更新于10/01/2020。 自从撰写本文以来,已经过去了一年多的时间,并且许多示例已经停止工作-技术正在发展,因此我对示例进行了添加和重新编写。在本文中,我想谈谈在Hetzner Cloud上安装Kubernetes。
我的工作计算机上已安装Ubuntu Linux 18.04,所有示例均暗示将使用此操作系统。
为了与Hetzner Cloud合作并构建Kubernetes集群,我们将使用
hetzner-kube实用程序 。 将其安装在本地计算机上。
$ wget https://github.com/xetys/hetzner-kube/releases/download/0.5.1/hetzner-kube-0.5.1-linux-amd64 $ chmod a+x ./hetzner-kube-0.5.1-linux-amd64 $ sudo mv ./hetzner-kube-0.5.1-linux-amd64 /usr/local/bin/hetzner-kube
要使用hetzner-kube实用程序并在Hetzner Cloud中对其进行授权,您需要通过Hetzner Cloud Console
https://console.hetzner.cloud创建令牌API。 在顶部,选择“选择项目->默认”,在左侧菜单中选择“访问”项,然后转到“ API令牌”部分,单击“生成API令牌”按钮。
结果,将生成令牌API,并且需要在hetzner-kube实用程序配置中指定它。
$ hetzner-kube context add k8s Token: <PASTE TOKEN HERE> added context 'k8s'
接下来,我们需要生成一个SSH密钥,该密钥将用于访问Hetzner Cloud中的服务器。 为此,请使用ssh-keygen实用程序:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (~/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ~/.ssh/id_rsa. Your public key has been saved in ~/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1bwptZ8lPiAhtA37/2U1G7HsC+aE7qMVCtVIfN3OLzk lx4241@LX4241-LINUX The key's randomart image is: +---[RSA 2048]----+ | +. . . | | ..*o+ . . | | +o=.+ o. | | .+ o +.oo| | .S +.= .*+| | . .+o+E+*| | . o.+==o| | o.+..+.| | .oo.... | +----[SHA256]-----+
结果,将在您的主目录中创建两个文件〜/ .ssh / id_rsa(私钥)和〜/ .ssh / id_rsa.pub(公钥)。
将公共ssh密钥添加到Hetzner Cloud:
$ hetzner-kube ssh-key add --name k8s sshKeyAdd called SSH key k8s(95430) created
直接构建Kubernetes集群非常容易:
$ hetzner-kube cluster create --name k8s --ssh-key k8s --master-count 1 --worker-count 1 2018/08/02 13:57:57 Creating new cluster NAME:k8s MASTERS: 1 WORKERS: 1 ETCD NODES: 0 HA: false ISOLATED ETCD: false 2018/08/02 13:57:58 creating server 'k8s-master-01'... --- [======================================] 100% 2018/08/02 13:58:18 Created node 'k8s-master-01' with IP 159.69.54.228 2018/08/02 13:58:18 creating server 'k8s-worker-01'... --- [======================================] 100% 2018/08/02 13:58:37 Created node 'k8s-worker-01' with IP 159.69.51.140 2018/08/02 13:58:37 sleep for 10s... k8s-master-01 : complete! 100.0% [==============] k8s-worker-01 : complete! 100.0% [==============] 2018/08/02 14:02:50 Cluster successfully created!
