{"id":6561,"date":"2022-04-09T21:27:16","date_gmt":"2022-04-09T13:27:16","guid":{"rendered":"https:\/\/egonlin.com\/?p=6561"},"modified":"2022-04-09T21:28:46","modified_gmt":"2022-04-09T13:28:46","slug":"%ef%bc%88%e4%b8%80%ef%bc%89%e4%b9%8b%e6%a6%82%e5%bf%b5%e5%92%8c%e6%9e%b6%e6%9e%84%e8%a7%a3%e6%9e%90%e4%b8%8e%e7%8e%af%e5%a2%83%e5%87%86%e5%a4%87","status":"publish","type":"post","link":"https:\/\/egonlin.com\/?p=6561","title":{"rendered":"\uff08\u4e00\uff09\u4e4b\u6982\u5ff5\u548c\u67b6\u6784\u89e3\u6790\u4e0e\u73af\u5883\u51c6\u5907"},"content":{"rendered":"

1\u3001Kubernetes\u7684\u91cd\u8981\u6982\u5ff5<\/h1>\n

1.1 \u8282\u70b9<\/h2>\n
\u8282\u70b9\u901a\u5e38\u6307\u7684\u5c31\u662f\u670d\u52a1\u5668\u3002\u53ef\u4ee5\u4f7f\u7269\u7406\u673a\u6216\u865a\u62df\u673a\uff0c\u5728k8s\u4e2d\u6709\u4e24\u79cd\u8282\u70b9\uff1a\u7ba1\u7406\u8282\u70b9\uff08Master Node\uff09\u548c\u5de5\u4f5c\u8282\u70b9\uff08Worker Node\uff09\n\u7ba1\u7406\u8282\u70b9\uff08Master Node\uff09\uff1a\u8d1f\u8d23\u7ba1\u7406\u6574\u4e2ak8s\u96c6\u7fa4\u3001\u662f Cluster \u7684\u5927\u8111\uff0c\u4e3b\u8981\u804c\u8d23\u662f\u8c03\u5ea6\uff0c\u5373\u51b3\u5b9a\u5c06\u5e94\u7528\u653e\u5728\u54ea\u91cc\u8fd0\u884c\uff0c\u4e00\u822c\u75313\u4e2a\u7ba1\u7406\u8282\u70b9\u7ec4\u6210HA\u7684\u67b6\u6784\u3002\n\u5de5\u4f5c\u8282\u70b9\uff08Worker Node\uff09\uff1a\u4e3b\u8981\u8d1f\u8d23\u8fd0\u884c\u5bb9\u5668\uff0cNode \u7531 Master \u7ba1\u7406\uff0cNode \u8d1f\u8d23\u76d1\u63a7\u5e76\u6c47\u62a5\u5bb9\u5668\u7684\u72b6\u6001\uff0c\u5e76\u6839\u636e Master \u7684\u8981\u6c42\u7ba1\u7406\u5bb9\u5668\u7684\u751f\u547d\u5468\u671f<\/code><\/pre>\n
1.2 Pod<\/h2>\n
Pod \u662f Kubernetes \u7684\u6700\u5c0f\u5de5\u4f5c\u5355\u5143\u3002\u6bcf\u4e2a Pod \u5305\u542b\u4e00\u4e2a\u6216\u591a\u4e2a\u5bb9\u5668\u3002\n\u6bcf\u4e2aPod\u5185\u5171\u4eab\u5b58\u50a8\u8d44\u6e90\u3001\u7f51\u7edc\u8d44\u6e90 \u4ee5\u53ca\u7ba1\u7406\u63a7\u5236\u5bb9\u5668\u8fd0\u884c\u65b9\u5f0f\u7684\u7b56\u7565\u9009\u9879\u3002\nPod \u4e2d\u7684\u5bb9\u5668\u4f1a\u4f5c\u4e3a\u4e00\u4e2a\u6574\u4f53\u88ab Master Node\u8c03\u5ea6\u5230\u4e00\u4e2a Worker Node \u4e0a\u8fd0\u884c\u3002<\/code><\/pre>\n
1.2.1 Kubernetes \u5f15\u5165 Pod \u4e3b\u8981\u57fa\u4e8e\u4e0b\u9762\u4e24\u4e2a\u76ee\u7684\uff1a<\/h3>\n
1\uff09\u53ef\u7ba1\u7406\u6027\u3002<\/h5>\n
\u6709\u4e9b\u5bb9\u5668\u5929\u751f\u5c31\u662f\u9700\u8981\u7d27\u5bc6\u8054\u7cfb\uff0c\u4e00\u8d77\u5de5\u4f5c\u3002Pod \u63d0\u4f9b\u4e86\u6bd4\u5bb9\u5668\u66f4\u9ad8\u5c42\u6b21\u7684\u62bd\u8c61\uff0c\u5c06\u5b83\u4eec\u5c01\u88c5\u5230\u4e00\u4e2a\u90e8\u7f72\u5355\u5143\u4e2d\u3002Kubernetes \u4ee5 Pod \u4e3a\u6700\u5c0f\u5355\u4f4d\u8fdb\u884c\u8c03\u5ea6\u3001\u6269\u5c55\u3001\u5171\u4eab\u8d44\u6e90\u3001\u7ba1\u7406\u751f\u547d\u5468\u671f\u3002<\/p>\n
2\uff09\u901a\u4fe1\u548c\u8d44\u6e90\u5171\u4eab\u3002<\/h5>\n
Pod \u4e2d\u7684\u6240\u6709\u5bb9\u5668\u4f7f\u7528\u540c\u4e00\u4e2a\u7f51\u7edc namespace\uff0c\u5373\u76f8\u540c\u7684 IP \u5730\u5740\u548c Port \u7a7a\u95f4\u3002\u5b83\u4eec\u53ef\u4ee5\u76f4\u63a5\u7528 localhost \u901a\u4fe1\u3002\u540c\u6837\u7684\uff0c\u8fd9\u4e9b\u5bb9\u5668\u53ef\u4ee5\u5171\u4eab\u5b58\u50a8\uff0c\u5f53 Kubernetes \u6302\u8f7d volume \u5230 Pod\uff0c\u672c\u8d28\u4e0a\u662f\u5c06 volume \u6302\u8f7d\u5230 Pod \u4e2d\u7684\u6bcf\u4e00\u4e2a\u5bb9\u5668\u3002<\/p>\n
1.2.2 Pods \u6709\u4e24\u79cd\u4f7f\u7528\u65b9\u5f0f\uff1a<\/h3>\n
1\uff09\u8fd0\u884c\u5355\u4e00\u5bb9\u5668\u3002<\/h5>\n
one-container-per-Pod \u662f Kubernetes \u6700\u5e38\u89c1\u7684\u6a21\u578b\uff0c\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ea\u662f\u5c06\u5355\u4e2a\u5bb9\u5668\u7b80\u5355\u5c01\u88c5\u6210 Pod\u3002\u5373\u4fbf\u662f\u53ea\u6709\u4e00\u4e2a\u5bb9\u5668\uff0cKubernetes \u7ba1\u7406\u7684\u4e5f\u662f Pod \u800c\u4e0d\u662f\u76f4\u63a5\u7ba1\u7406\u5bb9\u5668\u3002<\/p>\n
1\uff09\u8fd0\u884c\u591a\u4e2a\u5bb9\u5668\u3002<\/h5>\n
\u4f46\u95ee\u9898\u5728\u4e8e\uff1a\u54ea\u4e9b\u5bb9\u5668\u5e94\u8be5\u653e\u5230\u4e00\u4e2a Pod \u4e2d\uff1f
\n\u7b54\u6848\u662f\uff1a\u8fd9\u4e9b\u5bb9\u5668\u8054\u7cfb\u5fc5\u987b \u975e\u5e38\u7d27\u5bc6\uff0c\u800c\u4e14\u9700\u8981 \u76f4\u63a5\u5171\u4eab\u8d44\u6e90\u3002<\/p>\n
\u4e3e\u4e2a\u4f8b\u5b50\u3002<\/p>\n
\u4e0b\u9762\u8fd9\u4e2a Pod \u5305\u542b\u4e24\u4e2a\u5bb9\u5668\uff1a\u4e00\u4e2a File Puller\uff0c\u4e00\u4e2a\u662f Web Server\u3002
\n
\"\"<\/div><\/p>\n
File Puller \u4f1a\u5b9a\u671f\u4ece\u5916\u90e8\u7684 Content Manager \u4e2d\u62c9\u53d6\u6700\u65b0\u7684\u6587\u4ef6\uff0c\u5c06\u5176\u5b58\u653e\u5728\u5171\u4eab\u7684 volume \u4e2d\u3002Web Server \u4ece volume \u8bfb\u53d6\u6587\u4ef6\uff0c\u54cd\u5e94 Consumer \u7684\u8bf7\u6c42\u3002<\/p>\n
