网站业务费如何做记账凭证,2024中国进入一级战备了吗,wordpress 不显示评论,分销网站手机模板本文内容以语雀为准
文档
等等#xff0c;Docker 被 Kubernetes 弃用了?容器运行时端口和协议kubeadm initkubeadm config安装网络策略驱动使用 kubeadm 创建集群 控制平面节点隔离 持久卷为容器设置环境变量在CentOS上安装Docker引擎Pod 网络无法访问排查处理
说明
本文…本文内容以语雀为准
文档
等等Docker 被 Kubernetes 弃用了?容器运行时端口和协议kubeadm initkubeadm config安装网络策略驱动使用 kubeadm 创建集群 控制平面节点隔离 持久卷为容器设置环境变量在CentOS上安装Docker引擎Pod 网络无法访问排查处理
说明
本文以 CentOS 7.9、k8s 1.25.3文章首次发布于2022-10-30是当时的最新版为例本文固定了 k8s 的版本防止不同版本存在差异当你了解了某一版本的安装与使用自己就可以尝试其他版本的安装了2022-11-18经过测试当前时间的最新版1.25.4同样适用于本文章由于 k8s 1.24 及之后的版本使用的是 containerd之前的版本是 docker故此文都安装并配置了可以修改 k8s 的版本号进行学习、测试。 | | 控制面板 | node 节点 | | — | — | — | | 主机名 | k8s | node-1 | | IP | 192.168.80.60 | 192.168.80.16 |
安装
安装所需工具
sudo yum -y install vim
sudo yum -y install wget将主机名指向本机IP主机名只能包含字母、数字、-横杠、.点 获取主机名
hostname临时设置主机名
hostname 主机名永久设置主机名
sudo echo 主机名 /etc/hostname编辑 hosts
sudo vim /etc/hosts控制面板设置IP
192.168.80.60 k8snode 节点设置IP
192.168.80.16 node-1安装并配置 ntpdate同步时间
sudo yum -y install ntpdate
sudo ntpdate ntp1.aliyun.com
sudo systemctl status ntpdate
sudo systemctl start ntpdate
sudo systemctl status ntpdate
sudo systemctl enable ntpdate安装并配置 bash-completion添加命令自动补充
sudo yum -y install bash-completion
source /etc/profile关闭防火墙、或者开通指定端口
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service# 控制面板
firewall-cmd --zonepublic --add-port6443/tcp --permanent # Kubernetes API server 所有
firewall-cmd --zonepublic --add-port2379/tcp --permanent # etcd server client API kube-apiserver, etcd
firewall-cmd --zonepublic --add-port2380/tcp --permanent # etcd server client API kube-apiserver, etcd
firewall-cmd --zonepublic --add-port10250/tcp --permanent # Kubelet API 自身, 控制面
firewall-cmd --zonepublic --add-port10259/tcp --permanent # kube-scheduler 自身
firewall-cmd --zonepublic --add-port10257/tcp --permanent # kube-controller-manager 自身
firewall-cmd --zonetrusted --add-source192.168.80.60 --permanent # 信任集群中各个节点的IP
firewall-cmd --zonetrusted --add-source192.168.80.16 --permanent # 信任集群中各个节点的IP
firewall-cmd --add-masquerade --permanent # 端口转发
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --list-all --zonetrusted# 工作节点
firewall-cmd --zonepublic --add-port10250/tcp --permanent # Kubelet API 自身, 控制面
firewall-cmd --zonepublic --add-port30000-32767/tcp --permanent # NodePort Services† 所有
firewall-cmd --zonetrusted --add-source192.168.80.60 --permanent # 信任集群中各个节点的IP
firewall-cmd --zonetrusted --add-source192.168.80.16 --permanent # 信任集群中各个节点的IP
firewall-cmd --add-masquerade --permanent # 端口转发
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --list-all --zonetrusted关闭交换空间
sudo swapoff -a
sudo sed -i s/.*swap.*/#/ /etc/fstab关闭 selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i s/^SELINUXenforcing$/SELINUXpermissive/ /etc/selinux/config
cat /etc/selinux/config安装 Containerd、Docker Docker 不是必须的k8s 1.24.0 开始使用 Containerd 替代 Docker但还是推荐安装 Docker原因在k8s中构建Docker镜像时使用需要在GitLab Runner 中配置如下详情参见https://www.yuque.com/xuxiaowei-com-cn/gitlab-k8s/gitlab-runner-k8s
[[runners]]...[runners.kubernetes]...[runners.kubernetes.volumes][[runners.kubernetes.volumes.host_path]]name dockermount_path /var/run/docker.sockhost_path /var/run/docker.sock/etc/containerd/config.toml 中的 SystemdCgroup true 的优先级高于 /etc/docker/daemon.json 中的 cgroupdriver
