雖然 k8s 已夯很久,但工作事務上一直還沒用他,主因是現有的 Jenkins + Ansible 已經可以輕鬆管理數百台機器群,說穿了也滿像實體機房管理機制,有人(Linode/AWS/GCP/Azure)負責把實體機器上架插上電源網路線,接著設法自動化(Ansible)找到他們完成初始化,接著靠 Jenkions 完成 CI/CD。
年初就想要提升同事技能,刻意備好書推動,現在趁個颱風天自己也找點時間走一輪吧!我認為 k8s 的線上資源已經夠多了,已夯了五年,到處都有精美的簡中電子書和鐵人文,如:
- 2018年起至今都有更新 - Kubernetes Handbook (Kubernetes指南)
- 鐵人賽, 2017年12月起 - k8s 不自賞
- 鐵人賽, 2017年12月起 - Kubernetes 30天學習筆記
整體上,我覺得可以 Kubernetes Handbook (Kubernetes指南)那為基準,先把基礎入門文都看一下,知道 k8s 源自於 Google Borg 的設計理念,往後只要看著 k8s 架構圖即可:
例如操作 k8s 可以透過 kubectl 指令,也可以透過 api 呼叫,更可以透過 Web UI 來操作。如果硬要對比的話,早年 AWS 2009 前後,一開始也是先提供 API 操控方式,接著進展到 Firefox plugin,後續提供 Web UI 並且越來越豐富,對應的還有 Azure / GCP 一推出就有 Web UI 可操作,接著為了自動化操控,我們會使用 API level 的方式,透過基本的權限掌控後,得知機器的 IP 跟默認的登入方式,也可以簡化成單純在 AWS/GCP Web UI 開好機器及設定好標籤後,後續 ansible-playbook 就能全盤接手處理。
至於要認識 k8s ,目前看到 minukube 是最佳的下手,他支援跨平台。實務上只需做一兩件事:
- 下載 minukube ,可以架設出本地 k8s cluster (預設是單一節點)
- 下載 kubectl 工具(雖然 minukube kubectl 也能呼喚出)
這邊做一點有趣的情境:在 macos 上僅安裝 kubectl 而已,在 windows 11 安裝 minukube v1.31.2 + VirtualBox v7.0.10,讓 Windows 資源拿來運作 k8s 環境,未來 macos 就縮減成 thin client 用來遠端操作。
實作方式 - macOS (也可靠 MacPorts 或 Homebrew 安裝):
% curl -L https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/darwin/amd64/kubectl > /tmp/kubectl% chmod 700 /tmp/kubectl% /tmp/kubectl versionClient Version: v1.28.1Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3The connection to the server localhost:8080 was refused - did you specify the right host or port?
這邊就可以看到 kubectl 他本身預設會去跟 localhost:8080 溝通,那代表其可以設定在遠方。
實作方式 - Windows 11:
PS C:\Users\user\Downloads> .\minikube-windows-amd64.exe start😄 minikube v1.31.2 on Microsoft Windows 11 Pro 10.0.22621.2215 Build 22621.2215✨ Using the virtualbox driver based on existing profile👍 Starting control plane node minikube in cluster minikube🔄 Restarting existing virtualbox VM for "minikube" ...❗ This VM is having trouble accessing https://registry.k8s.io💡 To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/🐳 Preparing Kubernetes v1.27.4 on Docker 24.0.4 ...🔗 Configuring bridge CNI (Container Networking Interface) ...▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5▪ Using image docker.io/kubernetesui/dashboard:v2.7.0▪ Using image docker.io/kubernetesui/metrics-scraper:v1.0.8🔎 Verifying Kubernetes components...💡 Some dashboard features require the metrics-server addon. To enable all features please run:minikube addons enable metrics-server🌟 Enabled addons: default-storageclass, storage-provisioner, dashboard💡 kubectl not found. If you need it, try: 'minikube kubectl -- get pods -A'🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by defaultPS C:\Users\user\Downloads> .\minikube-windows-amd64.exe stop✋ Stopping node "minikube" ...🛑 1 node stopped.PS C:\Users\user\Downloads> .\minikube-windows-amd64.exe delete🔥 Deleting "minikube" in virtualbox ...💀 Removed all traces of the "minikube" cluster.
