如何建立服務
1、建立Deployment
#啟動三個pod,執行httpd映象,label是run:mcw-httpd,Seveice將會根據這個label挑選Pod
apiVersion: apps/v1
[machangwei@mcwk8s-master ~]$ cat mcwHttpd.yml kind: Deployment metadata: name: mcw-httpd spec: replicas: 3 selector: matchLabels: run: mcw-httpd template: metadata: labels: run: mcw-httpd spec: containers: - name: mcw-httpd image: httpd ports: - containerPort: 80 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwHttpd.yml deployment.apps/mcw-httpd created [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5rrkh 0/1 ContainerCreating 0 2m52s <none> mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-bqq58 0/1 ImagePullBackOff 0 2m52s 10.244.0.78 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-j52ff 0/1 ImagePullBackOff 0 2m52s 10.244.0.70 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide #過一會後,檢視Pod分配了各自的IP,容器在建立的時候ip是none NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5rrkh 1/1 Running 0 6m28s 10.244.0.71 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-bqq58 1/1 Running 0 6m28s 10.244.0.78 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-j52ff 1/1 Running 0 6m28s 10.244.0.70 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ #這些ip只能被kubernates Cluster中的容器和節點訪問
2、不通的情況,是不是就應該不通呢,答案是否。
[machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5rrkh 1/1 Running 0 16m 10.244.0.71 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-bqq58 1/1 Running 0 16m 10.244.0.78 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-j52ff 1/1 Running 0 16m 10.244.0.70 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ curl 10.244.0.78 #主節點訪問節點2上的pod的ip,連線超時 curl: (7) Failed connect to 10.244.0.78:80; Connection timed out 節點2上訪問節點2上的pod ip是能訪問的 [root@mcwk8s-node2 ~]$ curl 10.244.0.78 <html><body><h1>It works!</h1></body></html> 懷疑是節點上flannel狀態問題 [machangwei@mcwk8s-master ~]$ kubectl get pod --all-namespaces|grep flannel kube-system kube-flannel-ds-cn4m9 0/1 Error 233 (5m26s ago) 2d11h kube-system kube-flannel-ds-hpgkz 1/1 Running 0 6d23h kube-system kube-flannel-ds-nnjvj 0/1 CrashLoopBackOff 271 (15s ago) 6d23h 懷疑節點2上沒新增-H的問題,然後新增重啟docker daemon ,四個容器都重啟了 [root@mcwk8s-node2 ~]$ vim /usr/lib/systemd/system/docker.service [root@mcwk8s-node2 ~]$ grep -i execstart /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0 --containerd=/run/containerd/containerd.sock [root@mcwk8s-node2 ~]$ systemctl daemon-reload [root@mcwk8s-node2 ~]$ systemctl restart docker [root@mcwk8s-node2 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 88de5020b420 registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 1 second ago Up 1 second k8s_POD_kube-flannel-ds-cn4m9_kube-system_ef070440-6778-430f-92b9-a1c48b755d2b_1 adf80a28c0be b46c42588d51 "/usr/local/bin/kube…" 2 seconds ago Up 1 second k8s_kube-proxy_kube-proxy-92g5c_kube-system_a69acf11-f51a-46d6-9472-d54b5383efef_1 46bceff879bd registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 6 seconds ago Up 2 seconds k8s_POD_kube-proxy-92g5c_kube-system_a69acf11-f51a-46d6-9472-d54b5383efef_1 a5cdf7f6ef3b registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 6 seconds ago Up 2 seconds k8s_POD_mcw-httpd-6fbf67d7d5-bqq58_default_4ceffe1e-df14-47dd-82f0-83cb68555de7_1 再次在主節點訪問節點2上的pod ip ,還是無法訪問,由於節點2上pod重啟了,所以ip被重新分配了一個 [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5rrkh 1/1 Running 0 30m 10.244.0.71 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-bqq58 1/1 Running 1 (95s ago) 30m 10.244.0.79 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-j52ff 1/1 Running 0 30m 10.244.0.70 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ curl 10.244.0.79 #雖然重新分配了ip,但是還是無法訪問 curl: (7) Failed connect to 10.244.0.79:80; Connection timed out
3、建立Service
[machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: run: httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwHttpdService.yml service/httpd-svc created [machangwei@mcwk8s-master ~]$ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.77.45 <none> 8080/TCP 14s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d [machangwei@mcwk8s-master ~]$ curl 10.99.77.45:8080 curl: (7) Failed connect to 10.99.77.45:8080; Connection refused
dns訪問Service
[machangwei@mcwk8s-master ~]$ kubectl get deployment --namespace=kube-system NAME READY UP-TO-DATE AVAILABLE AGE coredns 2/2 2 2 7d1h [machangwei@mcwk8s-master ~]$ kubectl get service -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR httpd-svc ClusterIP 10.99.77.45 <none> 8080/TCP 61m run=httpd kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d1h <none> [machangwei@mcwk8s-master ~]$ kubectl run mcwbusybox --rm -ti --image=busybox /bin/bash pod "mcwbusybox" deleted error: timed out waiting for the condition [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mcw-httpd-6fbf67d7d5-5rrkh 1/1 Running 0 124m mcw-httpd-6fbf67d7d5-bqq58 1/1 Running 1 (95m ago) 124m mcw-httpd-6fbf67d7d5-j52ff 1/1 Running 0 124m 只可以訪問自己節點上的pod,不能跨主機同名稱空間內的pod互相通訊。不知道哪裡的問題 [machangwei@mcwk8s-master ~]$ kubectl run mcwcentos3 -it --image=centos /bin/bash If you don't see a command prompt, try pressing enter. [root@mcwcentos3 /]# curl 10.244.0.79 curl: (7) Failed to connect to 10.244.0.79 port 80: Connection timed out [root@mcwcentos3 /]# curl 10.244.0.70 <html><body><h1>It works!</h1></body></html> [root@mcwcentos3 /]# curl 10.244.0.71 <html><body><h1>It works!</h1></body></html> route add -host 10.244.0.0 dev flannel.1 flannel.1 NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s 報錯現象 系統或者網路佔用過多CPU,造成核心軟死鎖(soft lockup)。Soft lockup名稱解釋:所謂,soft lockup就是說,這個bug沒有讓系統徹底當機,但是若干個程式(或...
