Minikube是Kubernetes官方推荐学习使用的快速搭建Kubernetes集群的工具,它允许将Master和Node的组件运行在同一台物理主机上。
Minikube工具实际上也是通过Kubeadm快速构建的Kubernetes集群。
Minikube搭建Kubernetes集群只需要一台物理主机。
参考文档:https://minikube.sigs.k8s.io/docs/start/
系统版本:CentOS Linux release 7.6.1810 (Core)
软件版本:Docker-ce-3:23.0.1-1.el7、Kubernetes-v1.24.0
硬件要求:建议最低2核4GB
# 配置主机名
[root@localhost ~]# echo 'minikube' >/etc/hostname
[root@localhost ~]# cat /etc/hostname |xargs hostname
[root@localhost ~]# bash
# 配置主机解析
[root@localhost ~]# cat <<EOF >> /etc/hosts
172.16.254.136 minikube
EOF
# 关闭防火墙
[root@minikube ~]# systemctl stop firewalld
[root@minikube ~]# systemctl disable firewalld
# 关闭SELinux
[root@minikube ~]# setenforce 0
[root@minikube ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
# 关闭SWAP交换分区
[root@minikube ~]# swapoff -a
# 启用br_netfilter二层流量过滤功能
[root@minikube ~]# modprobe br_netfilter
[root@minikube ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 151336 1 br_netfilter
[root@minikube ~]# cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
[root@minikube ~]# cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@minikube ~]# sysctl --system
# 配置YUM-Docker源
# Docker-YUM源由阿里巴巴开源镜像网提供。
[root@minikube ~]# yum -y install epel-release.noarch yum-utils
[root@minikube ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装依赖
[root@minikube ~]# yum -y install device-mapper-persistent-data lvm2
# 查看能安装的Docker版本
[root@minikube ~]# yum list docker-ce.x86_64 --showduplicates | sort -r
# 安装Docker
[root@minikube ~]# yum -y install docker-ce-3:23.0.1-1.el7
# 启动Docker服务
[root@minikube ~]# systemctl start docker
[root@minikube ~]# systemctl enable docker
[root@minikube ~]# systemctl status docker
# 配置Docker使用国内镜像源
[root@minikube ~]# cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}
EOF
# 重启Docker服务
[root@minikube ~]# systemctl restart docker
[root@minikube ~]# systemctl status docker
[root@minikube ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@minikube ~]# yum install kubectl-1.24.0 kubelet-1.24.0-0 kubernetes-cni-1.2.0-0 -y --nogpgcheck
安装最新版本的Kubernetesv1.24.0+,需要额外安装CRI-Docker
CRI-Docker为Kubernetes提供一个操作Docker的运行时接口。
Crictl用于Kubelet容器运行时接口 (CRI) 的CLI和验证工具。
参考文档:
https://github.com/Mirantis/cri-dockerd
https://github.com/kubernetes-sigs/cri-tools
# 安装CRI-Docker
[root@minikube ~]# wget https://ghproxy.com/https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1.amd64.tgz
[root@minikube ~]# tar xzvf cri-dockerd-0.3.1.amd64.tgz
cri-dockerd/
cri-dockerd/cri-dockerd
[root@minikube ~]# cp cri-dockerd/cri-dockerd /usr/bin/
# 配置CRI-Docker作为SYSTEM系统服务
# 参考文件: https://github.com/Mirantis/cri-dockerd/tree/master/packaging/systemd
# 创建cri-docker.service文件
# 这边启动参数需要设置为ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
[root@minikube ~]# vim /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
# 创建cri-docker.socket文件
[root@minikube ~]# vim /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
# 启动CRI-Docker服务并设置为开机自启
[root@minikube ~]# systemctl daemon-reload
[root@minikube ~]# systemctl restart cri-docker
[root@minikube ~]# systemctl status cri-docker
● cri-docker.service - CRI Interface for Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/cri-docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2023-01-31 21:32:54 EST; 4s ago
Docs: https://docs.mirantis.com
Main PID: 13701 (cri-dockerd)
Tasks: 9
Memory: 14.2M
CGroup: /system.slice/cri-docker.service
└─13701 /usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Start docker client with request timeout 0s"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Hairpin mode is set to none"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Loaded network plugin cni"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Docker cri networking managed by network plugin cni"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Docker Info: &{ID:I32G:GCJA:CKTO:5ZIC:2AED:6KYI...] [Nativ
Jan 31 21:32:54 minikube systemd[1]: Started CRI Interface for Docker Application Container Engine.
