Kubernetes 集群 YAML 文件詳解#
使用 kubectl create 命令生成 yaml 文件
kubectl create deployment web --image=nginx -o yaml --dry-run
輸出到一個文件中
kubectl create deployment web --image=nginx -o yaml --dry-run > my.yaml
使用 kubectl get 命令導出 yaml 文件
kubectl get deploy nginx -o=yaml --export > nginx.yaml
升級 Kubernetes 集群#
master 節點
#查看kubeadm發行版本
yum list --showduplicates kubeadm --disableexcludes=kubernetes
#下載kubeadm最新版
yum install -y kubeadm-1.28.0 --disableexcludes=kubernetes
#驗證升級計劃
kubeadm upgrade plan
#拉取國內鏡像
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
#選擇要升級到的目標版
kubeadm upgrade apply v1.28.0
#成功提示
[upgrade/successful] SUCCESS! Your cluster was upgraded to "v1.28.0". Enjoy!
[upgrade/kubelet] Now that your control plane is upgraded, please proceed with upgrading your kubelets if you haven't already done so.
#升級kubelet 和 kubectl
#下載kubelet 和 kubectl最新版
yum install -y kubelet-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes
#重啟 kubelet
sudo systemctl daemon-reload
sudo systemctl restart kubelet
#查看版本
kubeadm version
kubelet --version
kubectl version
node 節點
#下載kubeadm最新版
yum install -y kubeadm-1.28.0 --disableexcludes=kubernetes
#升級本地的 kubelet 配置
kubeadm upgrade node
[upgrade] The configuration for this node was successfully updated!
[upgrade] Now you should go ahead and upgrade the kubelet package using your package manager.
#升級kubelet 和 kubectl
#下載kubelet 和 kubectl最新版
yum install -y kubelet-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes
#重啟 kubelet
sudo systemctl daemon-reload
sudo systemctl restart kubelet
#查看版本
kubeadm version
kubelet --version
kubectl version
定時更新 Dashboard 登錄 token#
#!/bin/bash
#############描述#############
:<<!
定時生成Dashboard登錄token,有效期24小時
!
#############描述#############
token=$(/usr/bin/kubectl -n kubernetes-dashboard create token admin-user)
echo "
#######################################################
$(date)生成新的Dashboard登錄token,最新token如下:
#######################################################
$token" > /root/dashboard/admin-user.token
Dashboard 配置 ingress-nginx 代理#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
labels:
ingress: k8s-dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / #重寫路徑
nginx.ingress.kubernetes.io/ssl-redirect: "true" #http自動轉https
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
rules:
- host: k8s.yjs.51xueweb.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
node 節點 NotReady 問題的處理#
重新加入 node 即可
kubeadm token create --print-join-command > join-command.txt
cat join-command.txt
ingress-nginx 控制器安裝#
#下載yaml文件
wget https://gitcode.net/mirrors/kubernetes/ingress-nginx/-/blob/master/deploy/static/provider/baremetal/deploy.yaml
#修改yaml文件中拉取鏡像的地址
#####################修改內容######################
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20230407
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.1
#####################修改內容######################
#安裝
kubectl apply -f deploy.ymal
#查看狀態
kubectl get pods -n ingress-nginx
################狀態##################
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-2lz4v 0/1 Completed 0 5m46s
ingress-nginx-admission-patch-c6896 0/1 Completed 0 5m46s
ingress-nginx-controller-7575fb546-q29qn 1/1 Running 0 5m46s
#修改yaml文件
在Deployment類中加入副本
####################修改內容####################
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 2
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
k8s 使用 nfs 網絡存儲掛載#
#在集群所有節點安裝nfs
yum -y install nfs-utils
#創建 nfs 目錄並修改權限
mkdir /data
chmod -R 777 /data
echo "/data 10.12.10.32(insecure,rw,sync,no_root_squash) 10.12.10.33(insecure,rw,sync,no_root_squash) 10.12.10.34(insecure,rw,sync,no_root_squash) 10.12.10.35(insecure,rw,sync,no_root_squash)" >> /etc/exports
#使配置生效
exportfs -r
exportfs
#啟動rpcbind、nfs服務
systemctl restart rpcbind && systemctl enable rpcbind
systemctl restart nfs-server && systemctl enable nfs-server
#查看 RPC 服務的註冊狀況
rpcinfo -p localhost
#放行防火牆端口
firewall-cmd --add-port=2049/tcp --permanent
firewall-cmd --add-port=2049/udp --permanent
firewall-cmd --reload
firewall-cmd --list-all
測試是否正常提供 nfs 目錄
showmount -e 創建目錄的主機ip
#將10.12.10.31的共享目錄掛載到其他主機
mount -t nfs 10.12.10.31:/data data
創建 PV
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
namespace: nfs-test
labels:
pv: nfs-pv
spec:
capacity:
storage: 5000Mi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
server: 10.12.10.31 #創建目錄的主機ip
path: "/data"
創建 pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
namespace: nfs-test
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5000Mi #容量
selector:
matchLabels:
pv: nfs-pv #關聯pv
k8s 命令自動補全#
yum -y install bash-completion
source /usr/share/bash-completion/bash_completion
echo 'source <(kubectl completion bash)' >> ~/.bashrc