一、系統初始化操作
1、關閉防火牆
systemctl stop firewalld
2、關閉selinux
setenforce 0
3、關閉swapoff
swapoff -a 臨時關閉
4、將橋接的IPV4流量傳遞到iptables 的鏈
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system
二、安裝docker
1、配置yum源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
2、安裝
yum -y install docker-ce-18.06.1.ce-3.el7
3、配置鏡像加速
tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://jnboye7q.mirror.aliyuncs.com"] } EOF
執行docker info查看相關信息
Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e runc version: 69663f0bd4b60df09991c08812a60108003fa340 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-862.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 974.6MiB Name: localhost.localdomain ID: SETU:T4SY:VUJC:PAX6:H7QV:PQNE:IABP:OIWM:MRPK:ZOII:T6M6:CISI Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://jnboye7q.mirror.aliyuncs.com/ Live Restore Enabled: false
4、啟動
systemctl enable docker
systemctl start docker
二、部署
1、配置k8s yum源
cat >/etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
2、安裝kubeadm,kubelet和kubectl
直接指定版本安裝
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
3、初始化初始化kubeadm
kubeadm init \ --apiserver-advertise-address=192.168.149.144 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.18.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
—apiserver-advertise-address 集群通告地址 —image-repository 由於默認拉取鏡像地址k8s.gcr.io國內無法訪問,這里指定阿里雲鏡像倉庫地址。 —kubernetes-version K8s版本,與上面安裝的一致 —service-cidr 集群內部虛擬網絡,Pod統一訪問入口 —pod-network-cidr Pod網絡,與下面部署的CNI網絡組件yaml中保持一致
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster To see the stack trace of this error execute with --v=5 or higher 執行中可能會有報錯可以通過--v=5看詳細錯誤信息或者通過kubeadm reset重置
kubeadm init --apiserver-advertise-address=192.168.149.144 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 W0818 23:02:36.529316 74075 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] [init] Using Kubernetes version: v1.18.0 [preflight] Running pre-flight checks [WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service' [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [localhost.localdomain kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.149.144] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [localhost.localdomain localhost] and IPs [192.168.149.144 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [localhost.localdomain localhost] and IPs [192.168.149.144 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" W0818 23:02:42.488046 74075 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC" [control-plane] Creating static Pod manifest for "kube-scheduler" W0818 23:02:42.490800 74075 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 23.003466 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see --upload-certs [mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the label "node-role.kubernetes.io/master=''" [mark-control-plane] Marking the node localhost.localdomain as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: t1mede.eggih8e8e9zitj2g [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.149.144:6443 --token t1mede.eggih8e8e9zitj2g \ --discovery-token-ca-cert-hash sha256:7da58fded822e1a8710827024979ba3afb7287e781c16728cff0569ba34ada95
記錄下node加入集群的命令 kubeadm join 192.168.149.144:6443 --token t1mede.eggih8e8e9zitj2g \ --discovery-token-ca-cert-hash sha256:7da58fded822e1a8710827024979ba3afb7287e781c16728cff0569ba34ada95
拷貝kubectl使用的連接k8s認證文件到默認路徑 根據init時的提示執行如下指令 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
然后可以直接使用kubectl命令了
查看鏡像 docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.18.0 43940c34f24f 4 months ago 117MB registry.aliyuncs.com/google_containers/kube-apiserver v1.18.0 74060cea7f70 4 months ago 173MB registry.aliyuncs.com/google_containers/kube-scheduler v1.18.0 a31f78c7c8ce 4 months ago 95.3MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.18.0 d3e55153f52f 4 months ago 162MB registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 6 months ago 683kB registry.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 6 months ago 43.8MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 9 months ago 288MB
執行kubectl get nodes查看狀態 此時為 NotReady [root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION localhost.localdomain NotReady master 33m v1.18.0 后續需要部署容器網絡
按照提示, 需要初始化虛擬網絡 下載https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 修改為國內鏡像 sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.11.0-amd64#g" kube-flannel.yml kubectl apply -f kube-flannel.yml 執行過程 podsecuritypolicy.policy/psp.flannel.unprivileged created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds-amd64 created daemonset.apps/kube-flannel-ds-arm64 created daemonset.apps/kube-flannel-ds-arm created daemonset.apps/kube-flannel-ds-ppc64le created daemonset.apps/kube-flannel-ds-s390x created
執行kubectl get pods -n kube-system查看
[root@localhost opt]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-m2gt9 0/1 Pending 0 33m
coredns-7ff77c879f-xv6mh 0/1 Pending 0 33m
etcd-localhost.localdomain 1/1 Running 0 33m
kube-apiserver-localhost.localdomain 1/1 Running 0 33m
kube-controller-manager-localhost.localdomain 1/1 Running 0 33m
kube-flannel-ds-amd64-wtjcl 1/1 Running 0 38s
kube-proxy-fwsnx 1/1 Running 0 33m
kube-scheduler-localhost.localdomain 1/1 Running 0 33m
執行kubectl get nodes查看maste此時已經為Ready
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready master 33m v1.18.0
安裝失敗了,清理環境重新安裝
kubeadm reset
三、簡單使用
名稱 簡寫
componentsstatuses cs
daemonsets ds
deployment deploy
events ev
endpoints ep
horizontalpodautoscalers hpa
ingresses ing
jobs
limitranges limits
nodes no
namspaces ns
pods po
persistentvolumes pv
persistentvolumeclaims pvc
resourcequotas quota
replicationcontrollers rc
secrets
serviceaccounts sa
services svc
默認情況下, master是不能跑業務pod的, 下面的命令可以解除這個限制 kubectl taint node localhost.localdomain node-role.kubernetes.io/master- 其中 localhost.localdomain為主機名
