1. Kubernetes集群安装
Kubernetes是一个开源的容器编排平台,用于自动化容器的部署、扩展和管理。更多学习教程www.fgedu.net.cn
# 准备工作
# 关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
# 关闭SELinux
# setenforce 0
# sed -i ‘s/SELINUX=enforcing/SELINUX=permissive/’ /etc/selinux/config
# 关闭swap
# swapoff -a
# sed -i ‘/swap/s/^/#/’ /etc/fstab
# 配置内核参数
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# sysctl --system
# 安装Docker
# yum install -y docker
# systemctl start docker
# systemctl enable docker
# 添加Kubernetes仓库
# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
# 安装kubeadm、kubelet和kubectl
# yum install -y kubeadm kubelet kubectl
# systemctl enable kubelet
# 初始化集群(master节点)
# kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16
# 配置kubectl
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件(Calico)
# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# 加入工作节点
# kubeadm join 192.168.1.100:6443 --token
# 验证集群状态
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 1h v1.21.0
node1 Ready
node2 Ready
2. Kubernetes架构与组件
Kubernetes集群由控制平面和工作节点组成,包含多个核心组件。学习交流加群风哥微信: itpux-com
# kubectl get componentstatuses
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {“health”:”true”}
# 查看控制平面组件
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-node-abcde 1/1 Running 0 1h
calico-node-fghij 1/1 Running 0 1h
calico-node-klmno 1/1 Running 0 1h
coredns-1234567890-abcd 1/1 Running 0 1h
coredns-1234567890-efgh 1/1 Running 0 1h
etcd-master 1/1 Running 0 1h
kube-apiserver-master 1/1 Running 0 1h
kube-controller-manager-master 1/1 Running 0 1h
kube-proxy-ijklm 1/1 Running 0 1h
kube-proxy-nopqr 1/1 Running 0 1h
kube-proxy-stuvw 1/1 Running 0 1h
kube-scheduler-master 1/1 Running 0 1h
# 查看节点信息
# kubectl describe node master
Name: master
Roles: control-plane,master
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=master
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node-role.kubernetes.io/master=
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Fri, 30 Mar 2026 10:00:00 +0800
Taints: node-role.kubernetes.io/master:NoSchedule
Unschedulable: false
Lease: HolderIdentity: master
AcquireTime:
RenewTime: Fri, 30 Mar 2026 11:00:00 +0800
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
—- —— —————– —————— —— ——-
Ready True Fri, 30 Mar 2026 11:00:00 +0800 Fri, 30 Mar 2026 10:00:00 +0800 KubeletReady kubelet is posting ready status
Addresses:
InternalIP: 192.168.1.100
Hostname: master
Capacity:
cpu: 8
ephemeral-storage: 500Gi
memory: 16Gi
pods: 110
Allocatable:
cpu: 8
ephemeral-storage: 468Gi
memory: 15Gi
pods: 110
System Info:
Machine ID: abcdef12-3456-7890-abcd-efghijklmnop
System UUID: ABCDEF12-3456-7890-ABCD-EFGHIJKLMNOP
Boot ID: 12345678-90ab-cdef-ghij-klmnopqrstuv
Kernel Version: 5.4.17-2136.302.7.2.el7uek.x86_64
OS Image: Oracle Linux Server 7.9
Container Runtime Version: docker://20.10.8
Kubelet Version: v1.21.0
Kube-Proxy Version: v1.21.0
3. Kubernetes资源管理
Kubernetes使用各种资源对象来管理集群中的应用和服务。
# kubectl api-resources
# 创建Pod
# vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
– name: nginx
image: nginx:latest
ports:
– containerPort: 80
# 应用Pod配置
# kubectl apply -f pod.yaml
# 查看Pod状态
# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 5m
# 创建Deployment
# vi deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
– name: nginx
image: nginx:latest
ports:
– containerPort: 80
