day2-----k8s集群管理常用知识点(1)
linux-dash
A beautiful web dashboard for Linux
项目地址:https://gitcode.com/gh_mirrors/li/linux-dash
免费下载资源
·
使用二进制安装部署K8S的要点︰
基础设施环境准备好
. CentOS7.6系统(内核在3.8.x以上)
· 关闭SELinux,关闭firewalld服务
· 时间同步( chronyd ) -----------------------------------$$$新的时间同步,要记住
· 调整Base源,Epel源
· 内核优化(文件描述符大小,内核转发,等等….)
·安装部署bind9内网DNS系统
·安装部署docker的私有仓库—harbor
·准备证书签发环境—cfssl
·安装部署主控节点服务(4个)
. Etcd
. Apiserver
. Controller-manager
. Scheduler
·安装部署运算节点服务(2个)
. Kubelet
. Kube-proxy
##原来的ntpd时间同步是需要你在server选择哪个云的去时间同步,还有一个ibakd是指允许你的时间越变的。(这个有的时候需要配置,有的时候是不需要配置的,像2000年不是闰年,但是计算机它任务是闰年,所有这个时间是需要慢慢的来回来的,就是开启慢同步)
如果你的物理内存是足够大的时候那么就可以把交换分区去关掉了,就是swap分区,,k8s官方是推荐你去关掉这个分区的
controller-manager和scheduler是通过本机回环127.0.0.1:8080那个地址去找apiservice的 而apiservice还监听了另一个地址是本机内网地址比如10.4.7.21:6443 那个地址,,8080走的是httpd协议,如果跨网络就必须走6443那个地址了,就是https协议,需要证书等,所有会消耗一定资源,,那么etcd走的是https协议,所有不需要必须部署在master主机上
关于k8s证书
关于cfssl工具∶
cfssl :证书签发的主要工具
. cfssl-json:将cfssl生成的证书( json格式)变为文件承载式证书
cfssl-certinfo:验证书的信息
关于kubeconfig文件∶
· 这是一个K8S用户的配置文件·它里面含有证书信息
· 证书过期或更换,需要同步替换该文件
证书的还原方法
[root@hdss7-200 certs]# cfssl-certinfo -cert apiserver.pem
{
"subject": {
"common_name": "k8s-apiserver",
"country": "CN",
"organization": "od",
"organizational_unit": "ops",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"od",
"ops",
"k8s-apiserver"
]
},
"issuer": {
"common_name": "OldboyEdu",
"country": "CN",
"organization": "od",
"organizational_unit": "ops",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"od",
"ops",
"OldboyEdu"
]
},
"serial_number": "702925875294952757965703566705092293016898717864",
"sans": [
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local",
"127.0.0.1",
"192.168.0.1",
"10.4.7.10",
"10.4.7.21",
"10.4.7.22",
"10.4.7.23"
],
"not_before": "2021-08-25T12:59:00Z", ##证书签发时间
"not_after": "2041-08-20T12:59:00Z", ##证书有效期
"sigalg": "SHA256WithRSA",
"authority_key_id": "30:36:38:EE:B6:81:90:77:E9:70:6A:D2:97:E7:52:E4:CA:20:2:DD",
"subject_key_id": "A5:DA:E4:32:5C:9:25:B9:FB:A9:F2:41:58:F5:68:C3:E6:D9:CD:3",
"pem": "-----BEGIN CERTIFICATE-----\nMIIEbzCCA1egAwIBAgIUeyBJUKPbvrWcLA594SJdH56jSKgwDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl\naWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv\neUVkdTAeFw0yMTA4MjUxMjU5MDBaFw00MTA4MjAxMjU5MDBaMGQxCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK\nEwJvZDEMMAoGA1UECxMDb3BzMRYwFAYDVQQDEw1rOHMtYXBpc2VydmVyMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lt7u+Q6nfbQph8/xnSBf6Vq3XwU\nNxbpsZite/xSwUTKmF5yYEknu91bFOPxTuX5R4bmQI7gRXaTgdO8DQjCX0z2EoNq\ndZYioLzy/LShG1uD/4ReM43m0CFf0HH4voESWuogeAXln8knla7KaIv1WW9LPi9G\n3e/UUeL+mFZxGbhgOSs9ayBiiuHLVF45l0DH1HYx5hlCQAHXw3I8wUqkhxnRSMxa\n8JAB9n1d1cY/buPrkjC90b+AwwbLSJdnfJVYldc1UEXOdhciixcQxnAP2ng2zwTZ\nBCSTdtfwFa939z0w81Lu/VGzJSgEnwVoSgt/TdO0Kg/rwBZH2dGvBCq94QIDAQAB\no4IBGzCCARcwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwG\nA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKXa5DJcCSW5+6nyQVj1aMPm2c0DMB8GA1Ud\nIwQYMBaAFDA2OO62gZB36XBq0pfnUuTKIALdMIGhBgNVHREEgZkwgZaCEmt1YmVy\nbmV0ZXMuZGVmYXVsdIIWa3ViZXJuZXRlcy5kZWZhdWx0LnN2Y4Iea3ViZXJuZXRl\ncy5kZWZhdWx0LnN2Yy5jbHVzdGVygiRrdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNs\ndXN0ZXIubG9jYWyHBH8AAAGHBMCoAAGHBAoEBwqHBAoEBxWHBAoEBxaHBAoEBxcw\nDQYJKoZIhvcNAQELBQADggEBAJUCx5iT5fEejYcBH17pTvJhibrRh4BEa9G+8ieZ\nrmbI34yIdUvbobNttxVUDAQrloJ3tSy/TFaWij5CGnosqKG8D9iBGDTw6hrQhBLD\nqWkxWNPgHG5sTE7/UMg2psgMZ4+TPX5HKWGNBefk22EHK7trIxMHV8KVKn6Lajwl\nSQcM2f8+wpmscPXUV37WcaqKjnNbr/BZLP2/k7q2sapaZNykGTd4IXSQHWrcuh16\ndiG8Ap6Bej+9chwWIhiNLmGNUMs6mIoZFAjLR1vGaWXIVuqzkvPl6JKxzcKWVXma\nIA/E5IObHdWzrcfu7zugH3Vd0gzkIqu9Vc/IxOSWc+jloC4=\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]#
