二进制安装Kubernetes(k8s) v1.24.2 IPv4/IPv6双栈(下)
【摘要】 # 9.安装Calico## 9.1以下步骤只在master01操作### 9.1.1更改calico网段```shell# vim calico.yamlvim calico-ipv6.yaml# calico-config ConfigMap处 "ipam": { "type": "calico-ipam", "assign_ipv4": "true",...
# 9.安装Calico
## 9.1以下步骤只在master01操作
### 9.1.1更改calico网段
```shell
# vim calico.yaml
vim calico-ipv6.yaml
# calico-config ConfigMap处
"ipam": {
"type": "calico-ipam",
"assign_ipv4": "true",
"assign_ipv6": "true"
},
- name: IP
value: "autodetect"
- name: IP6
value: "autodetect"
- name: CALICO_IPV4POOL_CIDR
value: "172.16.0.0/12"
- name: CALICO_IPV6POOL_CIDR
value: "fc00::/48"
- name: FELIX_IPV6SUPPORT
value: "true"
# kubectl apply -f calico.yaml
kubectl apply -f calico-ipv6.yaml
```
### 9.1.2查看容器状态
```shell
[root@k8s-master01 ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-56cdb7c587-bq6rn 1/1 Running 0 10m
kube-system calico-node-2vt27 1/1 Running 0 10m
kube-system calico-node-7bg82 1/1 Running 0 10m
kube-system calico-node-gg9tv 1/1 Running 0 10m
kube-system calico-node-lkdhr 1/1 Running 0 10m
kube-system calico-node-msl6j 1/1 Running 0 10m
kube-system calico-node-qqrx9 1/1 Running 0 10m
kube-system calico-node-tgzxk 1/1 Running 0 10m
kube-system calico-node-z59jx 1/1 Running 0 10m
kube-system calico-typha-6775694657-xzmcs 1/1 Running 0 10m
[root@k8s-master01 ~]#
```
# 10.安装CoreDNS
## 10.1以下步骤只在master01操作
### 10.1.1修改文件
```shell
cd coredns/
cat coredns.yaml | grep clusterIP:
clusterIP: 10.96.0.10
```
### 10.1.2安装
```shell
kubectl create -f coredns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
```
# 11.安装Metrics Server
## 11.1以下步骤只在master01操作
### 11.1.1安装Metrics-server
在新版的Kubernetes中系统资源的采集均使用Metrics-server,可以通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率
```shell
# 安装metrics server
cd metrics-server/
kubectl apply -f metrics-server.yaml
```
### 11.1.2稍等片刻查看状态
```shell
kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master01 154m 1% 1715Mi 21%
k8s-master02 151m 1% 1274Mi 16%
k8s-master03 523m 6% 1345Mi 17%
k8s-node01 84m 1% 671Mi 8%
k8s-node02 73m 0% 727Mi 9%
k8s-node03 96m 1% 769Mi 9%
k8s-node04 68m 0% 673Mi 8%
k8s-node05 82m 1% 679Mi 8%
```
# 12.集群验证
## 12.1部署pod资源
```shell
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.28
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
# 查看
kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 17s
```
## 12.2用pod解析默认命名空间中的kubernetes
```shell
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 17h
kubectl exec busybox -n default -- nslookup kubernetes
3Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
```
## 12.3测试跨命名空间是否可以解析
```shell
kubectl exec busybox -n default -- nslookup kube-dns.kube-system
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kube-dns.kube-system
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
```
## 12.4每个节点都必须要能访问Kubernetes的kubernetes svc 443和kube-dns的service 53
```shell
telnet 10.96.0.1 443
Trying 10.96.0.1...
Connected to 10.96.0.1.
Escape character is '^]'.
telnet 10.96.0.10 53
Trying 10.96.0.10...
Connected to 10.96.0.10.
Escape character is '^]'.
curl 10.96.0.10:53
curl: (52) Empty reply from server
```
## 12.5Pod和Pod之前要能通
```shell
kubectl get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 17m 172.27.14.193 k8s-node02 <none> <none>
kubectl get po -n kube-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-5dffd5886b-4blh6 1/1 Running 0 77m 172.25.244.193 k8s-master01 <none> <none>
calico-node-fvbdq 1/1 Running 1 (75m ago) 77m 10.0.0.61 k8s-master01 <none> <none>
calico-node-g8nqd 1/1 Running 0 77m 10.0.0.64 k8s-node01 <none> <none>
calico-node-mdps8 1/1 Running 0 77m 10.0.0.65 k8s-node02 <none> <none>
calico-node-nf4nt 1/1 Running 0 77m 10.0.0.63 k8s-master03 <none> <none>
calico-node-sq2ml 1/1 Running 0 77m 10.0.0.62 k8s-master02 <none> <none>
calico-typha-8445487f56-mg6p8 1/1 Running 0 77m 10.0.0.65 k8s-node02 <none> <none>
calico-typha-8445487f56-pxbpj 1/1 Running 0 77m 10.0.0.61 k8s-master01 <none> <none>
calico-typha-8445487f56-tnssl 1/1 Running 0 77m 10.0.0.64 k8s-node01 <none> <none>
coredns-5db5696c7-67h79 1/1 Running 0 63m 172.25.92.65 k8s-master02 <none> <none>
metrics-server-6bf7dcd649-5fhrw 1/1 Running 0 61m 172.18.195.1 k8s-master03 <none> <none>
# 进入busybox ping其他节点上的pod
kubectl exec -ti busybox -- sh
/ # ping 10.0.0.64
PING 10.0.0.64 (10.0.0.64): 56 data bytes
64 bytes from 10.0.0.64: seq=0 ttl=63 time=0.358 ms
64 bytes from 10.0.0.64: seq=1 ttl=63 time=0.668 ms
64 bytes from 10.0.0.64: seq=2 ttl=63 time=0.637 ms
