####### NodePort
[08:34:10 root@master1 service]#kubectl create deployment my-nginx --image=10.0.0.55:80/mykubernetes/pod_test:v0.1 --replicas=4
deployment.apps/my-nginx created
[08:34:15 root@master1 service]#kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
my-nginx 4/4 4 4 11s
[08:34:26 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 18s 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 18s 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 18s 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 18s 10.244.4.76 node2.noisedu.cn <none> <none>
[08:34:33 root@master1 service]#kubectl get pod -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
my-nginx-7678697fc-dgjwm 1/1 Running 0 28s 10.244.4.77 node2.noisedu.cn <none> <none> app=my-nginx,pod-template-hash=7678697fc
my-nginx-7678697fc-lvlsd 1/1 Running 0 28s 10.244.3.39 node1.noisedu.cn <none> <none> app=my-nginx,pod-template-hash=7678697fc
my-nginx-7678697fc-nbfx4 1/1 Running 0 28s 10.244.3.38 node1.noisedu.cn <none> <none> app=my-nginx,pod-template-hash=7678697fc
my-nginx-7678697fc-tgpjn 1/1 Running 0 28s 10.244.4.76 node2.noisedu.cn <none> <none> app=my-nginx,pod-template-hash=7678697fc
[08:36:16 root@master1 service]#curl 10.244.4.77
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:36:49 root@master1 service]#curl 10.244.3.39
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:36:55 root@master1 service]#curl 10.244.3.38
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:36:58 root@master1 service]#curl 10.244.4.76
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
# 使用service,实现统一管理及负载均衡
[08:34:43 root@master1 service]#cat 01-service-test-nodePort.yml
kind: Service
apiVersion: v1
metadata:
name: service-test1
spec:
type: NodePort
selector:
app: my-nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 30089
[08:37:03 root@master1 service]#kubectl apply -f 01-service-test-nodePort.yml
service/service-test1 created
[08:37:47 root@master1 service]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
service-test1 NodePort 10.100.98.41 <none> 80:30089/TCP 4s
[08:37:51 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 3m46s 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 3m46s 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 3m46s 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 3m46s 10.244.4.76 node2.noisedu.cn <none> <none>
#集群内部访问
[08:38:01 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:38:15 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:38:16 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:38:17 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:38:17 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:38:19 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:38:23 root@master1 service]#curl 10.100.98.41
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
#集群外部通过宿主机IP 10.0.0.50 + nodePort - 30089访问
[08:39:51 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:39:58 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:39:59 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:40:00 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:40:00 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:40:00 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:40:01 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
==============================================
####### 无NodePort实验
# 删除NodePort的svc
[08:38:37 root@master1 service]#kubectl delete -f 01-service-test-nodePort.yml
service "service-test1" deleted
[08:41:37 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 7m29s 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 7m29s 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 7m29s 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 7m29s 10.244.4.76 node2.noisedu.cn <none> <none>
[08:41:44 root@master1 service]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
# 开始配置ClusterIP
[08:41:49 root@master1 service]#cat 01-service-test.yml
kind: Service
apiVersion: v1
metadata:
name: service-test
spec:
selector:
app: my-nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
[08:42:35 root@master1 service]#kubectl apply -f 01-service-test.yml
service/service-test created
[08:42:54 root@master1 service]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
service-test ClusterIP 10.100.125.123 <none> 80/TCP 4s
[08:42:58 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 8m48s 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 8m48s 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 8m48s 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 8m48s 10.244.4.76 node2.noisedu.cn <none> <none>
[08:41:49 root@master1 service]#cat 01-service-test.yml