# 应用Deployment配置
# kubectl apply -f deployment.yaml
# 查看Deployment状态
# kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 3/3 3 3 10m
# 扩展Deployment
# kubectl scale deployment nginx-deployment –replicas=5
# 查看Pod数量
# kubectl get pods | grep nginx
nginx-deployment-1234567890-abcde 1/1 Running 0 10m
nginx-deployment-1234567890-fghij 1/1 Running 0 10m
nginx-deployment-1234567890-klmno 1/1 Running 0 10m
nginx-deployment-1234567890-pqrst 1/1 Running 0 2m
nginx-deployment-1234567890-uvwxy 1/1 Running 0 2m
4. 应用部署与管理
在Kubernetes中部署和管理应用需要使用各种资源对象,如Deployment、StatefulSet、DaemonSet等。学习交流加群风哥QQ113257174
# vi statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql-statefulset
spec:
serviceName: mysql
replicas: 3
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
– name: mysql
image: mysql:5.7
env:
– name: MYSQL_ROOT_PASSWORD
value: “P@ssw0rd”
ports:
– containerPort: 3306
volumeMounts:
– name: mysql-data
mountPath: /var/lib/mysql
volumeClaimTemplates:
– metadata:
name: mysql-data
spec:
accessModes: [“ReadWriteOnce”]
resources:
requests:
storage: 10Gi
# 应用StatefulSet配置
# kubectl apply -f statefulset.yaml
# 创建DaemonSet(在每个节点上运行一个Pod)
# vi daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
– name: fluentd
image: fluent/fluentd:v1.12
volumeMounts:
– name: varlog
mountPath: /var/log
– name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
– name: varlog
hostPath:
path: /var/log
– name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
# 应用DaemonSet配置
# kubectl apply -f daemonset.yaml
# 查看DaemonSet状态
# kubectl get daemonset -n kube-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
fluentd 3 3 3 3 3
5. 服务与网络管理
Kubernetes服务用于暴露应用,使其可以被集群内部或外部访问。更多学习教程公众号风哥教程itpux_com
# vi service-clusterip.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx
spec:
selector:
app: nginx
ports:
– port: 80
targetPort: 80
type: ClusterIP
# 应用Service配置
# kubectl apply -f service-clusterip.yaml
# 创建NodePort服务(外部访问)
# vi service-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service-nodeport
spec:
selector:
app: nginx
ports:
– port: 80
targetPort: 80
nodePort: 30080
type: NodePort
# 应用Service配置
# kubectl apply -f service-nodeport.yaml
# 创建LoadBalancer服务(云环境)
# vi service-loadbalancer.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service-loadbalancer
spec:
selector:
app: nginx
ports:
– port: 80
targetPort: 80
type: LoadBalancer
# 应用Service配置
# kubectl apply -f service-loadbalancer.yaml
# 查看Service状态
# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service ClusterIP 10.96.123.45
nginx-service-nodeport NodePort 10.96.67.89
nginx-service-loadbalancer LoadBalancer 10.96.234.56
# 创建Ingress(HTTP/HTTPS路由)
# vi ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
– host: nginx.fgedu.local
http:
paths:
– path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
# 应用Ingress配置
# kubectl apply -f ingress.yaml
6. 存储管理
Kubernetes提供了多种存储方案,包括持久卷(PV)、持久卷声明(PVC)等。
# vi pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-10g
spec:
capacity:
storage: 10Gi
accessModes:
– ReadWriteOnce
hostPath:
path: /data/pv-10g
# 应用PV配置
# kubectl apply -f pv.yaml
# 创建持久卷声明(PVC)
# vi pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-5g
spec:
accessModes:
– ReadWriteOnce
resources:
requests:
storage: 5Gi
# 应用PVC配置
# kubectl apply -f pvc.yaml
# 查看PV和PVC状态
# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pv-10g 10Gi RWO Retain Bound default/pvc-5g 10m
# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc-5g Bound pv-10g 10Gi RWO 5m
