Play with Kubernetes 小記
Kubernetes 讀書會將至
所以練習的環境也是一個重點
Kubernetes 目前練習的想法有
- Kubernetes in Docker for Mac
- Azure Kubernetes Service (AKS)
- Play with Kubernetes
今天就來寫 Play with Kubernetes 練習的小記
官方網站
可以使用 Github 或是 Docker ID 登入來使用
Docker 官方也有練習可以搭配
登入的界面跟 Play with Docker 一樣
一登入就有相關訊息
引導如何建立 Kubernetes 的 cluster
You can bootstrap a cluster as follows:
1. Initializes cluster master node:
kubeadm init --apiserver-advertise-address $(hostname -i)
2. Initialize cluster networking:
kubectl apply -n kube-system -f \
"https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 |tr -d '\n')"
3. (Optional) Create an nginx deployment:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/cn/docs/user-guide/nginx-app.yaml
先在裡面的終端機觀察相關資訊
[node1 ~]$ ls -a
. .. .bash_logout .bash_profile .bashrc .cshrc .kube .pki .tcshrc anaconda-ks.cfg
有發現 .kube 目錄, 然後底下有 config
[node1 ~]$ ls -a .kube/
. .. config
實際觀察, 其實這個 config 是個 link
[node1 ~]$ cat .kube/config
cat: .kube/config: No such file or directory
[node1 ~]$ ls -l .kube/
total 0
lrwxrwxrwx 1 root root 26 May 9 02:25 config -> /etc/kubernetes/admin.conf
接下來嘗試開始建立 kubernetes cluster, 先來進行初始化
上面提到的指令是 kubeadm init --apiserver-advertise-address $(hostname -i)
之前搭配 hostname 指令比較少下 -i 的參數, 所以先來看看 使用 -i 參數會跑出啥
會跑出 ip, 又學會一招
[node1 ~]$ hostname -i
192.168.0.13
自己補充學習, hostname -i 要搭配名稱解析才會顯示 IP
-i, --ip-address
Display the network address(es) of the host name. Note that this
works only if the host name can be resolved. Avoid using this
option; use hostname --all-ip-addresses instead.
來進行初始化吧
[node1 ~]$ kubeadm init --apiserver-advertise-address $(hostname -i)
Initializing machine ID from random generator.
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.8.15
[init] Using Authorization modes: [Node RBAC]
[preflight] Skipping pre-flight checks
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [node1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.13]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated sa key and public key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "scheduler.conf"
[controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] This often takes around a minute; or longer if the control plane images have to be pulled.
[apiclient] All control plane components are healthy after 34.506542 seconds
[uploadconfig] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[markmaster] Will mark node node1 as master by adding a label and a taint
[markmaster] Master node1 tainted and labelled with key/value: node-role.kubernetes.io/master=""
[bootstraptoken] Using token: daad56.e5f6d0ea2dc27904
[bootstraptoken] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: kube-dns
[addons] Applied essential addon: kube-proxy
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
http://kubernetes.io/docs/admin/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token daad56.e5f6d0ea2dc27904 192.168.0.13:6443 --discovery-token-ca-cert-hash sha256:b99b6b81f35cd4d1da40c8999ecd7d0bd2b7ce250152bea3c730311c85fdd526
Waiting for api server to startup.............
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
daemonset "kube-proxy" configured
No resources found
初始化之後再來觀察相關資訊
現在 .kube 目錄下就不是空的
[node1 ~]$ ls -l .kube/
total 4
drwxr-xr-x 3 root root 23 Oct 15 13:34 cache
lrwxrwxrwx 1 root root 26 May 9 02:25 config -> /etc/kubernetes/admin.conf
drwxr-xr-x 3 root root 4096 Oct 15 13:34 http-cache
觀察相關資訊, 目前 kubectl get nodes 就可以抓到資訊了
另外觀察 Status 是 NotReady
[node1 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 NotReady master 4m v1.10.2
初始化的時候會給一個 kubeadm join 的 token , 接下來就來試試看吧
新開一個 Instance,
== 在 node2 ==
使用 master 給的那串 token 來加入 cluster
[node2 ~]$ kubeadm join --token daad56.e5f6d0ea2dc27904 192.168.0.13:6443 --discovery-token-ca-cert-hash sha256:b99b6b81f35cd4d1da40c8999ecd7d0bd2b7ce250152bea3c730311c85fdd526
Initializing machine ID from random generator.