kind: Service
apiVersion: v1
metadata:
name: service-test
spec:
selector:
app: my-nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
[08:42:35 root@master1 service]#kubectl apply -f 01-service-test.yml
service/service-test created
[08:42:54 root@master1 service]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
service-test ClusterIP 10.100.125.123 <none> 80/TCP 4s
[08:42:58 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 8m48s 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 8m48s 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 8m48s 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 8m48s 10.244.4.76 node2.noisedu.cn <none> <none>
# 集群内部访问没问题
[08:43:03 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:44:05 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:44:06 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:44:07 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:44:07 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:44:07 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:44:08 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:44:09 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:44:13 root@master1 service]#curl 10.100.125.123
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
#集群外部访问,由于没有相应的端口暴露,所以拒绝
[08:41:23 root@hakeepalvied2 ~]#curl 10.0.0.50:30089
curl: (7) Failed to connect to 10.0.0.50 port 30089: Connection refused
[08:44:39 root@hakeepalvied2 ~]#curl 10.0.0.50
curl: (7) Failed to connect to 10.0.0.50 port 80: Connection refused
#### 多端口暴露
[08:47:36 root@master1 service]#cat 02-service-mul-port.yaml
kind: Service
apiVersion: v1
metadata:
name: service-test-duo
spec:
selector:
app: my-nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
- name: https
protocol: TCP
port: 443
targetPort: 443
[08:47:46 root@master1 service]#kubectl apply -f 02-service-mul-port.yaml
service/service-test-duo created
[08:48:25 root@master1 service]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13d
service-test-duo ClusterIP 10.108.138.19 <none> 80/TCP,443/TCP 3s
[08:48:28 root@master1 service]#kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-7678697fc-dgjwm 1/1 Running 0 14m 10.244.4.77 node2.noisedu.cn <none> <none>
my-nginx-7678697fc-lvlsd 1/1 Running 0 14m 10.244.3.39 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-nbfx4 1/1 Running 0 14m 10.244.3.38 node1.noisedu.cn <none> <none>
my-nginx-7678697fc-tgpjn 1/1 Running 0 14m 10.244.4.76 node2.noisedu.cn <none> <none>
# 使用http访问
[08:48:34 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:49:20 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:49:21 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:49:21 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-dgjwm, ServerIP: 10.244.4.77!
[08:49:22 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:49:22 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-nbfx4, ServerIP: 10.244.3.38!
[08:49:23 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-lvlsd, ServerIP: 10.244.3.39!
[08:49:23 root@master1 service]#curl 10.108.138.19
kubernetes pod-test v0.1!! ClientIP: 10.0.0.50, ServerName: my-nginx-7678697fc-tgpjn, ServerIP: 10.244.4.76!
[08:49:24 root@master1 service]#curl 10.108.138.19
# 使用https访问,此项需要后端nginx开启端口443,若未开启,则会如下图所示
[08:49:24 root@master1 service]#curl -v -k https://10.108.138.19
* Rebuilt URL to: https://10.108.138.19/
* Trying 10.108.138.19...
* TCP_NODELAY set
* connect to 10.108.138.19 port 443 failed: Connection refused
* Failed to connect to 10.108.138.19 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.108.138.19 port 443: Connection refused
# 下面两个yaml文件同上述实验效果一直
[08:58:26 root@master1 service]#cat 03-service-nodeport.yml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- port: 80
nodePort: 30099
selector:
app: my-nginx
[08:59:09 root@master1 service]#cat 04-service-nodeport-local.yml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
externalTrafficPolicy: Local
ports:
- port: 80
nodePort: 30099
selector:
app: my-nginx
# 特别注意 externalTrafficPolicy选项,分local和cluster分发策略
[08:55:45 root@master1 service]#kubectl explain service.spec.externalTrafficPolicy
KIND: Service
VERSION: v1
FIELD: externalTrafficPolicy <string>
DESCRIPTION:
externalTrafficPolicy denotes if this Service desires to route external
traffic to node-local or cluster-wide endpoints. "Local" preserves the
client source IP and avoids a second hop for LoadBalancer and Nodeport type
services, but risks potentially imbalanced traffic spreading. "Cluster"
obscures the client source IP and may cause a second hop to another node,
but should have good overall load-spreading.
浙公网安备 33010602011771号