deployment 部署和调度的工具(组件)
[root@k8s2 docker]
deployment.apps/kubernets-bootcamp created
查看
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
kubernets-bootcamp 0/1 1 0 114s
[root@k8s2 docker]
给点时间去拉取镜像起容器
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
kubernets-bootcamp 0/1 1 0 114s
[root@k8s2 docker]
deployment.apps/k8s-nginx created
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-nginx 0/1 1 0 24s
kubernets-bootcamp 0/1 1 0 3m51s
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-nginx 1/1 1 1 50s
kubernets-bootcamp 0/1 1 0 4m17s
[root@k8s2 docker]
deployment.apps/k8s-redis created
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-nginx 1/1 1 1 87s
k8s-redis 0/1 1 0 3s
kubernets-bootcamp 0/1 1 0 4m54s
[root@k8s2 docker]
[root@k8s2 docker]
NAME READY STATUS RESTARTS AGE
k8s-nginx-6ff5777d4b-vsgdf 1/1 Running 0 2m37s
k8s-redis-8488dc6f89-z9cgx 1/1 Running 0 73s
kubernets-bootcamp-6658b5b79b-cdq9m 0/1 ImagePullBackOff 0 6m4s
删除deployment
[root@k8s2 docker]
deployment.extensions "k8s-nginx" delete
一次起三个deployment
[root@k8s2 docker]
deployment.apps/k8s-nginx created
[root@k8s2 docker]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-nginx 1/3 3 1 8s
k8s-redis 1/1 1 1 5m39s
kubernets-bootcamp 0/1 1 0 10m
[root@k8s2 docker]
5.16
shell里的export ,将变量输出为一个全局变量,在子shell里可以用
[root@localhost ~]
[root@localhost ~]
sg
[root@localhost ~]
[root@localhost ~]
sg
[root@localhost ~]
[root@localhost ~]
exit
[root@localhost ~]
yy
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
yy
[root@localhost ~]
查看日志
[root@localhost ~]
NAME READY STATUS RESTARTS AGE
k8s-nginx-6ff5777d4b-99bnj 1/1 Running 1 24h
k8s-nginx-6ff5777d4b-hsqzs 1/1 Running 1 24h
k8s-nginx-6ff5777d4b-swl2r 1/1 Running 1 24h
k8s-redis-8488dc6f89-z9cgx 1/1 Running 1 24h
kubernets-bootcamp-6658b5b79b-cdq9m 0/1 ErrImagePull 0 24h
[root@localhost ~]
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
[root@localhost ~]
服务暴露
1.将pod暴露给外部通信
2.跨多个pod的负载均衡
3.虽然每个pod都有一个唯一的IP地址,但如果没有service,这些ip不会暴露在集群外部。service允许你的应用程序接收流量。service也可以用在ServiceSpec标记type的方式暴露
1.cluster(默认)-在集群的内部IP上公开service.这种类型使得service只能从集群内访问。
2.nodeport 使用nat在集群中每个每个选定node的相同端口上公开service。使用:从集群外部访问service,是cluster的超集
3.Load Balancer 在当前云中创建一个外部负载均衡器(如果支持的话),并为service分配一个固定IP.是NodePort的超集
4.ExternalName 通过返回带有该名称的CNAME记录,使用任意名称(由spec中的externalname指定)公开service。不使用代理。这种类型需要kube-dns的v1.7或更高版本。
别名记录:
nslookup:通过dns域名解析
yum install bind-utils -y
[root@localhost ~]
Server: 114.114.114.114
Address: 114.114.114.114
Non-authoritative answer:
www.taobao.com canonical name = www.taobao.com.danuoyi.tbcache.com.
