/ DevOps

用Minikube体验单节点K8S

Minikube为各种操作系统的开发者,提供了运行K8S最简洁的方式。它最小化了安装k8s的需求和工作量。而且在各种操作系统上可以实现相同的体验。本文用精简的语言,描述了从安装minikube到运行容器化应用的过程。主要命令和输出来自macOS。

minikube-logo

安装Hypervisor

需要在任何笔记本或者工作上安装一个Hypervisor,因此首先你需要坚持电脑的CPU是否开启了虚拟化的支持,检查BIOS的VT-X或者AMD-v的配置。

  • OS X,安装 xhyve driver, VirtualBox 或 VMware Fusion
  • Linux, 安装 VirtualBox 或 KVM
  • Windows, 安装 VirtualBox or Hyper-V

Minikube会生成一个虚拟机,用于运行一个安装和部署好的k8s单节点系统。

安装kubectl

kubectl是k8s系统的管理工具,是一个命令行工具,它用于和master交互,完成群集和服务的管理等工作。

kubectl的安装文档: https://kubernetes.io/docs/tasks/tools/install-kubectl/

在macOS上最简单的安装方法是下面这条命令:

brew install kubectl

brew的好处是后续可以帮忙持续的升级。

其它非brew安装方法,见以上安装文档的 Install kubectl binary via curl 部分。

安装 minikube

在macOS上使用的默认的Hypervisor是VirtualBox,如果想要用xhyve需要在启动的时候加上参数 --vm-driver=xhyve

安装最新版本的 minikube 需要参考这个网页 https://github.com/kubernetes/minikube/releases

minikube 是一个命令行工具,它的命令行参数如下:

Minikube is a CLI tool that provisions and manages single-node Kubernetes clusters optimized for development workflows.

Usage:
  minikube [command]

Available Commands:
  addons           Modify minikube's kubernetes addons
  completion       Outputs minikube shell completion for the given shell (bash)
  config           Modify minikube config
  dashboard        Opens/displays the kubernetes dashboard URL for your local cluster
  delete           Deletes a local kubernetes cluster
  docker-env       Sets up docker env variables; similar to '$(docker-machine env)'
  get-k8s-versions Gets the list of available kubernetes versions available for minikube
  ip               Retrieves the IP address of the running cluster
  logs             Gets the logs of the running localkube instance, used for debugging minikube, not user code
  mount            Mounts the specified directory into minikube
  profile          Profile sets the current minikube profile
  service          Gets the kubernetes URL(s) for the specified service in your local cluster
  ssh              Log into or run a command on a machine with SSH; similar to 'docker-machine ssh'
  ssh-key          Retrieve the ssh identity key path of the specified cluster
  start            Starts a local kubernetes cluster
  status           Gets the status of a local kubernetes cluster
  stop             Stops a running local kubernetes cluster
  update-context   Verify the IP address of the running cluster in kubeconfig.
  version          Print the version of minikube

Flags:
      --alsologtostderr                  log to standard error as well as files
  -b, --bootstrapper string              The name of the cluster bootstrapper that will set up the kubernetes cluster. (default "localkube")
  -h, --help                             help for minikube
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --loglevel int                     Log level (0 = DEBUG, 5 = FATAL) (default 1)
      --logtostderr                      log to standard error instead of files
  -p, --profile string                   The name of the minikube VM being used.
	This can be modified to allow for multiple minikube instances to be run independently (default "minikube")
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          log level for V logs
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

Use "minikube [command] --help" for more information about a command.

minikube 就是一个命令行工具,就是一个可执行文件。在macOS上也可以用brew安装,安装命令如下:

brew cask install minikube

minikube 的快速参考文档在这里: https://github.com/kubernetes/minikube/blob/v0.22.2/README.md

启动minikube

虚拟化的Hypervisor和kubctl就绪了以后,就可以启动minikube了,命令如下:

minikube start

Starting local Kubernetes v1.7.5 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.