\u8fd9\u4e24\u4e2a\u5bb9\u5668\u662f\u7d27\u5bc6\u534f\u4f5c\u7684\uff0c\u5b83\u4eec\u4e00\u8d77\u4e3a Consumer \u63d0\u4f9b\u6700\u65b0\u7684\u6570\u636e\uff1b\u540c\u65f6\u5b83\u4eec\u4e5f\u901a\u8fc7 volume \u5171\u4eab\u6570\u636e\u3002\u6240\u4ee5\u653e\u5230\u4e00\u4e2a Pod \u662f\u5408\u9002\u7684\u3002<\/p>\n
\u518d\u6765\u770b\u4e00\u4e2a\u53cd\u4f8b\uff1a\u662f\u5426\u9700\u8981\u5c06 Tomcat \u548c MySQL \u653e\u5230\u4e00\u4e2a Pod \u4e2d\uff1f<\/p>\n
Tomcat \u4ece MySQL \u8bfb\u53d6\u6570\u636e\uff0c\u5b83\u4eec\u4e4b\u95f4\u9700\u8981\u534f\u4f5c\uff0c\u4f46\u8fd8\u4e0d\u81f3\u4e8e\u9700\u8981\u653e\u5230\u4e00\u4e2a Pod \u4e2d\u4e00\u8d77\u90e8\u7f72\uff0c\u4e00\u8d77\u542f\u52a8\uff0c\u4e00\u8d77\u505c\u6b62\u3002\u540c\u65f6\u5b83\u4eec\u662f\u4e4b\u95f4\u901a\u8fc7JDBC \u4ea4\u6362\u6570\u636e\uff0c\u5e76\u4e0d\u662f\u76f4\u63a5\u5171\u4eab\u5b58\u50a8\uff0c\u6240\u4ee5\u653e\u5230\u5404\u81ea\u7684 Pod \u4e2d\u66f4\u5408\u9002\u3002 <\/p>\n
1.3 Controller (\u5171\u67095\u5927pod\u63a7\u5236\u5668)<\/h2>\n
Kubernetes \u901a\u5e38\u4e0d\u4f1a\u76f4\u63a5\u521b\u5efa Pod\uff0c\u800c\u662f\u901a\u8fc7 Controller \u6765\u7ba1\u7406 Pod \u7684\u3002Controller \u4e2d\u5b9a\u4e49\u4e86 Pod \u7684\u90e8\u7f72\u7279\u6027\uff0c\u6bd4\u5982\u6709\u51e0\u4e2a\u526f\u672c\uff0c\u5728\u4ec0\u4e48\u6837\u7684 Node \u4e0a\u8fd0\u884c\u7b49\u3002\u4e3a\u4e86\u6ee1\u8db3\u4e0d\u540c\u7684\u4e1a\u52a1\u573a\u666f\uff0cKubernetes \u63d0\u4f9b\u4e86\u591a\u79cd Controller\uff0c\u5305\u62ec Deployment\u3001ReplicaSet\u3001DaemonSet\u3001StatefuleSet\u3001Job \u7b49\uff0c\u6211\u4eec\u9010\u4e00\u8ba8\u8bba\u3002<\/p>\n
1.3.1\u3001Deployment<\/h3>\n
\u662f\u6700\u5e38\u7528\u7684 Controller\uff0c\u6bd4\u5982\u524d\u9762\u5728\u7ebf\u6559\u7a0b\u4e2d\u5c31\u662f\u901a\u8fc7\u521b\u5efa Deployment \u6765\u90e8\u7f72\u5e94\u7528\u7684\u3002Deployment \u53ef\u4ee5\u7ba1\u7406 Pod \u7684\u591a\u4e2a\u526f\u672c\uff0c\u5e76\u786e\u4fdd Pod \u6309\u7167\u671f\u671b\u7684\u72b6\u6001\u8fd0\u884c\u3002<\/p>\n
1.3.2\u3001replicaSet\uff08\u526f\u672c\u96c6\uff09<\/h3>\n
\u5b9e\u73b0\u4e86 Pod \u7684\u591a\u526f\u672c\u7ba1\u7406\u3002\u8d1f\u8d23\u76d1\u63a7\u548c\u7ef4\u62a4\u96c6\u7fa4\u4e2dpod\u7684\u526f\u672c(replicas)\u6570\uff0c\u786e\u4fddpod\u7684\u526f\u672c\u6570\u662f\u6211\u4eec\u671f\u671b\u7684\u6837\u5b50\u3002\u4f7f\u7528 Deployment \u65f6\u4f1a\u81ea\u52a8\u521b\u5efa ReplicaSet\uff0c\u4e5f\u5c31\u662f\u8bf4 Deployment \u662f\u901a\u8fc7 ReplicaSet \u6765\u7ba1\u7406 Pod \u7684\u591a\u4e2a\u526f\u672c\uff0c\u6211\u4eec\u901a\u5e38\u4e0d\u9700\u8981\u76f4\u63a5\u4f7f\u7528 ReplicaSet\uff0c\u800c\u662fDeployment->ReplicaSet\u7ed3\u5408\u4f7f\u7528\uff0cDeployment\u652f\u6301\u6eda\u52a8\u66f4\u65b0\u4f46\u662f\u6eda\u52a8\u8fc7\u7a0b\u65e0\u5e8f\uff0c\u65b0\u7684ReplicaSet\u4e2d\u7684pod\u521b\u5efa\u5b8c\u6bd5\u540e\uff0c\u518d\u5220\u9664\u65e7\u7684\uff0c\u6ce8\u610f\u65b0\u7684RepicaSet\u4e2d\u7684pod\u662f\u968f\u673a\u521b\u5efa\u7684\uff0c\u4e0d\u4f1a\u6309\u7167\u65e7\u7684ReplicaSet\u4e2d\u7684pod\u987a\u5e8f\u6765\uff0c\u6bcf\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u5c31\u4f1a\u5220\u9664\u65e7\u7684pod\uff0c\u6240\u4ee5\u8fd9\u4e0d\u5229\u4e8e\u6709\u72b6\u6001\u7684\u670d\u52a1\uff0c\u6bd4\u5982mysql\u4e3b\u4ece\uff0c\u5e94\u8be5\u662f\u5148\u542f\u52a8\u4e3b\u540e\u542f\u52a8\u4ece<\/p>\n
ps\uff1a\u84dd\u7eff\u53d1\u5e03\u3001\u6eda\u52a8\u53d1\u5e03\u3001\u7070\u5ea6\u53d1\u5e03\/\u91d1\u4e1d\u96c0\u53d1\u5e03\uff1ahttps:\/\/zhuanlan.zhihu.com\/p\/42671353<\/a><\/p>\n
\"\"<\/div><\/p>\n
1.3.3\u3001DaemonSet<\/h3>\n
\u7528\u4e8e\u6bcf\u4e2a Node \u6700\u591a\u53ea\u8fd0\u884c\u4e00\u4e2a Pod \u526f\u672c\u7684\u573a\u666f\u3002\u6b63\u5982\u5176\u540d\u79f0\u6240\u63ed\u793a\u7684\uff0cDaemonSet \u901a\u5e38\u7528\u4e8e\u8fd0\u884c daemon\u3002<\/p>\n
1.3.4\u3001StatefuleSet<\/h3>\n
\u80fd\u591f\u4fdd\u8bc1 Pod \u7684\u6bcf\u4e2a\u526f\u672c\u5728\u6574\u4e2a\u751f\u547d\u5468\u671f\u4e2d\u540d\u79f0\u662f\u4e0d\u53d8\u7684\u3002\u800c\u5176\u4ed6 Controller \u4e0d\u63d0\u4f9b\u8fd9\u4e2a\u529f\u80fd\uff0c\u5f53\u67d0\u4e2a Pod \u53d1\u751f\u6545\u969c\u9700\u8981\u5220\u9664\u5e76\u91cd\u65b0\u542f\u52a8\u65f6\uff0cPod \u7684\u540d\u79f0\u4f1a\u53d1\u751f\u53d8\u5316\u3002\u540c\u65f6 StatefuleSet \u4f1a\u4fdd\u8bc1\u526f\u672c\u6309\u7167\u56fa\u5b9a\u7684\u987a\u5e8f\u542f\u52a8\u3001\u66f4\u65b0\u6216\u8005\u5220\u9664\uff0c\u8fd9\u5c31\u975e\u5e38\u5229\u4e8e\u6709\u72b6\u6001\u7684\u670d\u52a1\uff0c\u6bd4\u5982mysql\u4e3b\u4ece<\/p>\n
1.3.5\u3001Job<\/h3>\n
\u7528\u4e8e\u8fd0\u884c\u7ed3\u675f\u5c31\u5220\u9664\u7684\u5e94\u7528\u3002\u800c\u5176\u4ed6 Controller \u4e2d\u7684 Pod \u901a\u5e38\u662f\u957f\u671f\u6301\u7eed\u8fd0\u884c\u3002<\/p>\n
1.4 \u670d\u52a1Service<\/h2>\n