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Setting cgroupDriver cgroupfs"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Docker cri received runtime config &RuntimeConf...dr:,},}"
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Starting the GRPC backend for the Docker CRI interface."
Jan 31 21:32:54 minikube cri-dockerd[13701]: time="2023-01-31T21:32:54-05:00" level=info msg="Start cri-dockerd grpc backend"
Hint: Some lines were ellipsized, use -l to show in full.
[root@minikube ~]# systemctl enable cri-docker
Created symlink from /etc/systemd/system/multi-user.target.wants/cri-docker.service to /usr/lib/systemd/system/cri-docker.service.
# 安装crictl
[root@minikube ~]# VERSION="v1.26.0"
[root@minikube ~]# wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
[root@minikube ~]# sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
[root@minikube ~]# rm -f crictl-$VERSION-linux-amd64.tar.gz
[root@minikube ~]# ln /usr/local/bin/crictl /usr/bin
# 或通过YUM安装crictl[推荐]
[root@minikube ~]# yum -y install epel-release.noarch
[root@minikube ~]# yum -y install cri-tools
[root@minikube ~]# curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
[root@minikube ~]# install minikube-linux-amd64 /usr/local/bin/minikube
[root@minikube ~]# minikube version
[root@minikube ~]# minikube start --vm-driver=none --image-mirror-country='cn' --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers' --kubernetes-version=v1.24.0 --cri-socket='/var/run/cri-dockerd.sock'
# --vm-driver=none 表示使用Linux本机作为运行环境。
# --kubernetes-version=xxx 表示指定Kubernetes的版本。
# --image-mirror-country='cn' 表示使用中国地区的镜像。
[root@minikube ~]# minikube status
minikube
type: Control Plane
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured
timeToStop: Nonexistent
我们可以使用一个WEB UI图形化界面查看和管理Kubernetes集群。
# 启用仪表盘
# 使用Minikube启动仪表盘后,会打印一个URL,我们可以通过URL访问到仪表盘。
[root@minikube ~]# nohup minikube dashboard &
Opening http://127.0.0.1:37008/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/ in your default browser...
# 外部访问到仪表盘
# 默认情况下开放的地址只允许本地访问,若想要外部访问到仪表盘,则需要暴露一个代理,允许外部访问。
# 由于URL路径较长,要使用Google浏览器访问,或者可以使用Nginx反向代理缩短URL长度。
[root@minikube ~]# nohup kubectl proxy --port="8001" --address="172.16.254.136" --accept-hosts="^.*" &
http://172.16.254.136:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/
[root@minikube ~]# minikube start --vm-driver=none --kubernetes-version=v1.24.0 --image-mirror-country='cn'
# --vm-driver=none 表示使用Linux本机作为运行环境。
# --kubernetes-version=xxx 表示指定Kubernetes的版本。
# --image-mirror-country='cn' 表示使用中国地区的镜像。
[root@minikube ~]# minikube stop
[root@minikube ~]# minikube delete
[root@minikube ~]# rm -rf /root/.minikube
[root@minikube ~]# minikube stop
[root@minikube ~]# minikube stop && minikube start
[root@minikube ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6967fb4995-4b4c5 1/1 Running 0 2m
kube-system coredns-6967fb4995-sbg2z 1/1 Running 0 2m
kube-system etcd-minikube 1/1 Running 0 55s
