minikube & kubernetes 动手指南
文章目录
“Minikube 可快速设置部署 Kubernetes 集群,专注于让 Kubernetes 易于学习和开发。”
1. 准备
- Centos 7.9.2009 系统
$ cat /etc/resolv.conf
nameserver 8.8.8.8
配置主机名
hostnanmectl set-hostname minikube1
路由转发
cat <<EOF>> /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables=1
关闭swap
swapoff -a
2. 安装依赖 tools
配置 linux yum 源
yum -y update
yum -y install apt-transport-https ca-certificates curl software-properties-common conntrack
3. 安装 docker
你可以根据 docker 官方寻找合适的安装方式
配置docker-ce源
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
查看docker-ce版本
yum list docker-ce --showduplicates | sort -r
安装
yum -y install docker-ce docker-ce-cli containerd.io
配置docker
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true,
"dns": ["8.8.8.8"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "5"
},
"registry-mirrors": [
"https://ckdhnbk9.mirror.aliyuncs.com",
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com"
]
}
EOF
启动 docker
systemctl daemon-reload && systemctl start docker && systemctl enable docker
查看docker版本
$ docker version
Client: Docker Engine - Community
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:49:57 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:48:24 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
4. 安装 minikube
你可以根据 minikube 官方安装寻找适合自己的环境。
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
chmod 755 minikube-linux-amd64
mv minikube-linux-amd64 /usr/bin/minikube
ln -s /usr/bin/minikube /usr/local/bin/
查看版本
$ minikube version
minikube version: v1.25.2
commit: 362d5fdc0a3dbee389b3d3f1034e8023e72bd3a7
我使用的 minikube 版本 v1.25.2
,当前(2022.11.30
) minikube
最新版本已经是 v1.28.0
,最新版本部署k8s步骤存在更多依赖,例如:cri-docker、crictl,有点麻烦。具体步骤参考centos(7.9) minikube(v1.28.0) kaniko 构建镜像
5. 安装 kubectl
我这里使用阿里云 yum
源安装 kubectl
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum -y install kubectl
查看版本
$ kubectl version --client -o json
{
"clientVersion": {
"major": "1",
"minor": "23",
"gitVersion": "v1.23.5",
"gitCommit": "c285e781331a3785a7f436042c65c5641ce8a9e9",
"gitTreeState": "clean",
"buildDate": "2022-03-16T15:58:47Z",
"goVersion": "go1.17.8",
"compiler": "gc",
"platform": "linux/amd64"
}
}
6. minikube 创建 kubernetes 集群
由于非科学网络环境的影响,没有参数它会报以下错误:
minikube start
* Centos 7.9.2009 上的 minikube v1.25.2
* 自动选择 docker 驱动。其他选项:none, ssh
* The "docker" driver should not be used with root privileges.
* If you are running minikube within a VM, consider using --driver=none:
* https://minikube.sigs.k8s.io/docs/reference/drivers/none/
X Exiting due to DRV_AS_ROOT: The "docker" driver should not be used with root privileges.
正确但不是唯一的方式:
minikube start --vm-driver=none --image-mirror-country=cn --registry-mirror='https://ckdhnbk9.mirror.aliyuncs.com' --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers'
输出:
* Centos 7.9.2009 上的 minikube v1.25.2
* 根据用户配置使用 none 驱动程序
X Requested memory allocation (1819MB) is less than the recommended minimum 1900MB. Deployments may fail.
X The requested memory allocation of 1819MiB does not leave room for system overhead (total system memory: 1819MiB). You may face stability issues.
* 建议:Start minikube with less memory allocated: 'minikube start --memory=1819mb'
* 正在使用镜像存储库 registry.cn-hangzhou.aliyuncs.com/google_containers
* Starting control plane node minikube in cluster minikube
* Running on localhost (CPUs=4, Memory=1819MB, Disk=17394MB) ...
* OS release is CentOS Linux 7 (Core)
* 正在 Docker 20.10.14 中准备 Kubernetes v1.23.3…
- kubelet.housekeeping-interval=5m
> kubeadm.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s
> kubelet.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s
> kubectl.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s
> kubeadm: 43.12 MiB / 43.12 MiB [---------------] 100.00% 1.23 MiB p/s 35s
> kubectl: 44.43 MiB / 44.43 MiB [---------------] 100.00% 1.03 MiB p/s 43s
> kubelet: 118.75 MiB / 118.75 MiB [-------------] 100.00% 2.12 MiB p/s 56s
- Generating certificates and keys ...
