1. Verify node information
1.1. Check the status of the control plane component
[root@linux-servertwo software]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
#controller-manager: Controller manager, responsible for maintaining the status of the cluster, such as replication controllers, deployment controllers, etc.
#scheduler: Scheduler, responsible for deciding which pod to which node to arrange.
#etcd-0: Distributed key-value store, used to store all data in a Kubernetes cluster.1.2. View node information
1.2.1. View node information
#View node information
[root@linux-servertwo software]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
linux-servertwo Ready control-plane,master,node 26h v1.20.91.2.2. View more complete node information
#View more complete node information
[root@linux-servertwo software]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
linux-servertwo Ready control-plane,master,node 27h v1.20.9 10.0.4.16 <none> CentOS Linux 7 (Core) 3.10.0-1160.108.1.el7.x86_64 docker://26.1.31.2.3. View node details
#View node details:
[root@linux-servertwo software]# kubectl describe node linux-servertwo
Name: linux-servertwo
Roles: control-plane,master,node
Labels: /arch=amd64
/os=linux
/arch=amd64
/hostname=linux-servertwo
/os=linux
/control-plane=
/master=
/node=
......1.3. View system components
# Each component in the cluster runs in the pod mode
[root@linux-servertwo software]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-2k74p 1/1 Running 0 27h
coredns-7f89b7bc75-6xrvb 1/1 Running 0 27h
etcd-linux-servertwo 1/1 Running 0 27h
kube-apiserver-linux-servertwo 1/1 Running 0 27h
kube-controller-manager-linux-servertwo 1/1 Running 0 25h
kube-proxy-bmfzr 1/1 Running 0 27h
kube-scheduler-linux-servertwo 1/1 Running 0 25h1.4. View all Pods
1.4.1. View all Pod information
[root@linux-servertwo software]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-lbmdr 1/1 Running 0 5d
kube-system coredns-7f89b7bc75-47d56 1/1 Running 0 6d4h
kube-system coredns-7f89b7bc75-h4c9b 1/1 Running 0 6d4h
kube-system etcd-linux-servertwo 1/1 Running 0 6d4h
kube-system kube-apiserver-linux-servertwo 1/1 Running 0 6d4h
kube-system kube-controller-manager-linux-servertwo 1/1 Running 0 5d
kube-system kube-proxy-j7d4v 1/1 Running 0 6d4h
kube-system kube-scheduler-linux-servertwo 1/1 Running 0 5d
1.4.2. View more complete pod information
# View more full details of all pods
[root@linux-servertwo software]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-flannel kube-flannel-ds-lbmdr 1/1 Running 0 5d 10.0.4.16 linux-servertwo <none> <none>
kube-system coredns-7f89b7bc75-47d56 1/1 Running 0 6d4h 172.17.0.3 linux-servertwo <none> <none>
kube-system coredns-7f89b7bc75-h4c9b 1/1 Running 0 6d4h 172.17.0.2 linux-servertwo <none> <none>
kube-system etcd-linux-servertwo 1/1 Running 0 6d4h 10.0.4.16 linux-servertwo <none> <none>
kube-system kube-apiserver-linux-servertwo 1/1 Running 0 6d4h 10.0.4.16 linux-servertwo <none> <none>
kube-system kube-controller-manager-linux-servertwo 1/1 Running 0 5d 10.0.4.16 linux-servertwo <none> <none>
kube-system kube-proxy-j7d4v 1/1 Running 0 6d4h 10.0.4.16 linux-servertwo <none> <none>
kube-system kube-scheduler-linux-servertwo 1/1 Running 0 5d 10.0.4.16 linux-servertwo <none> <none>1.5. View node log
Use the journalctl -u kubelet command to view log information
# Dynamically view kubelet log command
[root@linux-servertwo software]# journalctl -u kubelet -f
Mar 19 15:53:58 linux-servertwo kubelet[25155]: I0319 15:53:58.023328 25155 :224] started for volume "config-volume" (UniqueName: "/configmap/9d6647d1-caeb-448a-9628-c5ac14821995-config-volume") pod "coredns-7f89b7bc75-47d56" (UID: "9d6647d1-caeb-448a-9628-c5ac14821995")
Mar 19 15:53:58 linux-servertwo kubelet[25155]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true, "ipMasq":false, "ipam":map[string]interface {}{"ranges":[][]map[string]interface {}{[]map[string]interface {}{map[string]interface {}{"subnet":"172.17.0.0/24"}}}, "routes":[]{{Dst:{IP:{0xac, 0x11, 0x0, 0x0}, Mask:{0xff, 0xff, 0x0, 0x0}}, GW:(nil)}}, "type":"host-local"}, "isDefaultGateway":true, "isGateway":true, "mtu":(*uint)(0xc00001c928), "name":"cbr0", "type":"bridge"}
Mar 19 15:53:58 linux-servertwo kubelet[25155]: {"cniVersion":"0.3.1","hairpinMode":true,"ipMasq":false,"ipam":{"ranges":[[{"subnet":"172.17.0.0/24"}]]],"routes":[{"dst":"172.17.0.0/16"}],"type":"host-local"},"isDefaultGateway":true,"isGateway":true,"mtu":1450,"name":"cbr0","type":"bridge"}
Mar 19 15:53:58 linux-servertwo kubelet[25155]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true, "ipMasq":false, "ipam":map[string]interface {}{"ranges":[][]map[string]interface {}{[]map[string]interface {}{map[string]interface {}{"subnet":"172.17.0.0/24"}}}, "routes":[]{{Dst:{IP:{0xac, 0x11, 0x0, 0x0}, Mask:{0xff, 0xff, 0x0, 0x0}}, GW:(nil)}}, "type":"host-local"}, "isDefaultGateway":true, "isGateway":true, "mtu":(*uint)(0xc0000a28e8), "name":"cbr0", "type":"bridge"}2、Namespaces
2.1. Introduction
Namespaces is mainly used to implementResource isolation for multiple environmentsorResource isolation for multiple tenants. It can divide resources into different groups, helping us divide different projects, teams, or environments (such as development, testing and production environments) in a cluster, thereby improving resource isolation and management efficiency.
