其他分享
首页 > 其他分享> > kubeadm安装多master节点的k8s集群(1)

kubeadm安装多master节点的k8s集群(1)

作者:互联网

一、环境准备

k8s集群角色 IP 主机名 安装的相关组件
控制节点 192.168.1.10 master apiserver、controller-manager、scheduler、kubelet、etcd、docker、kube-proxy、keepalived、nginx、calico
控制节点 192.168.1.11 pod1 apiserver、controller-manager、scheduler、kubelet、etcd、docker、kube-proxy、keepalived、nginx、calico
工作节点 192.168.1.12 pod2 kubelet、kube-porxy、docker、calico、coredns
VIP 192.168.1.20    

 

 

 

 

 

# 准备命令
# 1.修改主机名,配置静态IP
hostnamectl set-hostname master && bash

# 2.配置主机hosts
vi /etc/hosts
192.168.1.10 master
192.168.1.11 pod1
192.168.1.12 pod2

# 3.配置主机之间ssh信任
ssh-kegen -t rsa
ssh-copy-id master

# 4.关闭交换分区
swaoff -a  # 临时关闭
永久关闭为注销/etc/fstab中swap一行

# 5.修改机器内核参数
modprobe br_netfilter
echo "modprobe br_netfilter" >> /etc/profile

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sysctl -p /etc/sysctl.d/k8s.conf

# 6. 关闭防火墙
systemctl stop firewalld ; systemctl disable firewalld

# 7.关闭selinux,修改 x selinux  配置文件之后,重启
sed - - i 's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/selinux/config

# 8.配置阿里云yum源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast

# 9.配置kubernets源
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0

# 10.时间同步并定时同步
yum install ntpdate -y
ntpdate time1.aliyun.com
* */1 * * * /usr/sbin/ntpdate time1.aliyun.com
systemctl restart crond

# 11.开启ipvs支持(组件kube-proxy用到)
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in ${ipvs_modules}; do
 /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1
 if [ 0 -eq 0 ]; then
 /sbin/modprobe ${kernel_module}
 fi
done

[root@master ~]#chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
ip_vs_ftp              13079  0 
nf_nat                 26583  1 ip_vs_ftp
ip_vs_sed              12519  0 
ip_vs_nq               12516  0 
ip_vs_sh               12688  0 
ip_vs_dh               12688  0 

# ipvs (IP Virtual Server)  实现了传输层负载均衡,也就是我们常说的 4层LAN交换,作为 Linux内核的一部分。ipvs运行在主机上,在真实服务器集群前充当负载均衡器。ipvs  可以将基于TCP 和 和 UDP的服务请求转发到真实服务器上,并使真实服务器的服务在单个 IP  地址上显示为虚拟服务

二、基础软件包安装

yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server 
socat conntrack ntpdate telnet ipvsadm iptables-services
# 停止iptables服务并禁止开机启动
service iptables stop && systemctl disable iptables
# 清空规则
iptables -F
# 1.安装docker-ce,是否指定版本自定义
yum install docker-ce-20.10.17 docker-ce-cli-20.10.17 containerd.io -y

# 2.启动并设置为开机启动
systemctl start docker && systemctl enable docker && systemctl status docker

# 3.配置镜像加速器
mkdir /etc/docker
vi /etc/docker/daemon.json
{
"registry-mirrors":["https://pft7f97f.mirror.aliyuncs.com", "https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
#exec-opts 修改驱动
  修改docker文件驱动为systemd ,默认为 cgroupfs ,kubelet默认使用 systemd ,两者必须一致才可以.
systemctl daemon-reload && systemctl restart docker && systemctl status docker
# 安装软件包(一般不按装最新的)
yum install -y  kubelet-1.20.7 kubeadm-1.20.7 kubectl-1.20.7

systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet

注:
Kubeadm : kubeadm  是一个工具,用来初始化 k ks 8s  集群的
kubelet : 安装在集群所有节点上,用于启动Pod的
kubectl: : 通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件

