This is a creation in
Article, where the information may have evolved or changed.
As soon as I arrived this morning, I received a "complaint" from my colleague: a node in the Kubernetes cluster on the private cloud seemed to be out of work because the application that was specifically deployed on that node was hung up and was not recovered for a long time. This company private cloud Kubernetes cluster is th
)
Modify cluster/gce/config-default.sh, primarily by modifying the following fields to save resources.
MASTER_SIZE = f1-micro
MINION_SIZE = f1-micro
NUM_MINIONS = 3
Run in the kubernetes directory
$ Cluster/kube-up.sh
Done is displayed after successful execution.
5. Test pod
The preceding script starts the service defined in examples/monitoring. If you try to start other pods, such as starting a tom
is no difference as to which part of the entire ecosystem you want to install or which git repository you will get the code from. The most important component here is idempotent. The only thing you should specify is the variable that controls the installation process.Here are some of the most effective algorithms I have to solve this problem:Collect images from all dockerfiles (for example, like this)Use the meta-project to deliver these images to kubernete
Kubernetes Kubeadm installation requires the following four packages Kubelet Kubernetes-cni Kubeadm kubectl
These four packages can be downloaded via the Https://github.com/kubernetes/kubernetes warehouse to perform make fetch installation packages, and the release version is required if the RPM package is required.
In
1. The following error was reported during the creation of Nginx pod:#kubectlcreate-F Nginx-pod.yaml from " Nginx-pod.yaml " " Nginx " is for default/default is automatically created and added to the service accountWorkaround:1> Modify the Kube_admission_control parameter in the/etc/kubernetes/apiserver file.Before modification:Kube_admission_control="--admission_control=namespacelifecycle,namespaceexists,limitranger, Securitycontextdeny,serviceacco
environment, build a certificate to play. In addition to the certificate, the Web software (here is Traefik) is required to turn on SSL support and use the certificate we have established.4. Configure the CertificateThe lab environment uses the existing certificate with the K8s cluster certificate.[[emailprotected] ~]# cd /etc/kubernetes/ssl/[[emailprotected] ssl]# lsadmin.csr? ? ? apiserver-key.pem? ca.srl? ? ? ? ? ? ? ? ? ? ? kubernetes2-worker.csr
[TOC]After DNS is installed, the pod can resolve the service through DNS to enable communicationKubernetes version:kubectl version My current version is 1.9.0.1, kubectl DNS installation 1.1 Download the configuration file on the official websitehttps://github.com/kubernetes/kubernetes具体路径是cluster/addons/dns/kube-dns 可能版本不一样,路径略有不同该路径下有三个相似的配置文件:
ingress this change to generate a nginx configuration, and then this configuration through the Kubernetes API written to the Nginx pod, and then Reload.
The specific implementation is as Follows:1. Generate a default backend and forward to the default backend page if you encounter a URL that cannot be resolved[email protected] ingress]# Catdefault-Backend.yaml apiversion:extensions/v1beta1kind:Deploymentmetadata:name:default-http-Backend labels:
,ip:port combination of automatic association back-end pod, even if the pod changes, kubernetes internal Update This group of relationships, so that the service can match to the new pod. In this way, the fixed IP provided by the service, the user no longer care about the need to visit which pod, and whether the pod will change, greatly improve the quality of service. If the pod uses RC to create multiple replicas, then the service can proxy multiple i
In a cluster with TLS enabled, each time the cluster interacts with identity authentication, using Kubeconfig (i.e., certificates) and token two authentication methods is the simplest and most common authentication method.Take Kubectl as an example to introduce the configuration of Kubeconfig. Kubectl is just a go-written executable program that can be used by any node in the cluster as long as the appropriate Kubeconfig is configured for Kubectl. Kubectl Default is to find files with file names
, build a certificate to play. In addition to the certificate, the Web software (here is Traefik) is required to turn on SSL support and use the certificate we have established.4. Configure the CertificateThe lab environment uses the existing certificate with the K8s cluster certificate.[Email protected] ~]# cd/etc/kubernetes/ssl/[[email protected] ssl]# lsADMIN.CSR??? Apiserver-key.pem? Ca.srl??????????? KUBERNETES2-WORKER.CSR??? Kubernetes3-worker-k
MasterThe following steps are performed on master
Installing ETCD and kubernetes through Yum
Yum-y Install ETCD kubernetes2. Modify the configuration file/etc/etcd/etcd.conf, make sure ETCD listens to all addresses, modify the following:Etcd_name=defaultetcd_data_dir= "/var/lib/etcd/default.etcd" etcd_listen_client_urls= "http://0.0.0.0:2379"3. Modify the configuration file/etc/kubernetes/api
" to save and reboot.
Disabling swap memory may appear to be a strange requirement at the outset. If you are curious about this step, you can click " read the original " at the end of the text to get more details.
4. Installation Kubernetes
$ sudo apt-get update \
sudo apt-get install-y apt-transport-https \
Curl-s HTTPS://PACKAGES.CLOUD.GOOGLE.COM/APT/DOC/APT-KEY.GPG | sudo apt-key add-
$ echo "Deb http://apt.kubernetes.io/
, build a certificate to play. In addition to the certificate, the Web software (here is Traefik) is required to turn on SSL support and use the certificate we have established.4. Configure the CertificateThe lab environment uses the existing certificate with the K8s cluster certificate.[[emailprotected] ~]# cd /etc/kubernetes/ssl/[[emailprotected] ssl]# lsadmin.csr? ? ? apiserver-key.pem? ca.srl? ? ? ? ? ? ? ? ? ? ? kubernetes2-worker.csr? ? ? kubern
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.