2.2. View the created namespace
[root@linux-servertwo software]# kubectl get namespaces
NAME STATUS AGE
default Active 24h
kube-flannel Active 19h
kube-node-lease Active 24h
kube-public Active 24h
kube-system Active 24h
2.3. Create a namespace
[root@linux-servertwo software]# kubectl create namespace blog-dev
namespace/blog-dev created
# Check again - Namespace blog-dev created successfully
[root@linux-servertwo software]# kubectl get namespaces
NAME STATUS AGE
blog-dev Active 17s
default Active 24h
kube-flannel Active 19h
kube-node-lease Active 24h
kube-public Active 24h
kube-system Active 24h2.4. Delete namespace
#delete
[root@linux-servertwo software]# kubectl delete namespace blog-dev
namespace "blog-dev" deleted
#View again - Found that it has been deleted
[root@linux-servertwo software]# kubectl get namespaces
NAME STATUS AGE
default Active 24h
kube-flannel Active 20h
kube-node-lease Active 24h
kube-public Active 24h
kube-system Active 24h2.5. Search the specified namespace
# View - Search the specified namespace
[root@linux-servertwo software]# kubectl get namespaces blog-dev
NAME STATUS AGE
blog-dev Active 39s
# View -Specify namespace details
[root@linux-servertwo software]# kubectl describe namespace blog-dev
Name: blog-dev
Labels: <none>
Annotations: <none>
Status: Active
No resource quota.
No LimitRange resource.2.6. View resources in the namespace
[root@linux-servertwo software]# kubectl get pods -n blog-dev
No resources found in blog-dev namespace.
[root@linux-servertwo software]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-47d56 1/1 Running 0 6d4h
coredns-7f89b7bc75-h4c9b 1/1 Running 0 6d4h
etcd-linux-servertwo 1/1 Running 0 6d4h
kube-apiserver-linux-servertwo 1/1 Running 0 6d4h
kube-controller-manager-linux-servertwo 1/1 Running 0 5d1h
kube-proxy-j7d4v 1/1 Running 0 6d4h
kube-scheduler-linux-servertwo 1/1 Running 0 5d1h
2.7. Output yaml format
# View - Output yaml format
[root@linux-servertwo software]# kubectl get namespaces blog-dev -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2024-12-10T03:58:55Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:phase: {}
manager: kubectl-create
operation: Update
time: "2024-12-10T03:58:55Z"
name: blog-dev
resourceVersion: "106051"
uid: 406d2440-b725-409f-9a01-2bf8c606e5cf
spec:
finalizers:
- kubernetes
status:
phase: Active
# Export a yaml format to create a namespace, but not run
[root@linux-servertwo software]# kubectl create namespace blog-dev-1 --dry-run=client -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: blog-dev-1
spec: {}
status: {}
# Export a yaml format to create a namespace, but does not run it, and output it to the host file
[root@linux-servertwo software]# kubectl create namespace blog-dev-1 --dry-run=client -o yaml >
#View output file information
[root@linux-servertwo software]# ls
[root@linux-servertwo software]# cat
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: blog-dev-1
spec: {}
status: {}2.8. YAML creation
# Declare file creation
[root@linux-servertwo software]# kubectl apply -f
namespace/blog-dev-1 created
[root@linux-servertwo software]# kubectl get namespaces
NAME STATUS AGE
blog-dev Active 3h11m
blog-dev-1 Active 9s
default Active 27h
kube-flannel Active 23h
kube-node-lease Active 27h
kube-public Active 27h
kube-system Active 27h
nginx Active 37m2.9. YAML Deletion
# Delete namespace-in the form of yml
[root@linux-servertwo software]# kubectl delete -f
namespace "blog-dev-1" deleted
[root@linux-servertwo software]# kubectl get namespaces
NAME STATUS AGE
blog-dev Active 3h13m
default Active 27h
kube-flannel Active 23h
kube-node-lease Active 27h
kube-public Active 27h
kube-system Active 27h
nginx Active 38m2.10. Switch namespace
# By setting the default namespace, you can avoid adding -n <namespace-name> every time when running other commands
[root@linux-servertwo software]# kubectl config set-context --current --namespace=kube-system
Context "kubernetes-admin@kubernetes" modified.
# View pod
[root@linux-servertwo software]# kubectl get pods
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-47d56 1/1 Running 0 6d4h
coredns-7f89b7bc75-h4c9b 1/1 Running 0 6d4h
etcd-linux-servertwo 1/1 Running 0 6d4h
kube-apiserver-linux-servertwo 1/1 Running 0 6d4h
kube-controller-manager-linux-servertwo 1/1 Running 0 5d1h
kube-proxy-j7d4v 1/1 Running 0 6d4h
kube-scheduler-linux-servertwo 1/1 Running 0 5d1h
# View the namespace currently used
[root@linux-servertwo software]# kubectl config view --minify | grep namespace:
namespace: kube-system
# Set as default
[root@linux-servertwo software]# kubectl config set-context --current --namespace=default
Context "kubernetes-admin@kubernetes" modified.
[root@linux-servertwo software]# kubectl config view --minify | grep namespace:
namespace: default
[root@linux-servertwo software]# kubectl get pods
No resources found in default namespace.3. Use Pod command
3.1. Introduction
PodyesKubernetesThe smallest deployment unit that can be created and managed inKubernetesThe basic operating unit of the application, which encapsulates one or more containers and storage resources.PodAll containers in it share the same network namespace, IP address, port space, and storage volumes. Usually, the Pod is not managed directly, but the Pod life cycle is managed through higher-level abstractions (such as Deployment, StatefulSet, etc.). Install it belownginxAs an example, let me introduce the related use of Pod separately.
3.2. Create a namespace
Create one firstnginxto isolate data.
# Create namespace nginx
[root@linux-servertwo software]# kubectl create namespace nginx
namespace/nginx created
# List all pods: kubectl get pods -n <namespace-name>
[root@linux-servertwo software]# kubectl get pods -n nginx
No resources found in nginx namespace.3.3. Create a Pod
# Create Pod Create Pods through Pod Controller
# Command format: kubectl run (pod controller name) [parameters]
# --image Specify the image of the Pod
# --port Specify the port
# --namespace Specify namespace
[root@linux-servertwo nginx]# kubectl run nginx --image nginx:latest --port 80 --namespace nginx
pod/nginx created3.4. View Pod information
# View Pods information
[root@linux-servertwo nginx]# kubectl get pods -n nginx
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 9m6s
# Check pods information in more detail
[root@linux-servertwo nginx]# kubectl get pods -n nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 15m 172.17.0.68 linux-servertwo <none> <none>
# View details Pod information
[root@linux-servertwo nginx]# kubectl describe pods nginx -n nginx
Name: nginx
Namespace: nginx
Priority: 0
Node: linux-servertwo/10.0.4.16
Start Time: Wed, 11 Dec 2024 16:16:48 +0800
Labels: run=nginx
Annotations: <none>
Status: Running
IP: 172.17.0.68
IPs:
IP: 172.17.0.68
......