[root@localhost ~]# kubectl -h kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/ Basic Commands (Beginner): create Create a resource from a file or from stdin. expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service run Run a particular image on the cluster set Set specific features on objects Basic Commands (Intermediate): explain Documentation of resources get Display one or many resources edit Edit a resource on the server delete Delete resources by filenames, stdin, resources and names, or by resources and label selector Deploy Commands: rollout Manage the rollout of a resource scale Set a new size for a Deployment, ReplicaSet or Replication Controller autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController Cluster Management Commands: certificate Modify certificate resources. cluster-info Display cluster info top Display Resource (CPU/Memory/Storage) usage. cordon Mark node as unschedulable uncordon Mark node as schedulable drain Drain node in preparation for maintenance taint Update the taints on one or more nodes Troubleshooting and Debugging Commands: describe Show details of a specific resource or group of resources logs Print the logs for a container in a pod attach Attach to a running container exec Execute a command in a container port-forward Forward one or more local ports to a pod proxy Run a proxy to the Kubernetes API server cp Copy files and directories to and from containers. auth Inspect authorization Advanced Commands: diff Diff live version against would-be applied version apply Apply a configuration to a resource by filename or stdin patch Update field(s) of a resource using strategic merge patch replace Replace a resource by filename or stdin wait Experimental: Wait for a specific condition on one or many resources. convert Convert config files between different API versions kustomize Build a kustomization target from a directory or a remote url. Settings Commands: label Update the labels on a resource annotate Update the annotations on a resource completion Output shell completion code for the specified shell (bash or zsh) Other Commands: alpha Commands for features in alpha api-resources Print the supported API resources on the server api-versions Print the supported API versions on the server, in the form of "group/version" config Modify kubeconfig files plugin Provides utilities for interacting with plugins. version Print the client and server version information Usage: kubectl [flags] [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands).
kubectl run使用 kubectl run -h Create and run a particular image in a pod. Examples: # Start a nginx pod. kubectl run nginx --image=nginx # Start a hazelcast pod and let the container expose port 5701. kubectl run hazelcast --image=hazelcast/hazelcast --port=5701 # Start a hazelcast pod and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container. kubectl run hazelcast --image=hazelcast/hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default" # Start a hazelcast pod and set labels "app=hazelcast" and "env=prod" in the container. kubectl run hazelcast --image=hazelcast/hazelcast --labels="app=hazelcast,env=prod" # Dry run. Print the corresponding API objects without creating them. kubectl run nginx --image=nginx --dry-run=client # Start a nginx pod, but overload the spec with a partial set of values parsed from JSON. kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }' # Start a busybox pod and keep it in the foreground, don't restart it if it exits. kubectl run -i -t busybox --image=busybox --restart=Never # Start the nginx pod using the default command, but use custom arguments (arg1 .. argN) for that command. kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN> # Start the nginx pod using a different command and custom arguments. kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN> Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. --attach=false: If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned. --cascade=true: If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true. --command=false: If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default. --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource. --env=[]: Environment variables to set in the container. --expose=false: If true, service is created for the container(s) which are run -f, --filename=[]: to use to replace the resource. --force=false: If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation. --grace-period=-1: Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion). --hostport=-1: The host port mapping for the container port. To demonstrate a single-machine container. --image='': The image for the container to run. --image-pull-policy='': The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server -k, --kustomize='': Process a kustomization directory. This flag can't be used together with -f or -R. -l, --labels='': Comma separated labels to apply to the pod(s). Will override previous values. --leave-stdin-open=false: If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes. --limits='': The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file. --overrides='': An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. --pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running --port='': The port that this container exposes. --quiet=false: If true, suppress prompt messages. --record=false: Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists. -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. --requests='': The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges. --restart='Always': The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs `Never`. --rm=false: If true, delete resources created in this command for attached containers. --save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future. --serviceaccount='': Service account to set in the pod spec. -i, --stdin=false: Keep stdin open on the container(s) in the pod, even if nothing is attached. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. --timeout=0s: The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object -t, --tty=false: Allocated a TTY for each container in the pod. --wait=false: If true, wait for resources to be gone before returning. This waits for finalizers. Usage: kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=server|client] [--overrides=inline-json] [--command] -- [COMMAND] [args...] [options] Use "kubectl options" for a list of global command-line options (applies to all commands).
