Lazy loaded imageKubernetes

type
Post
status
Published
date
Sep 10, 2024
slug
kubernetes
summary
tags
思考
工具
category
Cloud Computing
icon
password
kubetnetes概念和架构
k8s install 搭建k8s集群(官方一般每个季度都会更新一次版本)
yaml文件格式
kubernetes core technology 核心技术
kubernetes clusterr monitor prometheus+Grafana集群资源监控
kubernetes ha 高可用
kubernetes cluster install java project集群部署项目(java项目)
 
删除污点和不被调度
k8s命令补全
kubernetes pod时区更改
coredns
Pod 与 Service 的 DNS
Kubernetes 为 Service 和 Pod 创建 DNS 记录。 你可以使用一致的 DNS 名称而非 IP 地址访问 Service。 介绍 Kubernetes DNS 除了在集群上调度 DNS Pod 和 Service, 还配置 kubelet 以告知各个容器使用 DNS Service 的 IP 来解析 DNS 名称。 集群中定义的每个 Service (包括 DNS 服务器自身)都被赋予一个 DNS 名称。 默认情况下,客户端 Pod 的 DNS 搜索列表会包含 Pod 自身的名字空间和集群的默认域。 Service 的名字空间 DNS 查询可能因为执行查询的 Pod 所在的名字空间而返回不同的结果。 不指定名字空间的 DNS 查询会被限制在 Pod 所在的名字空间内。 要访问其他名字空间中的 Service,需要在 DNS 查询中指定名字空间。 例如,假定名字空间 test 中存在一个 Pod,prod 名字空间中存在一个服务 data。 Pod 查询 data 时没有返回结果,因为使用的是 Pod 的名字空间 test。
Pod 与 Service 的 DNS
https://kubernetes.io/zh-cn/docs/concepts/services-networking/dns-pod-service/
Pod 与 Service 的 DNS
deployment/kubernetes at master · coredns/deployment
CoreDNS can run in place of the standard Kube-DNS in Kubernetes. Using the kubernetes plugin, CoreDNS will read zone data from a Kubernetes cluster. It implements the spec defined for Kubernetes DNS-Based service discovery: https://github.com/kubernetes/dns/blob/master/docs/specification.md deploy.sh is a convenience script to generate a manifest for running CoreDNS on a cluster that is currently running standard kube-dns.
deployment/kubernetes at master · coredns/deployment
https://github.com/coredns/deployment/tree/master/kubernetes
deployment/kubernetes at master · coredns/deployment
coredns.yaml配置文件如何生成
关于coredns调优
deployment/Scaling_CoreDNS.md at master · coredns/deployment
The following is a guide for tuning CoreDNS resources/requirements in Kubernetes clusters. In large scale Kubernetes clusters, CoreDNS's memory usage is predominantly affected by the number of Pods and Services in the cluster. Other factors include the size of the filled DNS answer cache, and the rate of queries received (QPS) per CoreDNS instance.
deployment/Scaling_CoreDNS.md at master · coredns/deployment
https://github.com/coredns/deployment/blob/master/kubernetes/Scaling_CoreDNS.md
deployment/Scaling_CoreDNS.md at master · coredns/deployment
 
nodelocaldns
Using NodeLocal DNSCache in Kubernetes Clusters
FEATURE STATE: Kubernetes v1.18 [stable] This page provides an overview of NodeLocal DNSCache feature in Kubernetes. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.
