0. Why MicroK8s
在服务器安装完 Ubuntu 20.04 之后,打开终端的 motd (message of the day) 中,会看到这段话:
代码语言:txt复制 * Introducing self-healing high availability clusters in MicroK8s.
Simple, hardened, Kubernetes for production, from RaspberryPi to DC.
https://microk8s.io/high-availability MicroK8s 相对于其他的实现主要有以下的优势:
- 轻量:与Minikube不同,它不需要VirtualBox,因此可以在虚拟服务器上运行。
- 简单:用他们官网的话来说,that ‘just work’。
- 全面:具有Istio,Knative和Kubeflow等全面功能,非常适合学习Kubernetes。
1. 安装和初始化
通过 snap 安装 MicroK8s
参照文档
代码语言:shell复制sudo snap install microk8s --classic 如果是国内服务器,访问 snap 仓库的速度很慢,而且 snap 的商业模式注定了不会有镜像服务,于是我们需要给 snap 配置代理服务器
参照 snap 的文档配置 proxy,然后重新安装。 注意其中代理服务器 http://127.0.0.1:1087 是我在服务器上启的 v2 客户端提供的 http inbound 地址,每个人可能不同。
sudo snap set system proxy.http="http://127.0.0.1:1087"
sudo snap set system proxy.https="http://127.0.0.1:1087"
sudo snap install microk8s --classic然后,等着速度起飞
如果你恰巧运气不好... 代理速度也不理想,那么这里还提供了离线安装的方式,我们可以把安装包 scp 到服务器上进行安装。
初始化
设置无需 sudo 执行 microk8s 命令
配置当前用户到 microk8s 用户组,这样就不用加 sudo 使用 microk8s 命令了
代码语言:shell复制sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube检查状态并等待初始化
检查 microk8s 的状态, 加参数--wait-ready 阻塞到初始化成功
microk8s status --wait-ready这一步会拉镜像,大概率国内网络又会卡住... 此时就需要给 microk8s 配置代理,或者配置镜像
- 给 MicroK8s 配置代理的方式:
这种方式比较适合你有一个很快的代理的情况,配置一劳永逸,流程可以参考 https://microk8s.io/docs/install-proxy 主要是编辑
/var/snap/microk8s/current/args/containerd-env这个文件,
HTTPS_PROXY=https://squid.internal:3128
NO_PROXY=10.1.0.0/16,10.152.183.0/24
#
# Some additional environment variables
#
ulimit -n 65536 || true
ulimit -l 16384 || true文件里有提示如何修改,然后 microk8s stop , microk8s start 重启生效
- 修改 MicroK8s dockerhub registry 镜像的方式
如果要配置镜像,要注意本机安装的 docker 镜像配置是不生效的,因为 MicroK8s 使用的是内建的 containerd,查找文档后发现要编辑
/var/snap/microk8s/current/args/containerd-template.toml这个文件
找到下面的段落,把其中的 docker.io 的地址改成可用的 dockerhub 镜像
代码语言:text复制 # 'plugins."io.containerd.grpc.v1.cri".registry' contains config related to the registry
[plugins."io.containerd.grpc.v1.cri".registry]
# 'plugins."io.containerd.grpc.v1.cri".registry.mirrors' are namespace to mirror mapping for all namespaces.
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io", ] # 修改这一行
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:32000"]
endpoint = ["http://localhost:32000"]然后需要重启microk8s, 一样还是 microk8s stop , microk8s start
配置代理或者镜像之后,不出意外,又可以起飞了,继续执行我们未完成的命令,执行成功后,终端输出如下,可以看到各种 addon 的开启状态
代码语言:txt复制high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
ha-cluster # Configure high availability on the current node
disabled:
ambassador # Ambassador API Gateway and Ingress
cilium # SDN, fast with full network policy
dashboard # The Kubernetes dashboard
dns # CoreDNS
fluentd # Elasticsearch-Fluentd-Kibana logging and monitoring
gpu # Automatic enablement of Nvidia CUDA
helm # Helm 2 - the package manager for Kubernetes
helm3 # Helm 3 - Kubernetes package manager
host-access # Allow Pods connecting to Host services smoothly
ingress # Ingress controller for external access
istio # Core Istio service mesh services
jaeger # Kubernetes Jaeger operator with its simple config
keda # Kubernetes-based Event Driven Autoscaling
knative # The Knative framework on Kubernetes.
kubeflow # Kubeflow for easy ML deployments
linkerd # Linkerd is a service mesh for Kubernetes and other frameworks
metallb # Loadbalancer for your Kubernetes cluster
metrics-server # K8s Metrics Server for API access to service metrics
multus # Multus CNI enables attaching multiple network interfaces to pods
portainer # Portainer UI for your Kubernetes cluster
prometheus # Prometheus operator for monitoring and logging
rbac # Role-Based Access Control for authorisation
registry # Private image registry exposed on localhost:32000
storage # Storage class; allocates storage from host directory
traefik # traefik Ingress controller for external access至此,环境已经初始化成功了, 可以通过 microk8s kubectl get nodes 和 microk8s kubectl get services 当前的节点和服务状态
简化 kubectl 命令
默认 kubectl 访问需要带上 microk8s 前缀,可以通过配置 alias 简化命令
在 ~/.bash_aliases 中加入 alias kubectl='microk8s kubectl',source 之后直接使用 kubectrl 即可
2.试水
kubectl 默认是最简化安装,大量的addons都没有安装,我们来尝试安装 dns 和 dashboard 组件
执行如下命令
代码语言:shell复制microk8s enable dns dashboard可以得到如下的输出
代码语言:txt复制Enabling DNS
Applying manifest
serviceaccount/coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
clusterrole.rbac.authorization.k8s.io/coredns created
clusterrolebinding.rbac.authorization.k8s.io/coredns created
Restarting kubelet
DNS is enabled
Enabling Kubernetes Dashboard
Enabling Metrics-Server
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19 , unavailable in v1.22 ; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/microk8s-admin created
Metrics-Server is enabled
Applying manifest
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
If RBAC is not enabled access the dashboard using the default token retrieved with:
token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token
In an RBAC enabled setup (microk8s enable RBAC) you need to create a user with restricted
permissions as shown in:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md说明组件安装成功, 然后按照输出里的提示,获取 dashboard 的登陆 token
然后,为 dashboard 设置端口转发
代码语言:shell复制kubectl port-forward -n kube-system service/kubernetes-dashboard --address=0.0.0.0 10443:443此时就可以从 10443 端口访问到 dashboard 了, 不过由于是自签名的证书,可能会提示证书无效, 我们先不管他
执行microk8s status,可以发现刚才装上的两个组件已经处于启用状态了
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dashboard # The Kubernetes dashboard
dns # CoreDNS
ha-cluster # Configure high availability on the current node
metrics-server # K8s Metrics Server for API access to service metrics最后,我们部署一个应用,并查看他的状态,这里以nginx为例:
代码语言:shell复制microk8s kubectl create deployment nginx --image=nginx
microk8s kubectl get pods可以看到nginx已经跑起来了
代码语言:shell复制NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-wjdl8 1/1 Running 0 12s给这个pod开启一个端口转发
代码语言:shell复制kubectl port-forward nginx-6799fc88d8-wjdl8 8000:80 --address=0.0.0.0然后,访问端口,熟悉的nginx欢迎页面就出现了
到这里,microk8s 的环境就配置好啦!
