day2-----k8s集群管理常用知识点(1)
2024-05-23 18:03:02
使用二进制安装部署K8S的要点︰
基础设施环境准备好
. CentOS7.6系统(内核在3.8.x以上)
· 关闭SELinux,关闭firewalld服务
· 时间同步( chronyd ) -----------------------------------$$$新的时间同步,要记住
· 调整Base源,Epel源
· 内核优化(文件描述符大小,内核转发,等等….)
·安装部署bind9内网DNS系统
·安装部署docker的私有仓库—harbor
·准备证书签发环境—cfssl
·安装部署主控节点服务(4个)
. Etcd
. Apiserver
. Controller-manager
. Scheduler
·安装部署运算节点服务(2个)
. Kubelet
. Kube-proxy
##原来的ntpd时间同步是需要你在server选择哪个云的去时间同步,还有一个ibakd是指允许你的时间越变的。(这个有的时候需要配置,有的时候是不需要配置的,像2000年不是闰年,但是计算机它任务是闰年,所有这个时间是需要慢慢的来回来的,就是开启慢同步)
如果你的物理内存是足够大的时候那么就可以把交换分区去关掉了,就是swap分区,,k8s官方是推荐你去关掉这个分区的
controller-manager和scheduler是通过本机回环127.0.0.1:8080那个地址去找apiservice的 而apiservice还监听了另一个地址是本机内网地址比如10.4.7.21:6443 那个地址,,8080走的是httpd协议,如果跨网络就必须走6443那个地址了,就是https协议,需要证书等,所有会消耗一定资源,,那么etcd走的是https协议,所有不需要必须部署在master主机上
关于k8s证书
关于cfssl工具∶cfssl :证书签发的主要工具
. cfssl-json:将cfssl生成的证书( json格式)变为文件承载式证书cfssl-certinfo:验证书的信息
关于kubeconfig文件∶
· 这是一个K8S用户的配置文件·它里面含有证书信息
· 证书过期或更换,需要同步替换该文件
证书的还原方法
[root@hdss7-200 certs]# cfssl-certinfo -cert apiserver.pem
{"subject": {"common_name": "k8s-apiserver","country": "CN","organization": "od","organizational_unit": "ops","locality": "beijing","province": "beijing","names": ["CN","beijing","beijing","od","ops","k8s-apiserver"]},"issuer": {"common_name": "OldboyEdu","country": "CN","organization": "od","organizational_unit": "ops","locality": "beijing","province": "beijing","names": ["CN","beijing","beijing","od","ops","OldboyEdu"]},"serial_number": "702925875294952757965703566705092293016898717864","sans": ["kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local","127.0.0.1","192.168.0.1","10.4.7.10","10.4.7.21","10.4.7.22","10.4.7.23"],"not_before": "2021-08-25T12:59:00Z", ##证书签发时间"not_after": "2041-08-20T12:59:00Z", ##证书有效期"sigalg": "SHA256WithRSA","authority_key_id": "30:36:38:EE:B6:81:90:77:E9:70:6A:D2:97:E7:52:E4:CA:20:2:DD","subject_key_id": "A5:DA:E4:32:5C:9:25:B9:FB:A9:F2:41:58:F5:68:C3:E6:D9:CD:3","pem": "-----BEGIN CERTIFICATE-----\nMIIEbzCCA1egAwIBAgIUeyBJUKPbvrWcLA594SJdH56jSKgwDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl\naWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv\neUVkdTAeFw0yMTA4MjUxMjU5MDBaFw00MTA4MjAxMjU5MDBaMGQxCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK\nEwJvZDEMMAoGA1UECxMDb3BzMRYwFAYDVQQDEw1rOHMtYXBpc2VydmVyMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lt7u+Q6nfbQph8/xnSBf6Vq3XwU\nNxbpsZite/xSwUTKmF5yYEknu91bFOPxTuX5R4bmQI7gRXaTgdO8DQjCX0z2EoNq\ndZYioLzy/LShG1uD/4ReM43m0CFf0HH4voESWuogeAXln8knla7KaIv1WW9LPi9G\n3e/UUeL+mFZxGbhgOSs9ayBiiuHLVF45l0DH1HYx5hlCQAHXw3I8wUqkhxnRSMxa\n8JAB9n1d1cY/buPrkjC90b+AwwbLSJdnfJVYldc1UEXOdhciixcQxnAP2ng2zwTZ\nBCSTdtfwFa939z0w81Lu/VGzJSgEnwVoSgt/TdO0Kg/rwBZH2dGvBCq94QIDAQAB\no4IBGzCCARcwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwG\nA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKXa5DJcCSW5+6nyQVj1aMPm2c0DMB8GA1Ud\nIwQYMBaAFDA2OO62gZB36XBq0pfnUuTKIALdMIGhBgNVHREEgZkwgZaCEmt1YmVy\nbmV0ZXMuZGVmYXVsdIIWa3ViZXJuZXRlcy5kZWZhdWx0LnN2Y4Iea3ViZXJuZXRl\ncy5kZWZhdWx0LnN2Yy5jbHVzdGVygiRrdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNs\ndXN0ZXIubG9jYWyHBH8AAAGHBMCoAAGHBAoEBwqHBAoEBxWHBAoEBxaHBAoEBxcw\nDQYJKoZIhvcNAQELBQADggEBAJUCx5iT5fEejYcBH17pTvJhibrRh4BEa9G+8ieZ\nrmbI34yIdUvbobNttxVUDAQrloJ3tSy/TFaWij5CGnosqKG8D9iBGDTw6hrQhBLD\nqWkxWNPgHG5sTE7/UMg2psgMZ4+TPX5HKWGNBefk22EHK7trIxMHV8KVKn6Lajwl\nSQcM2f8+wpmscPXUV37WcaqKjnNbr/BZLP2/k7q2sapaZNykGTd4IXSQHWrcuh16\ndiG8Ap6Bej+9chwWIhiNLmGNUMs6mIoZFAjLR1vGaWXIVuqzkvPl6JKxzcKWVXma\nIA/E5IObHdWzrcfu7zugH3Vd0gzkIqu9Vc/IxOSWc+jloC4=\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]#
cfssl-certinfo 还可以用于查domain,比如
[root@hdss7-200 certs]# cfssl-certinfo -domain www.baidu.com
{"subject": {"common_name": "baidu.com","country": "CN","organization": "Beijing Baidu Netcom Science Technology Co., Ltd","organizational_unit": "service operation department","locality": "beijing","province": "beijing","names": ["CN","beijing","beijing","service operation department","Beijing Baidu Netcom Science Technology Co., Ltd","baidu.com"]},"issuer": {"common_name": "GlobalSign Organization Validation CA - SHA256 - G2", ##这个说明是授信的证书"country": "BE","organization": "GlobalSign nv-sa","names": ["BE","GlobalSign nv-sa","GlobalSign Organization Validation CA - SHA256 - G2"]},"serial_number": "35351242533515273557482149369","sans": ["baidu.com","baifubao.com","www.baidu.cn","www.baidu.com.cn","mct.y.nuomi.com","apollo.auto","dwz.cn","*.baidu.com","*.baifubao.com","*.baidustatic.com","*.bdstatic.com","*.bdimg.com","*.hao123.com","*.nuomi.com","*.chuanke.com","*.trustgo.com","*.bce.baidu.com","*.eyun.baidu.com","*.map.baidu.com","*.mbd.baidu.com","*.fanyi.baidu.com","*.baidubce.com","*.mipcdn.com","*.news.baidu.com","*.baidupcs.com","*.aipage.com","*.aipage.cn","*.bcehost.com","*.safe.baidu.com","*.im.baidu.com","*.baiducontent.com","*.dlnel.com","*.dlnel.org","*.dueros.baidu.com","*.su.baidu.com","*.91.com","*.hao123.baidu.com","*.apollo.auto","*.xueshu.baidu.com","*.bj.baidubce.com","*.gz.baidubce.com","*.smartapps.cn","*.bdtjrcv.com","*.hao222.com","*.haokan.com","*.pae.baidu.com","*.vd.bdstatic.com","*.cloud.baidu.com","click.hm.baidu.com","log.hm.baidu.com","cm.pos.baidu.com","wn.pos.baidu.com","update.pan.baidu.com"],"not_before": "2021-07-01T01:16:03Z","not_after": "2022-08-02T01:16:03Z","sigalg": "SHA256WithRSA","authority_key_id": "96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:0:40:E6:1A:7C","subject_key_id": "34:92:9A:2F:C:71:62:BC:3D:DB:23:6D:6D:3E:B3:D1:1D:11:9D:ED","pem": "-----BEGIN CERTIFICATE-----\nMIIKQDCCCSigAwIBAgIMcjncyb61yc15VBX5MA0GCSqGSIb3DQEBCwUAMGYxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH\nbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\nRzIwHhcNMjEwNzAxMDExNjAzWhcNMjIwODAyMDExNjAzWjCBpzELMAkGA1UEBhMC\nQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2JlaWppbmcxJTAjBgNVBAsT\nHHNlcnZpY2Ugb3BlcmF0aW9uIGRlcGFydG1lbnQxOTA3BgNVBAoTMEJlaWppbmcg\nQmFpZHUgTmV0Y29tIFNjaWVuY2UgVGVjaG5vbG9neSBDby4sIEx0ZDESMBAGA1UE\nAxMJYmFpZHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1HB\nm0ZQIHnU05khvgJXhkUKZn2K4iK1E4Kavx+DGar7z3MELQdMQ7ZbhVg37haeoI+n\nbwWDpMhbF3PNgNaTLjiHsGrdl0s3eLVh0zrTkjtH0Q0UBddlilbpPExNPFWq4Wed\n22Y5AfKpuo/LUjCzmKc+aEDv2WoTrPjXTENYqyFj8ugGgNL5lHurgVFWdcMssVoO\n66Mo/q7+1jLr00+OCUO/gdcYxULEtPaoH5w8d6+Fx2ebBcO/GS5sh/dJ4Xbdl5KV\nBmJ4kVW2WeI57eR2ps8WGoDQFxd1Q4b7pOf0MGgGzut6hQQsJC/FZq22H9rQ7gZH\nDljQqEm14sQvfaj1YQIDAQABo4IGqjCCBqYwDgYDVR0PAQH/BAQDAgWgMIGgBggr\nBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz\naWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI\nKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph\ndGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF\nBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn\ngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmds\nb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCA2EG\nA1UdEQSCA1gwggNUggliYWlkdS5jb22CDGJhaWZ1YmFvLmNvbYIMd3d3LmJhaWR1\nLmNughB3d3cuYmFpZHUuY29tLmNugg9tY3QueS5udW9taS5jb22CC2Fwb2xsby5h\ndXRvggZkd3ouY26CCyouYmFpZHUuY29tgg4qLmJhaWZ1YmFvLmNvbYIRKi5iYWlk\ndXN0YXRpYy5jb22CDiouYmRzdGF0aWMuY29tggsqLmJkaW1nLmNvbYIMKi5oYW8x\nMjMuY29tggsqLm51b21pLmNvbYINKi5jaHVhbmtlLmNvbYINKi50cnVzdGdvLmNv\nbYIPKi5iY2UuYmFpZHUuY29tghAqLmV5dW4uYmFpZHUuY29tgg8qLm1hcC5iYWlk\ndS5jb22CDyoubWJkLmJhaWR1LmNvbYIRKi5mYW55aS5iYWlkdS5jb22CDiouYmFp\nZHViY2UuY29tggwqLm1pcGNkbi5jb22CECoubmV3cy5iYWlkdS5jb22CDiouYmFp\nZHVwY3MuY29tggwqLmFpcGFnZS5jb22CCyouYWlwYWdlLmNugg0qLmJjZWhvc3Qu\nY29tghAqLnNhZmUuYmFpZHUuY29tgg4qLmltLmJhaWR1LmNvbYISKi5iYWlkdWNv\nbnRlbnQuY29tggsqLmRsbmVsLmNvbYILKi5kbG5lbC5vcmeCEiouZHVlcm9zLmJh\naWR1LmNvbYIOKi5zdS5iYWlkdS5jb22CCCouOTEuY29tghIqLmhhbzEyMy5iYWlk\ndS5jb22CDSouYXBvbGxvLmF1dG+CEioueHVlc2h1LmJhaWR1LmNvbYIRKi5iai5i\nYWlkdWJjZS5jb22CESouZ3ouYmFpZHViY2UuY29tgg4qLnNtYXJ0YXBwcy5jboIN\nKi5iZHRqcmN2LmNvbYIMKi5oYW8yMjIuY29tggwqLmhhb2thbi5jb22CDyoucGFl\nLmJhaWR1LmNvbYIRKi52ZC5iZHN0YXRpYy5jb22CESouY2xvdWQuYmFpZHUuY29t\nghJjbGljay5obS5iYWlkdS5jb22CEGxvZy5obS5iYWlkdS5jb22CEGNtLnBvcy5i\nYWlkdS5jb22CEHduLnBvcy5iYWlkdS5jb22CFHVwZGF0ZS5wYW4uYmFpZHUuY29t\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSW3mHx\nvRwWKVMcwMx9O4MAQOYafDAdBgNVHQ4EFgQUNJKaLwxxYrw92yNtbT6z0R0Rne0w\nggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1ACJFRQdZVSRWlj+hL/H3bYbgIyZj\nrcBLf13Gg1xu4g8CAAABel+jJjkAAAQDAEYwRAIgIPt5kWXsm47PrqSljzkXx3xD\nt0xLC/fIIWbRTrvyJFUCIDxgcy89XYHRxW/WLY/pBDAv1fnK5MpocUYZi7c4uvDl\nAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF6X6MmKgAABAMA\nRzBFAiEAzl3C9AQOsbfgoBe61Dnc72Fa+8X3MmImCrsG6kb2f8oCIGeDQqgTEHzx\nbjQzGKr4nnjBDPkVpljrV4SUc3n5ysgvAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhw\nJQgXL6OqHQcT0wwAAAF6X6MmSwAABAMARzBFAiB5KnN89d/LeQheoojaviS16dad\n95CR2Wr8pZWVamxDfgIhAL+3MqWq+E+8mtOIWDyebnH2nS+mm91pmO1mA5CSyiKR\nMA0GCSqGSIb3DQEBCwUAA4IBAQA5igBJkkgWWN4+nM6DORuxrJqV+Vb/fC2C06g2\nW+bPff1KmHJI8rf2UtQLCSyiXDNH4pqbPpe92LoACcmuHrO83uge4d7ZBfipsD3t\nuXqyqTyTTgeM8F7Mi/N1M25VguWZQp+cgVT7rc4oDDhCYJVo4U1fgy2kMnbYURwd\nZrecrR8Z+UDkfHRN2yq76vMkTek4dyFSPP0egR6QAISuyGb844F4kdBDeJkqpIUx\nPJ9r70ieHjlNUQe3U03/4hOr48ptfCH24voic/RlcXV32giO9y1b5gHJ95YMXy2o\n1z5MXsKSeOQbTpsoNp8Yd/K79WpkcXgP6tVofxFXtP8PsORz\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]#
