Kubernetes

来自Gea-Suan Lin's Wiki
Gslin讨论 | 贡献2019年1月15日 (二) 01:49的版本 HA設定
跳到导航 跳到搜索

Kubernetes是一套由Google所發展出來的佈署系統。

環境

這邊是以Ubuntu 18.04為基礎,在AWS上使用一台c5.2xlarge與五台r5.large測試。

安裝

先安裝Docker,然後安裝Kubernetes的套件:

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -; echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list; sudo apt update; sudo apt install -y kubelet kubeadm kubectl

單機設定

這邊使用Calico當作網路層:

sudo kubeadm init --pod-network-cidr=192.168.0.0/16

把上面執行結果輸出的命令拿到別台用sudo跑,像是這樣的指令:

sudo kubeadm join a.b.c.d:6443 --token xxxxxx.xxxxxxxxxxxxxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

接著回到當初跑kubeadm init的機器上,把設定檔放到自己目錄下:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

接下來啟用Calico設定:

kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

設定好之後不會馬上通,可以用kubectl get nodes --watch可以看到機器會因為retry從NotReady變成Ready

HA設定

大多數的設定與單機設定相同,請參考前面對單機版本的說明。

HA版本中需要三台主機跑controller,並且需要透過設定檔設定對應的controlPaneEndpointpodSubnet(因為--config--pod-network-cidr不能同時使用):

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
apiServer:
  certSANs:
  - "internal-test-gslin-k8s-apiserver-XXXXXXXXXX.us-east-1.elb.amazonaws.com"
controlPlaneEndpoint: "internal-test-gslin-k8s-apiserver-XXXXXXXXXX.us-east-1.elb.amazonaws.com:6443"
networking:
  podSubnet: 192.168.0.0/16

然後再透過設定檔初始化cluster的第一台主機:

sudo kubeadm init --config=kubeadm-config.yaml

使用所有主機

一開始的主機(master)不會被分配到需求(因為安全因素),透過以下的指令讓master可以分配到需求:

kubectl taint nodes --all node-role.kubernetes.io/master-

標籤

可以針對主機進行標籤,供之後的nodeSelector使用:

kubectl label nodes ip-172-31-1-1 instancetype=c5
kubectl label nodes ip-172-31-1-2 ip-172-31-1-3 ip-172-31-1-4 ip-172-31-1-5 ip-172-31-1-6 instancetype=r5

範例

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: example-r5
spec:
  replicas: 5
  serviceName: example-r5
  selector:
    matchLabels:
      app: example-r5
  template:
    metadata:
      labels:
        app: example-r5
    spec:
      containers:
      - name: example-r5
        image: ubuntu:18.04
        command: ["/bin/sh", "-c"]
        args:
          - export DEBIAN_FRONTEND=noninteractive;
            sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/' /etc/apt/sources.list;
            apt update;
            apt install -y iproute2 iputils-ping locales mtr-tiny net-tools tzdata wget;
            sleep 3153600000
        resources:
          requests:
            memory: "15Gi"
      nodeSelector:
        instancetype: r5
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: example-c5
spec:
  replicas: 1
  serviceName: example-c5
  selector:
    matchLabels:
      app: example-c5
  template:
    metadata:
      labels:
        app: example-c5
    spec:
      containers:
      - name: example-c5
        image: ubuntu:18.04
        command: ["/bin/sh", "-c"]
        args:
          - export DEBIAN_FRONTEND=noninteractive;
            sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/' /etc/apt/sources.list;
            apt update;
            apt install -y iproute2 iputils-ping locales mtr-tiny net-tools tzdata wget;
            sleep 3153600000
        resources:
          requests:
            cpu: "7000m"
      nodeSelector:
        instancetype: c5

相關連結

外部連結