kubead 部署 kubernetes 请查看
3 部署 dashboardhttps://github.com/kubernetes/dashboard3.1 部署 dashboard v2.3.1
[root@K8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml [root@K8s-master1 ~]# mv recommended.yaml dashboard-2.3.1.yaml # 修改 dashboard-2.3.1.yaml ,在文件的 40 行 [root@K8s-master1 ~]# cat dashboard-2.3.1.yaml ...... 32 kind: Service 33 apiVersion: v1 34 metadata: 35 labels: 36 k8s-app: kubernetes-dashboard 37 name: kubernetes-dashboard 38 namespace: kubernetes-dashboard 39 spec: 40 type: NodePort # 增加此行 41 ports: 42 - port: 443 43 targetPort: 8443 44 nodePort: 30002 # 增加此行 45 selector: 46 k8s-app: kubernetes-dashboard ...... [root@K8s-master1 ~]# cat admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard [root@K8s-master1 ~]# [root@K8s-master1 ~]# kubectl apply -f dashboard-2.3.1.yaml -f admin-user.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created [root@K8s-master1 ~]# [root@K8s-master1 ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.200.131.558000/TCP 12m kubernetes-dashboard NodePort 10.200.39.13 443:30002/TCP 12m [root@K8s-master1 ~]# [root@K8s-master1 ~]# ss -tnl|grep 30002 LISTEN 0 128 0.0.0.0:30002 0.0.0.0:* [root@K8s-master1 ~]#
查看 dashboard 状态
[root@K8s-master1 ~]# kubectl get pod -A | grep kubernetes-dashboard kubernetes-dashboard dashboard-metrics-scraper-79c5968bdc-tkch8 1/1 Running 0 22m kubernetes-dashboard kubernetes-dashboard-658485d5c7-t6g7k 1/1 Running 0 22m [root@K8s-master1 ~]#3.2 访问 dashboard
# 任意 node 节点的IP + port(30002) https://172.18.8.69:30002/3.3 获取登录 token
[root@K8s-master1 ~]# kubectl get secret -A | grep admin kubernetes-dashboard admin-user-token-bbrgd kubernetes.io/service-account-token 3 31m [root@K8s-master1 ~]# kubectl describe secret admin-user-token-bbrgd -n kubernetes-dashboard Name: admin-user-token-bbrgd Namespace: kubernetes-dashboard Labels:Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 5f116920-c805-4a09-8432-c5dafb9ab537 Type: kubernetes.io/service-account-token Data ==== namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlQxM1V5dnhmdC1OYlh5YWY2VzViWDVOTUZmb282N1pqSXFiR3JVRVA3ekEifQ. eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Ii wia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1l c3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1Ym VybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hb WUiOiJhZG1pbi11c2VyLXRva2VuLWJicmdkIiwia3ViZXJu ZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY2 91bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVz LmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC 51aWQiOiI1ZjExNjkyMC1jODA1LTRhMDktODQzMi1jNWRh ZmI5YWI1MzciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY29 1bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlci J9.T0EqZdfTveAaAUmjZ8DlruMRMGdD3ebU3SORp0ycoYl2 ITyMs0Avsa4crFeVSVJNcQBs6qBzEqQJxVmCpSKpeT85wzPK zW3OlhbPtaRx8O12VAiFy9eK9yGqlxdZ7C1FhXJsHx8qy-Lh gcqahunj3PlSwFl_9CZAd5tveJQumNTVQotqLe_w_ibEC2ML EK3rNoexJx45HTMPg4cIxbHX2hLd5kVRIl5RQWtV1F781zqE 6upwOZ81QDkfjz9ervXpYlgzsAfPY29ojCgEuHsGe3jRF0C2 rH16AM5kQBkoTI7eCNbx9EZIo6HcCaaSmlQM69oJwCBRANoUhEtE09vAQg ca.crt: 1066 bytes [root@K8s-master1 ~]#