Using NodeLocal DNSCache in Kubernetes Clusters
https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/
Using NodeLocal DNSCache in Kubernetes Clusters
node-local-dns yaml文件获取
kubernetes/cluster/addons/dns/nodelocaldns at master · kubernetes/kubernetes
Using NodeLocal DNSCache in Kubernetes clusters( https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/). This addon runs a node-local-dns pod on all cluster nodes. The pod runs CoreDNS as the dns cache. It runs with hostNetwork:True and creates a dedicated dummy interface with a link local ip(169.254.20.10/32 by default) to listen for DNS queries.
kubernetes/cluster/addons/dns/nodelocaldns at master · kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/nodelocaldns
kubernetes/cluster/addons/dns/nodelocaldns at master · kubernetes/kubernetes
kubernetes/nodelocaldns.yaml at master · kubernetes/kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters You can't perform that action at this time. You signed in with another tab or window.
kubernetes/nodelocaldns.yaml at master · kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
kubernetes/nodelocaldns.yaml at master · kubernetes/kubernetes
无法下载镜像
国内顺畅下载k8s.gcr.io的镜像_上海_运维_Q先生的博客-CSDN博客_k8s镜像下载
国内顺畅下载k8s.gcr.io的镜像 配置kube-dns是3个k8s.gcr.io的镜像无法下载,报错如下 Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) 需要下载的镜像如下: image: k8s.gcr.io/k8s-dns-kube-dns:1.15.10 image: k8s.gcr.io/k8s-dns-dnsmasq-nanny:1.15.10 image: k8s.gcr.io/k8s-dns-sidecar:1.15.10 github配置Dockerfile,使用阿里云镜像构建海外机构建. 再配置阿里云镜像进行下载镜像. 下面就按这个思路一步步操作. 登录github https://github.com/ 左上角创建仓库,当然也可以和其他共用. 不同的镜像用不同的目录进行区分,创建目录和创建文件一样就是Add file下的Create new file 不同的是输入目录名后加个/ 这样目录就有了,在后面的空格里输入文件名就好了. 这里文件名就写Dockerfile 内容如下: FROM k8s.gcr.io/k8s-dns-kube-dns:1.15.10 MAINTAINER Q 依次创建3个目录和Dockerfile,镜像路径就直接从之前grep出来的url复制进去就好了 重复3次我们得到了这样3个目录,目录中各有1个Dockerfile 登陆阿里云控制台->容器镜像 https://cr.console.aliyun.com/cn-shanghai/instances 如果没有创建过命名空间,那么就创建,如果已经有了可以共用 第一次会需要到github授权登录一次 这里版本可以和yml里的一样,也可以写latest,推荐第一种因为只会构建一次 依次将3个镜像配置好.
国内顺畅下载k8s.gcr.io的镜像_上海_运维_Q先生的博客-CSDN博客_k8s镜像下载
https://blog.csdn.net/qq_29974229/article/details/124433853
metrics-server
Metrics For Kubernetes System Components
System component metrics can give a better look into what is happening inside them. Metrics are particularly useful for building dashboards and alerts. Kubernetes components emit metrics in Prometheus format. This format is structured plain text, designed so that people and machines can both read it.
Metrics For Kubernetes System Components
https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/
Metrics For Kubernetes System Components
kubernetes/cluster/addons/metrics-server at master · kubernetes/kubernetes
Metrics Server exposes core Kubernetes metrics via metrics API. More details can be found in Core metrics pipeline documentation. Metrics Server supports up to 30 pods per cluster node. In clusters where there are more running pods, Metrics Server may be throttled or fail with OOM error.
kubernetes/cluster/addons/metrics-server at master · kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/metrics-server
kubernetes/cluster/addons/metrics-server at master · kubernetes/kubernetes
metrics-server
kubernetes-sigsUpdated Feb 22, 2026
获取yaml清单
https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
dashboard
dashboard
kubernetes-retiredUpdated Feb 23, 2026
dashboard清单
https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
用户权限
dashboard/creating-sample-user.md at master · kubernetes/dashboard
In this guide, we will find out how to create a new user using the Service Account mechanism of Kubernetes, grant this user admin permissions and login to Dashboard using a bearer token tied to this user. IMPORTANT: Make sure that you know what you are doing before proceeding.
dashboard/creating-sample-user.md at master · kubernetes/dashboard
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
dashboard/creating-sample-user.md at master · kubernetes/dashboard
第一次手动创建token
dashboard/creating-sample-user.md at master · kubernetes/dashboard
In this guide, we will find out how to create a new user using the Service Account mechanism of Kubernetes, grant this user admin permissions and login to Dashboard using a bearer token tied to this user. IMPORTANT: Make sure that you know what you are doing before proceeding.