Deployment \u53ef\u4ee5\u90e8\u7f72\u591a\u4e2a\u526f\u672c\uff0c\u6bcf\u4e2a Pod \u90fd\u6709\u81ea\u5df1\u7684 IP\uff0c\u5916\u754c\u5982\u4f55\u8bbf\u95ee\u8fd9\u4e9b\u526f\u672c\u5462\uff1f<\/p>\n
\u901a\u8fc7 Pod \u7684 IP \u5417\uff1f
\n\u8981\u77e5\u9053 Pod \u5f88\u53ef\u80fd\u4f1a\u88ab\u9891\u7e41\u5730\u9500\u6bc1\u548c\u91cd\u542f\uff0c\u5b83\u4eec\u7684 IP \u4f1a\u53d1\u751f\u53d8\u5316\uff0c\u7528 IP \u6765\u8bbf\u95ee\u4e0d\u592a\u73b0\u5b9e\u3002<\/p>\n
\u7b54\u6848\u662f Service\u3002
\nKubernetes Service \u5b9a\u4e49\u4e86\u5916\u754c\u8bbf\u95ee\u4e00\u7ec4\u7279\u5b9a Pod \u7684\u65b9\u5f0f\u3002Service \u6709\u81ea\u5df1\u7684 IP \u548c\u7aef\u53e3\uff0cService \u4e3a Pod \u63d0\u4f9b\u4e86\u8d1f\u8f7d\u5747\u8861\u3002<\/strong><\/p>\n
Kubernetes \u8fd0\u884c\u5bb9\u5668\uff08Pod\uff09\u4e0e\u8bbf\u95ee\u5bb9\u5668\uff08Pod\uff09\u8fd9\u4e24\u9879\u4efb\u52a1\u5206\u522b\u7531 Controller \u548c Service \u6267\u884c\u3002 <\/p>\n
\u603b\u7ed3\uff1aService\u662f\u5bf9\u5e94\u7528\u7684\u62bd\u8c61\uff0c\u4e5f\u662fk8s\u4e2d\u7684\u57fa\u672c\u64cd\u4f5c\u5355\u5143\uff0c\u4e00\u4e2a\u670d\u52a1\u80cc\u540e\u7531\u591a\u4e2apod\u652f\u6301\uff0c\u670d\u52a1\u901a\u8fc7\u8d1f\u8f7d\u5747\u8861\u7b56\u7565\u5c06\u8bf7\u6c42\u8f6c\u53d1\u5230\u5bb9\u5668\u4e2d\u3002<\/p>\n
1.5 Ingress<\/h2>\n
\u662f\u4e00\u79cd\u7f51\u5173\u670d\u52a1\uff0c\u53ef\u4ee5\u5c06\u670d\u52a1Service\u901a\u8fc7http\u534f\u8bae\u66b4\u9732\u5230\u5916\u90e8\u3002<\/code><\/pre>\n
1.6 \u65e0\u72b6\u6001\u5e94\u7528 & \u6709\u72b6\u6001\u5e94\u7528<\/h2>\n
1\u3001\u65e0\u72b6\u6001\u5e94\u7528<\/h3>\n
\u6307\u7684\u662f\u5e94\u7528\u5728\u5bb9\u5668\u4e2d\u8fd0\u884c\u65f6\u5019\u4e0d\u4f1a\u5728\u5bb9\u5668\u4e2d\u6301\u4e45\u5316\u5b58\u50a8\u6570\u636e\uff0c\u5e94\u7528\u5bb9\u5668\u53ef\u4ee5\u968f\u610f\u521b\u5efa\u3001\u9500\u6bc1\uff1b\u5982\u679c\u4e00\u4e2a\u5e94\u7528\u6709\u591a\u4e2a\u5bb9\u5668\u5b9e\u4f8b\uff0c\u5bf9\u4e8e\u65e0\u72b6\u6001\u5e94\u7528\uff0c\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u4efb\u4f55\u4e00\u4e2a\u5bb9\u5668\u5b9e\u4f8b\u90fd\u53ef\u4ee5\u6b63\u786e\u8fd0\u884c\u3002\u4f8b\u5982\uff1aweb\u5e94\u7528<\/p>\n
2\u3001\u6709\u72b6\u6001\u5e94\u7528<\/h3>\n
\u6307\u7684\u662f\u5e94\u7528\u5728\u5bb9\u5668\u4e2d\u8fd0\u884c\u65f6\u5019\u9700\u8981\u7a33\u5b9a\u7684\u6301\u4e45\u5316\u5b58\u50a8\u3001\u7a33\u5b9a\u7684\u7f51\u7edc\u6807\u8bc6\u3001\u56fa\u5b9a\u7684pod\u542f\u52a8\u548c\u505c\u6b62\u6b21\u5e8f\u3002\u4f8b\u5982\uff1amysql\u6570\u636e\u5e93<\/p>\n
1.7 Object<\/h2>\n
k8s \u5bf9\u8c61(Object)\u662f\u4e00\u79cd\u6301\u4e45\u5316\u5b58\u50a8\u5e76\u4e14\u7528\u4e8e\u8868\u793a\u96c6\u7fa4\u72b6\u6001\u7684\u5b9e\u4f53\u3002k8s \u5bf9\u8c61\u5176\u5b9e\u5c31\u662fk8s\u81ea\u5df1\u7684\u914d\u7f6e\u534f\u8bae\uff0c\u603b\u4e4b\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5b9a\u4e49\u4e00\u4e2aobject\u8ba9k8s\u6839\u636eobject\u5b9a\u4e49\u6267\u884c\u4e00\u4e9b\u90e8\u7f72\u4efb\u52a1\u3001\u76d1\u63a7\u4efb\u52a1\u7b49\u7b49\u3002<\/code><\/pre>\n
1.8 Cluster<\/h2>\n
Cluster \u662f\u8ba1\u7b97\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u96c6\u5408\uff0cKubernetes \u5229\u7528\u8fd9\u4e9b\u8d44\u6e90\u8fd0\u884c\u5404\u79cd\u57fa\u4e8e\u5bb9\u5668\u7684\u5e94\u7528\u3002\n\u5177\u4f53\u70b9\u8bf4\uff0c\u5b89\u88c5\u6709kubelet\u7ec4\u4ef6\u7684\u7269\u7406\u8282\u70b9\u90fd\u5c5e\u4e8ecluster\u5185\u8282\u70b9\uff0c\u5426\u5219\u5c5e\u4e8e\u96c6\u7fa4\u5916\u8282\u70b9\uff0c\u8fd9\u4e2a\u6982\u5ff5\u8981\u641e\u6e05\u695a\uff0c\u5f88\u91cd\u8981<\/code><\/pre>\n
1.9 Namespace<\/h2>\n
\u5982\u679c\u6709\u591a\u4e2a\u7528\u6237\u6216\u9879\u76ee\u7ec4\u4f7f\u7528\u540c\u4e00\u4e2a Kubernetes Cluster\uff0c\u5982\u4f55\u5c06\u4ed6\u4eec\u521b\u5efa\u7684 Controller\u3001Pod \u7b49\u8d44\u6e90\u5206\u5f00\u5462\uff1f<\/p>\n
\u7b54\u6848\u5c31\u662f Namespace\u3002
\nNamespace \u53ef\u4ee5\u5c06\u4e00\u4e2a\u7269\u7406\u7684 Cluster \u903b\u8f91\u4e0a\u5212\u5206\u6210\u591a\u4e2a\u865a\u62df Cluster\uff0c\u6bcf\u4e2a Cluster \u5c31\u662f\u4e00\u4e2a Namespace\u3002\u4e0d\u540c Namespace \u91cc\u7684\u8d44\u6e90\u662f\u5b8c\u5168\u9694\u79bb\u7684\u3002<\/p>\n
Kubernetes \u9ed8\u8ba4\u521b\u5efa\u4e86\u4e24\u4e2a Namespace\u3002<\/p>\n
[root@linux-node1 ~]# kubectl get namespace\nNAME          STATUS    AGE\ndefault       Active    1d\nkube-system   Active    1d<\/code><\/pre>\n
default -- \u521b\u5efa\u8d44\u6e90\u65f6\u5982\u679c\u4e0d\u6307\u5b9a\uff0c\u5c06\u88ab\u653e\u5230\u8fd9\u4e2a Namespace \u4e2d\u3002\n\nkube-system -- Kubernetes \u81ea\u5df1\u521b\u5efa\u7684\u7cfb\u7edf\u8d44\u6e90\u5c06\u653e\u5230\u8fd9\u4e2a Namespace \u4e2d\u3002<\/code><\/pre>\n
2.0 \u547d\u540d\u7a7a\u95f4 (Namespace)<\/h2>\n
