Skip to content

Commit

Permalink
feature: 完善
Browse files Browse the repository at this point in the history
  • Loading branch information
panhy committed Feb 21, 2025
1 parent d336634 commit 2ad0c3e
Show file tree
Hide file tree
Showing 3 changed files with 271 additions and 15 deletions.
146 changes: 139 additions & 7 deletions codelabs/Fully-Manual-Installation-of-Kubernetes-v1.32.2-on-Debian-12.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1526,7 +1526,7 @@ nerdctl pull registry.aliyuncs.com/google_containers/pause:3.10
./kubelet \
--bootstrap-kubeconfig=/etc/kubernetes/kubelet-bootstrap.conf \
--cert-dir=/var/lib/kubelet/pki \
--hostname-override=node-102 \
--hostname-override=k8s-102 \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
--config=/etc/kubernetes/kubelet-config.yaml \
--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10 \
Expand Down Expand Up @@ -1592,16 +1592,16 @@ kubectl get nodes
```bash
NAME STATUS ROLES AGE VERSION
node-102 Ready <none> 19m v1.32.2
node-103 Ready <none> 18m v1.32.2
k8s-102 Ready <none> 19m v1.32.2
k8s-103 Ready <none> 18m v1.32.2
```
我们还可以设置集群的标签
```bash
# 设置集群为node标签
kubectl label node node-102 node-role.kubernetes.io/node=
kubectl label node node-103 node-role.kubernetes.io/node=
kubectl label node k8s-102 node-role.kubernetes.io/node=
kubectl label node k8s-103 node-role.kubernetes.io/node=
```
## 十二、安装proxy
Expand Down Expand Up @@ -1771,10 +1771,10 @@ kubectl get pod -o wide
```shell
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod1 1/1 Running 0 94s 10.22.0.2 node-103 <none> <none>
pod1 1/1 Running 0 94s 10.22.0.2 k8s-103 <none> <none>
```
创建的pod运行在`node-103`这台主机上,在这台机使用`curl 10.22.0.2`命令能正常访问到nginx服务。但是如果我们在另一个节点`node-102`上执行`curl 10.22.0.2`会发现访问不到。原因是这两个节点上的容器在各自的虚拟网络内,我们将到后续的章节安装通过安装 k8s 网络插件的方式,实现不同工作节点的容器网络互相访问的功能。
创建的pod运行在`k8s-103`这台主机上,在这台机使用`curl 10.22.0.2`命令能正常访问到nginx服务。但是如果我们在另一个节点`k8s-102`上执行`curl 10.22.0.2`会发现访问不到。原因是这两个节点上的容器在各自的虚拟网络内,我们将到后续的章节安装通过安装 k8s 网络插件的方式,实现不同工作节点的容器网络互相访问的功能。
## 十三、安装网络插件
Expand Down Expand Up @@ -1880,3 +1880,135 @@ spec:
```bash
kubectl apply -f coredns.yml
```
## 十四、安装traefik
Traefik 在 Kubernetes (k8s) 中的作用主要是作为反向代理和负载均衡器,负责管理外部流量到集群内部服务的路由。我们先定义 traefik 的资源,在`/etc/kubernetes`目录下创建`traefik.yml`文件,添加以下内容
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
# 定义角色
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
---
# 创建角色和账号绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
# 创建traefik服务
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
namespace: kube-system
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.10
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
args:
- --api.insecure=true
- --providers.kubernetesingress
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
---
# 创建traefik的service
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
type: NodePort
ports:
- name: web
port: 80
nodePort: 34807
- name: websecure
port: 443
nodePort: 34808
- name: admin
port: 8080
nodePort: 34809
selector:
app: traefik
```
基于traefik镜像启动的pod将创建运行三个端口服务,80和443对应ingress本身核心服务,我们后续可以将流量都转发到ingress的80端口,让ingress做流量调度。8080是traefik的控制面板后台服务。
我们定义了3个nodePort类型的service,目的是为了在每个工作节点上提供一个服务入口。后续再将请求负载到各个节点上。创建好配置文件后,执行以下命令启动服务
```shell
kubectl apply -f traefik.yml
```
此时我们通过 `kubectl get pod -A -o wide | grep traefik` 命令可以看到如下结果
```shell
kube-system traefik-67f7c856c7-2z45k 1/1 Running 0 32s 10.244.240.11 k8s-103 <none> <none>
```
同时不同的工作节点上的34807、34808、34809端口也会有对应的服务,代表3个nodePort类型的service已经启动成功。
2 changes: 1 addition & 1 deletion codelabs/Fully-Manual-Installation-of-Kubernetes-v1.32.2-on-Debian-12/codelab.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"format": "html",
"prefix": "https://storage.googleapis.com",
"mainga": "UA-49880327-14",
"updated": "2025-02-20T23:44:44+08:00",
"updated": "2025-02-21T11:21:48+08:00",
"id": "Fully-Manual-Installation-of-Kubernetes-v1.32.2-on-Debian-12",
"duration": 0,
"title": "在 Debian 12 上完全手动安装 kubernetes v1.32.2",
Expand Down
