kubeadm安装多master节点的k8s集群(1)
作者:互联网
一、环境准备
k8s集群角色 | IP | 主机名 | 安装的相关组件 |
控制节点 | 192.168.1.10 | master | apiserver、controller-manager、scheduler、kubelet、etcd、docker、kube-proxy、keepalived、nginx、calico |
控制节点 | 192.168.1.11 | pod1 | apiserver、controller-manager、scheduler、kubelet、etcd、docker、kube-proxy、keepalived、nginx、calico |
工作节点 | 192.168.1.12 | pod2 | kubelet、kube-porxy、docker、calico、coredns |
VIP | 192.168.1.20 |
# 准备命令 # 1.修改主机名,配置静态IP hostnamectl set-hostname master && bash # 2.配置主机hosts vi /etc/hosts 192.168.1.10 master 192.168.1.11 pod1 192.168.1.12 pod2 # 3.配置主机之间ssh信任 ssh-kegen -t rsa ssh-copy-id master # 4.关闭交换分区 swaoff -a # 临时关闭 永久关闭为注销/etc/fstab中swap一行 # 5.修改机器内核参数 modprobe br_netfilter echo "modprobe br_netfilter" >> /etc/profile cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl -p /etc/sysctl.d/k8s.conf # 6. 关闭防火墙 systemctl stop firewalld ; systemctl disable firewalld # 7.关闭selinux,修改 x selinux 配置文件之后,重启 sed - - i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 8.配置阿里云yum源 wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo yum makecache fast # 9.配置kubernets源 [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 # 10.时间同步并定时同步 yum install ntpdate -y ntpdate time1.aliyun.com * */1 * * * /usr/sbin/ntpdate time1.aliyun.com systemctl restart crond # 11.开启ipvs支持(组件kube-proxy用到) #!/bin/bash ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack" for kernel_module in ${ipvs_modules}; do /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1 if [ 0 -eq 0 ]; then /sbin/modprobe ${kernel_module} fi done [root@master ~]#chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs ip_vs_ftp 13079 0 nf_nat 26583 1 ip_vs_ftp ip_vs_sed 12519 0 ip_vs_nq 12516 0 ip_vs_sh 12688 0 ip_vs_dh 12688 0 # ipvs (IP Virtual Server) 实现了传输层负载均衡,也就是我们常说的 4层LAN交换,作为 Linux内核的一部分。ipvs运行在主机上,在真实服务器集群前充当负载均衡器。ipvs 可以将基于TCP 和 和 UDP的服务请求转发到真实服务器上,并使真实服务器的服务在单个 IP 地址上显示为虚拟服务
二、基础软件包安装
yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server
socat conntrack ntpdate telnet ipvsadm iptables-services
# 停止iptables服务并禁止开机启动
service iptables stop && systemctl disable iptables
# 清空规则
iptables -F
- docker服务安装
# 1.安装docker-ce,是否指定版本自定义 yum install docker-ce-20.10.17 docker-ce-cli-20.10.17 containerd.io -y # 2.启动并设置为开机启动 systemctl start docker && systemctl enable docker && systemctl status docker # 3.配置镜像加速器 mkdir /etc/docker vi /etc/docker/daemon.json
{
"registry-mirrors":["https://pft7f97f.mirror.aliyuncs.com", "https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
#exec-opts 修改驱动
修改docker文件驱动为systemd ,默认为 cgroupfs ,kubelet默认使用 systemd ,两者必须一致才可以.
