MENU

Category: 虚拟化 »

Kubernetes kubeadm部署

系统环境:centos7
docker 17.03

cd /etc/yum.repos.d && mkdir tmp && mv * tmp
wget http://d.attacker.club/config/yum/centos7.repo
#更新yum源

vi /etc/sysctl.conf

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
grep  call-iptables /etc/sysctl.conf || echo 'net.bridge.bridge-nf-call-iptables =1' >>/etc/sysctl.conf

master

curl -s http://elven.vip/ks/k8s/oneinstall/0.set.sh |bash
curl -s http://elven.vip/ks/k8s/oneinstall/1.download.sh |bash
curl -s http://elven.vip/ks/k8s/oneinstall/2.k8s.install.sh |bash
#master安装

Read More

docker 安装

https://docs.docker.com/install/linux/docker-ce/centos
 #安装文档
https://download.docker.com/linux/centos/7/x86_64/stable/Packages
 #docker rpm包

rpm下载安装

yum install docker-ce-18.03.0.ce-1.el7.centos.x86_64.rpm
systemctl start docker

Read More

kubernetes 集群管理

自签TLS证书

etcd:ca.pem,server.pem,server-key.pem
kube-apiserver:ca.pem,server.pem,server-key.pem
kubelet:ca.pem,ca-key.pem
kube-proxy:ca.pem,kube-proxy.pem,kube-proxy-key.pem
kubectl:ca.pem,admin.pem,admin-key.pem

yum install 

kublet 管理命令

kubectl get node
#查看节点
kubectl get pods
#查看pod
kubectl get pods -n kube-system

kubectl create -f nginx.yaml
kubectl delete -f nginx.yaml
kubectl exec rss-site -it /bin/bash
#进入pod

kubectl get componentstatus
#

kubectl run nginx --image=nginx --replicas=3
kubectl get pod
#查看pod
kubectl get pod -o wide
#
kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort
#发布服务 暴露88 类型nodeport 镜像nginx
kubectl get svc
#查看集群ip
kubectl get svc nginx
#查看集群 nginx服务

kubectl get namespce

nfs

glusterfs分布式(复制模式)

https://docs.gluster.org/en/latest/Quick-Start-Guide/Quickstart/

yum -y install centos-release-gluster
yum -y install glusterfs glusterfs-fuse glusterfs-server
#yum 安装

systemctl enable glusterd
systemctl start glusterd

cat /etc/hosts
10.4.230.206 k8s-master
10.4.230.207 node1
10.4.230.208 node2

gluster peer probe node2 k8s-master
gluster peer probe node2  node1
gluster peer probe node2  node2

persitent/Volumes

pv (持久卷)抽象存储如nfs cephfs,glusterd,支持权限控制
pvc (持久卷申请)会消耗pv的资源
pod申请pvc作为卷来使用,这样集群只认pv,不要管后端是什么存储ip和类型,管理更加简单。

注意事项

swapoff -a #node节点关闭swap分区

webui

serviceaccount

docker 容器集群管理 - swarm

master

docker swarm init --advertise-addr 192.168.0.10

node

docker swarm join --token  SWMTKN-1-1ywa3bahaf6pjyxmk9qr3txumj3dkvf3oszfbwbkmllb3qvtww-14dph81ocgvxqwt4mgdvsvfc0 192.168.0.10:2377
#使用master主机生成的token

Read More

docker构建镜像- Dockerfile

dockerfile指令

ps :cmd 会被外部参数覆盖,add只能解压tar包

busybox测试镜像打包

dockerfile 配置

FROM busybox
MAINTAINER ops.attacker.club

ADD *.tar.gz  lua-nginx*.zip /usr/local/src/ 

测试

docker build -t busybox:test1 -f Dockerfile-test  .

Read More