架构设计图:etcd保存了整个集群的状态; apiserver提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制; controller manager负责维护集群的状态,比如故障检测、自动扩展、滚动更新等; scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上; kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理; Container runtime负责镜像管理以及Pod和容器的真正运行(CRI); kube-proxy负责为Service提供cluster内部的服务发现和负载均衡;
--------------------------------------------------------
kubernetes的认证和授权
-----------------------------------------------------------------------------------------------
架构设计图:etcd保存了整个集群的状态;
apiserver提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制;
controller manager负责维护集群的状态,比如故障检测、自动扩展、滚动更新等;
scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上;
kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理;
Container runtime负责镜像管理以及Pod和容器的真正运行(CRI);
kube-proxy负责为Service提供cluster内部的服务发现和负载均衡;
基于kubeadm高可用集群搭建:
集群可用性测试:
1. 创建nginx ds
# 写入配置
$ cat > nginx-ds.yml <<EOF
apiVersion: v1
kind: Service
metadata:
name: nginx-ds
labels:
app: nginx-ds
spec:
type: NodePort
selector:
app: nginx-ds
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ds
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
template:
metadata:
labels:
app: nginx-ds
spec:
containers:
- name: my-nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF
# 创建ds
$ kubectl create -f nginx-ds.yml
2.检查各种ip连通性:
[root@m1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ds-4sgjg 1/1 Running 0 38s 172.22.3.3 s1 <none> <none>
nginx-ds-5n7k6 1/1 Running 0 38s 172.22.4.3 s2 <none> <none>
[root@m1 ~]# ping 172.22.3.3
PING 172.22.3.3 (172.22.3.3) 56(84) bytes of data.
64 bytes from 172.22.3.3: icmp_seq=1 ttl=63 time=0.981 ms
64 bytes from 172.22.3.3: icmp_seq=2 ttl=63 time=0.695 ms
[root@m1 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
nginx-ds NodePort 10.103.179.226 <none> 80:32680/TCP 4m24s
curl 192.168.220.10:32680 #所有m1 m2 m3 s1 s2
curl 10.103.179.226 #集群内ip
3.检查dns可用性
# 创建一个nginx pod
$ cat > pod-nginx.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF
# 创建pod
$ kubectl create -f pod-nginx.yaml
# 进入pod,查看dns
$ kubectl exec nginx -i -t -- /bin/bash
# 查看dns配置
root@nginx:/# cat /etc/resolv.conf
# 查看名字是否可以正确解析
root@nginx:/# ping nginx-ds
-----------------------------------------------------------
harbor
https://github.com/goharbor/harbor
v1.6.0
https://github.com/goharbor/harbor/releases
harbor高可用:
nginx做负载均衡,AB两机器互相拉取,双主复制。
三台服务器,ab两台下载好harbor
ab都解压:
tar xvf harbor-offline-installer-v1.6.0.tgz
cd harbor
ab 都修改文件 vim harbor.cfg
修改hostname=192.168.220.10 #另外一台改成自己的
harbor_admin_password = Harbor12345
vim docker-compose.yml
harbor磁盘一般放在/data,要大一些
sh install.sh
发现需要下载docker-compose
ab都下载docker-compose
mv docker-compose-Linux-x86_64-1.22.0 /usr/local/bin/docker-compose
[root@m1 harbor]# chmod +x /usr/local/bin/docker-compose
最后 sh install.sh
ab机关闭harbor
docker-compose down
ab机打开harbor
docker-compose up -d
c机装个nginx,负责负载均衡
docker pull nginx:1.13.12
[root@m3 ~]# cat nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events{
worker_connections 1024;
}
stream {
upstream hub {
server 192.168.220.10:80;
}
server {
listen 80;
proxy_pass hub;
proxy_timeout 300s;
proxy_connect_timeout 5s;
}
}
[root@m3 ~]# cat nginx_restart.sh
#!/bin/bash
docker stop harbornginx
docker rm harbornginx
docker run -dit --net=host --name harbornginx -v /root/nginx.conf:/etc/nginx/nginx.conf nginx:1.13.12
sh nginx_restart.sh
访问m3这台c机器的nginx
新建一个项目alexk8s
去m3的c机随便找个镜像,打个tag,上传一下
vim /etc/hosts
192.168.220.12 m3 alexshuai.com
由于是443的,要对docker更改一下配置:
vim /etc/docker/daemon.json
{
"insecure-registries": ["alexshuai.com"],
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"registry-mirrors": ["https://welk5fzf.mirror.aliyuncs.com"]
}
service docker restart
注意:如果其他机器要pull镜像,也要做以上工作
sh nginx_restart.sh #nginx 由于docker重启被停了,启动
去harbor网页新建用户
alex
123456Ab
并且附加到alexk8s这个仓库
docker login alexshuai.com
docker tag nginx:1.13.12 alexshuai.com/alexk8s/nginx:1.13.12
docker push alexshuai.com/alexk8s/nginx:1.13.12
最后到网页上看看