More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem

Endpoints

Namespace level resources , If endpoints and service It's the same name , Then it is automatically associated .

Function one : And service Load balancing 

[[email protected] ~]# kubectl describe svc

Name: kubernetes

Namespace: default

Labels: component=apiserver

provider=kubernetes

Annotations: <none>

Selector: <none>

Type: ClusterIP

IP Family Policy: SingleStack

IP Families: IPv4

IP: 10.96.0.1

IPs: 10.96.0.1

Port: https 443/TCP

TargetPort: 6443/TCP

Endpoints: 192.168.15.201:6443

Session Affinity: None

Events: <none>

Function 2 : Introduce external services into the cluster

Case study 

# First create an external service on this machine mysql

[[email protected] endpoints]# docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7

c34bab6ad37f46bae59ef2ee712e8430c53142d30a53119e9912407fd540ad61

# port 3306, The password is as above 


kind: Endpoints

apiVersion: v1

metadata:

namespace: default

name: test-endpoints

subsets:

- addresses: # agent ip

- ip: 192.168.15.201

ports:

- port: 3306 # Port of service 

protocol: TCP

name: http

---

kind: Service

apiVersion: v1

metadata:

name: test-endpoints # The name here must be the same as above to be associated 

namespace: default

spec:

ports:

- port: 3306

targetPort: 3306

protocol: TCP

name: http

---

kind: Deployment # Provide a mysql The client of 

apiVersion: apps/v1

metadata:

name: mysql

namespace: default

spec:

selector:

matchLabels:

app: mysql-v1

template:

metadata:

labels:

app: mysql-v1

spec:

containers:

- name: mysql

image: mysql:5.7

env:

- name: MYSQL_ROOT_PASSWORD

value: "123456"


# Deploy endpoints file 

[[email protected] endpoints]# kubectl apply -f endpoints.yaml

endpoints/test-endpoints created

service/test-endpoints created

deployment.apps/mysql created

[[email protected] endpoints]# kubectl get -f endpoints.yaml

NAME ENDPOINTS AGE

endpoints/test-endpoints 192.168.15.201:3306 8s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/test-endpoints ClusterIP 10.106.61.144 <none> 3306/TCP 8s
NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/mysql 1/1 1 1 8s

More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem 



# Enter the deployed project 

[[email protected] endpoints]# kubectl exec -it mysql-578666457d-g8856 -- bash

# Link to the inside of the cluster ip

[email protected]:/# mysql -uroot -p123456 -h10.106.61.144

mysql> create database db01;

Query OK, 1 row affected (0.01 sec)
mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| db01 |

| mysql |

| performance_schema |

| sys |

+--------------------+

5 rows in set (0.00 sec)


# Into the outside docker Of mysql

[[email protected] endpoints]# docker exec -it c34bab6ad37f bash

[email protected]:/# mysql -uroot -p123456

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| db01 |

| mysql |

| performance_schema |

| sys |

+--------------------+

5 rows in set (0.00 sec)

# Found the just created db01 ad locum , explain Endpoints A successful agent mysql service

Service health check

Configuration list 

---

kind: Deployment

apiVersion: apps/v1

metadata:

name: test-deployment

spec:

selector:

matchLabels:

app: nginx-v1

template:

metadata:

labels:

app: nginx-v1

spec:

containers:

- name: nginx

image: nginx

lifecycle: # Callback HOOK

postStart: # establish Pod Before starting 

exec: # The first way , More use 

command:

- "/bin/sh"

- "-c"

- "touch /root/1.txt"

httpGet: # The second way ( Use less )

port: 80

path: / # httpGet Your request must return 200 Is considered successful 

tcpSocket: # The third way ( Use less )

port: 80

preStop: # Delete Pod Before starting 

exec:

command:

- "/bin/sh"

- "-c"

- "echo 123 > /root/1.txt"

livenessProbe:

exec:

command:

- "bin/bash"

- "-c"

- "cat /usr/share/nginx/html/index.php"

initialDelaySeconds: 0 # Execution delay time 

periodSeconds: 3 # Detection frequency 

timeoutSeconds: 1 # Timeout time 

successThreshold: 1 # How many successful probes are successful 

failureThreshold: 3 # How many times the probe fails is a failure 

readinessProbe:

tcpSocket:

port: 80

initialDelaySeconds: 30 # When the project is relatively large, give it a little bigger 

periodSeconds: 1 # The sensitivity setting of readiness is large , Better user experience 

timeoutSeconds: 1

successThreshold: 3

failureThreshold: 1

Callback HOOK--lifecycle

The execution function at startup is postStart, There are three ways of execution , Namely exec、httpGet、tcpSocket, however httpGet Need to request to 200 Will return to success , Otherwise failure .

