubelet
yum list installed | grep kubeadm
yum list installed | grep kubectl
kubelet --version
}
function kubeadmin_init() {
sleep 1
read -p "请输入master ip地址:" ip
mkdir -p "$HOME"/.kube
sudo scp -r root@"${ip}":/etc/kubernetes/admin.conf "$HOME"/.kube/config
sudo chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config
if [ ! -f "/home/centos/.kube/config" ];then
sudo cp -r "$HOME"/.kube /home/centos
sudo chown -R centos:centos /home/centos/.kube
fi
read -p "把工作节点加入集群,请手动输入命令:" ic
sudo sh -c "${ic}"
}
function install_flannel() {
if [ ! -f "./kube-flannel.yml" ];then
yum -y install wget
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
fi
kubectl apply -f kube-flannel.yml
}
# 安装docker
read -p "是否安装docker?默认为:no. Enter [yes/no]:" is_docker
if [[ "$is_docker" == 'yes' ]];then
run_function "install_docker"
fi
# 安装k8s
read -p "是否安装k8s?默认为:no. Enter [yes/no]:" is_k8s
if [[ "$is_k8s" == 'yes' ]];then
run_function "install_k8s"
fi
[root@kubeedge-k8s-node ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-bjmkc 1/1 Running 0 2m14s
kube-flannel kube-flannel-ds-fbz7g 1/1 Running 0 33m
kube-system coredns-6d56c8448f-w5rn5 1/1 Running 0 33m
kube-system coredns-6d56c8448f-zztpn 1/1 Running 0 33m
kube-system etcd-kubeedge-k8s.novalocal 1/1 Running 0 33m
kube-system kube-apiserver-kubeedge-k8s.novalocal 1/1 Running 0 33m
kube-system kube-controller-manager-kubeedge-k8s.novalocal 1/1 Running 0 33m
kube-system kube-proxy-4qsnm 1/1 Running 0 2m14s
kube-system kube-proxy-hsh8j 1/1 Running 0 33m
kube-system kube-scheduler-kubeedge-k8s.novalocal 1/1 Running 0 33m
[root@kubeedge-k8s-node ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kubeedge-k8s-node.novalocal Ready <none> 2m17s v1.19.4
kubeedge-k8s.novalocal Ready master 33m v1.19.4
$ kubeadm version
$ kubectl version
$ systemctl status kubelet
[root@kubeedge-k8s ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:15:05Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
[root@kubeedge-k8s ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:17:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:09:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
[root@kubeedge-k8s ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since Thu 2023-05-18 16:21:41 UTC; 2min 21s ago
Docs: https://kubernetes.io/docs/
Main PID: 10382 (kubelet)
Tasks: 19
Memory: 41.6M
CGroup: /system.slice/kubelet.service
└─10382 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kub...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: I0518 16:23:26.269861 10382 reconciler.go:224] operationExecut...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: I0518 16:23:26.269883 10382 reconciler.go:224] operationExecut...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: I0518 16:23:26.269917 10382 reconciler.go:224] operationExecut...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: W0518 16:23:26.890194 10382 pod_container_deletor.go:79] C...ners
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: W0518 16:23:26.894436 10382 pod_container_deletor.go:79] C...ners
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: delegateAdd: netconf sent to delegate plugin:
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: {"cniVersion":"0.3.1","hairpinMode":true,"ipMasq":false,"ipa...ge"}
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true...
May 18 16:23:26 kubeedge-k8s.novalocal kubelet[10382]: delegateAdd: netconf sent to delegate plugin:
Hint: Some lines were ellipsized, use -l to show in full.