启动以后随时都可以用下面这个命令检查minikube的状态。

minikube status

停止minikube服务,也就是关机那个start命令创建的虚拟机。

minikube stop

访问和使用minikube

minikube ssh

登录到minikube的虚拟机里的命令就是ssh,进去之后,查看一下docker镜像。

minikube ssh
                        ##         .
                  ## ## ##        ==
               ## ## ## ## ##    ===
           /"""""""""""""""""\___/ ===
      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
           \______ o           __/
             \    \         __/
              \____\_______/
 _                 _   ____     _            _
| |__   ___   ___ | |_|___ \ __| | ___   ___| | _____ _ __
| '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|
| |_) | (_) | (_) | |_ / __/ (_| | (_) | (__|   <  __/ |
|_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|
Boot2Docker version 1.11.1, build master : 901340f - Fri Jul  1 22:52:19 UTC 2016
Docker version 1.11.1, build 5604cbe
docker@minikube:~$ docker images
REPOSITORY                                             TAG                 IMAGE ID            CREATED             SIZE
nginx                                                  latest              da5939581ac8        9 days ago          108.3 MB
gcr.io/google_containers/kubernetes-dashboard-amd64    v1.6.3              691a82db1ecd        8 weeks ago         139 MB
<none>                                                 <none>              2f7f7bce8929        11 weeks ago        107.5 MB
gcr.io/google_containers/k8s-dns-sidecar-amd64         1.14.4              38bac66034a6        12 weeks ago        41.82 MB
gcr.io/google_containers/k8s-dns-kube-dns-amd64        1.14.4              a8e00546bcf3        12 weeks ago        49.39 MB
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64   1.14.4              f7f45b9cb733        12 weeks ago        41.42 MB
gcr.io/google-containers/kube-addon-manager            v6.4-beta.2         0a951668696f        3 months ago        79.24 MB
gcr.io/google_containers/kubernetes-dashboard-amd64    v1.5.0              e5133bac8024        9 months ago        88.9 MB
gcr.io/google-containers/kube-addon-manager            v6.1                59e1315aa5ff        9 months ago        59.37 MB
gcr.io/google_containers/kubedns-amd64                 1.8                 597a45ef55ec        11 months ago       57.89 MB
gcr.io/google_containers/kube-dnsmasq-amd64            1.4                 3ec65756a89b        11 months ago       5.13 MB
gcr.io/google_containers/exechealthz-amd64             1.2                 93a43bfb39bf        12 months ago       8.375 MB
gcr.io/google_containers/echoserver                    1.4                 a90209bb39e3        16 months ago       140.4 MB
gcr.io/google_containers/pause-amd64                   3.0                 99e59f495ffa        16 months ago       746.9 kB
docker@minikube:~$ docker ps

以上的命令输出中,镜像的名称是以 gcr.io/google_containers/ 就都是属于k8s的系统容器,k8s的系统服务就都是这些docker容器提供的服务。

docker ps命令可以看到当前这个虚拟机正在运行的容器。

kubectl run

kubectl run 命令是用来运行一个docker镜像的,还可以制定在k8s群集中运行几个某镜像的容器。可以创建一个部署或者作业,用它们来管理容器的创建。包括在一个部署或者作业中,运行某个docker镜像的,容器数量,环境变量参数,开放的端口,启动的参数等等。看下面的这个实例。

$ kubectl run hello-minikube --image=gcr.io/google_containers/echoserver:1.4 --port=8080
deployment "hello-minikube" created
$ kubectl expose deployment hello-minikube --type=NodePort
service "hello-minikube" exposed

# We have now launched an echoserver pod but we have to wait until the pod is up before curling/accessing it
# via the exposed service.
# To check whether the pod is up and running we can use the following:
$ kubectl get pod
NAME                              READY     STATUS              RESTARTS   AGE
hello-minikube-3383150820-vctvh   1/1       ContainerCreating   0          3s
# We can see that the pod is still being created from the ContainerCreating status
$ kubectl get pod
NAME                              READY     STATUS    RESTARTS   AGE
hello-minikube-3383150820-vctvh   1/1       Running   0          13s
# We can see that the pod is now Running and we will now be able to curl it:
$ curl $(minikube service hello-minikube --url)
CLIENT VALUES:
client_address=172.17.0.2
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://192.168.99.100:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
host=192.168.99.100:31721
user-agent=curl/7.54.0
BODY:
-no body in request-%

命令含义简介:

  • kubectl expose 在一个特定的端口上,把一个资源暴露为k8s的一个服务,这个资源可以是一个部署、副本集。可能的资源包括:pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)
  • kubectl get 显示/查看一个或者多个资源的信息。
  • minikube service 获取本地k8s群集里某个特定服务的服务地址URL

访问API服务器

访问k8s的重要组件API服务器,访问的方法是:用kubectl先得到一个 Bearer Token 的访问令牌,用这个令牌访问API服务器的服务网址,下面的例子使用curl当api访问的客户端。

$ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')

$ APISERVER=$(kubectl config view | grep https | cut -f 2- -d ":" | tr -d " ")

$  curl $APISERVER --header "Authorization: Bearer $TOKEN" --insecure
{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/admissionregistration.k8s.io",
    "/apis/admissionregistration.k8s.io/v1alpha1",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/apis/apiregistration.k8s.io",
    "/apis/apiregistration.k8s.io/v1beta1",
    "/apis/apps",
    "/apis/apps/v1beta1",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2alpha1",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v2alpha1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1alpha1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/settings.k8s.io",
    "/apis/settings.k8s.io/v1alpha1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/ping",
    "/healthz/poststarthook/apiservice-registration-controller",
    "/healthz/poststarthook/apiservice-status-available-controller",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/ca-registration",
    "/healthz/poststarthook/extensions/third-party-resources",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/kube-apiserver-autoregistration",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/healthz/poststarthook/start-kube-aggregator-informers",
    "/healthz/poststarthook/start-kube-apiserver-informers",
    "/logs",
    "/metrics",
    "/swagger-2.0.0.json",
    "/swagger-2.0.0.pb-v1",
    "/swagger-2.0.0.pb-v1.gz",
    "/swagger.json",
    "/swaggerapi",
    "/ui",
    "/ui/",
    "/version"
  ]
}%


访问Web UI (Dashboard)

Dashboad是k8s的一个图形界面,可以用它部署容器化的应用,排错和管理k8s群集。在minikube上启动这个界面的命令是 minikube dashboard ,你系统的默认浏览器会自动弹出如下界面。

Overview---Kubernetes-Dashboard

关于Dashbaord的文档在: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

用minikube运行应用

minikube正常运行起来以后,就可以参考文档 https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/ 在这个k8s系统上运行一些demo的应用,对应用做启停、扩缩容等体验。