kube-system kube-addon-manager-minikube 1/1 Running 0 44s
kube-system kube-apiserver-minikube 1/1 Running 0 52s
kube-system kube-controller-manager-minikube 1/1 Running 0 55s
kube-system kube-proxy-md5dg 1/1 Running 0 2m
kube-system kube-scheduler-minikube 1/1 Running 0 70s
kube-system kubernetes-dashboard-95564f4f-fkhv5 1/1 Running 0 119s
kube-system storage-provisioner 1/1 Running 0 118s
Minikube有一组内置的加载项,可以在本地Kubernetes环境中启用、禁用和打开。
这些加载项属于一些第三方Kubernetes附件(插件),可以实现一些高级功能。
[root@minikube ~]# minikube addons list
- addon-manager: enabled
- dashboard: enabled
- default-storageclass: enabled
- efk: disabled
- freshpod: disabled
- gvisor: disabled
- heapster: disabled
- ingress: disabled
- logviewer: disabled
- metrics-server: disabled
- nvidia-driver-installer: disabled
- nvidia-gpu-device-plugin: disabled
- registry: disabled
- registry-creds: disabled
- storage-provisioner: enabled
- storage-provisioner-gluster: disabled
heapster是Kubernetes常用的一个附件(插件),启用它我们可以查看Pod对象资源使用情况,它是一个任务管理器。
ingress是Kubernetes中必备附件,用于公开应用,实现基于HTTP/S七层的负载均衡。
[root@minikube ~]# minikube addons enable heapster
* heapster was successfully enabled
[root@minikube ~]# kubectl top pod
NAME CPU(cores) MEMORY(bytes)
hello-node-56ddd6c85d-wbspf 0m 9Mi
[root@minikube ~]# minikube addons enable ingress
启用附件,会在名称空间(kube-system)下创建一个吊舱资源对象(Pod)和一个服务资源对象(Service),并在Pod中运行对应的容器。
[root@minikube ~]# kubectl get pod,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-6967fb4995-4b4c5 1/1 Running 0 5h41m
pod/coredns-6967fb4995-sbg2z 1/1 Running 0 5h41m
pod/etcd-minikube 1/1 Running 0 5h40m
pod/heapster-d8bsq 1/1 Running 0 3m31s
pod/influxdb-grafana-dcpqj 2/2 Running 0 3m31s
pod/kube-addon-manager-minikube 1/1 Running 0 5h40m
pod/kube-apiserver-minikube 1/1 Running 0 5h40m
pod/kube-controller-manager-minikube 1/1 Running 0 5h40m
pod/kube-proxy-md5dg 1/1 Running 0 5h41m
pod/kube-scheduler-minikube 1/1 Running 0 5h40m
pod/kubernetes-dashboard-95564f4f-fkhv5 1/1 Running 0 5h41m
pod/storage-provisioner 1/1 Running 0 5h41m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/heapster ClusterIP 10.103.127.8 <none> 80/TCP 3m31s
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 5h41m
service/kubernetes-dashboard ClusterIP 10.97.77.8 <none> 80/TCP 5h41m
service/monitoring-grafana NodePort 10.104.40.70 <none> 80:30002/TCP 3m31s
service/monitoring-influxdb ClusterIP 10.103.102.119 <none> 8083/TCP,8086/TCP 3m31s
[root@minikube ~]# minikube addons disable heapster
报错信息:
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.
Here is one example how you may list all running Kubernetes containers by using crictl:
- 'crictl --runtime-endpoint unix:///var/run/cri-dockerd.sock ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'crictl --runtime-endpoint unix:///var/run/cri-dockerd.sock logs CONTAINERID'
stderr:
W0215 03:40:32.375153 99610 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/var/run/cri-dockerd.sock". Please update your configuration!