cfssl-certinfo 还可以用于查domain,比如
[root@hdss7-200 certs]# cfssl-certinfo -domain www.baidu.com
{
"subject": {
"common_name": "baidu.com",
"country": "CN",
"organization": "Beijing Baidu Netcom Science Technology Co., Ltd",
"organizational_unit": "service operation department",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"service operation department",
"Beijing Baidu Netcom Science Technology Co., Ltd",
"baidu.com"
]
},
"issuer": {
"common_name": "GlobalSign Organization Validation CA - SHA256 - G2", ##这个说明是授信的证书
"country": "BE",
"organization": "GlobalSign nv-sa",
"names": [
"BE",
"GlobalSign nv-sa",
"GlobalSign Organization Validation CA - SHA256 - G2"
]
},
"serial_number": "35351242533515273557482149369",
"sans": [
"baidu.com",
"baifubao.com",
"www.baidu.cn",
"www.baidu.com.cn",
"mct.y.nuomi.com",
"apollo.auto",
"dwz.cn",
"*.baidu.com",
"*.baifubao.com",
"*.baidustatic.com",
"*.bdstatic.com",
"*.bdimg.com",
"*.hao123.com",
"*.nuomi.com",
"*.chuanke.com",
"*.trustgo.com",
"*.bce.baidu.com",
"*.eyun.baidu.com",
"*.map.baidu.com",
"*.mbd.baidu.com",
"*.fanyi.baidu.com",
"*.baidubce.com",
"*.mipcdn.com",
"*.news.baidu.com",
"*.baidupcs.com",
"*.aipage.com",
"*.aipage.cn",
"*.bcehost.com",
"*.safe.baidu.com",
"*.im.baidu.com",
"*.baiducontent.com",
"*.dlnel.com",
"*.dlnel.org",
"*.dueros.baidu.com",
"*.su.baidu.com",
"*.91.com",
"*.hao123.baidu.com",
"*.apollo.auto",
"*.xueshu.baidu.com",
"*.bj.baidubce.com",
"*.gz.baidubce.com",
"*.smartapps.cn",
"*.bdtjrcv.com",
"*.hao222.com",
"*.haokan.com",
"*.pae.baidu.com",
"*.vd.bdstatic.com",
"*.cloud.baidu.com",
"click.hm.baidu.com",
"log.hm.baidu.com",
"cm.pos.baidu.com",
"wn.pos.baidu.com",
"update.pan.baidu.com"
],
"not_before": "2021-07-01T01:16:03Z",
"not_after": "2022-08-02T01:16:03Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:0:40:E6:1A:7C",
"subject_key_id": "34:92:9A:2F:C:71:62:BC:3D:DB:23:6D:6D:3E:B3:D1:1D:11:9D:ED",
"pem": "-----BEGIN CERTIFICATE-----\nMIIKQDCCCSigAwIBAgIMcjncyb61yc15VBX5MA0GCSqGSIb3DQEBCwUAMGYxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH\nbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\nRzIwHhcNMjEwNzAxMDExNjAzWhcNMjIwODAyMDExNjAzWjCBpzELMAkGA1UEBhMC\nQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2JlaWppbmcxJTAjBgNVBAsT\nHHNlcnZpY2Ugb3BlcmF0aW9uIGRlcGFydG1lbnQxOTA3BgNVBAoTMEJlaWppbmcg\nQmFpZHUgTmV0Y29tIFNjaWVuY2UgVGVjaG5vbG9neSBDby4sIEx0ZDESMBAGA1UE\nAxMJYmFpZHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1HB\nm0ZQIHnU05khvgJXhkUKZn2K4iK1E4Kavx+DGar7z3MELQdMQ7ZbhVg37haeoI+n\nbwWDpMhbF3PNgNaTLjiHsGrdl0s3eLVh0zrTkjtH0Q0UBddlilbpPExNPFWq4Wed\n22Y5AfKpuo/LUjCzmKc+aEDv2WoTrPjXTENYqyFj8ugGgNL5lHurgVFWdcMssVoO\n66Mo/q7+1jLr00+OCUO/gdcYxULEtPaoH5w8d6+Fx2ebBcO/GS5sh/dJ4Xbdl5KV\nBmJ4kVW2WeI57eR2ps8WGoDQFxd1Q4b7pOf0MGgGzut6hQQsJC/FZq22H9rQ7gZH\nDljQqEm14sQvfaj1YQIDAQABo4IGqjCCBqYwDgYDVR0PAQH/BAQDAgWgMIGgBggr\nBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz\naWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI\nKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph\ndGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF\nBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn\ngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmds\nb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCA2EG\nA1UdEQSCA1gwggNUggliYWlkdS5jb22CDGJhaWZ1YmFvLmNvbYIMd3d3LmJhaWR1\nLmNughB3d3cuYmFpZHUuY29tLmNugg9tY3QueS5udW9taS5jb22CC2Fwb2xsby5h\ndXRvggZkd3ouY26CCyouYmFpZHUuY29tgg4qLmJhaWZ1YmFvLmNvbYIRKi5iYWlk\ndXN0YXRpYy5jb22CDiouYmRzdGF0aWMuY29tggsqLmJkaW1nLmNvbYIMKi5oYW8x\nMjMuY29tggsqLm51b21pLmNvbYINKi5jaHVhbmtlLmNvbYINKi50cnVzdGdvLmNv\nbYIPKi5iY2UuYmFpZHUuY29tghAqLmV5dW4uYmFpZHUuY29tgg8qLm1hcC5iYWlk\ndS5jb22CDyoubWJkLmJhaWR1LmNvbYIRKi5mYW55aS5iYWlkdS5jb22CDiouYmFp\nZHViY2UuY29tggwqLm1pcGNkbi5jb22CECoubmV3cy5iYWlkdS5jb22CDiouYmFp\nZHVwY3MuY29tggwqLmFpcGFnZS5jb22CCyouYWlwYWdlLmNugg0qLmJjZWhvc3Qu\nY29tghAqLnNhZmUuYmFpZHUuY29tgg4qLmltLmJhaWR1LmNvbYISKi5iYWlkdWNv\nbnRlbnQuY29tggsqLmRsbmVsLmNvbYILKi5kbG5lbC5vcmeCEiouZHVlcm9zLmJh\naWR1LmNvbYIOKi5zdS5iYWlkdS5jb22CCCouOTEuY29tghIqLmhhbzEyMy5iYWlk\ndS5jb22CDSouYXBvbGxvLmF1dG+CEioueHVlc2h1LmJhaWR1LmNvbYIRKi5iai5i\nYWlkdWJjZS5jb22CESouZ3ouYmFpZHViY2UuY29tgg4qLnNtYXJ0YXBwcy5jboIN\nKi5iZHRqcmN2LmNvbYIMKi5oYW8yMjIuY29tggwqLmhhb2thbi5jb22CDyoucGFl\nLmJhaWR1LmNvbYIRKi52ZC5iZHN0YXRpYy5jb22CESouY2xvdWQuYmFpZHUuY29t\nghJjbGljay5obS5iYWlkdS5jb22CEGxvZy5obS5iYWlkdS5jb22CEGNtLnBvcy5i\nYWlkdS5jb22CEHduLnBvcy5iYWlkdS5jb22CFHVwZGF0ZS5wYW4uYmFpZHUuY29t\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSW3mHx\nvRwWKVMcwMx9O4MAQOYafDAdBgNVHQ4EFgQUNJKaLwxxYrw92yNtbT6z0R0Rne0w\nggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1ACJFRQdZVSRWlj+hL/H3bYbgIyZj\nrcBLf13Gg1xu4g8CAAABel+jJjkAAAQDAEYwRAIgIPt5kWXsm47PrqSljzkXx3xD\nt0xLC/fIIWbRTrvyJFUCIDxgcy89XYHRxW/WLY/pBDAv1fnK5MpocUYZi7c4uvDl\nAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF6X6MmKgAABAMA\nRzBFAiEAzl3C9AQOsbfgoBe61Dnc72Fa+8X3MmImCrsG6kb2f8oCIGeDQqgTEHzx\nbjQzGKr4nnjBDPkVpljrV4SUc3n5ysgvAHYAVYHUwhaQNgFK6gubVzxT8MDkOHhw\nJQgXL6OqHQcT0wwAAAF6X6MmSwAABAMARzBFAiB5KnN89d/LeQheoojaviS16dad\n95CR2Wr8pZWVamxDfgIhAL+3MqWq+E+8mtOIWDyebnH2nS+mm91pmO1mA5CSyiKR\nMA0GCSqGSIb3DQEBCwUAA4IBAQA5igBJkkgWWN4+nM6DORuxrJqV+Vb/fC2C06g2\nW+bPff1KmHJI8rf2UtQLCSyiXDNH4pqbPpe92LoACcmuHrO83uge4d7ZBfipsD3t\nuXqyqTyTTgeM8F7Mi/N1M25VguWZQp+cgVT7rc4oDDhCYJVo4U1fgy2kMnbYURwd\nZrecrR8Z+UDkfHRN2yq76vMkTek4dyFSPP0egR6QAISuyGb844F4kdBDeJkqpIUx\nPJ9r70ieHjlNUQe3U03/4hOr48ptfCH24voic/RlcXV32giO9y1b5gHJ95YMXy2o\n1z5MXsKSeOQbTpsoNp8Yd/K79WpkcXgP6tVofxFXtP8PsORz\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]#
kubelet的那个值应该是一样的
[root@hdss7-21 ~]# cd /opt/kubernetes/server/bin/conf/
[root@hdss7-21 conf]# md5sum kubelet.kubeconfig
ca1a0da18e3500dc9404ea4e67090066 kubelet.kubeconfig
[root@hdss7-22 ~]# cd /opt/kubernetes/server/bin/conf/
[root@hdss7-22 conf]# md5sum kubelet.kubeconfig
ca1a0da18e3500dc9404ea4e67090066 kubelet.kubeconfig
如果你新签发的证书,难么ca不能变,kubelet.kubeconfig可以有多套,没有问题,因为之前我们通过4步将证书都融入进去了
用base64去返解出来证书,
首先需要找到kubelet.kubeconfig那个文件在21上
[root@hdss7-22 conf]# cat kubelet.kubeconfig
将下面框住的复制出来
然后在200上进行解码,返回出直接需要的证书
这样有了证书,我们就可以部署很多自己需要的想部署的服务了,比如prometheus,装spine,都需要时证书的
[root@hdss7-200 certs]# echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR3akNDQXFxZ0F3SUJBZ0lVYmFmYmk0MG5GRWs5QUpNM25vanpXVHNhdDBZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lERUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjJKbGFXcHBibWN4RURBT0JnTlZCQWNUQjJKbAphV3BwYm1jeEN6QUpCZ05WQkFvVEFtOWtNUXd3Q2dZRFZRUUxFd052Y0hNeEVqQVFCZ05WQkFNVENVOXNaR0p2CmVVVmtkVEFlRncweU1UQTRNalV4TWpVM01EQmFGdzAwTVRBNE1qQXhNalUzTURCYU1GOHhDekFKQmdOVkJBWVQKQWtOT01SQXdEZ1lEVlFRSUV3ZGlaV2xxYVc1bk1SQXdEZ1lEVlFRSEV3ZGlaV2xxYVc1bk1Rc3dDUVlEVlFRSwpFd0p2WkRFTU1Bb0dBMVVFQ3hNRGIzQnpNUkV3RHdZRFZRUURFd2hyT0hNdGJtOWtaVENDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUQvd0xmZHd3UzgxQnNWR1JYejVYNEU0Y3dSTGNBSTZ5Rm4KcTM0S1EwVjJRNGptRzR3d2d5UmR4TXF2YjQwTTI3b0trNDZ5NkFEelk3bXJRNGtQSlVONjNISmZoOVlNN05KVgpZaUEwekZ2VC9ONFdMSXZTMmxIWVEvZ05BYXFwdnRlUU42eWFFVmlxVGFIanQ5T3dQTnJkL1lhVm1NY0hMTFZWCk5rYVlQYm9uT2Z1SGJjTDc5WVNXNUZEN3RiTHU1Q2JjYld2SWF6KzNlUEoyV1g4UjcwYndhaDFJQWlSbzZiNlYKcDhiSmZaZVBjTUhZMndxVWJRV3dOTFFySlJEdVNiR3VGcG1zQjBheDUxMjN3SWJWYUV6TUFXeEZ2aHBVcVZ0cQp2NDJzMElYWW9hWGtSMUZ0U0RjdVhZYjBPNVNnUE41c0c1WFdrMHg1Q2JUMWNqQ1pMQnNDQXdFQUFhTjFNSE13CkRnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUMKTUFBd0hRWURWUjBPQkJZRUZKVW1JZWViKzVobUh3YlBKbUFoUlNicnh4dmRNQjhHQTFVZEl3UVlNQmFBRkRBMgpPTzYyZ1pCMzZYQnEwcGZuVXVUS0lBTGRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNScGZMWjZmOTBrR29MCituaHUzeVNwYkM3bVpkdXpFdlh3UE80ZElHcXdSN1VQMlNlYlcvTlMvQ2hteFhmWTRDR2w2NFF3endYbno2NHYKTVEyV3BkbG0xb3BXTDE0L0NMQ3dHU3NsTmlWRlh3bXJOUW90WjJMRDJsY0RQM01JQ0hyWGczMTlTekxZazVMbgptUjNkM24wWlZHMFhKTlFsNlQ3WC9USGhVMHRldktjdGJyUkdJRTU3bzY4RmM5S3l3V09ZeXhITjJJdkZvdzlOCjFkbjBRbjI3RWQwRUhkWDRKSXlwUHNlNzA5amVCd0haczRhT3lqUmZhV1F0ejFlSnlJa0NSc0U5RmlPWCtJVHcKMzZiNE4zbERhdEM0a0xIODB0cHcwVUFJRHpkSTFjd0xQM0ZmcW02dWFsUnkwc1p3bzhIMG90amExQnUrdEh2Ngo4NUUxeFFiTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" |base64 -d > 123.pem
[root@hdss7-200 certs]# cat 123.pem
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIUbafbi40nFEk9AJM3nojzWTsat0YwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl
aWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv
eUVkdTAeFw0yMTA4MjUxMjU3MDBaFw00MTA4MjAxMjU3MDBaMF8xCzAJBgNVBAYT
AkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK
EwJvZDEMMAoGA1UECxMDb3BzMREwDwYDVQQDEwhrOHMtbm9kZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMD/wLfdwwS81BsVGRXz5X4E4cwRLcAI6yFn
q34KQ0V2Q4jmG4wwgyRdxMqvb40M27oKk46y6ADzY7mrQ4kPJUN63HJfh9YM7NJV
YiA0zFvT/N4WLIvS2lHYQ/gNAaqpvteQN6yaEViqTaHjt9OwPNrd/YaVmMcHLLVV
NkaYPbonOfuHbcL79YSW5FD7tbLu5CbcbWvIaz+3ePJ2WX8R70bwah1IAiRo6b6V
p8bJfZePcMHY2wqUbQWwNLQrJRDuSbGuFpmsB0ax5123wIbVaEzMAWxFvhpUqVtq
v42s0IXYoaXkR1FtSDcuXYb0O5SgPN5sG5XWk0x5CbT1cjCZLBsCAwEAAaN1MHMw
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFJUmIeeb+5hmHwbPJmAhRSbrxxvdMB8GA1UdIwQYMBaAFDA2
OO62gZB36XBq0pfnUuTKIALdMA0GCSqGSIb3DQEBCwUAA4IBAQCRpfLZ6f90kGoL
+nhu3ySpbC7mZduzEvXwPO4dIGqwR7UP2SebW/NS/ChmxXfY4CGl64QwzwXnz64v
MQ2Wpdlm1opWL14/CLCwGSslNiVFXwmrNQotZ2LD2lcDP3MICHrXg319SzLYk5Ln
mR3d3n0ZVG0XJNQl6T7X/THhU0tevKctbrRGIE57o68Fc9KywWOYyxHN2IvFow9N
1dn0Qn27Ed0EHdX4JIypPse709jeBwHZs4aOyjRfaWQtz1eJyIkCRsE9FiOX+ITw
36b4N3lDatC4kLH80tpw0UAIDzdI1cwLP3Ffqm6ualRy0sZwo8H0otja1Bu+tHv6
85E1xQbO
-----END CERTIFICATE-----
[root@hdss7-200 certs]# cfssl-
cfssl-certinfo cfssl-json
[root@hdss7-200 certs]# cfssl-certinfo -cert 123.pem
{
"subject": {
"common_name": "k8s-node",
"country": "CN",
"organization": "od",
"organizational_unit": "ops",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"od",
"ops",
"k8s-node"
]
},
"issuer": {
"common_name": "OldboyEdu",
"country": "CN",
"organization": "od",
"organizational_unit": "ops",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"od",
"ops",
"OldboyEdu"
]
},
"serial_number": "626023343545445238144394393419197854736744888134",
"not_before": "2021-08-25T12:57:00Z",
"not_after": "2041-08-20T12:57:00Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "30:36:38:EE:B6:81:90:77:E9:70:6A:D2:97:E7:52:E4:CA:20:2:DD",
"subject_key_id": "95:26:21:E7:9B:FB:98:66:1F:6:CF:26:60:21:45:26:EB:C7:1B:DD",