[root@kubeedge-k8s ~]#
$ vim nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-demo
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template: # Pod 模板
metadata:
labels:
app: nginx
spec:
hostNetwork: true
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
$ kubectl apply -f nginx-deployment.yaml
$ kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/platform/kube/bookinfo.yaml
[root@kubeedge-k8s ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default details-v1-5bb7b59846-gxrfw 1/1 Running 0 17m
default nginx-deployment-demo-6d47cff9fd-5kxkw 1/1 Running 0 29m
default nginx-deployment-demo-6d47cff9fd-87m6m 1/1 Running 0 29m
default productpage-v1-7bc9dc4cd5-wfkt5 1/1 Running 0 17m
default ratings-v1-87465dfb6-2pj4l 1/1 Running 0 14m
default reviews-v1-5d54969f54-d44pr 1/1 Running 0 17m
default reviews-v2-7d8796f748-7d2tw 1/1 Running 0 17m
default reviews-v3-6c7d5d5d74-jd46q 1/1 Running 0 14m
kube-flannel kube-flannel-ds-bjmkc 1/1 Running 0 52m
kube-flannel kube-flannel-ds-fbz7g 1/1 Running 0 83m
kube-system coredns-6d56c8448f-w5rn5 1/1 Running 0 83m
kube-system coredns-6d56c8448f-zztpn 1/1 Running 0 83m
kube-system etcd-kubeedge-k8s.novalocal 1/1 Running 0 84m
kube-system kube-apiserver-kubeedge-k8s.novalocal 1/1 Running 0 84m
kube-system kube-controller-manager-kubeedge-k8s.novalocal 1/1 Running 0 84m
kube-system kube-proxy-4qsnm 1/1 Running 0 52m
kube-system kube-proxy-hsh8j 1/1 Running 0 83m
kube-system kube-scheduler-kubeedge-k8s.novalocal 1/1 Running 0 84m
检测服务是否可以 Ping 通
$ kubectl edit cm kube-proxy -n kube-system
// 修改为 ipvs
mode: ipvs
# 重启kube-proxy
$ kubectl delete pod -n kube-system $(kubectl get pod -n kube-system | grep kube-proxy | awk '{print $1}')
# 或者
# $ kubectl get pod -n kube-system | grep kube-proxy |awk '{system("kubectl delete pod "$1" -n kube-system")}'
$ vim busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox
labels:
app: busybox
spec:
containers:
- name: busybox
image: busybox:1.34
tty: true
imagePullPolicy: IfNotPresent
$ kubectl apply -f busybox.yaml
pod/busybox created
# 查看能否 ping 通其他服务
$ kubectl exec -it busybox -- ping -c 3 productpage.default.svc.cluster.local
PING productpage.default.svc.cluster.local (10.106.13.142): 56 data bytes
64 bytes from 10.106.13.142: seq=0 ttl=64 time=0.111 ms
64 bytes from 10.106.13.142: seq=1 ttl=64 time=0.064 ms
64 bytes from 10.106.13.142: seq=2 ttl=64 time=0.102 ms // 三次都能 ping 通
--- productpage.default.svc.cluster.local ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.092/0.111 ms
$ kubectl exec -it busybox -- /bin/sh
/ # nslookup ratings
Server: 10.96.0.10
Address: 10.96.0.10:53 // #10.96.0.10 是 Kubernetes 集群内部 Service DNS 的默认 IP 地址。
Name: ratings.default.svc.cluster.local
Address: 10.109.191.105 // #通过 DNS 解析到了 ratings 服务的 IP 地址
$ kubectl get svc -o wide -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
default details ClusterIP 10.110.197.146 <none> 9080/TCP 13h app=details
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h <none>
default nginx-demo ClusterIP 10.104.166.177 <none> 80/TCP 12h app=nginx
default productpage ClusterIP 10.106.13.142 <none> 9080/TCP 13h app=productpage
default ratings ClusterIP 10.109.191.105 <none> 9080/TCP 13h app=ratings
default reviews ClusterIP 10.105.125.246 <none> 9080/TCP 13h app=reviews
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 14h k8s-app=kube-dns
$ kubectl get svc/kube-dns -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15h
$ kubectl get svc kube-dns -n kube-system -o jsonpath='{.spec.clusterIP}'
10.96.0.10
[root@kubeedge-k8s-node ~]# kubectl describe svc productpage
Name: productpage
Namespace: default
Labels: app=productpage
service=productpage
Annotations: <none>
Selector: app=productpage
Type: ClusterIP
IP: 10.106.13.142
Port: http 9080/TCP
TargetPort: 9080/TCP
Endpoints: 10.244.0.7:9080
Session Affinity: None
Events: <none>
[root@kubeedge-k8s-node ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 13h 10.244.0.8 kubeedge-k8s.novalocal <none> <none>
