文档

docker:

https://blog.csdn.net/weixin_43834401/article/details/122289776

k8s:

https://www.cnblogs.com/yy690486439/p/13596947.html

https://cloud.tencent.com/developer/article/1854101

Docker 安装和配置

 1# 卸载可能存在的旧版本(因为docker的旧版本不一定被称为docker,docker.io 或 docker-engine 也有可能)
 2zhangcong@lenovo-e47-1no6e7d:~$ sudo apt-get remove docker docker-engine docker-ce docker.io
 3
 4# 更新apt包索引
 5zhangcong@lenovo-e47-1no6e7d:~$ sudo apt-get update
 6
 7# Docker 安装时需要的依赖:
 8
 9zhangcong@lenovo-e47-1no6e7d:~$ apt-get install ca-certificates curl gnupg lsb-release
10
11# 添加Docker GPG密钥
12zhangcong@lenovo-e47-1no6e7d:~$ curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
13
14# 添加 Docker 软件源
15
16
17zhangcong@lenovo-e47-1no6e7d:~$ sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
18
19# 安装docker
20
21zhangcong@lenovo-e47-1no6e7d:~$ apt-get install docker-ce docker-ce-cli containerd.io
22
23
24
25
26# 配置 docker 用户组(可选)
27# 默认情况下,只有root用户和docker组的用户才能运行Docker命令。
28# 我们可以将当前用户添加到docker组,以避免每次使用Docker时都需要使用sudo。命令如下:
29zhangcong@lenovo-e47-1no6e7d:~$ sudo usermod -aG docker $USER && newgrp docker
30
31# 配置 docker 国内源:
32zhangcong@lenovo-e47-1no6e7d:~$ sudo vi /etc/docker/daemon.json
33{
34  "exec-opts": ["native.cgroupdriver=systemd"],
35  "data-root": "/home/zhangcong/dev/docker",
36  "dns": ["8.8.8.8","114.114.114.114"],
37  "live-restore":true,
38  "registry-mirrors":["https://registry.docker-cn.com",
39"https://hub-mirror.c.163.com",
40"https://docker.mirrors.ustc.edu.cn"
41]
42}
43# 重启docker服务使之生效:
44zhangcong@lenovo-e47-1no6e7d:~$ sudo systemctl restart docker
45# 查看docker详情:
46zhangcong@lenovo-e47-1no6e7d:~$ docker info
47# 看到 Registry Mirrors 中有上面设置的国内源

k8s的安装和配置

安装 minikube:

 1# 下载地址:
 2# Intel x86_64
 3root@lenovo-e47-1no6e7d:/data/downloads/k8s# curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
 4
 5# Apple arm64
 6root@lenovo-e47-1no6e7d:/data/downloads/k8s# curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-arm64
 7
 8# 设置文件可执行
 9root@lenovo-e47-1no6e7d:/data/downloads/k8s# chmod +x minikube-linux-arm64
10
11# 安装到bin目录
12root@lenovo-e47-1no6e7d:/data/downloads/k8s# install minikube-linux-amd64 /usr/local/bin/minikube
13# 或者:
14root@lenovo-e47-1no6e7d:/data/downloads/k8s# ln -s /data/downloads/k8s/minikube-linux-amd64 /usr/local/bin/minikube
15
16# 查看版本
17root@lenovo-e47-1no6e7d:/data/downloads/k8s# minikube version
18minikube version: v1.32.0
19commit: 8220a6eb95f0a4d75f7f2d7b14cef975f050512d