The execution function at the end is preStop, The execution method is similar to the above .

viability --livenessProbe

Storage activity is generally used here exec In the form of , The general settings of the production environment are as follows 

 livenessProbe:

exec:

command:

- "bin/bash"

- "-c"

- "cat /usr/share/nginx/html/index.php"

initialDelaySeconds: 0 # Execution delay time , Generally, execute immediately 

periodSeconds: 3 # Detection frequency , Once every three seconds 

timeoutSeconds: 1 # Timeout time 

successThreshold: 1 # How many successful probes are successful 

failureThreshold: 3 # How many times the probe fails is a failure

Readiness --readinessProbe

Readiness is generally configured by checking the port 

 readinessProbe:

tcpSocket:

port: 80

initialDelaySeconds: 30 # When the project is relatively large, give it a little bigger 

periodSeconds: 1 # The sensitivity setting of readiness is large , Better user experience 

timeoutSeconds: 1 # Timeout time 

successThreshold: 3 # Three successes are success 

failureThreshold: 1 # One failure

Comprehensive case --wordpress Blog project 

# Database service deployment 

# Database namespace creation 

apiVersion: v1

kind: Namespace

metadata:

name: mysql

---

# Database controller creation 

apiVersion: apps/v1

kind: Deployment

metadata:

name: mysql

namespace: mysql

spec:

selector:

matchLabels:

app: mysql

template:

metadata:

labels:

app: mysql

spec:

containers:

- name: mysql

image: mysql:5.7

env:

- name: MYSQL_ROOT_PASSWORD

value: "123456"

- name: MYSQL_DATABASE

value: wordpress

livenessProbe: # Viability check 

exec:

command:

- "/bin/bash"

- "-c"

- "cat /etc/mysql/my.cnf"

initialDelaySeconds: 0

periodSeconds: 3

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

readinessProbe: # Readiness check 

tcpSocket:

port: 3306

initialDelaySeconds: 20

periodSeconds: 1

successThreshold: 3

failureThreshold: 1

timeoutSeconds: 1

---

# Configure the database Service

apiVersion: v1

kind: Service

metadata:

name: mysql

namespace: mysql

spec:

selector:

app: mysql

ports:

- port: 3306

targetPort: 3306

type: NodePort

# Database deployment completed 

---

# Create the project namespace 

apiVersion: v1

kind: Namespace

metadata:

namespace: wordpress

name: wordpress

---

# Create a controller for the project 

apiVersion: apps/v1

kind: Deployment

metadata:

name: wordpress

namespace: wordpress

spec:

selector:

matchLabels:

app: wordpress

template:

metadata:

labels:

app: wordpress

spec:

containers:

- name: php

image: alvinos/php:wordpress-v2

imagePullPolicy: Always

livenessProbe:

exec:

command:

- "/bin/bash"

- "-c"

- "ps -ef | grep php"

initialDelaySeconds: 0

periodSeconds: 3

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 1

readinessProbe:

tcpSocket:

port: 9000

initialDelaySeconds: 20

periodSeconds: 1

timeoutSeconds: 1

successThreshold: 3

failureThreshold: 1

- name: nginx

image: alvinos/nginx:wordpress-v2

imagePullPolicy: Always

livenessProbe:

exec:

command:

- "/bin/bash"

- "-c"

- "cat /etc/nginx/nginx.conf"

initialDelaySeconds: 0

periodSeconds: 3

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 1

readinessProbe:

tcpSocket:

port: 80

initialDelaySeconds: 10

periodSeconds: 1

timeoutSeconds: 1

successThreshold: 3

failureThreshold: 1

# Controller deployment completed 

---

# Deployment controller Service

apiVersion: v1

kind: Service

metadata:

name: wordpress

namespace: wordpress

spec:

selector:

app: wordpress

ports:

- port: 80

targetPort: 80

name: http

nodePort: 30080

- port: 443

targetPort: 443

name: https

type: NodePort



cluster.local If you want to modify it, you can modify it here 

[[email protected] wordpress]# grep -ro "cluster.local" /etc/kubernetes/

/etc/kubernetes/manifests/kube-apiserver.yaml:cluster.local

ADM Of api High availability

Export initialization file , Making a change 

[[email protected] ~]# kubeadm config print init-defaults > init-config.yaml

[[email protected] ~]# cat init-config.yaml

apiVersion: kubeadm.k8s.io/v1beta2

bootstrapTokens:

- groups:

- system:bootstrappers:kubeadm:default-node-token

token: abcdef.0123456789abcdef

ttl: 24h0m0s

usages:

- signing

- authentication

kind: InitConfiguration

localAPIEndpoint:

advertiseAddress: 1.2.3.4

bindPort: 6443

nodeRegistration:

criSocket: /var/run/dockershim.sock

name: node

taints: null

---

apiServer:

timeoutForControlPlane: 4m0s

apiVersion: kubeadm.k8s.io/v1beta2

certificatesDir: /etc/kubernetes/pki

clusterName: kubernetes

controllerManager: {}

dns:

type: CoreDNS

etcd:

local:

dataDir: /var/lib/etcd

imageRepository: k8s.gcr.io

kind: ClusterConfiguration

kubernetesVersion: 1.21.0

networking:

dnsDomain: cluster.local

serviceSubnet: 10.96.0.0/12

scheduler: {}

modify 

INIT_IP=`hostname -i`

INIT_HOST=`hostname`

cat > init-config.yaml << EOF

apiVersion: kubeadm.k8s.io/v1beta2

bootstrapTokens:

- groups:

- system:bootstrappers:kubeadm:default-node-token

token: abcdef.0123456789abcdef

ttl: 24h0m0s

usages:

- signing

- authentication

kind: InitConfiguration

localAPIEndpoint:

advertiseAddress: ${INIT_IP} # Current host ip

bindPort: 6443

nodeRegistration:

criSocket: /var/run/dockershim.sock

name: ${INIT_HOST} # Corresponding host name 

taints:

- effect: NoSchedule

key: node-role.kubernetes.io/master

---

apiServer:

certSANs:

- 192.168.15.59 # Highly available virtual IP

timeoutForControlPlane: 4m0s

apiVersion: kubeadm.k8s.io/v1beta2

certificatesDir: /etc/kubernetes/pki

clusterName: kubernetes

controlPlaneEndpoint: 192.168.15.59:8443

controllerManager: {}

dns:

type: CoreDNS

etcd:

local:

dataDir: /var/lib/etcd

imageRepository: registry.cn-shanghai.aliyuncs.com/baim0os # Own mirror warehouse 

kind: ClusterConfiguration

kubernetesVersion: 1.21.3

networking:

dnsDomain: cluster.local

podSubnet: 10.244.0.0/16

serviceSubnet: 10.96.0.0/12

scheduler: {}

EOF

Install highly available software 

 # Three stations master All nodes need to be installed 

# keeplived + haproxy

[[email protected] ~]# yum install -y keepalived haproxy


# modify keepalived The configuration file 

# According to different nodes , The modified configuration is also different 

mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak

cd /etc/keepalived

KUBE_APISERVER_IP=`hostname -i`

cat > /etc/keepalived/keepalived.conf <<EOF

! Configuration File for keepalived

global_defs {

router_id LVS_DEVEL

}

vrrp_script chk_kubernetes {

script "/etc/keepalived/check_kubernetes.sh"