64 bytes from 10.0.0.64: seq=3 ttl=63 time=0.624 ms
64 bytes from 10.0.0.64: seq=4 ttl=63 time=0.907 ms
# 可以连通证明这个pod是可以跨命名空间和跨主机通信的
```
## 12.6创建三个副本,可以看到3个副本分布在不同的节点上(用完可以删了)
```shell
cat > deployments.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
EOF
kubectl apply -f deployments.yaml
deployment.apps/nginx-deployment created
kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 6m25s
nginx-deployment-9456bbbf9-4bmvk 1/1 Running 0 8s
nginx-deployment-9456bbbf9-9rcdk 1/1 Running 0 8s
nginx-deployment-9456bbbf9-dqv8s 1/1 Running 0 8s
# 删除nginx
[root@k8s-master01 ~]# kubectl delete -f deployments.yaml
```
# 13.安装dashboard
```shell
wget https://raw.githubusercontent.com/cby-chen/Kubernetes/main/yaml/dashboard.yaml
wget https://raw.githubusercontent.com/cby-chen/Kubernetes/main/yaml/dashboard-user.yaml
kubectl apply -f dashboard.yaml
kubectl apply -f dashboard-user.yaml
```
## 13.1更改dashboard的svc为NodePort,如果已是请忽略
```shell
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
type: NodePort
```
## 13.2查看端口号
```shell
kubectl get svc kubernetes-dashboard -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.108.120.110 <none> 443:30034/TCP 34s
```
## 13.3创建token
```shell
kubectl -n kubernetes-dashboard create token admin-user
eyJhbGciOiJSUzI1NiIsImtpZCI6Inlkd0RKV2lQeUpvNmRxb2hENDlRM3llWU55T2I4dC0wVW5KOU5PZGRSdWsifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjU1NzA2MTQwLCJpYXQiOjE2NTU3MDI1NDAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiZGVhYjdiY2MtNDczZS00N2E0LThlYTUtZmE4Yjc2NGY2NGJjIn19LCJuYmYiOjE2NTU3MDI1NDAsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.YzVrnSq3IuWn3qqY_td7SPqHisT40Gk1neMx7Ok9PsTxd6RASWxv9Y_1-T4wpE3ljaCiXxMBETzvYDgf-y9FOxm6drkQWWLk9UUuvOdjexxkdTXztB5X_0BiUGcMlvD3CA0qFbnzcg1cLpokypkuOnlSB8GBTleNyhQvHQnoXU3fSUCNRR_zHu2bRNgJZwABPMdj2D42EQndD56ZDP4g4IK8iMVJbaM-6DdNjdpfQx2358n8syPDjznu_1W1fUvwxY3eoEyeuIEjDbEeYEwh5uW2k4NOjW8m54W2YgmipDuqpvIB_-cnAo_KzF2q1Qb4WpIAItGkkpgwQFMFagKRTg
```
## 13.3登录dashboard
https://10.0.0.61:30034/
# 14.ingress安装
## 14.1执行部署
```shell
cd ingress/
kubectl apply -f deploy.yaml
kubectl apply -f backend.yaml
# 等创建完成后在执行:
kubectl apply -f ingress-demo-app.yaml
kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-host-bar nginx hello.chenby.cn,demo.chenby.cn 10.0.0.62 80 7s
```
## 14.2过滤查看ingress端口
```shell
[root@hello ~/yaml]# kubectl get svc -A | grep ingress
ingress-nginx ingress-nginx-controller NodePort 10.104.231.36 <none> 80:32636/TCP,443:30579/TCP 104s
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.101.85.88 <none> 443/TCP 105s
[root@hello ~/yaml]#
```
# 15.IPv6测试
```shell
#部署应用
[root@k8s-master01 ~]# vim cby.yaml
[root@k8s-master01 ~]# cat cby.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: chenby
spec:
replicas: 3
selector:
matchLabels:
app: chenby
template:
metadata:
labels:
app: chenby
spec:
containers:
- name: chenby
image: nginx
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: chenby
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
type: NodePort
selector:
app: chenby
ports:
- port: 80
targetPort: 80
[root@k8s-master01 ~]# kubectl apply -f cby.yaml
#查看端口
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
chenby NodePort fd00::a29c <none> 80:30779/TCP 5s
[root@k8s-master01 ~]#
#使用内网访问
[root@localhost yaml]# curl -I http://[fd00::a29c]
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 05 May 2022 10:20:35 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 25 Jan 2022 15:03:52 GMT
Connection: keep-alive
ETag: "61f01158-267"
Accept-Ranges: bytes
[root@localhost yaml]# curl -I http://10.0.0.61:30779
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 05 May 2022 10:20:59 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 25 Jan 2022 15:03:52 GMT
Connection: keep-alive
ETag: "61f01158-267"
Accept-Ranges: bytes
[root@localhost yaml]#
#使用公网访问
[root@localhost yaml]# curl -I http://[2408:8207:78cc:5cc1:181c::10]:30779
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 05 May 2022 10:20:54 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 25 Jan 2022 15:03:52 GMT
Connection: keep-alive
ETag: "61f01158-267"
Accept-Ranges: bytes
```
# 16.安装命令行自动补全功能
```shell
yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
```
> **关于**
>
> https://www.oiox.cn/
>
> https://www.oiox.cn/index.php/start-page.html
>
> **CSDN、GitHub、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客**
>
> **全网可搜《小陈运维》**
>
> **文章主要发布于微信公众号:《Linux运维交流社区》**
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)