- Booting up control plane ...
- Configuring RBAC rules ...
* 开始配置本地主机环境...
*
! The 'none' driver is designed for experts who need to integrate with an existing VM
* Most users should use the newer 'docker' driver instead, which does not require root!
* For more information, see: https://minikube.sigs.k8s.io/docs/reference/drivers/none/
*
! kubectl 和 minikube 配置将存储在 /root 中
! 如需以您自己的用户身份使用 kubectl 或 minikube 命令,您可能需要重新定位该命令。例如,如需覆盖您的自定义设置,请运行:
*
- sudo mv /root/.kube /root/.minikube $HOME
- sudo chown -R $USER $HOME/.kube $HOME/.minikube
*
* 此操作还可通过设置环境变量 CHANGE_MINIKUBE_NONE_USER=true 自动完成
* Verifying Kubernetes components...
- Using image registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner:v5
* Enabled addons: default-storageclass, storage-provisioner
* Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
根据环境不同,定制配置不同,可以自定义添加一些参数配置,例如
#尝试指定不同的 minikube 版本
minikube start --vm-driver=none --image-mirror-country=cn --registry-mirror='https://ckdhnbk9.mirror.aliyuncs.com' --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers' --kubernetes-version=v1.23.8
#启动minikube时使用虚拟机驱动程序和“docker”容器运行时(如果尚未运行)。
minikube start --container-runtime=docker --vm=true
# 添加 网络插件 calico
minikube start --vm-driver=none --network-plugin=cni --cni=calico
.....
7. 查看
7.1 查看集群配置信息
$ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority: /root/.minikube/ca.crt
extensions:
- extension:
last-update: Mon, 28 Mar 2022 17:20:36 CST
provider: minikube.sigs.k8s.io
version: v1.25.2
name: cluster_info
server: https://192.168.211.51:8443
name: minikube
contexts:
- context:
cluster: minikube
extensions:
- extension:
last-update: Mon, 28 Mar 2022 17:20:36 CST
provider: minikube.sigs.k8s.io
version: v1.25.2
name: context_info
namespace: default
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /root/.minikube/profiles/minikube/client.crt
client-key: /root/.minikube/profiles/minikube/client.key
7.2 查看集群状态
$ minikube status
minikube
type: Control Plane
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured
7.3 查看 node
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready control-plane,master 5m24s v1.23.3
7.4 查看 pod
$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-65c54cc984-2cf5f 1/1 Running 0 5m48s
kube-system etcd-localhost.localdomain 1/1 Running 0 6m2s
kube-system kube-apiserver-localhost.localdomain 1/1 Running 0 6m
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 6m
kube-system kube-proxy-khn4n 1/1 Running 0 5m49s
kube-system kube-scheduler-localhost.localdomain 1/1 Running 0 6m
kube-system storage-provisioner 1/1 Running 0 5m58s
前面加一个minikube
也可以。
minikube kubectl -- get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default kaniko 0/1 Completed 0 8h
kube-system coredns-65c54cc984-xc4v4 1/1 Running 0 19h
kube-system etcd-minikube1 1/1 Running 0 19h
kube-system kube-apiserver-minikube1 1/1 Running 0 19h
kube-system kube-controller-manager-minikube1 1/1 Running 0 19h
kube-system kube-proxy-n82vp 1/1 Running 0 19h
kube-system kube-scheduler-minikube1 1/1 Running 0 19h
kube-system storage-provisioner 1/1 Running 0 19h
kubernetes-dashboard dashboard-metrics-scraper-57d8d5b8b8-zhtjq 1/1 Running 0 45m
kubernetes-dashboard kubernetes-dashboard-6f75b5c656-dxr87 1/1 Running 0 45m
7.5 查看集群信息
$ kubectl cluster-info
Kubernetes control plane is running at https://192.168.211.51:8443
CoreDNS is running at https://192.168.211.51:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
7.6 查看集群ip
$ minikube ip
192.168.211.51
7.7 查看插件
$ minikube addons list
|-----------------------------|----------|--------------|--------------------------------|
| ADDON NAME | PROFILE | STATUS | MAINTAINER |
|-----------------------------|----------|--------------|--------------------------------|
| ambassador | minikube | disabled | third-party (ambassador) |
| auto-pause | minikube | disabled | google |
| csi-hostpath-driver | minikube | disabled | kubernetes |
