侧边栏壁纸
博主头像
另起一行(hang)博主等级

胡编一通,乱写一气

  • 累计撰写 28 篇文章
  • 累计创建 29 个标签
  • 累计收到 1 条评论

目 录CONTENT

文章目录

日常研究 | Centos 8 搭建 Kubernetes

Wissy
Wissy
2021-12-26 / 0 评论 / 0 点赞 / 67 阅读 / 6828 字

网上一般都是 Centos 7 的教程比较多一点,这里用了 Centos 8 来搭建Kubernetes(以下简称‘k8s’),有几个方面还是需要注意的,各位看官请往下看。

K8S 搭建

环境准备

# 修改主机名
hostnamectl set-hostname master.k8s.wissy.com.cn 
echo '10.222.190.158 master.k8s.wissy.com.cn' >> /etc/hosts
timedatectl set-timezone Asia/Shanghai

# 升级系统软件
yum update -y
dnf clean all

# 内核相关设置修改
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
cat <<EOF >  c/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
setenforce 0
sysctl -w vm.max_map_count=262144
sysctl net.ipv4.ip_forward=1

# file: /etc/sysctl.d/99-sysctl.conf
vm.swappiness = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_no_pmtu_disc = 1
net.core.rps_sock_flow_entries = 32768
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
vm.max_map_count=262144
swapoff -a

# 安装Docker & kubeadm
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
dnf remove containerd.io
dnf install docker-ce
kill -TERM 1
systemctl daemon-reexec
systemctl enable docker
systemctl start docker
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
mkdir -p /etc/docker
cat <<EOF >  /etc/docker/daemon.json
{"exec-opts": ["native.cgroupdriver=systemd"],"registry-mirrors":["https://reg-mirror.qiniu.com/"]}
EOF
systemctl restart docker

# 初始化K8S
kubeadm init --apiserver-advertise-address=10.222.190.158              --image-repository registry.aliyuncs.com/google_containers              --service-cidr=10.96.0.0/12              --pod-network-cidr=10.244.0.0/16              --service-dns-domain=wissy.com.cn
# 设置Master可以部署
kubectl taint node master.k8s.wissy.com.cn node-role.kubernetes.io/master-
kubectl label nodes master.k8s.wissy.com.cn edgenode=true
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
echo "alias k=kubectl" >> /etc/profile
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

# Dashbord
#kubectl create serviceaccount dashboard-admin -n kube-system
#serviceaccount/dashboard-admin created
#kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --#serviceaccount=kube-system:dashboard-admin
#clusterrolebinding.rb

kubectl -n kube-system get secret | grep dashboard-admin
[root@k8s-master ~]# kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}'
kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}'
kubectl describe secret dashboard-admin-token-5wzdl -n kube-system

# traefik-ingress

K8S 生态圈

问题&难点

Pod里面的DNS无法连接到外网

# 查看日志大量的IP timeout
kubectl logs -f coredns-6d8c4cb4d-jkrtm -n kube-system
# 允许转发,并设置到永久配置,否则POD不能上网
firewall-cmd --zone=public --add-masquerade
firewall-cmd --runtime-to-permanent

Docker Compose 文件转换

Kompose

https://kubernetes.io/zh/docs/tasks/configure-pod-container/translate-compose-kubernetes/

yum install langpacks-zh_CN.noarch

yum groupinstall chinese-support -y

yum groupremove "GNOME"

其他命令

批量更新images

docker images|grep -v none|awk -v OFS=":" '{print $1,$2}'|xargs -l  docker pull

批量删除 <none>​的images

docker rmi `docker image ls -f dangling=true -q`

删除 k8s Exited 容器

docker ps -a |grep 'Exited'|grep 'k8s_'|awk '{print $1}'|xargs docker rm

kubectl rollout restart deploy <name>

kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'

for i in `docker images | grep '<none>'|awk '{print $1}'|grep -v '<none>'`;do   
  for m in `kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{"\n"}{.metadata.name}{"\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'|grep $i|awk '{print $1}'`;do
  k get pods -A|grep 'siyuan-54b8dcf5d9-fcqkq'|awk '{print "kubectl delete pod",$2,"-n",$1}'|bash
  done
done

自动更新

# 更新 images
docker images|grep -v none|awk -v OFS=":" '{print $1,$2}'|xargs -l  docker pull
# 删除废弃的 images 和容器
docker rmi `docker image ls -f dangling=true -q`
docker ps -a |grep 'Exited'|grep 'k8s_'|awk '{print $1}'|xargs docker rm
# 重启更新的容器
for i in daemonset statefulset deploy;do
docker rmi `docker image ls -f dangling=true -q` 2>&1|\
  grep 'image is being used by running container'|\
  awk '{print $21}'|\
  xargs -I {} docker inspect --format='{{.Name}}' {}|\
  grep 'k8s_'|\
  awk -F '_' '{print "kubectl rollout restart $i",$2,"-n",$4}'|\
  bash;
done

Cron

54 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
54 0 * * * /bin/bash /data/k8s/description/updateImages.sh

0

  1. 支付宝打赏

    qrcode alipay

  2. 微信打赏

    qrcode weixin
版权归属: Wissy
本文链接: https://wissy.com.cn/archives/research-centos-8-kubernetes
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区