Home | 简体中文 | 繁体中文 | 杂文 | 打赏(Donations) | Github | OSChina 博客 | 云社区 | 云栖社区 | Facebook | Linkedin | 知乎专栏 | 视频教程 | About

第 2 章 Kubernetes


2.1. Minikube
2.1.1. 安装 BIOS 设置 CentOS Mac OS
2.1.2. Quickstart
2.1.3. minikube 命令 启动 minikube 虚拟机驱动 指定 registry-mirror 镜像 开启GPU 日志输出级别 CPU 和 内存分配 指定 kubernetes 版本 配置启动项 停止 minikube 缓存镜像 清理 minikube Kubernetes 控制面板 service 查看日志 查看 Docker 环境变量 addons 启用 addons 查看 addons 列表 SSH 查看IP地址
2.1.4. FAQ This computer doesn't have VT-X/AMD-v enabled. Enabling it in the BIOS is mandatory ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables ERROR ImagePull 证书已存在错误
2.2. microk8s
2.2.1. 安装 microk8s
2.2.2. kubectl
2.2.3. Kubernetes Addons dashboard
2.3. kubectl - controls the Kubernetes cluster manager.
2.3.1. 如何从 docker 过渡到 kubectl 命令
2.3.2. 节点
2.3.3. pod
2.3.4. pods
2.3.5. 查询集群状态
2.3.6. cluster-info
2.3.7. create 创建命名空间
2.3.8. edit
2.3.9. config use-context
2.3.10. nodes
2.3.11. service 列出服务 删除服务 删除 pod
2.3.12. 查看 pod 日志
2.3.13. 查看 Pod 的事件
2.3.14. 执行 Shell
2.4. Rancher - Multi-Cluster Kubernetes Management
2.4.1. 安装 Ubuntu SSL 证书 进入容器 Rancher CLI rancher-compose
2.4.2. 快速入门 API
2.4.3. Rancher CLI 登陆 Rancher 查看集群 查看节点 catalog 查看设置
2.4.4. Rancher Compose Rancher Compose 命令 操作演示
2.4.5. Rancher Kubernetes Engine (RKE)
2.4.6. Rancher CLI
2.4.7. 调试
2.4.8. FAQ [network] Host [rancher.netkiller.cn] is not able to connect to the following ports: [rancher.netkiller.cn:2379]. Please check network policies and firewall rules
2.5. Helm - The package manager for Kubernetes
2.5.1. 安装 Helm Ubuntu Mac
2.5.2. 快速开始
2.5.3. Helm 命令 初始化 Helm 查看仓库列表 搜索 查看包信息 安装 列表 删除 升级 回滚 查看状态
2.5.4. Helm Faq
2.6. Kubeapps

2.1. Minikube

2.1.1. 安装 BIOS 设置


egrep --color 'vmx|svm' /proc/cpuinfo			

如果没有任何输出,请重启服务器进入 BIOS 启用 VT-X 或 AMD-v CentOS

curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.13.2/bin/linux/amd64/kubectl && chmod +x kubectl && sudo cp kubectl /usr/local/bin/ && rm kubectl			
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \
  && install minikube-linux-amd64 /usr/local/bin/minikube			

尝试运行 minikube 如果输出帮助信息表示安装成功

minikube version
minikube version: v0.33.1			

echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables			 Mac OS

$ brew cask install virtualbox
$ brew cask install minikube
$ brew install kubectl
$ brew install kubernetes-helm
$ minikube start —vm-driver=virtualbox
$ minikube dashboard			

2.1.2. Quickstart


minikube start

运行一个 echoserver 镜像

kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
kubectl expose deployment hello-minikube --type=NodePort
minikube service hello-minikube

查询 echoserver 访问地址

minikube service hello-minikube --url		



minikube stop
minikube delete		

例 2.1. minikube 操作演示

快速开始使用 minikube 运行一个镜像

[root@localhost ~]# kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/hello-minikube created

[root@localhost ~]# kubectl expose deployment hello-minikube --type=NodePort
service/hello-minikube exposed

[root@localhost ~]# minikube service hello-minikube
Opening kubernetes service default/hello-minikube in default browser...		

