网站制作方案报价,网站建设甲方原因造成停工,网站集约化平台建设,开网站卖东西需要什么条件文章目录 1 基础知识1.1 K8s 有用么#xff1f;1.2 K8s 是什么#xff1f;1.3 k8s 部署方式1.4 k8s 环境解析 2 环境部署2.1 基础环境配置2.2 容器环境操作2.3 cri环境操作2.4 harbor仓库操作2.5 k8s集群初始化2.6 k8s环境收尾操作 3 应用部署3.1 应用管理解读3.2 应用部署实… 文章目录 1 基础知识1.1 K8s 有用么1.2 K8s 是什么1.3 k8s 部署方式1.4 k8s 环境解析 2 环境部署2.1 基础环境配置2.2 容器环境操作2.3 cri环境操作2.4 harbor仓库操作2.5 k8s集群初始化2.6 k8s环境收尾操作 3 应用部署3.1 应用管理解读3.2 应用部署实践3.3 应用管理实践 4 应用访问4.1 service对象定位4.2 Service 实践4.3 外部Service 5 应用数据5.1 应用数据解析5.2 应用数据实践 6 应用配置6.1 应用配置解析6.2 配置文件实践6.3 敏感文件实践 7 服务访问7.1 Ingress简介7.2 Ingress部署7.3 Ingress实践 8 helm管理8.1 helm简介8.2 helm部署8.3 helm实践 1 基础知识
1.1 K8s 有用么
K8s有没有用 K8s要不要学 参考资料:
https://www.infoq.com/articles/devops-and-cloud-trends-2022/?itm_sourcearticles_about_InfoQ-trends-reportitm_mediumlinkitm_campaignInfoQ-trends-report1.2 K8s 是什么 1.3 k8s 部署方式
目前Kubernetes的两类部署样式 1.4 k8s 环境解析
网络环境解析 部署结构解析 2 环境部署
2.1 基础环境配置
主机名规划
序号主机ip主机名规划110.0.0.12kubernetes-master.sswang.com kubernetes-master210.0.0.15kubernetes-node1.sswang.com kubernetes-node1310.0.0.16kubernetes-node2.sswang.com kubernetes-node2410.0.0.17kubernetes-node3.sswang.com kubernetes-node3510.0.0.20kubernetes-register.sswang.com kubernetes-register
跨主机免密码认证
生成秘钥对
ssh-keygen -t rsa 跨主机免密码认证
ssh-copy-id root远程主机ip地址Swap环境配置(所有主机操作)
临时禁用
swapoff -a永久禁用
sed -i s/.*swap.*/#/ /etc/fstab 内核参数调整
cat /etc/sysctl.d/k8s.conf EOF
vm.swappiness0
EOF
sysctl -p /etc/sysctl.d/k8s.conf网络参数调整(所有主机操作)
配置iptables参数使得流经网桥的流量也经过iptables/netfilter防火墙
cat /etc/sysctl.d/k8s.conf EOF
net.bridge.bridge-nf-call-ip6tables 1
net.bridge.bridge-nf-call-iptables 1
net.ipv4.ip_forward 1
EOF配置生效
modprobe br_netfilter
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.conf2.2 容器环境操作
注意所有主机操作
部署docker软件源
定制软件源
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo安装最新版docker
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce
systemctl enable docker
systemctl start dockerdocker加速器配置
配置加速器文件
]# cat /etc/docker/daemon.json -EOF
{registry-mirrors: [http://74f21445.m.daocloud.io,https://registry.docker-cn.com,http://hub-mirror.c.163.com,https://docker.mirrors.ustc.edu.cn], insecure-registries: [kubernetes-register.sswang.com], exec-opts: [native.cgroupdriversystemd]
}
EOF重启docker服务
systemctl restart docker2.3 cri环境操作
注意所有主机操作
获取软件
下载软件
mkdir /data/softs cd /data/softs
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2.amd64.tgz解压软件
tar xf cri-dockerd-0.3.2.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/检查效果
cri-dockerd --version定制配置
定制配置文件
cat /etc/systemd/system/cri-dockerd.service-EOF
[Unit]
DescriptionCRI Interface for Docker Application Container Engine
Documentationhttps://docs.mirantis.com
Afternetwork-online.target firewalld.service docker.service
Wantsnetwork-online.target
[Service]
Typenotify
ExecStart/usr/local/bin/cri-dockerd --pod-infra-container-imageregistry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9--network-plugincni --cni-conf-dir/etc/cni/net.d --cni-bin-dir/opt/cni/bin --container-runtime-endpointunix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory/var/lib/dockershim --docker-endpointunix:///var/run/docker.sock --cri-dockerd-root-directory/var/lib/docker
ExecReload/bin/kill -s HUP $MAINPID
TimeoutSec0
