1、环境准备
(1)配置好网络ip和主机名
control:
node1:
node2:
配置ip 主机名的过程省略
配置一个简单的基于hosts文件的名称解析
[root@node1 ~]# vim /etc/hosts
// 文件中新增以下三行
192.168.110.10 control
192.168.110.11 node1
192.168.110.22 node2
[root@node1 ~]# scp /etc/hosts root@node1:/etc/hosts
The authenticity of host 'node1 (192.168.110.11)' can't be established.
ED25519 key fingerprint is SHA256:84EopGSflyn0EP7RLvmnvaWPJCTe8G99eX4dF6XQzFk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node1' (ED25519) to the list of known hosts.
root@node1's password:
hosts 100% 223 251.9KB/s 00:00
[root@node1 ~]# scp /etc/hosts root@control:/etc/hosts
The authenticity of host 'control (192.168.110.10)' can't be established.
ED25519 key fingerprint is SHA256:84EopGSflyn0EP7RLvmnvaWPJCTe8G99eX4dF6XQzFk.
This host key is known by the following other names/addresses:~/.ssh/known_hosts:1: node1
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'control' (ED25519) to the list of known hosts.
root@control's password:
hosts 100% 223 103.3KB/s 00:00
[root@node1 ~]# scp /etc/hosts root@node2:/etc/hosts
The authenticity of host 'node2 (192.168.110.22)' can't be established.
ED25519 key fingerprint is SHA256:84EopGSflyn0EP7RLvmnvaWPJCTe8G99eX4dF6XQzFk.
This host key is known by the following other names/addresses:~/.ssh/known_hosts:1: node1~/.ssh/known_hosts:4: control
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node2' (ED25519) to the list of known hosts.
root@node2's password:
hosts (2)允许root用户远程登录
从第三步开始,所有的操作需要在三个节点上一起执行。
(3)调整防火墙
[root@control ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@control ~]# nft flush ruleset(4)允许系统转发ipv4数据包
[root@control ~]# vim /etc/sysctl.d/k8s.conf
[root@control ~]# cat /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
[root@control ~]# sysctl -f /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
[root@control ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1(5)设置容器运行时
[root@control ~]# dnf remove -y podman container* runc*
[root@control ~]# dnf -y install dnf-utils //安装仓库配置命令行工具
[root@control ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
设置docker 仓库,安装docker和containerd 服务。
docker 对于容器进行管理的客户端架构,docker只是将用户指令打包给containerd 进行容器启动 停止等控制容器的操作。
containerd 实际的容器管理服务
[root@control ~]# dnf makecache
Waiting for process with pid 33407 to finish.
CentOS Stream 9 - BaseOS 1.3 kB/s | 7.5 kB 00:05
CentOS Stream 9 - AppStream 1.3 kB/s | 7.7 kB 00:05
CentOS Stream 9 - Extras packages 1.6 kB/s | 8.6 kB 00:05
Docker CE Stable - x86_64 1.8 kB/s | 58 kB 00:32
Metadata cache created.
[root@control ~]# dnf install docker-ce docker-ce-cli containerd.io
[root@control ~]# systemctl enable --now containerd.service
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /usr/lib/systemd/system/containerd.service.
