repush

README.md

@@ -0,0 +1,32 @@
+## 云原生K8s全栈架构师实战文档
+
+## K8s技术QQ交流群：612388919
+## 作者QQ：727585266
+
+## 书籍配套视频：
+
+**提供免费更新、免费技术问答、免费岗位推荐、受益终身【平均月薪25K】**
+
+	腾讯：
+	    K8s全栈架构师：https://ke.qq.com/course/2738602
+	    K8s管理员认证CKA：https://ke.qq.com/course/3382340?tuin=2b5e11f2
+	    K8s安全专家CKS：https://ke.qq.com/course/4161957?tuin=2b5e11f2
+	    CKA+架构师：https://ke.qq.com/course/package/38982?tuin=2b5e11f2
+	    超级套购：https://ke.qq.com/course/package/41755?tuin=2b5e11f2
+	51CTO：
+	    全栈架构师：https://edu.51cto.com/course/23845.html
+	    K8s管理员认证CKA：https://edu.51cto.com/course/27103.html
+	    K8s安全专家CKS：https://edu.51cto.com/course/29792.html 
+	    CKA+架构师：https://edu.51cto.com/topic/4973.html
+	    超级套购：https://edu.51cto.com/topic/5174.html
+
+
+# 勘误
+### 非常抱歉给大家带来的不便，书中的错误更正如下：
+1. 182页 9.3.2小节 第一个`kubectl run`命令改为`kubectl create deployment nginx-server`，错误原因：由于版本问题，`kubectl run`变为了创建Pod，创建Deployment需要用`kubectl create deployment`。
+2. 77页
+````
+successThreshold: 1 # 表示检查成功1次表示就绪
+failureThreshold: 2 # 检测失败2次表示未就绪
+````
+3. 71页 Node节点描述的Docker Engine: 负责对容器的管理，写成了负载对容器的管理

docs/chap01/1.4.md

@@ -0,0 +1,186 @@
+**vim /etc/haproxy/haproxy.cfg**
+
+````bash
+global
+  maxconn  2000
+  ulimit-n  16384
+  log  127.0.0.1 local0 err
+  stats timeout 30s
+
+defaults
+  log global
+  mode  http
+  option  httplog
+  timeout connect 5000
+  timeout client  50000
+  timeout server  50000
+  timeout http-request 15s
+  timeout http-keep-alive 15s
+
+frontend monitor-in
+  bind *:33305
+  mode http
+  option httplog
+  monitor-uri /monitor
+
+frontend k8s-master
+  bind 0.0.0.0:16443 # 监听的端口
+  bind 127.0.0.1:16443
+  mode tcp
+  option tcplog
+  tcp-request inspect-delay 5s
+  default_backend k8s-master
+
+backend k8s-master
+  mode tcp
+  option tcplog
+  option tcp-check
+  balance roundrobin
+  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
+  server k8s-master01	192.168.236.201:6443  check # 配置后端服务器地址
+  server k8s-master02	192.168.236.202:6443  check
+  server k8s-master03	192.168.236.203:6443  check
+````
+
+**Master01：**
+
+**vim /etc/keepalived/keepalived.conf** 
+
+````bash
+! Configuration File for keepalived
+global_defs {
+    router_id LVS_DEVEL
+script_user root
+    enable_script_security
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/check_apiserver.sh"
+    interval 5
+    weight -5
+    fall 2  
+rise 1
+}
+vrrp_instance VI_1 {
+    state MASTER
+    interface ens33 # 本机网卡名称
+    mcast_src_ip 192.168.236.201 # 本机IP地址
+    virtual_router_id 51
+    priority 101
+    advert_int 2
+    authentication {
+        auth_type PASS
+        auth_pass K8SHA_KA_AUTH
+    }
+    virtual_ipaddress {
+        192.168.236.236 # VIP地址，需要是宿主机同网段且不存在的IP地址
+    }
+    track_script {
+       chk_apiserver
+    }
+}
+````
+
+**Master02：**
+
+**vim /etc/keepalived/keepalived.conf** 
+
+````
+! Configuration File for keepalived
+global_defs {
+    router_id LVS_DEVEL
+script_user root
+    enable_script_security
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/check_apiserver.sh"
+   interval 5
+    weight -5
+    fall 2  
+rise 1
+}
+vrrp_instance VI_1 {
+    state BACKUP
+    interface ens33
+    mcast_src_ip 192.168.236.202
+    virtual_router_id 51
+    priority 100
+    advert_int 2
+    authentication {
+        auth_type PASS
+        auth_pass K8SHA_KA_AUTH
+    }
+    virtual_ipaddress {
+        192.168.236.236
+    }
+    track_script {
+       chk_apiserver
+    }
+}
+````
+
+**Master03：**
+
+**vim /etc/keepalived/keepalived.conf** 
+
+````
+! Configuration File for keepalived
+global_defs {
+    router_id LVS_DEVEL
+script_user root
+    enable_script_security
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/check_apiserver.sh"
+ interval 5
+    weight -5
+    fall 2  
+rise 1
+}
+vrrp_instance VI_1 {
+    state BACKUP
+    interface ens33
+    mcast_src_ip 192.168.236.203
+    virtual_router_id 51
+    priority 100
+    advert_int 2
+    authentication {
+        auth_type PASS
+        auth_pass K8SHA_KA_AUTH
+    }
+    virtual_ipaddress {
+        192.168.236.236
+    }
+    track_script {
+       chk_apiserver
+    }
+}
+````
+
+ **check_apiserver.sh**  
+
+````
+#!/bin/bash
+
+err=0
+for k in $(seq 1 3)
+do
+    check_code=$(pgrep haproxy)
+    if [[ $check_code == "" ]]; then
+        err=$(expr $err + 1)
+        sleep 1
+        continue
+    else
+        err=0
+        break
+    fi
+done
+
+if [[ $err != "0" ]]; then
+    echo "systemctl stop keepalived"
+    /usr/bin/systemctl stop keepalived
+    exit 1
+else
+    exit 0
+fi
+````
+