fannel網路問題
網路是有問題的
兩個節點上的fannel狀態不對 [machangwei@mcwk8s-master ~]$ kubectl get pod --all-namespaces -o wide|grep flannel kube-system kube-flannel-ds-cn4m9 0/1 CrashLoopBackOff 286 (3m50s ago) 3d10h 10.0.0.6 mcwk8s-node2 <none> <none> kube-system kube-flannel-ds-hpgkz 1/1 Running 1 (22h ago) 7d22h 10.0.0.4 mcwk8s-master <none> <none> kube-system kube-flannel-ds-nnjvj 0/1 CrashLoopBackOff 325 (3m21s ago) 7d22h 10.0.0.5 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~] 節點上檢視對應容器的日誌錯誤信,未成功註冊cidr [root@mcwk8s-node2 ~]$ docker ps -a|grep flannel 2252229253e3 e6ea68648f0c "/opt/bin/flanneld -…" 10 seconds ago Exited (1) 2 seconds ago k8s_kube-flannel_kube-flannel-ds-cn4m9_kube-system_ef070440-6778-430f-92b9-a1c48b755d2b_284 [root@mcwk8s-node2 ~]$ docker logs 225 E0120 13:40:49.244765 1 main.go:325] Error registering network: failed to acquire lease: node "mcwk8s-node2" pod cidr not assigned W0120 13:40:49.245111 1 reflector.go:424] github.com/flannel-io/flannel/subnet/kube/kube.go:379: watch of *v1.Node ended with: an error on the server ("unable to decode an event from the watch stream: context canceled") has prevented the request from succeeding master初始化寫進來的cidr [root@mcwk8s-master ~]$ grep cidr /etc/kubernetes/manifests/kube-controller-manager.yaml - --allocate-node-cidrs=true - --cluster-cidr=10.244.0.0/24 部署fannel用的網路 [machangwei@mcwk8s-master ~]$ grep -C 3 '"Network"' mm.yml } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } 修改網路 [machangwei@mcwk8s-master ~]$ vim mm.yml [machangwei@mcwk8s-master ~]$ grep -C 3 '"Network"' mm.yml } net-conf.json: | { "Network": "10.244.0.0/24", "Backend": { "Type": "vxlan" } [machangwei@mcwk8s-master ~]
從頭部署了k8s
修改網路後還是不行。直接從頭部署k8s就好了,把flannel網路和初始化master都設定為10.244.0.0/16 網路 [machangwei@mcwk8s-master ~]$ kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-6d8c4cb4d-vctxx 1/1 Running 1 (5m57s ago) 33m kube-system coredns-6d8c4cb4d-xkv9h 1/1 Running 0 33m kube-system etcd-mcwk8s-master 1/1 Running 0 33m kube-system kube-apiserver-mcwk8s-master 1/1 Running 1 (4m42s ago) 33m kube-system kube-controller-manager-mcwk8s-master 1/1 Running 1 33m kube-system kube-flannel-ds-fvwgm 1/1 Running 0 22m kube-system kube-flannel-ds-l5fdg 1/1 Running 0 25m kube-system kube-flannel-ds-mzdcw 1/1 Running 0 21m kube-system kube-proxy-796l7 1/1 Running 0 21m kube-system kube-proxy-8wtxn 1/1 Running 0 22m kube-system kube-proxy-qr6b8 1/1 Running 0 33m kube-system kube-scheduler-mcwk8s-master 1/1 Running 1 33m [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get nodes NAME STATUS ROLES AGE VERSION mcwk8s-master Ready control-plane,master 35m v1.23.1 mcwk8s-node1 Ready <none> 23m v1.23.1 mcwk8s-node2 Ready <none> 22m v1.23.1
網路正常的三個節點,網路卡和路由如下
跟之前相比,很明顯的是多了路由了。之前應該是節點網路沒好,所以路由也不全 主節點 [root@mcwk8s-master ~]$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a2:3a:b7 brd ff:ff:ff:ff:ff:ff inet 10.0.0.4/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::6b7a:2214:bef3:5850/64 scope link valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:a2:3a:c1 brd ff:ff:ff:ff:ff:ff 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:af:00:ac:08 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN link/ether ca:9d:fb:2c:b7:22 brd ff:ff:ff:ff:ff:ff inet 10.244.0.0/32 brd 10.244.0.0 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::c89d:fbff:fe2c:b722/64 scope link valid_lft forever preferred_lft forever 6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP qlen 1000 link/ether 3e:f7:13:d6:6b:5b brd ff:ff:ff:ff:ff:ff inet 10.244.0.1/24 brd 10.244.0.255 scope global cni0 valid_lft forever preferred_lft forever inet6 fe80::3cf7:13ff:fed6:6b5b/64 scope link valid_lft forever preferred_lft forever 7: vethf9bacd46@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether f6:9d:2c:f7:ff:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::f49d:2cff:fef7:ff4e/64 scope link valid_lft forever preferred_lft forever 8: veth59372586@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether 56:da:7b:cb:75:49 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::54da:7bff:fecb:7549/64 scope link valid_lft forever preferred_lft forever [root@mcwk8s-master ~]$ node1 [root@mcwk8s-node1 ~]$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.253 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 10.244.0.0 10.244.0.0 255.255.255.0 UG 0 0 0 flannel.1 10.244.1.