[root@control ~]# containerd config dump > /etc/containerd/config.toml // 生成完整配置文件
[root@control ~]# containerd config default > /etc/containerd/config.toml // 生成完整配置文件
[root@control ~]# vim /etc/containerd/config.toml
[root@control ~]# systemctl restart containerd.service
(6)禁用swap交换分区
[root@control ~]# swapoff -a
[root@control ~]# vim /etc/fstab
[root@control ~]# cat /etc/fstab#
# /etc/fstab
# Created by anaconda on Fri Aug 23 00:45:24 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cs_bogon-root / xfs defaults 0 0
UUID=d910d323-150c-40df-bd32-bdfb1f5c93b9 /boot xfs defaults 0 0
UUID=BA00-CA1F /boot/efi vfat umask=0077,shortname=winnt 0 2
#/dev/mapper/cs_bogon-swap none swap defaults 0 0 // 禁止交换分区在重启后挂载激活二、K8s安装和集群初始化
(1)安装K8S 安装工具的软件包
[root@control ~]# setenforce 0
[root@control ~]#
[root@control ~]# grep ^SELINUX= /etc/selinux/config
SELINUX=enforcing
[root@control ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
[root@control ~]# grep ^SELINUX= /etc/selinux/config
SELINUX=permissive
[root@control ~]# cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
[root@control ~]# dnf -y install kubectl kubelet kubeadm --disableexcludes=kubernetes
[root@control ~]# systemctl enable kubelet.service(2)集群初始化
核心命令 kubeadm init
获取初始化的默认配置,并修改使之符合一般的集群初始化需要。
加快集群初始化进程,提前下载集群运行的镜像。
[root@control ~]# kubeadm config print init-defaults >> init.yml
[root@control ~]# vim init.yml
[root@control ~]# kubeadm config images list --config init.yml
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.31.0
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.31.0
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.31.0
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.31.0
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.11.3
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.15-0
[root@control ~]# kubeadm config images pull --config init.yml
在集群初始化时,还是使用较早版本的pause:3.8 ,手动下载并修改镜像仓库标记即可。
拉取pause:3.8镜像 下面这条命令的作用等同于docker pull
[root@control ~]# crictl -r unix:///var/run/containerd/containerd.sock pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8
Image is up to date for sha256:4873874c08efc72e9729683a83ffbb7502ee729e9a5ac097723806ea7fa13517
[root@control ~]# ctr namespace list
NAME LABELS
k8s.io
改名,这条命令的作用等于docker tag
[root@control ~]# ctr --namespace k8s.io image tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8 registry.k8s.io/pause:3.8 registry.k8s.io/pause:3.8
查看所有containerd 可以使用的镜像:
[root@control ~]# crictl -r unix:///var/run/containerd/containerd.sock images
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns // k8S 集群内部的域名解析
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd // 存储K8S集群的状态数据
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver // K8S的调用接口
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager // K8S 的控制器
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy //工作节点代理
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler // pod的调度
registry.cn-hangzhou.aliyuncs.com/google_containers/pause // K8S的基础设施
保证所有的节点都有以上列出的所有镜像后,开始调整初始化配置并进行集群的初始化。
运行初始化命令:(只需要在控制节点上运行即可)
[root@control ~]# kubeadm init --config init.yml
初始化成功的输出如下图所示:
集群内加入新节点的指令,这个指令最好保存下来方便使用,
保存控制节点的访问配置
[root@control ~]# mkdir -p $HOME/.kube
[root@control ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@control ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@control ~]# kubectl get nodes //目前只有control节点
NAME STATUS ROLES AGE VERSION
control NotReady control-plane 2m45s v1.31.1
[root@control ~]# echo 'kubeadm join 192.168.110.10:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:6ca63b1e4c639dbb7b7222a2dc5cb2f0ccaaf57f159310be5810ea7006b6f388' > .kube/node_join
// echo引号中的内容来自初始化输出,直接复制即可,每个人的值都不一样
检查目前集群状态:
[root@control ~]# kubectl get pods -o wide -A
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-fcd6c9c4-cvcvt 0/1 Pending 0 5m <none> <none> <none> <none>
kube-system coredns-fcd6c9c4-m9kxk 0/1 Pending 0 5m <none> <none> <none> <none>
kube-system etcd-control 1/1 Running 0 5m6s 192.168.110.10 control <none> <none>
kube-system kube-apiserver-control 1/1 Running 0 5m6s 192.168.110.10 control <none> <none>
kube-system kube-controller-manager-control 1/1 Running 0 5m6s 192.168.110.10 control <none> <none>
