Kubernetes
Kubernetes是一套由Google所发展出来的布署系统。
环境
这边是以Ubuntu 18.04为基础,在AWS上使用一台c5.2xlarge与五台r5.large测试。
安装
先安装Docker,然后安装Kubernetes的套件:
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -; echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list; sudo apt update; sudo apt install -y kubelet kubeadm kubectl
单机设定
这边使用Calico当作网络层:
sudo kubeadm init --pod-network-cidr=192.168.0.0/16
把上面执行结果输出的命令拿到别台用sudo跑,像是这样的指令:
sudo kubeadm join a.b.c.d:6443 --token xxxxxx.xxxxxxxxxxxxxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
接着回到当初跑kubeadm init的机器上,把设定档放到自己目录下:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
接下来启用Calico设定:
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
设定好之后不会马上通,可以用kubectl get nodes --watch可以看到机器会因为retry从NotReady变成Ready。
HA设定
大多数的设定与单机设定相同,请参考前面对单机版本的说明。
HA版本中需要透过设定档设定(因为--config与--pod-network-cidr不能同时线),对应的controlPaneEndpoint与podSubnet:
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
apiServer:
certSANs:
- "internal-test-gslin-k8s-apiserver-XXXXXXXXXX.us-east-1.elb.amazonaws.com"
controlPlaneEndpoint: "internal-test-gslin-k8s-apiserver-XXXXXXXXXX.us-east-1.elb.amazonaws.com:6443"
networking:
podSubnet: 192.168.0.0/16
然后再透过设定档初始化cluster:
sudo kubeadm init --config=kubeadm-config.yaml
使用所有主机
一开始的主机(master)不会被分配到需求(因为安全因素),透过以下的指令让master可以分配到需求:
kubectl taint nodes --all node-role.kubernetes.io/master-
标签
可以针对主机进行标签,供之后的nodeSelector使用:
kubectl label nodes ip-172-31-1-1 instancetype=c5
kubectl label nodes ip-172-31-1-2 ip-172-31-1-3 ip-172-31-1-4 ip-172-31-1-5 ip-172-31-1-6 instancetype=r5
范例
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: example-r5
spec:
replicas: 5
serviceName: example-r5
selector:
matchLabels:
app: example-r5
template:
metadata:
labels:
app: example-r5
spec:
containers:
- name: example-r5
image: ubuntu:18.04
command: ["/bin/sh", "-c"]
args:
- export DEBIAN_FRONTEND=noninteractive;
sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/' /etc/apt/sources.list;
apt update;
apt install -y iproute2 iputils-ping locales mtr-tiny net-tools tzdata wget;
sleep 3153600000
resources:
requests:
memory: "15Gi"
nodeSelector:
instancetype: r5
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: example-c5
spec:
replicas: 1
serviceName: example-c5
selector:
matchLabels:
app: example-c5
template:
metadata:
labels:
app: example-c5
spec:
containers:
- name: example-c5
image: ubuntu:18.04
command: ["/bin/sh", "-c"]
args:
- export DEBIAN_FRONTEND=noninteractive;
sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/' /etc/apt/sources.list;
apt update;
apt install -y iproute2 iputils-ping locales mtr-tiny net-tools tzdata wget;
sleep 3153600000
resources:
requests:
cpu: "7000m"
nodeSelector:
instancetype: c5