本文目录结构
关于minikube
minikube可以模拟本机的Kubernetes集群环境,这集群就包含了Master和Node,当前它支持Windows、Linux和MaxOS等操作系统,官网https://minikube.sigs.k8s.io/docs/。
环境信息
操作系统发行版本
Linux CentOS7.9版本
minikube安装要求
- 至少2CPUs或更多CPUS
- 至少2GB或更多内存
- 至少20GB或更多磁盘空间
- 连接互联网
- 容器或虚拟机环境,如Docker, QEMU, Hyperkit, Hyper-V, KVM, Parallels, Podman, VirtualBox, or VMware Fusion/Workstation
安装与配置Docker
安装minikube前,先要安装Docker。
配置国内镜像源
1
2
3
4
5
6
| cat <<EOF > daemon.json
{
"registry-mirrors": ["https://ud6340vz.mirror.aliyuncs.com"]
}
EOF
mv daemon.json /etc/docker/
|
再次确认。
1
| cat /etc/docker/daemon.json
|
启动容器。
1
| systemctl restart docker
|
安装与使用minikube
安装
安装minikube,更多安装方式见:https://minikube.sigs.k8s.io/docs/start/
1
2
| curl -Lo minikube https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.11.0/minikube-linux-amd64 &&
chmod +x minikube && sudo mv minikube /usr/local/bin/
|
启动minikube。
1
| minikube start --driver=none
|
确认minikube的进程是否存在。
1
2
3
4
5
| ps -ef | grep minikube
root 14401 14382 3 20:02 ? 00:00:12 kube-apiserver --advertise-address=10.0.1.127 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/var/lib/minikube/certs/ca.crt --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --enable-bootstrap-token-auth=true --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --insecure-port=0 --kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt --kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt --proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=8443 --service-account-key-file=/var/lib/minikube/certs/sa.pub --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/var/lib/minikube/certs/apiserver.crt --tls-private-key-file=/var/lib/minikube/certs/apiserver.key
root 14459 14417 1 20:02 ? 00:00:04 etcd --advertise-client-urls=https://10.0.1.127:2379 --cert-file=/var/lib/minikube/certs/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/minikube/etcd --initial-advertise-peer-urls=https://10.0.1.127:2380 --initial-cluster=vm-1-127-centos=https://10.0.1.127:2380 --key-file=/var/lib/minikube/certs/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://10.0.1.127:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://10.0.1.127:2380 --name=vm-1-127-centos --peer-cert-file=/var/lib/minikube/certs/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/var/lib/minikube/certs/etcd/peer.key --peer-trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt
root 14489 14446 1 20:02 ? 00:00:04 kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/var/lib/minikube/certs/ca.crt --cluster-name=mk --cluster-signing-cert-file=/var/lib/minikube/certs/ca.crt --cluster-signing-key-file=/var/lib/minikube/certs/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=true --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --root-ca-file=/var/lib/minikube/certs/ca.crt --service-account-private-key-file=/var/lib/minikube/certs/sa.key --use-service-account-credentials=true
root 14653 1 1 20:02 ? 00:00:05 /var/lib/minikube/binaries/v1.18.3/kubelet --authorization-mode=Webhook --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --cgroup-driver=systemd --client-ca-file=/var/lib/minikube/certs/ca.crt --cluster-domain=cluster.local --config=/var/lib/kubelet/config.yaml --container-runtime=docker --fail-swap-on=false --hostname-override=VM-1-127-centos --kubeconfig=/etc/kubernetes/kubelet.conf --node-ip=10.0.1.127 --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 --pod-manifest-path=/etc/kubernetes/manifests
|
目前已经成功在本机部署了Kubernetes集群环境。
与集群交互
我们可以通过安装的kubectl来访问minikube集群也可以通过minikube kubectl来访问,更简单方式如下
1
| alias kubectl="minikube kubectl --"
|
它的作用是将kubectl命令以别名方式绑定“minikube kubectl”。
案例,部署hello-minikube案例。
1
2
| kubectl create deployment hello-minikube --image=kicbase/echo-server:1.0
kubectl expose deployment hello-minikube --type=NodePort --port=8080
|
找到hello-minikube的services,并从浏览器访问它,访问地址http://本机IP+31172端口。
1
2
3
4
5
6
7
| kubectl get services hello-minikube
minikube service hello-minikube
|-----------|----------------|-------------|---------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|-----------|----------------|-------------|---------------------------|
| default | hello-minikube | 8080 | http://192.168.3.13:31172 |
|-----------|----------------|-------------|---------------------------|
|
(注:我环境使用了腾讯云,这里需要开通实例的安全组)
常用命令
列出所有k8s服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| minikube addons list
|-----------------------------|----------|--------------|
| ADDON NAME | PROFILE | STATUS |
|-----------------------------|----------|--------------|
| ambassador | minikube | disabled |
| dashboard | minikube | disabled |
| default-storageclass | minikube | enabled ✅ |
| efk | minikube | disabled |
| freshpod | minikube | disabled |
| gvisor | minikube | disabled |
| helm-tiller | minikube | disabled |
| ingress | minikube | disabled |
| ingress-dns | minikube | disabled |
| istio | minikube | disabled |
| istio-provisioner | minikube | disabled |
| logviewer | minikube | disabled |
| metallb | minikube | disabled |
| metrics-server | minikube | disabled |
| nvidia-driver-installer | minikube | disabled |
| nvidia-gpu-device-plugin | minikube | disabled |
| olm | minikube | disabled |
| registry | minikube | disabled |
| registry-aliases | minikube | disabled |
| registry-creds | minikube | disabled |
| storage-provisioner | minikube | enabled ✅ |
| storage-provisioner-gluster | minikube | disabled |
|-----------------------------|----------|--------------|
|
删除所有minikube集群。
安装kubernetes
安装kubernetes及相关软件包,首先添加国内源。
1
2
3
4
5
6
7
8
9
10
| cat <<EOF > kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
mv kubernetes.repo /etc/yum.repos.d/
|
安装kubernetes及相关软件包。
1
2
| yum install -y kubelet-1.22.4 kubectl-1.22.4 kubeadm-1.22.4 kubernetes
|
安装包说明:
- kubelet:Kubelet 是 kubernetes 工作节点上的一个代理组件,运行在每个节点上;
- kubectl:kubectl的子命令非常丰富,涵盖了对Kubernetes集群的主要操作,包括资源对象的创建、删除、查看、修改、配置、运行等;
- kubeadm:kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具;
- kubernetes:主安装包。
除kubernetes外,其他包minikuber也会帮忙安装,但版本过低后续使用过程中会有问题,建议升级到以上安装包。