git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop.git 进入下载的目录,cd k8s-for-docker-desktop git checkout v1.22.4 因为现在这个库最新就是v1.22.4 powershell管理员执行./load_images.ps1 再在Docker Desktop里勾选Enable Kubernetes 重启一下Docker
命令行执行 kubectl cluster-info 假如返回running就说明安装成功了
假如出现ps1脚本权限问题
.\load_images.ps1 : 无法加载文件 D:\\k8s\k8s-for-docker-desktop\load_images.ps1,因为在此系统上禁止运行脚本。 有关详细信息,请参阅 https:/go.microsoft.com/fwlink/?LinkID=135170 中的 about_Execution_Policies。 Get-ExecutionPolicy Restricted PS D:\k8s\k8s-for-docker-desktop> Set-ExecutionPolicy -ExecutionPolicy bypass
.玩转容器编排
==========================================
部署一个Demo应用(gcr.io/google-samples/kubernetes-bootcamp:v1)
这是一个类似HelloWorld的镜像,. 官方文档示例 交互式教程 - 部署应用 | Kubernetes
在学习了Docker之后, 我们知道一般来说拉取镜像会非常简单:
docker pull ubuntu:latest
Docker镜像获取(gcr.io等)但这个网址是访问不到的,下面提供几种方法:
从Docker Hub搜索 (或者其他仓库) 从国内仓库中拉取,这里推荐阿里云的仓库
如果没有配置的话,默认的仓库是Docker Hub这里以 kubernetes-bootcamp:v1为例:
D:\MyFirstMicroService>docker search kubernetes-bootcamp:v1 NAME DESCRIPTION STARS OFFICIAL AUTOMATED hhitzhl/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1 0 [OK] 928981943/sample gcr.io/google-samples/kubernetes-bootcamp:v1 0 dawnsky/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1 0 loveone/kubernetes-bootcamp gcr.io/google-samples/kubernetes-bootcamp:v1… 0 mricheng/kubernete-bootcamp1 gcr.io/google-samples/kubernetes-bootcamp:v1 0
里面会显示可以下载的镜像列表,一般来说,会有从google自动拉取的镜像:
docker pull <image you found> // 拉取镜像
docker tag <image you found> gcr.io/google-samples/kubernetes-bootcamp:v1// tag成google的镜像
docker rmi <image you found> // 删除原来的镜像(其实是untagged)
//国内访问不了gcr.io,需要在dockerhub下载,重新打tag后,执行部署命令
kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
deployment.apps/kubernetes-bootcamp created
kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE kubernetes-bootcamp 1/1 1 1 65s
如果要删除部署, 则执行 kubectl delete deployment kubernetes-bootcamp
如果你只是把deployment的Pod删除掉,他会自动恢复的.
========================================
怎样手动把Docker-Compose.yml 启动的容器,发布到K8S里
Docker的Image 要先上传到仓库(本地自建或者直接用网上的,比如阿里云,自己注册一下就好了)
找到 本地build过的image, docker-compose images
Container Repository Tag Image Id Size ------------------------------------------------------------------------------ db mongo 4.2.8 d9775815948b 387.8 MB history history latest fa700b969a63 89.42 MB rabbit rabbitmq 3.8.5-management d55229deb03e 186.6 MB recommendations recommendations latest 86895b3a3a10 89.42 MB video-streaming video-streaming latest 6f530d38053f 89.41 MB
-----假设我们要把RabbitMq上传到K8s, 打Tag
docker tag d55229deb03e <阿里云的镜像仓库地址>:rabbitmq3.8.5
------推送到仓库-----------------------------------------
docker push<阿里云的镜像仓库地址>:rabbitmq3.8.5
//K8s使用Image,正常是用yaml来配置的,这里简化用run -------------
kubectl run rabbit --image=<阿里云的镜像仓库地址>:rabbitmq3.8.5
pod/rabbit created
=========================================
安装 K8s DashBoard
kubectl apply -f kubernetes-dashboard.yaml (这个文件在安装目录里), 修改nodePort,修改了yaml的内容后, 要重新apply一次,
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31443
selector:
k8s-app: kubernetes-dashboard
增加了yaml的内容后, 加了用户和角色, 要重新apply一次,
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
可以有多个yaml文件, 分别apply,
namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
按命名空间kubernetes-dashboard查看端口 kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.102.179.60 <none> 8000/TCP 96m kubernetes-dashboard NodePort 10.108.120.108 <none> 443:31443/TCP 96m
按命名空间kubernetes-dashboard查看用户名和Token, windows下没有grep,直接后面加用户名过滤
