docker容器编排工具
k8s,messos,swarm(目前几乎只有k8s一家独大)
k8s最主要的4大功能: #https://kubernetes.io/zh
1:故障自愈
重新启动失败的容器。
2:服务发现和负载均衡
3:灰度发布,一键回滚
4:自动伸缩(自动扩容和自动缩容)
使用简单的命令或者UI,或者根据CPU使用情况,自动调整应用程序副本数
=====================================================================
创建第一个k8s容器
k8s的容器 叫 Pod :
(最小的单位是Pod,一个Pod就是一个容器)
1:编写一个pod文件
[root@k8s-master ~]# vim k8s_pod.yml
apiVersion: v1 #定义k8s api的版本v1
kind: Pod #kind资源 Pod
metadata: #属性,名字叫nginx,标签叫app : web(键值对)
name: nginx
labels:
app: web
spec: #详细
containers: #容器信息
- name: nginx #容器叫nginx
image: 192.168.6.129:5000/nginx:latest #使用的镜像
ports: #容器开放的端口
- containerPort: 80
2:下载一个nginx, 然后打tag。在push到我们的私有仓库上面。
[root@k8s-master ~]# docker pull nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
8d691f585fa8: Pull complete
5b07f4e08ad0: Pull complete
abc291867bca: Pull complete
Digest: sha256:922c815aa4df050d4df476e92daed4231f466acc8ee90e0e774951b0fd7195a4
[root@k8s-master ~]# docker tag nginx:latest 192.168.6.129:5000/nginx:latest
[root@k8s-master ~]#
[root@k8s-master ~]#
[root@k8s-master ~]# docker push 192.168.6.129:5000/busybox:latest
The push refers to a repository [192.168.6.129:5000/busybox]
1da8e4c8d307: Pushed
latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527
[root@k8s-master ~]#
3: 创建
[root@k8s-master ~]# kubectl create -f k8s_pod.yml
pod "nginx" created
[root@k8s-master ~]#
如果报错,请修改 :
[root@k8s-master ~]# vim /etc/kubernetes/apiserver
删除ServiceAccount字段。
重启k8s - api
[root@k8s-master ~]# systemctl restart kube-apiserver.service
4: 查询pod
[root@k8s-master ~]# kubectl get pod #一直处于创建,肯定不正常,正常应该是1/1
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 4m
5: k8s pod排错命令 describe
[root@k8s-master ~]# kubectl describe pod nginx
Name: nginx
Namespace: default
Node: k8s-node-2/192.168.6.131
Start Time: Sat, 16 Nov 2019 22:51:44 +0800
.........
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5m 5m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node-2
5m 2m 5 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
4m 9s 19 {kubelet k8s-node-2} Warning FailedSynError syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
#证书没有
#解决方法
1: 下载 官方的rpm
[root@k8s-master ~]#wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
2: 导入
[root@k8s-master ~]#rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
3:安装完成后,我们把这个镜像 pull下来 ,镜像有点大,下载会比较慢
[root@k8s-master ~]#docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
4: 打tag 把 pod-infrastructure:latest 传到我们的私有仓库
[root@k8s-master ~]#docker tag registry.access.redhat.com/rhel7/pod-infrastructure:latest 192.168.6.129:5000/pod-infrastructure:latest
[root@k8s-master ~]#docker push 192.168.6.129:5000/pod-infrastructure:latest
5:如下操作,在两台node-1 。Node-2 上面操作
修改k8s配置,把红帽官网的下载地址,改成我们的私有仓库的镜像地址
[root@k8s-node-1 ~]# vim /etc/kubernetes/kubelet
改成我们私有仓库的:
6:重启kubelet
[root@k8s-node-1 ~]# systemctl restart kubelet.service
#再去主看刚才pod状态
[root@k8s-master ~]# kubectl describe pod nginx
11m 40s 7 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulling pulling image "192.168.6.129:5000/nginx:latest"
11m 33s 2 {kubelet k8s-node-2} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
33s 33s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulled Successfully pulled image "192.168.6.129:5000/nginx:latest"
33s 33s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Created Created container with docker id 1ed4475247b1; Security:[seccomp=unconfined]
32s 32s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Started Started container with docker id 1ed4475247b1
#状态改变了,1/1 Runing 了
[root@k8s-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 1d
[root@k8s-master ~]#
查看更详细信息:
Kubectl get pod -o wide
Node-2 : 会发现pod容器起了两个 (起一个pod,docker就会创建两个)
Docker 启动了两个容器:
192.168.6.129:5000/nginx:latest (docker inspect 会发现没有IP)
192.168.6.129:5000/pod-infrastructure:latest (docker inspect 有IP地址)
这里就是用到了Container 网络共享。
具体请看:https://www.cnblogs.com/jim-xu/p/11795406.html
《注意:》
两个容器要死就会一起死,要活一起活