Kubernetes :::info 前提条件:

  1. 访问主机CentOS8的和Docker的驱动不兼容,所以不能使用CentOS8以上系列的服务主机
  2. 2核CPU的服务主机(必要)
  3. 大于2G 内存的服务器主机[大于2G是为了防止其他硬件占用内存导致Kubernetes的使用内存不足的问题](必要)
  4. 这里的驱动是基于Docker,如果未安装则需要安装启动Docker,执行命令:yum install -y docker :::

    1、安装minikube

    minikube-latest.x86_64.zip
    1. rpm -Uvh minikube-latest.x86_64.rpm

    2、CentOS安装kubectl

    ```bash

    华为云的镜像仓库

    cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://repo.huaweicloud.com/kubernetes/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 repo_gpgcheck=0 gpgkey=https://repo.huaweicloud.com/kubernetes/yum/doc/yum-key.gpg https://repo.huaweicloud.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

阿里云的镜像仓库

cat < /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

yum -y install kubelet kubeadm kubectl kubernetes-cni

  1. <a name="AdwVc"></a>
  2. ## 3、创建非root用户以及Docker组,并授权
  3. ```bash
  4. useradd fcant
  5. passwd fcant
  6. groupadd docker
  7. usermod -aG docker fcant

:::tips 注意:如果在创建非root用户时已经启动Docker,则需要在用户授权成功后重启Docker使授权生效。
执行命令:systemctl restart docker
避免的问题:
在非root用户启动时,导致无法读取的权限错误。 ::: image.png

4、为非root用户授予root用户权限

:::tips 防止后面的操作中出现创建的非root用户没有权限的错误
image.png :::

  1. sudo visudo
  2. # 或者下面的命令、vim编辑时有高亮提示
  3. vim /etc/sudoers

image.png

5、切换非root用户,启动minikube

国内存在网络问题,所以启动时指定了镜像仓库地址

  1. $ su fcant
  2. $ minikube start --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
  3. 😄  minikube v1.20.0 on Centos 7.6.1810 (amd64)
  4.   Using the docker driver based on existing profile
  5. 👍  Starting control plane node minikube in cluster minikube
  6. 🚜  Pulling base image ...
  7.     > index.docker.io/kicbase/sta...: 358.10 MiB / 358.10 MiB  100.00% 2.78 MiB
  8. 🤷  docker "minikube" container is missing, will recreate.
  9. 🔥  Creating docker container (CPUs=2, Memory=2200MB) ...
  10. 🐳  Preparing Kubernetes v1.20.2 on Docker 20.10.6 ...
  11.      Generating certificates and keys ...
  12.      Booting up control plane ...
  13.      Configuring RBAC rules ...
  14. 🔎  Verifying Kubernetes components...
  15.      Using image registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6 (global image repository)
  16.      Using image registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner:v5 (global image repository)
  17.      Using image registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper:v1.0.4@sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf (global image repository)
  18. 🌟  Enabled addons: default-storageclass, storage-provisioner, dashboard
  19. 🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

image.png

6、配置tunnel外网访问服务

如果未配置tunnel,EXTERNAL-IP列显示的是pending状态
image.png
由于应用部署在集群内部,集群有自己对应的IP,所以外网无法访问,需要用到tunnel。

  1. $ minikube tunnel
  2. [sudo] password for fcant:
  3. Status:
  4.         machine: minikube
  5.         pid: 76873
  6.         route: 10.96.0.0/12 -> 192.168.49.2
  7.         minikube: Running
  8.         services: [ingress-nginx]
  9.     errors:
  10.                 minikube: no errors
  11.                 router: no errors
  12.                 loadbalancer emulator: no errors
  13. Status:
  14.         machine: minikube
  15.         pid: 76873
  16.         route: 10.96.0.0/12 -> 192.168.49.2
  17.         minikube: Running
  18.         services: [ingress-nginx]
  19.     errors:
  20.                 minikube: no errors
  21.                 router: no errors
  22.                 loadbalancer emulator: no errors

注意该命令执行需要输入当前用户的登录密码,命令执行示例如下:
image.png
然后再检查EXTERNAL-IP,可以发现已经有正确的IP了,并且使用curl去访问能得到正确的响应。
image.png