kubelet的那个值应该是一样的
[root@hdss7-21 ~]# cd /opt/kubernetes/server/bin/conf/
[root@hdss7-21 conf]# md5sum kubelet.kubeconfig
ca1a0da18e3500dc9404ea4e67090066 kubelet.kubeconfig
[root@hdss7-22 ~]# cd /opt/kubernetes/server/bin/conf/
[root@hdss7-22 conf]# md5sum kubelet.kubeconfig
ca1a0da18e3500dc9404ea4e67090066 kubelet.kubeconfig
如果你新签发的证书,难么ca不能变,kubelet.kubeconfig可以有多套,没有问题,因为之前我们通过4步将证书都融入进去了
用base64去返解出来证书,
首先需要找到kubelet.kubeconfig那个文件在21上
[root@hdss7-22 conf]# cat kubelet.kubeconfig
将下面框住的复制出来
然后在200上进行解码,返回出直接需要的证书
这样有了证书,我们就可以部署很多自己需要的想部署的服务了,比如prometheus,装spine,都需要时证书的
[root@hdss7-200 certs]# echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR3akNDQXFxZ0F3SUJBZ0lVYmFmYmk0MG5GRWs5QUpNM25vanpXVHNhdDBZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lERUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjJKbGFXcHBibWN4RURBT0JnTlZCQWNUQjJKbAphV3BwYm1jeEN6QUpCZ05WQkFvVEFtOWtNUXd3Q2dZRFZRUUxFd052Y0hNeEVqQVFCZ05WQkFNVENVOXNaR0p2CmVVVmtkVEFlRncweU1UQTRNalV4TWpVM01EQmFGdzAwTVRBNE1qQXhNalUzTURCYU1GOHhDekFKQmdOVkJBWVQKQWtOT01SQXdEZ1lEVlFRSUV3ZGlaV2xxYVc1bk1SQXdEZ1lEVlFRSEV3ZGlaV2xxYVc1bk1Rc3dDUVlEVlFRSwpFd0p2WkRFTU1Bb0dBMVVFQ3hNRGIzQnpNUkV3RHdZRFZRUURFd2hyT0hNdGJtOWtaVENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUQvd0xmZHd3UzgxQnNWR1JYejVYNEU0Y3dSTGNBSTZ5Rm4KcTM0S1EwVjJRNGptRzR3d2d5UmR4TXF2YjQwTTI3b0trNDZ5NkFEelk3bXJRNGtQSlVONjNISmZoOVlNN05KVgpZaUEwekZ2VC9ONFdMSXZTMmxIWVEvZ05BYXFwdnRlUU42eWFFVmlxVGFIanQ5T3dQTnJkL1lhVm1NY0hMTFZWCk5rYVlQYm9uT2Z1SGJjTDc5WVNXNUZEN3RiTHU1Q2JjYld2SWF6KzNlUEoyV1g4UjcwYndhaDFJQWlSbzZiNlYKcDhiSmZaZVBjTUhZMndxVWJRV3dOTFFySlJEdVNiR3VGcG1zQjBheDUxMjN3SWJWYUV6TUFXeEZ2aHBVcVZ0cQp2NDJzMElYWW9hWGtSMUZ0U0RjdVhZYjBPNVNnUE41c0c1WFdrMHg1Q2JUMWNqQ1pMQnNDQXdFQUFhTjFNSE13CkRnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUMKTUFBd0hRWURWUjBPQkJZRUZKVW1JZWViKzVobUh3YlBKbUFoUlNicnh4dmRNQjhHQTFVZEl3UVlNQmFBRkRBMgpPTzYyZ1pCMzZYQnEwcGZuVXVUS0lBTGRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNScGZMWjZmOTBrR29MCituaHUzeVNwYkM3bVpkdXpFdlh3UE80ZElHcXdSN1VQMlNlYlcvTlMvQ2hteFhmWTRDR2w2NFF3endYbno2NHYKTVEyV3BkbG0xb3BXTDE0L0NMQ3dHU3NsTmlWRlh3bXJOUW90WjJMRDJsY0RQM01JQ0hyWGczMTlTekxZazVMbgptUjNkM24wWlZHMFhKTlFsNlQ3WC9USGhVMHRldktjdGJyUkdJRTU3bzY4RmM5S3l3V09ZeXhITjJJdkZvdzlOCjFkbjBRbjI3RWQwRUhkWDRKSXlwUHNlNzA5amVCd0haczRhT3lqUmZhV1F0ejFlSnlJa0NSc0U5RmlPWCtJVHcKMzZiNE4zbERhdEM0a0xIODB0cHcwVUFJRHpkSTFjd0xQM0ZmcW02dWFsUnkwc1p3bzhIMG90amExQnUrdEh2Ngo4NUUxeFFiTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" |base64 -d > 123.pem
[root@hdss7-200 certs]# cat 123.pem
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIUbafbi40nFEk9AJM3nojzWTsat0YwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl
aWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv
eUVkdTAeFw0yMTA4MjUxMjU3MDBaFw00MTA4MjAxMjU3MDBaMF8xCzAJBgNVBAYT
AkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK
EwJvZDEMMAoGA1UECxMDb3BzMREwDwYDVQQDEwhrOHMtbm9kZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMD/wLfdwwS81BsVGRXz5X4E4cwRLcAI6yFn
q34KQ0V2Q4jmG4wwgyRdxMqvb40M27oKk46y6ADzY7mrQ4kPJUN63HJfh9YM7NJV
YiA0zFvT/N4WLIvS2lHYQ/gNAaqpvteQN6yaEViqTaHjt9OwPNrd/YaVmMcHLLVV
NkaYPbonOfuHbcL79YSW5FD7tbLu5CbcbWvIaz+3ePJ2WX8R70bwah1IAiRo6b6V
p8bJfZePcMHY2wqUbQWwNLQrJRDuSbGuFpmsB0ax5123wIbVaEzMAWxFvhpUqVtq
v42s0IXYoaXkR1FtSDcuXYb0O5SgPN5sG5XWk0x5CbT1cjCZLBsCAwEAAaN1MHMw
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFJUmIeeb+5hmHwbPJmAhRSbrxxvdMB8GA1UdIwQYMBaAFDA2
OO62gZB36XBq0pfnUuTKIALdMA0GCSqGSIb3DQEBCwUAA4IBAQCRpfLZ6f90kGoL
+nhu3ySpbC7mZduzEvXwPO4dIGqwR7UP2SebW/NS/ChmxXfY4CGl64QwzwXnz64v
MQ2Wpdlm1opWL14/CLCwGSslNiVFXwmrNQotZ2LD2lcDP3MICHrXg319SzLYk5Ln
mR3d3n0ZVG0XJNQl6T7X/THhU0tevKctbrRGIE57o68Fc9KywWOYyxHN2IvFow9N
1dn0Qn27Ed0EHdX4JIypPse709jeBwHZs4aOyjRfaWQtz1eJyIkCRsE9FiOX+ITw
36b4N3lDatC4kLH80tpw0UAIDzdI1cwLP3Ffqm6ualRy0sZwo8H0otja1Bu+tHv6
85E1xQbO
-----END CERTIFICATE-----
[root@hdss7-200 certs]# cfssl-
cfssl-certinfo cfssl-json
[root@hdss7-200 certs]# cfssl-certinfo -cert 123.pem