# 目前kubectl是起不来的,等初始化后就会自动启动
Active: activating (auto-restart) (Result: exit-code)
# 1.在master和pod1上安装nginx
yum install nginx keepalived -y

# 2.修改配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

stream {

    log_format main '$remote_addr $upstream_addr-[$time_local] $status $upstream_bytes_sent';
    access_log /var/log/nginx/k8s-access.log main;
    upstream k8s-apiserver {
        server  192.168.1.10:6443; # Master1 APISERVER IP:PORT
        server  192.168.1.11:6443; # Master2 APISERVER IP:PORT
    }
    server {
        listen 16443;
        proxy_pass k8s-apiserver;
    }
}

http {
    log_format main '$remote_addr - - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types
    default_type application/octet-stream;

    server {
        listen 80 default_server;
        server_name _;
        location / {
        }
    }
}

# yum安装的nginx检测会报错unknown directive "stream",没有stream模块
解决方法:yum install nginx-mod-stream -y
源码编译安装,添加参数:--with-stream

# keepalived.conf配置
# master:
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}

vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33        # 实际网卡名称
    virtual_router_id 51  # vrrp路由ID实例,每个实例唯一
    priority 100   # 优先级,备服务器设置为90
    advert_int 1  # 指定vrrp心跳包通告间隔时间,默认1s
    authentication {
        auth_type PASS
        auth_pass 1111
    }
# 虚拟IP(VIP)
    virtual_ipaddress {
        192.168.1.20/24
    }
    track_script {
        check_nginx
    }
}

# vrrp_script :指定检查nginx工作状态脚本(根据nginx  状态判断是否故障转移)

# pod1的keepalived.conf
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_BACKUP
}

vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.20/24
    }
    track_script {
        check_nginx
    }
}


# /etc/keepalived/check_nginx.sh检查nginx脚本编写
#!/bin/bash
count=$(ps -ef | grep nginx | grep sbin | egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
  systemctl stop keepalived
fi

chmod +x /etc/keepalived/check_nginx.sh
# 注:keepalived  根据脚本返回状态码(0为工作正常,非 0 不正常)判断是否故障转移
keepalived配置
# 启动程序
systemctl daemon-reload
systemctl start nginx && systemctl enable nginx && systemctl status nginx
systemctl start keepalived && systemctl enable keepalived && systemctl status keepalived

# master上可以看到2个IP,pod1上只能看到1个

# ip addr

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:09:d2:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.20/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::7088:c179:979e:a672/64 scope link noprefixroute
valid_lft forever preferred_lft forever

测试:停止master的nginx就会发现192.168.1.20这个IP漂移到pod1服务器上,重启master的nginx和keepalived后,IP还会漂移回master

 三、Kubeadm初始化k8s集群

主节点:

# 在master上创建kubeadm-config.yaml
# 使用准备好的镜像
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.20.6
controlPlaneEndpoint: 192.168.1.20:16443
imageRepository: registry.aliyuncs.com
imageRepository: registry.aliyuncs.com/google_containers

apiServer:
  certSANs:
    - 192.168.1.10
    - 192.168.1.11
    - 192.168.1.12
    - 192.168.1.20

networking:
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.10.0.0/16
---
apiVersion:  kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs

"""
注: --image-repository registry.aliyuncs.com/google_containers : 手动指定仓库地址为
registry.aliyuncs.com/google_containers kubeadm  默认从k8s.grc.io  拉取镜像,但是k8s.grc.io访问不到,所以需要指定从registry.aliyuncs.com/google_containers  仓库拉取镜像 。
"""