"pem": "-----BEGIN CERTIFICATE-----\nMIIDwjCCAqqgAwIBAgIUbafbi40nFEk9AJM3nojzWTsat0YwDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl\naWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv\neUVkdTAeFw0yMTA4MjUxMjU3MDBaFw00MTA4MjAxMjU3MDBaMF8xCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK\nEwJvZDEMMAoGA1UECxMDb3BzMREwDwYDVQQDEwhrOHMtbm9kZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAMD/wLfdwwS81BsVGRXz5X4E4cwRLcAI6yFn\nq34KQ0V2Q4jmG4wwgyRdxMqvb40M27oKk46y6ADzY7mrQ4kPJUN63HJfh9YM7NJV\nYiA0zFvT/N4WLIvS2lHYQ/gNAaqpvteQN6yaEViqTaHjt9OwPNrd/YaVmMcHLLVV\nNkaYPbonOfuHbcL79YSW5FD7tbLu5CbcbWvIaz+3ePJ2WX8R70bwah1IAiRo6b6V\np8bJfZePcMHY2wqUbQWwNLQrJRDuSbGuFpmsB0ax5123wIbVaEzMAWxFvhpUqVtq\nv42s0IXYoaXkR1FtSDcuXYb0O5SgPN5sG5XWk0x5CbT1cjCZLBsCAwEAAaN1MHMw\nDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC\nMAAwHQYDVR0OBBYEFJUmIeeb+5hmHwbPJmAhRSbrxxvdMB8GA1UdIwQYMBaAFDA2\nOO62gZB36XBq0pfnUuTKIALdMA0GCSqGSIb3DQEBCwUAA4IBAQCRpfLZ6f90kGoL\n+nhu3ySpbC7mZduzEvXwPO4dIGqwR7UP2SebW/NS/ChmxXfY4CGl64QwzwXnz64v\nMQ2Wpdlm1opWL14/CLCwGSslNiVFXwmrNQotZ2LD2lcDP3MICHrXg319SzLYk5Ln\nmR3d3n0ZVG0XJNQl6T7X/THhU0tevKctbrRGIE57o68Fc9KywWOYyxHN2IvFow9N\n1dn0Qn27Ed0EHdX4JIypPse709jeBwHZs4aOyjRfaWQtz1eJyIkCRsE9FiOX+ITw\n36b4N3lDatC4kLH80tpw0UAIDzdI1cwLP3Ffqm6ualRy0sZwo8H0otja1Bu+tHv6\n85E1xQbO\n-----END CERTIFICATE-----\n"
}
[root@hdss7-200 certs]#
证书需要换的时候也是需要原来证书里面的一些文件内容的
课程回顾图
kubectl命令–陈述式管理方式
管理K8S核心资源的三种基本方法∶
· 陈述式管理方法–主要依赖命令行CLI工具进行管理
· 声明式管理方法-主要依赖统一资源配置清单( manifest )进行管理
. GUI式管理方法-主要依赖图形化操作界面( web页面)进行管理
1、查看名称空间
[root@hdss7-21 conf]# kubectl get ns
NAME STATUS AGE
default Active 2d13h
kube-node-lease Active 2d13h
kube-public Active 2d13h
kube-system Active 2d13h
1.1 查询某个命名空间下的所有资源
[root@hdss7-21 conf]# kubectl get all -n default #这个式默认的,可不写
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-djjjj 1/1 Running 0 35h
pod/nginx-ds-qwxxr 1/1 Running 0 35h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d13h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 0 0 0 0 0 <none> 35h
2、创建删除名称空间
[root@hdss7-21 conf]# kubectl create ns app
namespace/app created
[root@hdss7-21 conf]# kubectl get ns |grep app
app Active 15s
[root@hdss7-21 conf]# kubectl delete ns app
namespace "app" deleted
[root@hdss7-21 conf]# kubectl get ns |grep app
[root@hdss7-21 conf]#
3、管理deployment资源
3.1 创建deployment资源
[root@hdss7-21 conf]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
[root@hdss7-21 conf]# kubectl get deploy -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 2m12s
也可以用扩展的方式去查看资源的情况
[root@hdss7-21 conf]# kubectl get po -owide -n kube-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-mmgpr 1/1 Running 0 3m11s 172.7.22.3 hdss7-22.host.com <none> <none>
[root@hdss7-21 conf]#
查看详情信息
查看详情信息
[root@hdss7-21 conf]# kubectl describe deploy -nkube-public nginx-dp
Name: nginx-dp #名称
Namespace: kube-public #名称空间
CreationTimestamp: Sat, 28 Aug 2021 10:54:06 +0800 #创建时间
Labels: app=nginx-dp #默认标签
Annotations: deployment.kubernetes.io/revision: 1 #注解时第一版
Selector: app=nginx-dp #标签选择器
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable #副本集需求
StrategyType: RollingUpdate #默认发布方式
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template: #启动pod的模板
Labels: app=nginx-dp
Containers:
nginx:
Image: harbor.od.com/public/nginx:v1.7.9
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 9m34s deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
[root@hdss7-21 conf]#