# https://docs.docker.com/engine/install/centos/
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum --showduplicates list docker-ce
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo yum install -y containerd# 启动 docker 时会启动 containerd
# sudo systemctl status containerd.service
sudo systemctl stop containerd.servicesudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
# 修改 /etc/containerd/config.toml 文件后要将 docker、containerd 停止后再启动
sudo sed -i s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g /etc/containerd/config.toml
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
# 确保 /etc/containerd/config.toml 中的 disabled_plugins 内不存在 cri
sudo sed -i s#SystemdCgroup false#SystemdCgroup true#g /etc/containerd/config.tomlsudo systemctl enable --now containerd.service
# sudo systemctl status containerd.service# sudo systemctl status docker.service
sudo systemctl start docker.service
# sudo systemctl status docker.service
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep dockersudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json -EOF
{registry-mirrors: [https://hnkfbj7x.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd]
}
EOFsudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker infosudo systemctl status docker.servicesudo systemctl status containerd.service添加阿里云 k8s 镜像仓库
cat EOF /etc/yum.repos.d/kubernetes.repo
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled1
# 是否检查 gpg 签名文件
gpgcheck0
# 是否检查 gpg 签名文件
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF安装 k8s 1.25.3 所需依赖
# 设置所需的 sysctl 参数参数在重新启动后保持不变
cat EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables 1
net.bridge.bridge-nf-call-ip6tables 1
net.ipv4.ip_forward 1
EOF# 应用 sysctl 参数而不重新启动
sudo sysctl --system# yum --showduplicates list kubelet --nogpgcheck
# yum --showduplicates list kubeadm --nogpgcheck
# yum --showduplicates list kubectl --nogpgcheck# 2023-02-07经过测试版本号1.24.0同样适用于本文章
# sudo yum install -y kubelet-1.24.0-0 kubeadm-1.24.0-0 kubectl-1.24.0-0 --disableexcludeskubernetes --nogpgcheck# 如果你看到有人说 node 节点不需要安装 kubectl其实这种说法是错的kubectl 会被当做依赖安装如果安装过程没有指定 kubectl 的版本则会安装最新版的 kubectl可能会导致程序运行异常
sudo yum install -y kubelet-1.25.3-0 kubeadm-1.25.3-0 kubectl-1.25.3-0 --disableexcludeskubernetes --nogpgcheck# 2022-11-18经过测试版本号1.25.4同样适用于本文章
# sudo yum install -y kubelet-1.25.4-0 kubeadm-1.25.4-0 kubectl-1.25.4-0 --disableexcludeskubernetes --nogpgcheck# 2023-02-07经过测试版本号1.25.5同样适用于本文章
# sudo yum install -y kubelet-1.25.5-0 kubeadm-1.25.5-0 kubectl-1.25.5-0 --disableexcludeskubernetes --nogpgcheck# 2023-02-07经过测试版本号1.25.6同样适用于本文章
# sudo yum install -y kubelet-1.25.6-0 kubeadm-1.25.6-0 kubectl-1.25.6-0 --disableexcludeskubernetes --nogpgcheck# 2023-02-07经过测试版本号1.26.0同样适用于本文章
# sudo yum install -y kubelet-1.26.0-0 kubeadm-1.26.0-0 kubectl-1.26.0-0 --disableexcludeskubernetes --nogpgcheck# 2023-02-07经过测试版本号1.26.1同样适用于本文章
# sudo yum install -y kubelet-1.26.1-0 kubeadm-1.26.1-0 kubectl-1.26.1-0 --disableexcludeskubernetes --nogpgcheck# 安装最新版生产时不建议
# sudo yum install -y kubelet kubeadm kubectl --disableexcludeskubernetes --nogpgchecksystemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet查看kubelet日志
# k8s 未初始化时kubelet 可能无法启动
journalctl -xefu kubelet查看kubelet状态
