• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Recommended Posts

正如我们所知,Kubernetes协调一个高度可用的计算机集群,作为一个单元连接。Kubernetes包含许多抽象概念,允许将容器化的应用程序部署到集群中,而无需将它们附加到一台计算机上。

简言之,Kubernetes就是:

便携式:公共云、私有云、混合云和多云云

可扩展:是模块化的、可插拔的、可连接的和可组合的。

自我修复:自动放置、自动重启、自动复制、自动扩展在本文中,我们将介绍可以在edge、物联网和设备上运行的轻量级Kbernetes引擎MicroK8。Microk8s是一个非常轻量级的k8s发行版,它的特点是体积小,重量轻,安装快。microk8s是用snap包安装的,所以他在Ubuntu上的体验是最好的。毕竟microk8s是Canonical开发的产品。

以下内容来自:https://docs . Microsoft.com/zh-cn/azure/architecture/operator-guides/aks/choose-bare-metal-Kubernetes

MicroK8作为单个快照包交付,可以轻松安装在支持快照.备份安装的Linux计算机上,可用于Windows、macOS和raspberry PI/ARM。安装后,MicroK8s将创建一个单节点集群,可以使用microk8s工具对其进行管理。它与自己的kubectl打包在一起,并且可以启用一些附加组件(例如,helm、dns、Ingress、metallb block等。).它还支持多节点、Windows节点和高可用性(HA)方案。

00-1010有各种各样的资源需求,取决于你想在哪里运行MicroK8s。有关最低资源要求,请参考产品文档。例如:

Ubuntu:4 GB内存,20 GB磁盘空间

Windows:4 GB内存,40 GB磁盘空间

Windows工作负载仅支持使用Calico CNI的MicroK8s集群。

MicroK8s多节点集群中的每个节点都需要自己的运行环境,无论是单台计算机上的独立VM或容器,还是同一网络上的其他计算机。

在某些ARM硬件上运行MicroK8s可能会有困难。请参考文档了解潜在的补救措施。

在国内,由于众所周知的原因,安装microk8s后无法下载gcr.io的docker镜像(详细安装步骤请参考https://microk8s.io/#quick-start.)首先需要安装pullk8s工具。这个工具可以通过hub.docker.com的opsdockerimage仓库下载k8s需要的k8s.gcr.io或者gcr.io图片,每天更新一次,包括全平台所有图片的所有标签。

git克隆https://github.com/OpsDocker/pullk8s.git

cd拉杆8s

sudo CP pull k8s/usr/local/bin/pull k8s

sudo chmod x/usr/local/bin/pullk8s

在下面的步骤中,我们将安装MicroK8s集群,它将安装一组有限的组件,如api-server、controller-manager、scheduler、kubelet、cni、kube-proxy。其他服务,如kube-dns和dashboard,也可以使用microk8s.enable命令运行。

Ubuntu @ VM-0-8-Ubuntu : ~ $ sudo snap install microk8s-classic-channel=1.21/stable

已安装来自Canonical的micro k8s(1.21/稳定版)v1.21.11

详细权限设置见micro k8s https://microk8s.io/docs,官网。为了简化起见,我们可以用kubectl代替microk8s.kubectl

Ubuntu @ VM-0-8-Ubuntu : ~ $ sudo snap别名microk8s.kubectl kubectl

添加:

- microk8s.kubectl as kubectl

检查microk8s是否安装成功:

ubuntu@VM-0-8-ubun

tu:~$ sudo kubectl get nodes -w
NAME           STATUS     ROLES    AGE     VERSION
microk8snode   NotReady   <none>   2m19s   v1.21.11-3+2bdf0a81ac1652
^Cubuntu@VM-0-8-ubuntu:~sudo kubectl describe node microk8snode
Name:               microk8snode
Roles:              <none>
Labels:             beta.kubernetes.io/arch=amd64
                     beta.kubernetes.io/os=linux
                     kubernetes.io/arch=amd64
                     kubernetes.io/hostname=microk8snode
                     kubernetes.io/os=linux
                     microk8s.io/cluster=true
Annotations:        node.alpha.kubernetes.io/ttl: 0
                     volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Sat, 30 Apr 2022 20:47:49 +0800
Taints:             node.kubernetes.io/not-ready:NoSchedule
Unschedulable:      false
Lease:
   HolderIdentity:  microk8snode
   AcquireTime:     <unset>
   RenewTime:       Sat, 30 Apr 2022 20:50:31 +0800
Conditions:
   Type             Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
   ----             ------  -----------------                 ------------------                ------                       -------
   MemoryPressure   False   Sat, 30 Apr 2022 20:47:59 +0800   Sat, 30 Apr 2022 20:47:49 +0800   KubeletHasSufficientMemory   kubelet has sufficient memory available
   DiskPressure     False   Sat, 30 Apr 2022 20:47:59 +0800   Sat, 30 Apr 2022 20:47:49 +0800   KubeletHasNoDiskPressure     kubelet has no disk pressure
   PIDPressure      False   Sat, 30 Apr 2022 20:47:59 +0800   Sat, 30 Apr 2022 20:47:49 +0800   KubeletHasSufficientPID      kubelet has sufficient PID available
   Ready            False   Sat, 30 Apr 2022 20:47:59 +0800   Sat, 30 Apr 2022 20:47:49 +0800   KubeletNotReady              container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized
Addresses:
   InternalIP:  10.0.0.8
   Hostname:    microk8snode
发现错误是 container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized:具体原因就是拉镜像拉不到,具体可以看https://github.com/canonical/microk8s/issues/2042。
我们就需要使用pullk8s 工具来解决,这个工具依赖docker 来拉镜像,安装好docker,然后运行 pullk8s check --microk8s检查被屏蔽的 gcr.io 或 k8s.gcr.io 容器名称:

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo snap install docker
docker 20.10.12 from Canonical✓ installed

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo pullk8s check --microk8s
k8s.gcr.io/pause:3.1

使用 pullk8s 拉取失败的镜像,并导入到 pod 空间中

buntu@VM-0-8-ubuntu:~/pullk8s$ sudo pullk8s pull k8s.gcr.io/pause:3.1 --microk8s
Pull pause:3.1 ...
Pull pause:3.1 ...
3.1: Pulling from opsdockerimage/pause
67ddbfb20a22: Pull complete
Digest: sha256:f78411e19d84a252e53bff71a4407a5686c46983a2c2eeed83929b888179acea
Status: Downloaded newer image for opsdockerimage/pause:3.1
docker.io/opsdockerimage/pause:3.1
Untagged: opsdockerimage/pause:3.1

Untagged: opsdockerimage/pause@sha256:f78411e19d84a252e53bff71a4407a5686c46983a2c2eeed83929b888179acea
unpacking k8s.gcr.io/pause:3.1 (sha256:0968e31df05b727234888883ba43ccaa4ec75566113c75065af5a6124b62d93c)...done

查看Pod运行状态

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo kubectl get nodes
NAME           STATUS   ROLES    AGE   VERSION
microk8snode   Ready    <none>   84m   v1.21.11-3+2bdf0a81ac1652

根据自己的需要,安装仪表板、DNS、私有化Registry、流量及路由控制器等k8s组件

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo microk8s enable dashboard dns registry
Enabling Kubernetes Dashboard
Enabling Metrics-Server
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

检查组件的Pod是否安装成功,发现metrics-server 镜像拉不到

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo kubectl get pods -n kube-system
NAME                                         READY   STATUS             RESTARTS   AGE
dashboard-metrics-scraper-78d7698477-64rpc   1/1     Running            1          14m
hostpath-provisioner-566686b959-m8fff        1/1     Running            1          14m
kubernetes-dashboard-85fd7f45cb-5c8x7        1/1     Running            1          14m
calico-kube-controllers-f7868dd95-nxfzn      1/1     Running            1          101m
calico-node-58n5l                            1/1     Running            1          101m
coredns-7f9c69c78c-9nt4g                     1/1     Running            1          14m
metrics-server-8bbfb4bdb-qj75c               0/1     ImagePullBackOff   0          16m

