		公网IP	内网IP	Pod容器实例IP	集群内ServiceIP
master	VM-16-14-centos	1...220	10.206.16.14	--pod-network-cidr=172.30.0.0/16	--service-cidr=10.254.0.0/16
k8s1/node1	VM-16-6-centos	175...214	10.206.16.6	---	---
k8s2/node2	VM-16-4-centos	1...4	10.206.16.4	---	---

一、创建deployment/pod nginx[master]

[root@VM-16-14-centos data]# vim nginx-dep.yml
[root@VM-16-14-centos data]# kubectl apply -f nginx-dep.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 10
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
        
        
[root@VM-16-14-centos data]# kubectl get pod -o wide
[root@VM-16-14-centos data]# kubectl get deploy -o wide

1.1、查看POD详情

[root@VM-16-14-centos data]# kubectl get pod -o wide
NAME                                READY   STATUS    RESTARTS   AGE     IP            NODE             NOMINATED NODE   READINESS GATES
nginx-deployment-7fb7fd49b4-72ww4   1/1     Running   0          8m19s   172.30.2.47   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-98ld6   1/1     Running   0          8m19s   172.30.2.40   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-9kvw8   1/1     Running   0          8m19s   172.30.2.38   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-csjdr   1/1     Running   0          8m19s   172.30.2.41   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-d8jbx   1/1     Running   0          8m19s   172.30.2.49   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-lcjkq   1/1     Running   0          8m19s   172.30.2.37   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-m64gg   1/1     Running   0          8m19s   172.30.2.39   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-mr7rt   1/1     Running   0          8m19s   172.30.2.51   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-rzwnl   1/1     Running   0          8m19s   172.30.2.43   vm-16-4-centos   <none>           <none>
nginx-deployment-7fb7fd49b4-zpcwp   1/1     Running   0          8m19s   172.30.2.36   vm-16-4-centos   <none>           <none>

[root@VM-16-14-centos data]# kubectl describe pod nginx
Name:         nginx-deployment-7fb7fd49b4-zpcwp
Namespace:    default
Priority:     0
Node:         vm-16-4-centos/10.206.16.4
Start Time:   Sun, 24 Oct 2021 18:36:39 +0800
Labels:       app=nginx
              pod-template-hash=7fb7fd49b4
Annotations:  <none>
Status:       Running
IP:           172.30.2.36
IPs:
  IP:           172.30.2.36
Controlled By:  ReplicaSet/nginx-deployment-7fb7fd49b4
Containers:
  nginx:
    Container ID:   docker://7bcc7cc02a256ce9e29a6774fcb2109e315764cc176e8eec3b652152da33f449
    Image:          nginx:alpine
    Image ID:       docker-pullable://nginx@sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sun, 24 Oct 2021 18:36:40 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-znzkv (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kube-api-access-znzkv:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  6m2s  default-scheduler  Successfully assigned default/nginx-deployment-7fb7fd49b4-zpcwp to vm-16-4-centos
  Normal  Pulled     6m1s  kubelet            Container image "nginx:alpine" already present on machine
  Normal  Created    6m1s  kubelet            Created container nginx
  Normal  Started    6m1s  kubelet            Started container nginx
  
[root@VM-16-14-centos data]# curl http://172.30.2.36
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
  
  
[root@VM-16-14-centos data]# kubectl exec -it nginx-deployment-7fb7fd49b4-zpcwp  sh
  
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1/nginx: master pro
tcp        0      0 :::80                   :::*                    LISTEN      1/nginx: master pro

  / # wget -q -O - localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ #

/etc/nginx/conf.d # nginx -version
nginx version: nginx/1.21.3

    / # exit
  
[root@VM-16-14-centos data]# kubectl get pods -o wide -l 'app=nginx'

1.2、查看docker镜像

[root@VM-16-6-centos data]# docker search nginx
NAME                              DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
nginx                             Official build of Nginx.                        15698     [OK]

[root@VM-16-6-centos data]# docker images -a
REPOSITORY                                       TAG       IMAGE ID       CREATED        SIZE
quay.io/coreos/flannel                           v0.15.0   09b38f011a29   5 days ago     69.5MB
rancher/mirrored-flannelcni-flannel-cni-plugin   v1.2      98660e6e4c3a   12 days ago    8.98MB
k8s.gcr.io/kube-apiserver                        v1.22.2   e64579b7d886   5 weeks ago    128MB
k8s.gcr.io/kube-controller-manager               v1.22.2   5425bcbd23c5   5 weeks ago    122MB
k8s.gcr.io/kube-scheduler                        v1.22.2   b51ddc1014b0   5 weeks ago    52.7MB
k8s.gcr.io/kube-proxy                            v1.22.2   873127efbc8a   5 weeks ago    104MB
nginx                                            alpine    513f9a9d8748   6 weeks ago    22.9MB
k8s.gcr.io/etcd                                  3.5.0-0   004811815584   4 months ago   295MB
k8s.gcr.io/coredns/coredns                       v1.8.4    8d147537fb7d   4 months ago   47.6MB
k8s.gcr.io/pause                                 3.5       ed210e3e4a5b   7 months ago   683kB