# k8s 未初始化时kubelet 可能无法启动
sudo systemctl status kubelet已上命令需要在控制面板与node节点执行并确保没有错误与警告
已上命令需要在控制面板与node节点执行并确保没有错误与警告 已上命令需要在控制面板与node节点执行并确保没有错误与警告
控制面板初始化
kubeadm init --image-repositoryregistry.aliyuncs.com/google_containers
# 指定集群的IP
# kubeadm init --image-repositoryregistry.aliyuncs.com/google_containers --apiserver-advertise-address192.168.80.60mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/configkubectl cluster-info# 初始化失败后可进行重置重置命令kubeadm reset# 执行成功后会出现类似下列内容
# kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
# --discovery-token-ca-cert-hash sha256:4e23156e2f71c5df52dfd2b9b198cce5db27c47707564684ea74986836900107 #
# kubeadm token create --print-join-commandnode 节点加入集群
# 运行的内容来自上方执行结果
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:4e23156e2f71c5df52dfd2b9b198cce5db27c47707564684ea74986836900107 #
# kubeadm token create --print-join-command# kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
# --discovery-token-unsafe-skip-ca-verification控制面板
kubectl get pods --all-namespaces -o wide可以查看到 coredns-* 的状态是 Pendingnodes 为 NotReady原因是网络还未配置[rootk8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-c676cc86f-4lncg 0/1 Pending 0 3m19s none none none none
kube-system coredns-c676cc86f-7n9wv 0/1 Pending 0 3m19s none none none none
kube-system etcd-k8s 1/1 Running 0 3m26s 192.168.80.60 k8s none none
kube-system kube-apiserver-k8s 1/1 Running 0 3m23s 192.168.80.60 k8s none none
kube-system kube-controller-manager-k8s 1/1 Running 0 3m23s 192.168.80.60 k8s none none
kube-system kube-proxy-87lx5 1/1 Running 0 81s 192.168.0.18 centos-7-9-16 none none
kube-system kube-proxy-rctn6 1/1 Running 0 3m19s 192.168.80.60 k8s none none
kube-system kube-scheduler-k8s 1/1 Running 0 3m23s 192.168.80.60 k8s none none
[rootk8s ~]#kubectl get nodes -o wide[rootk8s ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
centos-7-9-16 NotReady none 7m58s v1.25.3 192.168.0.18 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
k8s NotReady control-plane 10m v1.25.3 192.168.80.60 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
[rootk8s ~]#控制面板配置网络选择 Calico 配置 | Kubernetes 版本 | Calico 版本 | Calico 文档 | | | — | — | — | — | | 1.18、1.19、1.20 | 3.18 | https://projectcalico.docs.tigera.io/archive/v3.18/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.18/manifests/calico.yaml | | 1.19、1.20、1.21 | 3.19 | https://projectcalico.docs.tigera.io/archive/v3.19/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.19/manifests/calico.yaml | | 1.19、1.20、1.21 | 3.20 | https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.20/manifests/calico.yaml | | 1.20、1.21、1.22 | 3.21 | https://projectcalico.docs.tigera.io/archive/v3.21/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.21/manifests/calico.yaml | | 1.21、1.22、1.23 | 3.22 | https://projectcalico.docs.tigera.io/archive/v3.22/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.22/manifests/calico.yaml | | 1.21、1.22、1.23 | 3.23 | https://projectcalico.docs.tigera.io/archive/v3.23/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.23/manifests/calico.yaml | | 1.22、1.23、1.24 | 3.24 | https://projectcalico.docs.tigera.io/archive/v3.24/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.24/manifests/calico.yaml | | 1.22、1.23、1.24 | 3.25 | https://projectcalico.docs.tigera.io/archive/v3.25/getting-started/kubernetes/requirements | https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml |
# 下载
wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml# 修改 calico.yaml 文件
vim calico.yaml# 在 - name: CLUSTER_TYPE 下方添加如下内容
- name: CLUSTER_TYPEvalue: k8s,bgp# 下方为新增内容
- name: IP_AUTODETECTION_METHODvalue: interface网卡名称# 配置网络
kubectl apply -f calico.yaml控制面板查看 pods、nodes
kubectl get nodes -o wide[rootk8s ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
centos-7-9-16 NotReady none 7m58s v1.25.3 192.168.0.18 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
k8s NotReady control-plane 10m v1.25.3 192.168.80.60 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
[rootk8s ~]# kubectl get pods --all-namespaces -o wide[rootk8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-f79f7749d-rkqgw 0/1 Pending 0 11s none none none none
kube-system calico-node-7698p 0/1 Init:0/3 0 11s 192.168.80.60 k8s none none
kube-system calico-node-tvhnb 0/1 Init:0/3 0 11s 192.168.0.18 centos-7-9-16 none none
kube-system coredns-c676cc86f-4lncg 0/1 Pending 0 8m14s none none none none
kube-system coredns-c676cc86f-7n9wv 0/1 Pending 0 8m14s none none none none
kube-system etcd-k8s 1/1 Running 0 8m21s 192.168.80.60 k8s none none
kube-system kube-apiserver-k8s 1/1 Running 0 8m18s 192.168.80.60 k8s none none
kube-system kube-controller-manager-k8s 1/1 Running 0 8m18s 192.168.80.60 k8s none none
kube-system kube-proxy-87lx5 1/1 Running 0 6m16s 192.168.0.18 centos-7-9-16 none none
kube-system kube-proxy-rctn6 1/1 Running 0 8m14s 192.168.80.60 k8s none none
kube-system kube-scheduler-k8s 1/1 Running 0 8m18s 192.168.80.60 k8s none none
[rootk8s ~]# 控制面板等待几分钟后再次查看 pods、nodes
kubectl get nodes -o wide[rootk8s ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
centos-7-9-16 Ready none 23m v1.25.3 192.168.80.16 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
k8s Ready control-plane 25m v1.25.3 192.168.80.60 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.9
[rootk8s ~]# kubectl get pods --all-namespaces -o wide[rootk8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-f79f7749d-rkqgw 1/1 Running 2 (52s ago) 17m 172.16.77.9 k8s none none
kube-system calico-node-7698p 0/1 Running 2 (52s ago) 17m 192.168.80.60 k8s none none
kube-system calico-node-tvhnb 0/1 Running 0 17m 192.168.80.16 centos-7-9-16 none none
kube-system coredns-c676cc86f-4lncg 1/1 Running 2 (52s ago) 25m 172.16.77.8 k8s none none
kube-system coredns-c676cc86f-7n9wv 1/1 Running 2 (52s ago) 25m 172.16.77.7 k8s none none
kube-system etcd-k8s 1/1 Running 2 (52s ago) 25m 192.168.80.60 k8s none none
kube-system kube-apiserver-k8s 1/1 Running 2 (52s ago) 25m 192.168.80.60 k8s none none
kube-system kube-controller-manager-k8s 1/1 Running 2 (52s ago) 25m 192.168.80.60 k8s none none
kube-system kube-proxy-87lx5 1/1 Running 1 (invalid ago) 23m 192.168.80.16 centos-7-9-16 none none
kube-system kube-proxy-rctn6 1/1 Running 2 (52s ago) 25m 192.168.80.60 k8s none none
kube-system kube-scheduler-k8s 1/1 Running 2 (52s ago) 25m 192.168.80.60 k8s none none
[rootk8s ~]# 至此k8s安装与配置已完成下面内容是测试。控制面板创建 nginx 服务