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
查看kubelet报错信息:
[root@minikube ~]# journalctl -xeu kubelet |more
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.149848 64597 pod_workers.go:951] "Error syncing pod, skipping" err="failed to \"CreatePodSandb
ox\" for \"etcd-minikube_kube-system(a75b77b0a9e517a0cac04559a1c583ec)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"etcd-minikub
e_kube-system(a75b77b0a9e517a0cac04559a1c583ec)\\\": rpc error: code = Unknown desc = failed pulling image \\\"registry.k8s.io/pause:3.6\\\": Error resp
onse from daemon: Head \\\"https://asia-northeast1-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\\\": dial tcp 142.250.157.82:443: con
nect: connection refused\"" pod="kube-system/etcd-minikube" podUID=a75b77b0a9e517a0cac04559a1c583ec
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.230355 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.330444 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.430833 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.531775 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.632183 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.733334 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.834118 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:32 minikube kubelet[64597]: E0215 05:14:32.935064 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:33 minikube kubelet[64597]: E0215 05:14:33.035527 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
Feb 15 05:14:33 minikube kubelet[64597]: E0215 05:14:33.135691 64597 kubelet.go:2419] "Error getting node" err="node \"minikube\" not found"
原因分析:
是由于v1.24.0后启用了CRI sandbox(pause) image的配置支持。通过kubeadm init –image-repository设置的镜像地址,不再会传递给cri运行时去下载pause镜像。而是需要在cri运行时的配置文件中设置。
问题处理:
使用VPN网络FQ后拉取镜像会成功。或配置CRI运行时设置使用的国内镜像即可:
[root@minikube ~]# vim /etc/containerd/config.toml
# 追加以下内容
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/k8sxio/pause:3.6"
[root@minikube ~]# systemctl restart kubelet
在构建之前,请先删除原有集群!
[root@minikube ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@minikube ~]# yum install kubernetes-cni -y
建议:Kubernetes版本需要与上面安装Kubernetes-cni依赖kubelet的版本相同!
[root@minikube ~]# minikube start --vm-driver=none --cni=flannel --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers'
文章目录一、污点(Taint)1、污点简介2、污点的组成3、污点的设置和去除二、容忍(Tolerations)1、容忍简介2、容忍的基本用法3、示例4、多污点与多容忍配置三、警戒(cordon)和转移(drain)四、Pod启动阶段(相位phase)五、故障排除步骤一、污点(Taint)节点亲和性,是Pod的一种属性(偏好或硬性要求),它使Pod被吸引到一类特定的节点Taint则相反,它使节点能够排斥一类特定的PodTaint和Toleration相互配合,可以用来避免Pod被分配到不合适的节点上。每个节点上都可以应用一个或多个taint,这表示对于那些不能容忍这些taint的Pod,是不会被