k8s\u547d\u540d\u7a7a\u95f4\u4e3b\u8981\u7528\u4e8e\u9694\u79bb\u96c6\u7fa4\u8d44\u6e90\u3001\u9694\u79bb\u5bb9\u5668\u7b49\uff0c\u4e3a\u96c6\u7fa4\u63d0\u4f9b\u4e86\u4e00\u79cd\u865a\u62df\u9694\u79bb\u7684\u7b56\u7565\uff1b\u9ed8\u8ba4\u5b58\u57283\u4e2a\u540d\u5b57\u7a7a\u95f4\uff0c\u5206\u522b\u662f\u9ed8\u8ba4\u547d\u540d\u7a7a\u95f4 default\u3001\u7cfb\u7edf\u547d\u540d\u7a7a\u95f4 kube-system \u548c kube-public\u3002<\/p>\n
2.1 Object<\/h2>\n
k8s \u5bf9\u8c61(Object)\u662f\u4e00\u79cd\u6301\u4e45\u5316\u5b58\u50a8\u5e76\u4e14\u7528\u4e8e\u8868\u793a\u96c6\u7fa4\u72b6\u6001\u7684\u5b9e\u4f53\u3002k8s \u5bf9\u8c61\u5176\u5b9e\u5c31\u662fk8s\u81ea\u5df1\u7684\u914d\u7f6e\u534f\u8bae\uff0c\u603b\u4e4b\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5b9a\u4e49\u4e00\u4e2aobject\u8ba9k8s\u6839\u636eobject\u5b9a\u4e49\u6267\u884c\u4e00\u4e9b\u90e8\u7f72\u4efb\u52a1\u3001\u76d1\u63a7\u4efb\u52a1\u7b49\u7b49\u3002<\/p>\n
\u603b\u7ed3\u89c1\u9644\u5f55\uff1aK8S\u6838\u5fc3\u7ec4\u4ef6\u548c\u67b6\u6784\u56fe<\/p>\n
https:\/\/www.cnblogs.com\/linhaifeng\/articles\/15160206.html<\/a><\/p>\n
Ingress—\u300b\u670d\u52a1Service—\u300bPod
\n
\"\"<\/div><\/p>\n
2\u3001Kubernetes\u67b6\u6784\u548c\u96c6\u7fa4\u89c4\u5212<\/h1>\n
\uff081\uff09Kubernetes\u67b6\u6784<\/h2>\n
\"\"<\/div><\/p>\n
\uff082\uff09K8S\u67b6\u6784\u62c6\u89e3\u56fe<\/h2>\n
\"\"<\/div><\/p>\n
K8S Master\u8282\u70b9<\/h3>\n
\u4ece\u4e0a\u56fe\u53ef\u4ee5\u770b\u5230\uff0cMaster\u662fK8S\u96c6\u7fa4\u7684\u6838\u5fc3\u90e8\u5206\uff0c\u4e3b\u8981\u8fd0\u884c\u7740\u4ee5\u4e0b\u7684\u670d\u52a1\uff1akube-apiserver\u3001kube-scheduler\u3001kube-controller-manager\u3001etcd\u548cPod\u7f51\u7edc\uff08\u5982\uff1aflannel\uff09<\/strong><\/p>\n
API Server\uff1aK8S\u5bf9\u5916\u7684\u552f\u4e00\u63a5\u53e3\uff0c\u63d0\u4f9bHTTP\/HTTPS RESTful API\uff0c\u5373kubernetes API\u3002\u6240\u6709\u7684\u8bf7\u6c42\u90fd\u9700\u8981\u7ecf\u8fc7\u8fd9\u4e2a\u63a5\u53e3\u8fdb\u884c\u901a\u4fe1\uff0c\u662f\u552f\u4e00\u53ef\u4ee5\u4e0eetcd\u901a\u4fe1\u7684\u7ec4\u4ef6\u3002\u4e3b\u8981\u5904\u7406REST\u64cd\u4f5c\u4ee5\u53ca\u66f4\u65b0ETCD\u4e2d\u7684\u5bf9\u8c61\u3002\u662f\u6240\u6709\u8d44\u6e90\u589e\u5220\u6539\u67e5\u7684\u552f\u4e00\u5165\u53e3\u3002 \n\nScheduler\uff1a\u8d44\u6e90\u8c03\u5ea6\uff0c\u8d1f\u8d23\u51b3\u5b9a\u5c06Pod\u653e\u5230\u54ea\u4e2aNode\u4e0a\u8fd0\u884c\u3002Scheduler\u5728\u8c03\u5ea6\u65f6\u4f1a\u5bf9\u96c6\u7fa4\u7684\u7ed3\u6784\u8fdb\u884c\u5206\u6790\uff0c\u5f53\u524d\u5404\u4e2a\u8282\u70b9\u7684\u8d1f\u8f7d\uff0c\u4ee5\u53ca\u5e94\u7528\u5bf9\u9ad8\u53ef\u7528\u3001\u6027\u80fd\u7b49\u65b9\u9762\u7684\u9700\u6c42\u3002 \n\nController Manager\uff1a\u8d1f\u8d23\u7ba1\u7406\u96c6\u7fa4\u5404\u79cd\u8d44\u6e90\uff0c\u4fdd\u8bc1\u8d44\u6e90\u5904\u4e8e\u9884\u671f\u7684\u72b6\u6001\u3002Controller Manager\u7531\u591a\u79cdcontroller\u7ec4\u6210\uff0c\u5305\u62ecreplication controller\u3001endpoints controller\u3001namespace controller\u3001serviceaccounts controller\u7b49 \n\nETCD\uff1a\u8d1f\u8d23\u4fdd\u5b58k8s \u96c6\u7fa4\u7684\u914d\u7f6e\u4fe1\u606f\u548c\u5404\u79cd\u8d44\u6e90\u7684\u72b6\u6001\u4fe1\u606f\uff0c\u5f53\u6570\u636e\u53d1\u751f\u53d8\u5316\u65f6\uff0cetcd\u4f1a\u5feb\u901f\u5730\u901a\u77e5k8s\u76f8\u5173\u7ec4\u4ef6\u3002\n\nPod\u7f51\u7edc\uff1aPod\u8981\u80fd\u591f\u76f8\u4e92\u95f4\u901a\u4fe1\uff0cK8S\u96c6\u7fa4\u5fc5\u987b\u90e8\u7f72Pod\u7f51\u7edc\uff0cflannel\u662f\u5176\u4e2d\u4e00\u79cd\u7684\u53ef\u9009\u65b9\u6848\u3002<\/code><\/pre>\n
K8S Node\u8282\u70b9<\/h3>\n
Node\u662fPod\u8fd0\u884c\u7684\u5730\u65b9\uff0cKubernetes\u652f\u6301Docker\u3001rkt\u7b49\u5bb9\u5668Runtime\u3002Node\u4e0a\u8fd0\u884c\u7684K8S\u7ec4\u4ef6\u5305\u62eckubelet\u3001kube-proxy\u548cPod\u7f51\u7edc\u3002<\/strong><\/p>\n
Kubelet\uff1akubelet\u662fnode\u7684agent\uff0c\u5f53Scheduler\u786e\u5b9a\u5728\u67d0\u4e2aNode\u4e0a\u8fd0\u884cPod\u540e\uff0c\u4f1a\u5c06Pod\u7684\u5177\u4f53\u914d\u7f6e\u4fe1\u606f\uff08image\u3001volume\u7b49\uff09\u53d1\u9001\u7ed9\u8be5\u8282\u70b9\u7684kubelet\uff0ckubelet\u4f1a\u6839\u636e\u8fd9\u4e9b\u4fe1\u606f\u521b\u5efa\u548c\u8fd0\u884c\u5bb9\u5668\uff0c\u5e76\u5411master\u62a5\u544a\u8fd0\u884c\u72b6\u6001\u3002\n\nKube-proxy\uff1aservice\u5728\u903b\u8f91\u4e0a\u4ee3\u8868\u4e86\u540e\u7aef\u7684\u591a\u4e2aPod\uff0c\u5916\u501f\u901a\u8fc7service\u8bbf\u95eePod\u3002service\u63a5\u6536\u5230\u8bf7\u6c42\u5c31\u9700\u8981kube-proxy\u5b8c\u6210\u8f6c\u53d1\u5230Pod\u7684\u3002\u6bcf\u4e2aNode\u90fd\u4f1a\u8fd0\u884ckube-proxy\u670d\u52a1\uff0c\u8d1f\u8d23\u5c06\u8bbf\u95ee\u7684service\u7684TCP\/UDP\u6570\u636e\u6d41\u8f6c\u53d1\u5230\u540e\u7aef\u7684\u5bb9\u5668\uff0c\u5982\u679c\u6709\u591a\u4e2a\u526f\u672c\uff0ckube-proxy\u4f1a\u5b9e\u73b0\u8d1f\u8f7d\u5747\u8861\uff0c\u67092\u79cd\u65b9\u5f0f\uff1aLVS\u6216\u8005Iptables \n\nDocker Engine\uff1a\u8d1f\u8d23\u8282\u70b9\u7684\u5bb9\u5668\u7684\u7ba1\u7406\u5de5\u4f5c<\/code><\/pre>\n
