[雲端] K8s === ###### tags: `雲端 / K8s` ###### tags: `雲端`, `K8s` <br> ![](https://i.imgur.com/vsCp0RX.png)<br><br> [TOC] <br> ## K8s 核心 - [K8s 版本紀錄](https://en.wikipedia.org/wiki/Kubernetes) - [[K8s官網] Production-Grade Container Orchestration](https://kubernetes.io/) - Automated container deployment, scaling, and management 自動化容器佈署、縮放和管理 - [Kubernetes 想解決的問題](https://medium.com/@C.W.Hu/kubernetes-basic-concept-tutorial-e033e3504ec0) (Cheng-Wei Hu | 胡程維) - Kubernetes 想解決的問題是: - 手動部署多個容器到多台機器上,並監測管理這些容器的狀態非常麻煩。 - Kubernetes 要提供的解法: - 提供一個平台以較高層次的抽象化去自動化操作與管理容器們。 <br> ## [K8s 架構](https://ithelp.ithome.com.tw/articles/10202135) ### 架構圖 ![](https://i.imgur.com/PJiPGyb.png) (圖片來源:[15 分鐘學習系列 - 第一次學 Kubernetes 就上手系列](https://ithelp.ithome.com.tw/articles/10202135)) ### K8s - [管理微服務的系統](https://medium.com/@C.W.Hu/kubernetes-helm-chart-tutorial-fbdad62a8b61) - 自動化佈署與管理多台機器上的多個容器 ### etcd - 主要用途 - 儲存 K8s 的所有資料與配置資訊 - [利用 Etcd + Confd + HAProxy 實現服務動態拓展](https://blog.toright.com/posts/posts/5687/利用-etcd-confd-haproxy-實現服務動態拓展.html) - etcd 是一個輕量且分散式的 Key/Value 資料庫 - 亦提供非常簡便的 Rest API 進行操作 ### [scheduler](https://ithelp.ithome.com.tw/articles/10224648?sc=rss.iron) > kube-scheduler就會透過過濾(Filter)與排名(Rank)演算法來計算所有節點的權重,並從中找出一個最佳的節點,接著在 Pod 的.spec.nodeName更新被選取的名稱,然後該狀態會被儲存到 etcd 中。 ### K8s proxy - 負責啟用 K8s 服務的網路規則, 進行網路連線的轉發 ### K8s API 物件 - K8S 的所有資源,都是由 RESTful API 組成 - 每個 K8S 資源,都有唯一的 HTTP 路徑 https://your-k8s.com/api/v1/namespaces/default/pods/my-pod - api: v1 - namespaces: default - pods: my-pod - 這些資源,稱為 K8S 物件 ### namespace - 組織 K8S 資源的個體(可以將它想像成資料夾) ### pod - 9789864768226-Kubernetes:建置與執行 - pod 不是容器 - 容器的群組,K8S 的最小佈署單位 - pod 內的所有容器,都會在同一台機器上 - pod 細節 [<img src="https://i.imgur.com/FGCTfLH.png" style="border : solid 1px black">](https://i.imgur.com/FGCTfLH.png) ### 其他來源的架構圖 ![](https://i.imgur.com/RbH59Ed.png) <br> ## K8s 元件 ### label & annotation - 核心功能 - label 和 annotation 都是 map 元件(key/value 對) - 使用對象 - label 主要是給 k8s 系統用 - annotation 供自動化工具、第三方程式、套件使用 - label - 主要用途 - 作為選擇器(selector),底下是範例: - ```kubectl get pods --selector="key1=value1,key2=values"``` - ```kubectl get deployments --selector="key1=value1"``` - ```kubectl get deployments --show-labels --selector="env in (test, staging)"``` ```kubectl delete deployments --selector="env in (test, staging)"``` - selector 條件內,可搭配不同的運算子 - annotation - 主要用途 - 用來紀錄 「滾動佈署」 的資訊 - 滾動佈署,可以是回復到「較舊的穩定版本」或「升級到新版」 - 次要用途 - 儲存中繼資料,就是儲存額外的資料 - 像是 icon (可以是 url 或是 base64 編碼)、時間戳記等 <br> ## K8S 安裝 > `$ sudo kubeadm reset` > The connection to the server 10.0.x.x:6443 was refused - did you specify the right host or port? - [Install and Deploy Kubernetes on Ubuntu 18.04 LTS ](https://vitux.com/install-and-deploy-kubernetes-on-ubuntu/) :::info :information_source: 備註 - ==已經在 VirtualBox+Ubuntu 18.04 上測試過== - 安裝 kubeadm 套件,該套件會包含 kubectl, kubelet,但沒有 kubernetes-cni ::: - master-node ```bash $ sudo kubeadm init --pod-network-cidr=10.244.0.0/16 ... ... Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.0.2.15:6443 --token dt7ex6.honghz54tdfmt0no \ --discovery-token-ca-cert-hash sha256:6439bef11a0e53d670e90aa2dbb3e9a2638ea74f2333bb39512025d551ee1d08 ``` ```shell mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` ```bash $ kubectl get nodes NAME STATUS ROLES AGE VERSION master-node NotReady master 4m35s v1.18.3 ``` ``` $ sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` - slave-node ``` $ sudo kubeadm join 10.0.2.15:6443 --token 291g7y.849nq00zcytbhfbo \ > --discovery-token-ca-cert-hash sha256:467937884013119d1c18d827104e4749aa5105291ea065c38503866d384d9268 ... [WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service' [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ ``` 會出現警告,需要執行 ``` $ systemctl enable docker.service ``` 檢查狀態 ``` $ systemctl status docker ● docker.service - Docker Application Container Engine ``` ### 安裝指定版本的 k8s - [How to install specific version of Kubernetes?](https://stackoverflow.com/questions/49721708/how-to-install-specific-version-of-kubernetes) ``` apt-get install -qy kubeadm=<version> ``` 列出所有 k8s 版本 ``` curl -s https://packages.cloud.google.com/apt/dists/kubernetes-xenial/main/binary-amd64/Packages | grep Version | awk '{print $2}' ``` <br> ## K8S 生態 ### k8s-iceberg https://flant.com/media/k8s-iceberg.svg ![](https://i.imgur.com/xMmuhnr.png) ![](https://i.imgur.com/RccNMk5.png) <br> ## 其他指令 <br> ## CNCF 認證 - #### 官網 - [Certified Kubernetes Administrator (CKA) Program](https://www.cncf.io/certification/cka/) - #### 學習資源 - [CKA(Certified Kubernetes Administrator) 學習資源整理](https://godleon.github.io/blog/Kubernetes/k8s-CKA-resources/) - #### 心得 - [【CKA認證】如何參加CKA考試及學習考試心得](https://www.itread01.com/content/1540972513.html) - [CKA考試經驗總結](https://www.jishuwen.com/d/priZ/zh-tw) - [「附經驗」一個傳統IT運維人的CKA認證之旅](https://kknews.cc/zh-tw/news/p9nz9l8.html) > Concepts文檔講述了每一種Kubernetes編排對象的概念、YAML文件示例和使用方法,你可以把常見編排對象的YAML文件格式收藏在Chrome瀏覽器書籤中,這樣考試的時候可以輕鬆查找,不用再費勁去kubernetes.io網站搜索了。 - [CNCF基金會的Certified Kubernetes Administrator認證考試計劃_Kubernetes中文社群](https://www.itread01.com/content/1545851161.html) - [【從題目中學習k8s】-【後記】CKA證照](https://ithelp.ithome.com.tw/articles/10253064) - [【從題目中學習k8s】-【Day1】K8s初探](https://ithelp.ithome.com.tw/articles/10234562) <br> ## with Spark - [Spark on Kubernetes for Qcon_rev](https://www.slidestalk.com/u86/SparkonKubernetesforQcon_rev213672) - [以 Kubernetes 部屬 Spark 大數據計算環境](https://www.slideshare.net/inwinstack/kubernetes-spark) <br> <br> ## trouble-shooting - [What does the "ctl" in "kubectl" stand for?](https://www.quora.com/What-does-the-ctl-in-kubectl-stand-for) > “ctl” stands for