kubectl -n kubernetes-dashboard describe secret admin-user
系统是用Token来登录的
Name: admin-user-token-t8tkn Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: c8e8c16e-9f33-470b-819d-3e4a9d0450b7 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6InMybjN2ZnhjbWw4ejc1THVoVjBUdHRtbld6Q3hzc3ZWTEk2MnJIQ3k1alUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXQ4dGtuIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjOGU4YzE2ZS05ZjMzLTQ3MGItODE5ZC0zZTRhOWQwNDUwYjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.IjDl66Khmp0qOgw4DTXlrtJcq4bwf7bGZfPpb-JLgxYJbuHugqWiUZEjA_952oEKm6DMJmxyguZNq30HclNI1Y7BoBCQ8eXRWnIyLLPfmPIzsbHPNsdCrZgYypDHtSai3gkNhf9NbWeoqpYMI9kxwnhJ2mCV4AiQqBZk87x-nJfhfCd1m8jRXFna7O_2VBx6tixvUM0VRDTYf0OXiY0qPjzwvCq0SXKSE0sSYm1odU8uNV1koPGR7N57JgAbsjPBduJEet7acxFUa4grZ0OWD8bTezHuWobojdAAwQwhB9723YLOe63zylx4kXYgFIA4Ti6Ou-_sP6G8MDMNoFqitw
现在改成 https://localhost:31443/#/login 访问了
( 用kubectl proxy 之后 http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login 也可以)
============================================
MiniKube
电脑内存没有16G以上的就不要安装K8S了, 可以安装个MiniKube
但是默认的MiniKube start命令,可能因为网络原因,会这样
* Microsoft Windows 10 Pro 10.0.19043 Build 19043 上的 minikube v1.25.1 * 自动选择 docker 驱动 * Starting control plane node minikube in cluster minikube * Pulling base image ... * Downloading Kubernetes v1.23.1 preload ... > preloaded-images-k8s-v16-v1...: 504.42 MiB / 504.42 MiB 100.00% 13.75 Mi > index.docker.io/kicbase/sta...: 378.98 MiB / 378.98 MiB 100.00% 3.15 MiB ! minikube was unable to download gcr.io/k8s-minikube/kicbase:v0.0.29, but successfully downloaded docker.io/kicbase/stable:v0.0.29 as a fallback image * Creating docker container (CPUs=2, Memory=2200MB) ...\ E0123 23:23:34.083236 17156 kic.go:267] icacls failed applying permissions - err - [%!s(<nil>)], output - [�Ѵ������ļ�: C:\Users\zt\.minikube\machines\minikube\id_rsa �ѳɹ����� 1 ���ļ�; ���� 0 ���ļ�ʱʧ��] ! This container is having trouble accessing https://k8s.gcr.io * To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ * 正在 Docker 20.10.12 中准备 Kubernetes v1.23.1… - kubelet.housekeeping-interval=5m - Generating certificates and keys ... - Booting up control plane ... - Configuring RBAC rules ... * Verifying Kubernetes components... ! Executing "docker container inspect minikube --format={{.State.Status}}" took an unusually long time: 2.0620287s * Restarting the docker service may improve performance. - Using image gcr.io/k8s-minikube/storage-provisioner:v5 * Enabled addons: default-storageclass * Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
加多一个参数 minikube start --image-mirror-country='cn'
* Microsoft Windows 10 Pro 10.0.19043 Build 19043 上的 minikube v1.25.1 * 根据现有的配置文件使用 docker 驱动程序 * Starting control plane node minikube in cluster minikube * Pulling base image ... * Restarting existing docker container for "minikube" ... ! This container is having trouble accessing https://k8s.gcr.io * To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/ * 正在 Docker 20.10.12 中准备 Kubernetes v1.23.1… - kubelet.housekeeping-interval=5m - Generating certificates and keys ... - Booting up control plane ... - Configuring RBAC rules ... * Verifying Kubernetes components... ! Executing "docker container inspect minikube --format={{.State.Status}}" took an unusually long time: 2.0050415s * Restarting the docker service may improve performance. - Using image kubernetesui/dashboard:v2.3.1 - Using image kubernetesui/metrics-scraper:v1.0.7 - Using image gcr.io/k8s-minikube/storage-provisioner:v5 * Enabled addons: storage-provisioner, dashboard, default-storageclass * Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
