Kubernetes | 二进制软件包方式部署 -- 检验集群可

经过前面的步骤，集群算是部署完成了，但还差最后一步，还需要检验网络和DNS是否正常。

cat > myapp-demo.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
  labels:
    app: myapp-demo
  name: myapp-demo
spec:
  ports:
  - name: 80-80
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30080
  selector:
    app: myapp-demo
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: myapp-demo
  name: myapp-demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp-demo
  template:
    metadata:
      labels:
        app: myapp-demo
    spec:
      containers:
      - image: ikubernetes/myapp:v1
        name: myapp-demo
EOF

kubectl apply -f ./myapp-demo.yaml

root@okokok:/data/k8s-deploy# kubectl get pods -owide
NAME                          READY   STATUS    RESTARTS   AGE     IP               NODE            NOMINATED NODE   READINESS GATES
myapp-demo-7999fcf794-4hq6j   1/1     Running   0          5m38s   172.21.176.198   k8s-master-02   <none>           <none>
myapp-demo-7999fcf794-97vrp   1/1     Running   0          5m38s   172.20.183.137   k8s-master-03   <none>           <none>
myapp-demo-7999fcf794-bhrtq   1/1     Running   0          5m38s   172.30.107.74    k8s-master-01   <none>           <none>

# 进入其中一个 Pod 的容器中，ping 其他 Pod 的IP地址，如果都能 ping 通那就表示网络是正常的
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 172.21.176.198
PING 172.21.176.198 (172.21.176.198): 56 data bytes
64 bytes from 172.21.176.198: seq=0 ttl=64 time=0.036 ms
64 bytes from 172.21.176.198: seq=1 ttl=64 time=0.054 ms

--- 172.21.176.198 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.036/0.045/0.054 ms
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 172.20.183.137
PING 172.20.183.137 (172.20.183.137): 56 data bytes
64 bytes from 172.20.183.137: seq=0 ttl=62 time=1.448 ms
64 bytes from 172.20.183.137: seq=1 ttl=62 time=0.609 ms

--- 172.20.183.137 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.609/1.028/1.448 ms
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 172.30.107.74
PING 172.30.107.74 (172.30.107.74): 56 data bytes
64 bytes from 172.30.107.74: seq=0 ttl=62 time=3.512 ms
64 bytes from 172.30.107.74: seq=1 ttl=62 time=1.027 ms

--- 172.30.107.74 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.027/2.269/3.512 ms
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=0.054 ms
64 bytes from 10.0.0.1: seq=1 ttl=64 time=0.063 ms

--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.054/0.058/0.063 ms
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=0.079 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.049 ms

--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.064/0.079 ms

# ping 域名，看看能不能解析出来IP地址
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 kubernetes
PING kubernetes (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=0.030 ms
64 bytes from 10.0.0.1: seq=1 ttl=64 time=0.065 ms

--- kubernetes ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.030/0.047/0.065 ms
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- ping -c2 myapp-demo
PING myapp-demo (10.12.202.242): 56 data bytes
64 bytes from 10.12.202.242: seq=0 ttl=64 time=0.029 ms
64 bytes from 10.12.202.242: seq=1 ttl=64 time=0.052 ms

--- myapp-demo ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.029/0.040/0.052 ms

# nslookup 解析域名，如果能正常解析IP地址那就表示DNS也是ok的
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- nslookup kubernetes 10.0.0.2
Server:    10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
root@okokok:/data/k8s-deploy# kubectl exec -it myapp-demo-7999fcf794-4hq6j -- nslookup myapp-demo 10.0.0.2
Server:    10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local

Name:      myapp-demo
Address 1: 10.12.202.242 myapp-demo.default.svc.cluster.local

# NodePort 向外部暴露了 30080 端口，外网可以通过各节点的 30080 端口来访问里面的 Pod
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-4hq6j
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-bhrtq
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-97vrp
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-4hq6j
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-bhrtq
root@okokok:/data/k8s-deploy# curl http://k8s-master-01:30080/hostname.html
myapp-demo-7999fcf794-97vrp
root@okokok:/data/k8s-deploy#

如果执行 kubectl exec -it myapp-demo-xxx -- sh 命令出现以下报错。

error: unable to upgrade connection: Forbidden (user=kubernetes, verb=create, resource=nodes, subresource=proxy)

执行命令即可解决。

kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=system:kubelet-api-admin --user kubernetes