将 token 拷贝到页面中即可登录 dashboard
3.4 创建 kubeconfig 文件以配置对集群的访问权限如果什么操作都不做,dashboard 的页面 15 分钟后就会退出,就需要再次复制 token,而每次都复制 token 显得非常麻烦,所以我们可以自己创建 kubeconfig 文件,放置在桌面上,这样用起来比较方便
# 将认证信息复制并重命名 [root@K8s-master1 ~]# cp /root/.kube/config /opt/kubeconfig # 编辑文件,将上面的 token 加入到认证文件中 [root@K8s-master1 ~]# vim /opt/kubeconfig
将 kubeconfig 放到电脑桌面,就可以使用 kubeconfig
4 测试运行 Nginx + Tomcathttps://kubernetes.io/zh/docs/concepts/workloads/controllers/deployment/
测试运行 Nginx,并最终可以将实现动静分离
4.1 运行 Nginx
[root@K8s-master1 ~/kubeadm-yaml]# cat /root/kubeadm-yaml/nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: harbor.tech.com/baseimages/nginx:1.18.0
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
labels:
app: test-nginx-service-label
name: test-nginx-service
namespace: default
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30004
selector:
app: nginx
[root@K8s-master1 ~/kubeadm-yaml]#
运行 nginx.yaml
[root@K8s-master1 ~/kubeadm-yaml]# pwd /root/kubeadm-yaml [root@K8s-master1 ~/kubeadm-yaml]# kubectl apply -f nginx.yaml deployment.apps/nginx-deployment created service/test-nginx-service created
访问测试
# 任意 node 的IP + Port(30004) 172.18.8.69:300044.2 运行 tomcat
[root@K8s-master1 ~/kubeadm-yaml]# cat /root/kubeadm-yaml/tomcat.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 1
selector:
matchLabels:
app: tomcat
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: harbor.tech.com/baseimages/tomcat-base:v8.5.45
ports:
- containerPort: 8080
---
kind: Service
apiVersion: v1
metadata:
labels:
app: test-tomcat-service-label
name: test-tomcat-service
namespace: default
spec:
# type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
# nodePort: 30005
selector:
app: tomcat
[root@K8s-master1 ~/kubeadm-yaml]#
运行 tomcat yml 文件
[root@K8s-master1 ~/kubeadm-yaml]# pwd /root/kubeadm-yaml [root@K8s-master1 ~/kubeadm-yaml]# kubectl apply -f tomcat.yaml deployment.apps/tomcat-deployment created service/test-tomcat-service created [root@K8s-master1 ~/kubeadm-yaml]# [root@K8s-master1 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE net-test1 1/1 Running 0 125m net-test2 1/1 Running 0 125m nginx-deployment-67dfd6c8f9-q8s72 1/1 Running 0 49m tomcat-deployment-6c44f58b47-bcwdr 1/1 Running 0 48m [root@K8s-master1 ~]#4.3 dashboard 验证 pod 4.4 从 dashboard 进入容器
验证 pod 通信
4.5 进入 tomcat pod 生成 app 4.5.1 生成 app[root@K8s-master1 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE net-test1 1/1 Running 0 2d21h net-test2 1/1 Running 0 2d21h nginx-deployment-67dfd6c8f9-q8s72 1/1 Running 0 2d20h tomcat-deployment-6c44f58b47-f8tk4 1/1 Running 0 6h1m [root@K8s-master1 ~]# kubectl describe pod tomcat-deployment-6c44f58b47-f8tk4 [root@K8s-master1 ~]# kubectl exec -it tomcat-deployment-6c44f58b47-f8tk4 bash kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. root@tomcat-deployment-6c44f58b47-f8tk4:/usr/local/tomcat# cd webapps root@tomcat-deployment-6c44f58b47-f8tk4:/usr/local/tomcat/webapps# mkdir tomcat root@tomcat-deployment-6c44f58b47-f8tk4:/usr/local/tomcat/webapps# echo "Tomcat test page for pod" > tomcat/index.jsp root@tomcat-deployment-6c44f58b47-f8tk4:/usr/local/tomcat/webapps#4.6 Nginx 实现动静分离 4.6.1 Nginx 配置