| dashboard | minikube | disabled | kubernetes |
| default-storageclass | minikube | enabled ✅ | kubernetes |
| efk | minikube | disabled | third-party (elastic) |
| freshpod | minikube | disabled | google |
| gcp-auth | minikube | disabled | google |
| gvisor | minikube | disabled | google |
| helm-tiller | minikube | disabled | third-party (helm) |
| ingress | minikube | disabled | unknown (third-party) |
| ingress-dns | minikube | disabled | google |
| istio | minikube | disabled | third-party (istio) |
| istio-provisioner | minikube | disabled | third-party (istio) |
| kong | minikube | disabled | third-party (Kong HQ) |
| kubevirt | minikube | disabled | third-party (kubevirt) |
| logviewer | minikube | disabled | unknown (third-party) |
| metallb | minikube | disabled | third-party (metallb) |
| metrics-server | minikube | disabled | kubernetes |
| nvidia-driver-installer | minikube | disabled | google |
| nvidia-gpu-device-plugin | minikube | disabled | third-party (nvidia) |
| olm | minikube | disabled | third-party (operator |
| | | | framework) |
| pod-security-policy | minikube | disabled | unknown (third-party) |
| portainer | minikube | disabled | portainer.io |
| registry | minikube | disabled | google |
| registry-aliases | minikube | disabled | unknown (third-party) |
| registry-creds | minikube | disabled | third-party (upmc enterprises) |
| storage-provisioner | minikube | enabled ✅ | google |
| storage-provisioner-gluster | minikube | disabled | unknown (third-party) |
| volumesnapshots | minikube | disabled | kubernetes |
|-----------------------------|----------|--------------|--------------------------------|
7.8 查看日志
minikube logs
8. 常用操作
8.1 进入集群节点
minikube ssh
8.2 停止集群
minikube stop
8.3 启动集群
minikube start
8.4 删除集群
minikube delete
minikube delete --all
8.5 暂停集群
但不影响已部署的应用程序
minikube pause
8.5 取消暂停
minikube unpause
8.6 修改默认内存限制
minikube config set memory 9001
9. 部署 Ingress
启用Ingress
插件
$ minikube addons enable ingress
🔎 Verifying ingress addon...
🌟 The 'ingress' addon is enabled
查看 pod
$ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-6hf47 0/1 Completed 0 91s
ingress-nginx-admission-patch-5dpqz 0/1 Completed 0 91s
ingress-nginx-controller-6cfb67d797-gqj98 1/1 Running 0 91s
10.管理 dashboard
Dashboard 是一个基于 Web 的 Kubernetes 用户界面。您可以使用它来:
- 将容器化应用程序部署到 Kubernetes 集群
- 对您的容器化应用程序进行故障排除
- 管理集群资源
- 概览在您的集群上运行的应用程序
- 创建或修改单个 Kubernetes 资源(例如 Deployment、Jobs、DaemonSets 等)
例如,您可以使用部署向导扩展部署、启动滚动更新、重新启动 pod 或部署新应用程序。
10.1 创建 dashboard
minikube dashboard
输出:
🔌 Enabling dashboard ...
▪ Using image docker.io/kubernetesui/dashboard:v2.7.0
▪ Using image docker.io/kubernetesui/metrics-scraper:v1.0.8
💡 Some dashboard features require the metrics-server addon. To enable all features please run:
minikube addons enable metrics-server
🤔 Verifying dashboard health ...
🚀 Launching proxy ...
🤔 Verifying proxy health ...
http://127.0.0.1:43995/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
当然,我们可以指定喜欢的端口(port)
$ minikube dashboard --port 8081
🤔 Verifying dashboard health ...
🚀 Launching proxy ...
🤔 Verifying proxy health ...
http://127.0.0.1:8081/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
这将启用 dashboard 插件,并在默认 Web 浏览器中打开代理。
要停止代理(使仪表板保持运行),请中止已启动的进程 ( Ctrl+C
)。
查看 dashboard
是否启动正常
$ kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-57d8d5b8b8-zhtjq 1/1 Running 0 126m
pod/kubernetes-dashboard-6f75b5c656-dxr87 1/1 Running 0 126m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.97.77.170 <none> 8000/TCP 126m
service/kubernetes-dashboard ClusterIP 10.101.172.254 <none> 80/TCP 126m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 126m
deployment.apps/kubernetes-dashboard 1/1 1 1 126m
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-57d8d5b8b8 1 1 1 126m
replicaset.apps/kubernetes-dashboard-6f75b5c656 1 1 1 126m
查看界面 URL
$ minikube dashboard --url
🤔 Verifying dashboard health ...