# 在Pod中使用PVC
# vi pod-with-pvc.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-with-pvc
spec:
containers:
– name: nginx
image: nginx:latest
volumeMounts:
– name: nginx-storage
mountPath: /usr/share/nginx/html
volumes:
– name: nginx-storage
persistentVolumeClaim:
claimName: pvc-5g
# 应用Pod配置
# kubectl apply -f pod-with-pvc.yaml
7. 安全管理
Kubernetes安全管理包括RBAC权限控制、Secret管理、网络策略等。author:www.itpux.com
# kubectl create serviceaccount my-serviceaccount
# 创建Role
# vi role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
rules:
– apiGroups: [“”]
resources: [“pods”]
verbs: [“get”, “watch”, “list”]
# 应用Role配置
# kubectl apply -f role.yaml
# 创建RoleBinding
# vi rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
subjects:
– kind: ServiceAccount
name: my-serviceaccount
namespace: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
# 应用RoleBinding配置
# kubectl apply -f rolebinding.yaml
# 创建Secret
# kubectl create secret generic mysql-secret –from-literal=password=P@ssw0rd
# 查看Secret
# kubectl get secrets
NAME TYPE DATA AGE
mysql-secret Opaque 1 5m
# 在Pod中使用Secret
# vi pod-with-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql-with-secret
spec:
containers:
– name: mysql
image: mysql:5.7
env:
– name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
# 应用Pod配置
# kubectl apply -f pod-with-secret.yaml
# 创建网络策略
# vi networkpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-nginx
namespace: default
spec:
podSelector:
matchLabels:
app: nginx
ingress:
– from:
– podSelector:
matchLabels:
app: frontend
ports:
– protocol: TCP
port: 80
# 应用网络策略配置
# kubectl apply -f networkpolicy.yaml
8. 监控与日志
Kubernetes集群的监控和日志管理是确保系统稳定运行的重要组成部分。
# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
# helm repo update
# helm install prometheus prometheus-community/kube-prometheus-stack
# 查看安装状态
# kubectl get pods -n default | grep prometheus
# 访问Grafana
# kubectl port-forward service/prometheus-grafana 3000:80
# 访问http://fgedudb:3000
# 安装ELK Stack
# helm repo add elastic https://helm.elastic.co
# helm install elasticsearch elastic/elasticsearch
# helm install kibana elastic/kibana
# helm install filebeat elastic/filebeat
# 查看ELK组件状态
# kubectl get pods | grep -E “elasticsearch|kibana|filebeat”
# 访问Kibana
# kubectl port-forward service/kibana-kibana 5601:5601
# 访问http://fgedudb:5601
# 查看Pod日志
# kubectl logs nginx
# 实时查看Pod日志
# kubectl logs -f nginx
# 查看容器日志
# kubectl logs nginx -c nginx
# 查看Deployment日志
# kubectl logs deployment/nginx-deployment
9. 最佳实践与故障排查
遵循Kubernetes最佳实践可以提高集群的稳定性和可靠性。
– 使用命名空间隔离不同的应用和环境
– 为Pod设置资源请求和限制
– 使用健康检查和就绪检查
– 实施滚动更新策略
– 定期备份etcd数据
– 使用Helm管理应用部署
– 实施网络策略和RBAC权限控制
# 查看集群状态
# kubectl cluster-info
# 查看节点状态
# kubectl get nodes
# 查看Pod状态和事件
# kubectl describe pod nginx
# 查看服务状态
# kubectl describe service nginx-service
# 查看集群事件
# kubectl get events
# 检查集群组件状态
# kubectl get componentstatuses
# 查看API服务器状态
# kubectl get –raw=/healthz
# 查看etcd状态
# ETCDCTL_API=3 etcdctl –endpoints=https://127.0.0.1:2379 –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/server.crt –key=/etc/kubernetes/pki/etcd/server.key endpoint health
# 常见问题解决
# Pod无法启动
# 查看Pod日志和事件
kubectl logs -f pod-name
kubectl describe pod pod-name
# 服务无法访问
# 检查服务配置和端点
kubectl get service service-name
kubectl get endpoints service-name
# 节点NotReady
# 检查节点状态和kubelet日志
kubectl describe node node-name
journalctl -u kubelet
# 资源不足
# 检查资源使用情况
kubectl top nodes
kubectl top pods
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