[root@K8s-master1 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE net-test1 1/1 Running 0 2d21h net-test2 1/1 Running 0 2d21h nginx-deployment-67dfd6c8f9-q8s72 1/1 Running 0 2d20h tomcat-deployment-6c44f58b47-f8tk4 1/1 Running 0 6h4m [root@K8s-master1 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.200.0.14.6.2 测试访问 web 页面443/TCP 3d1h test-nginx-service NodePort 10.200.150.186 80:30004/TCP 2d20h test-tomcat-service ClusterIP 10.200.83.131 80/TCP 2d20h [root@K8s-master1 ~]# # 进入到 Nginx pod kubectl exec -it nginx-deployment-67dfd6c8f9-q8s72 bash cat /etc/issue # 更新软件源并安装基础命令 apt update apt install procps vim iputils-ping net-tools curl # 测试在 nginx Pod 通过 tomcat pod 的 service 域名访问 [root@K8s-master1 ~]# kubectl exec -it nginx-deployment-67dfd6c8f9-q8s72 bash kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. root@nginx-deployment-67dfd6c8f9-q8s72:/# ping test-tomcat-service # 测试 service 解析 PING test-tomcat-service.default.svc.song.local (10.200.83.131) 56(84) bytes of data. ^C --- test-tomcat-service.default.svc.song.local ping statistics --- 35 packets transmitted, 0 received, 100% packet loss, time 854ms root@nginx-deployment-67dfd6c8f9-q8s72:/# curl test-tomcat-service.default.svc.song.local/tomcat/index.jsp Tomcat test page for pod root@nginx-deployment-67dfd6c8f9-q8s72:/# # 修改 Nginx 配置文件实现动静分离,Nginx 一旦接受到 /tomcat 的 uri 就转发给 tomcat root@nginx-deployment-67dfd6c8f9-q8s72:/# vim /etc/nginx/conf.d/default.conf location /tomcat { proxy_pass http://test-tomcat-service.default.svc.song.local; } # 测试 nginx 配置文件 root@nginx-deployment-67dfd6c8f9-q8s72:/# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # 重新加载配置文件 root@nginx-deployment-67dfd6c8f9-q8s72:/# nginx -s reload 2021/07/27 08:29:30 [notice] 602#602: signal process started root@nginx-deployment-67dfd6c8f9-q8s72:/#
172.18.8.69:30004/tomcat/
172.18.8.69:300044.7 通过 Haproxy 实现高可用反向代理
基于 Haproxy 和 keepalived 实现高可用的反向代理,并访问到运行在 Kubernetes 集群中业务 Pod,反向代理可以复用 K8s 的反向代理环境,生产环境需要配置单独的反向代理服务器
4.7.1 keepalived VIP 配置为 k8s 中的服务配置单独的 VIP
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.8.111/24 dev eth0 label eth0:1 # haproxy:bind 172.18.8.111:6443
172.18.8.222/24 dev eth0 label eth0:2 # haproxy:bind 172.18.8.222:80
}
}
systectl restart keepalived
4.7.2 Haproxy 配置
listen k8s-6443 bind 172.18.8.111:6443 mode tcp balance roundrobin server 172.18.8.9 172.18.8.9:6443 check inter 3s fall 3 rise 5 # k8s-master1 server 172.18.8.19 172.18.8.19:6443 check inter 3s fall 3 rise 5 # k8s-master2 server 172.18.8.29 172.18.8.29:6443 check inter 3s fall 3 rise 5 # k8s-master3 listen nginx-80 bind 172.18.8.222:80 mode tcp balance roundrobin server 172.18.8.39 172.18.8.39:30004 check inter 3s fall 3 rise 5 # k8s-node1 server 172.18.8.49 172.18.8.49:30004 check inter 3s fall 3 rise 5 # k8s-node2 server 172.18.8.59 172.18.8.59:30004 check inter 3s fall 3 rise 5 # k8s-node3 server 172.18.8.69 172.18.8.69:30004 check inter 3s fall 3 rise 5 # k8s-node44.7.3 测试通过 VIP 访问
172.18.8.222/tomcat
172.18.8.222