RestartSec2
Restartalways
StartLimitBurst3
StartLimitInterval60s
LimitNOFILEinfinity
LimitNPROCinfinity
LimitCOREinfinity
TasksMaxinfinity
Delegateyes
KillModeprocess
[Install]
WantedBymulti-user.target
EOF定制配置
cat /etc/systemd/system/cri-dockerd.socket -EOF
[Unit]
DescriptionCRI Docker Socket for the API
PartOfcri-docker.service[Socket]
ListenStream/var/run/cri-dockerd.sock
SocketMode0660
SocketUserroot
SocketGroupdocker[Install]
WantedBysockets.target
EOF设置服务开机自启动
systemctl daemon-reload
systemctl enable cri-dockerd.service
systemctl restart cri-dockerd.service2.4 harbor仓库操作
准备工作
安装docker环境
参考 上一节docker环境部署安装docker-compose
yum install -y docker-compose获取软件
下载软件
mkdir /data/{softs,server} -p cd /data/softs
wget https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz解压软件
tar -zxvf harbor-offline-installer-v2.5.0.tgz -C /data/server/
cd /data/server/harbor/加载镜像
docker load harbor.v2.5.0.tar.gz
docker images备份配置
cp harbor.yml.tmpl harbor.yml修改配置
修改配置
[rootkubernetes-register /data/server/harbor]# vim harbor.yml.tmpl# 修改主机名hostname: kubernetes-register.sswang.comhttp:port: 80#https: 注释ssl相关的部分# port: 443# certificate: /your/certificate/path# private_key: /your/private/key/path# 修改harbor的登录密码harbor_admin_password: 123456# 设定harbor的数据存储目录data_volume: /data/server/harbor/data配置harbor
./prepare启动harbor
./install.sh检查效果
docker-compose ps定制服务启动文件
定制服务启动文件 /etc/systemd/system/harbor.service
[Unit]
DescriptionHarbor
Afterdocker.service systemd-networkd.service systemd-resolved.service
Requiresdocker.service
Documentationhttp://github.com/vmware/harbor[Service]
Typesimple
Restarton-failure
RestartSec5
#需要注意harbor的安装位置
ExecStart/usr/bin/docker-compose --file /data/server/harbor/docker-compose.yml up
ExecStop/usr/bin/docker-compose --file /data/server/harbor/docker-compose.yml down[Install]
WantedBymulti-user.target加载服务配置文件
systemctl daemon-reload
启动服务
systemctl start harbor
检查状态
systemctl status harbor
设置开机自启动
systemctl enable harborharbor仓库定制
浏览器访问域名用户名: admin, 密码123456
创建sswang用户专用的项目仓库名称为 sswang权限为公开的harbor仓库测试
登录仓库
# docker login kubernetes-register.sswang.com -u sswang
Password: # 输入登录密码 A12345678a下载镜像
docker pull busybox定制镜像标签
docker tag busybox kubernetes-register.sswang.com/sswang/busybox:v0.1推送镜像
docker push kubernetes-register.sswang.com/sswang/busybox:v0.12.5 k8s集群初始化
软件部署
定制阿里云的关于kubernetes的软件源
]# cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF更新软件源
yum makecache fastmaster环境软件部署
yum install kubeadm kubectl kubelet -ynode环境软件部署
yum install kubeadm kubectl kubelet -y确认基本配置
检查镜像文件列表
kubeadm config images list获取镜像文件
images$(kubeadm config images list --kubernetes-version1.27.3 | awk -F / {print $NF})
for i in ${images}
dodocker pull registry.aliyuncs.com/google_containers/$idocker tag registry.aliyuncs.com/google_containers/$i kubernetes-register.sswang.com/google_containers/$idocker push kubernetes-register.sswang.com/google_containers/$idocker rmi registry.aliyuncs.com/google_containers/$i
donemaster节点初始化
环境初始化命令
kubeadm init --kubernetes-version1.27.3 \
--apiserver-advertise-address10.0.0.12 \
--image-repository kubernetes-register.superopsmsb.com/google_containers \
--service-cidr10.96.0.0/12 \
