爱站程序员基地更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈
Endpoints
命名空间级资源,如果endpoints和service是同一个名字,那么就自动关联。
功能一:与service做负载均衡
[root@k8s ~]# kubectl describe svcName: kubernetesNamespace: defaultLabels: component=apiserverprovider=kubernetesAnnotations: <none>Selector: <none>Type: ClusterIPIP Family Policy: SingleStackIP Families: IPv4IP: 10.96.0.1IPs: 10.96.0.1Port: https 443/TCPTargetPort: 6443/TCPEndpoints: 192.168.15.201:6443Session Affinity: NoneEvents: <none>
功能二:将外部服务引入集群
案例
# 先在本机创建一个外部的服务mysql[root@k8s endpoints]# docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7c34bab6ad37f46bae59ef2ee712e8430c53142d30a53119e9912407fd540ad61# 端口3306,密码如上
kind: EndpointsapiVersion: v1metadata:namespace: defaultname: test-endpointssubsets:- addresses: # 代理ip- ip: 192.168.15.201ports:- port: 3306 # 服务的端口protocol: TCPname: http---kind: ServiceapiVersion: v1metadata:name: test-endpoints # 这里的名称要和上面一样才能关联namespace: defaultspec:ports:- port: 3306targetPort: 3306protocol: TCPname: http---kind: Deployment # 提供一个mysql的客户端apiVersion: apps/v1metadata:name: mysqlnamespace: defaultspec:selector:matchLabels:app: mysql-v1template:metadata:labels:app: mysql-v1spec:containers:- name: mysqlimage: mysql:5.7env:- name: MYSQL_ROOT_PASSWORDvalue: "123456"
# 部署endpoints文件[root@k8s endpoints]# kubectl apply -f endpoints.yamlendpoints/test-endpoints createdservice/test-endpoints createddeployment.apps/mysql created[root@k8s endpoints]# kubectl get -f endpoints.yamlNAME ENDPOINTS AGEendpoints/test-endpoints 192.168.15.201:3306 8sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/test-endpoints ClusterIP 10.106.61.144 <none> 3306/TCP 8sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/mysql 1/1 1 1 8s
更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈
# 进入部署的项目[root@k8s endpoints]# kubectl exec -it mysql-578666457d-g8856 -- bash# 链接这个集群内部的iproot@mysql-578666457d-g8856:/# mysql -uroot -p123456 -h10.106.61.144mysql> create database db01;Query OK, 1 row affected (0.01 sec)mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || db01 || mysql || performance_schema || sys |+--------------------+5 rows in set (0.00 sec)
# 进入外面的docker的mysql[root@k8s endpoints]# docker exec -it c34bab6ad37f bashroot@c34bab6ad37f:/# mysql -uroot -p123456mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || db01 || mysql || performance_schema || sys |+--------------------+5 rows in set (0.00 sec)# 发现刚才创建的db01在这里,说明Endpoints成功的代理了mysql服务
服务健康检查
配置清单
---kind: DeploymentapiVersion: apps/v1metadata:name: test-deploymentspec:selector:matchLabels:app: nginx-v1template:metadata:labels:app: nginx-v1spec:containers:- name: nginximage: nginxlifecycle: # 回调HOOKpostStart: # 创建Pod前启动exec: # 第一种方式,使用较多command:- "/bin/sh"- "-c"- "touch /root/1.txt"httpGet: # 第二种方式(使用少)port: 80path: / # httpGet的请求必须返回是200才认为是成功的tcpSocket: # 第三种方式(使用少)port: 80preStop: # 删除Pod前启动exec:command:- "/bin/sh"- "-c"- "echo 123 > /root/1.txt"livenessProbe:exec:command:- "bin/bash"- "-c"- "cat /usr/share/nginx/html/index.php"initialDelaySeconds: 0 # 执行延迟时间periodSeconds: 3 # 探测频率timeoutSeconds: 1 # 超时时间successThreshold: 1 # 探测成功多少次为成功failureThreshold: 3 # 探测失败多少次为失败readinessProbe:tcpSocket:port: 80initialDelaySeconds: 30 # 项目比较大的时候给大一点periodSeconds: 1 # 就绪性的敏感度设置较大,用户体验较好timeoutSeconds: 1successThreshold: 3failureThreshold: 1
回调HOOK–lifecycle
启动时的执行函数为postStart,执行的方式有三种,分别是exec、httpGet、tcpSocket,但是httpGet需要请求到200才会返回成功,否则失败。
结束时的执行函数为preStop,执行方式与上面类似。
存活性–livenessProbe
存活性这里一般用exec的形式来检查,生产环境一般设置如下
livenessProbe:exec:command:- "bin/bash"- "-c"- "cat /usr/share/nginx/html/index.php"initialDelaySeconds: 0 # 执行延迟时间,一般立即执行periodSeconds: 3 # 探测频率,三秒探测一次timeoutSeconds: 1 # 超时时间successThreshold: 1 # 探测成功多少次为成功failureThreshold: 3 # 探测失败多少次为失败