{"subject": {"common_name": "k8s-node","country": "CN","organization": "od","organizational_unit": "ops","locality": "beijing","province": "beijing","names": ["CN","beijing","beijing","od","ops","k8s-node"]},"issuer": {"common_name": "OldboyEdu","country": "CN","organization": "od","organizational_unit": "ops","locality": "beijing","province": "beijing","names": ["CN","beijing","beijing","od","ops","OldboyEdu"]},"serial_number": "626023343545445238144394393419197854736744888134","not_before": "2021-08-25T12:57:00Z","not_after": "2041-08-20T12:57:00Z","sigalg": "SHA256WithRSA","authority_key_id": "30:36:38:EE:B6:81:90:77:E9:70:6A:D2:97:E7:52:E4:CA:20:2:DD","subject_key_id": "95:26:21:E7:9B:FB:98:66:1F:6:CF:26:60:21:45:26:EB:C7:1B:DD","pem": "-----BEGIN CERTIFICATE-----\nMIIDwjCCAqqgAwIBAgIUbafbi40nFEk9AJM3nojzWTsat0YwDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl\naWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv\neUVkdTAeFw0yMTA4MjUxMjU3MDBaFw00MTA4MjAxMjU3MDBaMF8xCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK\nEwJvZDEMMAoGA1UECxMDb3BzMREwDwYDVQQDEwhrOHMtbm9kZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAMD/wLfdwwS81BsVGRXz5X4E4cwRLcAI6yFn\nq34KQ0V2Q4jmG4wwgyRdxMqvb40M27oKk46y6ADzY7mrQ4kPJUN63HJfh9YM7NJV\nYiA0zFvT/N4WLIvS2lHYQ/gNAaqpvteQN6yaEViqTaHjt9OwPNrd/YaVmMcHLLVV\nNkaYPbonOfuHbcL79YSW5FD7tbLu5CbcbWvIaz+3ePJ2WX8R70bwah1IAiRo6b6V\np8bJfZePcMHY2wqUbQWwNLQrJRDuSbGuFpmsB0ax5123wIbVaEzMAWxFvhpUqVtq\nv42s0IXYoaXkR1FtSDcuXYb0O5SgPN5sG5XWk0x5CbT1cjCZLBsCAwEAAaN1MHMw\nDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC\nMAAwHQYDVR0OBBYEFJUmIeeb+5hmHwbPJmAhRSbrxxvdMB8GA1UdIwQYMBaAFDA2\nOO62gZB36XBq0pfnUuTKIALdMA0GCSqGSIb3DQEBCwUAA4IBAQCRpfLZ6f90kGoL\n+nhu3ySpbC7mZduzEvXwPO4dIGqwR7UP2SebW/NS/ChmxXfY4CGl64QwzwXnz64v\nMQ2Wpdlm1opWL14/CLCwGSslNiVFXwmrNQotZ2LD2lcDP3MICHrXg319SzLYk5Ln\nmR3d3n0ZVG0XJNQl6T7X/THhU0tevKctbrRGIE57o68Fc9KywWOYyxHN2IvFow9N\n1dn0Qn27Ed0EHdX4JIypPse709jeBwHZs4aOyjRfaWQtz1eJyIkCRsE9FiOX+ITw\n36b4N3lDatC4kLH80tpw0UAIDzdI1cwLP3Ffqm6ualRy0sZwo8H0otja1Bu+tHv6\n85E1xQbO\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]# 证书需要换的时候也是需要原来证书里面的一些文件内容的
课程回顾图
kubectl命令–陈述式管理方式
管理K8S核心资源的三种基本方法∶
· 陈述式管理方法–主要依赖命令行CLI工具进行管理
· 声明式管理方法-主要依赖统一资源配置清单( manifest )进行管理
. GUI式管理方法-主要依赖图形化操作界面( web页面)进行管理
1、查看名称空间
[root@hdss7-21 conf]# kubectl get ns
NAME STATUS AGE
default Active 2d13h
kube-node-lease Active 2d13h
kube-public Active 2d13h
kube-system Active 2d13h1.1 查询某个命名空间下的所有资源
[root@hdss7-21 conf]# kubectl get all -n default #这个式默认的,可不写
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-djjjj 1/1 Running 0 35h
pod/nginx-ds-qwxxr 1/1 Running 0 35hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d13hNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 0 0 0 0 0 <none> 35h2、创建删除名称空间
[root@hdss7-21 conf]# kubectl create ns app
namespace/app created
[root@hdss7-21 conf]# kubectl get ns |grep app
app Active 15s
[root@hdss7-21 conf]# kubectl delete ns app
namespace "app" deleted
[root@hdss7-21 conf]# kubectl get ns |grep app
[root@hdss7-21 conf]# 3、管理deployment资源
3.1 创建deployment资源
[root@hdss7-21 conf]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
[root@hdss7-21 conf]# kubectl get deploy -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 2m12s
也可以用扩展的方式去查看资源的情况
[root@hdss7-21 conf]# kubectl get po -owide -n kube-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-mmgpr 1/1 Running 0 3m11s 172.7.22.3 hdss7-22.host.com <none> <none>
[root@hdss7-21 conf]#
查看详情信息查看详情信息
[root@hdss7-21 conf]# kubectl describe deploy -nkube-public nginx-dp
Name: nginx-dp #名称
Namespace: kube-public #名称空间
CreationTimestamp: Sat, 28 Aug 2021 10:54:06 +0800 #创建时间
Labels: app=nginx-dp #默认标签
Annotations: deployment.kubernetes.io/revision: 1 #注解时第一版
Selector: app=nginx-dp #标签选择器
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable #副本集需求
StrategyType: RollingUpdate #默认发布方式
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template: #启动pod的模板Labels: app=nginx-dpContainers:nginx:Image: harbor.od.com/public/nginx:v1.7.9Port: <none>Host Port: <none>Environment: <none>Mounts: <none>Volumes: <none>
Conditions:Type Status Reason---- ------ ------Available True MinimumReplicasAvailableProgressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal ScalingReplicaSet 9m34s deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
[root@hdss7-21 conf]# [root@hdss7-21 conf]# kubectl describe po -nkube-public nginx-dp-5dfc689474-mmgpr
