部署CNI网络
先准备好CNI二进制文件,两个node节点一起操作。
下载地址:https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz
解压二进制包并移动到默认工作目录:
[root@k8s-node1 ~]# mkdir -p /opt/cni/bin [root@k8s-node1 ~]# tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin
部署CNI网络
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [root@k8s-master1 ~]# sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.12.0-amd64#g" kube-flannel.yml
创建
[root@k8s-master1 ~]# kubectl apply -f kube-flannel.yml podsecuritypolicy.policy/psp.flannel.unprivileged created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds-amd64 created daemonset.apps/kube-flannel-ds-arm64 created daemonset.apps/kube-flannel-ds-arm created daemonset.apps/kube-flannel-ds-ppc64le created daemonset.apps/kube-flannel-ds-s390x created
查看pod
[root@k8s-master1 ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE kube-flannel-ds-amd64-5zp2n 1/1 Running 0 71s kube-flannel-ds-amd64-qxg2q 1/1 Running 0 71s
查看node状态
[root@k8s-master1 ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-node1 Ready <none> 14h v1.18.5 k8s-node2 Ready <none> 14h v1.18.5
授权apiserver访问kubelet
[root@k8s-master1 ~]#
cat > apiserver-to-kubelet-rbac.yaml << EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
- pods/log
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes
EOF
[root@k8s-master1 ~]# kubectl apply -f apiserver-to-kubelet-rbac.yaml
环境测试验证
在任意一个master节点上执行如下指令创建一个nginx pod并暴露端口测试是否可以从外部正常访问
- 创建nginx deployment
[root@k8s-master1 ~]# kubectl create deployment web --image=nginx deployment.apps/web created
- 暴露端口
[root@k8s-master1 ~]# kubectl expose deployment web --port=80 --type=NodePort service/web exposed
- 查看创建状态
[root@k8s-master1 ~]# kubectl get pod,svc NAME READY STATUS RESTARTS AGE pod/web-5dcb957ccc-z567t 1/1 Running 0 14s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 18h service/web NodePort 10.0.0.197 <none> 80:31250/TCP 5s
- 查看对应的端口
[root@k8s-master1 ~]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 18h web NodePort 10.0.0.197 <none> 80:31250/TCP 16s
- 扩容副本
[root@k8s-master1 ~]# kubectl scale deployment web --replicas=3 deployment.apps/web scaled [root@k8s-master1 ~]# kubectl get pod,svc NAME READY STATUS RESTARTS AGE pod/web-5dcb957ccc-gfx4c 1/1 Running 0 4m57s pod/web-5dcb957ccc-jpk22 1/1 Running 0 4m57s pod/web-5dcb957ccc-z567t 1/1 Running 0 5m38s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 18h service/web NodePort 10.0.0.197 <none> 80:31250/TCP 5m29s
- 查看pod的详细信息
[root@k8s-master1 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES web-5dcb957ccc-gfx4c 1/1 Running 0 5m45s 10.244.1.3 k8s-node2 <none> <none> web-5dcb957ccc-jpk22 1/1 Running 0 5m45s 10.244.0.2 k8s-node1 <none> <none> web-5dcb957ccc-z567t 1/1 Running 0 6m26s 10.244.1.2 k8s-node2 <none> <none>
- 浏览器访问:http://<Node_IP>:31250若能正常返回nginx欢迎页面,则表示环境一切正常。
继续阅读
- 我的QQ
- QQ扫一扫
-
- 我的头条
- 头条扫一扫
-
评论