使用 pullk8s 拉取失败的镜像,并导入到 pod 空间中

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo pullk8s check --microk8s
k8s.gcr.io/metrics-server-amd64:v0.3.6
ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo pullk8s pull k8s.gcr.io/metrics-server-amd64:v0.3.6  --microk8s
Pull metrics-server-amd64:v0.3.6 ...
Pull metrics-server-amd64:v0.3.6 ...
v0.3.6: Pulling from opsdockerimage/metrics-server-amd64
e8d8785a314f: Pull complete
b2f4b24bed0d: Pull complete
Digest: sha256:c9c4e95068b51d6b33a9dccc61875df07dc650abbf4ac1a19d58b4628f89288b
Status: Downloaded newer image for opsdockerimage/metrics-server-amd64:v0.3.6
docker.io/opsdockerimage/metrics-server-amd64:v0.3.6
Untagged: opsdockerimage/metrics-server-amd64:v0.3.6
Untagged: opsdockerimage/metrics-server-amd64@sha256:c9c4e95068b51d6b33a9dccc61875df07dc650abbf4ac1a19d58b4628f89288b
unpacking k8s.gcr.io/metrics-server-amd64:v0.3.6 (sha256:c9cdfb8ea4ace4b65a9a151086e2d3903b22c5c40b01e5b097db73bd3d90d19e)...done

查看Pod运行状态,全部正常:

ubuntu@VM-0-8-ubuntu:~/pullk8s$ sudo kubectl get pods -n kube-system
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-78d7698477-64rpc   1/1     Running   1          25m
hostpath-provisioner-566686b959-m8fff        1/1     Running   1          25m
kubernetes-dashboard-85fd7f45cb-5c8x7        1/1     Running   1          25m
calico-kube-controllers-f7868dd95-nxfzn      1/1     Running   1          111m
calico-node-58n5l                            1/1     Running   1          111m
coredns-7f9c69c78c-9nt4g                     1/1     Running   1          25m
metrics-server-8bbfb4bdb-qj75c               1/1     Running   0          26m

访问仪表板

1. 获取 token 密钥

# token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
# microk8s kubectl -n kube-system describe secret $token
2. 映射端口到外部网卡

# microk8s kubectl port-forward -n kube-system --address=0.0.0.0 service/kubernetes-dashboard 10443:443
3. 浏览器访问

  https://127.0.0.1:10443

其他常用命令:

命令 说明
microk8s dashboard-proxy 配置仪表板访问代理
microk8s start 启动 microk8s
microk8s stop 停止 microk8s
snap alias microk8s.kubectl kubectl 设置别名
microk8s kubectl get all --all-namespace 查看所有命名空间所有pod及服务的状态
配置 microk8s 内置 docker 的 registry.mirrors

编辑 /var/snap/microk8s/current/args/containerd-template.toml 文件
在 endpoint 添加 新的 国内 registry.mirrors , 如 "https://docker.mirrors.ustc.edu.cn"

...
[plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = [
                "https://docker.mirrors.ustc.edu.cn",
                "https://hub-mirror.c.163.com",
                "https://mirror.ccs.tencentyun.com",
                "https://registry-1.docker.io"
          ]

部署示例应用程序

此时,您拥有一个功能齐全的 Kubernetes 集群。以下命令将部署nginx Web应用程序。

kubectl create deployment  nginx --image=nginx:alpine --replicas=1

部署 nginx 后,可以使用以下命令公开应用程序。

kubectl expose deployment nginx --port 80 –target-port 80 --type NodePort --selector=app=nginx --name nginx

我们可以启动lynx,一个基于终端的Web浏览器,使用以下命令访问Nginx应用程序。

image

MicroK8s 为您提供了故障排除工具,以检查出了什么问题。请务必查看常见问题部分,以获取有关解决常见问题的帮助。

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now