🚀 Launching proxy ...
🤔 Verifying proxy health ...
http://127.0.0.1:43995/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
10.2 访问 API
访问 dashboard API
资源
$ curl http://127.0.0.1:43995/
{
"paths": [
"/.well-known/openid-configuration",
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apps",
"/apis/apps/v1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1",
"/apis/coordination.k8s.io",
"/apis/coordination.k8s.io/v1",
"/apis/discovery.k8s.io",
"/apis/discovery.k8s.io/v1",
"/apis/discovery.k8s.io/v1beta1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1",
"/apis/events.k8s.io/v1beta1",
"/apis/flowcontrol.apiserver.k8s.io",
"/apis/flowcontrol.apiserver.k8s.io/v1beta1",
"/apis/flowcontrol.apiserver.k8s.io/v1beta2",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/node.k8s.io",
"/apis/node.k8s.io/v1",
"/apis/node.k8s.io/v1beta1",
"/apis/policy",
"/apis/policy/v1",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/aggregator-reload-proxy-client-cert",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/crd-informer-synced",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/priority-and-fairness-config-consumer",
"/healthz/poststarthook/priority-and-fairness-config-producer",
"/healthz/poststarthook/priority-and-fairness-filter",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-cluster-authentication-info-controller",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/livez",
"/livez/autoregister-completion",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/livez/poststarthook/aggregator-reload-proxy-client-cert",
"/livez/poststarthook/apiservice-openapi-controller",
"/livez/poststarthook/apiservice-registration-controller",
"/livez/poststarthook/apiservice-status-available-controller",
"/livez/poststarthook/bootstrap-controller",
"/livez/poststarthook/crd-informer-synced",
"/livez/poststarthook/generic-apiserver-start-informers",
"/livez/poststarthook/kube-apiserver-autoregistration",
"/livez/poststarthook/priority-and-fairness-config-consumer",
"/livez/poststarthook/priority-and-fairness-config-producer",
"/livez/poststarthook/priority-and-fairness-filter",
"/livez/poststarthook/rbac/bootstrap-roles",
"/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
"/livez/poststarthook/start-apiextensions-controllers",
"/livez/poststarthook/start-apiextensions-informers",
"/livez/poststarthook/start-cluster-authentication-info-controller",
"/livez/poststarthook/start-kube-aggregator-informers",
"/livez/poststarthook/start-kube-apiserver-admission-initializer",
"/logs",
"/metrics",
"/openapi/v2",
"/openid/v1/jwks",
"/readyz",
"/readyz/autoregister-completion",
"/readyz/etcd",
"/readyz/informer-sync",
"/readyz/log",
"/readyz/ping",
"/readyz/poststarthook/aggregator-reload-proxy-client-cert",
"/readyz/poststarthook/apiservice-openapi-controller",
"/readyz/poststarthook/apiservice-registration-controller",
"/readyz/poststarthook/apiservice-status-available-controller",
"/readyz/poststarthook/bootstrap-controller",
"/readyz/poststarthook/crd-informer-synced",
"/readyz/poststarthook/generic-apiserver-start-informers",
"/readyz/poststarthook/kube-apiserver-autoregistration",
"/readyz/poststarthook/priority-and-fairness-config-consumer",
"/readyz/poststarthook/priority-and-fairness-config-producer",
"/readyz/poststarthook/priority-and-fairness-filter",
"/readyz/poststarthook/rbac/bootstrap-roles",
"/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/readyz/poststarthook/start-apiextensions-controllers",
"/readyz/poststarthook/start-apiextensions-informers",
"/readyz/poststarthook/start-cluster-authentication-info-controller",
"/readyz/poststarthook/start-kube-aggregator-informers",
"/readyz/poststarthook/start-kube-apiserver-admission-initializer",
"/readyz/shutdown",
"/version"
]
}
例如,访问集群是否健康
$ curl http://127.0.0.1:8085/healthz
ok
10.3 域名访问
我准备中止已启动的进程 ( Ctrl+C
),实现通过域名访问 kubernetes-dashboard
,我们已经部署了ingress-controller
,只需要编写一个ingress
yaml文件即可。
dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: dashboard.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 80
创建为 dashboard-ingress
$ k apply -f dashboard-ingress.yaml
ingress.networking.k8s.io/dashboard-ingress created
注意:这里ADDRESS需要等待一段时间域名才能解析到主机地址
$ k get -n kubernetes-dashboard ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
dashboard-ingress nginx dashboard.com 80 23s
等到了
$ k get -n kubernetes-dashboard ingress --watch
NAME CLASS HOSTS ADDRESS PORTS AGE
dashboard-ingress nginx dashboard.com 192.168.10.25 80 11m
在主机hosts
文件添加此映射配置
cat <<EOF >> /etc/hosts
192.168.10.25 dashboard.com
EOF
windows
: 在 C:\Windows\System32\drivers\etc\hosts
添加192.168.10.25 dashboard.com
访问 dashboard.com
- 更多关于 kubernetes dashboard 内容请参考这篇文章
11. 部署应用
11.1 创建 NodePort
类型的deployment
kubectl create deployment hello-minikube --image=docker.io/nginx:1.23
kubectl expose deployment hello-minikube --type=NodePort --port=80
$ kubectl get services hello-minikube
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube NodePort 10.96.236.93 <none> 80:30578/TCP 60m
$ minikube service hello-minikube
|-----------|----------------|-------------|----------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|-----------|----------------|-------------|----------------------------|
| default | hello-minikube | 80 | http://192.168.10.25:30578 |
|-----------|----------------|-------------|----------------------------|
🎉 Opening service default/hello-minikube in default browser...
👉 http://192.168.10.25:30578
浏览器访问:
查询 URL
$ minikube service hello-minikube --url
http://192.168.10.25:30578
或者,使用kubectl
转发端口:
$ kubectl port-forward service/hello-minikube 7080:80
Forwarding from 127.0.0.1:7080 -> 80
Forwarding from [::1]:7080 -> 80
新打开一个终端:
$ curl 127.0.0.1:7080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
11.2 创建 LoadBalancer
类型的 deployment
当你想被集群外访问,创建 LoadBalancer
类型的 deployment
kubectl create deployment hello-minikube1 --image=docker.io/nginx:1.23
kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
查看svc
$ k get svc hello-minikube1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 LoadBalancer 10.101.92.170 <pending> 8080:31412/TCP 113s
pending,那么如何获取EXTERNAL-IP
minikube tunnel
作为一个进程运行,在主机上使用集群的IP地址作为网关创建到集群的服务CIDR
的网络路由。tunnel命令直接向主机操作系统上运行的任何程序公开外部IP。
$ minikube tunnel
Status:
machine: minikube
pid: 15915
route: 10.96.0.0/12 -> 192.168.10.25
minikube: Running
services: [hello-minikube1]
errors:
minikube: no errors
router: no errors
loadbalancer emulator: no errors
新打开一个终端
$ kubectl get svc hello-minikube1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 LoadBalancer 10.101.92.170 10.101.92.170 8080:31412/TCP 5m48s
在浏览器中打开(确保没有代理)
访问:http://REPLACE_WITH_EXTERNAL_IP:8080
虽然获取到了EXTERNAL_IP
,但访问测试没通,姿势不对。
讨论:
- Minikube - External IP not match host’s public IP
- Unable to access application through minikube tunnel
11.3 TLS 域名访问
创建证书
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
根据证书生成 secret
kubectl -n default create secret tls mkcert --key key.pem --cert cert.pem
创建 app 应用
kubectl create deployment hello-minikube1 --image=docker.io/nginx:1.23
kubectl expose deployment hello-minikube1 --port=80
查看 svc
$ k get svc hello-minikube1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube1 ClusterIP 10.99.155.128 <none> 80/TCP 8m10s
编写 tls-ingress-nginx
文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: secure-ingress-hello
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- minikube.nginx.com
secretName: mkcert
rules:
- host: minikube.nginx.com
http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello-minikube1
port:
number: 80
查看域名获取地址
$ k get ingress --watch
NAME CLASS HOSTS ADDRESS PORTS AGE
secure-ingress-hello nginx minikube.nginx.com 192.168.10.25 80, 443 9m43s
访问:https://minikube.nginx.com/hello
✈推荐阅读:
- 更多 Minikube 操作请参阅
- kind 部署 kubernetes 集群
- Minikube 在 Ubuntu 部署 Kubernetes
- Minikube 在 Centos 7 部署 Kubernetes
- kubeadm 部署 kubernetes 集群
- 云原生圣经