kube-system kube-proxy-c8cdj 1/1 Running 0 5m 192.168.110.10 control <none> <none>
kube-system kube-scheduler-control 1/1 Running 0 5m6s 192.168.110.10 control <none> <none>
// 有两个pod的状态不是running,原因是没有设置集群需要的网络插件。
在node1上执行加入集群的指令
在node2上执行加入集群的指令
//上面两张截图的命令并不完整
在控制节点查看集群节点状态
[root@control ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
control NotReady control-plane 12m v1.31.1
node1 NotReady <none> 5m44s v1.31.1
node2 NotReady <none> 4m22s v1.31.1
需要为K8S集群设置网络插件,才是完成了K8S集群的搭建,搭建完成后还可以使用更多的网络插件,结合不同项目的部署需要和实际组网需求。
(3)部署flannel网络插件
为K8S集群设置flannel网络,网络插件以扁平化的网络管理模型,实现K8S集群中pod的通信,管理配置相当简单。
在控制节点配置完成:
[root@control ~]# wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
[root@control ~]# grep image kube-flannel.ymlimage: docker.io/flannel/flannel:v0.25.6image: docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2image: docker.io/flannel/flannel:v0.25.6
[root@control ~]# systemctl start docker
[root@control ~]# systemctl is-enabled docker
disabled
[root@control ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.registry.cyou","https://docker-cf.registry.cyou","https://dockercf.jsdelivr.fyi","https://docker.jsdelivr.fyi","https://dockertest.jsdelivr.fyi","https://mirror.aliyuncs.com","https://dockerproxy.com","https://mirror.baidubce.com","https://docker.m.daocloud.io","https://docker.nju.edu.cn","https://docker.mirrors.sjtug.sjtu.edu.cn","https://docker.mirrors.ustc.edu.cn","https://mirror.iscas.ac.cn","https://docker.rainbond.cc"]
}
[root@control ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
nameserver 8.8.8.8
[root@control ~]# systemctl restart docker
[root@control ~]# docker pull docker.io/flannel/flannel:v0.25.6
[root@control ~]# docker pull docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2
# 导出镜像并同步给node1 node2,然后导入到containerd的镜像仓库中,使用ctr
[root@control ~]# docker save -o flannel.tar flannel/flannel:v0.25.6
[root@control ~]# docker save -o flannel-cni.tar flannel/flannel-cni-plugin
[root@control ~]# rm -f flannel-cni.tar
[root@control ~]# docker save -o flannel-cni.tar flannel/flannel-cni-plugin:v1.5.1-flannel2
[root@control ~]# scp flannel.tar root@node1:/root
The authenticity of host 'node1 (192.168.110.11)' can't be established.
ED25519 key fingerprint is SHA256:84EopGSflyn0EP7RLvmnvaWPJCTe8G99eX4dF6XQzFk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node1' (ED25519) to the list of known hosts.
root@node1's password:
flannel.tar 0% 0 0.0KB/s --:-- ETA^flannel.tar 100% 73MB 55.4MB/s 00:01
[root@control ~]# scp flannel-cni.tar root@node1:/root
root@node1's password:
flannel-cni.tar 100% 10MB 47.4MB/s 00:00
[root@control ~]# scp flannel.tar root@node2:/root
The authenticity of host 'node2 (192.168.110.22)' can't be established.
ED25519 key fingerprint is SHA256:84EopGSflyn0EP7RLvmnvaWPJCTe8G99eX4dF6XQzFk.
This host key is known by the following other names/addresses:~/.ssh/known_hosts:1: node1
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node2' (ED25519) to the list of known hosts.
root@node2's password:
flannel.tar 0% 0 0.0KB/s --:-- ETA^flannel.tar 100% 73MB 51.3MB/s 00:01
[root@control ~]# scp flannel-cni.tar root@node2:/root
root@node2's password:
flannel-cni.tar 100% 10MB 45.4M
导入镜像:
[root@control ~]# ctr --namespace k8s.io image import flannel.tar
unpacking docker.io/flannel/flannel:v0.25.6 (sha256:9450e8226798aa6b2170093618cf20440bce427d4999d9cfe6f43beaab0dd921)...done
[root@control ~]# ctr --namespace k8s.io image import flannel-cni.tar
unpacking docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2 (sha256:e6e3646e3663e11d1b129f77f49f58a589c633833130c6c8f30bc0c0e7df4e0c)...done
[root@control ~]# crictl -r unix:///var/run/containerd/containerd.sock images
IMAGE TAG IMAGE ID SIZE
docker.io/flannel/flannel-cni-plugin v1.5.1-flannel2 962fd97b50f9c 10.9MB
docker.io/flannel/flannel v0.25.6 f7b837852a098 76.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.11.3 c69fa2e9cbf5f 18.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.15-0 2e96e5913fc06 56.9MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.31.0 604f5db92eaa8 28.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.31.0 045733566833c 26.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.31.0 ad83b2ca7b09e 30.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.31.0 1766f54c897f0 20.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.10 873ed75102791 320kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.8 4873874c08efc 311kB