[root@localhost ~]# kubectl get pod
NAME                              READY   STATUS    RESTARTS   AGE
hello-minikube-5c856cbf98-6vfvp   1/1     Running   0          6m59s

[root@localhost ~]# minikube service hello-minikube --url

[root@localhost ~]# curl
real path=/

server_version=nginx: 1.10.0 - lua: 10001

-no body in request-

2.1.3. minikube 命令

[root@localhost ~]# minikube
Minikube is a CLI tool that provisions and manages single-node Kubernetes clusters optimized for development workflows.

  minikube [command]

Available Commands:
  addons         Modify minikube's kubernetes addons
  cache          Add or delete an image from the local cache.
  completion     Outputs minikube shell completion for the given shell (bash or zsh)
  config         Modify minikube config
  dashboard      Access the kubernetes dashboard running within the minikube cluster
  delete         Deletes a local kubernetes cluster
  docker-env     Sets up docker env variables; similar to '$(docker-machine env)'
  help           Help about any command
  ip             Retrieves the IP address of the running cluster
  logs           Gets the logs of the running instance, used for debugging minikube, not user code
  mount          Mounts the specified directory into minikube
  profile        Profile sets the current minikube profile
  service        Gets the kubernetes URL(s) for the specified service in your local cluster
  ssh            Log into or run a command on a machine with SSH; similar to 'docker-machine ssh'
  ssh-key        Retrieve the ssh identity key path of the specified cluster
  start          Starts a local kubernetes cluster
  status         Gets the status of a local kubernetes cluster
  stop           Stops a running local kubernetes cluster
  tunnel         tunnel makes services of type LoadBalancer accessible on localhost
  update-check   Print current and latest version number
  update-context Verify the IP address of the running cluster in kubeconfig.
  version        Print the version of minikube

      --alsologtostderr                  log to standard error as well as files
  -b, --bootstrapper string              The name of the cluster bootstrapper that will set up the kubernetes cluster. (default "kubeadm")
  -h, --help                             help for minikube
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --logtostderr                      log to standard error instead of files
  -p, --profile string                   The name of the minikube VM being used.  
                                         	This can be modified to allow for multiple minikube instances to be run independently (default "minikube")
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          log level for V logs
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Use "minikube [command] --help" for more information about a command.		 启动 minikube 虚拟机驱动


minikube start --vm-driver=none
 指定 registry-mirror 镜像
minikube start --registry-mirror=https://registry.docker-cn.com
minikube start --vm-driver kvm2 --gpu				


minikube start --v=7			
 CPU 和 内存分配
minikube start --memory 8000 --cpus 2			
 指定 kubernetes 版本
minikube start --memory 8000 --cpus 2 --kubernetes-version v1.6.0					
minikube start --extra-config=apiserver.v=10 --extra-config=kubelet.max-pods=100				
	 停止 minikube

[root@localhost ~]# minikube stop
Stopping local Kubernetes cluster...
Machine stopped.			 缓存镜像

# cache a image into $HOME/.minikube/cache/images

$ minikube cache add ubuntu:16.04
$ minikube cache add redis:3

# list cached images
$ minikube cache list

# delete cached images
$ minikube cache delete ubuntu:16.04
$ minikube cache delete $(minikube cache list) 清理 minikube

minikube delete
rm ~/.minikube 
minikube start Kubernetes 控制面板


minikube dashboard


$ minikube dashboard --url			 service

[root@localhost ~]# minikube service hello-minikube --url			 查看日志

minikube logs -v10			 查看 Docker 环境变量

minikube docker-env addons 启用 addons
minikube addons enable heapster
minikube addons enable ingress		