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Skipping pre-flight checks
[discovery] Trying to connect to API Server "192.168.0.13:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.0.13:6443"
[discovery] Requesting info from "https://192.168.0.13:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.0.13:6443"
[discovery] Successfully established connection with API Server "192.168.0.13:6443"
[bootstrap] Detected server version: v1.8.15
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
Node join complete:
* Certificate signing request sent to master and response
received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this machine join.
== 在 node1 ( Master ) 上面 ==
觀察相關資訊
Node2 已經被加入了, status 還是 NotReady
[node1 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 NotReady master 7m v1.10.2
node2 NotReady <none> 51s v1.10.2
接下來執行上面提到的步驟 2 kubectl apply -n kube-system -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 |tr -d '\n')"
初始化 cluster 的網路
[node1 ~]$ kubectl apply -n kube-system -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 |tr -d '\n')"
上面的 kubectl 如果去觀察
- https://cloud.weave.works 是連接到雲空間, 主要是放 yaml 的地方
後面帶的處理如下
[node1 ~]$ kubectl version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.11", GitCommit:"1df6a8381669a6c753f79cb31ca2e3d57ee7c8a3", GitTreeState:"clean", BuildDa
te:"2018-04-05T17:24:03Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.15", GitCommit:"c2bd642c70b3629223ea3b7db566a267a1e2d0df", GitTreeState:"clean", BuildDa
te:"2018-07-11T17:52:15Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
[node1 ~]$ kubectl version | base64
Q2xpZW50IFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiI4IiwgR2l0VmVy
c2lvbjoidjEuOC4xMSIsIEdpdENvbW1pdDoiMWRmNmE4MzgxNjY5YTZjNzUzZjc5Y2IzMWNhMmUz
ZDU3ZWU3YzhhMyIsIEdpdFRyZWVTdGF0ZToiY2xlYW4iLCBCdWlsZERhdGU6IjIwMTgtMDQtMDVU
MTc6MjQ6MDNaIiwgR29WZXJzaW9uOiJnbzEuOC4zIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06
ImxpbnV4L2FtZDY0In0KU2VydmVyIFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1p
bm9yOiI4IiwgR2l0VmVyc2lvbjoidjEuOC4xNSIsIEdpdENvbW1pdDoiYzJiZDY0MmM3MGIzNjI5
MjIzZWEzYjdkYjU2NmEyNjdhMWUyZDBkZiIsIEdpdFRyZWVTdGF0ZToiY2xlYW4iLCBCdWlsZERh
dGU6IjIwMTgtMDctMTFUMTc6NTI6MTVaIiwgR29WZXJzaW9uOiJnbzEuOC4zIiwgQ29tcGlsZXI6
ImdjIiwgUGxhdGZvcm06ImxpbnV4L2FtZDY0In0K
[node1 ~]$ kubectl version | base64 | tr -d '\n'Q2xpZW50IFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiI4IiwgR2l0VmVyc2lvbjoidjEuOC4xMSIsIEdpdENvbW1pdDoiMWRmNmE4MzgxNjY5YTZjNzUzZjc5Y2IzMWNhMmUzZDU3
ZWU3YzhhMyIsIEdpdFRyZWVTdGF0ZToiY2xlYW4iLCBCdWlsZERhdGU6IjIwMTgtMDQtMDVUMTc6MjQ6MDNaIiwgR29WZXJzaW9uOiJnbzEuOC4zIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06ImxpbnV4
L2FtZDY0In0KU2VydmVyIFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiI4IiwgR2l0VmVyc2lvbjoidjEuOC4xNSIsIEdpdENvbW1pdDoiYzJiZDY0MmM3MGIzNjI5MjIzZWEzYjdk
YjU2NmEyNjdhMWUyZDBkZiIsIEdpdFRyZWVTdGF0ZToiY2xlYW4iLCBCdWlsZERhdGU6IjIwMTgtMDctMTFUMTc6NTI6MTVaIiwgR29WZXJzaW9uOiJnbzEuOC4zIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZv
再次觀察資訊
[node1 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 Ready master 8m v1.10.2
node2 Ready <none> 2m v1.10.2
這樣一個 kubernetes 的環境就 Ready 了
也算是往讀書會的腳步更往前進一步
~ enjoy it
沒有留言:
張貼留言