• 03:k8s创建容器(pod)


    docker容器编排工具
    k8s,messos,swarm(目前几乎只有k8s一家独大)

    k8s最主要的4大功能: #https://kubernetes.io/zh
    1:故障自愈
    重新启动失败的容器。
    2:服务发现和负载均衡
    3:灰度发布,一键回滚
    4:自动伸缩(自动扩容和自动缩容)
    使用简单的命令或者UI,或者根据CPU使用情况,自动调整应用程序副本数
    =====================================================================

    创建第一个k8s容器

    k8s的容器 叫 Pod :
    (最小的单位是Pod,一个Pod就是一个容器)

    1:编写一个pod文件
    [root@k8s-master ~]# vim k8s_pod.yml
    apiVersion: v1 #定义k8s api的版本v1
    kind: Pod #kind资源 Pod
    metadata: #属性,名字叫nginx,标签叫app : web(键值对)
    name: nginx
    labels:
    app: web
    spec: #详细
    containers: #容器信息
    - name: nginx #容器叫nginx
    image: 192.168.6.129:5000/nginx:latest #使用的镜像
    ports: #容器开放的端口
    - containerPort: 80

    2:下载一个nginx, 然后打tag。在push到我们的私有仓库上面。
    [root@k8s-master ~]# docker pull nginx
    Using default tag: latest
    Trying to pull repository docker.io/library/nginx ...
    latest: Pulling from docker.io/library/nginx
    8d691f585fa8: Pull complete
    5b07f4e08ad0: Pull complete
    abc291867bca: Pull complete
    Digest: sha256:922c815aa4df050d4df476e92daed4231f466acc8ee90e0e774951b0fd7195a4
    [root@k8s-master ~]# docker tag nginx:latest 192.168.6.129:5000/nginx:latest
    [root@k8s-master ~]#
    [root@k8s-master ~]#
    [root@k8s-master ~]# docker push 192.168.6.129:5000/busybox:latest

    The push refers to a repository [192.168.6.129:5000/busybox]
    1da8e4c8d307: Pushed
    latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527
    [root@k8s-master ~]#

    3: 创建
    [root@k8s-master ~]# kubectl create -f k8s_pod.yml
    pod "nginx" created
    [root@k8s-master ~]#

    如果报错,请修改 :
    [root@k8s-master ~]# vim /etc/kubernetes/apiserver
    删除ServiceAccount字段。
    重启k8s - api
    [root@k8s-master ~]# systemctl restart kube-apiserver.service

    4: 查询pod
    [root@k8s-master ~]# kubectl get pod #一直处于创建,肯定不正常,正常应该是1/1
    NAME READY STATUS RESTARTS AGE
    nginx 0/1 ContainerCreating 0 4m

    5: k8s pod排错命令 describe
    [root@k8s-master ~]# kubectl describe pod nginx
    Name: nginx
    Namespace: default
    Node: k8s-node-2/192.168.6.131
    Start Time: Sat, 16 Nov 2019 22:51:44 +0800
    .........
    FirstSeen LastSeen Count From SubObjectPath Type Reason Message
    --------- -------- ----- ---- ------------- -------- ------ -------
    5m 5m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node-2
    5m 2m 5 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

    4m 9s 19 {kubelet k8s-node-2} Warning FailedSynError syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""

    #证书没有

    #解决方法
    1: 下载 官方的rpm
    [root@k8s-master ~]#wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
    2: 导入
    [root@k8s-master ~]#rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
    3:安装完成后,我们把这个镜像 pull下来 ,镜像有点大,下载会比较慢
    [root@k8s-master ~]#docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
    4: 打tag 把 pod-infrastructure:latest 传到我们的私有仓库
    [root@k8s-master ~]#docker tag registry.access.redhat.com/rhel7/pod-infrastructure:latest 192.168.6.129:5000/pod-infrastructure:latest
    [root@k8s-master ~]#docker push 192.168.6.129:5000/pod-infrastructure:latest
    5:如下操作,在两台node-1 。Node-2 上面操作
    修改k8s配置,把红帽官网的下载地址,改成我们的私有仓库的镜像地址
    [root@k8s-node-1 ~]# vim /etc/kubernetes/kubelet

    改成我们私有仓库的:

    6:重启kubelet
    [root@k8s-node-1 ~]# systemctl restart kubelet.service


    #再去主看刚才pod状态
    [root@k8s-master ~]# kubectl describe pod nginx
    11m 40s 7 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulling pulling image "192.168.6.129:5000/nginx:latest"
    11m 33s 2 {kubelet k8s-node-2} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
    33s 33s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulled Successfully pulled image "192.168.6.129:5000/nginx:latest"
    33s 33s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Created Created container with docker id 1ed4475247b1; Security:[seccomp=unconfined]
    32s 32s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Started Started container with docker id 1ed4475247b1

    #状态改变了,1/1 Runing 了

    [root@k8s-master ~]# kubectl get pod   
    NAME READY STATUS RESTARTS AGE
    nginx 1/1 Running 0 1d
    [root@k8s-master ~]#

    查看更详细信息:
    Kubectl get pod -o wide

    Node-2 : 会发现pod容器起了两个 (起一个pod,docker就会创建两个)
    Docker 启动了两个容器:

    192.168.6.129:5000/nginx:latest (docker inspect 会发现没有IP)
    192.168.6.129:5000/pod-infrastructure:latest (docker inspect 有IP地址)

    这里就是用到了Container 网络共享。
    具体请看:https://www.cnblogs.com/jim-xu/p/11795406.html

    《注意:》
    两个容器要死就会一起死,要活一起活 

     

     

     

  • 相关阅读:
    Linux pwn入门教程(1)——栈溢出基础
    Java代码审计入门篇
    利用Burp Suite攻击Web应用
    记一次对某企业的渗透测试实战
    Python 绝技 —— UDP 服务器与客户端
    SQL注入之重新认识
    文件上传和WAF的攻与防
    phpMyAdmin 4.7.x CSRF 漏洞利用
    Powershell渗透测试系列–进阶篇
    AFN检測网络情况
  • 原文地址:https://www.cnblogs.com/jim-xu/p/11879233.html
Copyright © 2020-2023  润新知