killercoda CKA:Services & Networking
1. Services & Networking - Services
# @author D瓜哥 · https://www.diguage.com
$ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-pod 1/1 Running 0 8m48s app=nginx
$ cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
$ kubectl apply -f svc.yaml
service/nginx-service created
$ kubectl port-forward service/nginx-service 8081:80
Forwarding from 127.0.0.1:8081 -> 80
Forwarding from [::1]:8081 -> 80
Handling connection for 8081
# 打开另外一个终端
$ curl localhost:8081
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
2. Services & Networking - ClusterIP
# @author D瓜哥 · https://www.diguage.com
$ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-deployment-588c865b75-6vbqp 1/1 Running 0 2m24s app=nginx-app,pod-template-hash=588c865b75
nginx-deployment-588c865b75-h86q4 1/1 Running 0 2m24s app=nginx-app,pod-template-hash=588c865b75
nginx-deployment-588c865b75-hks9z 1/1 Running 0 2m24s app=nginx-app,pod-template-hash=588c865b75
$ vim svc.yaml
$ cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx-app
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 80
$ kubectl apply -f svc.yaml
service/nginx-service created
$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d5h <none>
nginx-service ClusterIP 10.98.228.143 <none> 8080/TCP 18s app=nginx-app
$ kubectl get pod -o wide --no-headers \
| awk '{ print $6 }' \
| sort \
| awk 'BEGIN { printf "IP_ADDRESS\n"} { print $1 }' \
| tee pod_ips
.txt
IP_ADDRESS
192.168.1.4
192.168.1.5
192.168.1.6
$ cat pod_ips.txt
IP_ADDRESS
192.168.1.4
192.168.1.5
192.168.1.6
3. Services & Networking - Coredns
# @author D瓜哥 · https://www.diguage.com
$ kubectl create ns dns-ns
$ cat rs.yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: dns-rs-cka
namespace: dns-ns
spec:
replicas: 2
selector:
matchLabels:
app: dns
template:
metadata:
labels:
app: dns
spec:
containers:
- name: dns-container
image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3
command:
- sleep
- "3600"
$ kubectl apply -f rs.yaml
replicaset.apps/dns-rs-cka created
$ kubectl -n dns-ns get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
dns-rs-cka-25ssk 1/1 Running 0 5m16s app=dns
dns-rs-cka-9dfzz 1/1 Running 0 5m16s app=dns
$ kubectl -n dns-ns exec dns-rs-cka-25ssk -- nslookup "kubernetes.default"
;; connection timed out; no servers could be reached
command terminated with exit code 1
执行 nslookup kubernetes.default 时,超时!奇怪! |
4. Services & Networking - Coredns - 1
# @author D瓜哥 · https://www.diguage.com
$ kubectl create namespace dns-ns
namespace/dns-ns created
$ cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: dns-deploy-cka
name: dns-deploy-cka
namespace: dns-ns
spec:
replicas: 2
selector:
matchLabels:
app: dns-deploy-cka
template:
metadata:
labels:
app: dns-deploy-cka
spec:
containers:
- image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3
name: dns-container
command: [ 'sleep', '3600']
$ kubectl apply -f deploy.yaml
deployment.apps/dns-deploy-cka created
$ kubectl -n dns-ns get pods
NAME READY STATUS RESTARTS AGE
dns-deploy-cka-fd5f8fbf5-7cnt4 1/1 Running 0 8s
dns-deploy-cka-fd5f8fbf5-gd827 1/1 Running 0 8s
$ kubectl -n dns-ns exec dns-deploy-cka-fd5f8fbf5-7cnt4 -- nslookup kubernetes.default | tee dns-output.txt
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
$ cat dns-output.txt
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
5. Services & Networking - Ingress
# @author D瓜哥 · https://www.diguage.com
$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 1/1 1 1 23s
$ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-deployment-5959b5b5c9-kdsd8 1/1 Running 0 32s app=nginx-deployment,pod-template-hash=5959b5b5c9
$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d <none>
nginx-service ClusterIP 10.108.77.211 <none> 80/TCP 44s app=nginx-deployment
$ cat ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress-resource
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /shop
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
$ kubectl apply -f ingress.yaml
ingress.networking.k8s.io/nginx-ingress-resource configured
6. Services & Networking - NodePort
# @author D瓜哥 · https://www.diguage.com
$ kubectl -n nginx-app-space get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-app-cka-b9fb585f-rj6pb 1/1 Running 0 4m4s app=nginx-app-cka,pod-template-hash=b9fb585f
nginx-app-cka-b9fb585f-xfrss 1/1 Running 0 4m4s app=nginx-app-cka,pod-template-hash=b9fb585f
$ vim svc.yaml
# 输入如下内容
$ cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: app-service-cka
namespace: nginx-app-space
spec:
type: NodePort
selector:
app: nginx-app-cka
ports:
- port: 80
targetPort: 80
nodePort: 31000
protocol: TCP
$ kubectl apply -f svc.yaml
service/app-service-cka created
7. Services & Networking - NodePort - 1
# @author D瓜哥 · https://www.diguage.com
$ cat ds.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-web-app-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: my-web-app-deployment
template:
metadata:
labels:
app: my-web-app-deployment
spec:
containers:
- image: wordpress
name: wordpress
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: my-web-app-service
spec:
type: NodePort
selector:
app: my-web-app-deployment
ports:
- port: 80
targetPort: 80
nodePort: 30770
$ kubectl apply -f ds.yaml
deployment.apps/my-web-app-deployment created
service/my-web-app-service created
8. Services & Networking - Nslookup
# @author D瓜哥 · https://www.diguage.com
$ vim dns.ymal
$ cat dns.ymal
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod-cka
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service-cka
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
containers:
- name: main
image: busybox:1.28
command: [ "sleep", "3600" ]
$ kubectl apply -f dns.ymal
pod/nginx-pod-cka created
service/nginx-service-cka created
pod/busybox created
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 12s
nginx-pod-cka 1/1 Running 0 12s
$ kubectl exec busybox -- nslookup nginx-service-cka | tee nginx-service.txt
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: nginx-service-cka
Address 1: 10.98.53.250 nginx-service-cka.default.svc.cluster.local
$ cat nginx-service.txt
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: nginx-service-cka
Address 1: 10.98.53.250 nginx-service-cka.default.svc.cluster.local
一起顺利,没有异常,但是检查不通过! |
9. Services & Networking - Network Policy
# @author D瓜哥 · https://www.diguage.com
$ kubectl get deployments.apps -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
cache-deployment 1/1 1 1 3m36s trusted-container redis:latest app=trusted
my-app-deployment 2/2 2 2 3m36s my-app-container nginx:latest app=my-app
$ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
cache-deployment-5588c6786f-t6g5m 1/1 Running 0 3m47s app=trusted,pod-template-hash=5588c6786f
my-app-deployment-67dc9477b-2k7kh 1/1 Running 0 3m47s app=my-app,pod-template-hash=67dc9477b
my-app-deployment-67dc9477b-wbzvl 1/1 Running 0 3m47s app=my-app,pod-template-hash=67dc9477b
$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d <none>
my-app-service ClusterIP 10.99.186.183 <none> 80/TCP 9m18s app=my-app
$ cat np.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-app-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: my-app
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector: {}
- from:
- podSelector:
matchLabels:
app: trusted
egress:
- to:
- podSelector: {}
$ kubectl apply -f np.yaml
networkpolicy.networking.k8s.io/my-app-network-policy created