dashboard/creating-sample-user.md at master · kubernetes/dashboard
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
dashboard/creating-sample-user.md at master · kubernetes/dashboard
更多说明
dashboard/docs at master · kubernetes/dashboard
General-purpose web UI for Kubernetes clusters. Contribute to kubernetes/dashboard development by creating an account on GitHub.
dashboard/docs at master · kubernetes/dashboard
https://github.com/kubernetes/dashboard/tree/master/docs
dashboard/docs at master · kubernetes/dashboard
ingress
控制器有很多
Ingress 控制器
为了让 Ingress 资源工作,集群必须有一个正在运行的 Ingress 控制器。 与作为 kube-controller-manager 可执行文件的一部分运行的其他类型的控制器不同, Ingress 控制器不是随集群自动启动的。 基于此页面,你可选择最适合你的集群的 ingress 控制器实现。 Kubernetes 作为一个项目,目前支持和维护 AWS、 GCE 和 Nginx Ingress 控制器。 其他控制器 说明: 本部分链接到提供 Kubernetes 所需功能的第三方项目。Kubernetes 项目作者不负责这些项目。此页面遵循CNCF 网站指南,按字母顺序列出项目。要将项目添加到此列表中,请在提交更改之前阅读内容指南。 AKS 应用程序网关 Ingress 控制器 是一个配置 Azure 应用程序网关 的 Ingress 控制器。 Ambassador API 网关是一个基于 Envoy 的 Ingress 控制器。 Apache APISIX Ingress 控制器 是一个基于
Ingress 控制器
https://kubernetes.io/zh-cn/docs/concepts/services-networking/ingress-controllers/
Ingress 控制器
此处选择nginx-ingress
ingress-nginx/README.md at main · kubernetes/ingress-nginx
Please fill out our 2022 Ingress-Nginx User Survey and let us know what you want to see in future releases. https://www.surveymonkey.com/r/ingressngx2022 ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. Learn more about Ingress on the main Kubernetes documentation site. See the Getting Started document.
ingress-nginx/README.md at main · kubernetes/ingress-nginx
https://github.com/kubernetes/ingress-nginx/blob/main/README.md#readme
ingress-nginx/README.md at main · kubernetes/ingress-nginx
Installation Guide - NGINX Ingress Controller
There are multiple ways to install the NGINX ingress controller: with Helm, using the project repository chart; with kubectl apply, using YAML manifests; with specific addons (e.g. for minikube or MicroK8s). On most Kubernetes clusters, the ingress controller will work without requiring any extra configuration.
Installation Guide - NGINX Ingress Controller
https://kubernetes.github.io/ingress-nginx/deploy/
获取yaml清单文件
第一创建会自动创建证书文件,大概2分钟左右
externaltrafficpolicy
若为local
优点:减少网络跳点
缺点:流量分配不均匀(若加上lb,可以解决此种情况)
externalTrafficPolicy
How to preserve the source IP in Kubernetes externalTrafficPolicy=local on Kubernetes externalTrafficPolicy=local is an annotation on the Kubernetes service resource that can be set to preserve the client source IP. When this value is set, the actual IP address of a client (e.g., a browser or mobile application) is propagated to the Kubernetes service instead of the IP address of the node.