Events:
Type Reason Age From Message
---- ----- ---- ---- -------
Normal Scheduled 9m29s default-scheduler Successfully assigned nginx/nginx to linux-servertwo
Normal Pulling 9m28s kubelet Pulling image "nginx:latest"
Normal Pulled 8m36s kubelet Successfully pulled image "nginx:latest" in 52.683702042s
Normal Created 8m35s kubelet Created container nginx
Normal Started 8m35s kubelet Started container nginx3.5. Verification creation is successful
# Access nginx according to IP, it was found that nginx was started successfully
[root@linux-servertwo nginx]# curl 172.17.0.68:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="/"></a>.<br/>
Commercial support is available at
<a href="/"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>3.6. Delete Pods
# Delete Pod
[root@linux-servertwo nginx]# kubectl delete pods -n nginx nginx
pod "nginx" deleted
# Check again and found that it has been deleted
[root@linux-servertwo nginx]# kubectl get pod -n nginx
No resources found in nginx namespace.
# Only the pod is deleted above, the namespace created is still there
[root@linux-servertwo nginx]# kubectl get namespaces
NAME STATUS AGE
blog-dev Active 28h
default Active 2d4h
kube-flannel Active 2d
kube-node-lease Active 2d4h
kube-public Active 2d4h
kube-system Active 2d4h
kubernetes-dashboard Active 155m
nginx Active 26h3.7. YAML creates a Pod
Next useyamlFormat file creationnginx
# Output a yaml format pod in nginx to a file
[root@linux-servertwo nginx]# kubectl run nginx --image nginx:latest --port 80 --namespace nginx --dry-run=client -o yaml >
# View File
[root@linux-servertwo nginx]# cat
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
namespace: nginx
spec:
containers:
- image: nginx:latest
name: nginx
Ports:
- containerPort: 80
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
# pod statement
[root@linux-servertwo nginx]# kubectl apply -f
pod/nginx created
# View - Discovery Created successfully
[root@linux-servertwo nginx]# kubectl get pod nginx -n nginx
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 20s
# check the details
[root@linux-servertwo nginx]# kubectl describe pod nginx -n nginx
Name: nginx
Namespace: nginx
Priority: 0
Node: linux-servertwo/10.0.4.16
Start Time: Wed, 11 Dec 2024 16:42:53 +0800
Labels: run=nginx
Annotations: <none>
Status: Running
IP: 172.17.0.69
IPs:
IP: 172.17.0.69
......
Events:
Type Reason Age From Message
---- ----- ---- ---- -------
Normal Scheduled 93s default-scheduler Successfully assigned nginx/nginx to linux-servertwo
Normal Pulling 93s kubelet Pulling image "nginx:latest"
Normal Pulled 91s kubelet Successfully pulled image "nginx:latest" in 2.213103384s
Normal Created 91s kubelet Created container nginx
Normal Started 91s kubelet Started container nginx3.8. Verification is successful
# Visit
[root@linux-servertwo nginx]# curl 172.17.0.69:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="/"></a>.<br/>
Commercial support is available at
<a href="/"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>3.9. YAML Delete Pods
#Delete - Through yaml
[root@linux-servertwo nginx]# kubectl delete -f
pod "nginx" deleted
#See again and find that it is the same as using the command to delete the Pod, only delete the Pod but not the namespaces
[root@linux-servertwo nginx]# kubectl get pod -n nginx
No resources found in nginx namespace.
[root@linux-servertwo nginx]# kubectl get namespaces
NAME STATUS AGE
blog-dev Active 28h
default Active 2d5h
kube-flannel Active 2d
kube-node-lease Active 2d5h
kube-public Active 2d5h
kube-system Active 2d5h
kubernetes-dashboard Active 168m
nginx Active 26h3.10. View Pod logs
# View the logs of Pods in a specific namespace through kubectl logs <pod-name> -n <namespace-name>
[root@linux-servertwo software]# kubectl logs nginx -n nginx
/: // is not empty, will attempt to perform configuration
/: Looking for shell scripts in //
/: Launching //
: info: Getting the checksum of /etc/nginx//
: info: Enabled listen on IPv6 in /etc/nginx//
/: Sourcing //
/: Launching //
/: Launching //
/: Configuration complete; ready for start up
2025/03/24 09:32:43 [Notice] 1#1: using the "epoll" event method
2025/03/24 09:32:43 [Notice] 1#1: nginx/1.27.4
2025/03/24 09:32:43 [Notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2025/03/24 09:32:43 [Notice] 1#1: OS: Linux 3.10.0-1160.108.1.el7.x86_64
2025/03/24 09:32:43 [Notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2025/03/24 09:32:43 [Notice] 1#1: start worker processes
2025/03/24 09:32:43 [Notice] 1#1: start worker process 29
2025/03/24 09:32:43 [Notice] 1#1: start worker process 30
172.17.0.1 - - [24/Mar/2025:09:33:19 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
172.17.0.1 - - [24/Mar/2025:09:34:24 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
172.17.0.1 - - [24/Mar/2025:09:34:26 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
# If the Pod contains multiple containers, you can specify the container name
# kubectl logs <pod-name> -c <container-name>
[root@linux-servertwo software]# kubectl logs nginx -n nginx -c nginx -f
/: // is not empty, will attempt to perform configuration
/: Looking for shell scripts in //
/: Launching //
: info: Getting the checksum of /etc/nginx//
: info: Enabled listen on IPv6 in /etc/nginx//
/: Sourcing //
/: Launching //
/: Launching //
/: Configuration complete; ready for start up
2025/03/24 13:01:13 [Notice] 1#1: using the "epoll" event method
2025/03/24 13:01:13 [Notice] 1#1: nginx/1.27.4
2025/03/24 13:01:13 [Notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2025/03/24 13:01:13 [Notice] 1#1: OS: Linux 3.10.0-1160.108.1.el7.x86_64
2025/03/24 13:01:13 [Notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2025/03/24 13:01:13 [Notice] 1#1: start worker processes
2025/03/24 13:01:13 [Notice] 1#1: start worker process 29
2025/03/24 13:01:13 [Notice] 1#1: start worker process 30
172.17.0.1 - - [24/Mar/2025:13:01:40 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
172.17.0.1 - - [24/Mar/2025:13:03:47 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
172.17.0.1 - - [25/Mar/2025:02:24:58 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"3.11. Enter the container
# Enter the Pod container: kubectl exec -it <pod-name> -- /bin/bash
[root@linux-servertwo software]# kubectl exec -it nginx -n nginx -- /bin/bash
root@nginx:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@nginx:/#nginx -V
nginx version: nginx/1.27.4
built by gcc 12.2.0 (Debian 12.2.0-14)
built with OpenSSL 3.0.11 19 Sep 2023 (running with OpenSSL 3.0.15 3 Sep 2024)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/ --error-log-path=/var/log/nginx/ --http-log-path=/var/log/nginx/ --pid-path=/var/run/ --lock-path=/var/run/ --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.27.4/debian/debuild-base/nginx-1.27.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
root@nginx:/#
# If there are multiple containers in the Pod, you can specify the container through the -c parameter: kubectl exec -it <pod-name> -c <container-name> -- /bin/bash
[root@linux-servertwo software]# kubectl exec -it nginx -c nginx -n nginx -- /bin/bash
root@nginx:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@nginx:/#3.12. View Pod-related events
# View Pod-related events to understand the running status of the Pod and the error information:
[root@linux-servertwo software]# kubectl get events --field-selector =nginx -nnginx
LAST SEEN TYPE REASON OBJECT MESSAGE
5m42s Normal Scheduled pod/nginx Successfully assigned nginx/nginx to linux-servertwo
5m42s Normal Pulling pod/nginx Pulling image "nginx:latest"
5m32s Normal Pulled pod/nginx Successfully pulled image "nginx:latest" in 9.177513284s
5m32s Normal Created pod/nginx Created container nginx