Name: nginx-dp-5dfc689474-mmgpr 名称
Namespace: kube-public 名称空间
Priority: 0
Node: hdss7-22.host.com/10.4.7.22 所在节点
Start Time: Sat, 28 Aug 2021 10:54:06 +0800 创建时间
Labels: app=nginx-dp 标签pod-template-hash=5dfc689474
Annotations: <none> 注解
Status: Running
IP: 172.7.22.3
Controlled By: ReplicaSet/nginx-dp-5dfc689474
Containers:nginx:Container ID: docker://6bbb65588e966026d57cce7e5d4fe930a8cb25f04efc5266c6e627ebed058c77Image: harbor.od.com/public/nginx:v1.7.9Image ID: docker-pullable://harbor.od.com/public/nginx@sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2Port: <none>Host Port: <none>State: RunningStarted: Sat, 28 Aug 2021 10:54:07 +0800Ready: TrueRestart Count: 0Environment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from default-token-qn5hd (ro)
Conditions:Type StatusInitialized True Ready True ContainersReady True PodScheduled True
Volumes:default-token-qn5hd:Type: Secret (a volume populated by a Secret)SecretName: default-token-qn5hdOptional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300snode.kubernetes.io/unreachable:NoExecute for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 5m35s default-scheduler Successfully assigned kube-public/nginx-dp-5dfc689474-mmgpr to hdss7-22.host.comNormal Pulled 5m34s kubelet, hdss7-22.host.com Container image "harbor.od.com/public/nginx:v1.7.9" already present on machineNormal Created 5m34s kubelet, hdss7-22.host.com Created container nginxNormal Started 5m34s kubelet, hdss7-22.host.com Started container nginx可以去查看下镜像的情况
[root@hdss7-21 conf]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.od.com/public/nginx v1.7.9 84581e99d807 6 years ago 91.7MB
harbor.od.com/public/pause latest f9d5de079539 7 years ago 240kB进入pod资源
因为dockers有一个哈希值所以直接用docker exec -it进入不需要用鼠标也好
[root@hdss7-21 conf]# kubectl exec -it -nkube-public nginx-dp-5dfc689474-mmgpr bash
root@nginx-dp-5dfc689474-mmgpr:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:07:16:03 brd ff:ff:ff:ff:ff:ffinet 172.7.22.3/24 brd 172.7.22.255 scope global eth0valid_lft forever preferred_lft forever
root@nginx-dp-5dfc689474-mmgpr:/# hostname
nginx-dp-5dfc689474-mmgpr
root@nginx-dp-5dfc689474-mmgpr:/# exit
exit
[root@hdss7-21 conf]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f04b8d460fb9 harbor.od.com/public/nginx "nginx -g 'daemon of…" 36 hours ago Up 36 hours k8s_my-nginx_nginx-ds-djjjj_default_4085bb27-1166-4110-a44e-dc368e6162f3_0
edebc4915991 harbor.od.com/public/pause:latest "/pause" 37 hours ago Up 37 hours k8s_POD_nginx-ds-djjjj_default_4085bb27-1166-4110-a44e-dc368e6162f3_0
[root@hdss7-21 conf]# docker exec -it fo4b bash
Error: No such container: fo4b
[root@hdss7-21 conf]# docker exec -it f04b bash
root@nginx-ds-djjjj:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:07:15:02 brd ff:ff:ff:ff:ff:ffinet 172.7.21.2/24 brd 172.7.21.255 scope global eth0valid_lft forever preferred_lft forever
root@nginx-ds-djjjj:/# exit
exit删除pod资源(重启)
这个有个小实验可以查看下pod被删除的过程
另开一个窗口 也可以加强制删除–force --grace-period=0
[root@hdss7-21 ~]# watch -n 1 'kubectl describe deploy nginx-dp -n kube-public |grep -C 5 Event'
在另一个窗口执行重启-----会发现名称变了
[root@hdss7-21 conf]# kubectl delete po -n kube-public nginx-dp-5dfc689474-fqv4h
pod "nginx-dp-5dfc689474-fqv4h" deleted
[root@hdss7-21 conf]# 如果你有兴趣可以去看下源码
https://github.com/kubernetes/kubernetes/search?q=scheduler
https://github.com/kubernetes/kubernetes/blob/851b7276a5deef9b5ee78bed59e5226d591efaf9/test/integration/scheduler/scheduler_test.go
删除deployment
[root@hdss7-21 conf]# kubectl delete deploy -nkube-public nginx-dp
deployment.extensions "nginx-dp" deleted
[root@hdss7-21 conf]# kubectl get deploy -nkube-public
No resources found.管理service资源
创建service资源
[root@hdss7-21 conf]# kubectl create deploy nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 conf]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-864j6 1/1 Running 0 15sNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 15sNAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 15s[root@hdss7-21 conf]# kubectl expose deploy nginx-dp --port=80 -n kube-public
service/nginx-dp exposed