[root@VM-16-6-centos data]# docker images nginx
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
nginx        alpine    513f9a9d8748   6 weeks ago   22.9MB

1.2.1、查看某镜像所有版本/tag

www.jianshu.com/p/f974ec9e7…

[root@VM-16-6-centos data]# vim list_image_tags_v2.sh

#!/bin/bash

repo_url=https://registry.hub.docker.com/v2/repositories/library
image_name=$1

curl -L -s ${repo_url}/${image_name}/tags?page_size=1024 | jq '.results[]["name"]' | sed 's/\"//g' | sort -u


[root@VM-16-6-centos data]# chmod +x list_image_tags_v2.sh

[root@VM-16-6-centos data]# ./list_image_tags_v2.sh nginx

[root@VM-16-14-centos data]# vim nginx-dep.yml
        image: nginx:stable
        
[root@VM-16-14-centos data]# kubectl apply -f nginx-dep.yml
    [root@VM-16-14-centos data]# kubectl exec -it nginx-deployment-5ff58d798d-zvndq  sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
# nginx -version
nginx version: nginx/1.20.1      

[root@VM-16-6-centos data]# docker images
REPOSITORY                                       TAG       IMAGE ID       CREATED        SIZE
quay.io/coreos/flannel                           v0.15.0   09b38f011a29   5 days ago     69.5MB
nginx                                            stable    c8d03f6b8b91   12 days ago    133MB
rancher/mirrored-flannelcni-flannel-cni-plugin   v1.2      98660e6e4c3a   12 days ago    8.98MB
k8s.gcr.io/kube-apiserver                        v1.22.2   e64579b7d886   5 weeks ago    128MB
k8s.gcr.io/kube-controller-manager               v1.22.2   5425bcbd23c5   5 weeks ago    122MB
k8s.gcr.io/kube-proxy                            v1.22.2   873127efbc8a   5 weeks ago    104MB
k8s.gcr.io/kube-scheduler                        v1.22.2   b51ddc1014b0   5 weeks ago    52.7MB
nginx                                            alpine    513f9a9d8748   6 weeks ago    22.9MB
k8s.gcr.io/etcd                                  3.5.0-0   004811815584   4 months ago   295MB
k8s.gcr.io/coredns/coredns                       v1.8.4    8d147537fb7d   4 months ago   47.6MB
k8s.gcr.io/pause                                 3.5       ed210e3e4a5b   7 months ago   683kB

[root@VM-16-14-centos data]# kubectl get pods -o wide -l 'app=nginx'

二、创建service[master]

ClusterIp：默认值，它是K8S系统自动分配的虚拟IP，只能在集群内部访问
NodePort：将Service通过指定的Node上的端口暴露给外部，通过此方法，就可以在集群外部访问服务
LoadBalancer：使用外接负载均衡器完成到服务的负载分发，注意此模式需要外部云环境支持
ExternalName：把集群外部的服务引入到集群内部直接使用

	deployment	service
	POD	ClusterIP模式[纯集群内]	NodePort模式 port: #前端18080[集群内] targetPort: #后端	NodePort模式 port: #前端18080[集群内] targetPort: #后端 nodePort: #后端[相比targetPort随机端口、固定了后端端口]
master	POD IP+端口 http://172.30.2.36	ClusterIP+端口 http://10.254.169.166	ClusterIP+svc[前端]http://10.254.60.124:18080 本机IP+svc[后端][Node本身listen、可云直接访问]http://localhost:32073[配置文件里的targetPort被劫持不可访问]	ClusterIP+svc[前端]http://10.254.60.124:18080本机IP+svc[后端、固定端口][Node本身listen、可云直接访问]http://localhost:30001[配置文件里的nodePort端口]
k8s1/node1
k8s2/node2

2.1、ClusterIP

clusterIP → kube-proxy → 轮询至pod

[root@VM-16-14-centos data]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.254.0.1   <none>        443/TCP   145m
[root@VM-16-14-centos data]#

[root@VM-16-14-centos data]# vim nginx-svc.yml
apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
spec:
  type: ClusterIP       #svc类型  就算不指定默认也是ClusterIP
  selector:		#匹配如下标签的pod来进行访问，匹配不到是访问不了的 这里起作用的就是selector(选择器)
    app: nginx
    #release: stabel
  ports:
  - name: http
    port: 80            #前端访问端口
    targetPort: 80      #后端真实服务使用端口

[root@VM-16-14-centos data]# kubectl apply -f nginx-svc.yml

[root@VM-16-14-centos data]# kubectl get svc -o wide
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE    SELECTOR
kubernetes   ClusterIP   10.254.0.1       <none>        443/TCP   151m   <none>
nginx        ClusterIP   10.254.169.166   <none>        80/TCP    36s    app=nginx,release=stabel