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0 10.244.2.0 10.244.2.0 255.255.255.0 UG 0 0 0 flannel.1 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 [root@mcwk8s-node1 ~]$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:0b:a3:15 brd ff:ff:ff:ff:ff:ff 3: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:a3:0b brd ff:ff:ff:ff:ff:ff inet 10.0.0.5/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::3516:c22b:d62:c43f/64 scope link valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:5e:08:56:63 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN link/ether 4e:92:a2:b0:6b:5a brd ff:ff:ff:ff:ff:ff inet 10.244.1.0/32 brd 10.244.1.0 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::4c92:a2ff:feb0:6b5a/64 scope link valid_lft forever preferred_lft forever 6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP qlen 1000 link/ether e2:d3:b2:00:28:bf brd ff:ff:ff:ff:ff:ff inet 10.244.1.1/24 brd 10.244.1.255 scope global cni0 valid_lft forever preferred_lft forever inet6 fe80::e0d3:b2ff:fe00:28bf/64 scope link valid_lft forever preferred_lft forever 7: vethafc53bc5@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether 32:51:41:e9:e1:68 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::3051:41ff:fee9:e168/64 scope link valid_lft forever preferred_lft forever 8: veth8246ed1c@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether 12:67:28:44:fa:cd brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::1067:28ff:fe44:facd/64 scope link valid_lft forever preferred_lft forever [root@mcwk8s-node1 ~]$ node2 [root@mcwk8s-node2 ~]$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.253 0.0.0.0 UG 100 0 0 ens33 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 10.244.0.0 10.244.0.0 255.255.255.0 UG 0 0 0 flannel.1 10.244.1.0 10.244.1.0 255.255.255.0 UG 0 0 0 flannel.1 10.244.2.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 You have new mail in /var/spool/mail/root [root@mcwk8s-node2 ~]$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:eb:83:cd brd ff:ff:ff:ff:ff:ff 3: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:eb:83:c3 brd ff:ff:ff:ff:ff:ff inet 10.0.0.6/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::fd02:359f:93a4:95af/64 scope link valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:ff:3f:37:b0 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 5: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN link/ether 56:16:44:85:ca:57 brd ff:ff:ff:ff:ff:ff inet 10.244.2.0/32 brd 10.244.2.0 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::5416:44ff:fe85:ca57/64 scope link valid_lft forever preferred_lft forever 6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP qlen 1000 link/ether 06:1f:10:ee:32:6f brd ff:ff:ff:ff:ff:ff inet 10.244.2.1/24 brd 10.244.2.255 scope global cni0 valid_lft forever preferred_lft forever inet6 fe80::41f:10ff:feee:326f/64 scope link valid_lft forever preferred_lft forever 7: vethdf3032e1@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether 1e:50:bf:95:46:4d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::1c50:bfff:fe95:464d/64 scope link valid_lft forever preferred_lft forever [root@mcwk8s-node2 ~]$
flannel正常之後,驗證叢集內pod跨主機訪問
[machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 0/1 ContainerCreating 0 5m19s <none> mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 0/1 ContainerCreating 0 5m19s <none> mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 0/1 ContainerCreating 0 5m19s <none> mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ kubectl describe pod mcw-httpd-6fbf67d7d5-5qfrl Events: #容器建立中的狀態時間段,包括拉取映象的過程 Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 4m49s default-scheduler Successfully assigned default/mcw-httpd-6fbf67d7d5-5qfrl to mcwk8s-node1 Normal Pulling 4m35s kubelet Pulling image "httpd" mcwk8s-node1一直卡在拉取不下映象,然後手動到節點1上docker pull,拉取完映象之後,pod馬上就執行狀態了 [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21m 10.244.1.2 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21m 10.244.2.2 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21m 10.244.1.3 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ 檢視網路,現在分配的pod上分配的ip,可以正常的在叢集其它節點上進行訪問了。