Kubernetes集群环境搭建
主机规划
| 作用 | IP地址 | 操作系统 | 配置 |
|---|---|---|---|
| Master | 192.168.25.100 | CentOS7.x 基础设施服务器 | 2颗CPU 2G内存 50G硬盘 |
| Node1 | 192.168.25.101 | CentOS7.x 基础设施服务器 | 2颗CPU 2G内存 50G硬盘 |
| Node2 | 192.168.25.101 | CentOS7.x 基础设施服务器 | 2颗CPU 2G内存 50G硬盘 |
环境搭建
初始化环境
检查操作系统版本
# 此方式下安装kubernetes集群,CentOS版本要求在7.5及以上[root@master ~]# cat /etc/redhat-releaseCentOS Linux release 7.9.2009 (Core)
配置主机名
[root@master ~]# hostnamectl set-hostname master [root@master ~]# hostnamectl set-hostname node1 [root@master ~]# hostnamectl set-hostname node2修改IP ```shell
修改IP
[root@master ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 IPADDR=”192.168.25.100”
重启网卡
[root@master ~]# systemctl restart network
查看mac信息
[root@master ~]# ip link [root@master ~]# cat /sys/class/net/ens33/address [root@master ~]# cat /sys/class/dmi/id/product_uuid
4. 主机名解析
为了方便集群节点间的直接调用,这里配置一下主机名解析,企业中推荐使用内部的DNS服务器。
```shell
[root@master ~]# cat >> /etc/hosts << EOF
192.168.25.100 master
192.168.25.101 node1
192.168.25.102 node2
EOF
- 日期同步
kubernetes要求集群中的节点时间必须精确一致,这里直接使用chronyd服务从网络同步时间。
企业中建议使用内部的时间同步服务器。
# 安装chrony
[root@master ~]# yum install chrony -y
# 启动chrony 服务
[root@master ~]# systemctl start chronyd
# 设置chrony 开机启动
[root@master ~]# systemctl enable chronyd
# 查看chrony 运行状态 active表示已经启动
[root@master ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2021-12-20 21:20:13 CST; 1h 52min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 701 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exited, status=0/SUCCESS)
Process: 691 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 698 (chronyd)
CGroup: /system.slice/chronyd.service
└─698 /usr/sbin/chronyd
# 服务启动几秒后,可以使用date命令验证,三台机器时间都一样
[root@master ~]# date
2021年 12月 20日 星期一 23:18:22 CST
禁止开启启动
[root@master ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
查看firewalld服务状态 inactive(dead)表示已经关闭
[root@master ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
12月 20 21:15:53 master systemd[1]: Starting firewalld - dynamic firewall daemon… 12月 20 21:15:54 master systemd[1]: Started firewalld - dynamic firewall daemon. 12月 20 21:15:55 master firewalld[712]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now. 12月 20 23:19:52 master systemd[1]: Stopping firewalld - dynamic firewall daemon… 12月 20 23:19:53 master systemd[1]: Stopped firewalld - dynamic firewall daemon.
7. 禁用selinux
selinux是linux系统下的一个安全服务,如果不关闭它,在安装集群时,会出现各种奇葩问题<br />这一步需要重启服务器,稍后,修改完,统一重启
```shell
# 临时关闭
[root@master ~]# setenforce 0
# 永久关闭
# 修改SELINUX的只为permissive
[root@master ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 查看是否关闭
[root@master ~]# getenforce
- 禁用swap分区
swap分区指的是虚拟内存分区,它的作用是在物理内存使用完后,将磁盘空间虚拟成内存来使用
启用swap分区设备会对产生负面的影响,因此kubernetes要求每个节点必须禁用swap设备
但是,如果由于某种业务,不能关闭swap,就需要在集群安装过程中通过参数明确告诉kubernetes
这一步需要重启服务器,稍后,修改完,统一重启
# 临时禁用
[root@master ~]# swapoff -a
# 永久禁用
[root@master ~]# sed -i.bak '/swap/s/^/#/' /etc/fstab
# 查看是否禁用
[root@master ~]# free -m
- 修改linux内核参数
```shell
增加配置文件
[root@master ~]# cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF增加网桥
[root@master ~]# cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF
重新加载配置
[root@master ~]# sysctl —system
加载网桥过滤模块
[root@master ~]# modprobe br_netfilter
查看网桥过滤模块是否加载成功
[root@master ~]# lsmod | grep br_netfilter br_netfilter 22256 0 bridge 151336 1 br_netfilter
10. 检查配置是否生效
重启后,检查配置是否生效
```shell
# 检查selinux是否禁用 disabled表示已经禁用
[root@master ~]# getenforce
Disabled
# 查看swap是否禁用 Swap 全是0 表示已经禁用
[root@master ~]# free -m
total used free shared buff/cache available
Mem: 3770 220 3426 11 123 3365
Swap: 0 0 0
# 查看网桥过滤模块是否加载成功 br_netfilter 表示已经启用
[root@master ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 151336 1 br_netfilter
# 查看防火墙是否关闭 inactive (dead) 表示已经关闭
[root@master ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
安装Docker
# step 1: 安装必要的一些系统工具
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 wget
# Step 2: 添加软件源信息
[root@master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装 Docker-CE
[root@master ~]# yum -y install docker-ce
# Step 4: 开启Docker服务
[root@master ~]# service docker start