[root@hdss7-21 conf]# kubectl describe po -nkube-public nginx-dp-5dfc689474-mmgpr
Name: nginx-dp-5dfc689474-mmgpr 名称
Namespace: kube-public 名称空间
Priority: 0
Node: hdss7-22.host.com/10.4.7.22 所在节点
Start Time: Sat, 28 Aug 2021 10:54:06 +0800 创建时间
Labels: app=nginx-dp 标签
pod-template-hash=5dfc689474
Annotations: <none> 注解
Status: Running
IP: 172.7.22.3
Controlled By: ReplicaSet/nginx-dp-5dfc689474
Containers:
nginx:
Container ID: docker://6bbb65588e966026d57cce7e5d4fe930a8cb25f04efc5266c6e627ebed058c77
Image: harbor.od.com/public/nginx:v1.7.9
Image ID: docker-pullable://harbor.od.com/public/nginx@sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2
Port: <none>
Host Port: <none>
State: Running
Started: Sat, 28 Aug 2021 10:54:07 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-qn5hd (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-qn5hd:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-qn5hd
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m35s default-scheduler Successfully assigned kube-public/nginx-dp-5dfc689474-mmgpr to hdss7-22.host.com
Normal Pulled 5m34s kubelet, hdss7-22.host.com Container image "harbor.od.com/public/nginx:v1.7.9" already present on machine
Normal Created 5m34s kubelet, hdss7-22.host.com Created container nginx
Normal Started 5m34s kubelet, hdss7-22.host.com Started container nginx
可以去查看下镜像的情况
[root@hdss7-21 conf]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.od.com/public/nginx v1.7.9 84581e99d807 6 years ago 91.7MB
harbor.od.com/public/pause latest f9d5de079539 7 years ago 240kB
进入pod资源
因为dockers有一个哈希值所以直接用docker exec -it进入不需要用鼠标也好
[root@hdss7-21 conf]# kubectl exec -it -nkube-public nginx-dp-5dfc689474-mmgpr bash
root@nginx-dp-5dfc689474-mmgpr:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:07:16:03 brd ff:ff:ff:ff:ff:ff
inet 172.7.22.3/24 brd 172.7.22.255 scope global eth0
valid_lft forever preferred_lft forever
root@nginx-dp-5dfc689474-mmgpr:/# hostname
nginx-dp-5dfc689474-mmgpr
root@nginx-dp-5dfc689474-mmgpr:/# exit
exit
[root@hdss7-21 conf]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f04b8d460fb9 harbor.od.com/public/nginx "nginx -g 'daemon of…" 36 hours ago Up 36 hours k8s_my-nginx_nginx-ds-djjjj_default_4085bb27-1166-4110-a44e-dc368e6162f3_0
edebc4915991 harbor.od.com/public/pause:latest "/pause" 37 hours ago Up 37 hours k8s_POD_nginx-ds-djjjj_default_4085bb27-1166-4110-a44e-dc368e6162f3_0
[root@hdss7-21 conf]# docker exec -it fo4b bash
Error: No such container: fo4b
[root@hdss7-21 conf]# docker exec -it f04b bash
root@nginx-ds-djjjj:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:07:15:02 brd ff:ff:ff:ff:ff:ff
inet 172.7.21.2/24 brd 172.7.21.255 scope global eth0
valid_lft forever preferred_lft forever
root@nginx-ds-djjjj:/# exit
exit
删除pod资源(重启)
这个有个小实验可以查看下pod被删除的过程
另开一个窗口 也可以加强制删除–force --grace-period=0
[root@hdss7-21 ~]# watch -n 1 'kubectl describe deploy nginx-dp -n kube-public |grep -C 5 Event'
在另一个窗口执行重启-----会发现名称变了
[root@hdss7-21 conf]# kubectl delete po -n kube-public nginx-dp-5dfc689474-fqv4h
pod "nginx-dp-5dfc689474-fqv4h" deleted
[root@hdss7-21 conf]#
如果你有兴趣可以去看下源码
https://github.com/kubernetes/kubernetes/search?q=scheduler
https://github.com/kubernetes/kubernetes/blob/851b7276a5deef9b5ee78bed59e5226d591efaf9/test/integration/scheduler/scheduler_test.go
删除deployment
[root@hdss7-21 conf]# kubectl delete deploy -nkube-public nginx-dp
deployment.extensions "nginx-dp" deleted
[root@hdss7-21 conf]# kubectl get deploy -nkube-public
No resources found.