systemctl daemon-reload && systemctl restart docker && systemctl status docker
- K8S初始化所需软件包
# 安装软件包(一般不按装最新的) yum install -y kubelet-1.20.7 kubeadm-1.20.7 kubectl-1.20.7 systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet 注: Kubeadm : kubeadm 是一个工具,用来初始化 k ks 8s 集群的 kubelet : 安装在集群所有节点上,用于启动Pod的 kubectl: : 通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件 # 目前kubectl是起不来的,等初始化后就会自动启动 Active: activating (auto-restart) (Result: exit-code)
- 通过keepalive+nginx实现k8s apiserver高可用
# 1.在master和pod1上安装nginx yum install nginx keepalived -y # 2.修改配置文件 user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } stream { log_format main '$remote_addr $upstream_addr-[$time_local] $status $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; upstream k8s-apiserver { server 192.168.1.10:6443; # Master1 APISERVER IP:PORT server 192.168.1.11:6443; # Master2 APISERVER IP:PORT } server { listen 16443; proxy_pass k8s-apiserver; } } http { log_format main '$remote_addr - - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types default_type application/octet-stream; server { listen 80 default_server; server_name _; location / { } } }
# yum安装的nginx检测会报错unknown directive "stream",没有stream模块
解决方法:yum install nginx-mod-stream -y
源码编译安装,添加参数:--with-stream
# keepalived.conf配置 # master: global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface ens33 # 实际网卡名称 virtual_router_id 51 # vrrp路由ID实例,每个实例唯一 priority 100 # 优先级,备服务器设置为90 advert_int 1 # 指定vrrp心跳包通告间隔时间,默认1s authentication { auth_type PASS auth_pass 1111 } # 虚拟IP(VIP) virtual_ipaddress { 192.168.1.20/24 } track_script { check_nginx } } # vrrp_script :指定检查nginx工作状态脚本(根据nginx 状态判断是否故障转移) # pod1的keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_BACKUP } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.20/24 } track_script { check_nginx } } # /etc/keepalived/check_nginx.sh检查nginx脚本编写 #!/bin/bash count=$(ps -ef | grep nginx | grep sbin | egrep -cv "grep|$$") if [ "$count" -eq 0 ];then systemctl stop keepalived fi chmod +x /etc/keepalived/check_nginx.sh # 注:keepalived 根据脚本返回状态码(0为工作正常,非 0 不正常)判断是否故障转移keepalived配置
# 启动程序
systemctl daemon-reload
systemctl start nginx && systemctl enable nginx && systemctl status nginx
systemctl start keepalived && systemctl enable keepalived && systemctl status keepalived
# master上可以看到2个IP,pod1上只能看到1个
# ip addr
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:09:d2:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.20/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::7088:c179:979e:a672/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试:停止master的nginx就会发现192.168.1.20这个IP漂移到pod1服务器上,重启master的nginx和keepalived后,IP还会漂移回master
三、Kubeadm初始化k8s集群
主节点:
# 在master上创建kubeadm-config.yaml # 使用准备好的镜像 apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.20.6 controlPlaneEndpoint: 192.168.1.20:16443 imageRepository: registry.aliyuncs.com imageRepository: registry.aliyuncs.com/google_containers apiServer: certSANs: - 192.168.1.10 - 192.168.1.11 - 192.168.1.12 - 192.168.1.20 networking: podSubnet: 10.244.0.0/16 serviceSubnet: 10.10.0.0/16 --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs """ 注: --image-repository registry.aliyuncs.com/google_containers : 手动指定仓库地址为 registry.aliyuncs.com/google_containers kubeadm 默认从k8s.grc.io 拉取镜像,但是k8s.grc.io访问不到,所以需要指定从registry.aliyuncs.com/google_containers 仓库拉取镜像 。 """ # kubeadm需要准备的镜像,可以提前准备然后倒入,这次用的别人准备好的 # master和pod1上导入准备好的镜像 导入:docker load -i k8simage-1-20-6.tar.gz [root@master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.20.6 9a1ebfd8124d 14 months ago 118MB registry.aliyuncs.com/google_containers/kube-scheduler v1.20.6 b93ab2ec4475 14 months ago 47.3MB registry.aliyuncs.com/google_containers/kube-apiserver v1.20.6 b05d611c1af9 14 months ago 122MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.20.6 560dd11d4550 14 months ago 116MB calico/pod2daemon-flexvol v3.18.0 2a22066e9588 16 months ago 21.7MB calico/node v3.18.0 5a7c4970fbc2 16 months ago 172MB calico/cni v3.18.0 727de170e4ce 16 months ago 131MB calico/kube-controllers v3.18.0 9a154323fbf7 16 months ago 53.4MB registry.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ff 22 months ago 253MB registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 2 years ago 45.2MB registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 2 years ago 683kB
calico组件
https://projectcalico.docs.tigera.io/calico-enterprise/