[root@hdss7-21 conf]# kubectl get all -n kube-public -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-dp-5dfc689474-864j6 1/1 Running 0 113s 172.7.21.3 hdss7-21.host.com <none> <none>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-dp ClusterIP 192.168.62.185 <none> 80/TCP 23s app=nginx-dpNAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/nginx-dp 1/1 1 1 113s nginx harbor.od.com/public/nginx:v1.7.9 app=nginx-dpNAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/nginx-dp-5dfc689474 1 1 1 113s nginx harbor.od.com/public/nginx:v1.7.9 app=nginx-dp,pod-template-hash=5dfc689474[root@hdss7-21 conf]# curl 192.168.62.185:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@hdss7-21 conf]#
[root@hdss7-21 conf]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq-> 10.4.7.21:6443 Masq 1 0 0 -> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.62.185:80 nq-> 172.7.21.3:80 Masq 1 0 1
[root@hdss7-21 conf]#
也可以用describe
[root@hdss7-21 conf]# kubectl describe svc nginx-dp -nkube-public
Name: nginx-dp
Namespace: kube-public
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 192.168.62.185 ##集群IP,不对外提供服务
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.7.21.3:80
Session Affinity: None
Events: <none>
[root@hdss7-21 conf]# ping 192.168.62.185
PING 192.168.62.185 (192.168.62.185) 56(84) bytes of data.
64 bytes from 192.168.62.185: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 192.168.62.185: icmp_seq=2 ttl=64 time=0.088 ms
64 bytes from 192.168.62.185: icmp_seq=3 ttl=64 time=0.100 ms
陈述式资源管理方法小结:
. Kubernetes集群管理集群资源的唯一入口是通过相应的方法调用apiserver的接口
- kubectl是官方的CLI命令行工具,用于与apiserver进行通信,将用户在命令行输
入的命令,组织并转化为apiserver雠识别的信息,进而实现管理K8S各种资源的—种有效途径
- kubectl的命令大全
- kubectl --help
. http://docs.kubernetes.org.cn
·陈述式资源管理方法可以满足90%以上的资源管理需求,但它的缺点也很明显
· 命令冗长、复杂、难以记忆
· 特定场景下,无法实现管理需求
· 对资源的增、删、查操作比较容易,改就很痛苦
命令行不支持daemonset的方式去创建server
[root@hdss7-21 conf]# kubectl get daemonset
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
nginx-ds 2 2 2 2 2 <none> 37h
[root@hdss7-21 conf]# kubectl expose daemonset nginx-ds --port=880
error: cannot expose a DaemonSet.extensions
[root@hdss7-21 conf]# 声明式资源管理
声明式资源管理方法︰
.声明式资源管理方法依赖于—资源配置清单( yamljson )·查看资源配置清单的方法
~]# kubectl get svc nginx-dp -o vaml -n kube-public·解释资源配置清单
~]# kubectl explain service·创建资源配置清单
~]# vi/root/nginx-ds-svc.yaml·应用资源配置清单
~]# kubectl apply -f nginx-ds-svc.yaml·修改资源配置清单并应用
·在线修改
·离线修改·删除资源配置清单
·陈述式删除·声明式删除
————————————
可以去查看资源的pod的yaml文件,即是获取资源配置清单
[root@hdss7-21 conf]# kubectl get po -nkube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-864j6 1/1 Running 0 16m
[root@hdss7-21 conf]# kubectl get po nginx-dp-5dfc689474-864j6 -oyaml -nkube-public
apiVersion: v1
kind: Pod
metadata:creationTimestamp: "2021-08-28T03:34:52Z"generateName: nginx-dp-5dfc689474-labels:app: nginx-dppod-template-hash: 5dfc689474name: nginx-dp-5dfc689474-864j6namespace: kube-publicownerReferences:- apiVersion: apps/v1blockOwnerDeletion: truecontroller: truekind: ReplicaSetname: nginx-dp-5dfc689474uid: 07dac01c-fc09-4615-9551-fa0d7399151aresourceVersion: "28992"selfLink: /api/v1/namespaces/kube-public/pods/nginx-dp-5dfc689474-864j6uid: 7ebe9cc1-3673-4c71-8097-accf4c5ae85d
spec:containers:- image: harbor.od.com/public/nginx:v1.7.9imagePullPolicy: IfNotPresentname: nginxresources: {}terminationMessagePath: /dev/termination-logterminationMessagePolicy: FilevolumeMounts:- mountPath: /var/run/secrets/kubernetes.io/serviceaccountname: default-token-qn5hdreadOnly: truednsPolicy: ClusterFirstenableServiceLinks: truenodeName: hdss7-21.host.compriority: 0restartPolicy: AlwaysschedulerName: default-schedulersecurityContext: {}serviceAccount: defaultserviceAccountName: defaultterminationGracePeriodSeconds: 30tolerations:- effect: NoExecutekey: node.kubernetes.io/not-readyoperator: ExiststolerationSeconds: 300- effect: NoExecutekey: node.kubernetes.io/unreachableoperator: ExiststolerationSeconds: 300volumes:- name: default-token-qn5hdsecret:defaultMode: 420secretName: default-token-qn5hd
status:conditions:- lastProbeTime: nulllastTransitionTime: "2021-08-28T03:34:52Z"status: "True"type: Initialized- lastProbeTime: nulllastTransitionTime: "2021-08-28T03:34:53Z"status: "True"type: Ready- lastProbeTime: nulllastTransitionTime: "2021-08-28T03:34:53Z"status: "True"type: ContainersReady- lastProbeTime: nulllastTransitionTime: "2021-08-28T03:34:52Z"status: "True"type: PodScheduledcontainerStatuses:- containerID: docker://4f8ab39b0b1b831dc7e78862b996ddb0f24c50501199c6554712c02bfb2c7143image: harbor.od.com/public/nginx:v1.7.9imageID: docker-pullable://harbor.od.com/public/nginx@sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2lastState: {}name: nginxready: truerestartCount: 0state:running:startedAt: "2021-08-28T03:34:53Z"hostIP: 10.4.7.21phase: RunningpodIP: 172.7.21.3qosClass: BestEffortstartTime: "2021-08-28T03:34:52Z"[root@hdss7-21 conf]# kubectl get svc nginx-dp -oyaml -n kube-public