--pod-network-cidr10.244.0.0/16 \
--ignore-preflight-errorsSwap \
--cri-socketunix:///var/run/cri-dockerd.socknode节点加入集群
复制join命令加入到master集群
kubeadm join 10.0.0.12:6443 --token vudfvt.fwpohpbb7yw2qy49 \--discovery-token-ca-cert-hash sha256:1... ...48545 --cri-socketunix:///var/run/cri-dockerd.sock2.6 k8s环境收尾操作
权限操作
定制kubernetes的登录权限
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config命令补全
放到master主机的环境文件中
echo source (kubectl completion bash) ~/.bashrc
echo source (kubeadm completion bash) ~/.bashrc
source ~/.bashrc网络环境
网络定制
mkdir /data/kubernetes/flannel -p
cd /data/kubernetes/flannel获取配置文件
wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml定制镜像标签
for i in $(grep image kube-flannel.yml | grep -v # | awk -F / {print $NF})
dodocker pull flannel/$idocker tag flannel/$i kubernetes-register.superopsmsb.com/google_containers/$idocker push kubernetes-register.superopsmsb.com/google_containers/$idocker rmi flannel/$i
done备份配置文件
cp kube-flannel.yml{,.bak}修改配置文件
sed -i / image:/s/docker.io\/flannel/kubernetes-register.sswang.com\/google_containers/ kube-flannel.yml应用配置文件
kubectl apply -f kube-flannel.yml检查效果
kubectl get node3 应用部署
3.1 应用管理解读 3.2 应用部署实践
资源对象管理关系 资源对象管理实践
手工方式
kubectl run pod名称 --imageimage地址资源清单方式:
apiVersion: v1
kind: Pod
metadata:labels:run: my-podname: my-pod
spec:containers:- image: kubernetes-register.sswang.com/sswang/nginxname: my-poddeployment资源实践
nginx-proxy应用的配置清单文件
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-nginx-proxylabels:app: nginx
spec:replicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: kubernetes-register.sswang.com/sswang/nginxports:- containerPort: 80nginx-web 的资源清单文件
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-nginx-weblabels:app: nginx-web
spec:replicas: 1selector:matchLabels:app: nginx-webtemplate:metadata:labels:app: nginx-webspec:containers:- name: nginximage: kubernetes-register.sswang.com/sswang/nginx_web:v0.1ports:- containerPort: 80tomcat-web 的资源清单文件
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-tomcat-weblabels:app: tomcat-web
spec:replicas: 1selector:matchLabels:app: tomcat-webtemplate:metadata:labels:app: tomcat-webspec:containers:- name: tomcatimage: kubernetes-register.sswang.com/sswang/tomcat_web:v0.1ports:- containerPort: 80803.3 应用管理实践
资源对象隔离
namespace资源对象实践
apiVersion: v1
kind: Namespace
metadata:name: my-ns
---
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-tomcat-webnamespace: my-nslabels:app: tomcat-web
spec:replicas: 1selector:matchLabels:app: tomcat-webtemplate:metadata:labels:app: tomcat-webspec:containers:- name: tomcatimage: kubernetes-register.sswang.com/sswang/tomcat_web:v0.1ports:- containerPort: 8080资源对象的扩缩容
资源对象扩缩容
kubectl scale deployment 资源对象名称 --replicas目标数量 deployment/mysql修改应用镜像版本
kubectl set image deployment 资源对象名称 容器名称镜像名称4 应用访问
4.1 service对象定位 4.2 Service 实践
手工创建Service
根据应用部署资源对象创建SVC对象
kubectl expose deployment nginx --port80 --typeNodePortyaml方式创建Service
nginx-web的service资源清单文件
apiVersion: v1
kind: Service
metadata:name: sswang-nginx-weblabels:app: nginx-web
spec:type: NodePortselector:app: nginx-webports:- protocol: TCPname: httpport: 80targetPort: 80nodePort: 31080tomcat-web的service资源清单文件