安装 kubectl

 1# 下载 kubectl
 2# 后面启动minikube时,指定了k8s的版本参数为v1.23.8;所以建议也下载v1.23.8的kubectl
 3root@lenovo-e47-1no6e7d:/data/downloads/k8s# curl -LO "https://dl.k8s.io/release/v1.23.8/bin/linux/amd64/kubectl"
 4# 或者下载最新的kubectl,但是不知道会不会有什么问题
 5root@lenovo-e47-1no6e7d:/data/downloads/k8s# curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
 6
 7# 设置文件可执行
 8root@lenovo-e47-1no6e7d:/data/downloads/k8s# chmod +x kubectl
 9
10# 安装到bin目录
11root@lenovo-e47-1no6e7d:/data/downloads/k8s# ln -s /data/downloads/k8s/kubectl /usr/local/bin/kubectl
12
13# 查看版本
14root@lenovo-e47-1no6e7d:/data/downloads/k8s# kubectl version --client
15Client Version: v1.28.3
16Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

使用 minikube 创建并运行 k8s

注意:此处要以普通用户运行(还需要配置docker用户组;上面的docker安装中有具体操作)否则报错:Exiting due to DRV_AS_ROOT: The “docker” driver should not be used with root privileges.

1zhangcong@lenovo-e47-1no6e7d:~$ minikube start --driver='docker' --kubernetes-version=v1.23.8 --image-mirror-country='cn'

image-mirror-country 为指定使用国内源:registry.cn-hangzhou.aliyuncs.com/google_containers

kubernetes-version 指定部署的版本(最新版兼容性坑比较多,所以选择低版本)

启动过程中,报出如下错误:

1stderr:
2Unable to find image 'registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.42@sha256:d35ac07dfda971cabee05e0deca8aeac772f885a5348e1a0c0b0a36db20fcfc0' locally
3docker: Error response from daemon: manifest for registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase@sha256:d35ac07dfda971cabee05e0deca8aeac772f885a5348e1a0c0b0a36db20fcfc0 not found: manifest unknown: manifest unknown.
4See 'docker run --help'.

只能先手动安装 kicbase:v0.0.42

 1zhangcong@lenovo-e47-1no6e7d:~$ docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.42
 2v0.0.42: Pulling from google_containers/kicbase
 3Digest: sha256:0e2bba4730c8a11925636ae4c18b07fb5e4b3ec2904be62944109eac8acaf6fa
 4Status: Image is up to date for registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.42
 5registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.42
 6
 7zhangcong@lenovo-e47-1no6e7d:~$ docker images -a --digests
 8REPOSITORY                                                                    TAG       DIGEST                                                                    IMAGE ID       CREATED         SIZE
 9registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase                   v0.0.42   sha256:0e2bba4730c8a11925636ae4c18b07fb5e4b3ec2904be62944109eac8acaf6fa   dbc648475405   7 weeks ago     1.2GB
10registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver            v1.23.8   sha256:41b72e33afeba7e925f002b6bd3ac33a6bc364a03514bfd7416793b3a4fbadaa   09d62ad3189b   18 months ago   135MB
11registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy                v1.23.8   sha256:71e8db32908c9db3ecbf48cf22af3b366c8a07b66f86b2cb553874402f8f068c   db4da8720bcb   18 months ago   112MB
12registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler            v1.23.8   sha256:cf1842e377fa32a72dab549e203dbb51c20189f9321d2d2b5e7f96214f60ab05   afd180ec7435   18 months ago   53.5MB
13registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager   v1.23.8   sha256:9c890c050cbf6991750dbd21473760eaef5175d90e944bb92be5c02cb5297e16   2b7c5a039984   18 months ago   125MB
14registry.cn-hangzhou.aliyuncs.com/google_containers/etcd                      3.5.1-0   sha256:64b9ea357325d5db9f8a723dcf503b5a449177b17ac87d69481e126bb724c263   25f8c7f3da61   2 years ago     293MB
15registry.cn-hangzhou.aliyuncs.com/google_containers/coredns                   v1.8.6    sha256:5b6ec0d6de9baaf3e92d0f66cd96a25b9edbce8716f5f15dcd1a616b3abd590e   a4ca41631cc7   2 years ago     46.8MB
16registry.cn-hangzhou.aliyuncs.com/google_containers/pause                     3.6       sha256:3d380ca8864549e74af4b29c10f9cb0956236dfb01c40ca076fb6c37253234db   6270bb605e12   2 years ago     683kB
17registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner       v5        sha256:18eb69d1418e854ad5a19e399310e52808a8321e4c441c1dddad8977a0d7a944   6e38f40d628d   2 years ago     31.5MB