Kubernetes\u4e2dpod\u521b\u5efa\u6d41\u7a0b<\/h3>\n
\u3000\u3000Pod\u662fKubernetes\u4e2d\u6700\u57fa\u672c\u7684\u90e8\u7f72\u8c03\u5ea6\u5355\u5143\uff0c\u53ef\u4ee5\u5305\u542bcontainer\uff0c\u903b\u8f91\u4e0a\u8868\u793a\u67d0\u79cd\u5e94\u7528\u7684\u4e00\u4e2a\u5b9e\u4f8b\u3002\u4f8b\u5982\u4e00\u4e2aweb\u7ad9\u70b9\u5e94\u7528\u7531\u524d\u7aef\u3001\u540e\u7aef\u53ca\u6570\u636e\u5e93\u6784\u5efa\u800c\u6210\uff0c\u8fd9\u4e09\u4e2a\u7ec4\u4ef6\u5c06\u8fd0\u884c\u5728\u5404\u81ea\u7684\u5bb9\u5668\u4e2d\uff0c\u90a3\u4e48\u6211\u4eec\u53ef\u4ee5\u521b\u5efa\u5305\u542b\u4e09\u4e2acontainer\u7684pod\u3002<\/p>\n
\"\"<\/div><\/p>\n
\"\"<\/div><\/p>\n
\u5177\u4f53\u7684\u521b\u5efa\u6b65\u9aa4\u5305\u62ec\uff1a<\/h4>\n
\uff081\uff09\u5ba2\u6237\u7aef\u63d0\u4ea4\u521b\u5efa\u8bf7\u6c42\uff0c\u53ef\u4ee5\u901a\u8fc7API Server\u7684Restful API\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528kubectl\u547d\u4ee4\u884c\u5de5\u5177\u3002\u652f\u6301\u7684\u6570\u636e\u7c7b\u578b\u5305\u62ecJSON\u548cYAML\u3002\n\n\uff082\uff09API Server\u5904\u7406\u7528\u6237\u8bf7\u6c42\uff0c\u5b58\u50a8Pod\u6570\u636e\u5230etcd\u3002\n\n\uff083\uff09\u8c03\u5ea6\u5668\u901a\u8fc7API Server\u67e5\u770b\u672a\u7ed1\u5b9a\u7684Pod\u3002\u5c1d\u8bd5\u4e3aPod\u5206\u914d\u4e3b\u673a\u3002\n\n\uff084\uff09\u8fc7\u6ee4\u4e3b\u673a (\u8c03\u5ea6\u9884\u9009)\uff1a\u8c03\u5ea6\u5668\u7528\u4e00\u7ec4\u89c4\u5219\u8fc7\u6ee4\u6389\u4e0d\u7b26\u5408\u8981\u6c42\u7684\u4e3b\u673a\u3002\u6bd4\u5982Pod\u6307\u5b9a\u4e86\u6240\u9700\u8981\u7684\u8d44\u6e90\u91cf\uff0c\u90a3\u4e48\u53ef\u7528\u8d44\u6e90\u6bd4Pod\u9700\u8981\u7684\u8d44\u6e90\u91cf\u5c11\u7684\u4e3b\u673a\u4f1a\u88ab\u8fc7\u6ee4\u6389\u3002\n\n\uff085\uff09\u4e3b\u673a\u6253\u5206(\u8c03\u5ea6\u4f18\u9009)\uff1a\u5bf9\u7b2c\u4e00\u6b65\u7b5b\u9009\u51fa\u7684\u7b26\u5408\u8981\u6c42\u7684\u4e3b\u673a\u8fdb\u884c\u6253\u5206\uff0c\u5728\u4e3b\u673a\u6253\u5206\u9636\u6bb5\uff0c\u8c03\u5ea6\u5668\u4f1a\u8003\u8651\u4e00\u4e9b\u6574\u4f53\u4f18\u5316\u7b56\u7565\uff0c\u6bd4\u5982\u628a\u5bb9\u4e00\u4e2aReplication Controller\u7684\u526f\u672c\u5206\u5e03\u5230\u4e0d\u540c\u7684\u4e3b\u673a\u4e0a\uff0c\u4f7f\u7528\u6700\u4f4e\u8d1f\u8f7d\u7684\u4e3b\u673a\u7b49\u3002\n\n\uff086\uff09\u9009\u62e9\u4e3b\u673a\uff1a\u9009\u62e9\u6253\u5206\u6700\u9ad8\u7684\u4e3b\u673a\uff0c\u8fdb\u884cbinding\u64cd\u4f5c\uff0c\u7ed3\u679c\u5b58\u50a8\u5230etcd\u4e2d\u3002\n\n\uff087\uff09kubelet\u6839\u636e\u8c03\u5ea6\u7ed3\u679c\u6267\u884cPod\u521b\u5efa\u64cd\u4f5c\uff1a \u7ed1\u5b9a\u6210\u529f\u540e\uff0cscheduler\u4f1a\u8c03\u7528APIServer\u7684API\u5728etcd\u4e2d\u521b\u5efa\u4e00\u4e2aboundpod\u5bf9\u8c61\uff0c\u63cf\u8ff0\u5728\u4e00\u4e2a\u5de5\u4f5c\u8282\u70b9\u4e0a\u7ed1\u5b9a\u8fd0\u884c\u7684\u6240\u6709pod\u4fe1\u606f\u3002\u8fd0\u884c\u5728\u6bcf\u4e2a\u5de5\u4f5c\u8282\u70b9\u4e0a\u7684kubelet\u4e5f\u4f1a\u5b9a\u671f\u4e0eetcd\u540c\u6b65boundpod\u4fe1\u606f\uff0c\u4e00\u65e6\u53d1\u73b0\u5e94\u8be5\u5728\u8be5\u5de5\u4f5c\u8282\u70b9\u4e0a\u8fd0\u884c\u7684boundpod\u5bf9\u8c61\u6ca1\u6709\u66f4\u65b0\uff0c\u5219\u8c03\u7528Docker API\u521b\u5efa\u5e76\u542f\u52a8pod\u5185\u7684\u5bb9\u5668\u3002<\/code><\/pre>\n
\uff083\uff09\u5b9e\u9a8c\u73af\u5883\u51c6\u5907\uff1a<\/h2>\n
\u5982\u679c\u662f\u7528\u865a\u62df\u673a\u505a\u5b9e\u9a8c\uff0c\u90a3\u4e487\u53f0\u865a\u62df\u673a\u90fd\u8fde\u63a5\u5230NAT\u7f51\u7edc\u4e0a\n\n\u4e3b\u673a\u540d    \u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000     IP\u5730\u5740    \u3000\u3000\u3000\u3000\u3000\u3000   \u63cf\u8ff0\nlinux-master01.example.com         eth0:10.1.1.100\/24     K8S Master\u8282\u70b9\/ETCD\u8282\u70b9\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\uff0c\u540c\u65f6\u90e8\u7f72haproxy+keepalived\nlinux-master02.example.com         eth0:10.1.1.101\/24     K8S Master\u8282\u70b9\/ETCD\u8282\u70b9\uff0c\u4e3a\u4e86\u8282\u7701\u8d44\u6e90\uff0c\u540c\u65f6\u90e8\u7f72haproxy+keepalived\nlinux-master03.example.com         eth0:10.1.1.102\/24     K8s Master\u8282\u70b9\/ETCD\u8282\u70b9\n\nlinux-node01.example.com           eth0:10.1.1.103\/24     K8S \u8ba1\u7b97\u8282\u70b9\nlinux-node02.example.com           eth0:10.1.1.104\/24     K8S \u8ba1\u7b97\u8282\u70b9\nlinux-node03.example.com           eth0:10.1.1.105\/24     K8s \u8ba1\u7b97\u8282\u70b9\n\nlinux-manager.example.com          eth0:10.1.1.106\/24     \u7528\u4e8e\u8fd0\u7ef4\u7ba1\u7406\u7684\u4e3b\u673a\u3001ntp\u670d\u52a1\u3001\u90e8\u7f72docker\u79c1\u6709\u4ed3\u5e93\u3001k8s\u914d\u7f6e\u6e05\u5355\u3001nfs\u6570\u636e\u5b58\u50a8\u3001\u8bc1\u4e66\u7b7e\u53d1<\/code><\/pre>\n