以上就是很粗淺的....我起來了,我停掉,我砍掉了。其中比較麻煩之處應該是 Virutalbox 7 的使用,剛安裝完後要重新啟動電腦,接著運行 minikube-windows-amd64.exe start 時,看能不能順利跑起來,常見卡住的地方是 Host-Only 網路卡等等。
此外,一直切換筆電很煩,就來把 Windows 11 Desktop 安裝 OpenSSH ,讓 macOS 遠端登入:[macOS] 從 Macbook 遠端登入 Windows 筆電並使用 PowerShell 工作環境
接著就回到 macOS 遠端登入 windows minikube 的用法:
% ssh user@windows-minikube-ip
Microsoft Windows [版本 10.0.22621.2215](c) Microsoft Corporation. 著作權所有,並保留一切權利。user@WINDOWS-DESKTOP C:\Users\user>cd Downloadsuser@WINDOWS-DESKTOP C:\Users\user\Downloads>minikube-windows-amd64.exe start😄 minikube v1.31.2 on Microsoft Windows 11 Pro 10.0.22621.2215 Build 22621.2215✨ Automatically selected the virtualbox driver👍 Starting control plane node minikube in cluster minikube🔥 Creating virtualbox VM (CPUs=2, Memory=4000MB, Disk=20000MB) ...❗ This VM is having trouble accessing https://registry.k8s.io💡 To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/🐳 Preparing Kubernetes v1.27.4 on Docker 24.0.4 ...▪ Generating certificates and keys ...▪ Booting up control plane ...▪ Configuring RBAC rules ...🔗 Configuring bridge CNI (Container Networking Interface) ...▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5🔎 Verifying Kubernetes components...🌟 Enabled addons: default-storageclass, storage-provisioner💡 kubectl not found. If you need it, try: 'minikube kubectl -- get pods -A'🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by defaultuser@WINDOWS-DESKTOP C:\Users\user\Downloads>user@WINDOWS-DESKTOP C:\Users\user\Downloads>minikube-windows-amd64.exe statusminikubetype: Control Planehost: Runningkubelet: Runningapiserver: Runningkubeconfig: Configureduser@WINDOWS-DESKTOP C:\Users\user\Downloads>minikube-windows-amd64.exe kubectl -- config viewapiVersion: v1clusters:- cluster:certificate-authority: C:\Users\user\.minikube\ca.crtextensions:- extension:provider: minikube.sigs.k8s.ioversion: v1.31.2name: cluster_infoserver: https://192.168.59.101:8443name: minikubecontexts:- context:cluster: minikubeextensions:- extension:provider: minikube.sigs.k8s.ioversion: v1.31.2name: context_infonamespace: defaultuser: minikubename: minikubecurrent-context: minikubekind: Configpreferences: {}users:- name: minikubeuser:client-certificate: C:\Users\user\.minikube\profiles\minikube\client.crtclient-key: C:\Users\user\.minikube\profiles\minikube\client.keyuser@WINDOWS-DESKTOP C:\Users\user\Downloads>minikube-windows-amd64.exe kubectl -- version --output=json{"clientVersion": {"major": "1","minor": "27","gitVersion": "v1.27.4","gitCommit": "fa3d7990104d7c1f16943a67f11b154b71f6a132","gitTreeState": "clean","buildDate": "2023-07-19T12:20:54Z","goVersion": "go1.20.6","compiler": "gc","platform": "windows/amd64"},"kustomizeVersion": "v5.0.1","serverVersion": {"major": "1","minor": "27","gitVersion": "v1.27.4","gitCommit": "fa3d7990104d7c1f16943a67f11b154b71f6a132","gitTreeState": "clean","buildDate": "2023-07-19T12:14:49Z","goVersion": "go1.20.6","compiler": "gc","platform": "linux/amd64"}}user@WINDOWS-DESKTOP C:\Users\user\Downloads>ipconfigWindows IP 設定乙太網路卡 乙太網路:媒體狀態 . . . . . . . . . . . . .: 媒體已中斷連線連線特定 DNS 尾碼 . . . . . . . . :乙太網路卡 乙太網路 2:連線特定 DNS 尾碼 . . . . . . . . :IPv4 位址 . . . . . . . . . . . . : 192.168.56.1子網路遮罩 . . . . . . . . . . . .: 255.255.255.0預設閘道 . . . . . . . . . . . . .:乙太網路卡 乙太網路 3:連線特定 DNS 尾碼 . . . . . . . . :IPv4 位址 . . . . . . . . . . . . : 192.168.59.1子網路遮罩 . . . . . . . . . . . .: 255.255.255.0預設閘道 . . . . . . . . . . . . .:...