然而在次运行 minikube start –driver=‘docker’ –kubernetes-version=v1.23.8 –image-mirror-country=‘cn’ 还是报相同的错误

遂发现,启动需要的kicbase:v0.0.42的sha256值与手动安装的sha256值不一致。

没办法,只能修改docker 的 Digest:

修改 /var/lib/docker/image/overlay2/repositories.json (修改前请先备份),把 手动安装kicbase:v0.0.42的sha256值替换为错误信息中sha256的值。

然后重启docker服务:

1zhangcong@lenovo-e47-1no6e7d:~$ sudo systemctl restart docker

如果安装还有报错,请删除已有的k8s:

1zhangcong@lenovo-e47-1no6e7d:~$ minikube delete
2# 删除所有本地k8s和配置文件
3zhangcong@lenovo-e47-1no6e7d:~$ minikube delete --all

再重新执行上面的安装操作。

其他操作:

 1# 启动k8s(前提是前面已经安装了k8s;否则就直接安装最新版本的k8s,然后启动)
 2zhangcong@lenovo-e47-1no6e7d:~$ minikube start
 3
 4# 进入到K8S的机器中
 5zhangcong@lenovo-e47-1no6e7d:~$ minikube ssh
 6
 7# 查看K8S状态
 8zhangcong@lenovo-e47-1no6e7d:~$ minikube status
 9
10# 停止集群
11zhangcong@lenovo-e47-1no6e7d:~$ minikube stop

访问 kubernetes-dashboard

1zhangcong@lenovo-e47-1no6e7d:~$ minikube dashboard --url
2🤔  正在验证 dashboard 运行情况 ...
3🚀  正在启动代理...
4🤔  正在验证 proxy 运行状况 ...
5http://127.0.0.1:37351/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

此时,可以在本机浏览器中输入上面的地址访问dashboard。

为了能在其他客户机访问dashboard,需要在minikube的Linux上添加外部访问代理:

1zhangcong@lenovo-e47-1no6e7d:~$ kubectl proxy --address='0.0.0.0' --port=8000 --accept-hosts='^*$'
2Starting to serve on [::]:8000

此处,address、port均为minikube所在机器的IP和端口。

设置后,在其他客户机可以通过浏览器 http://192.168.0.91:8000/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ 访问。

注意:minikube dashboard 和 kubectl proxy 都会占用一个终端连接,如果要后台运行,使用nohup …… &

查看集群状态(如下表示启动成功):

 1zhangcong@lenovo-e47-1no6e7d:~$ kubectl get po -A
 2NAMESPACE              NAME                                         READY   STATUS    RESTARTS        AGE
 3kube-system            coredns-65c54cc984-lk9z9                     1/1     Running   2 (4h37m ago)   24h
 4kube-system            etcd-minikube                                1/1     Running   2 (4h37m ago)   24h
 5kube-system            kube-apiserver-minikube                      1/1     Running   2 (4h37m ago)   24h
 6kube-system            kube-controller-manager-minikube             1/1     Running   2 (4h37m ago)   24h
 7kube-system            kube-proxy-hldmb                             1/1     Running   2 (4h37m ago)   24h
 8kube-system            kube-scheduler-minikube                      1/1     Running   2 (4h37m ago)   24h
 9kube-system            storage-provisioner                          1/1     Running   5 (4h8m ago)    24h
10kubernetes-dashboard   dashboard-metrics-scraper-7db978b848-6njgz   1/1     Running   0               4h8m
11kubernetes-dashboard   kubernetes-dashboard-6f4c897964-pp4rk        1/1     Running   0               4h8m

查看minikube的 ip

1zhangcong@lenovo-e47-1no6e7d:~$ minikube ip
2192.168.49.2