vim nginx.yamlapiVersion: apps/v1
kind: Deployment
metadata:name: nginx-deploymentlabels:app: nginx
spec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: nginx:1.23.2ports:- containerPort: 80kubectl apply -f nginx.yaml# 编辑
# kubectl edit deployment nginx-deploymentkubectl get pods --all-namespaces -o wide[rootk8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default nginx-deployment-86956f97b8-nfv2l 0/1 ContainerCreating 0 15s none centos-7-9-16 none none
default nginx-deployment-86956f97b8-x26kx 0/1 ContainerCreating 0 15s none centos-7-9-16 none none
kube-system calico-kube-controllers-f79f7749d-rkqgw 1/1 Running 2 (6m22s ago) 23m 172.16.77.9 k8s none none
kube-system calico-node-7698p 0/1 Running 2 (6m22s ago) 23m 192.168.80.60 k8s none none
kube-system calico-node-tvhnb 0/1 Running 0 23m 192.168.80.16 centos-7-9-16 none none
kube-system coredns-c676cc86f-4lncg 1/1 Running 2 (6m22s ago) 31m 172.16.77.8 k8s none none
kube-system coredns-c676cc86f-7n9wv 1/1 Running 2 (6m22s ago) 31m 172.16.77.7 k8s none none
kube-system etcd-k8s 1/1 Running 2 (6m22s ago) 31m 192.168.80.60 k8s none none
kube-system kube-apiserver-k8s 1/1 Running 2 (6m22s ago) 31m 192.168.80.60 k8s none none
kube-system kube-controller-manager-k8s 1/1 Running 2 (6m22s ago) 31m 192.168.80.60 k8s none none
kube-system kube-proxy-87lx5 1/1 Running 1 (invalid ago) 29m 192.168.80.16 centos-7-9-16 none none
kube-system kube-proxy-rctn6 1/1 Running 2 (6m22s ago) 31m 192.168.80.60 k8s none none
kube-system kube-scheduler-k8s 1/1 Running 2 (6m22s ago) 31m 192.168.80.60 k8s none none
[rootk8s ~]#kubectl get pods -o wide[rootk8s ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-86956f97b8-nfv2l 0/1 ContainerCreating 0 35s none centos-7-9-16 none none
nginx-deployment-86956f97b8-x26kx 0/1 ContainerCreating 0 35s none centos-7-9-16 none none
[rootk8s ~]# 控制面板**几分钟后再查看**kubectl get pods --all-namespaces -o wide[rootk8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default nginx-deployment-86956f97b8-nfv2l 1/1 Running 0 3m30s 172.16.132.193 centos-7-9-16 none none
default nginx-deployment-86956f97b8-x26kx 1/1 Running 0 3m30s 172.16.132.194 centos-7-9-16 none none
kube-system calico-kube-controllers-f79f7749d-rkqgw 1/1 Running 2 (9m37s ago) 26m 172.16.77.9 k8s none none
kube-system calico-node-7698p 0/1 Running 2 (9m37s ago) 26m 192.168.80.60 k8s none none
kube-system calico-node-tvhnb 0/1 Running 0 26m 192.168.80.16 centos-7-9-16 none none
kube-system coredns-c676cc86f-4lncg 1/1 Running 2 (9m37s ago) 34m 172.16.77.8 k8s none none
kube-system coredns-c676cc86f-7n9wv 1/1 Running 2 (9m37s ago) 34m 172.16.77.7 k8s none none
kube-system etcd-k8s 1/1 Running 2 (9m37s ago) 34m 192.168.80.60 k8s none none
kube-system kube-apiserver-k8s 1/1 Running 2 (9m37s ago) 34m 192.168.80.60 k8s none none
kube-system kube-controller-manager-k8s 1/1 Running 2 (9m37s ago) 34m 192.168.80.60 k8s none none
kube-system kube-proxy-87lx5 1/1 Running 1 (invalid ago) 32m 192.168.80.16 centos-7-9-16 none none
kube-system kube-proxy-rctn6 1/1 Running 2 (9m37s ago) 34m 192.168.80.60 k8s none none
kube-system kube-scheduler-k8s 1/1 Running 2 (9m37s ago) 34m 192.168.80.60 k8s none none