node1:
[root@node1 ~]# ctr --namespace k8s.io image import flannel.tar
unpacking docker.io/flannel/flannel:v0.25.6 (sha256:9450e8226798aa6b2170093618cf20440bce427d4999d9cfe6f43beaab0dd921)...done
[root@node1 ~]# ctr --namespace k8s.io image import flannel-cni.tar
unpacking docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2 (sha256:e6e3646e3663e11d1b129f77f49f58a589c633833130c6c8f30bc0c0e7df4e0c)...done
[root@node1 ~]# crictl -r unix:///var/run/containerd/containerd.sock images
IMAGE TAG IMAGE ID SIZE
docker.io/flannel/flannel-cni-plugin v1.5.1-flannel2 962fd97b50f9c 10.9MB
docker.io/flannel/flannel v0.25.6 f7b837852a098 76.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.11.3 c69fa2e9cbf5f 18.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.15-0 2e96e5913fc06 56.9MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.31.0 604f5db92eaa8 28.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.31.0 045733566833c 26.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.31.0 ad83b2ca7b09e 30.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.31.0 1766f54c897f0 20.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.10 873ed75102791 320kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.8 4873874c08efc 311kBnode1
node1:
[root@node1 ~]# ctr --namespace k8s.io image import flannel.tar
unpacking docker.io/flannel/flannel:v0.25.6 (sha256:9450e8226798aa6b2170093618cf20440bce427d4999d9cfe6f43beaab0dd921)...done
[root@node1 ~]# ctr --namespace k8s.io image import flannel-cni.tar
unpacking docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2 (sha256:e6e3646e3663e11d1b129f77f49f58a589c633833130c6c8f30bc0c0e7df4e0c)...done
[root@node1 ~]# crictl -r unix:///var/run/containerd/containerd.sock images
IMAGE TAG IMAGE ID SIZE
docker.io/flannel/flannel-cni-plugin v1.5.1-flannel2 962fd97b50f9c 10.9MB
docker.io/flannel/flannel v0.25.6 f7b837852a098 76.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.11.3 c69fa2e9cbf5f 18.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.15-0 2e96e5913fc06 56.9MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.31.0 604f5db92eaa8 28.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.31.0 045733566833c 26.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.31.0 ad83b2ca7b09e 30.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.31.0 1766f54c897f0 20.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.10 873ed75102791 320kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.8 4873874c08efc 311kBnode2
[root@node2 ~]# ctr --namespace k8s.io image import flannel.tar
unpacking docker.io/flannel/flannel:v0.25.6 (sha256:9450e8226798aa6b2170093618cf20440bce427d4999d9cfe6f43beaab0dd921)...done
[root@node2 ~]# ctr --namespace k8s.io image import flannel-cni.tar
unpacking docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2 (sha256:e6e3646e3663e11d1b129f77f49f58a589c633833130c6c8f30bc0c0e7df4e0c)...done
control 节点:
[root@control ~]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
此时检查K8S集群的核心组件以及节点的状态,均显示健康。
此时检查K8S集群的核心组件以及节点的状态,均显示健康。
[root@control ~]# kubectl get pods -o wide -A
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-flannel kube-flannel-ds-9fgml 1/1 Running 0 24s 192.168.110.10 control <none> <none>
kube-flannel kube-flannel-ds-ghwbq 1/1 Running 0 24s 192.168.110.22 node2 <none> <none>
kube-flannel kube-flannel-ds-mkm4r 1/1 Running 0 24s 192.168.110.11 node1 <none> <none>
kube-system coredns-fcd6c9c4-cvcvt 1/1 Running 0 33m 10.244.1.2 node1 <none> <none>
kube-system coredns-fcd6c9c4-m9kxk 1/1 Running 0 33m 10.244.1.3 node1 <none> <none>
kube-system etcd-control 1/1 Running 0 33m 192.168.110.10 control <none> <none>
kube-system kube-apiserver-control 1/1 Running 0 33m 192.168.110.10 control <none> <none>
kube-system kube-controller-manager-control 1/1 Running 0 33m 192.168.110.10 control <none> <none>
kube-system kube-proxy-54j4f 1/1 Running 0 27m 192.168.110.11 node1 <none> <none>
kube-system kube-proxy-c8cdj 1/1 Running 0 33m 192.168.110.10 control <none> <none>