# kubeadm需要准备的镜像,可以提前准备然后倒入,这次用的别人准备好的
# master和pod1上导入准备好的镜像
导入:docker load -i k8simage-1-20-6.tar.gz
[root@master ~]# docker images
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-proxy                v1.20.6    9a1ebfd8124d   14 months ago   118MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.20.6    b93ab2ec4475   14 months ago   47.3MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.20.6    b05d611c1af9   14 months ago   122MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.20.6    560dd11d4550   14 months ago   116MB
calico/pod2daemon-flexvol                                         v3.18.0    2a22066e9588   16 months ago   21.7MB
calico/node                                                       v3.18.0    5a7c4970fbc2   16 months ago   172MB
calico/cni                                                        v3.18.0    727de170e4ce   16 months ago   131MB
calico/kube-controllers                                           v3.18.0    9a154323fbf7   16 months ago   53.4MB
registry.aliyuncs.com/google_containers/etcd                      3.4.13-0   0369cf4303ff   22 months ago   253MB
registry.aliyuncs.com/google_containers/coredns                   1.7.0      bfe3a36ebd25   2 years ago     45.2MB
registry.aliyuncs.com/google_containers/pause                     3.2        80d28bedfe5d   2 years ago     683kB

calico组件
https://projectcalico.docs.tigera.io/calico-enterprise/

# 初始化
kubeadm init --config kubeadm-config.yaml -- ignore-preflighterrors=SystemVerification # 执行结果: Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: # pod1需要,从k8s加入 kubeadm join 192.168.1.20:16443 --token dmk0g4.1l9kz4el5ewkhy57 \ --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 \ --control-plane Then you can join any number of worker nodes by running the following on each as root: # k8s节点加入命令 kubeadm join 192.168.1.20:16443 --token dmk0g4.1l9kz4el5ewkhy57 \ --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

[root@master ~]# kubectl get nodes
NAME     STATUS     ROLES                  AGE   VERSION
master   NotReady   control-plane,master   11h   v1.20.7
此时集群状态还是NotReady  状态,因为没有安装网络 插件 

 

 四、扩容k8s集群-添加master节点

从节点:

# pod1:
# 1.创建证书目录
mkdir -p /etc/kubernetes/pki/etcd && mkdir -p ~/.kube/

#  2.将master节点的证书拷贝到pod1对应目录里
[root@master pki]# cd /etc/kubernetes/pki/
[root@master pki]# scp ca.crt sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key ca.key root@pod1:/etc/kubernetes/pki/

[root@master etcd]# cd /etc/kubernetes/pki/etcd/
[root@master etcd]# scp ca.crt ca.key root@pod1:/etc/kubernetes/pki/etcd/

# 3.在master主节点上查看生成token
[root@master ~]# kubeadm token create --print-join-command
kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2     --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27

# 4.pod1节点执行加入master
kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2 --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 --control-plane

成功结果:Run 'kubectl get nodes' to see this node join the cluster. [root@pod1 ~]# mkdir -p $HOME/.kube [root@pod1 ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@pod1 ~]# chown $(id -u):$(id -g) $HOME/.kube/config [root@pod1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 11h v1.20.7 pod1 NotReady control-plane,master 43s v1.20.7 [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 12h v1.20.7 pod1 NotReady control-plane,master 2m33s v1.20.7

五、添加node节点进入集群

# pod2节点需要
[root@pod2 ~]# docker images
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-proxy                v1.20.7    ff54c88b8ecf   14 months ago   118MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.20.7    034671b24f0f   14 months ago   122MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.20.7    22d1a2072ec7   14 months ago   116MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.20.7    38f903b54010   14 months ago   47.3MB
calico/pod2daemon-flexvol                                         v3.18.0    2a22066e9588   16 months ago   21.7MB
calico/node                                                       v3.18.0    5a7c4970fbc2   16 months ago   172MB
calico/cni                                                        v3.18.0    727de170e4ce   16 months ago   131MB
calico/kube-controllers                                           v3.18.0    9a154323fbf7   16 months ago   53.4MB
registry.aliyuncs.com/google_containers/etcd                      3.4.13-0   0369cf4303ff   22 months ago   253MB
registry.aliyuncs.com/google_containers/coredns                   1.7.0      bfe3a36ebd25   2 years ago     45.2MB
registry.aliyuncs.com/google_containers/pause                     3.2        80d28bedfe5d   2 years ago     683kB

# 将节点加入集群
kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2 --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27
执行成功:
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