Redirecting to /bin/systemctl start docker.service
# Setp 5: 开机启动
[root@master ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# Step 6: 配置镜像
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://3nnzwyqy.mirror.aliyuncs.com"]
}
EOF
# Step 7: 重启docker 守护进程
[root@master ~]# systemctl daemon-reload
# Step 8: 重启docker 服务
[root@master ~]# systemctl restart docker
安装Kubernetes组件
# 添加kubernetes源
[root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装 kubeadm kubelet kubectl
[root@master ~]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
# 设置kubelet开机启动
[root@master ~]# systemctl enable --now kubelet
集群初始化
只在master上执行
# 初始化集群
[root@master ~]# kubeadm init \
--image-repository=registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=192.168.25.100
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.25.100:6443 --token 1hl1jm.5nhhjvkuyzdj535b \
--discovery-token-ca-cert-hash sha256:05f18cd96075e38d93272a340c1791fad197d2d6eccd73ec900edc4fcf39e3a8
# 执行kubernetes给出的命令
# 创建文件夹
[root@master ~]# mkdir -p $HOME/.kube
# 拷贝配置文件
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# 修改权限
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入节点
# 在工作节点上执行
[root@node1 ~]# kubeadm join 192.168.25.100:6443 --token 1hl1jm.5nhhjvkuyzdj535b \
--discovery-token-ca-cert-hash sha256:05f18cd96075e38d93272a340c1791fad197d2d6eccd73ec900edc4fcf39e3a8
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
# 在master上执行,查看节点是否加入 可以看见node1已经加入
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane,master 10m v1.23.1
node1 NotReady <none> 15s v1.23.1
网络安装
只在master上执行
# 下载flannel 配置
[root@master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: quay.io/coreos/flannel:v0.15.1
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.15.1
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
# 预下载这两个镜像,第二个有可能下载不了
[root@master ~]# docker pull rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
[root@master ~]# docker pull quay.io/coreos/flannel:v0.15.1
# 安装网络
[root@master ~]# kubectl apply -f kube-flannel.yml
# 查看节点 所有节点都是Ready了
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 123m v1.23.1
node1 Ready <none> 120m v1.23.1
node2 Ready <none> 120m v1.23.1
阿里云镜像仓库
如果上面的不行,就通过阿里云镜像仓库下载
下面是导出镜像、导入镜像、修改镜像名称、上传阿里云镜像仓库的过程
# 将镜像导出
[root@master ~]# docker save -o flannel.tar quay.io/coreos/flannel
# 导入镜像
[root@master ~]# docker load -i flannel.tar
# 修改镜像名称
[root@master ~]# docker tag e6ea68648f0c registry.cn-hangzhou.aliyuncs.com/zhangbo0921/flannel:v0.15.1
# 登陆阿里云
[root@master ~]# docker login --username=1568605****@163.com registry.cn-hangzhou.aliyuncs.com
# 推送到阿里云
[root@master ~]# docker push registry.cn-hangzhou.aliyuncs.com/zhangbo0921/flannel:v0.15.1
推送后,就可以把 kube-flannel.yml 里面的镜像修改为自己的镜像了
以下是修改后的yml文件内容
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: registry.cn-hangzhou.aliyuncs.com/zhangbo0921/flannel:v0.15.1
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: registry.cn-hangzhou.aliyuncs.com/zhangbo0921/flannel:v0.15.1
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
同样,这里最好是预下载镜像,但是这里的镜像,是我们自己的镜像
# 预下载这两个镜像,第二个有可能下载不了
[root@master ~]# docker pull rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/zhangbo0921/flannel:v0.15.1
# 安装网络
[root@master ~]# kubectl apply -f kube-flannel.yml
# 查看节点 所有节点都是Ready了
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 123m v1.23.1
node1 Ready <none> 120m v1.23.1
node2 Ready <none> 120m v1.23.1
服务部署
测试集群是否正确安装,来部署个nginx测试。
# 创建deployment部署nginx
[root@master ~]# kubectl create deployment nginx --image=nginx:1.14-alpine
deployment.apps/nginx created
# 暴露服务
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
# 查看pod 有一个nginx服务在跑
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-7cbb8cd5d8-7wtmw 1/1 Running 0 3m36s
# 查看svc(service),有一个nginx的服务,
# kubectl get service 也可以
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 132m
nginx NodePort 10.108.100.35 <none> 80:31351/TCP 2m49s
注意service的端口是80:31351,和docker一样,左边(80)是内部网络端口,右边(31351)是对外暴露的网络端口。
所以我们使用master的ip加右边端口访问:http://192.168.25.100:31351
出现上面的页面,就说明集群已经部署好了。
若有收获,就点个赞吧
0 人点赞