5m32s Normal Started pod/nginx Started container nginx3.13. Pod expansion and shrinkage
Direct modification of the number of pods needs to be managed using a replica set (ReplicaSet) or a deployment (Deployment). For example, use the following command to expand or reduce the number of pod copies:
# kubectl scale --replicas=<num> deployment/<deployment-name>
kubectl scale --replicas=3 deployment/my-app-nginx
In Kubernetes, the scaling and scaling of Pods are usually managed through their resources.DeploymentAllows to define multiple replicas (Pod instances) and can be expanded and reduced as needed.DeploymentThe life cycle and state of the pod is automatically managed, including expanding and shrinking the number of pods when needed. Let's introduce it belowDeploymentrelated usage commands.
4. Use the Deployment command
4.1. Introduction
exist Kubernetesmiddle,Podis the smallest scheduling and snap-in unit, butKubernetesVery rarely operate a single operation directlyPod. generally,KubernetesIt is throughPod controllerTo manage indirectlyPod, realize the control and maintenance of the Pod to ensurePodThe status of the project is always in line with expectations. These controllers are responsible for automated creation, scheduling, updating and scalingPodand ensure its high availability and health. whenPodIn the event of a failure or failure, the controller will automatically perform recovery operations, such as restarting or recreating.Podto ensure the continuity and stability of the application.KubernetesCommon inPod controllerincludeDeployment、ReplicaSet、StatefulSet、DaemonSet、JobandCronJob, They are each responsible for different use cases and scenarios, providing flexible management methods to meet different demand scenarios. Through these controllers,KubernetesIt realizes strong self-healing capabilities, scalability and flexibility, making the management of containerized applications more efficient and reliable. One of them is described belowPod controller :Deployment
4.2. Create a Deployment
Can be passedkubectl createorkubectl applyCommand to create a Deployment
# Create deployment controller
# Command format:
# kubectl create deployment name [parameters]
# Parameters:
# -n/--namespace Specifies the created namespace
# --image Specify the image of the pod
# --port Specify the port
# --replicas Specify the number of pods created. --replicas=3: Specify that the number of pod copies created by this Deployment is 3.
# This command indicates that Kubernetes will ensure that there are always 3 running nginx Pod instances to provide services, enabling high availability and load balancing
[root@linux-servertwo software]# kubectl create deployment nginx -n nginx --image nginx:latest --port 80 --replicas=3
/nginx created
# View Pods under the namespace
[root@linux-servertwo nginx]# kubectl get pods -n nginx
NAME READY STATUS RESTARTS AGE
nginx-585449566-6788b 1/1 Running 0 39s
nginx-585449566-bhbtp 1/1 Running 0 39s
nginx-585449566-gk2kl 1/1 Running 0 39s4.3. View Deployment
# Check deployment status
[root@linux-servertwo nginx]# kubectl get deployment -n nginx
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 88s
# View a Deployment information kubectl get deployment <deployment-name> <namespaces>
[root@linux-servertwo software]# kubectl get deployment nginx -n nginx
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 25m
# View the YAML configuration of Deployment
[root@linux-servertwo software]# kubectl get deployment nginx -n nginx -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
/revision: "1"
Generation: 1
labels:
app: nginx
......
status:
availableReplicas: 3
conditions:
- lastTransitionTime: "2025-03-25T07:38:18Z"
lastUpdateTime: "2025-03-25T07:38:18Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2025-03-25T07:38:14Z"
lastUpdateTime: "2025-03-25T07:38:18Z"
message: ReplicaSet "nginx-585449566" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 1
readyReplicas: 3
replicas: 3
updatedReplicas: 3
# For more detailed information, UP-TO-DATE: The number of successfully upgraded copies, AVAILABLE: The number of available copies
[root@linux-servertwo nginx]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 4m56s nginx nginx:latest app=nginx
# View deployment details
[root@linux-servertwo nginx]# kubectl describe deployment -n nginx
Name: nginx
Namespace: nginx
CreationTimestamp: Fri, 13 Dec 2024 10:26:15 +0800
Labels: app=nginx
Annotations: /revision: 1
Selector: app=nginx
Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx
Containers:
nginx:
Image: nginx:latest
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-585449566 (3/3 replicas created)
Events:
Type Reason Age From Message
---- ----- ---- ---- -------
Normal ScalingReplicaSet 3m9s deployment-controller Scaled up replica set nginx-585449566 to 34.4. Verify access
# Check the container IP of each nginx startup
[root@linux-servertwo nginx]# kubectl get pod -n nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-585449566-6788b 1/1 Running 0 9m33s 172.17.0.71 linux-servertwo <none> <none>
nginx-585449566-bhbtp 1/1 Running 0 9m33s 172.17.0.72 linux-servertwo <none> <none>
nginx-585449566-gk2kl 1/1 Running 0 9m33s 172.17.0.73 linux-servertwo <none> <none>
# Try to access 172.17.0.71 via IP
[root@linux-servertwo nginx]# curl 172.17.0.71
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="/"></a>.<br/>
Commercial support is available at
<a href="/"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# Try to access 172.17.0.72 via IP
[root@linux-servertwo nginx]# curl 172.17.0.72
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="/"></a>.<br/>
Commercial support is available at
<a href="/"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# Try to access 172.17.0.73 via IP
[root@linux-servertwo nginx]# curl 172.17.0.73
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="/"></a>.<br/>
Commercial support is available at
<a href="/"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>4.5. Enter the container
# Enter the container inside one of the PODs
[root@linux-servertwo nginx]# kubectl exec -it -n nginx nginx-585449566-6788b /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx-585449566-6788b:/#
# The above command prompts that it is ready to be deprecated. Use the new command to enter. You need to add --
[root@linux-servertwo nginx]# kubectl exec -it -n nginx nginx-585449566-6788b -- /bin/bash
root@nginx-585449566-6788b:/# nginx -v
nginx version: nginx/1.27.34.6. Update Deployment
Update Deployment can be passedkubectl setorkubectl applyaccomplish
# Update the container image of nginx deployment deployed above to nginx:1.19.0
# kubectl set image deployment/<deployment-name> <container-name>=<new-image>
[root@linux-servertwo software]# kubectl set image deployment/nginx nginx=nginx:1.19 -n nginx
/nginx image updated
# Check whether it is updated - Check the information and find that the update is successful
[root@linux-servertwo software]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 40m nginx nginx:1.19 app=nginx
# Enter the container of one of the PODs to view the nginx version
[root@linux-servertwo software]# kubectl exec -it -n nginx nginx-5479877cb4-2lpwv -- /bin/bash
root@nginx-5479877cb4-2lpwv:/#nginx -v
nginx version: nginx/1.19.104.7. View and manage the Deployment version
# View the historical version of Deployment
[root@linux-servertwo software]# kubectl rollout history deployment/nginx -nnginx
/nginx
REVISION CHANGE-CAUSE
1 <none>
2 <none>
# Change record, REVISION 1: The initial deployment version, REVISION 2: The updated version, CHANGE-CAUSE: The reason or description of each revision. Both versions of CHANGE-CAUSE are empty.