details-v1-5bb7b59846-jwdzg 1/1 Running 0 13h 10.244.1.13 kubeedge-k8s-node.novalocal <none> <none>
nginx-deployment-demo-6d47cff9fd-5kxkw 1/1 Running 0 14h 172.129.78.142 kubeedge-k8s.novalocal <none> <none>
nginx-deployment-demo-6d47cff9fd-87m6m 1/1 Running 0 14h 172.129.78.121 kubeedge-k8s-node.novalocal <none> <none>
productpage-v1-7bc9dc4cd5-kqj9b 1/1 Running 0 13h 10.244.0.7 kubeedge-k8s.novalocal <none> <none>
ratings-v1-87465dfb6-6trj8 1/1 Running 0 13h 10.244.1.14 kubeedge-k8s-node.novalocal <none> <none>
reviews-v1-5d54969f54-cbm48 1/1 Running 0 13h 10.244.1.15 kubeedge-k8s-node.novalocal <none> <none>
reviews-v2-7d8796f748-xln4d 1/1 Running 0 13h 10.244.1.17 kubeedge-k8s-node.novalocal <none> <none>
reviews-v3-6c7d5d5d74-pbp4s 1/1 Running 0 13h 10.244.1.16 kubeedge-k8s-node.novalocal <none> <none>
$ kubectl edit svc productpage
# 修改 spec.type 为 NodePort
service/productpage edited
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.110.197.146 <none> 9080/TCP 14h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 15h
nginx-demo ClusterIP 10.104.166.177 <none> 80/TCP 13h
productpage NodePort 10.106.13.142 <none> 9080:31274/TCP 14h
ratings ClusterIP 10.109.191.105 <none> 9080/TCP 14h
reviews ClusterIP 10.105.125.246 <none> 9080/TCP 14h
# 任意节点访问 31274 端口
# 下载 istio
$ wget https://github.com/istio/istio/releases/download/1.11.3/istio-1.11.3-linux-amd64.tar.gz
$ tar -zxvf istio-1.11.3-linux-amd64.tar.gz
$ mv istio-1.11.3/bin/istioctl /usr/local/bin/
$ istioctl version
no running Istio pods in "istio-system"
1.11.3
# 安装 istio
$ istioctl install --set profile=demo -y
# 给 default 命名空间开启自动注入
$ kubectl label namespace default istio-injection=enabled
# # 查看 istio 安装情况
# $ kubectl get pods -n istio-system
# # 查看 istio 组件
# $ kubectl get svc -n istio-system
# 部署 bookinfo 应用
$ cd istio-1.11.3
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 14h
details-v1-79f774bdb9-ksx4r 2/2 Running 0 2m11s
productpage-v1-6b746f74dc-6w7hc 2/2 Running 0 2m11s
ratings-v1-b6994bb9-wgsqc 2/2 Running 0 2m11s
reviews-v1-545db77b95-qkn7v 2/2 Running 0 2m10s
reviews-v2-7bf8c9648f-qnzxs 2/2 Running 0 2m11s
reviews-v3-84779c7bbc-nhxr9 2/2 Running 0 2m11s
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.98.193.215 <none> 9080/TCP 2m14s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h
nginx-demo ClusterIP 10.104.166.177 <none> 80/TCP 14h
productpage ClusterIP 10.102.62.42 <none> 9080/TCP 2m14s
ratings ClusterIP 10.106.200.58 <none> 9080/TCP 2m14s
reviews ClusterIP 10.99.231.14 <none> 9080/TCP 2m14s
# 验证 bookinfo 应用
$ kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
# 部署网关
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
# 查看网关
$ kubectl get gateway
$ kubectl get virtualservices
# 验证网关
$ istioctl analyze
✔ No validation issues found when analyzing namespace: default.
# 访问网关
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.96.54.181 <pending> 15021:30663/TCP,80:31409/TCP,443:32514/TCP,31400:31110/TCP,15443:31627/TCP 12m
# 改写为 NodePort
$ kubectl edit svc istio-ingressgateway -n istio-system
// 修改 type 为 NodePort
60 type: NodePort
service/istio-ingressgateway edited
$ kubectl get svc istio-ingressgateway -n istio-system
# 访问网关
# 访问 / 提示 404
# 访问 /productpage 会被转发到 productpage 服务
# 安装 istio 的可视化工具 Dashboard
$ kubectl apply -f samples/addons
$ kubectl rollout status deployment/kiali -n istio-system
Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
deployment "kiali" successfully rolled out
# 访问 Dashboard
$ kubectl edit svc kiali -n istio-system
// 修改 type 为 NodePort
service/kiali edited
$ kubectl get svc kiali -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kiali NodePort 10.106.35.16 <none> 20001:30715/TCP,9090:32042/TCP 47m
# 查看网络是如何配置的
$ kubectl get gateway
NAME AGE
bookinfo-gateway 66m
$ kubectl get virtualservices.networking.istio.io
NAME GATEWAYS HOSTS AGE
bookinfo ["bookinfo-gateway"] ["*"] 66m
$ cd samples/bookinfo/networking/
$ ls -al
total 88
drwxr-xr-x. 2 root root 4096 Sep 21 2021 .