管理service资源
创建service资源
[root@hdss7-21 conf]# kubectl create deploy nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 conf]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-864j6 1/1 Running 0 15s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 15s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 15s
[root@hdss7-21 conf]# kubectl expose deploy nginx-dp --port=80 -n kube-public
service/nginx-dp exposed
[root@hdss7-21 conf]# kubectl get all -n kube-public -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-dp-5dfc689474-864j6 1/1 Running 0 113s 172.7.21.3 hdss7-21.host.com <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/nginx-dp ClusterIP 192.168.62.185 <none> 80/TCP 23s app=nginx-dp
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/nginx-dp 1/1 1 1 113s nginx harbor.od.com/public/nginx:v1.7.9 app=nginx-dp
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/nginx-dp-5dfc689474 1 1 1 113s nginx harbor.od.com/public/nginx:v1.7.9 app=nginx-dp,pod-template-hash=5dfc689474
[root@hdss7-21 conf]# curl 192.168.62.185:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@hdss7-21 conf]#
[root@hdss7-21 conf]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.62.185:80 nq
-> 172.7.21.3:80 Masq 1 0 1
[root@hdss7-21 conf]#
也可以用describe
[root@hdss7-21 conf]# kubectl describe svc nginx-dp -nkube-public
Name: nginx-dp
Namespace: kube-public
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 192.168.62.185 ##集群IP,不对外提供服务
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.7.21.3:80
Session Affinity: None
Events: <none>
[root@hdss7-21 conf]# ping 192.168.62.185
PING 192.168.62.185 (192.168.62.185) 56(84) bytes of data.
64 bytes from 192.168.62.185: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 192.168.62.185: icmp_seq=2 ttl=64 time=0.088 ms
64 bytes from 192.168.62.185: icmp_seq=3 ttl=64 time=0.100 ms
陈述式资源管理方法小结:
. Kubernetes集群管理集群资源的唯一入口是通过相应的方法调用apiserver的接口
- kubectl是官方的CLI命令行工具,用于与apiserver进行通信,将用户在命令行输
入的命令,组织并转化为apiserver雠识别的信息,进而实现管理K8S各种资源的—种有效途径
- kubectl的命令大全
- kubectl --help
. http://docs.kubernetes.org.cn
·陈述式资源管理方法可以满足90%以上的资源管理需求,但它的缺点也很明显
· 命令冗长、复杂、难以记忆
· 特定场景下,无法实现管理需求
· 对资源的增、删、查操作比较容易,改就很痛苦
命令行不支持daemonset的方式去创建server
[root@hdss7-21 conf]# kubectl get daemonset
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
nginx-ds 2 2 2 2 2 <none> 37h
[root@hdss7-21 conf]# kubectl expose daemonset nginx-ds --port=880
error: cannot expose a DaemonSet.extensions
[root@hdss7-21 conf]#
声明式资源管理
声明式资源管理方法︰
.声明式资源管理方法依赖于—资源配置清单( yamljson )·查看资源配置清单的方法
~]# kubectl get svc nginx-dp -o vaml -n kube-public·解释资源配置清单
~]# kubectl explain service·创建资源配置清单
~]# vi/root/nginx-ds-svc.yaml·应用资源配置清单
~]# kubectl apply -f nginx-ds-svc.yaml·修改资源配置清单并应用
·在线修改
·离线修改·删除资源配置清单
·陈述式删除·声明式删除
————————————
可以去查看资源的pod的yaml文件,即是获取资源配置清单
[root@hdss7-21 conf]# kubectl get po -nkube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-864j6 1/1 Running 0 16m
[root@hdss7-21 conf]# kubectl get po nginx-dp-5dfc689474-864j6 -oyaml -nkube-public
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2021-08-28T03:34:52Z"
generateName: nginx-dp-5dfc689474-
labels:
app: nginx-dp
pod-template-hash: 5dfc689474
name: nginx-dp-5dfc689474-864j6
namespace: kube-public
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-dp-5dfc689474
uid: 07dac01c-fc09-4615-9551-fa0d7399151a
resourceVersion: "28992"
selfLink: /api/v1/namespaces/kube-public/pods/nginx-dp-5dfc689474-864j6
uid: 7ebe9cc1-3673-4c71-8097-accf4c5ae85d
spec:
containers:
- image: harbor.od.com/public/nginx:v1.7.9
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-qn5hd
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: hdss7-21.host.com
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-qn5hd
secret:
defaultMode: 420
secretName: default-token-qn5hd
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-08-28T03:34:52Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-08-28T03:34:53Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-08-28T03:34:53Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-08-28T03:34:52Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://4f8ab39b0b1b831dc7e78862b996ddb0f24c50501199c6554712c02bfb2c7143
image: harbor.od.com/public/nginx:v1.7.9
imageID: docker-pullable://harbor.od.com/public/nginx@sha256:b1f5935eb2e9e2ae89c0b3e2e148c19068d91ca502e857052f14db230443e4c2
lastState: {}
name: nginx
ready: true
restartCount: 0
state:
running:
startedAt: "2021-08-28T03:34:53Z"
hostIP: 10.4.7.21
phase: Running
podIP: 172.7.21.3
qosClass: BestEffort
startTime: "2021-08-28T03:34:52Z"
[root@hdss7-21 conf]# kubectl get svc nginx-dp -oyaml -n kube-public
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-08-28T03:36:22Z"
labels:
app: nginx-dp
name: nginx-dp
namespace: kube-public
resourceVersion: "29124"
selfLink: /api/v1/namespaces/kube-public/services/nginx-dp
uid: f9b1fa3c-1ad3-4955-8874-2e380b9b7d40
spec:
clusterIP: 192.168.62.185
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-dp
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
我们若是不指定那一段是干什么用的可以去查帮助,看是做啥的如
- explain
[root@hdss7-21 conf]# kubectl explain service.metadata
KIND: Service
VERSION: v1
RESOURCE: metadata <Object>
DESCRIPTION:
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
.....