该命令将在Hetzner Cloud中自动创建虚拟服务器,并在其上安装指定数量的Kubernetes集群的主/工作节点。 默认情况下,将使用CX11虚拟服务器。
后来,使用hetzner-kube实用程序,还可以通过添加工作程序节点来轻松更改Kubernetes集群的配置。 例如,添加2个工作节点:
$ hetzner-kube cluster add-worker --name k8s --nodes 2
不幸的是,当前无法使用hetzner-kube实用程序更改主节点配置而不完全重建Kubernetes集群。
kubectl实用程序用于Kubernetes集群。
在以下链接中可以找到针对不同操作系统安装它的详细说明。
为了使用kubectl命令处理创建的Kubernetes集群,您必须在本地保存创建的集群的配置,如下所示:
$ hetzner-kube cluster kubeconfig k8s create file kubeconfig configured
配置文件保存在〜/ .kube / config中。
现在我们继续进行最有趣的部分-配置生成的Kubernetes集群。
首先,我们将创建将来部署应用程序所需的基本资源。 您可以在
以下链接中找到更多详细信息。
$ curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml | kubectl apply -f - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6170 100 6170 0 0 13987 0 --:--:-- --:--:-- --:--:-- 14022 namespace/ingress-nginx created configmap/nginx-configuration created configmap/tcp-services created configmap/udp-services created serviceaccount/nginx-ingress-serviceaccount created clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created role.rbac.authorization.k8s.io/nginx-ingress-role created rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created deployment.apps/nginx-ingress-controller created limitrange/ingress-nginx created $ curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/baremetal/service-nodeport.yaml | kubectl apply -f - service/ingress-nginx created
此外,我们还可以从Internet访问入口控制器。 为此,请使用kubectl实用程序来编辑service / ingress-nginx并将其添加到Kubernetes集群的worker / master节点的公共IP地址列表(仅那些我们想用于处理来自Internet的传入请求的IP地址)。
$ kubectl -n ingress-nginx edit service/ingress-nginx
并将下一部分添加到YAML清单中
spec: externalIPs: - XXXX - YYYY
将A记录添加到您的域,然后等待有关它们的信息出现在CSN中。 例如:
Type: A Name: echo.example.com Value: XXXX
如果在ingress-nginx.yaml中指定了多个外部IP地址,则可以使用这些IP地址创建多个相同的DNS记录。 在这种情况下,对您域的请求将在这些IP地址之间分配,并且将发生负载平衡。
在此示例中,为了使https工作,我们将生成一个自签名SSL证书。
$ openssl req -newkey rsa:2048 -nodes -keyout echo.example.com.key -x509 -days 365 -out echo.example.com.crt Generating a 2048 bit RSA private key ..+++ .............+++ writing new private key to 'echo.example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:UA State or Province Name (full name) [Some-State]:Kyiv Locality Name (eg, city) []:Kyiv Organization Name (eg, company) [Internet Widgits Pty Ltd]:Super Company Ltd Organizational Unit Name (eg, section) []:echo.example.com Common Name (eg server FQDN or YOUR name) []:echo.example.com Email Address []:info@echo.example.com $ cat echo.example.com.key | base64 | tr -d '\n' <YOUR PRIVATE KEY> $ cat echo.example.com.crt | base64 | tr -d '\n' <YOUR CERTIFICATE>
现在,我们添加我们的应用程序。 以一个简单的echoserver为例。 创建一个名为app.yaml的文件,其内容如下:
apiVersion: v1 kind: Namespace metadata: name: echoserver --- apiVersion: v1 kind: Secret metadata: name: echo.example.com-tls namespace: echoserver type: kubernetes.io/tls data: tls.crt: <YOUR CERTIFICATE> tls.key: <YOUR PRIVATE KEY> --- apiVersion: apps/v1 kind: Deployment metadata: name: echoserver namespace: echoserver spec: replicas: 1 selector: matchLabels: app: echoserver template: metadata: labels: app: echoserver spec: containers: - image: gcr.io/google_containers/echoserver:1.0 imagePullPolicy: Always name: echoserver ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: echoserver namespace: echoserver spec: ports: - name: http port: 80 targetPort: 8080 protocol: TCP selector: app: echoserver --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: echoserver namespace: echoserver annotations: kubernetes.io/ingress.class: "nginx" spec: tls: - hosts: - echo.example.com secretName: echo.example.com-tls rules: - host: echo.example.com http: paths: - path: / backend: serviceName: echoserver servicePort: 80
$ kubectl apply -f app.yaml namespace "echoserver" configured deployment "echoserver" unchanged service "echoserver" configured ingress "echoserver" unchanged
仅此而已))检查结果:
$ curl https://echo.example.com/ CLIENT VALUES: client_address=('10.244.3.2', 32860) (10.244.3.2) command=GET path=/ real path=/ query= request_version=HTTP/1.1 SERVER VALUES: server_version=BaseHTTP/0.6 sys_version=Python/3.5.0 protocol_version=HTTP/1.0 HEADERS RECEIVED: Accept=*/* Connection=close Host=echo.example.com User-Agent=curl/7.58.0 X-Forwarded-For=10.244.0.0 X-Forwarded-Host=echo.example.com X-Forwarded-Port=80 X-Forwarded-Proto=http X-Original-URI=/ X-Real-IP=10.244.0.0 X-Request-ID=7a4f4aabf9a0043ea2b1ca91bd1a3adf X-Scheme=http