# master上查看
[root@master ~]# kubectl get nodes
NAME     STATUS     ROLES                  AGE   VERSION
master   NotReady   control-plane,master   12h   v1.20.7
pod1     NotReady   control-plane,master   10m   v1.20.7
pod2     NotReady   <none>                 47s   v1.20.7

# 1.20版本ROLES节点显示都是<none>,有需要可以修改为work
[root@master ~]# kubectl label node pod2 node-role.kubernets.io/worker=worker
# 查看插件情况
# 名称空间 [root@master ~]# kubectl get pods No resources found in default namespace. # coredns都是Pending状态,因为没装网络插件,-o wide可以查看到服务安装在那个节点上 [root@master ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES coredns-7f89b7bc75-bflk2 0/1 Pending 0 12h <none> <none> <none> <none> coredns-7f89b7bc75-z4k77 0/1 Pending 0 12h <none> <none> <none> <none> etcd-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> etcd-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-apiserver-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-apiserver-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-controller-manager-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-controller-manager-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-proxy-8mt7s 1/1 Running 0 14m 192.168.1.12 pod2 <none> <none> kube-proxy-bqt8c 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-proxy-vwb7g 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-scheduler-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-scheduler-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none>

六、网络插件安装---Calico

# 1.注:在线下载配置文件地址是: https://docs.projectcalico.org/manifests/calico.yaml

# calico组件功能:功能多,性能好,可以做网络策略
# 2.安装
wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
[root@master ~]# kubectl apply -f calico.yaml 

报错:calico版本不匹配
error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"

解决方法:更换calico.yml

# 3.查看
# 安装完成后可以发现coredns已经改变状态
[root@master ~]# kubectl get pods -n kube-system -o wide
NAME                                       READY   STATUS    RESTARTS   AGE     IP              NODE     NOMINATED NODE   READINESS GATES
calico-kube-controllers-6949477b58-c8vzf   1/1     Running   0          2m43s   10.244.219.65   master   <none>           <none>
calico-node-2wqck                          1/1     Running   0          2m43s   192.168.1.12    pod2     <none>           <none>
calico-node-9898g                          1/1     Running   0          2m43s   192.168.1.10    master   <none>           <none>
calico-node-jstb4                          1/1     Running   0          2m43s   192.168.1.11    pod1     <none>           <none>
coredns-7f89b7bc75-bflk2                   1/1     Running   0          12h     10.244.219.67   master   <none>           <none>
coredns-7f89b7bc75-z4k77                   1/1     Running   0          12h     10.244.219.66   master   <none>           <none>
etcd-master                                1/1     Running   1          12h     192.168.1.10    master   <none>           <none>
etcd-pod1                                  1/1     Running   0          48m     192.168.1.11    pod1     <none>           <none>
kube-apiserver-master                      1/1     Running   1          12h     192.168.1.10    master   <none>           <none>
kube-apiserver-pod1                        1/1     Running   0          48m     192.168.1.11    pod1     <none>           <none>
kube-controller-manager-master             1/1     Running   2          12h     192.168.1.10    master   <none>           <none>
kube-controller-manager-pod1               1/1     Running   0          48m     192.168.1.11    pod1     <none>           <none>
kube-proxy-8mt7s                           1/1     Running   0          38m     192.168.1.12    pod2     <none>           <none>
kube-proxy-bqt8c                           1/1     Running   0          48m     192.168.1.11    pod1     <none>           <none>
kube-proxy-vwb7g                           1/1     Running   1          12h     192.168.1.10    master   <none>           <none>
kube-scheduler-master                      1/1     Running   2          12h     192.168.1.10    master   <none>           <none>
kube-scheduler-pod1                        1/1     Running   0          48m     192.168.1.11    pod1     <none>           <none>
# 状态从NotReady变为Ready
[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES                  AGE   VERSION
master   Ready    control-plane,master   12h   v1.20.7
pod1     Ready    control-plane,master   49m   v1.20.7
pod2     Ready    <none>                 39m   v1.20.7

测试k8s创建pod是否可以正常联网:

# master上下载一个镜像镜像测试网络
docker search busybox
docker pull busybox
[root@master ~]# kubectl run busybox --image busybox:latest --restart=Never --rm -it busybox -- sh
If you don't see a command prompt, try pressing enter.
/ # ping baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=127 time=29.778 ms
# 通过上面可以看到能访问网络 ,说明calico 网络插件已经被正常安装了

[root@master ~]# kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -sh
# 报错:
Unable to connect to the server: dial tcp: lookup h on 114.114.114.114:53: no such host
原因:-sh改成 -- sh  ;--和sh之间有空格

[root@pod1 ~]# kubectl get pods -o wide
NAME      READY   STATUS    RESTARTS   AGE     IP               NODE   NOMINATED NODE   READINESS GATES
busybox   1/1     Running   0          2m59s   10.244.145.193   pod2   <none>           <none>

测试k8s集群中部署tomcat服务

# 在pod2上加载镜像tomcat
[root@pod2 ~]# docker load -i tomcat.tar.gz

# 在master上执行
[root@master ~]# cat tomcat.yaml 
apiVersion: v1  #pod属于k8s核心组v1
kind: Pod  #创建的是一个Pod资源
metadata:  #元数据
  name: demo-pod  #pod名字
  namespace: default  #pod所属的名称空间
  labels:
    app: myapp  #pod具有的标签
    env: dev      #pod具有的标签
spec:
  containers:      #定义一个容器,容器是对象列表,下面可以有多个name
  - name:  tomcat-pod-java  #容器的名字
    ports:
    - containerPort: 8080
    image: tomcat:8.5-jre8-alpine   #容器使用的镜像
    imagePullPolicy: IfNotPresent

[root@master ~]# kubectl apply -f tomcat.yaml
[root@master ~]# kubectl get pods -o wide
NAME       READY   STATUS    RESTARTS   AGE   IP               NODE   NOMINATED NODE   READINESS GATES
demo-pod   1/1     Running   0          51s   10.244.145.194   pod2   <none>           <none>
[root@master ~]# curl -I 10.244.145.194:8080
HTTP/1.1 200 
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 07 Jul 2022 04:47:25 GMT

# 10.244.145.194 只能在k8s集群中访问,外网不能访问,如果需要访问要做服务
[root@master ~]# cat tomcat-service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: tomcat
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 30080  #物理机端口30080映射到容器中8080
  selector:
    app: myapp
    env: dev

[root@master ~]# kubectl apply -f tomcat-service.yaml 
service/tomcat created
[root@master ~]# kubectl get service
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.10.0.1      <none>        443/TCP          13h
tomcat       NodePort    10.10.13.139   <none>        8080:30080/TCP   9s
# 再次测试
[root@master ~]# curl -I 192.168.1.10:30080
HTTP/1.1 200 
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 07 Jul 2022 04:56:04 GMT
浏览器访问
http://192.168.1.10:30080

 

七、测试coredns是否正常,是否能解析域名

# 查看coredns的IP
[root@master ~]# kubectl get svc -n kube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.10.0.10   <none>        53/UDP,53/TCP,9153/TCP   13h

[root@master ~]# kubectl run busybox --image busybox:latest --restart=Never --rm -it busybox -- sh
If you don't see a command prompt, try pressing enter.
/ #  nslookup kubernetes.default.svc.cluster.local
Server:        10.10.0.10
Address:    10.10.0.10:53

Name:    kubernetes.default.svc.cluster.local
Address: 10.10.0.1

*** Can't find kubernetes.default.svc.cluster.local: No answer

/ # nslookup tomcat.default.svc.cluster.local
Server:        10.10.0.10
Address:    10.10.0.10:53

Name:    tomcat.default.svc.cluster.local
Address: 10.10.13.139

# 10.10.0.10就是coredns的ip,10.10.13.139就是tomcat的IP了,说明coreDNS已经配置好了
解析内部Service的名称,是通过coreDNS去解析

 

标签:kube,--,192.168,master,kubeadm,k8s,root,pod1
来源: https://www.cnblogs.com/yangmeichong/p/16452316.html