externalTrafficPolicy
https://technotes.adelerhof.eu/containers/kubernetes/externaltrafficpolicy/
externalTrafficPolicy
创建外部负载均衡器
本文展示如何创建一个外部负载均衡器。 创建 服务 时,你可以选择自动创建云网络负载均衡器。 负载均衡器提供外部可访问的 IP 地址,可将流量发送到集群节点上的正确端口上 ( 假设集群在支持的环境中运行,并配置了正确的云负载均衡器驱动包)。 你还可以使用 Ingress 代替 Service。 更多信息,请参阅 Ingress 文档。 准备开始 你必须拥有一个 Kubernetes 的集群,同时你的 Kubernetes 集群必须带有 kubectl 命令行工具。 建议在至少有两个节点的集群上运行本教程,且这些节点不作为控制平面主机。 如果你还没有集群,你可以通过 Minikube 构建一个你自己的集群,或者你可以使用下面任意一个 Kubernetes 工具构建: Killercoda 玩转 Kubernetes 你的集群必须在已经支持配置外部负载均衡器的云或其他环境中运行。 创建服务 基于清单文件创建服务 要创建外部负载均衡器,请将以下内容添加到你的 Service 清单文件: type: LoadBalancer 你的清单文件可能会如下所示: apiVersion: v1 kind: Service metadata: name: example-service spec: selector: app: example ports: - port: 8765 targetPort: 9376 type: LoadBalancer 使用 kubectl 创建 Service 你也可以使用 kubectl expose 命令及其 --type=LoadBalancer 参数创建服务:
创建外部负载均衡器
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/create-external-load-balancer/
创建外部负载均衡器
publishService
publishService仅适用于LoadBalancerNodePort键入 service
Enabling publish-service for ClusterIP nginx-ingress controller service
Currently, nginx-ingress [https://github.com/kubernetes/ingress-nginx/] controller can be run as aClusterIP type service, however, it does not allow publishing this service's endpoints to associated ingress objects. As a result, external-dns [https://github.com/kubernetes-incubator/external-dns] is not able to detect these ingress objects without any IP Address to create/update A DNS records for them. Why?
Enabling publish-service for ClusterIP nginx-ingress controller service
https://rtnpro.com/enabling-publish-service-for-clusterip-nginx-ingress-controller-service/
Enabling publish-service for ClusterIP nginx-ingress controller service
备注
官方示例
Basic Authentication - NGINX Ingress Controller
This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with htpasswd. It's important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503.
Basic Authentication - NGINX Ingress Controller
https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
MetalLB
MetalLB, bare metal load-balancer for Kubernetes
Before starting with installation, make sure you meet all the requirements. In particular, you should pay attention to network addon compatibility. If you're trying to run MetalLB on a cloud platform, you should also look at the cloud compatibility page and make sure your cloud platform can work with MetalLB (most cannot).
MetalLB, bare metal load-balancer for Kubernetes
https://metallb.universe.tf/installation/
MetalLB, bare metal load-balancer for Kubernetes
获取清单
https://cdn.staticaly.com/gh/metallb/metallb/main/config/manifests/metallb-native.yaml
https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml
创建一组IP范围清单
MetalLB, bare metal load-balancer for Kubernetes
As an example of how to use all of MetalLB's options, consider an ecommerce site that runs a production environment and multiple developer sandboxes side by side. The production environment needs public IP addresses, but the sandboxes can use private IP space, routed to the developer offices through a VPN.
MetalLB, bare metal load-balancer for Kubernetes
https://metallb.universe.tf/usage/example/
MetalLB, bare metal load-balancer for Kubernetes
prometheus
archive.fastgit.org
https://archive.fastgit.org/prometheus-operator/kube-prometheus/archive/refs/tags/v0.11.0.zip
最新版本 v0.11 引入了限制性网络策略,除了内部使用外,不允许从任何地方访问任何 Pod。这会导致负载平衡器超时 (HTTP 504)。
Ingress example not working with current NetworkPolicies · Issue #1719 · prometheus-operator/kube-prometheus
What happened? After migrating to newest version (commit 73bbec9) I lost all ingress connectivity to grafana, alertmanager, and prometheus. Did you expect to see some different? Services are accessible when used with Ingress example How ...
Ingress example not working with current NetworkPolicies · Issue #1719 · prometheus-operator/kube-prometheus
https://github.com/prometheus-operator/kube-prometheus/issues/1719
Ingress example not working with current NetworkPolicies · Issue #1719 · prometheus-operator/kube-prometheus
上一篇
Openstack
下一篇
VNC
Loading...
目录