7\u53f0vm\uff0c\u6bcf\u53f0\u81f3\u5c112g\u3002\nOS\uff1a CentOS 7.6.1810\uff0c\u5347\u7ea7\u540e7.9\n\u5185\u6838\uff1a3.10\ndocker\uff1av20.10.8\nkubernetes\uff1av1.17\netcd\uff1av3.3.22\nflannel\uff1av0.12.0\nharbor\uff1av1.10\n\u8bc1\u4e66\u7b7e\u53d1\u5de5\u5177CFSSL: R1.2<\/code><\/pre>\n
\uff084\uff09\u7cfb\u7edf\u73af\u5883\u521d\u59cb\u5316<\/h2>\n
1. \u6bcf\u53f0\u4e3b\u673a\u90fd\u5173\u95edNetworkManager<\/h3>\n
systemctl stop NetworkManager\nsystemctl disable NetworkManager<\/code><\/pre>\n
2. \u6bcf\u53f0\u4e3b\u673a\u5747\u5173\u95edselinux\u4e0e\u9632\u706b\u5899<\/h3>\n
sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/' \/etc\/sysconfig\/selinux\nsed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/' \/etc\/selinux\/config\nsetenforce 0\nsystemctl stop firewalld.service\nsystemctl disable firewalld.service<\/code><\/pre>\n
3. \u6bcf\u53f0\u4e3b\u673a\u89c4\u8303\u4e3b\u673a\u540d<\/h3>\n
hostnamectl set-hostname \u4e3b\u673a\u540d<\/code><\/pre>\n
4\u3001\u6bcf\u53f0\u673a\u5668\u5347\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u5e76\u5b89\u88c5\u4f9d\u8d56\u5305<\/h3>\n
yum install epel-release -y && yum update -y && yum upgrade -y && reboot<\/code><\/pre>\n
\u5347\u7ea7\u540e\u9700\u8981\u91cd\u542f\u8ba1\u7b97\u673a\u624d\u80fd\u52a0\u8f7d\u65b0\u5185\u6838\uff0c\u6ce8\u610f\uff0c\u4e00\u5b9a\u8981\u91cd\u542f\u8ba1\u7b97\u673a<\/p>\n
# \u5347\u7ea7\u524d\n \u7cfb\u7edf\uff1aCentOS Linux release 7.6.1810 (Core) \n \u5185\u6838\uff1a3.10.0-957.el7.x86_64  \n \u200b\n # reboot \u91cd\u542f\u540e\n \u7cfb\u7edf\uff1aCentOS Linux release 7.9.2009 (Core)\n \u5185\u6838\uff1a3.10.0-1160.24.1.el7.x86_64  # \u5347\u7ea7\u540e<\/code><\/pre>\n
5\u3001\u6bcf\u53f0\u673a\u5668\u5747\u5b89\u88c5\u5e38\u7528\u8f6f\u4ef6<\/h3>\n
yum -y install python-setuptools python-pip gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel \\\nzlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel zip unzip ncurses ncurses-devel curl curl-devel e2fsprogs \\\ne2fsprogs-devel krb5-devel libidn libidn-devel openssl openssh openssl-devel nss_ldap openldap openldap-devel openldap-clients \\\nopenldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced python wget lsof iptraf strace lrzsz \\\nkernel-devel kernel-headers pam-devel tcl tk cmake ncurses-devel bison setuptool popt-devel net-snmp screen perl-devel \\\npcre-devel net-snmp screen tcpdump rsync sysstat man iptables sudo libconfig git  bind-utils \\\ntmux elinks numactl iftop bwm-ng net-tools expect<\/code><\/pre>\n
6\u3001\u6bcf\u53f0\u673a\u5668\u5747\u4fee\u6539ssh\u914d\u7f6e<\/h3>\n
\u52a0\u5feb\u8fdc\u7a0b\u94fe\u63a5\u901f\u5ea6\uff0c\u53ef\u9009\uff0c\u4f46\u5efa\u8bae\u505a\n\nsed -ri '\/#UseDNS yes\/c UseDNS no' \/etc\/ssh\/sshd_config\n \u200b\nsystemctl restart sshd<\/code><\/pre>\n
7\u3001\u5728\u7ba1\u7406\u8282\u70b9\u6dfb\u52a0hosts\u89e3\u6790<\/h3>\n
cat >> \/etc\/hosts << EOF\n10.1.1.100 master01\n10.1.1.101 master02 \n10.1.1.102 master03\n10.1.1.103 node01\n10.1.1.104 node02 \n10.1.1.105 node03\n10.1.1.106 manager\nEOF<\/code><\/pre>\n
8\u3001\u5728\u7ba1\u7406\u8282\u70b910.1.1.106\u5236\u4f5c\u5bc6\u94a5\u767b\u5f55\u6240\u6709\u5176\u4ed6\u8282\u70b9<\/h3>\n
\u5236\u4f5c\u79d8\u94a5\u5bf9\nssh-keygen \n\n\u5728\u7ba1\u7406\u8282\u70b9\u6267\u884c\u4e0b\u8ff0\u811a\u672c\uff08\u524d\u63d0\uff1a\u76ee\u6807\u4e3b\u673a\u7684root\u5bc6\u7801\u5747\u4e3a1\uff09\n\n\u8bb0\u5f97\u5b89\u88c5yum install expect -y\n#!\/bin\/bash\nfor i in 'master01' 'master02' 'master03' 'node01' 'node02' 'node03' 'manager'\ndo\nexpect -c "\nspawn ssh-copy-id -i root@$i\nexpect {\n\\"(yes\/no)\\" {send \\"yes\\r\\";exp_continue}\n\\"password\\" {send \\"1\\r\\";exp_continue}\n}\n"\ndone<\/code><\/pre>\n
9\u3001\u5728\u7ba1\u7406\u8282\u70b910.1.1.106\u628a\/etc\/hosts\u53d1\u7ed9\u5176\u4ed6\u8282\u70b9<\/h3>\n
#!\/bin\/bash\nfor i in 'master01' 'master02' 'master03' 'node01' 'node02' 'node03' 'manager'\ndo\n    scp \/etc\/hosts root@$i:\/etc\/hosts\ndone<\/code><\/pre>\n
10\u3001\u914d\u7f6entp\u670d\u52a1\uff0c\u4fdd\u8bc1\u96c6\u7fa4\u670d\u52a1\u5668\u65f6\u95f4\u7edf\u4e00<\/h3>\n
\u7edf\u4e00\u65f6\u95f4\u975e\u5e38\u91cd\u8981\uff0c\u5fc5\u987b\u8981\u505a<\/p>\n
\u5927\u524d\u63d0\uff1achrony\u670d\u52a1\u7aef\u5ba2\u6237\u7aef\u914d\u7f6e\u5b8c\u540e\uff0c\u91cd\u542fchronyd\u670d\u52a1\u5373\u53ef\u5feb\u901f\u5b8c\u6210\u65f6\u95f4\u540c\u6b65\uff0c\u5728\u8fd9\u4e4b\u540e\u5c31\u4e0d\u8981\u518d\u624b\u52a8\u53bb\u4fee\u6539\u65f6\u95f4\u4e86\uff0c\u4e00\u5207\u8ba9\u65f6\u95f4\u670d\u52a1\u5668\u81ea\u5df1\u53bb\u540c\u6b65<\/p>\n
chrony\u670d\u52a1\u7aef\uff1amanager\u8282\u70b9
\n<\/strong><\/p>\n