# 初始化
kubeadm init --config kubeadm-config.yaml -- ignore-preflighterrors=SystemVerification # 执行结果: Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: # pod1需要,从k8s加入 kubeadm join 192.168.1.20:16443 --token dmk0g4.1l9kz4el5ewkhy57 \ --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 \ --control-plane Then you can join any number of worker nodes by running the following on each as root: # k8s节点加入命令 kubeadm join 192.168.1.20:16443 --token dmk0g4.1l9kz4el5ewkhy57 \ --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 11h v1.20.7 此时集群状态还是NotReady 状态,因为没有安装网络 插件
四、扩容k8s集群-添加master节点
从节点:
# pod1: # 1.创建证书目录 mkdir -p /etc/kubernetes/pki/etcd && mkdir -p ~/.kube/ # 2.将master节点的证书拷贝到pod1对应目录里 [root@master pki]# cd /etc/kubernetes/pki/ [root@master pki]# scp ca.crt sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key ca.key root@pod1:/etc/kubernetes/pki/ [root@master etcd]# cd /etc/kubernetes/pki/etcd/ [root@master etcd]# scp ca.crt ca.key root@pod1:/etc/kubernetes/pki/etcd/ # 3.在master主节点上查看生成token [root@master ~]# kubeadm token create --print-join-command kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2 --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 # 4.pod1节点执行加入master kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2 --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 --control-plane
成功结果:Run 'kubectl get nodes' to see this node join the cluster. [root@pod1 ~]# mkdir -p $HOME/.kube [root@pod1 ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@pod1 ~]# chown $(id -u):$(id -g) $HOME/.kube/config [root@pod1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 11h v1.20.7 pod1 NotReady control-plane,master 43s v1.20.7 [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 12h v1.20.7 pod1 NotReady control-plane,master 2m33s v1.20.7
五、添加node节点进入集群
# pod2节点需要 [root@pod2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.20.7 ff54c88b8ecf 14 months ago 118MB registry.aliyuncs.com/google_containers/kube-apiserver v1.20.7 034671b24f0f 14 months ago 122MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.20.7 22d1a2072ec7 14 months ago 116MB registry.aliyuncs.com/google_containers/kube-scheduler v1.20.7 38f903b54010 14 months ago 47.3MB calico/pod2daemon-flexvol v3.18.0 2a22066e9588 16 months ago 21.7MB calico/node v3.18.0 5a7c4970fbc2 16 months ago 172MB calico/cni v3.18.0 727de170e4ce 16 months ago 131MB calico/kube-controllers v3.18.0 9a154323fbf7 16 months ago 53.4MB registry.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ff 22 months ago 253MB registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 2 years ago 45.2MB registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 2 years ago 683kB # 将节点加入集群 kubeadm join 192.168.1.20:16443 --token lrbume.ymtfk5o4tvcd6cg2 --discovery-token-ca-cert-hash sha256:6e220a97f3d79d0b53b5ac18979dcfacdfb5da5ce0629017b745a8a4df162d27 执行成功: Run 'kubectl get nodes' on the control-plane to see this node join the cluster. # master上查看 [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 12h v1.20.7 pod1 NotReady control-plane,master 10m v1.20.7 pod2 NotReady <none> 47s v1.20.7 # 1.20版本ROLES节点显示都是<none>,有需要可以修改为work [root@master ~]# kubectl label node pod2 node-role.kubernets.io/worker=worker
# 查看插件情况
# 名称空间 [root@master ~]# kubectl get pods No resources found in default namespace. # coredns都是Pending状态,因为没装网络插件,-o wide可以查看到服务安装在那个节点上 [root@master ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES coredns-7f89b7bc75-bflk2 0/1 Pending 0 12h <none> <none> <none> <none> coredns-7f89b7bc75-z4k77 0/1 Pending 0 12h <none> <none> <none> <none> etcd-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> etcd-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-apiserver-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-apiserver-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-controller-manager-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-controller-manager-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-proxy-8mt7s 1/1 Running 0 14m 192.168.1.12 pod2 <none> <none> kube-proxy-bqt8c 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none> kube-proxy-vwb7g 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-scheduler-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-scheduler-pod1 1/1 Running 0 24m 192.168.1.11 pod1 <none> <none>
六、网络插件安装---Calico