interval 2

weight -5

fall 3

rise 2

}

vrrp_instance VI_1 {

state MASTER

interface eth0

mcast_src_ip ${KUBE_APISERVER_IP}

virtual_router_id 51

priority 100

advert_int 2

authentication {

auth_type PASS

auth_pass K8SHA_KA_AUTH

}

virtual_ipaddress {

192.168.15.59

}

}

EOF

[[email protected] /etc/keepalived]# systemctl enable --now keepalived


# modify haproxy The configuration file 

# High availability software 

cat > /etc/haproxy/haproxy.cfg <<EOF

global

maxconn 2000

ulimit-n 16384

log 127.0.0.1 local0 err

stats timeout 30s

defaults

log global

mode http

option httplog

timeout connect 5000

timeout client 50000

timeout server 50000

timeout http-request 15s

timeout http-keep-alive 15s

frontend monitor-in

bind *:33305

mode http

option httplog

monitor-uri /monitor

listen stats

bind *:8006

mode http

stats enable

stats hide-version

stats uri /stats

stats refresh 30s

stats realm Haproxy\ Statistics

stats auth admin:admin

frontend k8s-master

bind 0.0.0.0:8443

bind 127.0.0.1:8443

mode tcp

option tcplog

tcp-request inspect-delay 5s

default_backend k8s-master

backend k8s-master

mode tcp

option tcplog

option tcp-check

balance roundrobin

default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100

server m01 192.168.15.51:6443 check inter 2000 fall 2 rise 2 weight 100

server m02 192.168.15.52:6443 check inter 2000 fall 2 rise 2 weight 100

server m03 192.168.15.53:6443 check inter 2000 fall 2 rise 2 weight 100

EOF

[[email protected] /etc/keepalived]# systemctl enable --now haproxy.service

Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

Initialize cluster 

kubeadm init --config init-config.yaml --upload-certs
# Copy the master node command 

kubeadm join 192.168.15.59:8443 --token abcdef.0123456789abcdef \

--discovery-token-ca-cert-hash sha256:b22691a3783c7f1a3544006e64907418476b6942393dffa02b3b0f20cb46a083 \

--control-plane --certificate-key 2e222d296099e3c4656dd9aa12d81b5bbbd0a3f2f13d6d3a9252334034785af1

# Copy from node command 

kubeadm join 192.168.15.59:8443 --token abcdef.0123456789abcdef \

--discovery-token-ca-cert-hash sha256:b22691a3783c7f1a3544006e64907418476b6942393dffa02b3b0f20cb46a083
# start-up 

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Install network plug-ins calico

# download calico

curl https://docs.projectcalico.org/manifests/calico.yaml -O
# Deploy calico

kubectl apply -f calico.yaml

Each node executes the join command 

# Set the cluster role 

kubectl label nodes n01 node-role.kubernetes.io/node=n01

kubectl label nodes n02 node-role.kubernetes.io/node=n02
# View the cluster status 

[[email protected] ~]# kubectl get nodes

[[email protected] ~]# kubectl get nodes

NAME STATUS ROLES AGE VERSION

m01 Ready control-plane,master 36m v1.21.3

m02 Ready control-plane,master 6m47s v1.21.3

m03 Ready control-plane,master 5m50s v1.21.3

n01 Ready node 5m v1.21.3

n02 Ready node 4m42s v1.21.3

More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem

More interesting content, please pay attention to WeChat official account : New technology ecosystem

K8S Chapter 8 of the series (Service、EndPoints And high availability kubeadm Deploy ) More articles about

  1. MySQL series ( 5、 ... and ) Multiple instances 、 High availability production environment

    MySQL series ( 5、 ... and ) Multiple instances . High availability production environment   Chapter one :MySQL series ( One ) Production standard line environment installation configuration case and difficult problem solving Second articles :MySQL series ( Two ) The biggest loser in history . You don't know about database operations Third ...

  2. Spring Cloud Chapter 11 | Distributed configuration center is highly available

    ​ This article is about Spring Cloud The eleventh article of the column , Understanding the contents of the first ten articles is helpful to better understand this article : Spring Cloud Chapter one | Spring Cloud Introduction to foreword and its common components Spring Cl ...

  3. Distributed architecture, high availability architecture _04_Keepalived+Nginx High availability Web Load balancing

    Reference resources :  Longguo College http://www.roncoo.com/share.html?hamc=hLPG8QsaaWVOl2Z76wpJHp3JBbZZF%2Bywm5vEfPp9LbLkAjAnB%2B ...

  4. SpringCloud Series IV : Realization Eureka Server And register the application to Eureka Sever On the cluster

    1. review In the last blog post , Single node is realized Eureka Server.Eureka Client Regular connection Eureka Server, Get the information in the registry and cache it locally . Microservices are consuming remote services API Always use local ...

  5. prometheus Learning Series 11 : Prometheus and AlertManager High availability

    In the previous series , prometheus and alertmanager They are all deployed on a single machine , There will be single machine downtime, resulting in system unavailability . This article mainly introduces prometheus and alertmanager High availability solution for . High availability of services ...