apiVersion: v1
kind: Service
metadata:name: sswang-tomcat-weblabels:app: tomcat-web
spec:type: NodePortselector:app: tomcatports:- protocol: TCPname: httpport: 8080targetPort: 8080nodePort: 318804.3 外部Service
部署外部mysql环境
准备软件源
]# cat /etc/yum.repos.d/MariaDB.repo
[mariadb]
name MariaDB
baseurl http://yum.mariadb.org/10.3/centos7-amd64
gpgcheck0更新系统软件包
yum makecache fast安装 MySQL 服务器
yum install mariadb-server mariadb -y 设置 MySQL 服务在启动时自动启动
systemctl start mariadb.service
systemctl enable mariadb.service开启 MySQL 服务器远程访问能力
]# vim /etc/my.cnf.d/server.cnf
[mysqld]
bind-address 0.0.0.0重启 MySQL 服务使配置生效
systemctl restart mariadb.service配置远程主机登录权限
mysql -uroot -p123456 -e GRANT ALL PRIVILEGES ON *.* TO root% IDENTIFIED BY 123456 WITH GRANT OPTION;
mysql -uroot -p123456 -e FLUSH PRIVILEGES;主库上创建数据库
]# mysql -uroot -p123456 -e
CREATE DATABASE bookinfo default charset utf8 collate utf8_general_ci;
USE bookinfo;
CREATE TABLE book_info (id INT AUTO_INCREMENT PRIMARY KEY,book_name VARCHAR(100),author VARCHAR(100),date_of_issue DATE,isDelete BOOLEAN
);
INSERT INTO book_info (book_name, author, date_of_issue, isDelete) VALUES(Book 1, Author 1, 2022-01-01, FALSE),(Book 2, Author 2, 2022-02-01, FALSE),(Book 3, Author 3, 2022-03-01, TRUE);定制资源清单文件
apiVersion: v1
kind: Namespace
metadata:name: external-ns
---
apiVersion: v1
kind: Endpoints
metadata:name: ex-mysqlnamespace: external-ns
subsets:- addresses:- ip: 10.0.0.18ports:- port: 3306
---
apiVersion: v1
kind: Service
metadata:name: ex-mysqlnamespace: external-ns
spec:type: ClusterIPports:- port: 3306targetPort: 3306
---
apiVersion: apps/v1
kind: Deployment
metadata:name: bookinfonamespace: external-ns
spec:replicas: 1selector:matchLabels:app: flask-bookinfotemplate:metadata:labels:app: flask-bookinfospec:containers:- name: flask-bookinfoimage: kubernetes-register.sswang.com/sswang/flask_bookinfo:2.3.2imagePullPolicy: Alwaysports:- containerPort: 5000env:- name: DB_HOSTvalue: ex-mysql- name: DB_USERvalue: root- name: DB_PASSWORDvalue: 123456- name: DB_DATABASEvalue: bookinfo5 应用数据
5.1 应用数据解析
k8s应用数据类型和步骤解析 k8s如何使用数据功能 k8s使用各种数据类型的配置 5.2 应用数据实践
emptyDir实践
资源对象文件内容
apiVersion: v1
kind: Pod
metadata:name: sswang-emptydir
spec:containers:- name: nginx-webimage: kubernetes-register.sswang.com/sswang/nginx_web:v0.1volumeMounts:- name: nginx-indexmountPath: /usr/share/nginx/html- name: change-indeximage: kubernetes-register.sswang.com/sswang/busybox:1.28# 每过2秒更改一下文件内容command: [sh, -c, for i in $(seq 100); do echo index-$i /testdir/index.html;sleep 2;done]volumeMounts:- name: nginx-indexmountPath: /testdirvolumes:- name: nginx-indexemptyDir: {}hostPath实践
资源对象文件内容
apiVersion: v1
kind: Pod
metadata:name: sswang-hostpath
spec:volumes:- name: redis-backuphostPath:path: /data/backup/rediscontainers:- name: hostpath-redisimage: kubernetes-register.sswang.com/sswang/redis:7.0.4volumeMounts:- name: redis-backupmountPath: /data6 应用配置
6.1 应用配置解析
k8s如何使用配置数据功能 6.2 配置文件实践
定制配置文件实践
定制资源清单文件
apiVersion: v1
kind: ConfigMap
metadata:name: sswang-nginxconf
data:default.conf: |server {listen 80;server_name www.sswang.com;location /nginx {proxy_pass http://sswang-nginx-web/;}location /tomcat {proxy_pass http://sswang-tomcat-web:8080/;}location / {root /usr/share/nginx/html;}}