138 changes: 131 additions & 7 deletions codelabs/Fully-Manual-Installation-of-Kubernetes-v1.32.2-on-Debian-12/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1310,7 +1310,7 @@ <h3 is-upgraded>11.3.1 配置启动脚本</h3>
./kubelet \
--bootstrap-kubeconfig=/etc/kubernetes/kubelet-bootstrap.conf \
--cert-dir=/var/lib/kubelet/pki \
--hostname-override=node-102 \
--hostname-override=k8s-102 \
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
--config=/etc/kubernetes/kubelet-config.yaml \
--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10 \
Expand Down Expand Up @@ -1356,13 +1356,13 @@ <h3 is-upgraded>11.3.3 验证集群</h3>
</code></pre>
<p>如果看到以下信息,代表安装成功</p>
<pre><code language="language-bash" class="language-bash">NAME STATUS ROLES AGE VERSION
node-102 Ready &lt;none&gt; 19m v1.32.2
node-103 Ready &lt;none&gt; 18m v1.32.2
k8s-102 Ready &lt;none&gt; 19m v1.32.2
k8s-103 Ready &lt;none&gt; 18m v1.32.2
</code></pre>
<p>我们还可以设置集群的标签</p>
<pre><code language="language-bash" class="language-bash"># 设置集群为node标签
kubectl label node node-102 node-role.kubernetes.io/node=
kubectl label node node-103 node-role.kubernetes.io/node=
kubectl label node k8s-102 node-role.kubernetes.io/node=
kubectl label node k8s-103 node-role.kubernetes.io/node=
</code></pre>


Expand Down Expand Up @@ -1492,9 +1492,9 @@ <h2 is-upgraded>12.7 集群的验证</h2>
</code></pre>
<p>如果返回如下内容,代表集群正常</p>
<pre><code language="language-shell" class="language-shell">NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod1 1/1 Running 0 94s 10.22.0.2 node-103 &lt;none&gt; &lt;none&gt;
pod1 1/1 Running 0 94s 10.22.0.2 k8s-103 &lt;none&gt; &lt;none&gt;
</code></pre>
<p>创建的pod运行在<code>node-103</code>这台主机上,在这台机使用<code>curl 10.22.0.2</code>命令能正常访问到nginx服务。但是如果我们在另一个节点<code>node-102</code>上执行<code>curl 10.22.0.2</code>会发现访问不到。原因是这两个节点上的容器在各自的虚拟网络内,我们将到后续的章节安装通过安装 k8s 网络插件的方式,实现不同工作节点的容器网络互相访问的功能。</p>
<p>创建的pod运行在<code>k8s-103</code>这台主机上,在这台机使用<code>curl 10.22.0.2</code>命令能正常访问到nginx服务。但是如果我们在另一个节点<code>k8s-102</code>上执行<code>curl 10.22.0.2</code>会发现访问不到。原因是这两个节点上的容器在各自的虚拟网络内,我们将到后续的章节安装通过安装 k8s 网络插件的方式,实现不同工作节点的容器网络互相访问的功能。</p>


</google-codelab-step>
Expand Down Expand Up @@ -1566,6 +1566,130 @@ <h3 is-upgraded>13.2.3 启动服务</h3>

</google-codelab-step>

<google-codelab-step label="十四、安装traefik" duration="0">
<p>Traefik 在 Kubernetes (k8s) 中的作用主要是作为反向代理和负载均衡器,负责管理外部流量到集群内部服务的路由。我们先定义 traefik 的资源,在<code>/etc/kubernetes</code>目录下创建<code>traefik.yml</code>文件,添加以下内容</p>
<pre><code language="language-yaml" class="language-yaml">apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
# 定义角色
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- &#34;&#34;
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
---
# 创建角色和账号绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
# 创建traefik服务
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
namespace: kube-system
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.10
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
args:
- --api.insecure=true
- --providers.kubernetesingress
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
---
# 创建traefik的service
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
type: NodePort
ports:
- name: web
port: 80
nodePort: 34807
- name: websecure
port: 443
nodePort: 34808
- name: admin
port: 8080
nodePort: 34809
selector:
app: traefik
</code></pre>
<p>基于traefik镜像启动的pod将创建运行三个端口服务,80和443对应ingress本身核心服务,我们后续可以将流量都转发到ingress的80端口,让ingress做流量调度。8080是traefik的控制面板后台服务。</p>
<p>我们定义了3个nodePort类型的service,目的是为了在每个工作节点上提供一个服务入口。后续再将请求负载到各个节点上。创建好配置文件后,执行以下命令启动服务</p>
<pre><code language="language-shell" class="language-shell">kubectl apply -f traefik.yml
</code></pre>
<p>此时我们通过 <code>kubectl get pod -A -o wide | grep traefik</code> 命令可以看到如下结果</p>
<pre><code language="language-shell" class="language-shell">kube-system traefik-67f7c856c7-2z45k 1/1 Running 0 32s 10.244.240.11 k8s-103 &lt;none&gt; &lt;none&gt;
</code></pre>
<p>同时不同的工作节点上的34807、34808、34809端口也会有对应的服务,代表3个nodePort类型的service已经启动成功。</p>


</google-codelab-step>

</google-codelab>

<script src="https://storage.googleapis.com/claat-public/native-shim.js"></script>
Expand Down

0 comments on commit 2ad0c3e

Please sign in to comment.