[rootk8s ~]# kubectl get pods -o wide[rootk8s ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-86956f97b8-nfv2l 1/1 Running 0 4m31s 172.16.132.193 centos-7-9-16 none none
nginx-deployment-86956f97b8-x26kx 1/1 Running 0 4m31s 172.16.132.194 centos-7-9-16 none none
[rootk8s ~]# # 控制面板查看pod,svc
kubectl get pod,svc -o wide[rootk8s ~]# kubectl get pod,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-deployment-86956f97b8-nfv2l 1/1 Running 0 4m59s 172.16.132.193 centos-7-9-16 none none
pod/nginx-deployment-86956f97b8-x26kx 1/1 Running 0 4m59s 172.16.132.194 centos-7-9-16 none noneNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 none 443/TCP 36m none
[rootk8s ~]# # 控制面板设置服务
kubectl expose deployment nginx-deployment --typeNodePort --namenginx-service# 控制面板查看pod,svc
kubectl get pod,svc -o wide[rootk8s ~]# kubectl get pod,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-deployment-86956f97b8-nfv2l 1/1 Running 0 7m58s 172.16.132.193 centos-7-9-16 none none
pod/nginx-deployment-86956f97b8-x26kx 1/1 Running 0 7m58s 172.16.132.194 centos-7-9-16 none noneNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 none 443/TCP 39m none
service/nginx-service NodePort 10.109.120.77 none 80:30593/TCP 55s appnginx
[rootk8s ~]# # 重启控制面板、node节点
# 控制面板查看pod,svc
kubectl get pod,svc -o wide[rootk8s ~]# kubectl get pod,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-deployment-86956f97b8-nfv2l 1/1 Running 1 (invalid ago) 11m 172.16.132.196 centos-7-9-16 none none
pod/nginx-deployment-86956f97b8-x26kx 1/1 Running 1 (invalid ago) 11m 172.16.132.195 centos-7-9-16 none noneNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 none 443/TCP 42m none
service/nginx-service NodePort 10.109.120.77 none 80:30593/TCP 4m8s appnginx
[rootk8s ~]# 可以看到重启前后 pod/nginx-deployment- IP 发生了变化service/nginx-service 的 IP 与 端口没有发生变化可在后面使用 service/nginx-service 的 端口*
Token 相关命令
控制平面节点上运行以下命令来获取令牌
kubeadm token list默认情况下令牌会在 24 小时后过期可以通过在控制平面节点上运行以下命令来创建新令牌
kubeadm token create相关命令
查看更多信息 -o wide查看所有命名空间
--all-namespaces查看指定命名空间
-n 命名空间查看所有 pod
kubectl get pods --all-namespaces -o wide查看 pod 描述
kubectl -n 命名空间 describe pod 名称删除 pod
kubectl -n 命名空间 delete pod 名称进入 pod
kubectl exec -it pod名称 bash查看 Service Account
kubectl get sa --all-namespaceskubectl -n 命名空间 get sa查看 pv
kubectl get pv查看 pvc
kubectl get pvc查看角色绑定
kubectl get rolebinding --all-namespaces -o wide错误说明
提示/proc/sys/net/bridge/bridge-nf-call-iptables
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors...
To see the stack trace of this error execute with --v5 or higher# 执行命令
# 如果报错 sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory可以先执行 modprobe br_netfilter
sysctl -w net.bridge.bridge-nf-call-iptables1提示/proc/sys/net/ipv4/ip_forward
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors...
To see the stack trace of this error execute with --v5 or higher# 执行命令
sysctl -w net.ipv4.ip_forward1控制面板master作为node使用去污 注意此处的命令可能和你在网上看到去污命令不同原因是k8s的版本不同
# https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#control-plane-node-isolation
kubectl taint nodes --all node-role.kubernetes.io/control-plane-# 1.24.0 版本需要使用下列命令去污
# kubectl taint nodes --all node-role.kubernetes.io/master-**可使用下列命令查看当前软件的去污的命令参数**kubectl get no -o yaml | grep taint -A 10