# This can be done by adding the --record parameter to the kubectl set image command, providing CHANGE-CAUSE information every time it is updated
The # --record parameter will record the commands into the change history of the Deployment, which facilitates subsequent viewing and rollback.
# If the above update command is added with parameters kubectl set image deployment/nginx nginx=nginx:1.19 -n nginx --record
# Check the scrolling update status of Deployment
[root@linux-servertwo software]# kubectl rollout status deployment/nginx -nnginx
deployment "nginx" successfully rolled out
# Output the above information, indicating that the scrolling update of nginx Deployment has been successfully completed4.8. Rollback Deployment version
If there is a problem with the updated application, you can restore to the previous version through the rollback command.
# Roll back to the previous version: kubectl rollout undo deployment/<deployment-name>
[root@linux-servertwo software]# kubectl rollout undo deployment/nginx -nnginx
/nginx rolled back
# Check whether the rollback is successful
[root@linux-servertwo software]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 68m nginx nginx:latest app=nginx
# You can find that the nginx version has become the latest version when deployed.
# Roll back to a specific version: kubectl rollout undo deployment/<deployment-name> --to-revision=<revision-number>
[root@linux-servertwo software]# kubectl rollout undo deployment/nginx -n nginx --to-revision=2
/nginx rolled back
# Check whether the rollback is successful
[root@linux-servertwo software]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 75m nginx nginx:1.19 app=nginx
# Found back to the updated version.4.9. Pause and resume Deployment
# Pause the ongoing update operation: kubectl rollout pause deployment/<deployment-name>
[root@linux-servertwo software]# kubectl rollout pause deployment/nginx -nnginx
/nginx paused
# Resuming paused update operation: kubectl rollout resume deployment/<deployment-name>
[root@linux-servertwo software]# kubectl rollout resume deployment/nginx -nnginx
/nginx resumed4.10. Delete Deployment
# Delete a Deployment: kubectl delete deployment <deployment-name>
[root@linux-servertwo software]# kubectl delete deployment nginx -n nginx
"nginx" deleted
# Check deployment again and find that it has been deleted
[root@linux-servertwo software]# kubectl get deployment -n nnginx
No resources found in nginx namespace.
# After deleting deployment, the pod is also automatically deleted
[root@linux-servertwo software]# kubectl get pod -n nginx
No resources found in nginx namespace.4.11. YAML creation
# Output a yaml to create nginx's Deployment format file, but does not run it, and output it to the host file
[root@linux-servertwo software]# kubectl create deployment nginx -n nginx --image nginx:latest --port 80 --replicas=3 --dry-run=client -o yaml >
# After the output is successful, check the output yml file
[root@linux-servertwo software]# cat
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
namespace: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: nginx:latest
name: nginx
Ports:
- containerPort: 80
resources: {}
status: {}
# Run nginx YML file
[root@linux-servertwo software]# kubectl apply -f
/nginx created
# Check whether the creation is successful
[root@linux-servertwo software]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 2m29s nginx nginx:latest app=nginx
# View running Pods
[root@linux-servertwo software]# kubectl get pod -n nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-585449566-46b9w 1/1 Running 0 5m31s 172.17.0.21 linux-servertwo <none> <none>
nginx-585449566-lcmlp 1/1 Running 0 5m31s 172.17.0.22 linux-servertwo <none> <none>
nginx-585449566-x6rcl 1/1 Running 0 5m31s 172.17.0.20 linux-servertwo <none> <none>4.12. YAML Deletion
# Delete through the kubectl delete command. Deleting Deployment will automatically delete all pods associated with it.
[root@linux-servertwo software]# kubectl delete -f
"nginx" deleted
# View Deployment
[root@linux-servertwo software]# kubectl get deployment -n nnginx
No resources found in nginx namespace.
# View Pod
[root@linux-servertwo software]# kubectl get pod -n nginx
No resources found in nginx namespace.4.13. Delete the specified pod
# If you only need to delete one of the pods without deleting the Deployment, execute the command to delete the pod
[root@linux-servertwo nginx]# kubectl delete pods -n nginx nginx-585449566-lcmlp
pod "nginx-585449566-lcmlp" deleted
# After deleting one of them, Deployment will automatically create a new pod to maintain the required number of copies according to its configuration.
# Check the running pod again and find that the number of 3 copies is still maintained, but the IP address has been updated.
[root@linux-servertwo software]# kubectl get pod -n nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-585449566-46b9w 1/1 Running 0 5m31s 172.17.0.21 linux-servertwo <none> <none>
nginx-585449566-krqsh 1/1 Running 0 14s 172.17.0.26 linux-servertwo <none> <none>
nginx-585449566-x6rcl 1/1 Running 0 5m31s 172.17.0.20 linux-servertwo <none> <none>5. Use Service commands
5.1. Introduction
ServiceyesKubernetesA resource type that mainly defines a group ofPodaccess policies and for thesePodProvide a stable fixed network address without understanding thesePodspecific IP address.ServiceMainly used to expose a set of pods to other services or external users in the cluster, allowing them to provide a more reliable and flexible communication between the network and other applications.