就绪性–readinessProbe
就绪性这里一般是通过检查端口的形式来配置
readinessProbe:tcpSocket:port: 80initialDelaySeconds: 30 # 项目比较大的时候给大一点periodSeconds: 1 # 就绪性的敏感度设置较大,用户体验较好timeoutSeconds: 1 # 超时时间successThreshold: 3 # 三次成功为成功failureThreshold: 1 # 一次失败剔除
综合案例–wordpress博客项目
# 数据库服务部署# 数据库名称空间创建apiVersion: v1kind: Namespacemetadata:name: mysql---# 数据库控制器创建apiVersion: apps/v1kind: Deploymentmetadata:name: mysqlnamespace: mysqlspec:selector:matchLabels:app: mysqltemplate:metadata:labels:app: mysqlspec:containers:- name: mysqlimage: mysql:5.7env:- name: MYSQL_ROOT_PASSWORDvalue: "123456"- name: MYSQL_DATABASEvalue: wordpresslivenessProbe: # 存活性检查exec:command:- "/bin/bash"- "-c"- "cat /etc/mysql/my.cnf"initialDelaySeconds: 0periodSeconds: 3timeoutSeconds: 1successThreshold: 1failureThreshold: 3readinessProbe: # 就绪性检查tcpSocket:port: 3306initialDelaySeconds: 20periodSeconds: 1successThreshold: 3failureThreshold: 1timeoutSeconds: 1---# 给数据库配置ServiceapiVersion: v1kind: Servicemetadata:name: mysqlnamespace: mysqlspec:selector:app: mysqlports:- port: 3306targetPort: 3306type: NodePort# 数据库部署完毕---# 创建项目的名称空间apiVersion: v1kind: Namespacemetadata:namespace: wordpressname: wordpress---# 创建项目的控制器apiVersion: apps/v1kind: Deploymentmetadata:name: wordpressnamespace: wordpressspec:selector:matchLabels:app: wordpresstemplate:metadata:labels:app: wordpressspec:containers:- name: phpimage: alvinos/php:wordpress-v2imagePullPolicy: AlwayslivenessProbe:exec:command:- "/bin/bash"- "-c"- "ps -ef | grep php"initialDelaySeconds: 0periodSeconds: 3timeoutSeconds: 1successThreshold: 1failureThreshold: 1readinessProbe:tcpSocket:port: 9000initialDelaySeconds: 20periodSeconds: 1timeoutSeconds: 1successThreshold: 3failureThreshold: 1- name: nginximage: alvinos/nginx:wordpress-v2imagePullPolicy: AlwayslivenessProbe:exec:command:- "/bin/bash"- "-c"- "cat /etc/nginx/nginx.conf"initialDelaySeconds: 0periodSeconds: 3timeoutSeconds: 1successThreshold: 1failureThreshold: 1readinessProbe:tcpSocket:port: 80initialDelaySeconds: 10periodSeconds: 1timeoutSeconds: 1successThreshold: 3failureThreshold: 1# 控制器部署完毕---# 部署控制器ServiceapiVersion: v1kind: Servicemetadata:name: wordpressnamespace: wordpressspec:selector:app: wordpressports:- port: 80targetPort: 80name: httpnodePort: 30080- port: 443targetPort: 443name: httpstype: NodePort
cluster.local想要修改可以修改这里[root@k8s wordpress]# grep -ro "cluster.local" /etc/kubernetes//etc/kubernetes/manifests/kube-apiserver.yaml:cluster.local
ADM的api高可用
导出初始化文件,做修改
[root@localhost ~]# kubeadm config print init-defaults > init-config.yaml[root@localhost ~]# cat init-config.yamlapiVersion: kubeadm.k8s.io/v1beta2bootstrapTokens:- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authenticationkind: InitConfigurationlocalAPIEndpoint:advertiseAddress: 1.2.3.4bindPort: 6443nodeRegistration:criSocket: /var/run/dockershim.sockname: nodetaints: null---apiServer:timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta2certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrollerManager: {}dns:type: CoreDNSetcd:local:dataDir: /var/lib/etcdimageRepository: k8s.gcr.iokind: ClusterConfigurationkubernetesVersion: 1.21.0networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12scheduler: {}
修改