# 1.注:在线下载配置文件地址是: https://docs.projectcalico.org/manifests/calico.yaml # calico组件功能:功能多,性能好,可以做网络策略 # 2.安装 wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate [root@master ~]# kubectl apply -f calico.yaml 报错:calico版本不匹配 error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1" 解决方法:更换calico.yml # 3.查看 # 安装完成后可以发现coredns已经改变状态 [root@master ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES calico-kube-controllers-6949477b58-c8vzf 1/1 Running 0 2m43s 10.244.219.65 master <none> <none> calico-node-2wqck 1/1 Running 0 2m43s 192.168.1.12 pod2 <none> <none> calico-node-9898g 1/1 Running 0 2m43s 192.168.1.10 master <none> <none> calico-node-jstb4 1/1 Running 0 2m43s 192.168.1.11 pod1 <none> <none> coredns-7f89b7bc75-bflk2 1/1 Running 0 12h 10.244.219.67 master <none> <none> coredns-7f89b7bc75-z4k77 1/1 Running 0 12h 10.244.219.66 master <none> <none> etcd-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> etcd-pod1 1/1 Running 0 48m 192.168.1.11 pod1 <none> <none> kube-apiserver-master 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-apiserver-pod1 1/1 Running 0 48m 192.168.1.11 pod1 <none> <none> kube-controller-manager-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-controller-manager-pod1 1/1 Running 0 48m 192.168.1.11 pod1 <none> <none> kube-proxy-8mt7s 1/1 Running 0 38m 192.168.1.12 pod2 <none> <none> kube-proxy-bqt8c 1/1 Running 0 48m 192.168.1.11 pod1 <none> <none> kube-proxy-vwb7g 1/1 Running 1 12h 192.168.1.10 master <none> <none> kube-scheduler-master 1/1 Running 2 12h 192.168.1.10 master <none> <none> kube-scheduler-pod1 1/1 Running 0 48m 192.168.1.11 pod1 <none> <none> # 状态从NotReady变为Ready [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 12h v1.20.7 pod1 Ready control-plane,master 49m v1.20.7 pod2 Ready <none> 39m v1.20.7
测试k8s创建pod是否可以正常联网:
# master上下载一个镜像镜像测试网络 docker search busybox docker pull busybox [root@master ~]# kubectl run busybox --image busybox:latest --restart=Never --rm -it busybox -- sh If you don't see a command prompt, try pressing enter. / # ping baidu.com PING baidu.com (220.181.38.148): 56 data bytes 64 bytes from 220.181.38.148: seq=0 ttl=127 time=29.778 ms # 通过上面可以看到能访问网络 ,说明calico 网络插件已经被正常安装了 [root@master ~]# kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -sh # 报错: Unable to connect to the server: dial tcp: lookup h on 114.114.114.114:53: no such host 原因:-sh改成 -- sh ;--和sh之间有空格 [root@pod1 ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES busybox 1/1 Running 0 2m59s 10.244.145.193 pod2 <none> <none>
测试k8s集群中部署tomcat服务
# 在pod2上加载镜像tomcat [root@pod2 ~]# docker load -i tomcat.tar.gz # 在master上执行 [root@master ~]# cat tomcat.yaml apiVersion: v1 #pod属于k8s核心组v1 kind: Pod #创建的是一个Pod资源 metadata: #元数据 name: demo-pod #pod名字 namespace: default #pod所属的名称空间 labels: app: myapp #pod具有的标签 env: dev #pod具有的标签 spec: containers: #定义一个容器,容器是对象列表,下面可以有多个name - name: tomcat-pod-java #容器的名字 ports: - containerPort: 8080 image: tomcat:8.5-jre8-alpine #容器使用的镜像 imagePullPolicy: IfNotPresent [root@master ~]# kubectl apply -f tomcat.yaml [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES demo-pod 1/1 Running 0 51s 10.244.145.194 pod2 <none> <none> [root@master ~]# curl -I 10.244.145.194:8080 HTTP/1.1 200 Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 07 Jul 2022 04:47:25 GMT # 10.244.145.194 只能在k8s集群中访问,外网不能访问,如果需要访问要做服务 [root@master ~]# cat tomcat-service.yaml apiVersion: v1 kind: Service metadata: name: tomcat spec: type: NodePort ports: - port: 8080 nodePort: 30080 #物理机端口30080映射到容器中8080 selector: app: myapp env: dev [root@master ~]# kubectl apply -f tomcat-service.yaml service/tomcat created [root@master ~]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.10.0.1 <none> 443/TCP 13h tomcat NodePort 10.10.13.139 <none> 8080:30080/TCP 9s # 再次测试 [root@master ~]# curl -I 192.168.1.10:30080 HTTP/1.1 200 Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Thu, 07 Jul 2022 04:56:04 GMT
浏览器访问
http://192.168.1.10:30080
七、测试coredns是否正常,是否能解析域名
# 查看coredns的IP [root@master ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.10.0.10 <none> 53/UDP,53/TCP,9153/TCP 13h [root@master ~]# kubectl run busybox --image busybox:latest --restart=Never --rm -it busybox -- sh If you don't see a command prompt, try pressing enter. / # nslookup kubernetes.default.svc.cluster.local Server: 10.10.0.10 Address: 10.10.0.10:53 Name: kubernetes.default.svc.cluster.local Address: 10.10.0.1 *** Can't find kubernetes.default.svc.cluster.local: No answer / # nslookup tomcat.default.svc.cluster.local Server: 10.10.0.10 Address: 10.10.0.10:53 Name: tomcat.default.svc.cluster.local Address: 10.10.13.139 # 10.10.0.10就是coredns的ip,10.10.13.139就是tomcat的IP了,说明coreDNS已经配置好了 解析内部Service的名称,是通过coreDNS去解析
标签:kube,--,192.168,master,kubeadm,k8s,root,pod1 来源: https://www.cnblogs.com/yangmeichong/p/16452316.html