也就是Pod分配了各自的ip,這些ip只能被Kuernetes Cluster 中的容器和節點訪問。前面那句話已經得到驗證 [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21m 10.244.1.2 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21m 10.244.2.2 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21m 10.244.1.3 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ curl 10.244.1.2 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ curl 10.244.1.3 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ hostname mcwk8s-master [machangwei@mcwk8s-master ~]$
部署service
部署service,但是沒有後端服務
endpoint是空的,肯定不能通過服務ip加埠,去curl訪問服務的響應資料 [machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: run: httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwHttpdService.yml #建立Service service/httpd-svc created [machangwei@mcwk8s-master ~]$ kubectl get service #檢視service。有服務名,叢集ip,以及埠, NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.102.232.38 <none> 8080/TCP 11s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 140m [machangwei@mcwk8s-master ~]$ curl 10.102.232.38:8080 #通過curl叢集ip冒號埠,無法訪問,因為沒有endpoint curl: (7) Failed connect to 10.102.232.38:8080; Connection refused [machangwei@mcwk8s-master ~]$ curl 10.244.1.2 #通過訪問pod ip ,可以直接在節點上訪問到叢集中的pod的對應的80服務 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ ping 10.244.1.2 #可以在節點上ping通叢集中pod的ip。 PING 10.244.1.2 (10.244.1.2) 56(84) bytes of data. 64 bytes from 10.244.1.2: icmp_seq=1 ttl=63 time=1.04 ms [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.102.232.38 <none> 8080/TCP 75s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 141m [machangwei@mcwk8s-master ~]$ curl 10.102.232.38:8080 curl: (7) Failed connect to 10.102.232.38:8080; Connection refused [machangwei@mcwk8s-master ~]$ kubectl describe service httpd-svc #檢視服務,可以看到endponts為none Name: httpd-svc Namespace: default Labels: <none> Annotations: <none> Selector: run=httpd Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.102.232.38 IPs: 10.102.232.38 Port: <unset> 8080/TCP TargetPort: 80/TCP Endpoints: <none> Session Affinity: None Events: <none> [machangwei@mcwk8s-master ~]$
正常的有後端pod
[machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml #修改前的yml檔案, apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: run: httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ kubectl get pod --show-labels #檢視服務對應的後端pod的標籤,發現是run=mcw-httpd, NAME READY STATUS RESTARTS AGE LABELS mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 107m pod-template-hash=6fbf67d7d5,run=mcw-httpd mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 107m pod-template-hash=6fbf67d7d5,run=mcw-httpd mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 107m pod-template-hash=6fbf67d7d5,run=mcw-httpd [machangwei@mcwk8s-master ~]$ kubectl delete -f mcwHttpdService.yml service "httpd-svc" deleted [machangwei@mcwk8s-master ~]$ vim mcwHttpdService.yml [machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml #修改選擇器,糾正標籤,指定service後端pod的標籤是run: mcw-httpd apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: run: mcw-httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwHttpdService.yml #重新部署服務 service/httpd-svc created [machangwei@mcwk8s-master ~]$ kubectl get service #檢視服務,叢集已經換掉了 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.19.228 <none> 8080/TCP 7s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 146m [machangwei@mcwk8s-master ~]$ curl 10.99.19.228:8080 #這下可以正常curl 叢集IP:埠,來訪問服務了。 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ kubectl describe service httpd-svc Name: httpd-svc Namespace: default Labels: <none> Annotations: <none> Selector: run=mcw-httpd Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.99.19.228 IPs: 10.99.19.228 Port: <unset> 8080/TCP #檢視到現在的服務,後endpoint的值 TargetPort: 80/TCP # endpoint的值,是代表有可以訪問帶有指定標籤pod ip,指定pod目標埠的服務。 Endpoints: 10.244.1.2:80,10.244.1.3:80,10.244.2.2:80 Session Affinity: None #也就是訪問叢集ip:埠,應該是負載均衡路由到這帶有服務選擇對應標籤的pod ip和目標埠的 Events: <none> #叢集ip是建立服務時分配的,而選擇帶有什麼樣標籤的pod,以及pod對應服務的埠,即目標埠,是在yml裡面已經設定好了 [machangwei@mcwk8s-master ~]$
service檔案介紹
[machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml apiVersion: v1 #Service的apiVersion kind: Service #資源型別 metadata: name: httpd-svc spec: selector: #指明挑選那些label為run: httpd的pod作為Service的後端 run: httpd ports: - protocol: TCP port: 8080 #將Servicede 8080埠對映到Pod的80埠,使用TCP協議 targetPort: 80
Cluster IP底層實現
跟service相關的防火牆規則,叢集ip和pod ip相關 [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 20h 10.244.1.2 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 20h 10.244.2.2 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 20h 10.244.1.3 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.19.228 <none> 8080/TCP 18h kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h [machangwei@mcwk8s-master ~]$ 檢視當前主機防火牆 [root@mcwk8s-master ~]$ iptables-save |grep httpd-svc -A KUBE-SEP-26GESA23ILIBJ6BG -s 10.244.1.2/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-26GESA23ILIBJ6BG -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.1.2:80 -A KUBE-SEP-5MDWNIS6FGKOLKLF -s 10.244.1.3/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-5MDWNIS6FGKOLKLF -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.1.3:80 -A KUBE-SEP-MZ7D7IEY543CBPN3 -s 10.244.2.2/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-MZ7D7IEY543CBPN3 -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.2.2:80 -A KUBE-SERVICES -d 10.99.19.228/32 -p tcp -m comment --comment "default/httpd-svc cluster IP" -m tcp --dport 8080 -j KUBE-SVC-IYRDZZKXS5EOQ6Q6 -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 ! -s 10.244.0.0/16 -d 10.99.19.228/32 -p tcp -m comment --comment "default/httpd-svc cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-26GESA23ILIBJ6BG -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-5MDWNIS6FGKOLKLF -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -j KUBE-SEP-MZ7D7IEY543CBPN3 [root@mcwk8s-master ~]$ 一: -A KUBE-SERVICES -d 10.99.19.228/32 -p tcp -m comment --comment "default/httpd-svc cluster IP" -m tcp --dport 8080 -j KUBE-SVC-IYRDZZKXS5EOQ6Q6 -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 ! -s 10.244.0.0/16 -d 10.99.19.228/32 -p tcp -m comment --comment "default/httpd-svc cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ 1、其它源地址訪問httpd-svc,則允許 2、如果Cluster內的pod(源地址來自10.244.0.0/16)要訪問httpd-svc,則跳轉到KUBE-SVC-IYRDZZKXS5EOQ6Q6 KUBE-SVC-IYRDZZKXS5EOQ6Q6規則之一如下: -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-26GESA23ILIBJ6BG 二: -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-26GESA23ILIBJ6BG -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-5MDWNIS6FGKOLKLF -A KUBE-SVC-IYRDZZKXS5EOQ6Q6 -m comment --comment "default/httpd-svc" -j KUBE-SEP-MZ7D7IEY543CBPN3 1、1/3概率跳轉到規則KUBE-SEP-26GESA23ILIBJ6BG 2、1/3概率(剩下2/3的一半)跳轉到規則KUBE-SEP-5MDWNIS6FGKOLKLF 3、1/3概率跳轉到規則KUBE-SEP-MZ7D7IEY543CBPN3 三: -A KUBE-SEP-26GESA23ILIBJ6BG -s 10.244.1.2/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-26GESA23ILIBJ6BG -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.1.2:80 -A KUBE-SEP-5MDWNIS6FGKOLKLF -s 10.244.1.3/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-5MDWNIS6FGKOLKLF -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.1.3:80 -A KUBE-SEP-MZ7D7IEY543CBPN3 -s 10.244.2.2/32 -m comment --comment "default/httpd-svc" -j KUBE-MARK-MASQ -A KUBE-SEP-MZ7D7IEY543CBPN3 -p tcp -m comment --comment "default/httpd-svc" -m tcp -j DNAT --to-destination 10.244.2.2:80 將請求分別轉發到後端的三個pod.iptables將訪問Service的流量轉發到後端pod,而且使用型別輪詢的負載均衡策略。叢集的每一個結點都配置了相同的iptables規則,這樣就確保了整個叢集都能通過Service的叢集ip訪問服務。
DNS訪問Service
訪問本身namespace中的
[machangwei@mcwk8s-master ~]$ kubectl get deployment --namespace=kube-system #檢視 dns元件 NAME READY UP-TO-DATE AVAILABLE AGE coredns 2/2 2 2 21h [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl run mcwcentos --rm -ti --image=centos /bin/bash #建立pod並進入 If you don't see a command prompt, try pressing enter. [root@mcwcentos /]# wget httpd-svc.default:8080 #在pod中通過<SERVICE_NAME>.<NAMESPACE_NAME>來訪問Service bash: wget: command not found [root@mcwcentos /]# curl httpd-svc.default:8080 <html><body><h1>It works!</h1></body></html> [root@mcwcentos /]# [root@mcwcentos /]# curl httpd-svc:8080 #因為pod和httpd-svc同屬於default namespace,因此可以省略default名稱空間,直接訪問服務 <html><body><h1>It works!