Installation, Configuration & Validation(12%) [安装,配置和验证 占比 12%]
kubernetes.io > Documentation > Reference > kubectl CLI > kubectl Cheat Sheet
kubernetes.io > Documentation > Tutorials > Using Minikube to create a cluster
kubernetes.io > Documentation > Getting Started > Production Environment > installing kubernetes with deployment tools > Bootstrapping cluster with kubeadm > creating a single control-plane cluster with kubeadm
kubernetes.io > Documentation > Concepts > Cluster Administration > Cluster Networking
kubernetes.io > Documentation > Tasks > TLS > Manage TLS Certificates in a cluster
kubernetes.io > Documentation > Getting Started > Production Environment > Installing Kubernetes with deployment tools > Bootstrapping clusters with kubeadm > Creating Highly Available clusters with kubeadm
kubernetes.io > Documentation > Getting Started > Release notes and version skew
提供部署 Kubernetes 集群的基础设施 > Kubernetes the hard way
Kubernetes 端到端测试 > End to end Test
Install Kubernetes masters and worker nodes [安装 Kubernetes 主节点以及工作节点]
show 如果你想通过 Kubeadm 来实现, 请遵循以下步骤: 在所有节点上运行下列命令, 以准备环境:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
$ curl 0fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo apt-key add-
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu (l sb_r el ease - cs) \ st abl e"
$ curl -s https://packages.cloud.google.com/apt/doc/apt-get.gpg | \
sudo apt-key add -
$ cat << EOF | sudo tee
/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/kubernetes-xenial main
EOF
$ sudo apt-get update
$ sudo apt-get install -y docker18.06.1~ce~3-0~ubuntu \
kubelet=1.13.5-00 kubeadm=1.13.5-00 kubectl=1.13.5-00"
$ sudo apt-mark hold docker-ce kubelet kubeadm kubectlk
$ echo "net.bridge.bridge-nf-call-iptables=1" | \
sudo tee -a /etc/sysctl.conf
$sudo sysctl -p
|
在 Master 运行如下程序,并安装组件:
1
2
3
4
5
6
7
|
# 假设您将使用 `flannel` 作为 POD 网络, 其中 10.244.0.0/16 是强制性要求
$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16
$ mkdir 0p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $Home/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl apply -f \
https://raw.githubsercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
|
运行该命令将 worker 节点与 master 节点连接起来
1
2
|
$ sudo kubeadm join
$ kubectl get nodes -o wide
|
Configure secure cluster communications [配置安全的集群通信]
show
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# 创建 CA 私钥
$ openssl genrsa -out ca.key 2048
# 使用私钥创建 CSR
$ openssl req -new -key ca.key -subj "/CN=KUBERNETES_CA" \
-out ca.csr
# 使用自己的私钥自签署 csr
$ openssl x509 -req -in ca.csr -signkey ca.key \
-CAcreateserial out ca.crt -days 1000
# 为管理用户生成私钥
$ openssl genrsa -out admin.key 2048
# 为管理用户生成 CSR. 注意 OUT.
$ openssl req -new -key admin.key -subj "CN=admin/O=system:masters" \
-out.csr
# 使用 CA 服务器私钥为管理用户签署证书
$ openssl x509 -req -in admin.csr -CA ca.crt \
-CAkey ca.key -CAcreateserial -out admin.crt -days 1000
# 生成 kube-controller-manager 客户端证书和私钥
$ openssl genrsa -out kube-controller-manager.key 2048
$ openssl req -new -key kube-controller-manager.key \
-subj "/CN=system:kube-controller-manager" \
-out kube-controller-manager.csr
$ openssl x509 -req -in kube-controller-manager.csr \
-CA ca.crt -CAkey ca.key -CAcreateserial -out kube-contro
# 生成 kube-proxy 客户端证书和私钥
$ openssl genrsa -out kube-proxy.key 2048
$ openssl req -new -key kube-proxy.key -subj "/CN=system:kube-proxy" \
-out kube-proxy.csr
$ openssl x509 -req -in kube-proxy.csr -CA ca.crt \
-CAkey ca.key -CAcreateserial -out kube-proxy.crt -days 1000
# 生成 kube-scheduler 客户端证书和私钥
$ openssl genrsa -out kube-scheduler.key 2048
$ openssl req -new -key kube-scheduler.key \
-subj "/CN=system:kube-scheduler" -out kube-scheduler.csr
$ openssl x509 -req -in kube-scheduler.csr -CA ca.crt \
-CAkey ca.key -CAcreateserial -out kube-scheduler -days 1000
# Kubernetes API 服务证书
cat > openssl.cnf <<EOF