5.2. Create Service
Execute firstCreate a nginx service for Deployment.
# Create Deployment nginx
[root@linux-servertwo software]# kubectl apply -f
/nginx created
# Check whether the startup is successful
[root@linux-servertwo software]# kubectl get deployment -n nginx -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 33s nginx nginx:latest app=nginx
[root@linux-servertwo software]# kubectl get pod -n nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-585449566-5lxwx 1/1 Running 0 40s 172.17.0.29 linux-servertwo <none> <none>
nginx-585449566-l9wvw 1/1 Running 0 40s 172.17.0.28 linux-servertwo <none> <none>
nginx-585449566-lfjgc 1/1 Running 0 40s 172.17.0.27 linux-servertwo <none> <none>Then, after entering each Pod's Nginx container, configure the html page information for easier viewing later
# Enter nginx-585449566-5lxwx container inside
[root@linux-servertwo nginx]# kubectl exec -it -n nginx nginx-585449566-5lxwx -- bash
root@nginx-585449566-6788b:/# echo this is 172.17.0.29 nginx > /usr/share/nginx/html/
root@nginx-585449566-6788b:/# cat /usr/share/nginx/html/
This is 172.17.0.29 nginx
# Enter nginx-585449566-l9wvw container inside
[root@linux-servertwo nginx]# kubectl exec -it -n nginx nginx-585449566-l9wvw -- bash
root@nginx-585449566-bhbtp:/# echo this is 172.17.0.28 nginx > /usr/share/nginx/html/
root@nginx-585449566-bhbtp:/# cat /usr/share/nginx/html/
This is 172.17.0.28 nginx
# Enter nginx-585449566-lfjgc container inside
[root@linux-servertwo nginx]# kubectl exec -it -n nginx nginx-585449566-lfjgc -- bash
root@nginx-585449566-gk2kl:/# echo this is 172.17.0.27 nginx > /usr/share/nginx/html/
root@nginx-585449566-gk2kl:/# cat /usr/share/nginx/html/
This is 172.17.0.27 nginx
# Verify access
[root@linux-servertwo software]# curl 172.17.0.29
This is 172.17.0.29 nginx
[root@linux-servertwo software]# curl 172.17.0.28
This is 172.17.0.28 nginx
[root@linux-servertwo software]# curl 172.17.0.27
This is 172.17.0.27 nginxNext, you can create an accessible internal clusterServiceIt's
# Create an internal Service service to access Pods through the following command
# kubectl expose pod <pod-name> --name=<service-name> --port=<port> --target-port=<target-port> --type=<service-type>
[root@linux-servertwo nginx]# kubectl expose deployment -n nginx nginx --name=svc-nginx --type=ClusterIP --port=80 --target-port=80
service/svc-nginx exposed
# type type:
# ClusterIP: Default type, the service is only accessible within the cluster.
# NodePort: Open a port on each Node and expose the service through that port.
# LoadBalancer: Use the cloud service provider's load balancer to expose services, usually suitable for cloud environments.
# ExternalName: Map external services to services in a Kubernetes cluster via DNS names, suitable for situations where access to external services in the cluster is required.5.3. Check Service
# View the created Service
[root@linux-servertwo software]# kubectl get service -n nnginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc-nginx ClusterIP 172.16.251.156 <none> 80/TCP 19s
# View more full Service
[root@linux-servertwo software]# kubectl get service -n nginx -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
svc-nginx ClusterIP 172.16.251.156 <none> 80/TCP 56s app=nginx
# ClusterIP This type only allows access within the cluster. A CLUSTER-IP IP is generated here, which is the service IP. During the service life cycle, this address will not change. You can access the Pod corresponding to the current service through this IP
# See kubectl describe service <service-name> for details
[root@linux-servertwo software]# kubectl describe service svc-nginx -n nginx
Name: svc-nginx
Namespace: nginx
Labels: app=nginx
Annotations: <none>
Selector: app=nginx
Type: ClusterIP
IP Families: <none>
IP: 172.16.251.156
IPs: 172.16.251.156
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.17.0.27:80,172.17.0.28:80,172.17.0.29:80
Session Affinity: None
Events: <none>
# View Endpoint information - stores the actual IP address and port information of the Pod corresponding to the Service
[root@linux-servertwo software]# kubectl get endpoints -n nginx svc-nginx
NAME ENDPOINTS AGE
svc-nginx 172.17.0.27:80,172.17.0.28:80,172.17.0.29:80 42m5.4. Verify access
By accessCLUSTER-IPCorrespondingIP Perform a test
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.29 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.28 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.27 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.28 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.29 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.29 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.27 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.27 nginx
[root@linux-servertwo software]# curl 172.16.251.156
this is 172.17.0.29 nginx
Through the above multiple accesses, you can see that the Service IP will randomly forward the request to Nginx on one of the pods, which indicates that load balancing is implemented internally. This load balancing is done by kube-proxy at the fourth layer (transport layer) and is suitable for TCP and UDP traffic. Whether it is a ClusterIP or a NodePort service, kube-proxy creates routing rules inside the cluster and forwards requests to the backend pod. When a client request is sent to the Service's Cluster IP address, kube-proxy forwards the request to one or more pods. Since this load balancing is performed at the fourth layer (transport layer), there is no need to understand higher-level application protocols.
5.5. Introduction to kube-proxy to implement load balancing
In Kubernetes, kube-proxy uses the iptables rule to implement load balancing of the Service. By viewing the iptables rules, you can understand the specific link rules when accessing the Service's Cluster IP address. The following are specific steps and examples:
# View iptables rules
# iptables-save | grep KUBE or iptables -L -t nat | grep KUBE
[root@linux-servertwo software]# iptables -L -t nat | grep KUBE
# Only intercept important parts of deploying nginx for explanation
# You can view /* nginx/svc-nginx */ by commenting to indicate that this is the traffic related to nginx/svc-nginx service
Chain KUBE-SEP-MEC45OHITDUK5UCI (1 references)
KUBE-MARK-MASQ all -- 172.17.0.27 anywhere /* nginx/svc-nginx */
Chain KUBE-SEP-OVGUVNLN5SZ5SJPC (1 references)
KUBE-MARK-MASQ all -- 172.17.0.28 anywhere /* nginx/svc-nginx */
Chain KUBE-SEP-Q7FC6ND2772R7A3Y (1 references)
KUBE-MARK-MASQ all -- 172.17.0.29 anywhere /* nginx/svc-nginx */
# KUBE-SERVICES chain is the entrance exposed by Kubernetes services. It is the place where Kubernetes network proxy (kube-proxy) implements load balancing. You can see that IP: 172.16.251.156 is the IP of the nginx service created.
