二进制部署kubernetes v1.30.2集群 九、集群验证
集群验证
一、查看kubernetes ClusterIP地址
[root@k8s-master01 src]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 28m
二、验证各个节点是否能访问10.0.0.1 443(所有节点验证),所有节点必须要通。
[root@k8s-master01 ~]# telnet 10.0.0.1 443 Trying 10.0.0.1... Connected to 10.0.0.1. Escape character is '^]'.
三、配置私有仓库secret
kubectl create secret docker-registry my-registry \ --docker-server=registry.my-registry.com \ --docker-username=admin \ --docker-password=123456
四、创建验证POD资源
mkdir /data/yaml cat > /data/yaml/busybox.yaml << EOF apiVersion: apps/v1 kind: Deployment metadata: name: busybox namespace: default spec: selector: matchLabels: app: busybox replicas: 1 template: metadata: labels: app: busybox spec: imagePullSecrets: - name: my-registry containers: - name: busybox image: registry.my-registry.com/basisimage/busybox:latest command: [ "tail","-f","/dev/null"] EOF
kubectl apply -f /data/yaml/busybox.yaml
五、查看资源是否能成功创建
[root@k8s-master01 src]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES busybox-667f4b774c-jsrlx 1/1 Running 0 9s 172.16.0.244 k8s-node01 <none> <none>
六、 验证kubernetes解析
[root@k8s-master01 src]# kubectl exec busybox-667f4b774c-jsrlx -n default -- nslookup kubernetes.default.svc.cluster.local Server: 10.0.0.2 Address: 10.0.0.2:53 Name: kubernetes.default.svc.cluster.local Address: 10.0.0.1
七、解析其他名称空间
[root@k8s-master01 src]# kubectl exec busybox-667f4b774c-jsrlx -n default -- nslookup coredns.kube-system.svc.cluster.local Server: 10.0.0.2 Address: 10.0.0.2:53 Name: coredns.kube-system.svc.cluster.local Address: 10.0.0.2 [root@k8s-master01 src]# kubectl exec busybox-667f4b774c-jsrlx -n default -- nslookup metrics-server.kube-system.svc.cluster.local Server: 10.0.0.2 Address: 10.0.0.2:53 Name: metrics-server.kube-system.svc.cluster.local Address: 10.0.165.224
八、部署多节点,验证是否分部在不同的节点上。
[root@k8s-master01 src]# kubectl scale deploy busybox --replicas=2 deployment.apps/busybox scalednone> <none> [root@k8s-master01 src]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES busybox-667f4b774c-8mvcr 1/1 Running 0 13s 172.16.2.52 k8s-master03 <none> <none> busybox-667f4b774c-jsrlx 1/1 Running 0 3m44s 172.16.0.244 k8s-node01 <none> <none>
九、设置master节点为不可调度
kubectl drain k8s-master01 k8s-master02 k8s-master03 --ignore-daemonsets --delete-emptydir-data
查看pod调度情况
[root@k8s-master01 src]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES busybox-667f4b774c-9sf94 1/1 Running 0 35s 172.16.1.39 k8s-node02 <none> <none> busybox-667f4b774c-jsrlx 1/1 Running 0 5m44s 172.16.0.244 k8s-node01 <none> <none>
设置节点为可调度
kubectl uncordon <node name>
十、部署nginx验证nodeport方式访问
cat > /data/yaml/nginx.yaml <<EOF apiVersion: apps/v1 kind: Deployment metadata: name: nginx namespace: default spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: imagePullSecrets: - name: my-registry containers: - name: nginx image: registry.my-resgistry.com/basisimage/php-fpm-nginx:1.26.3 env: - name: TZ value: Asia/Shanghai ports: - containerPort: 80 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 20m memory: 200Mi restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: nginx namespace: default labels: app: nginx spec: ports: - name: nginx port: 80 protocol: TCP targetPort: 80 nodePort: 41988 selector: app: nginx type: NodePort EOF
kubectl apply -f /data/yaml/nginx.yaml
浏览器访问:
http://192.168.110.20:41988/
十一、验证ingress
创建traefik独有的ingressroute资源
mkdir -p /data/yaml/ingressroute
cat > /data/yaml/ingressroute/ingressroute.yaml <<EOF apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: ingress-route namespace: kube-system spec: entryPoints: - web routes: - match: Host(\`test1.example.com\`) kind: Rule services: - name: nginx namespace: default port: 80 EOF
kubectl apply -f /data/yaml/ingressroute/ingressroute.yaml
查看traefik端口
[root@k8s-master01 yaml]# kubectl get svc -n kube-system | grep traefik traefik LoadBalancer 10.0.53.174 <pending> 80:49610/TCP,443:32774/TCP 12m
验证
curl -H "Host: test1.example.com" http://192.168.110.20:49610 -v
IngressRote配置示例
跨namespace、路由url转发示例
apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: ingress-route namespace: kube-system spec: entryPoints: - web routes: - match: Host(`test1.example.com`) kind: Rule services: - name: nginx namespace: default port: 80 - match: Host(`test2.example.com`) kind: Rule services: - name: nginx namespace: test port: 80 # 路由规则:/api 转发至 test 的 nginx-api - match: Host(`api.example.com`) && PathPrefix(`/api`) kind: Rule services: - name: nginx-api namespace: test port: 80
重写示例
创建middlewares资源
apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: test-prefix namespace: kube-system spec: stripPrefix: prefixes: - /app EOF
引用重写,移除路径前缀(确保 /app不传递到后端服务)
apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: ingress-route namespace: kube-system spec: entryPoints: - web routes: - match: Host(`test.example.com`) && PathPrefix(`/app`) kind: Rule services: - name: nginx namespace: test port: 80 middlewares: - name: test-prefix namespace: kube-system
浙公网安备 33010602011771号