2.1.1、pod实时日志查看

[root@VM-16-14-centos data]# kubectl get pods -o wide -l 'app=nginx' --show-labels

[root@VM-16-14-centos data]# curl http://10.254.169.166

[root@VM-16-14-centos ~]# kubectl logs -f nginx-deployment-5ff58d798d-gq4fl

2.2、NodePort

NodePort模式，访问方式 http://10.254.60.124:18080 ClusterIP:port。且 targetPort 必须为后端pod端口、真实有效；
NodePort模式，在get svc 中。18080:32073 ，其中18080为前端访问端口，32073为随机生成，且不可访问，且与svc配置的targetPort并不对应

[root@VM-16-14-centos data]# cp nginx-svc.yml nginx-svc-nodeport.yml
[root@VM-16-14-centos data]# vim nginx-svc-nodeport.yml
apiVersion: v1
kind: Service
metadata:
  name: nginx-nodeport
  namespace: default
spec:
  type: NodePort #svc类型  就算不指定默认也是ClusterIP
  selector:		#匹配如下标签的pod来进行访问，匹配不到是访问不了的 这里起作用的就是selector(选择器)
    app: nginx-alpine
    #    release: stabel
  ports:
  - name: http
    port: 18080            #前端访问端口
    targetPort: 80      #后端真实服务使用端口
    
[root@VM-16-14-centos data]# kubectl apply -f nginx-svc-nodeport.yml

[root@VM-16-14-centos data]# kubectl get svc -o wide
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE     SELECTOR
kubernetes       ClusterIP   10.254.0.1       <none>        443/TCP           5h22m   <none>
nginx            ClusterIP   10.254.169.166   <none>        80/TCP            171m    app=nginx
nginx-nodeport   NodePort    10.254.60.124    <none>        18080:32073/TCP   131m    app=nginx

NodePort模式，master/node1/node2 ，均listen了 32073端口[svc 后端口]，且可通过localhost访问该端口。且自身的80不可直接被访问。即32073替代了80被访问
NodePort模式，master/node1/node2，均可通过CLUSTER-IP以及前端口[svc] 被访问


[root@VM-16-6-centos ~]# netstat -antp | grep 32073
tcp        0      0 0.0.0.0:32073           0.0.0.0:*               LISTEN      68684/kube-proxy
[root@VM-16-6-centos ~]# curl http://localhost:32073
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


[root@VM-16-4-centos ~]# netstat -antp | grep 32073
tcp        0      0 0.0.0.0:32073           0.0.0.0:*               LISTEN      58718/kube-proxy
[root@VM-16-4-centos ~]# curl http://localhost:32073
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


[root@VM-16-14-centos data]# netstat -antp | grep 32073
tcp        0      0 0.0.0.0:32073           0.0.0.0:*               LISTEN      75596/kube-proxy
[root@VM-16-14-centos data]# curl http://localhost:32073
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

2.3、NodePort[固定后端端口]

增加nodePort后，[svc]里后端端口不再随机，而是固定。master/node1/node2 都可以通过 [root@VM-16-6-centos ~]# curl http://localhost:30001 来访问
当前[root@VM-16-6-centos ~]# curl http://10.254.60.124:18080 前端访问也是ok。
指定了NodePort，targetPort 算是无效了。

[root@VM-16-14-centos data]# vim nginx-svc-nodeport.yml

apiVersion: v1
kind: Service
metadata:
  name: nginx-nodeport
  namespace: default
spec:
  type: NodePort #svc类型  就算不指定默认也是ClusterIP
  selector:             #匹配如下标签的pod来进行访问，匹配不到是访问不了的 这里起作用的就是selector(选择器)
    app: nginx
    #    release: stabel
  ports:
  - name: http
    port: 18080            #前端访问端口
    targetPort: 80      #后端真实服务使用端口
    nodePort: 30001
    
[root@VM-16-14-centos data]# kubectl apply -f nginx-svc-nodeport.yml
service/nginx-nodeport configured
[root@VM-16-14-centos data]# kubectl get svc -o wide
NAME             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE     SELECTOR
kubernetes       ClusterIP   10.254.0.1       <none>        443/TCP           6h      <none>
nginx            ClusterIP   10.254.169.166   <none>        80/TCP            3h30m   app=nginx
nginx-nodeport   NodePort    10.254.60.124    <none>        18080:30001/TCP   170m    app=nginx

[svc]后端口。实际为在node上本机开启端口。在云环境。即可通过主机公网IP:后端口访问
http://1.13.164.4:30001/
http://1.13.15.220:30001/
http://175.27.158.214:30001/

[root@VM-16-14-centos data]# kubectl delete svc/nginx-nodeport

05 k8s deployment+service

一、创建deployment/pod nginx[master]

1.1、查看POD详情

1.2、查看docker镜像

1.2.1、查看某镜像所有版本/tag

二、创建service[master]

2.1、ClusterIP

2.1.1、pod实时日志查看

2.2、NodePort

2.3、NodePort[固定后端端口]