文章目录Kubernetes(k8s)工作负载一、Workloads二、Pod三、Deployment四、RC、RS、DaemonSet、StatefulSet五、Job、CronJob1、Job2、CronJob六、GCKubernetes(k8s)工作负载一、Workloads什么是工作负载(Workloads)工作负载是运行在Kubernetes上的一个应用程序。一个应用很复杂,可能由单个组件或者多个组件共同完成。无论怎样我们可以用一组Pod来表示一个应用,也就是一个工作负载Pod又是一组容器(Containers)所以关系又像是这样工作负载(Workloads)控制一组PodPod控制
前言 前端时间PHP项目部署升级需要,需要把Laravel开发的项目部署K8s上,下面以laravel项目为例,讲解采用yaml文件方式部署项目。一、部署步骤1.创建Dockerfile文件Dockerfile是一个用来构建镜像的文本文件,在容器运行时,需要把项目文件和项目运行所必须的组件安装其中。#基础镜像FROMphp:7.4-fpm#时区ARGTZ=Asia/Shanghai#更换容器时区RUNcp"/usr/share/zoneinfo/$TZ"/etc/localtime&&echo"$TZ">/etc/timezone#替换成阿里apt-get源RUNsed-i"s@http
目录前言安装containerd解压安装配置成systemd任务安装runc编辑安装cni配置containerd镜像源containerd基本使用拓展阅读nerdctl工具安装及使用整体脚本总结写在后面前言上一篇文章,我们介绍了虚拟机的基础环境以及基础的网络配置,还有一些k8s节点要用到基础环境配置。本文将带领大家把containerd给安装了containerd的项目官方地址https://github.com/containerd/containerdcontainerd的发布版本地址如下https://github.com/containerd/containerd/releases
文章目录一.k8s集群修改config1.1备份当前k8s集群配置文件1.2删除当前k8s集群的apiserver的cert和key1.3生成新的apiserver的cert和key1.4刷新admin.conf1.5重启apiserver1.6刷新.kube/config二.安装kubectl2.1下载kubectl2.2配置kubectl三.使用kubernetes-client操作k8s集群3.1依赖3.2注意(可忽略)3.3创建StatefulSet3.4运行shell命令3.5删除StatefulSet3.6线上运行注意一.k8s集群修改config因为默认的是内网IP,复制出来后,
k8sissue: error:Readinessprobefailed:HTTPprobefailedwithstatuscode:503explanation:Kubernetes为准备和活动探测返回HTTP503错误的事实意味着到后端的连接可能有问题。有趣的是,这不是重点。这些探针不是用来执行HTTP流的端到端测试的。探测只用于验证它们所监视的服务是否响应。简单地说,好的是自己设置的readiness探针(probe)起作用了,不好的是,自己的配置文件可能有一些其他方面的问题。具体是什么方面的问题呢?就是创建出来的container里的报错信息Read-onlyfilesystem/xx
日志收集介绍日志收集的目的:分布式日志数据统一收集,实现集中式查询和管理故障排查安全信息和事件管理报表统计及展示功能日志收集的价值:日志查询、问题排查、故障恢复和故障自愈应用日志分析,错误报警性能分析,用户行为分析k8s常用的日志收集方式:在节点上进行收集,基于daemonset部署日志收集容器,实现json-file类型(标准输出/dev/stdout,错误输出/dev/stderr)日志收集使用sidecar容器收集当前Pod内一个或多个业务容器的日志,通常基于emptyDir实现业务容器与sidecar容器之间的日志共享在容器内内置日志收集进程ES集群部署使用主机如下:IP主机名角色19
文章目录概述认证认证插件基于静态token的认证服务实践基于X509证书认证实践基于webhook认证实践鉴权k8s中RBAC的使用授权实践准入场景配额管理实践插件插件开发限流APIPriorityandFairnessAPF中的排队FlowSchema与PriorityLevelConfiguration(队列权重配置)调试命令概述kube-apiserver是k8s最重要的控制组件之一,主要提供以下功能:提供集群管理的RESTAPI接口,包括认证授权、数据校验以及集群状态变更等k8s中所有模块与etcd的数据交互都需要走APIServer,禁止直接和etcd通信APIServer请求流程概
文章目录01引言02DNS服务在k8s的发展2.1SkyDNS2.2KubeDNS2.3CoreDNS03搭建CoreDNS服务3.1修改每个Node上kubelet的DNS启动参数3.2部署CoreDNS服务3.2.1ConfigMap3.2.2Deployment3.2.3Service04服务名的DNS解析05CoreDNS配置5.1示例一:设置插件5.2示例二:自定义域名5.3示例三:转发域名查询到上游DNS服务器上06引言01引言声明:本文为《Kubernetes权威指南:从Docker到Kubernetes实践全接触(第5版)》的读书笔记作为服务发现机制的基本功能,在集群内需要能够
Kubernetes声明式对象的增删改查前言一、创建对象二、更新对象三、删除对象四、查看对象总结前言我们可以通过在一个目录中存储多个对象配置文件、并使用kubectlapply来递归地创建和更新对象来创建、更新和删除Kubernetes对象。这种方法会保留对现有对象已作出的修改,而不会将这些更改写回到对象配置文件中。kubectldiff也会给你呈现apply将作出的变更的预览。一、创建对象使用kubectlapply来创建指定目录中配置文件所定义的所有对象,除非对应对象已经存在:$kubectlapply-f/此操作会在每个对象上设置kubectl.kubernetes.io/last-ap