k8s

K8S

安装docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo sed -i 's/$releasever/7/g' /etc/yum.repos.d/docker-ce.repo
sudo yum update -y
sudo yum install yum-utils docker-ce docker-ce-cli containerd.io -y
sudo systemctl start docker

kubaadm 引导初始化K8S集群

1
2
3
4
5
6
kubeadm init --pod-network-cidr 10.244.0.0/16 --control-plane-endpoint  k8s-control-plane-endpoint-vip:6443  --upload-certs  --kubernetes-version=v1.22.1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 允许master节点进行负载
kubectl taint nodes --all node-role.kubernetes.io/master-
vim /etc/kubernetes/manifests/kube-apiserver.yaml
#- --service-node-port-range=1000-32000
1
2
# 加入控制平面
kubeadm join k8s-control-plane-endpoint-vip:6443 --token xxxxxx.xxxxxxxxxxxxxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --control-plane --certificate-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

K8S客户端

1
2
export KUBECONFIG=/etc/kubernetes/admin.conf
sudo kubectl get pods

K8S资源负载情况

1
2
3
curl -L https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml \
| sed -s 's/k8s.gcr.io/registry.cn-hangzhou.aliyuncs.com\/google_containers/g' \
| kubectl apply -f -

参考

1
2
3
4
5
6
# echo "serverTLSBootstrap: true" >> /var/lib/kubelet/config.yaml

systemctl daemon-reload
systemctl restart kubelet.service
kubectl get csr
kubectl certificate approve xxx ???

K8S 资源限制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
echo "===prepare workspace==="
if [ ! -d "workspace" ]; then
echo "create new workspace"
mkdir workspace
fi
cd workspace

echo "===goto current space==="
version=$[$(ls | sort -n | tail -n 1)+1]
mkdir $version
cd $version
echo "Version: $version"
echo "Space: $(pwd)"


echo "===deploy to k8s==="
mkdir deploy
cd deploy
cat>limitRange.yaml<<EOF
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-min-max-demo-lr
spec:
limits:
- max:
cpu: "800m"
min:
cpu: "200m"
type: Container
EOF
kubectl apply -f limitRange.yaml
cd ..

K8S重启失败

1
2
3
4
5
6
7
8
9
10
systemctl status kubelet -n 1000

free -m # 看看swap分区是否被打开
swapoff -a

systemctl daemon-reload
systemctl restart kubelet

hostname -f
hostname xxxxxxx

重装

1
2
3
kubeadm reset
rm -rf /etc/kubernetes
rm -rf /var/lib/etcd/

simple Java Project

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
echo -e "===prepare workspace==="
if [ ! -d "workspace" ]; then
echo "create new workspace"
mkdir workspace
fi
cd workspace

echo -e "===goto current space==="
version=$[$(ls | sort -n | tail -n 1)+1]
mkdir $version
cd $version
echo "Version: $version"
echo "Space: $(pwd)"

echo -e "===set parmas==="
gitPath=xxxx
girBranch=xxxx
# mavenMirror=https://maven.aliyun.com/repository/public
mavenMirror=xxxx
mavenCacheVolume=maven-repo
# mavenImage=maven:3.6.3-openjdk-16
mavenImage=maven:3.6.3-jdk-8
mavenPackageTarget=xxx-start/target/*.jar
# jdkImage=openjdk:16-jdk
jdkImage=openjdk:8-jdk
javaApp=xxxx

echo -e "===get code==="
docker run -i --rm \
-v ${HOME}:/root \
-v $(pwd)/src:/git \
alpine/git \
clone $gitPath .
pwd
echo $girBranch
docker run -i --rm \
-v ${HOME}:/root \
-v $(pwd)/src:/git \
alpine/git \
checkout $girBranch


echo -e "===build target==="
mkdir .m2
cat>.m2/settings.xml<<EOF
<settings>
<mirrors>
<mirror>
<id>proxy</id>
<mirrorOf>central</mirrorOf>
<name>proxy maven</name>
<url>$mavenMirror</url>
</mirror>
</mirrors>
</settings>
EOF
docker volume create --name $mavenCacheVolume
docker run -i --rm \
-v $(pwd)/src:/usr/src/mymaven \
-v $mavenCacheVolume:/root/.m2/repository \
-v $(pwd)/.m2/settings.xml:/root/.m2/settings.xml \
-w /usr/src/mymaven \
$mavenImage \
mvn package -Dmaven.test.skip=true

echo -e "===move jar==="
mkdir image
mv src/$mavenPackageTarget image/main.jar

echo -e "===build image==="
cd image
cat>Dockerfile<<EOF
FROM $jdkImage
COPY main.jar /main.jar
COPY entrypoint.sh /entrypoint.sh
CMD ["sh","entrypoint.sh"]
EOF
cat>entrypoint.sh<<EOF
java -jar -Xmx250m -Xms200m -Dserver.port=80 /main.jar --logger.print-parmas.enable=true
EOF
docker build -t $javaApp:$version .
cd ..

echo -e "===deploy to k8s==="
mkdir deploy
cd deploy
cat>${javaApp}-deployment.yaml<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${javaApp}-deployment
labels:
app: $javaApp
spec:
replicas: 1
selector:
matchLabels:
app: $javaApp
template:
metadata:
labels:
app: $javaApp
spec:
containers:
- name: $javaApp
image: $javaApp:$version
imagePullPolicy: IfNotPresent
env:
- name: ENV
value: "env"
ports:
- containerPort: 80
resources:
limits:
cpu: 0.3
memory: 400Mi
requests:
cpu: 0.3
memory: 300Mi
livenessProbe:
httpGet:
path: /swagger-ui/
port: 80
initialDelaySeconds: 100
periodSeconds: 3
strategy: # 策略
type: RollingUpdate # 也可以是Recreate
rollingUpdate:
maxUnavailable: 50% # 滚动更新的时候的最大不可用pod数量, 可以是绝对数字或者比例10%
maxSurge: 50% # 动更新的时候的溢出的pod数量,也可以是绝对数字
progressDeadlineSeconds: 150 # 进度期限秒数,不懂是什么
minReadySeconds: 100 # 最短就绪时间, 容器创建多久以后被视为就绪
revisionHistoryLimit: 3 # 历史修订限制, 保留的rs的数量,这个数量会消耗etcd资源,rs删除了就不能回滚刀那个版本的Deployment了
EOF

cat>${javaApp}-service.yaml<<EOF
apiVersion: v1
kind: Service
metadata:
name: ${javaApp}-service
spec:
type: NodePort
selector:
app: $javaApp
ports:
- port: 80
targetPort: 80
nodePort: 10010
EOF

kubectl apply -f ${javaApp}-deployment.yaml
kubectl apply -f ${javaApp}-service.yaml
cd ..

k8s强制重启pod

1
kubectl replace --force -f xxx.yaml