Networking (11%) [网络 占比 11%].
kubernetes.io > Documentation > Reference > kubectl CLI > kubectl cheat sheet
kubernetes.io > Documentation > Concepts > Cluster Administration > Cluster Networking
kubernetes.io > Documentation > Concepts > Services, Load Balancing , and Networking > Service
kubernetes.io > Documentation > Tasks > Access Application in a Cluster > Create an External Load Balancer
kubernetes.io > Documentation > Concepts > Services, Load Balancing , and Networking > Ingress
kubernetes.io > Documentation > Concepts > Services, Load Balancing, and Networking > DNS for Services and Pods
kubernetes.io > Documentation > Concepts > Cluster Administration > Installing Addons
Understand the networking configuration of the cluster nodes [理解集群节点的网络配置]
|
|
Understand Pod networking concepts [理解 Pod 网络概念]
|
|
Understand service networking
|
|
Deploy and configure network load balancer [部署并配置网络负载均衡]
show
apiVersion: v1
kind: Pod
metadata:
name: influxdb
labels:
name: influxdb
spec:
containers:
- name: influxdb
image: influxdb
ports:
- containerPort: 8086
apiVersion: v1
kind: Service
metadata:
name: influxdb
spec:
type: LoadBalancer
ports:
- port: 8086
selector:
name: influxdbKnow how to use Ingress rules [理解怎样使用 Ingress]
show
apiVersion: v1
kind: Namespace
metadata:
name: ingress-space
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-space
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: nginx-space
spec:
replicas: 1
selector:
matcherLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --default-backend-service=app-space/default-http-backend
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
filedRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https:
containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: ingress-service
namespace: ingress-space
spec:
type: NodePort
- port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
name: nginx-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: nginx-space
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- crete
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: nginx-space
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespace
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# 默认值为 "<election-id>-<ingress-class>"
# <ingress-controller-leader>-<nginx> 这里
# 当启动了 nginx-ingress-controller 时,
# 如果您更改了其中一个参数,则必须对其进行调整
- "ingress-controller-leader-nginx"
verbs:
- get
- updata
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: nginx-space
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rabac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-space
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-wear-watch
namespace: app-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubrenetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /wear
backend:
serviceName: wear-service
servicePort: 8080
- path: /watch
backend:
serviceName: video-service
servicePort: 8080
$ kubectl get ingress
$ kubectl describe ingress -n app-space
$ kubectl create ns ingress-space
$ kubectl create configmap nginx-configuration -n ingress-space
$ kubectl create serviceaccount ingress-serviceaccount -n ingress-space
$ kubectl get roles, rolebindings -n ingress-space
$ kubectl expose deployment -n ingress-space ingress-controller --type=NodePort --port=80 --name-ingress --dry-run -o yaml > ingress.yaml
Know how to configure and use the cluster DNS [理解怎样配置并使用集群 DNS]
show
$ curl http://web-service.apps.svc.cluster.local
$ curl http://10-10-10-5.apps.pod.cluster.local
$ cat /etc/coredns/Corefile
$ kubectl get configmap -n kube-system
$ kubectl get service -n kube-system
$ ps aux| grep coredns
# -conf /etc/coredns/Corefile
$ kubectl exec <coredns pod> -n kube-system ps
$ kubectl describe configmap coredns -n kube-system
$ kubectl set env deployment/webapp DB_Host=mysql.payroll
$ kubectl exec -it hr nslookup mysql.payroll > /root/nslookup.outUnderstand CNI [理解 CNI]
show
$ cat /etc/system/system.d/kubelet.service
# --network-plugin=cni \\
# --cni-bin-dir=/opt/cni/bin \\
# --cni-conf-dir=/etc/cni/net.d \\
$ ps -aux| grep -i kubelet
$ cat /etc/cni/net.d/net-script.conf
{
"cniversion": "0.2.0",
"name": "mynet",
"type": "net-script",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.0.0.0/16",
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
}
$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=${kubectl version | base64 | tr -d '\n'}"
# Weave CNi Range -> 10.32.0.0/12 10.32.0.1 - 10.47.255.254)
$ ip addr show weave