control. There are a few pronunciations we’ve come across for kubectl: “kube control”, “kube cuddle”, “kube c-t-l”, or “kubie cuttle”. (We prefer “kube c-t-l” at ReactiveOps.) - The connection to the server localhost:8080 was refused ``` $ kubectl get cs The connection to the server localhost:8080 was refused - did you specify the right host or port? ``` - 尚未呼叫 ``` $ sudo kubeadm init --pod-network-cidr=10.244.0.0/16 ``` - [Troubleshooting kubectl Error: The connection to the server x.x.x.x:6443 was refused – did you specify the right host or port?](https://www.thegeekdiary.com/troubleshooting-kubectl-error-the-connection-to-the-server-x-x-x-x6443-was-refused-did-you-specify-the-right-host-or-port/) ``` $ sudo firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp0s3 sources: services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: ``` - [How to Fix “firewall-cmd: command not found” Error in RHEL/CentOS 7](https://www.tecmint.com/fix-firewall-cmd-command-not-found-error/) ```$ sudo yum install firewalld``` - [[wiki] Firewalld](https://zh.wikipedia.org/wiki/Firewalld) ```$ sudo firewall-cmd --state``` - firewalld: firewall daemon <br> - Unable to connect to the server: net/http: TLS handshake timeout ```bash $ kubectl get nodes Unable to connect to the server: net/http: TLS handshake timeout ``` - 原因不明,可能的解法如下: - [Suddenly getting “Unable to connect to the server: net/http: TLS handshake timeout” from kubectl](https://stackoverflow.com/questions/54264421/suddenly-getting-unable-to-connect-to-the-server-net-http-tls-handshake-timeo) <br> ## K8s 使用情境緣由 - [【Podcast】Kubernetes vs Serverless with Matt Ward - Software Engineering Daily](https://nijialin.com/2020/07/05/podcast-kuernetes-vs-serverless/) <br> ## 參考資料 - [GKE 系列文章(一) – 為什麼使用 Kubernetes](https://blog.gcp.expert/kubernetes-gke-introduction/) ![](https://i.imgur.com/07Ww4Cv.png) > 但是Docker容器不是萬能,在容器/服務個數越來越複雜的情況下,如何管理叢集和服務的生命週期,將會是各家容器編排管理(orchestration)的能力。其中Google的Kubernetes就是一個十分精良的容器編排管理工具。 - [GKE 系列教學 (二) – 簡介Pod的網路機制](https://blog.gcp.expert/gke-k8s-pod-network/) - K8s v.s. GKE <img style="border: 1px solid" src="https://i.imgur.com/QTxbZfL.png"> - GKE - K8s 託管服務,一次設定,終生託管。 - 5個節點(含)以下,免管理費;6個節點(含)以上,每月台幣約3000元(109.5美元) <br> - [service 如何解釋](https://medium.com/@C.W.Hu/kubernetes-implement-ingress-deployment-tutorial-7431c5f96c3e) > 用來定義「一群 Pod 要如何被連線及存取」的元件 > - [Kubernetes 基礎教學(二)實作範例:Pod、Service、Deployment、Ingress](https://medium.com/@C.W.Hu/kubernetes-implement-ingress-deployment-tutorial-7431c5f96c3e) ``` ## K8s 的勉勵 - 2020/11/20 - [矽谷牛的耕田筆記 - 跟大家分享一個熱騰騰的消息,來自於 CNCF 上面 Apple Inc 的分享 Apple...](https://m.facebook.com/story.php?story_fbid=161171765716964&id=110694344098040) - 2021/01/03 - [2021加速轉型9大趨勢(三)K8s終於通吃跨雲落地各平臺,將成IT現代化主流標準](https://www.ithome.com.tw/news/141975)