kube-system kube-proxy-v7td8 1/1 Running 0 26m 192.168.110.22 node2 <none> <none>
kube-system kube-scheduler-control 1/1 Running 0 33m 192.168.110.10 control <none> <none>
[root@control ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
control Ready control-plane 34m v1.31.1
node1 Ready <none> 27m v1.31.1
node2 Ready <none> 26m v1.31.1至此K8S集群部署完成。
作为一个较为复杂的平台搭建,生产环境下搭建时可以选择对应的自动化组件完成搭建,简化集群维护和扩展的操作复杂度。
使用K8S集调度运行pod。
[root@control ~]# vim my_nginx.yml
[root@control ~]# cat my_nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:name: my-nginx // 资源名称
spec:selector:matchLabels:run: my-nginxreplicas: 2 // 调度两个podtemplate:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: nginx // 镜像imagePullPolicy: IfNotPresent // 镜像不存在的时候进行拉取ports:- containerPort: 80 // 容器内开放80端口访问[root@control ~]# docker pull nginx // 等待缓慢下载完毕
[root@control ~]# docker images nginx
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 39286ab8a5e1 5 weeks ago 188MB
[root@control ~]# docker save -o nginx.tar nginx:latest
[root@control ~]# scp nginx.tar root@node1:/root
root@node1's password:
nginx.tar 100% 183MB 77.2MB/s 00:02
[root@control ~]# scp nginx.tar root@node2:/root
root@node2's password:
nginx.tar 在node1 和node2 执行镜像导入操作,应用容器一般都会调度到work节点,所以要保证work节点上有nginx镜像。
[root@node1 ~]# ctr -n k8s.io image import nginx.tar
unpacking docker.io/library/nginx:latest (sha256:006a20213cb7f7d8edfadffd6791139d25283f590c5066e3fcd803e61a9c0b74)...done
[root@node1 ~]# crictl -r unix:///var/run/containerd/containerd.sock images
IMAGE TAG IMAGE ID SIZE
docker.io/flannel/flannel-cni-plugin v1.5.1-flannel2 962fd97b50f9c 10.9MB
docker.io/flannel/flannel v0.25.6 f7b837852a098 76.2MB
docker.io/library/nginx latest 39286ab8a5e14 192MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.11.3 c69fa2e9cbf5f 18.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.15-0 2e96e5913fc06 56.9MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.31.0 604f5db92eaa8 28.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.31.0 045733566833c 26.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.31.0 ad83b2ca7b09e 30.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.31.0 1766f54c897f0 20.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.10 873ed75102791 320kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.8 4873874c08efc 311kB[root@node2 ~]# ctr -n k8s.io image import nginx.tar
unpacking docker.io/library/nginx:latest (sha256:006a20213cb7f7d8edfadffd6791139d25283f590c5066e3fcd803e61a9c0b74)...done
[root@node2 ~]# crictl -r unix:///var/run/containerd/containerd.sock images
IMAGE TAG IMAGE ID SIZE
docker.io/flannel/flannel-cni-plugin v1.5.1-flannel2 962fd97b50f9c 10.9MB
docker.io/flannel/flannel v0.25.6 f7b837852a098 76.2MB
docker.io/library/nginx latest 39286ab8a5e14 192MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.11.3 c69fa2e9cbf5f 18.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.15-0 2e96e5913fc06 56.9MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.31.0 604f5db92eaa8 28.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.31.0 045733566833c 26.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.31.0 ad83b2ca7b09e 30.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.31.0 1766f54c897f0 20.2MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.10 873ed75102791 320kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.8 4873874c08efc 311kB
registry.k8s.io/pause 3.8 4873874c08efc 311kB在工作节点上导入完毕镜像,就可以回到控制节点上,进行应用的调度。
[root@control ~]# kubectl apply -f my_nginx.yml
deployment.apps/my-nginx created
[root@control ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-7549dd6888-lhnr6 1/1 Running 0 7s
my-nginx-7549dd6888-z84x4 1/1 Running 0 7s
// 查看pod分到的IP地址,并尝试访问运行在pod中的nginx服务
[root@control ~]# kubectl get pods -l run=my-nginx -o custom-columns=POD_IP:.status.podIPs
POD_IP
[map[ip:10.244.2.6]]
[map[ip:10.244.1.8]]
[root@control ~]# curl 10.244.2.6
# 访问可以成功 省略输出
[root@control ~]# curl 10.244.1.8
# 访问成功省略输出或者在控制节点上打开火狐浏览器进行访问:
[root@control ~]# kubectl get pods -o wide // 两个pod 一个在node1 一个在node2
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7549dd6888-lhnr6 1/1 Running 0 2m32s 10.244.2.6 node2 <none> <none>
my-nginx-7549dd6888-z84x4 1/1 Running 0 2m32s 10.244.1.8 node1 <none> <none>