apiVersion: v1
kind: Service
metadata:creationTimestamp: "2021-08-28T03:36:22Z"labels:app: nginx-dpname: nginx-dpnamespace: kube-publicresourceVersion: "29124"selfLink: /api/v1/namespaces/kube-public/services/nginx-dpuid: f9b1fa3c-1ad3-4955-8874-2e380b9b7d40
spec:clusterIP: 192.168.62.185ports:- port: 80protocol: TCPtargetPort: 80selector:app: nginx-dpsessionAffinity: Nonetype: ClusterIP
status:loadBalancer: {}我们若是不指定那一段是干什么用的可以去查帮助,看是做啥的如
- explain
[root@hdss7-21 conf]# kubectl explain service.metadata
KIND: Service
VERSION: v1RESOURCE: metadata <Object>DESCRIPTION:Standard object's metadata. More info:https://git.k8s.io/community/contributors/devel/api-conventions.md#metadataObjectMeta is metadata that all persisted resources must have, whichincludes all objects users must create.
.....
创建声明式资源配置清单
[root@hdss7-21 ~]# vi nginx-ds-svc.yaml
[root@hdss7-21 ~]# cat nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:labels:app: nginx-dsname: nginx-dsnamespace: default
spec:ports:- port: 80protocol: TCPtargetPort: 80selector:app: nginx-dstype: ClusterIP
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
nginx-ds-djjjj 1/1 Running 0 37h
nginx-ds-qwxxr 1/1 Running 0 37h
[root@hdss7-21 ~]# kubectl get po -n default
NAME READY STATUS RESTARTS AGE
nginx-ds-djjjj 1/1 Running 0 37h
nginx-ds-qwxxr 1/1 Running 0 37h
[root@hdss7-21 ~]# kubectl get svc -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d14h
nginx-ds ClusterIP 192.168.248.208 <none> 80/TCP 70s
[root@hdss7-21 ~]# kubectl get nginx-ds -oyaml
error: the server doesn't have a resource type "nginx-ds"
[root@hdss7-21 ~]# kubectl get svc nginx-ds -oyaml ##可以看到就是按要求创建的
apiVersion: v1
kind: Service
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"nginx-ds"},"name":"nginx-ds","namespace":"default"},"spec":{"ports":[{"port":80,"protocol":"TCP","targetPort":80}],"selector":{"app":"nginx-ds"},"type":"ClusterIP"}}creationTimestamp: "2021-08-28T03:58:41Z"labels:app: nginx-dsname: nginx-dsnamespace: defaultresourceVersion: "31050"selfLink: /api/v1/namespaces/default/services/nginx-dsuid: af58d4b6-f302-44ce-80e4-672e1b961da6
spec:clusterIP: 192.168.248.208ports:- port: 80protocol: TCPtargetPort: 80selector:app: nginx-dssessionAffinity: Nonetype: ClusterIP
status:loadBalancer: {}
[root@hdss7-21 ~]# 更改声明式资源配置清单的例子
[root@hdss7-21 ~]# docker login docker.io/yunduan666/nginx:curl
Username: yunduan666
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@hdss7-21 ~]# docker pull yunduan666/nginx:curl
curl: Pulling from yunduan666/nginx
f2aa67a397c4: Pull complete
e3eaf3d87fe0: Pull complete
38cb13c1e4c9: Pull complete
b0621afe2f29: Pull complete
Digest: sha256:7f17396b373f684affdfc0c352a6690229cda5bbda23f7237d17b971e3f70a55
Status: Downloaded newer image for yunduan666/nginx:curl
docker.io/yunduan666/nginx:curl
[root@hdss7-21 ~]# docker images |grep curl
yunduan666/nginx curl 1b933b5c419a 3 months ago 136MB
[root@hdss7-21 ~]# docker tag 1b933b5c419a harbor.od.com/public/nginx:curl
Push an image or a repository to a registry
[root@hdss7-21 ~]# docker push harbor.od.com/public/nginx:curl
The push refers to repository [harbor.od.com/public/nginx]
7ee5aaf0841a: Pushed
4258832b2570: Pushed
683a28d1d7fd: Pushed
d626a8ad97a1: Pushed
curl: digest: sha256:7f17396b373f684affdfc0c352a6690229cda5bbda23f7237d17b971e3f70a55 size: 1160
[root@hdss7-21 ~]# vi nginx-ds.yaml
[root@hdss7-21 ~]# cat nginx-ds.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:name: nginx-ds
spec:template:metadata:labels:app: nginx-dsspec:containers:- name: my-nginximage: harbor.od.com/public/nginx:curl ##更改后进行更新ports:- containerPort: 80
[root@hdss7-21 ~]#
[root@hdss7-21 ~]# kubectl apply -f nginx-ds.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
daemonset.extensions/nginx-ds configured
[root@hdss7-21 ~]# kubectl describe ds nginx-ds
Name: nginx-ds
Selector: app=nginx-ds
Node-Selector: <none>
Labels: app=nginx-ds
Annotations: deprecated.daemonset.template.generation: 2kubectl.kubernetes.io/last-applied-configuration:{"apiVersion":"extensions/v1beta1","kind":"DaemonSet","metadata":{"annotations":{},"name":"nginx-ds","namespace":"default"},"spec":{"templ...