---
apiVersion: v1
kind: ConfigMap
metadata:name: sswang-nginx-index
data:index.html: Hello Nginx, This is Nginx Web Page by sswang!!!\n定制nginx-proxy代理
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-nginx-proxylabels:app: nginx
spec:replicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: kubernetes-register.sswang.com/sswang/nginx_proxy:v0.1volumeMounts:- name: nginxconfmountPath: /etc/nginx/conf.d/readOnly: true- name: nginxindexmountPath: /usr/share/nginx/html/readOnly: truevolumes:- name: nginxconfconfigMap:name: sswang-nginxconf- name: nginxindexconfigMap:name: sswang-nginx-index
---
apiVersion: v1
kind: Service
metadata:name: superopsmsb-nginx-proxylabels:app: superopsmsb-nginx-proxy
spec:selector:app: nginxports:- protocol: TCPname: httpport: 80targetPort: 806.3 敏感文件实践
定制配置文件
准备nginx容器的配置目录
mkdir tls-key做证书
openssl genrsa -out tls-key/tls.key 2048做成自签证书
openssl req -new -x509 -key tls-key/tls.key -out tls-key/tls.crt -subj /CNwww.sswang.com定制专属nginx配置文件 nginx-conf-tls/default.conf
server {listen 443 ssl;server_name www.sswang.com;ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key;location / {root /usr/share/nginx/html;}
}server {listen 80;server_name www.sswang.com; return 301 https://$host$request_uri;
}手工创建资源对象文件
创建cm资源对象
kubectl create configmap nginx-ssl-conf --from-filenginx-conf-tls/创建secret资源对象
kubectl create secret tls nginx-ssl-secret --certtls-key/tls.crt --keytls-key/tls.key定制资源清单文件
apiVersion: v1
kind: Pod
metadata:name: sswang-nginx-ssl
spec:containers:- image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1name: nginx-webvolumeMounts:- name: nginxcertsmountPath: /etc/nginx/certs/readOnly: true- name: nginxconfsmountPath: /etc/nginx/conf.d/readOnly: truevolumes:- name: nginxcertssecret:secretName: nginx-ssl-secret- name: nginxconfsconfigMap:name: nginx-ssl-conf7 服务访问
7.1 Ingress简介
原理解析
Ingress是授权入站连接到达集群服务的规则集合。从外部流量调度到nodeport上的service从service调度到ingress-controlleringress-controller根据ingress[Pod]中的定义虚拟主机或者后端的url根据虚拟主机名直接调度到后端的一组应用pod中7.2 Ingress部署
环境部署
获取配置文件
cd /data/kubernetes/app_secure
mkdir ingress ; cd ingress
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/baremetal/deploy.yaml
mv deploy.yaml ingress-deploy.yaml
cp ingress-deploy.yaml{,.bak}默认镜像
]# grep image: ingress-deploy.yaml | awk -F /| {print $(NF-1)} | uniq
controller:v1.3.1
kube-webhook-certgen:v1.3.0获取镜像
for i in nginx-ingress-controller:v1.3.1 kube-webhook-certgen:v1.3.0
dodocker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$idocker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$i kubernetes-register.sswang.com/google_containers/$idocker push kubernetes-register.sswang.com/google_containers/$idocker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$i
done
注意controller的名称是需要更改一下阿里云的镜像名称多了一个标识修改基础镜像
]# grep image: ingress-deploy.yamlimage: kubernetes-register.sswang.com/google_containers/nginx-ingress-controller:v1.3.1image: kubernetes-register.sswang.com/google_containers/kube-webhook-certgen:v1.3.0image: kubernetes-register.sswang.com/google_containers/kube-webhook-certgen:v1.3.0开放访问入口地址
]# vim ingress-deploy.yaml
...