# 1\u3001\u5b89\u88c5\nyum -y install chrony\n\u200b\n# 2\u3001\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\nmv \/etc\/chrony.conf \/etc\/chrony.conf.bak\n\u200b\ncat > \/etc\/chrony.conf << EOF\nserver ntp1.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp2.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp3.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp4.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp5.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp6.aliyun.com iburst minpoll 4 maxpoll 10\nserver ntp7.aliyun.com iburst minpoll 4 maxpoll 10\ndriftfile \/var\/lib\/chrony\/drift\nmakestep 10 3\nrtcsync\nallow 0.0.0.0\/0\nlocal stratum 10\nkeyfile \/etc\/chrony.keys\nlogdir \/var\/log\/chrony\nstratumweight 0.05\nnoclientlog\nlogchange 0.5\n\nEOF\n\u200b\n# 4\u3001\u542f\u52a8chronyd\u670d\u52a1\nsystemctl restart chronyd.service # \u6700\u597d\u91cd\u542f\uff0c\u8fd9\u6837\u65e0\u8bba\u539f\u6765\u662f\u5426\u542f\u52a8\u90fd\u53ef\u4ee5\u91cd\u65b0\u52a0\u8f7d\u914d\u7f6e\nsystemctl enable chronyd.service\nsystemctl status chronyd.service\n<\/code><\/pre>\n
chrony\u5ba2\u6237\u7aef\uff1a\u5176\u4ed6\u8282\u70b9\uff0c\u5b8c\u5168\u4e00\u6837\u7684\u914d\u7f6e\u4e0e\u64cd\u4f5c<\/strong><\/p>\n
# \u4e0b\u8ff0\u6b65\u9aa4\u4e00\u6b21\u6027\u7c98\u8d34\u5230\u6bcf\u4e2a\u5ba2\u6237\u7aef\u6267\u884c\u5373\u53ef\n# 1\u3001\u5b89\u88c5chrony\nyum -y install chrony\n# 2\u3001\u9700\u6539\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\nmv \/etc\/chrony.conf \/etc\/chrony.conf.bak\ncat > \/etc\/chrony.conf << EOF\nserver manager iburst\ndriftfile \/var\/lib\/chrony\/drift\nmakestep 10 3\nrtcsync\nlocal stratum 10\nkeyfile \/etc\/chrony.key\nlogdir \/var\/log\/chrony\nstratumweight 0.05\nnoclientlog\nlogchange 0.5\n\nEOF\n# 3\u3001\u542f\u52a8chronyd\nsystemctl restart chronyd.service\nsystemctl enable chronyd.service\nsystemctl status chronyd.service\n\n# 4\u3001\u9a8c\u8bc1\nchronyc sources -v<\/code><\/pre>\n
11\u3001\u5728manager\u8282\u70b9\u5b8c\u6210CA\u8bc1\u4e66\u7684\u521b\u5efa\u548c\u5206\u53d1<\/h3>\n
\u4ecek8s\u76841.8\u7248\u672c\u5f00\u59cb\uff0cK8S\u7cfb\u7edf\u5404\u7ec4\u4ef6\u9700\u8981\u4f7f\u7528TLS\u8bc1\u4e66\u5bf9\u901a\u4fe1\u8fdb\u884c\u52a0\u5bc6\u3002\u6bcf\u4e00\u4e2aK8S\u96c6\u7fa4\u90fd\u9700\u8981\u72ec\u7acb\u7684CA\u8bc1\u4e66\u4f53\u7cfb\u3002CA\u8bc1\u4e66\u6709\u4ee5\u4e0b\u4e09\u79cd\uff1aeasyrsa\u3001openssl\u3001cfssl\u3002\u8fd9\u91cc\u4f7f\u7528cfssl\u8bc1\u4e66\uff0c\u4e5f\u662f\u76ee\u524d\u4f7f\u7528\u6700\u591a\u7684\uff0c\u76f8\u5bf9\u6765\u8bf4\u914d\u7f6e\u7b80\u5355\u4e00\u4e9b\uff0c\u901a\u8fc7json\u7684\u683c\u5f0f\uff0c\u628a\u8bc1\u4e66\u76f8\u5173\u7684\u4e1c\u897f\u914d\u7f6e\u8fdb\u53bb\u5373\u53ef\u3002\u8fd9\u91cc\u4f7f\u7528cfssl\u7684\u7248\u672c\u4e3a1.2\u7248\u672c\u3002<\/p>\n
12\u3001\u5728manager\u8282\u70b9\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u8fdc\u7a0b\u4e3a\u6240\u6709\u8282\u70b9\u521b\u5efa\u5de5\u4f5c\u76ee\u5f55<\/h3>\n
#!\/bin\/bash\nfor i in 'master01' 'master02' 'master03' 'node01' 'node02' 'node03' 'manager'\ndo\n    ssh root@$i 'mkdir -p \/opt\/kubernetes\/{cfg,bin,ssl,log}'\n    echo "$i ok"\ndone<\/code><\/pre>\n
13\u3001\u5728\u6240\u6709\u8282\u70b9\u6267\u884c\u4e0b\u8ff0\u547d\u4ee4\uff0c\u5b8c\u6210\u73af\u5883\u53d8\u91cf\u914d\u7f6e<\/h3>\n
echo 'PATH=$PATH:$HOME\/bin:\/opt\/kubernetes\/bin' >> \/root\/.bash_profile\nsource \/root\/.bash_profile<\/code><\/pre>\n
14\u3001\u5b89\u88c5docker<\/h3>\n
\u5728manager\u3001node01\u3001node02\u3001node3\u4e0a\u90e8\u7f72docker\uff0c\u56e0\u4e3amananger\u4e0a\u8981\u57fa\u4e8edocker\u542f\u955c\u50cf\u4ed3\u5e93\uff0c\u6240\u4ee5\u4e5f\u9700\u8981\u5b89\u88c5docker<\/p>\n
# \u7b2c\u4e00\u6b65\uff1a\u4f7f\u7528\u56fd\u5185Docker\u6e90\ncd \/etc\/yum.repos.d\/\nwget https:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/docker-ce.repo\n\n# \u7b2c\u4e8c\u6b65\uff1aDocker\u5b89\u88c5\uff1a\nyum install -y docker-ce\n\n# \u7b2c\u4e09\u6b65\uff1a\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\nmkdir -p \/data\/docker\nmkdir -p \/etc\/docker\ncat > \/etc\/docker\/daemon.json << EOF\n{\n  "graph": "\/data\/docker",\n  "storage-driver": "overlay",\n  "insecure-registries": ["registry.access.redhat.com","quay.io"],\n  "bip": "172.168.10.1\/24",\n  "registry-mirrors": ["https:\/\/l2v84zex.mirror.aliyuncs.com"],\n  "exec-opts": ["native.cgroupdriver=systemd"],\n  "live-restore": true\n}\n\nEOF\n\n# \u7b2c\u4e09\u6b65\uff1a\u542f\u52a8\u540e\u53f0\u8fdb\u7a0b\nsystemctl start docker\nsystemctl enable docker\nsystemctl status docker<\/code><\/pre>\n
15\u3001\u5728manager\u8282\u70b9\u90e8\u7f72docker\u955c\u50cf\u79c1\u6709\u4ed3\u5e93harbor<\/h3>\n