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 0
Number of Nodes Scheduled with Available Pods: 2
Number of Nodes Misscheduled: 0
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:Labels: app=nginx-dsContainers:my-nginx:Image: harbor.od.com/public/nginx:curl ## 查看的出已经式最新的了Port: 80/TCPHost Port: 0/TCPEnvironment: <none>Mounts: <none>Volumes: <none>
Events: <none>
[root@hdss7-21 ~]#
注意:为了实验最好还是去改回v1.7.9
声明式删除资源配置清单可以用
[root@hdss7-21 ~]# kubectl delete -f nginx-ds-svc.yamlday2-----k8s集群管理常用知识点(1)相关推荐
- 三层架构项目如何发布_以k8s集群管理为例,大牛教你如何设计优秀项目架构
架构设计一直是技术人的关注热点,如何设计一个更优的架构对于实际的业务来说至关重要.本文腾讯云专家将从自身从事的一个k8s集群管理项目为例,重点剖析在项目开发过程中的三次架构演进历程,即针对项目最早版本 ...
- 工商银行:应用多k8s集群管理及容灾实践
摘要:在华为开发者大会(Cloud)2021上,工商银行Paas云平台架构师沈一帆发表了<工商银行多k8s集群管理及容灾实践>主题演讲,分享了工商银行使用多云容器编排引擎Karmada的落 ...
- dao层如何调用对象_以k8s集群管理为例,大牛教你如何设计优秀项目架构
架构设计一直是技术人的关注热点,如何设计一个更优的架构对于实际的业务来说至关重要.本文腾讯云专家将从自身从事的一个k8s集群管理项目为例,重点剖析在项目开发过程中的三次架构演进历程,即针对项目最早版本 ...
- k8s集群管理(一)
cfssl 工具 cfssl-certinfo 验证证书信息 用法: cfssl-certinfo -cert xxx.pem cfssl-certinfo -domain www.baidu.com ...
- 火山引擎李玉光:字节跳动大规模K8s集群管理实践
嘉宾 | 李玉光 整理 | 贾凯强 出品 | CSDN云原生 2022年5月31日,在CSDN云原生系列在线峰会第6期"K8s大规模应用和深度实践峰会",火山引擎资深云原生架构 ...
- 以k8s集群管理为例,大牛教你如何设计优秀项目架构
一.前言 架构设计一直是技术人的关注热点,如何设计一个更优的架构对于实际的业务来说至关重要.本文腾讯云专家将从自身从事的一个k8s集群管理项目为例,重点剖析在项目开发过程中的三次架构演进历程,即针对项 ...
- 备战双11 蚂蚁金服10k规模k8s集群管理设计分享笔记
分享嘉宾:张勇(花名:沧漠)蚂蚁金服技术专家,主要负责蚂蚁金服 PaaS 平台.K8s 集群管理系统设计.长期关注云原生领域开源社区,目前聚焦于如何增强 Kubernetes Node 能力和提升集群 ...
- k8s开发基础-WeopsWay自动化运维平台之多k8s集群管理
多种公有云以及本地虚拟机.k8s容器环境等,平时管理起来也不是很方便.想找一个免费的并且适合自己的多云管理平台又很难,这也是决定自己扣钉的初衷,从运维的角度思考开发,从开发的角度思考运维.疫情的这两年 ...
- 强大多云混合多K8S集群管理平台Rancher入门实战
文章目录 概述 定义 为何使用 其他产品 安装 简述 规划 基础环境 Docker安装 Rancher安装 创建用户 创建集群 添加Node节点 配置kubectl 创建项目和名称空间 发布应用 偏好 ...
最新文章
- 国内能打自动驾驶出租车了!行驶平稳还免费,首个量产车型开放道路试运营...
- 收到贺卡和礼物的处理方法
- 接口自动化测试系列(三):深入分析HTTP状态码400
- 关于libtorrent库的安装
- 13商软 《软件工程》课程设计
- 从 200 多篇顶会论文看预训练语言模型研究进展
- 274. H-Index
- RabbitMQ消息队列集群
- LAMP让开放源代码软件更安全 PHP是例外
- 如何制作学术Poster?
- 这届年轻人为什么都不爱看电视了?
- 正运动技术 运动控制卡应用开发教程之C#
- Maya---之viewcube的寻找
- C#调用dll报错:无法加载dll,找不到指定模块
- 五面阿里拿下飞猪事业部offer,先睹为快
- crypto加密解密
- 自媒体人如何在千氪实现月收入过万?
- python容器结构 —— list - 列表篇 看这一篇就够了!
- perl脚本语言学习
- Luminati是做什么的,住宅代理表现如何?
热门文章
- 整数转罗马数字(C++)
- 20175208 实验三《敏捷开发与XP实践》_实验报告
- Android studio制作简单微信界面
- vue项目部署新浪云
- Selenium打开浏览器闪退问题(浏览器驱动是对应的前提)-解决办法
- Linux下录屏软件obs安装
- 【Excel函数】相对定位与绝对定位
- 张柏芝、谢霆锋、陈冠希近半年行踪关系图,这个图很厉害,可以作为思维导图的工具...
- kali下载速度慢_kali Linux 2020.1最新安装教程,绝对能帮你安装好!不是root、没有桌面、中文乱码、下载太慢、ssh链接等问题!...
- Linux 内核调试 四:qemu-system-arm功能选项整理