K8S实用整理(11)-创建支持ssh的pod.yaml

镜像为redhat5.9，安装配置有sshd。

pod.yaml如下，其中command参数为

    command:
    - '/usr/sbin/sshd'
    - -D

apiVersion: v1
kind: Pod
metadata:
  name: centos-ssh
  labels:
    app: test
  annotations:
    security.alpha.kubernetes.io/unsafe-sysctls: kernel.msgmnb=13107200,kernel.msgmni=256,kernel.msgmax=65536,kernel.shmmax=69719476736,kernel.sem=500 256000 250 1024
spec:
#  restartPolicy: Always
  nodeSelector:
    cslckind1: test
  containers:
  - name: centos-ssh
    image: 172.28.2.2:4000/sie:20180112
#    imagePullPolicy: IfNotPresent
    command:
    - '/usr/sbin/sshd'
    - -D
#    - while true; do sleep 1; done
    ports:
    - containerPort: 22
      protocol: TCP
      hostPort: 30022

创建后测试，连接node映射的端口正常。

daweij@master:~/stady01/ipctest$ ssh root@172.28.2.211 -p 30022
root@172.28.2.211's password: 
Last login: Fri Mar  9 14:38:08 from 172.28.2.210
[root@centos-ssh ~]# 
[root@centos-ssh ~]# service sshd status
openssh-daemon (pid  1) 正在运行...
[root@centos-ssh ~]# ps aux| grep ssh
root         1  0.0  0.0  62744  4884 ?        Ss   14:36   0:00 /usr/sbin/sshd -D
root        62  0.1  0.0  65304  5008 ?        Ss   14:42   0:00 sshd: root@pts/0    
root       101  0.0  0.0  61228  1920 pts/0    S+   14:43   0:00 grep ssh
[root@centos-ssh ~]# netstat -an | grep 22
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 10.233.102.166:22           172.28.2.210:54970          ESTABLISHED 
tcp        0      0 :::22                       :::*                        LISTEN

如上配置hostPort后，直连pod的22端口失败：

daweij@master:~/stady01/ipctest$ ssh root@103.233.102.166
ssh: connect to host 103.233.102.166 port 22: No route to host

root@node1:~# iptables-save | grep 30022
-A CNI-DN-c4826bf50328ab674d067 -p tcp -m tcp --dport 30022 -j DNAT --to-destination 10.233.102.166:22

下一步：配置为Deployment 并配置service

posted @ 2018-03-09 14:46 Cslc-DaweiJ 阅读(1201) 评论(0) 收藏举报

刷新页面返回顶部

Cslc-DaweiJ

K8S实用整理(11)-创建支持ssh的pod.yaml

公告