#1\u3001\u4e0b\u8f7d\nwget https:\/\/github.com\/goharbor\/harbor\/releases\/download\/v2.3.1\/harbor-offline-installer-v2.3.1.tgz\n\ntar xf harbor-offline-installer-v2.3.1.tgz -C \/opt\nmv \/opt\/harbor \/opt\/harbor-v2.3.1\nln -s \/opt\/harbor-v2.3.1 \/opt\/harbor\n\n#2\u3001\u914d\u7f6e\ncp \/opt\/harbor\/harbor.yml.tmpl \/opt\/harbor\/harbor.yml\nvim \/opt\/harbor\/harbor.yml\n# \u4fee\u6539\u7b2c5\u884chostname\u4e3amanager\u7684ip\nhostname = 10.1.1.106\n\n#3\u3001\u7b2c7\u523018\u884c\uff0charbor\u542f\u7528http\u548chttps\u534f\u8bae\uff0c\u6307\u5b9a\u8bc1\u4e66\u8def\u5f84\uff0c\u5982\u679c\u662f\u5b9e\u9a8c\u73af\u5883\u4e5f\u53ef\u4ee5\u76f4\u63a5\u6ce8\u91ca\u63897\u523018\u884c\nhttp:\n  port: 180\n\n#https:\n#  port: 443\n#  certificate: \/opt\/kubernetes\/ssl\/\n#  private_key: \/opt\/kubernetes\/ssl\/\n\n# \u7b2c34\u884c\uff0chabor\u7684\u7ba1\u7406\u5458\u5bc6\u7801\nharbor_admin_password: Harbor12345\n\n# \u7b2c47\u884c\uff0charbor\u7684\u6570\u636e\u5b58\u50a8\u4f4d\u7f6e\ndata_volume: \/data\n\n#4\u3001\u5b89\u88c5docker-compose,\u4e0b\u9762\u7684\u5b89\u88c5\u811a\u672c\u9700\u8981\u5b83\nyum install docker-compose -y\n\n#5\u3001 \u5b89\u88c5\u542f\u52a8\ncd \/opt\/harbor\n.\/install.sh \ndocker-compose ps\n\n#6\u3001\u91cd\u542fHarbor\uff0c\u56e0\u4e3aHarbor\u662f\u57fa\u4e8edocker-compose\u670d\u52a1\u7f16\u6392\u7684\uff0c\u6240\u4ee5\u901a\u8fc7 docker-compose\u542f\u52a8\u6216\u8005\u5173\u95edHarbor\ndocker-compose down\ndocker-compose up -d\n\n#7\u3001\u5b89\u88c5nginx\u5bf980\u7aef\u53e3\u8fdb\u884c\u53cd\u4ee3,---->\u76d1\u542c8888\u7aef\u53e3\uff0c\u9632\u6b62\u8ddf\u540e\u7eed\u7aef\u53e3\u51b2\u7a81\uff0c\u6bd4\u5982apiserver\u76848080\nyum -y install nginx\n\ncat > \/etc\/nginx\/conf.d\/harbor.od.com.conf << EOF\nserver {\n    listen       8888;\n    server_name  localhost;\n\n    client_max_body_size 1000m;\n\n    location \/ {\n        proxy_pass http:\/\/127.0.0.1:180;\n    }\n}\n\nEOF\n\nsystemctl restart nginx\n\n### https\u534f\u8bae\u53ef\u9009\uff0c\u6b64\u5904\u6211\u4eec\u5c31\u5ffd\u7565\u4e86\nserver {\n    listen       443 ssl;\n    server_name  harbor.od.com;\n\n    ssl_certificate "certs\/harbor.od.com.pem";\n    ssl_certificate_key "certs\/harbor.od.com-key.pem";\n    ssl_session_cache shared:SSL:1m;\n    ssl_session_timeout  10m;\n    ssl_ciphers HIGH:!aNULL:!MD5;\n    ssl_prefer_server_ciphers on;\n    client_max_body_size 1000m;\n\n    location \/ {\n        proxy_pass http:\/\/127.0.0.1:180;\n    }\n}\n\n\u81ea\u7b7e\u8bc1\u4e66\nopenssl genrsa -out od.key 2048\nopenssl req -new -key od.key -out od.csr -subj "\/CN=*.od.com\/ST=Beijing\/L=beijing\/O=od\/OU=ops"\nopenssl x509 -req -in od.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out od.crt -days 365\n\n#8\u3001\u7136\u540e\u5728\u6d4f\u89c8\u5668\u4e0a\uff0c\u8f93\u5165\u670d\u52a1\u5668ip\u5730\u5740\uff0c\u6253\u5f00harbor\u767b\u5f55\u754c\u9762\u3002\u9ed8\u8ba4\u7528\u6237\u540d\u662fadmin\uff0c\u5bc6\u7801\u5c31\u662f\u5728harbor.yml\u91cc\u914d\u7f6e\u7684\u5bc6\u7801Harbor12345\n10.1.1.106:8888\n\n\u4e00\u4e2a\u7b80\u5355\u7684harbor\u5c31\u90e8\u7f72\u5b8c\u6210\u3002\n\n#9\u3001\u4ecedocker.io\u4e0a\u4e0b\u8f7d\u955c\u50cf\uff0c\u7136\u540e\u63a8\u9001\u5230\u81ea\u5df1\u7684\u79c1\u6709\u4ed3\u5e93\n\u5148\u5728habor\u7684web\u754c\u9762\u91cc\u521b\u5efa\u597d\u4ed3\u5e93\uff0c\u540d\u4e3aegonlin\ndocker pull nginx\ndocker image ls\ndocker image tag nginx 10.1.1.106:8888\/egonlin\/nginx:v_new\ndocker login 10.1.1.106:8888\ndocker push 10.1.1.106:8888\/egonlin\/nginx:v_new<\/code><\/pre>\n
16\u3001\u5728\u6240\u6709\u5b89\u88c5docker\u7684\u8282\u70b9\u4e0a\u4fee\u6539\u914d\u7f6e\uff0c\u589e\u52a0habor\u4ed3\u5e93\u5730\u5740<\/h3>\n
cat > \/etc\/docker\/daemon.json << EOF\n{\n  "graph": "\/data\/docker",\n  "storage-driver": "overlay",\n  "insecure-registries": ["registry.access.redhat.com","quay.io","10.1.1.106:8080"],\n  "bip": "172.168.10.1\/24",\n  "registry-mirrors": ["https:\/\/l2v84zex.mirror.aliyuncs.com"],\n  "exec-opts": ["native.cgroupdriver=systemd"],\n  "live-restore": true\n}\n\nEOF\n\nsystemctl restart docker<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
1\u3001Kubernetes\u7684\u91cd\u8981\u6982\u5ff5 1.1 \u8282\u70b9 \u8282\u70b9\u901a\u5e38\u6307\u7684\u5c31\u662f\u670d\u52a1\u5668\u3002\u53ef\u4ee5\u4f7f\u7269\u7406\u673a\u6216\u865a\u62df\u673a\uff0c\u5728k8s\u4e2d\u6709\u4e24 […]<\/p>\n","protected":false},"author":3,"featured_media":6564,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[413,412],"tags":[],"_links":{"self":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/6561"}],"collection":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6561"}],"version-history":[{"count":0,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/6561\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/media\/6564"}],"wp:attachment":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}