启用 WebUI

[root@localhost ~]# minikube addons enable dashboard
dashboard was successfully enabled
[root@localhost ~]# minikube addons list | grep dashboard
- dashboard: enabled				
 查看 addons 列表
[root@localhost ~]# minikube addons list
- addon-manager: enabled
- dashboard: enabled
- default-storageclass: enabled
- efk: disabled
- freshpod: disabled
- gvisor: disabled
- heapster: disabled
- ingress: disabled
- kube-dns: disabled
- metrics-server: disabled
- nvidia-driver-installer: disabled
- nvidia-gpu-device-plugin: disabled
- registry: disabled
- registry-creds: disabled
- storage-provisioner: enabled
- storage-provisioner-gluster: disabled			

--vm-driver=none 不支持 ssh

[root@localhost ~]# minikube ssh
'none' driver does not support 'minikube ssh' command			 查看IP地址

[root@localhost ~]# minikube ip			

2.1.4. FAQ This computer doesn't have VT-X/AMD-v enabled. Enabling it in the BIOS is mandatory

检查一下 BIOS 是否开启 VT-X/AMD-v

如果在虚拟机安装 Minikube 也会遇到这个问题。 可以使用 --vm-driver=none 参数启动。

neo@ubuntu:~$ sudo minikube start --vm-driver=none ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables


echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables

然后在 minikube start ERROR ImagePull

[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: 3.1: Pulling from pause Get https://k8s.gcr.io/v2/pause/manifests/sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610: net/http: TLS handshake timeout


[root@localhost ~]# minikube start --vm-driver=none --registry-mirror=https://registry.docker-cn.com			 证书已存在错误

启动提示如下错误,一般出现这种错误是因为 minikube stop, minikube delete 后再重启 minikube start

error execution phase kubeconfig/admin: a kubeconfig file "/etc/kubernetes/admin.conf" exists already but has got the wrong CA cert	
error execution phase kubeconfig/kubelet: a kubeconfig file "/etc/kubernetes/kubelet.conf" exists already but has got the wrong CA cert
error execution phase kubeconfig/controller-manager: a kubeconfig file "/etc/kubernetes/controller-manager.conf" exists already but has got the wrong CA cert
error execution phase kubeconfig/scheduler: a kubeconfig file "/etc/kubernetes/scheduler.conf" exists already but has got the wrong CA cert


[root@localhost ~]# mv /etc/kubernetes/admin.conf /etc/kubernetes/admin.conf.backup
[root@localhost ~]# mv /etc/kubernetes/kubelet.conf /etc/kubernetes/kubelet.conf.backup
[root@localhost ~]# mv /etc/kubernetes/controller-manager.conf /etc/kubernetes/controller-manager.conf.backup
[root@localhost ~]# mv /etc/kubernetes/scheduler.conf /etc/kubernetes/scheduler.conf.backup

现在启动 minikube start 不会再出错

[root@localhost ~]# minikube start --vm-driver=none
Starting local Kubernetes v1.13.2 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Stopping extra container runtimes...
Starting cluster components...
Verifying kubelet health ...
Verifying apiserver health ...
Kubectl is now configured to use the cluster.
	The 'none' driver will run an insecure kubernetes apiserver as root that may leave the host vulnerable to CSRF attacks

When using the none driver, the kubectl config and credentials generated will be root owned and will appear in the root home directory.
You will need to move the files to the appropriate location and then set the correct permissions.  An example of this is below:

	sudo mv /root/.kube $HOME/.kube # this will write over any previous configuration
	sudo chown -R $USER $HOME/.kube
	sudo chgrp -R $USER $HOME/.kube

	sudo mv /root/.minikube $HOME/.minikube # this will write over any previous configuration
	sudo chown -R $USER $HOME/.minikube
	sudo chgrp -R $USER $HOME/.minikube

This can also be done automatically by setting the env var CHANGE_MINIKUBE_NONE_USER=true
Loading cached images from config file.

Everything looks great. Please enjoy minikube!