Chain KUBE-SERVICES (2 references)
KUBE-MARK-MASQ tcp -- !linux-servertwo/16 172.16.251.156 /* nginx/svc-nginx cluster IP */ tcp dpt:http
KUBE-SVC-XDC2TBTFGP42ST2T tcp -- anywhere 172.16.251.156 /* nginx/svc-nginx cluster IP */ tcp dpt:http
# As can be seen from the following, weighted random load balancing is used
KUBE-SEP-MEC45OHITDUK5UCI all -- anywhere anywhere /* nginx/svc-nginx */ statistical mode random probability 0.333333333349
KUBE-SEP-OVGUVNLN5SZ5SJPC all -- anywhere anywhere /* nginx/svc-nginx */ statistical mode random probability 0.50000000000
KUBE-SEP-Q7FC6ND2772R7A3Y all -- anywhere anywhere /* nginx/svc-nginx */
# statistic mode random is a probability mechanism that means that Kubernetes randomly sends traffic to a specified pod based on a given probability. The probability here is:
#33% of traffic will be forwarded to the MEC45OHITDUK5UCI Pod.
#50% of traffic will be forwarded to the OVGUVNLN5SZ5SJPC Pod.
# The remaining traffic will be forwarded to the Q7FC6ND2772R7A3Y Pod.
# Combining these rules, Kubernetes achieves weighted load balancing through random probability, ensuring that traffic is distributed to different backend pods in a certain proportion (33%, 50%). This method can adjust the traffic allocation ratio according to service load or other policies.5.6. Create an externally accessible service
To create a service that is also accessible outside the cluster, you only need to specify the service when creating the service.--type=The type ofNodePord TypeJust do it.
# View Service
[root@linux-servertwo software]# kubectl get service -n nginx -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
svc-nginx ClusterIP 172.16.251.156 <none> 80/TCP 169m app=nginx
# Delete the original ClusterIP type service
[root@linux-servertwo software]# kubectl delete service -n nginx svc-nginx
service "svc-nginx" deleted
# Check again and found that it has been deleted
[root@linux-servertwo software]# kubectl get service -n nnginx
No resources found in nginx namespace.
# Create a service of NodePord type
[root@linux-servertwo software]# kubectl expose deployment -n nginx nginx --name=svc-nginx --type=NodePort --port=80 --target-port=80
service/svc-nginx exposed
# Check whether the creation is successful
[root@linux-servertwo software]# kubectl get service -n nnginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc-nginx NodePort 172.16.237.241 <none> 80:31918/TCP 17s
# Through the above output, you can find that the PORT(S) attribute port 80 is mapped to port 31918, and then you can access nginx externally by accessing port 31918, and accessing host IP + specified port number 31918 to a random Pod Nginx. Use the host to access port 31918:
[root@linux-servertwo software]# curl localhost:31918
This is 172.17.0.29 nginx
[root@linux-servertwo software]# curl localhost:31918
This is 172.17.0.28 nginx
[root@linux-servertwo software]# curl localhost:31918
This is 172.17.0.29 nginx
[root@linux-servertwo software]# curl localhost:31918
This is 172.17.0.27 nginx
# So, if it is accessed internally in the cluster, svc-nginx can be accessed through 172.16.237.241:80. If it is an external access to the cluster, use the IP address and port of the node to access svc-nginx5.7. Delete Service
# Delete service <service-name>
[root@linux-servertwo software]# kubectl delete service -n nginx svc-nginx
service "svc-nginx" deleted
# Check again and find that it has been deleted
[root@linux-servertwo software]# kubectl get service -n nnginx
No resources found in nginx namespace.5.8. YAML creation
# Export a yaml to create a service format file of nginx but does not run it, and output it to the host file
[root@linux-servertwo software]# kubectl expose deployment -n nginx nginx --name=svc-nginx --type=NodePort --port=80 --target-port=80 --dry-run=client -o yaml >
# After the output is successful, check the output yml file
[root@linux-servertwo software]# cat
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx
name: svc-nginx
spec:
Ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: NodePort
status:
loadBalancer: {}
# When using the kubectl expose command to generate the Service YAML file, the generated YAML file will not contain namespace information by default. You need to manually add the namespace to the generated YAML file.
# Edit the file, add the namespace you need to create, and view it again
[root@linux-servertwo software]# cat
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx
name: svc-nginx
namespace: nginx # Add namespace information
spec:
Ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: NodePort
status:
loadBalancer: {}
# Run nginx YML file
[root@linux-servertwo software]# kubectl apply -f
service/svc-nginx created
# Check whether the creation is successful
[root@linux-servertwo software]# kubectl get service -n nnginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc-nginx NodePort 172.16.87.14 <none> 80:30501/TCP 17s
# Verify access
# Access internal IP+port
[root@linux-servertwo software]# curl 172.16.87.14
This is 172.17.0.28 nginx
[root@linux-servertwo software]# curl 172.16.87.14
This is 172.17.0.29 nginx
[root@linux-servertwo software]# curl 172.16.87.14
This is 172.17.0.28 nginx
# Access host node IP+port
[root@linux-servertwo software]# curl localhost:30501
This is 172.17.0.27 nginx
[root@linux-servertwo software]# curl localhost:30501
This is 172.17.0.28 nginx5.9. YAML Deletion
# delete
[root@linux-servertwo software]# kubectl delete -f
service "svc-nginx" deleted
# Check again
[root@linux-servertwo software]# kubectl get service -n nnginx
No resources found in nginx namespace.6. ipvs configuration
kube-proxy Supports multiple modes for this load balancing, including:
iptables model: This is the default mode,kube-proxy useiptables Rules to implement service to pod load balancing.ipvs model:fromKubernetes 1.8Start supporting, use IPVS(IP Virtual Server)replaceiptablesto achieve load balancing,IPVSUsually considered to be moreiptablesMore efficient, especially in high concurrency scenarios.