334 apiVersion: v1
335 kind: Service
...
344 namespace: ingress-nginx
345 spec:...
348 ipFamilyPolicy: SingleStack
349 externalIPs: [10.0.0.12] # 限制集群外部访问的入口ip
350 ports:
351 - appProtocol: http
352 name: http
353 port: 80
...
628 failurePolicy: Ignore # 为了避免默认的准入控制限制改为Ignore
...应用资源配置文件
]# kubectl apply -f ingress-deploy.yaml确认效果
]# kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-s5p7h 0/1 Completed 0 105s
pod/ingress-nginx-admission-patch-qnjmv 0/1 Completed 0 105s
pod/ingress-nginx-controller-6cc467dfd9-c2dfg 1/1 Running 0 105sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.109.163.145 10.0.0.12 80:30439/TCP,443:31912/TCP 105s
service/ingress-nginx-controller-admission ClusterIP 10.96.223.121 none 443/TCP 105sNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 105sNAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-6cc467dfd9 1 1 1 105sNAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 8s 105s
job.batch/ingress-nginx-admission-patch 1/1 7s 105s测试访问页面
]# curl 10.0.0.12:30439
html
headtitle404 Not Found/title/head
body
centerh1404 Not Found/h1/center
hrcenternginx/center
/body
/html7.3 Ingress实践
定制资源清单文件
定制资源清单文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: superopsmsb-ingress-mulhostannotations:kubernetes.io/ingress.class: nginx
spec:rules:- host: nginx.sswang.comhttp:paths:- path: /pathType: Prefixbackend:service:name: sswang-nginx-webport:number: 80- host: tomcat.sswang.comhttp:paths:- path: /pathType: Prefixbackend:service:name: sswang-tomcat-webport:number: 80808 helm管理
8.1 helm简介
需求
在kubernetes平台上我们在部署各种各样的应用服务的时候可以基于手工或者自动的方式对各种资源对象实现伸缩操作尤其是对于有状态的应用我们可以结合持久性存储机制实现更大场景的伸缩动作。但是无论我们怎么操作各种资源对象问题最多的就是各种基础配置、镜像等之类的依赖管理操作。在linux平台下常见的包依赖的就是yum、apt等工具在kubernetes平台下同样有类似的解决依赖关系的工具 -- helm。官方网址https://v3.helm.sh/
官方地址https://github.com/helm/helm简介
helm的功能类似于yum 或 apt提供应用部署时候所需要的各种配置、资源清单文件他与yum之类工具不同的是在k8s中helm是不提供镜像的这些镜像文件需要由专门的镜像仓库来提供。例如k8s平台上的nginx应用部署对于该应用部署来说主要需要三类内容镜像nginx镜像资源定义文件Deployment、service、hpa等专用文件配置文件、证书等helm管理的主要是资源定义文件和专用文件。基于helm来成功的部署一个应用服务完整的工作流程如下
1 部署一个稳定运行的k8s集群在能管理k8s的主机上部署helm。
2 用户在客户端主机上定制各种Chart资源和config资源上传到专用的仓库(本地或者远程)
3 helm客户端向Tiller发出部署请求如果本地有chart用本地的否则从仓库获取
4 Tiller与k8s集群的api-server发送请求
5 api-server通过集群内部机制部署应用需要依赖镜像的时候从专门的镜像仓库获取。
6 基于helm部署好的应用实例在k8s集群中我们称之为release。v3介绍
根据我们对 helm v2 版本的流程解析我们发现在客户端上部署tiller来维护 release相关的信息有些太重量级了所以在 helm v3 版本的时候就剔除了专门的Tiller。在 Helm v3 中移除了 Tiller, 版本相关的数据直接存储在了 Kubernetes 中.8.2 helm部署
软件部署
下载软件
cd /data/softs
wget https://get.helm.sh/helm-v3.13.0-linux-amd64.tar.gz配置环境
mkdir /data/server/helm/bin -p
tar xf helm-v3.13.0-linux-amd64.tar.gz
mv linux-amd64/helm /data/server/helm/bin/环境变量
# cat /etc/profile.d/helm.sh
#!/bin/bash
# set helm env
export PATH$PATH:/data/server/helm/binchmod x /etc/profile.d/helm.sh
source /etc/profile.d/helm.sh确认效果
# helm version
version.BuildInfo{Version:v3.13.0, GitCommit:1d11fcb5d3f3bf00dbe6fe31b8412839a96b3dc4, GitTreeState:clean, GoVersion:go1.16.9}命令帮助
# helm --help
The Kubernetes package managerCommon actions for Helm:- helm search: search for charts
- helm pull: download a chart to your local directory to view
- helm install: upload the chart to Kubernetes
- helm list: list releases of charts8.3 helm实践
仓库管理
添加仓库
helm repo add az-stable http://mirror.azure.cn/kubernetes/charts/
helm repo add bitnami https://charts.bitnami.com/bitnami查看仓库
# helm repo list
NAME URL
az-stable http://mirror.azure.cn/kubernetes/charts/
bitnami https://charts.bitnami.com/bitnami更新仓库属性信息
helm repo update搜索chart信息
# helm search --help
...
