----到这里,集群测试全部完成了。集群全部正常可用。集群搭建全部完成了。
创建nginx ds
#只在node-1节点创建
# 写入配置
[root@node-1 ~]# cat > nginx-ds.yml <<EOF
apiVersion: v1
#创建nginx包括其service
kind: Service
metadata:
name: nginx-ds
labels:
app: nginx-ds
spec:
#类型是NodePort
type: NodePort
selector:
#创建的app是nginx-ds,也就是对应下面的DaemonSet
app: nginx-ds
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
#也就是在每一个工作worker节点跑一个nginx,然后用NodePort的形式把它暴露出来。
name: nginx-ds
spec:
selector:
matchLabels:
app: nginx-ds
template:
metadata:
labels:
app: nginx-ds
spec:
containers:
- name: my-nginx
image: nginx:1.19
ports:
- containerPort: 80
EOF
[root@node-1 ~]# cat nginx-ds.yml
# 创建ds
#上述配置文件中,命名空间是没有配置的,也就是默认的命名空间。
[root@node-1 ~]# kubectl apply -f nginx-ds.yml
service/nginx-ds created
daemonset.apps/nginx-ds created
#默认命名空间下查看POD
[root@node-1 ~]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ds-h54bb 1/1 Running 0 8s 10.200.139.68 node-3 <none> <none>
nginx-ds-x5lns 1/1 Running 0 8s 10.200.247.7 node-2 <none> <none>
#核实运行的POD进程
[root@node-2/3 ~]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
154ef6226d5c6 f0b8a9a541369 33 seconds ago Running my-nginx 0 22e54e6b7d7a0
检查各种ip连通性
# 检查各 Node 上的 Pod IP 连通性
[root@node-2 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ds-h54bb 1/1 Running 0 2m29s 10.200.139.68 node-3 <none> <none>
nginx-ds-x5lns 1/1 Running 0 2m29s 10.200.247.7 node-2 <none> <none>
# 在每个worker节点上ping 上述两个pod ip
#也就是上述node-2和node-3分配的10.200网段的两个IP。看是否在每个节点上都可以访问POD的IP地址。
#在node-1上是ping不通这俩IP的,因为node-1是master节点,并没有worker节点的东西 calico ,也就没人负责POD的网络,所以在master节点上是肯定不通的。
[root@node-2/3 ~]# ping 10.200.139.68
[root@node-2/3 ~]# ping 10.200.247.7
# 检查service可达性
[root@node-1 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 2d19h
#一个nodePort的nginx的service
nginx-ds NodePort 10.233.188.137 <none> 80:30158/TCP 10m
# 在每个worker节点上访问service服务是否通(service对应的端口是80)
#我这里service的IP不显示nginx欢迎页面(可以通),但是内外网IP对应的node-port可以显示nginx页面。
$ curl <service-ip>:<port>
[root@node-2/3 ~]# curl 10.233.188.137:80
[root@node-2/3 ~]# curl 172.16.1.22/23:30158
[root@node-2/3 ~]# curl 10.0.0.22/23:30158
# 在每个节点检查node-port可用性
[root@node-2 ~]# netstat -lntup|grep 30158
tcp 0 0 0.0.0.0:30158 0.0.0.0:* LISTEN 2160/kube-proxy
#下面是node-2和node-3的真实IP
#在浏览器访问,也能显示nginx欢迎页面,这就说明NodePort已经可以对外提供服务了。
[root@node-2/3 ~]# curl 172.16.1.22/23:30158
[root@node-2/3 ~]# curl 10.0.0.22/23:30158
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
检查dns可用性
#让刚才POD的nginx-ds名称跟这个POD的nginx名称通过名字来互相访问彼此。
# 创建一个nginx pod
$ cat > pod-nginx.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: docker.io/library/nginx:1.19
ports:
- containerPort: 80
EOF
[root@node-1 ~]# cat pod-nginx.yaml
#提前检查镜像并下载
[root@node-1 ~]# grep image pod-nginx.yaml
image: docker.io/library/nginx:1.19
[root@node-2/3 ~]# crictl images
docker.io/library/nginx 1.19 f0b8a9a541369 53.7MB
[root@node-2/3 ~]# crictl pull docker.io/library/nginx:1.19
# 创建pod
[root@node-1 ~]# kubectl apply -f pod-nginx.yaml
pod/nginx created
#检查POD
[root@node-1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 15s
[root@node-1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 26s 10.200.139.69 node-3 <none> <none>
#检查POD进程
[root@node-3 ~]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
6f1696270db14 f0b8a9a541369 57 seconds ago Running nginx 0 75617c13dd4c0
# 进入pod的bash环境,查看dns
[root@node-1 ~]# kubectl exec nginx -it -- /bin/bash
# 查看dns配置。/etc/kubernetes/kubelet-config.yaml
root@nginx:/# cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local
#这个169的IP是符合预期的。之前配置了这个DNS SERVER的地址,是一个LOCAL DNS CACHE。
nameserver 169.254.25.10
options ndots:5
# 查看名字是否可以正确解析
root@nginx:/# curl nginx-ds
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
#退出nginx的POD进入nginx-ds的POD的bash环境
#这里要指定具体的POD名称
[root@node-1 ~]# kubectl exec nginx-ds-h54bb -it -- /bin/bash
root@nginx-ds-h54bb:/# cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 169.254.25.10
options ndots:5
root@nginx-ds-h54bb:/# curl nginx-ds
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
日志功能
#如果node-2或node-3的nginx启动失败,那么执行可能会输出
[root@node-1 ~]# kubectl logs nginx-ds-7mxvl
Error from server (InternalError): Internal error occurred: Authorization error (user=kubernetes, verb=get, resource=nodes, subresource=proxy)
Exec功能
#测试kubectl的exec功能,是否能进入容器中去。
[root@node-1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 14m
nginx-ds-h54bb 1/1 Running 0 99m
nginx-ds-x5lns 1/1 Running 0 99m
$ kubectl exec -it <nginx-pod-name> -- nginx -v
#在容器里执行的nginx -v,返回当前容器的nginx的版本。说明exec命令也是OK。
[root@node-1 ~]# kubectl exec -it nginx -- nginx -v
nginx version: nginx/1.19.10
[root@node-1 ~]# kubectl exec -it nginx-ds-h54bb -- nginx -v
nginx version: nginx/1.19.10
[root@node-1 ~]# kubectl exec -it nginx-ds-x5lns -- nginx -v
nginx version: nginx/1.19.10
标题:Kubernetes(五)kubernetes-the-hard-way方式(5.9)集群冒烟测试(对应4-4)
作者:yazong
地址:https://blog.llyweb.com/articles/2022/11/07/1667822681917.html