INIT_IP=`hostname -i`INIT_HOST=`hostname`cat > init-config.yaml << EOFapiVersion: kubeadm.k8s.io/v1beta2bootstrapTokens:- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authenticationkind: InitConfigurationlocalAPIEndpoint:advertiseAddress: ${INIT_IP} # 当前的主机ipbindPort: 6443nodeRegistration:criSocket: /var/run/dockershim.sockname: ${INIT_HOST} # 对应的主机名taints:- effect: NoSchedulekey: node-role.kubernetes.io/master---apiServer:certSANs:- 192.168.15.59 # 高可用的虚拟IPtimeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta2certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrolPlaneEndpoint: 192.168.15.59:8443controllerManager: {}dns:type: CoreDNSetcd:local:dataDir: /var/lib/etcdimageRepository: registry.cn-shanghai.aliyuncs.com/baim0os # 自己的镜像仓库kind: ClusterConfigurationkubernetesVersion: 1.21.3networking:dnsDomain: cluster.localpodSubnet: 10.244.0.0/16serviceSubnet: 10.96.0.0/12scheduler: {}EOF
安装高可用软件
# 三台master节点都需要安装# keeplived + haproxy[root@k8s-m-01 ~]# yum install -y keepalived haproxy
# 修改keepalived配置文件# 根据节点的不同,修改的配置也不同mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bakcd /etc/keepalivedKUBE_APISERVER_IP=`hostname -i`cat > /etc/keepalived/keepalived.conf <<EOF! Configuration File for keepalivedglobal_defs {router_id LVS_DEVEL}vrrp_script chk_kubernetes {script "/etc/keepalived/check_kubernetes.sh"interval 2weight -5fall 3rise 2}vrrp_instance VI_1 {state MASTERinterface eth0mcast_src_ip ${KUBE_APISERVER_IP}virtual_router_id 51priority 100advert_int 2authentication {auth_type PASSauth_pass K8SHA_KA_AUTH}virtual_ipaddress {192.168.15.59}}EOF[root@k8s-m-01 /etc/keepalived]# systemctl enable --now keepalived
# 修改haproxy配置文件# 高可用软件cat > /etc/haproxy/haproxy.cfg <<EOFglobalmaxconn 2000ulimit-n 16384log 127.0.0.1 local0 errstats timeout 30sdefaultslog globalmode httpoption httplogtimeout connect 5000timeout client 50000timeout server 50000timeout http-request 15stimeout http-keep-alive 15sfrontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorlisten statsbind *:8006mode httpstats enablestats hide-versionstats uri /statsstats refresh 30sstats realm Haproxy\\ Statisticsstats auth admin:adminfrontend k8s-masterbind 0.0.0.0:8443bind 127.0.0.1:8443mode tcpoption tcplogtcp-request inspect-delay 5sdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobindefault-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100server m01 192.168.15.51:6443 check inter 2000 fall 2 rise 2 weight 100server m02 192.168.15.52:6443 check inter 2000 fall 2 rise 2 weight 100server m03 192.168.15.53:6443 check inter 2000 fall 2 rise 2 weight 100EOF[root@k8s-m-01 /etc/keepalived]# systemctl enable --now haproxy.serviceCreated symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
初始化集群
kubeadm init --config init-config.yaml --upload-certs# 主节点命令复制下来kubeadm join 192.168.15.59:8443 --token abcdef.0123456789abcdef \\--discovery-token-ca-cert-hash sha256:b22691a3783c7f1a3544006e64907418476b6942393dffa02b3b0f20cb46a083 \\--control-plane --certificate-key 2e222d296099e3c4656dd9aa12d81b5bbbd0a3f2f13d6d3a9252334034785af1# 从节点命令复制下来kubeadm join 192.168.15.59:8443 --token abcdef.0123456789abcdef \\--discovery-token-ca-cert-hash sha256:b22691a3783c7f1a3544006e64907418476b6942393dffa02b3b0f20cb46a083# 启动mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
安装网络插件calico
# 下载calicocurl https://docs.projectcalico.org/manifests/calico.yaml -O# 部署calicokubectl apply -f calico.yaml
各节点执行加入命令
# 设置集群角色kubectl label nodes n01 node-role.kubernetes.io/node=n01kubectl label nodes n02 node-role.kubernetes.io/node=n02# 查看集群状态[root@m01 ~]# kubectl get nodes[root@m01 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONm01 Ready control-plane,master 36m v1.21.3m02 Ready control-plane,master 6m47s v1.21.3m03 Ready control-plane,master 5m50s v1.21.3n01 Ready node 5m v1.21.3n02 Ready node 4m42s v1.21.3
更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈更多精彩内容请关注微信公众号:新猿技术生态圈