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyuUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt-names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
IP.1 = 10.96.0.1
IP.2 = 192.168.5.11
IP.3 = 192.168.5.12
IP.4 = 192.168.5.30
EOF
# 为 kube-apiserver 生成证书
$ openssl genrsa -out kube-apiserver.key 2048
$ openssl req -new -key kube-apiserver.key -subj "/CN=kube-apiserver" \
-out kube-apiserver.csr -config openssl.cnf
$ openssl x509 -req -in kube-apiserver.csr -CA ca.crt \
-CAkey ca.key -CAcreateserial -out kube-apiserver \
-extensions v3_req -extfile openssl.cnf -days 1000
# ETCD 服务证书
$ cat > openssl-etcd.cnf <<EOF
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = 192.168.5.11
IP.2 = 192.168.5.12
IP.3 = 127.0.0.1
EOF
# 为 ETCD 生成证书
$ openssl genrsa -out service-account.key 2048
$ openssl req -new -key service-account.key \
-subj "/CN=service-accounts" -out service-account.csr
$ open ssl x509 -req -in service-account.csr -CA ca.crt \
-CAkey ca.key -CAcreateserial -out service-account.crt \
-days 1000
|
Configure a Highly-Available Kubernetes cluster
show 如果您想在多个实例之间分发
etcd 服务, 请遵循以下步骤:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
$ kubectl get endpoints kube-scheduler -n kube-system -o yaml
$ kube-controller-manager --leader-elect true
$ cat /etc/systemd/system/kube-apiserver.service
# --etcd-servers=https://IP:2379, https://IP:2379
$ wget -q --https-only "https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz"
$ tar -xvf ecd-v3.3.9-linux-amd64.tar.gz
$ mkdir -p /etc/etcd /var/lib/etcd
$ cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd
$ etcd.service
# --initial-cluster peer-1=https://${PEER1_IP}:2380,peer-2=https://${PPER2_IP}:2380
$ export ETCDCTL_API=3
# 使用栈 etcd 初始化集群.
$ sudo kubeadm init --config=kubeadm-config.yaml
|
如你只想有多个 kube-api 服务, 请遵循以下步骤:
1
2
3
4
|
apirVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: stable
controPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT"
|
1
|
$ sudo kubeadm init --config=kubeadm-config.yaml
|
Know where to get the Kubernetes release binaries [了解从哪里获得 Kubernetes 发布的二进制文件]
show
Kubernetes GitHub 主仓库地址 : github.com/kubernetes/…
$ weget https://github.com/kubernetes/kubernetes/release/download/v1.13.5/kubernetes.tar.gz
$ tar -xzvf kubernetes.tar.gz
$ cd kubernetes
要下载集群操作系统的实际二进制文件, 请运行如下命令:
$ cluster/get-kube-binaries.sh
$ cd server
$ tar -xzvf kubernetes-server-linux-amd64.tar.gz
$ ls kubernetes/server/bin
Choose a network solution [选择一个网络解决方案]
show
网路插件 CNI 扩展了 Kubernetes 的功能. 使用此链接可以查看各种不同的插件:
kubernetes.io/docs/concep…
Run end-to-end tests on your cluster [运行段对端测试在您的集群中]
show
验证你可以运行如下的检查项目:
1. Deployments 是否可运行
2. Pods 是否可运行
3. Pods 是否可直接访问
4. Logs 是否可收集
5. 控制台是否可在 Pod 中运行
6. Services 是否可提供访问
7. Node 是否健康
8. Pod 是否健康
$ kubectl run nginx --image=nginx
$ kubectl get deployments
$ kubectl get pod
$ kubectl get pods -n kube-system
$ kubectl port-forward nginx 8081:80
$ curl --head http://127.0.0.1:8081
$ kubectl logs nginx
$ kubectl exec -it nginx --nginx -v
$ kubectl expose deployment nginx --port 80 --type NodePort
$ kubectl get services
$ curl -I localhost:<node port>
$ kubectl get nodes
$ kubectl describe nodes
$ kubectl describe pods
Analyse end-to-end tests results [分析端到端测试结果]
show
$ go get -u k8s.io/test-infra/kubetest
$ kubetest --extract=v1.11.3
$ export KUBE_MASTER_IP="IP ADDRESS"
$ export KUBE_MASTER=<master host>
$ cd kubernetes
$ kubetest --test --provider=skeleton > output.txt
为了一致性测试运行如下命令:
$ kubetest --test --provider=skeleton \
--test_args="--ginkgo.focus=\[Conformance\]" > output.txt
Run Node end-to-end tests [运行端对端测试]
show
$ kubectl get pods
$ kubectl get pods -n kube-system
$ service kube-apiserver status
$ service kube-controller-manager status
$ service kube-scheduler status
$ service kubelet status
$ service kube-proxy status
$ kubectl run nginx --image=nginx
$ kubectl scale replicas=3 deploy/nginx
Kubernetes 测试套件位于 -> github.com/kubernetes/…