drwxr-xr-x. 6 root root 137 Sep 21 2021 ..
-rw-r--r--. 1 root root 708 Sep 21 2021 bookinfo-gateway.yaml
-rw-r--r--. 1 root root 622 Sep 21 2021 certmanager-gateway.yaml
-rw-r--r--. 1 root root 1176 Sep 21 2021 destination-rule-all-mtls.yaml
-rw-r--r--. 1 root root 972 Sep 21 2021 destination-rule-all.yaml
-rw-r--r--. 1 root root 307 Sep 21 2021 destination-rule-reviews.yaml
-rw-r--r--. 1 root root 885 Sep 21 2021 egress-rule-google-apis.yaml
-rw-r--r--. 1 root root 522 Sep 21 2021 fault-injection-details-v1.yaml
-rw-r--r--. 1 root root 804 Sep 21 2021 virtual-service-all-v1.yaml
-rw-r--r--. 1 root root 194 Sep 21 2021 virtual-service-details-v2.yaml
-rw-r--r--. 1 root root 396 Sep 21 2021 virtual-service-ratings-db.yaml
-rw-r--r--. 1 root root 405 Sep 21 2021 virtual-service-ratings-mysql-vm.yaml
-rw-r--r--. 1 root root 402 Sep 21 2021 virtual-service-ratings-mysql.yaml
-rw-r--r--. 1 root root 423 Sep 21 2021 virtual-service-ratings-test-abort.yaml
-rw-r--r--. 1 root root 422 Sep 21 2021 virtual-service-ratings-test-delay.yaml
-rw-r--r--. 1 root root 290 Sep 21 2021 virtual-service-reviews-50-v3.yaml
-rw-r--r--. 1 root root 290 Sep 21 2021 virtual-service-reviews-80-20.yaml
-rw-r--r--. 1 root root 290 Sep 21 2021 virtual-service-reviews-90-10.yaml
-rw-r--r--. 1 root root 332 Sep 21 2021 virtual-service-reviews-jason-v2-v3.yaml
-rw-r--r--. 1 root root 334 Sep 21 2021 virtual-service-reviews-test-v2.yaml
-rw-r--r--. 1 root root 290 Sep 21 2021 virtual-service-reviews-v2-v3.yaml
-rw-r--r--. 1 root root 196 Sep 21 2021 virtual-service-reviews-v3.yaml
$ vim bookinfo-gateway.yaml
# 看到路由规则
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
难点:
难点
K8S是云原生技术的典型代表,后续的课程当中我们也会大量用到 K8S 技术,如果对 K8S 基础比较弱的同学,切记盲目的去花大量的时间学习 K8S,先掌握以下基本内容,然后其余的部分跟着课程学习即可:
限于篇幅,这里不会对技术的细节做说明,小伙伴们根据知识点去查询相关的资料即可。
Docker的使用需要同学掌握以下内容:
K8S架构设计及其环境搭建需要同学会以下内容:
Deployment是 K8S 下用的最多资源定义,同学需要掌握以下内容:
Service是一种可以访问 Pod 逻辑分组的策略, Service通常是通过 LabelSelector 访问 Pod 组。利用 Service 就能对外暴露服务。
同学需要知道 Service 的常用操作:
ConfigMap 就是为了让镜像和配置文件解耦。好比一个动态的数据源,创建后可以在创建 Deployment
的时候指定用它。然后你想要动态更新,容器内也能监听到文件内容更改,进行热重载。
K8S的另外一个类似的功能叫 Secret
,Secret
类似于 ConfigMap
,数据是用Base64加密,密文显示,一般存放敏感数据。