</h1></body></html> [root@mcwcentos /]# yum -y install bind-utils #安裝工具,以方便使用nslookup命令 Failed to set locale, defaulting to C.UTF-8 Last metadata expiration check: 0:02:36 ago on Fri Jan 21 12:45:19 2022. Dependencies resolved. [root@mcwcentos /]# ls /etc/yum.repos.d/ 檢視cenos映象中的repo檔案 CentOS-Linux-AppStream.repo CentOS-Linux-ContinuousRelease.repo CentOS-Linux-Devel.repo CentOS-Linux-FastTrack.repo CentOS-Linux-Media.repo CentOS-Linux-PowerTools.repo CentOS-Linux-BaseOS.repo CentOS-Linux-Debuginfo.repo CentOS-Linux-Extras.repo CentOS-Linux-HighAvailability.repo CentOS-Linux-Plus.repo CentOS-Linux-Sources.repo [root@mcwcentos /]# nslookup httpd-svc #用命令檢視httpd-svc的DNS資訊 Server: 10.96.0.10 Address: 10.96.0.10#53 Name: httpd-svc.default.svc.cluster.local #這個是DNS伺服器,dns元件,這個是httpd的完整域名 Address: 10.99.19.228 #可以看到這個是service的cluster ip [root@mcwcentos /]# [machangwei@mcwk8s-master ~]$ kubectl get service 叢集ip NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.19.228 <none> 8080/TCP 19h kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h [machangwei@mcwk8s-master ~]$ 檢視這個新建立的pod [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide|grep mcwcentos mcwcentos 1/1 Running 0 8m8s 10.244.2.3 mcwk8s-node2 <none> <none> 到pod對應節點上找到這個容器 [root@mcwk8s-node2 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0b11a9d9ac35 centos "/bin/bash" 8 minutes ago Up 8 minutes k8s_mcwcentos_mcwcentos_default_05aaed6d-57b0-4f6b-807d-1cd0e9c39ad9_0 然後檢視容器的日誌,可以看到,記錄了我進入容器後做的所有操作包括yum安裝的過程 [root@mcwk8s-node2 ~]$ docker logs 0b1|tail CentOS-Linux-AppStream.repo CentOS-Linux-ContinuousRelease.repo CentOS-Linux-Devel.repo CentOS-Linux-FastTrack.repo CentOS-Linux-Media.repo CentOS-Linux-PowerTools.repo CentOS-Linux-BaseOS.repo CentOS-Linux-Debuginfo.repo CentOS-Linux-Extras.repo CentOS-Linux-HighAvailability.repo CentOS-Linux-Plus.repo CentOS-Linux-Sources.repo [root@mcwcentos /]# [root@mcwcentos /]# nslookup httpd-svc Server: 10.96.0.10 Address: 10.96.0.10#53 Name: httpd-svc.default.svc.cluster.local Address: 10.99.19.228 [root@mcwk8s-node2 ~]$ ‘ 主節點進入的pod中: [root@mcwcentos /]# ping httpd-svc PING httpd-svc.default.svc.cluster.local (10.99.19.228) 56(84) bytes of data. ^C --- httpd-svc.default.svc.cluster.local ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1001ms [root@mcwcentos /]# curl httpd-svc curl: (7) Failed to connect to httpd-svc port 80: Connection timed out [root@mcwcentos /]# curl httpd-svc:8080 <html><body><h1>It works!</h1></body></html> [root@mcwcentos /]# curl httpd-svc.default.svc.cluster.local:8080 #也可以curl完整域名,如果不加埠,不行,因為服務裡顯示用到這個埠了 <html><body><h1>It works!</h1></body></html> [root@mcwcentos /]#
訪問其它namespace中的service
檢視已存在的namespcace [machangwei@mcwk8s-master ~]$ kubectl get namespace #這幾個都是部署好叢集時就已經建立好的namespace NAME STATUS AGE default Active 21h kube-node-lease Active 21h kube-public Active 21h kube-system Active 21h [machangwei@mcwk8s-master ~]$ 檢視之前部署的檔案 [machangwei@mcwk8s-master ~]$ cat mcwHttpd.yml apiVersion: apps/v1 kind: Deployment metadata: name: mcw-httpd spec: replicas: 3 selector: matchLabels: run: mcw-httpd template: metadata: labels: run: mcw-httpd spec: containers: - name: mcw-httpd image: httpd ports: - containerPort: 80 [machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml apiVersion: v1 kind: Service metadata: name: httpd-svc spec: selector: run: mcw-httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ cat mcwhttpd2quanyml #檢視上兩個檔案合併修改名稱,標籤等資訊,新增指定的名稱空間。多個資源用---來分割 apiVersion: apps/v1 kind: Deployment metadata: name: mcw-httpd2 namespace: kube-public spec: replicas: 3 selector: matchLabels: run: mcw-httpd2 template: metadata: labels: run: mcw-httpd2 spec: containers: - name: mcw-httpd2 image: httpd ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: httpd2-svc namespace: kube-public spec: selector: run: mcw-httpd2 ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ 檢視mcwcentos的ip [root@mcwcentos /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 3: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default link/ether c6:c1:ce:94:49:24 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.244.2.3/24 brd 10.244.2.255 scope global eth0 valid_lft forever preferred_lft forever [root@mcwcentos /]# hostname -i 10.244.2.3 [root@mcwcentos /]# [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwhttpd2quanyml #部署httpd2服務 deployment.apps/mcw-httpd2 created service/httpd2-svc created [machangwei@mcwk8s-master ~]$ kubectl get service --namespace=kube-public #檢視服務2,需要指定名稱空間 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd2-svc ClusterIP 10.101.134.243 <none> 8080/TCP 39s [machangwei@mcwk8s-master ~]$ kubectl get service #不指定名稱空間,無法看到kube-public中的服務 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.19.228 <none> 8080/TCP 19h kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl run mcwcentos2 --rm -ti --image=centos /bin/bash #執行第二個,mcwcentos2 If you don't see a command prompt, try pressing enter. [root@mcwcentos2 /]# curl httpd2-svc:8080 #pod屬於default名稱空間,訪問其它名稱空間的服務,不指定名稱空間,直接訪問服務名加埠,是無法訪問到 curl: (6) Could not resolve host: httpd2-svc [root@mcwcentos2 /]# curl httpd2-svc.kube-public:8080 #加上服務名稱.名稱空間:服務埠,就可以實現在pod中跨名稱空間訪問服務 <html><body><h1>It works!</h1></body></html> [root@mcwcentos2 /]# ping -c 2 10.244.2.3 #pod中能直接ping同一名稱空間內的pod PING 10.244.2.3 (10.244.2.3) 56(84) bytes of data. 64 bytes from 10.244.2.3: icmp_seq=1 ttl=64 time=0.252 ms 64 bytes from 10.244.2.3: icmp_seq=2 ttl=64 time=0.072 ms --- 10.244.2.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.072/0.162/0.252/0.090 ms [root@mcwcentos2 /]# [root@mcwcentos2 /]# exit #當ctrl+d退出時,這個命令建立的pod就被刪除掉了,get pod也看不見這個容器 Session ended, resume using 'kubectl attach mcwcentos2 -c mcwcentos2 -i -t' command when the pod is running pod "mcwcentos2" deleted [machangwei@mcwk8s-master ~]$ 如下,預設只能看到default下的pod [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21h mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21h mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21h [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21h default mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21h default mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21h kube-public mcw-httpd2-6b98bfbbbf-69jb5 1/1 Running 0 21m kube-public mcw-httpd2-6b98bfbbbf-qv7g9 1/1 Running 0 21m kube-public mcw-httpd2-6b98bfbbbf-ztddf 1/1 Running 0 21m kube-system coredns-6d8c4cb4d-vctxx 1/1 Running 1 (21h ago) 22h kube-system coredns-6d8c4cb4d-xkv9h 1/1 Running 0 22h
外網如何訪問Service
1、叢集ip加埠,可以提供叢集內部訪問服務。
這裡是在三個節點上都通過curl叢集ip:埠,正常訪問。如果是pod中,不同名稱空間的pod中訪問,結果如何,以後驗證,應該也是沒有問題的。 [machangwei@mcwk8s-master ~]$ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc NodePort 10.107.208.46 <none> 8080:30450/TCP 14m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h [machangwei@mcwk8s-master ~]$ curl 10.107.208.46:8080 <html><body><h1>It works!</h1></body></html> [root@mcwk8s-node1 ~]$ curl 10.107.208.46:8080 <html><body><h1>It works!</h1></body></html> [root@mcwk8s-node2 ~]$ curl 10.107.208.46:8080 <html><body><h1>It works!</h1></body></html> [root@mcwk8s-node2 ~]$
2、這裡演示node port 方式將應用的service暴露給cluster外部。
[machangwei@mcwk8s-master ~]$ ls #檢視當前有的yml檔案 mcwhttpd2quanyml mcwHttpdService.yml mcwHttpd.yml mm.yml [machangwei@mcwk8s-master ~]$ kubectl get service #檢視當前服務 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc ClusterIP 10.99.19.228 <none> 8080/TCP 19h kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h [machangwei@mcwk8s-master ~]$ kubectl get pod #檢視當前的pod NAME READY STATUS RESTARTS AGE mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21h mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21h mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21h [machangwei@mcwk8s-master ~]$ kubectl delete -f mcwHttpdService.yml #把已有的服務刪除掉,一會建立新的服務,還用以前的pod service "httpd-svc" deleted [machangwei@mcwk8s-master ~]$ kubectl get service #檢視當前有的服務,之前的一個服務已經成功刪除 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h [machangwei@mcwk8s-master ~]$ vim mcwHttpdService.yml #編輯服務yml [machangwei@mcwk8s-master ~]$ cat mcwHttpdService.yml #將服務yml增添鍵值對 type: NodePort。 