如此,若要用 macOS kubectl 去控制 Windows 11 上的 minikube ,先挑個土法煉鋼模式:
1. 把 minikube-windows-amd64.exe kubectl -- config view 存起來(可以透 ssh remote command)
% ssh user@windows-minikube-ip '%HOME%\Downloads\minikube-windows-amd64.exe kubectl -- config view' > /tmp/kubectl.config.yaml
2. 將上面列到的 certificate-authority, client-certificate 和 client-key 也都靠 scp 下載回來
% scp user@windows-minikube-ip:"/C:/Users/user/.minikube/ca.crt" /tmp/kubectl.ca.crt% scp user@windows-minikube-ip:"/C:/Users/user/.minikube/profiles/minikube/client.crt" /tmp/kubectl.client.crt% scp user@windows-minikube-ip:"/C:/Users/user/.minikube/profiles/minikube/client.key" /tmp/kubectl.client.key
3. 修改 /tmp/kubectl.config.yaml 上 certificate-authority, client-certificate 和 client-key 對應位置
% /tmp/kubectl --kubeconfig ./kubectl.config.yaml config viewapiVersion: v1clusters:- cluster:certificate-authority: kubectl.ca.crtextensions:- extension:provider: minikube.sigs.k8s.ioversion: v1.31.2name: cluster_infoserver: https://127.0.0.1:8443name: minikubecontexts:- context:cluster: minikubeextensions:- extension:provider: minikube.sigs.k8s.ioversion: v1.31.2name: context_infonamespace: defaultuser: minikubename: minikubecurrent-context: minikubekind: Configpreferences: {}users:- name: minikubeuser:client-certificate: kubectl.client.crtclient-key: kubectl.client.key
其中上述的 clusters.cluster.server 數值我已換成 https://127.0.0.1:8443 ,這是為了彈性自行靠 ssh tunnel
4. 最後,我再透過 SSH tunnel 自建一條連到 192.168.56.101:8443 (Windows 11 上的 minikube api 入口點)
% ssh -N -L 8443:192.168.59.101:8443 user@windows-minikube-ip
5. 如此,未來想從 macOS 的 kubectl 遠端連去控制 Windows 11 上的 minikube 時,就是先建立一條 SSH tunnel ,接著運行 kubectl 要指定 config 位置,就能黑皮遠端操控
% ./kubectl --kubeconfig ./kubectl.config.yaml versionClient Version: v1.28.1Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3Server Version: v1.27.4
最後一提,其實 Windows 11 Desktop 安裝完 OpenSSH server 後,已經可以自行遠端進去用 minikube-windows-amd64.exe kubectl 做事,只剩熟不熟悉 PowerShell 指令環境,所以,上述有點脫褲子放屁 XD 好處是練一輪後,未來有很多 k8s cluster 可以用 --kubeconfig 切換吧!
其他資訊:
- minikube 指令文件 - minikube.sigs.k8s.io/docs/commands/
- kubectl 相關文件 - kubernetes.io/docs/reference/access-authn-authz/authentication/
沒有留言:
張貼留言