Available Commands:hub search for charts in the Artifact Hub or your own hub instancerepo search repositories for a keyword in charts结果显示helm 有两种搜索的源地址官方的在 Artifact幸运的是无法访问。从自定义仓库中获取源信息
helm search repo redis查看chart的所有信息
helm show all bitnami/redisredis实践
安装chart
helm install my_helm bitnami/redis删除应用
helm uninstall my-helm更新应用
helm install my-helm bitnami/redis --set master.persistence.enabledfalse --set replica.persistence.enabledfalse查看效果
helm list
kubectl get pod简单实践
查看基本操作的信息
helm status my-helm获取具备读写权限的主机域名redis主角色主机 my-helm-redis-master.default.svc.cluster.localredis从角色主机 my-helm-redis-replicas.default.svc.cluster.local获取连接密码
# export REDIS_PASSWORD$(kubectl get secret --namespace default my-helm-redis -o jsonpath{.data.redis-password} | base64 --decode)
# echo $REDIS_PASSWORD
ID6KzPAZc1创建客户端
# kubectl run --namespace default redis-client --restartNever --env REDIS_PASSWORD$REDIS_PASSWORD --image docker.io/bitnami/redis:6.2.6-debian-10-r0 --command -- sleep infinity连接redis主角色
$ redis-cli -h my-helm-redis-master.default.svc.cluster.local -a ID6KzPAZc1redis操作
my-helm-redis-master.default.svc.cluster.local:6379 set a 1
OK
my-helm-redis-master.default.svc.cluster.local:6379 set b 2
OK
my-helm-redis-master.default.svc.cluster.local:6379 keys *
1) a
2) b
my-helm-redis-master.default.svc.cluster.local:6379 get a
1
有两种搜索的源地址官方的在 Artifact幸运的是无法访问。从自定义仓库中获取源信息
helm search repo redis查看chart的所有信息
helm show all bitnami/redisredis实践
安装chart
helm install my_helm bitnami/redis删除应用
helm uninstall my-helm更新应用
helm install my-helm bitnami/redis --set master.persistence.enabledfalse --set replica.persistence.enabledfalse查看效果
helm list
kubectl get pod简单实践
查看基本操作的信息
helm status my-helm获取具备读写权限的主机域名redis主角色主机 my-helm-redis-master.default.svc.cluster.localredis从角色主机 my-helm-redis-replicas.default.svc.cluster.local获取连接密码
# export REDIS_PASSWORD$(kubectl get secret --namespace default my-helm-redis -o jsonpath{.data.redis-password} | base64 --decode)
# echo $REDIS_PASSWORD
ID6KzPAZc1创建客户端
# kubectl run --namespace default redis-client --restartNever --env REDIS_PASSWORD$REDIS_PASSWORD --image docker.io/bitnami/redis:6.2.6-debian-10-r0 --command -- sleep infinity连接redis主角色
$ redis-cli -h my-helm-redis-master.default.svc.cluster.local -a ID6KzPAZc1redis操作
my-helm-redis-master.default.svc.cluster.local:6379 set a 1
OK
my-helm-redis-master.default.svc.cluster.local:6379 set b 2
OK
my-helm-redis-master.default.svc.cluster.local:6379 keys *
1) a
2) b
my-helm-redis-master.default.svc.cluster.local:6379 get a
1