它自带看板, 运行 minikube dashboard 就可以
部署一个helloworld应用,镜像地址可以把registry.cn-hangzhou.aliyuncs.com/google_containers/
kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment hello-minikube --type=NodePort --port=8080
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube NodePort 10.97.8.166 <none> 8080:32329/TCP 113s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21m |-----------|----------------|-------------|---------------------------| | NAMESPACE | NAME | TARGET PORT | URL | |-----------|----------------|-------------|---------------------------| | default | hello-minikube | 8080 | http://192.168.49.2:32329 | |-----------|----------------|-------------|---------------------------| * Starting tunnel for service hello-minikube. |-----------|----------------|-------------|------------------------| | NAMESPACE | NAME | TARGET PORT | URL | |-----------|----------------|-------------|------------------------| | default | hello-minikube | | http://127.0.0.1:57620 | |-----------|----------------|-------------|------------------------| * 正通过默认浏览器打开服务 default/hello-minikube... ! Because you are using a Docker driver on windows, the terminal needs to be open to run it.
映射宿主机端口 kubectl port-forward service/hello-minikube 7080:8080
Forwarding from 127.0.0.1:7080 -> 8080 Forwarding from [::1]:7080 -> 8080 Handling connection for 7080 Handling connection for 7080
假如我们再新建一个Service是LoadBalancer
kubectl create deployment balanced --image=k8s.gcr.io/echoserver:1.4 kubectl expose deployment balanced --type=LoadBalancer --port=8080 这个执行之后在DashBoard看到服务是黄色的 执行minikube tunnel 这个命令就变成绿色,终止这个命令又变回黄色
minikube start | minikube (k8s.io)
KubeCtl 常用命令
kubectl cluster-info
Kubernetes control plane is running at https://172.17.0.69:8443 KubeDNS is running at https://172.17.0.69:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubectl get nodes
NAME STATUS ROLES AGE VERSION minikube Ready control-plane,master 6m38s v1.20.2
kubectl get pods //列出Pod列表
NAME READY STATUS RESTARTS AGE kubernetes-bootcamp-fb5c67579-8r9wm 1/1 Running 0 10m
kubectl describe pods
Name: kubernetes-bootcamp-fb5c67579-8r9wm Namespace: default Priority: 0 Node: minikube/172.17.0.66 Start Time: Mon, 17 Jan 2022 06:44:28 +0000 Labels: app=kubernetes-bootcamp pod-template-hash=fb5c67579 Annotations: <none> Status: Running IP: 172.18.0.4
//定义一个POD_NAME的变量, 下面的命令就不用记住
export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
$ echo Name of the Pod: $POD_NAME
Name of the Pod: kubernetes-bootcamp-fb5c67579-8r9wm
$ kubectl logs $POD_NAME
Kubernetes Bootcamp App Started At: 2022-01-17T06:44:30.281Z | Running On: kubernetes-bootcamp-fb5c67579-8r9wm Running On: kubernetes-bootcamp-fb5c67579-8r9wm | Total Requests: 1 | App Uptime: 1746.765 seconds | Log Time: 2022-01-17T07:13:37.046Z
kubectl exec -ti $POD_NAME -- bash //从K8s控制台进入POD的终端, 注意 --的前后都有一个空格,退出就用exit
kubectl get services //列出Services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h
kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080 //暴露一个服务
kubectl get services //暴露后重新查一次服务
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h kubernetes-bootcamp NodePort 10.97.242.226 <none> 8080:31388/TCP 5s