kubectl run --創建並運行一個或多個容器鏡像。 --創建一個deployment 或job 來管理容器
啟動nginx實例
[root@localhost ~]# kubectl run nginx --image=nginx pod/nginx created
查看 [root@localhost ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 3m1s
列出Pod以及運行Pod節點信息
kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 11m 10.244.0.5 localhost.localdomain <none> <none>
通過kubectl describe可以查看一個pod詳細信息
kubectl describe pod nginx
[root@localhost ~]# kubectl describe pod nginx Name: nginx Namespace: default Priority: 0 Node: localhost.localdomain/192.168.149.144 Start Time: Wed, 19 Aug 2020 00:07:49 -0700 Labels: run=nginx Annotations: <none> Status: Running IP: 10.244.0.4 IPs: IP: 10.244.0.4 Containers: nginx: Container ID: docker://1275edaeef5fc73ac86c2465b186d25f9b287bee630e6262c16aa266b9867a03 Image: nginx Image ID: docker-pullable://nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 Port: <none> Host Port: <none> State: Running Started: Wed, 19 Aug 2020 00:09:17 -0700 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-7w2v9 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-7w2v9: Type: Secret (a volume populated by a Secret) SecretName: default-token-7w2v9 Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 6m43s default-scheduler Successfully assigned default/nginx to localhost.localdomain Normal Pulling 6m39s kubelet, localhost.localdomain Pulling image "nginx" Normal Pulled 5m15s kubelet, localhost.localdomain Successfully pulled image "nginx" Normal Created 5m15s kubelet, localhost.localdomain Created container nginx Normal Started 5m14s kubelet, localhost.localdomain Started container nginx
刪除pod [root@localhost opt]# kubectl delete pod nginx pod "nginx" deleted
# 用run命令生成yaml文件 kubectl create deployment nginx --image=nginx -o yaml --dry-run > my.deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: nginx name: nginx resources: {} status: {}
通過yaml文件創建pod資源 [root@localhost opt]# kubectl create -f my.deploy.yaml deployment.apps/nginx created 其中my.deploy.yaml定義了2個副本 [root@localhost ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-f89759699-d8zg9 1/1 Running 0 56s nginx-f89759699-qt2m9 1/1 Running 0 55s
由於定義了2個副本,此時刪除一個pod后k8s會自動再創建一個
[root@localhost ~]# kubectl delete pod nginx-f89759699-d8zg9
pod "nginx-f89759699-d8zg9" deleted
[root@localhost ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-f89759699-qbmnh 0/1 ContainerCreating 0 22s
nginx-f89759699-qt2m9 1/1 Running 0 45m
[root@localhost ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-f89759699-qbmnh 1/1 Running 0 57s
nginx-f89759699-qt2m9 1/1 Running 0 46m
服務並讓外部可以訪問
kind: Service apiVersion: v1 metadata: name: nginx-service spec: selector: app: nginx ports: - protocol: TCP port: 80 nodePort: 30010 type: NodePort
[root@localhost opt]# kubectl apply -f nginx-service.yaml service/nginx-service created
通過 kubectl get service可以查看服務 [root@localhost opt]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3h1m nginx-service NodePort 10.105.250.182 <none> 80:30010/TCP 3m2s
可以通過 curl 10.105.250.182:80 在內部訪問nginx
外部通過curl 192.168.149.144:30010 得到nginx主頁的html