  6. Java series -- Chapter eight be based on Maven Of SSME Send by regular mail

    About ssme This is my little sample project , If you want to make sparrow small , Five zang organs , See a lot, some web They all have the function of sending emails regularly , Miss me ssme Add this function as well , After consulting relevant documents , Find out spring It comes with a scheduler quartz, Next ...

  7. javascript Sports series 8 —— Wall movement

    × Catalog [1] Hit the wall at a constant speed [2] Free fall [3] Throw into the wall [4] Drag on the wall In front of the word Collision motion may be a more complex motion in the motion series . Collision can be divided into two forms: wall collision and mutual collision , The motion before and after the collision can also be divided into variable speed and uniform speed ...

  8. Learn more jQuery Selector series 8 —— Filter selector pseudo child element selector

    × Catalog [1] General form [2] The reverse form [3] First and last elements [4] The only element In front of the word This article is a continuation of the sub element selector , It is mainly about nth-of-type() The contents of the selector . This part is not absent from < Incisive ...

  9. 【Windows Programming 】 Chapter 8 of the series : Common dialog box

    Last time we learned the basic programming of menu , This article is about the use of General dialog box .Windows System is the most popular desktop system at present , It is also because Windows There's a set of standards , Unified friendly interface , Like the menu . The toolbar . The status bar and each ...

  10. MongoDB Basic tutorial series -- Chapter eight MongoDB Replica set realizes replication function

    Why copy Why copy ? If our database only exists on one server , If this server goes down , That would be a disaster for our data , Of course, that's just one reason , If the amount of data is very large , Read and write operations will inevitably affect the performance of the database , At this point, the copy is done ...

Random recommendation

  1. [email protected] GDB debugging

    Text from :http://www.cppblog.com/lucency/archive/2012/08/09/59214.html I searched the Internet for a long time before using sublime debugging C and C++ The article , But in vain ...

  2. android A simple example of connecting to the network

    1.android There are two classes of connecting networks HttpURLConnect and HttpClient, however HttpClient Has gradually been HttpURLConnect Class instead, so I don't mention . 2. example String add ...

  3. dm3730 and dm6437,dm6446,AM335x Different start-up processes

    dm3730 The start-up process is RBL+X-loader+uboot+uImage In the film ROM(fireware), Intraslice SRAM, Off chip DDR, Off chip DDR. The reason for establishing such a complex startup process , My personal reason ...

  4. Talking about JS Inheritance

    JS Inherit Inheritance is OO The most popular concept in language , many OO Both languages support two ways of inheritance : Interface inheritance : Implementation inheritance . Interface inheritance : Inherit method signature only . Implementation inheritance : Inherit the actual method . because ES There is no signature in the function , So in ES No inside ...

  5. The content of elements must consist of well-formed character data or markup

    java Use in dom4j Parse a with special characters xml There is an error in the file At this time, you need to add... Outside the special characters <![CDATA[ /6169220648+20671/1>7+-47390045& ...

  6. perform find / -name *.sh Times wrong find: The path must precede the expression : start-ressvr-release.sh

    Want to find a file that contains 4000 All files in the directory of multiple files .sh Final document Use command      find  ./ -name *.sh     ( It is already in the directory to be searched ) The result is wrong :  Solution 1 :find ./ - ...

  7. redis Summary of common operation methods of various data types in

    stay spring Use in jedisTemplate operation , See https://www.cnblogs.com/EasonJim/p/7803067.html One .Redis Five data types of 1.String( ...

  8. Concurrent Research Java Memory model (Java Memory Model)

    Java Memory model JMM java Memory model definition Last time we talked about CPU Cache consistency and memory barrier issues . that Java As a cross platform language , Its implementation has to face different underlying hardware systems , Design a middle layer model to shield the underlying hard ...

  9. mysql Solutions to garbled code problem

    Recently developed a small project , Encountered the most common garbled code problem . 1. Database usage utf-8  utf-8_generic_ci code , Use csv Upload and import data , There was a problem inserting data , Most of the data has not been imported , So use m ...

  10. mybatis Condition Inquire about

    Condition condition = new Condition(ACurrentTotal.class); condition.createCriteria().andCondition(&q ...