Kubernetes 集群 YAML 文件详解#
使用 kubectl create 命令生成 yaml 文件
kubectl create deployment web --image=nginx -o yaml --dry-run
输出到一个文件中
kubectl create deployment web --image=nginx -o yaml --dry-run > my.yaml
使用 kubectl get 命令导出 yaml 文件
kubectl get deploy nginx -o=yaml --export > nginx.yaml
升级 Kubernetes 集群#
master 节点
#查看kubeadm发行版本
yum list --showduplicates kubeadm --disableexcludes=kubernetes
#下载kubeadm最新版
yum install -y kubeadm-1.28.0 --disableexcludes=kubernetes
#验证升级计划
kubeadm upgrade plan
#拉取国内镜像
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
#选择要升级到的目标版
kubeadm upgrade apply v1.28.0
#成功提示
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.28.0". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
#升级kubelet 和 kubectl
#下载kubelet 和 kubectl最新版
yum install -y kubelet-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes
#重启 kubelet
sudo systemctl daemon-reload
sudo systemctl restart kubelet
#查看版本
kubeadm version
kubelet --version
kubectl version
node 节点
#下载kubeadm最新版
yum install -y kubeadm-1.28.0 --disableexcludes=kubernetes
#升级本地的 kubelet 配置
kubeadm upgrade node
[upgrade] The configuration for this node was successfully updated!
[upgrade] Now you should go ahead and upgrade the kubelet package using your package manager.
#升级kubelet 和 kubectl
#下载kubelet 和 kubectl最新版
yum install -y kubelet-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes
#重启 kubelet
sudo systemctl daemon-reload
sudo systemctl restart kubelet
#查看版本
kubeadm version
kubelet --version
kubectl version
定时更新 Dashboard 登录 token#
#!/bin/bash
#############描述#############
:<<!
定时生成Dashboard登录token,有效期24小时
!
#############描述#############
token=$(/usr/bin/kubectl -n kubernetes-dashboard create token admin-user)
echo "
#######################################################
$(date)生成新的Dashboard登录token,最新token如下:
#######################################################
$token" > /root/dashboard/admin-user.token
Dashboard 配置 ingress-nginx 代理#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
labels:
ingress: k8s-dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / #重写路径
nginx.ingress.kubernetes.io/ssl-redirect: "true" #http自动转https
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
rules:
- host: k8s.yjs.51xueweb.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
node 节点 NotReady 问题的处理#
重新加入 node 即可
kubeadm token create --print-join-command > join-command.txt
cat join-command.txt
ingress-nginx 控制器安装#
#下载yaml文件
wget https://gitcode.net/mirrors/kubernetes/ingress-nginx/-/blob/master/deploy/static/provider/baremetal/deploy.yaml
#修改yaml文件中拉取镜像的地址
#####################修改内容######################
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20230407
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.1
#####################修改内容######################
#安装
kubectl apply -f deploy.ymal
#查看状态
kubectl get pods -n ingress-nginx
################状态##################
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-2lz4v 0/1 Completed 0 5m46s
ingress-nginx-admission-patch-c6896 0/1 Completed 0 5m46s
ingress-nginx-controller-7575fb546-q29qn 1/1 Running 0 5m46s
#修改yaml文件
在Deployment类中加入副本
####################修改内容####################
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 2
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
k8s 使用 nfs 网络存储挂载#
#在集群所有节点安装nfs
yum -y install nfs-utils
#创建 nfs 目录并修改权限
mkdir /data
chmod -R 777 /data
echo "/data 10.12.10.32(insecure,rw,sync,no_root_squash) 10.12.10.33(insecure,rw,sync,no_root_squash) 10.12.10.34(insecure,rw,sync,no_root_squash) 10.12.10.35(insecure,rw,sync,no_root_squash)" >> /etc/exports
#使配置生效
exportfs -r
exportfs
#启动rpcbind、nfs服务
systemctl restart rpcbind && systemctl enable rpcbind
systemctl restart nfs-server && systemctl enable nfs-server
#查看 RPC 服务的注册状况
rpcinfo -p localhost
#放行防火墙端口
firewall-cmd --add-port=2049/tcp --permanent
firewall-cmd --add-port=2049/udp --permanent
firewall-cmd --reload
firewall-cmd --list-all
测试是否正常提供 nfs 目录
showmount -e 创建目录的主机ip
#将10.12.10.31的共享目录挂载到其他主机
mount -t nfs 10.12.10.31:/data data
创建 PV
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
namespace: nfs-test
labels:
pv: nfs-pv
spec:
capacity:
storage: 5000Mi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
server: 10.12.10.31 #创建目录的主机ip
path: "/data"
创建 pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
namespace: nfs-test
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5000Mi #容量
selector:
matchLabels:
pv: nfs-pv #关联pv
k8s 命令自动补全#
yum -y install bash-completion
source /usr/share/bash-completion/bash_completion
echo 'source <(kubectl completion bash)' >> ~/.bashrc