Name: www.taobao.com.danuoyi.tbcache.com
Address: 113.96.109.100
Name: www.taobao.com.danuoyi.tbcache.com
Address: 113.96.109.101
Name: www.taobao.com.danuoyi.tbcache.com
Address: 240e:d9:a003:1400:3::3f9
Name: www.taobao.com.danuoyi.tbcache.com
Address: 240e:d9:a003:1400:3::3fa
2021.5.17
暴露服务流程
1.创建pod
[root@localhost ~]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d6h
2.创建服务类型为cluster(!!!!踩坑开始)
[root@localhost ~]
service/sc-k8s-nginx exposed
[root@localhost ~]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d6h
sc-k8s-nginx NodePort 10.101.216.124 <none> 8080:31463/TCP 11s
[root@localhost ~]
查看服务详细信息
[root@localhost ~]
Name: sc-k8s-nginx
Namespace: default
Labels: app=sc-k8s-nginx
Annotations: <none>
Selector: app=sc-k8s-nginx
Type: NodePort
IP Families: <none>
IP: 10.101.216.124
IPs: <none>
Port: <unset> 8080/TCP
TargetPort: 8080/TCP
NodePort: <unset> 31463/TCP
Endpoints: 172.17.0.3:8080,172.17.0.7:8080,172.17.0.8:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
访问192.168.2.120:8080 失败(k8s nodeport访问不了)
原因:
起容器的时候映射有问题,容器打开的端口不是8080,镜像里面的dockerflie里面的端口是80,必须保持一致
[root@localhost ~]
填坑开始:
1.删除服务,重新起容器不设置端口,使用默认的端口
删除:
[root@localhost ~]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-redis 1/1 1 1 2d6h
kubernets-bootcamp 0/1 1 0 2d6h
sc-k8s-nginx 3/3 3 3 28m
[root@localhost ~]
deployment.extensions "sc-k8s-nginx" deleted
[root@localhost ~]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-redis 1/1 1 1 2d6h
kubernets-bootcamp 0/1 1 0 2d6h
新启:
[root@localhost ~]
deployment.apps/sc-k8s-nginx created
[root@localhost ~]
NAME READY UP-TO-DATE AVAILABLE AGE
k8s-redis 1/1 1 1 2d6h
kubernets-bootcamp 0/1 1 0 2d6h
sc-k8s-nginx 3/3 3 3 13s
暴露服务:
先删除之前错的
[root@localhost ~]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d6h
sc-k8s-nginx NodePort 10.101.216.124 <none> 8080:31463/TCP 30m
[root@localhost ~]
service "sc-k8s-nginx" deleted
[root@localhost ~]
service/sc-k8s-nginx exposed
[root@localhost ~]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d6h
sc-k8s-nginx NodePort 10.106.254.29 <none> 80:30774/TCP 9s
[root@localhost ~]
[root@localhost ~]
Name: sc-k8s-nginx
Namespace: default
Labels: app=sc-k8s-nginx
Annotations: <none>
Selector: app=sc-k8s-nginx
Type: NodePort
IP Families: <none>
IP: 10.106.254.29
IPs: <none>
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30774/TCP
Endpoints: 172.17.0.3:80,172.17.0.7:80,172.17.0.8:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
本机上curl访问成功,但网页上仍然访问不了:
[root@localhost ~]
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]
2.继续排错:
iptables forward链默认是drop,修改成accept
[root@localhost ~]
Chain INPUT (policy ACCEPT)
target prot opt source destination
KUBE-FIREWALL all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KUBE-FIREWALL all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
[root@localhost ~]
[root@localhost ~]
[root@localhost ~]
-bash: iptable: 未找到命令
[root@localhost ~]
Chain INPUT (policy ACCEPT)
target prot opt source destination
KUBE-FIREWALL all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KUBE-FIREWALL all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
[root@localhost ~]
[root@localhost ~]
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
329K 55M KUBE-FIREWALL all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
102 7304 DOCKER-USER all -- any any anywhere anywhere
102 7304 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
12 1462 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
47 2444 DOCKER all -- any docker0 anywhere anywhere
43 3398 ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
328K 59M KUBE-FIREWALL all -- any any anywhere anywhere
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
43 3398 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
102 7304 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
102 7304 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
43 3398 RETURN all -- any any anywhere anywhere
Chain KUBE-FIREWALL (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
[root@localhost ~]
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)