apiVersion: v1 kind: Service metadata: name: httpd-svc spec: type: NodePort selector: run: mcw-httpd ports: - protocol: TCP port: 8080 targetPort: 80 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwHttpdService.yml #建立服務,好像不用刪除,直接重新執行,會重新建立服務,有時間驗證 service/httpd-svc created [machangwei@mcwk8s-master ~]$ kubectl get service #檢視新建立的服務,可以看到埠部分,多了一個埠,30450, NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc NodePort 10.107.208.46 <none> 8080:30450/TCP 21s kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h [machangwei@mcwk8s-master ~]$ netstat -an|grep 30450 #檢視要暴露的埠,這個埠在所有節點(node)上都有,節點ip:這個埠,都能供外網訪問,供叢集外的訪問 tcp 0 0 0.0.0.0:30450 0.0.0.0:* LISTEN [machangwei@mcwk8s-master ~]$ curl 10.107.208.46:8080 #叢集ip 埠訪問服務 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ curl 10.107.208.46:30450 #叢集ip訪問這個埠是不行的 curl: (7) Failed connect to 10.107.208.46:30450; Connection timed out [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide #檢視pod的ip NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21h 10.244.1.2 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21h 10.244.2.2 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21h 10.244.1.3 mcwk8s-node1 <none> <none> [machangwei@mcwk8s-master ~]$ curl 10.244.1.2 #直接在節點上curl pod的ip,就能訪問到服務 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ curl 10.244.1.2:30450 #直接在節點上curl ip:要暴露的埠,是不行的 curl: (7) Failed connect to 10.244.1.2:30450; Connection refused [machangwei@mcwk8s-master ~]$ hostname -i 10.0.0.4 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 #應該用curl 節點ip:要暴露的埠 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ curl 10.0.0.5:30450 #節點ip:這個埠,還可以在外面瀏覽器上訪問。 <html><body><h1>It works!</h1></body></html> #只不過三個 節點ip加這個埠,外網訪問這個服務的時候, [machangwei@mcwk8s-master ~]$ curl 10.0.0.6:30450 #是否後端實現了負載均衡,排程到三個後端pod上呢 <html><body><h1>It works!</h1></body></html> [machangwei@mcwk8s-master ~]$ 主節點上找到服務的三個pod [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mcw-httpd-6fbf67d7d5-5qfrl 1/1 Running 0 21h 10.244.1.2 mcwk8s-node1 <none> <none> mcw-httpd-6fbf67d7d5-98x8d 1/1 Running 0 21h 10.244.2.2 mcwk8s-node2 <none> <none> mcw-httpd-6fbf67d7d5-bpbq4 1/1 Running 0 21h 10.244.1.3 mcwk8s-node1 <none> <none> 根據三個pod資訊,去節點上找到這三個容器,將容器內容修改,新增上自己的pod ip [root@mcwk8s-node1 ~]$ netstat -an|grep 30450 tcp 0 0 0.0.0.0:30450 0.0.0.0:* LISTEN [root@mcwk8s-node1 ~]$ docker ps |grep mcw-httpd-6fbf67d7d5-bpbq4 c978d2770826 httpd "httpd-foreground" 22 hours ago Up 22 hours k8s_mcw-httpd_mcw-httpd-6fbf67d7d5-bpbq4_default_1380d70d-e2b1-4276-b80f-813bcd3bae10_0 eddd4b542888 registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 22 hours ago Up 22 hours k8s_POD_mcw-httpd-6fbf67d7d5-bpbq4_default_1380d70d-e2b1-4276-b80f-813bcd3bae10_0 [root@mcwk8s-node1 ~]$ docker exec -it c978 bash root@mcw-httpd-6fbf67d7d5-bpbq4:/usr/local/apache2# ls bin build cgi-bin conf error htdocs icons include logs modules root@mcw-httpd-6fbf67d7d5-bpbq4:/usr/local/apache2# cd htdocs/ root@mcw-httpd-6fbf67d7d5-bpbq4:/usr/local/apache2/htdocs# cat index.html <html><body><h1>It works!</h1></body></html> root@mcw-httpd-6fbf67d7d5-bpbq4:/usr/local/apache2/htdocs# echo '<html><body><h1>It works!</h1></body></html> 10.244.1.3'>index.html root@mcw-httpd-6fbf67d7d5-bpbq4:/usr/local/apache2/htdocs# 在主節點上直接訪問各個pod ip,檢視都修改成功 [machangwei@mcwk8s-master ~]$ curl 10.244.1.3 <html><body><h1>It works!</h1></body></html> 10.244.1.3 [machangwei@mcwk8s-master ~]$ 然後根據節點ip加要暴露出去的埠,進行訪問。可以發現,在節點上無論訪問哪個節點ip:埠,都能實現後端三個pod的負載均衡。也就是說實現了負載均衡的。訪問任意一個結點ip:加要暴露的埠,都等於訪問這個服務,而這個服務後端三個pod是實現負載均衡的。在瀏覽器上訪問,也是能看出了的, [machangwei@mcwk8s-master ~]$ kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE httpd-svc NodePort 10.107.208.46 <none> 8080:30450/TCP 46m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h [machangwei@mcwk8s-master ~]$ hostname -i 10.0.0.4 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.2.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.1.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.2.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.2.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.2.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.1.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.1.3 [machangwei@mcwk8s-master ~]$ curl 10.0.0.4:30450 <html><body><h1>It works!</h1></body></html> 10.244.2.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.5:30450 <html><body><h1>It works!</h1></body></html> 10.244.1.2 [machangwei@mcwk8s-master ~]$ curl 10.0.0.5:30450 <html><body><h1>It works!</h1></body></html> 10.244.1.3
3、loadbalancer
以後新增