docs/chap01/1.5.md

@@ -0,0 +1,48 @@
+**vim kubeadm-config.yaml**  
+
+````
+apiVersion: kubeadm.k8s.io/v1beta3
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: 7t2weq.bjbawausm0jaxury
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: 192.168.236.201
+  bindPort: 6443
+nodeRegistration:
+  # criSocket: /var/run/dockershim.sock  # 如果是Docker作为Runtime配置此项
+  criSocket: /run/containerd/containerd.sock # 如果是Containerd作为Runtime配置此项
+  name: k8s-master01
+  taints:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+---
+apiServer:
+  certSANs:
+  - 192.168.236.236
+  timeoutForControlPlane: 4m0s
+apiVersion: kubeadm.k8s.io/v1beta2
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controlPlaneEndpoint: 192.168.236.236:16443
+controllerManager: {}
+dns:
+  type: CoreDNS
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
+kind: ClusterConfiguration
+kubernetesVersion: v1.22.0 # 更改此处的版本号和kubeadm version一致
+networking:
+  dnsDomain: cluster.local
+  podSubnet: 172.16.0.0/12
+  serviceSubnet: 192.168.0.0/16
+scheduler: {}
+````
+

docs/chap02/2.6.md

@@ -0,0 +1,73 @@
+**vim /etc/etcd/etcd.config.yml**  
+
+**自行更改相关配置**
+
+````
+name: 'k8s-master01'
+data-dir: /var/lib/etcd
+wal-dir: /var/lib/etcd/wal
+snapshot-count: 5000
+heartbeat-interval: 100
+election-timeout: 1000
+quota-backend-bytes: 0
+listen-peer-urls: 'https://192.168.236.201:2380'
+listen-client-urls: 'https://192.168.236.201:2379,http://127.0.0.1:2379'
+max-snapshots: 3
+max-wals: 5
+cors:
+initial-advertise-peer-urls: 'https://192.168.236.201:2380'
+advertise-client-urls: 'https://192.168.236.201:2379'
+discovery:
+discovery-fallback: 'proxy'
+discovery-proxy:
+discovery-srv:
+initial-cluster: 'k8s-master01=https://192.168.236.201:2380,k8s-master02=https://192.168.236.202:2380,k8s-master03=https://192.168.236.203:2380'
+initial-cluster-token: 'etcd-k8s-cluster'
+initial-cluster-state: 'new'
+strict-reconfig-check: false
+enable-v2: true
+enable-pprof: true
+proxy: 'off'
+proxy-failure-wait: 5000
+proxy-refresh-interval: 30000
+proxy-dial-timeout: 1000
+proxy-write-timeout: 5000
+proxy-read-timeout: 0
+client-transport-security:
+  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
+  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
+  client-cert-auth: true
+  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
+  auto-tls: true
+peer-transport-security:
+  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
+  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
+  peer-client-cert-auth: true
+  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
+  auto-tls: true
+debug: false
+log-package-levels:
+log-outputs: [default]
+force-new-cluster: false
+````
+
+**vim /usr/lib/systemd/system/etcd.service**
+
+````
+[Unit]
+Description=Etcd Service
+Documentation=https://coreos.com/etcd/docs/latest/
+After=network.target
+
+[Service]
+Type=notify
+ExecStart=/usr/local/bin/etcd --config-file=/etc/etcd/etcd.config.yml
+Restart=on-failure
+RestartSec=10
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+Alias=etcd3.service
+````
+