创建声明式资源配置清单
[root@hdss7-21 ~]# vi nginx-ds-svc.yaml
[root@hdss7-21 ~]# cat nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ds
name: nginx-ds
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-ds
type: ClusterIP
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
nginx-ds-djjjj 1/1 Running 0 37h
nginx-ds-qwxxr 1/1 Running 0 37h
[root@hdss7-21 ~]# kubectl get po -n default
NAME READY STATUS RESTARTS AGE
nginx-ds-djjjj 1/1 Running 0 37h
nginx-ds-qwxxr 1/1 Running 0 37h
[root@hdss7-21 ~]# kubectl get svc -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d14h
nginx-ds ClusterIP 192.168.248.208 <none> 80/TCP 70s
[root@hdss7-21 ~]# kubectl get nginx-ds -oyaml
error: the server doesn't have a resource type "nginx-ds"
[root@hdss7-21 ~]# kubectl get svc nginx-ds -oyaml ##可以看到就是按要求创建的
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"nginx-ds"},"name":"nginx-ds","namespace":"default"},"spec":{"ports":[{"port":80,"protocol":"TCP","targetPort":80}],"selector":{"app":"nginx-ds"},"type":"ClusterIP"}}
creationTimestamp: "2021-08-28T03:58:41Z"
labels:
app: nginx-ds
name: nginx-ds
namespace: default
resourceVersion: "31050"
selfLink: /api/v1/namespaces/default/services/nginx-ds
uid: af58d4b6-f302-44ce-80e4-672e1b961da6
spec:
clusterIP: 192.168.248.208
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-ds
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
[root@hdss7-21 ~]#
更改声明式资源配置清单的例子
[root@hdss7-21 ~]# docker login docker.io/yunduan666/nginx:curl
Username: yunduan666
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@hdss7-21 ~]# docker pull yunduan666/nginx:curl
curl: Pulling from yunduan666/nginx
f2aa67a397c4: Pull complete
e3eaf3d87fe0: Pull complete
38cb13c1e4c9: Pull complete
b0621afe2f29: Pull complete
Digest: sha256:7f17396b373f684affdfc0c352a6690229cda5bbda23f7237d17b971e3f70a55
Status: Downloaded newer image for yunduan666/nginx:curl
docker.io/yunduan666/nginx:curl
[root@hdss7-21 ~]# docker images |grep curl
yunduan666/nginx curl 1b933b5c419a 3 months ago 136MB
[root@hdss7-21 ~]# docker tag 1b933b5c419a harbor.od.com/public/nginx:curl
Push an image or a repository to a registry
[root@hdss7-21 ~]# docker push harbor.od.com/public/nginx:curl
The push refers to repository [harbor.od.com/public/nginx]
7ee5aaf0841a: Pushed
4258832b2570: Pushed
683a28d1d7fd: Pushed
d626a8ad97a1: Pushed
curl: digest: sha256:7f17396b373f684affdfc0c352a6690229cda5bbda23f7237d17b971e3f70a55 size: 1160
[root@hdss7-21 ~]# vi nginx-ds.yaml
[root@hdss7-21 ~]# cat nginx-ds.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ds
spec:
template:
metadata:
labels:
app: nginx-ds
spec:
containers:
- name: my-nginx
image: harbor.od.com/public/nginx:curl ##更改后进行更新
ports:
- containerPort: 80
[root@hdss7-21 ~]#
[root@hdss7-21 ~]# kubectl apply -f nginx-ds.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
daemonset.extensions/nginx-ds configured
[root@hdss7-21 ~]# kubectl describe ds nginx-ds
Name: nginx-ds
Selector: app=nginx-ds
Node-Selector: <none>
Labels: app=nginx-ds
Annotations: deprecated.daemonset.template.generation: 2
kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"extensions/v1beta1","kind":"DaemonSet","metadata":{"annotations":{},"name":"nginx-ds","namespace":"default"},"spec":{"templ...
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 0
Number of Nodes Scheduled with Available Pods: 2
Number of Nodes Misscheduled: 0
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=nginx-ds
Containers:
my-nginx:
Image: harbor.od.com/public/nginx:curl ## 查看的出已经式最新的了
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Events: <none>
[root@hdss7-21 ~]#
注意:为了实验最好还是去改回v1.7.9
声明式删除资源配置清单可以用
[root@hdss7-21 ~]# kubectl delete -f nginx-ds-svc.yaml
GitHub 加速计划 / li / linux-dash
10.39 K
1.2 K
下载
A beautiful web dashboard for Linux
最近提交(Master分支:2 个月前 )
186a802e
added ecosystem file for PM2 4 年前
5def40a3
Add host customization support for the NodeJS version 4 年前
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)