# View all iptables rules
iptables -t nat -nL | iptables -L -v -n
# k8s enable ipvs, first check it, find that there is no command
[root@linux-servertwo software]# ipvsadm -ln
-bash: ipvsadm: command not found
# Install ipvsadm tool
yum install ipvsadm -y
# Execute again
[root@linux-servertwo software]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
# Check whether the kernel module fast loads ipvs
[root@linux-servertwo software]# lsmod | grep ip_vs
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 0
ip_vs 145458 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 143411 7 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4
libcrc32c 12644 3 ip_vs,nf_nat,nf_conntrack
# Since kube-proxy is forwarded through iptables by default, iptables need to be converted to ipvs (improving performance)
[root@linux-servertwo software]# kubectl edit -n kube-system configmaps kube-proxy
# The default is empty, plus ipvs save after the modification is successful
mode: "" -> mode: "ipvs"
# Check the pods running on the system
[root@linux-servertwo software]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-47d56 1/1 Running 0 8d
coredns-7f89b7bc75-h4c9b 1/1 Running 0 8d
etcd-linux-servertwo 1/1 Running 0 8d
kube-apiserver-linux-servertwo 1/1 Running 0 8d
kube-controller-manager-linux-servertwo 1/1 Running 0 7d
kube-proxy-j7d4v 1/1 Running 0 8d
kube-scheduler-linux-servertwo 1/1 Running 0 7d
# Delete Pods containing kube-proxy
[root@linux-servertwo software]# kubectl delete pod -n kube-system kube-proxy-j7d4v
pod "kube-proxy-j7d4v" deleted
# After the deletion is successful, check it again and find that a new kube-proxy pod will be recreated
[root@linux-servertwo software]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-47d56 1/1 Running 0 8d
coredns-7f89b7bc75-h4c9b 1/1 Running 0 8d
etcd-linux-servertwo 1/1 Running 0 8d
kube-apiserver-linux-servertwo 1/1 Running 0 8d
kube-controller-manager-linux-servertwo 1/1 Running 0 7d
kube-proxy-wbst6 1/1 Running 0 16s
kube-scheduler-linux-servertwo 1/1 Running 0 7d
#Review - List all
[root@linux-servertwo nginx]# ipvsadm -ln
# Conditional filtering
[root@linux-servertwo software]# ipvsadm -ln | grep -A 3 "127.0.0.1:30501"
TCP 127.0.0.1:30501 rr
-> 172.17.0.27:80 Masq 1 0 0
-> 172.17.0.28:80 Masq 1 0 0
-> 172.17.0.29:80 Masq 1 0 0
# Output the above information, indicating that using ipvs load balancing is successful7. Practice-Deploy nginx
7.1. Description
Through the above command introduction, a simple application will be deployed using K8s. Next, let’s use itDeployment+NodePort modeInstall and deploy a highly availableNginx Services。
7.2. Create YML
Create aFile, configurationNginxDeployment information
# 1. Create Namespace
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: nginx-proxy
spec: {}
status: {}
---
# 2. Create a Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-proxy
name: nginx-proxy
namespace: nginx-proxy
spec:
replicas: 3
selector:
matchLabels:
app: nginx-proxy
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-proxy
spec:
#hostNetwork: true Use the host's network interface
nodeSelector:
/os: linux
priorityClassName: system-node-critical
containers:
- image: nginx:1.23.1
name: nginx
imagePullPolicy: IfNotPresent
Ports:
- containerPort: 80
resources:
limits:
cpu: 300m
memory: 512M
requests:
cpu: 25m
memory: 32M
volumeMounts:
- name: conf
mountPath: /etc/nginx/
readOnly: true
Volumes:
- name: conf
hostPath:
path: /opt/software/k8s-deployment/nginx/conf/
status: {}
---
# 3. Create Service
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx-proxy
name: svc-nginx
namespace: nginx-proxy
spec:
Ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: 31001
selector:
app: nginx-proxy
type: NodePort
status:
loadBalancer: {}Parameter configuration description:
Delimiter
--- The separator is a standard syntax in Kubernetes YAML files and is used to distinguish multiple resource definitions in the same file, so that a file can contain multiple resource objects. Deployment, Service, and Namespace are three different Kubernetes resource definitions, so they need to be separated using ---. By writing multiple resource definitions in a YAML file and separating them with ---, kubectl apply can create or update multiple resources at once without writing multiple files or executing multiple commands separately.Namespace configuration description:
# kind: Namespace means that the yaml file creates a namespace
# metadata represents the meta information of the namespace
# is the name of the namespace value nginx
# is the namespace tag name=nginxDeployment Configuration Description
hostNetwork: true # Use the host's network interface
priorityClassName: system-node-critical # Used to set the Pod priority and ensure that it has a higher priority in the cluster.
# About priorityClassName Priority Description
# Kubernetes provides the following priority classes by default:
# system-node-critical: critical node service, with the highest priority. Main function: Pods will be retained first when resources are tight and will not be evicted, ensuring that they remain running on nodes.
# system-cluster-critical: Cluster-level key services with the highest priority. Ensure that key components (such as control plane components) can continue to run when resources are insufficient, such as kube-apiserver, kube-controller-manager, kube-scheduler, etc.
# default: Normal default priority class. Its priority is lower than system-node-critical and system-cluster-critical
# You can customize the priority class as needed.
/os: linux # Make sure the Pod will only run on nodes with this tag, avoiding scheduling to nodes that do not meet the criteriaService Configuration Description
# When creating a NodePort Service, you can specify a port with a range of 30000-327677.3. Start YML
# Created by kubectl apply -f
[root@linux-servertwo nginx]# kubectl apply -f
namespace/nginx-proxy created
/nginx-proxy created
service/svc-nginx created7.4. View
# View namespace
[root@linux-servertwo nginx]# kubectl get namespace nginx-proxy
NAME STATUS AGE
nginx-proxy Active 4m7s
# View Resources
[root@linux-servertwo nginx]# kubectl get deploy,svc,pod -n nginx-proxy
NAME READY UP-TO-DATE AVAILABLE AGE
/nginx-proxy 3/3 3 3 4m20s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/svc-nginx NodePort 172.16.44.247 <none> 80:31001/TCP 4m20s
NAME READY STATUS RESTARTS AGE
pod/nginx-proxy-6966ffc86c-289vk 1/1 Running 0 4m20s
pod/nginx-proxy-6966ffc86c-f47vl 1/1 Running 0 4m20s
pod/nginx-proxy-6966ffc86c-hqjvp 1/1 Running 0 4m20s7.5. Verification is successful
# View resource details to display IP address
[root@linux-servertwo nginx]# kubectl get deploy,svc,pod -n nginx-proxy -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
/nginx-proxy 3/3 3 3 4m39s nginx nginx:1.23.1 app=nginx-proxy
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/svc-nginx NodePort 172.16.44.247 <none> 80:31001/TCP 4m39s app=nginx-proxy
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-proxy-6966ffc86c-289vk 1/1 Running 0 4m39s 172.17.0.58 linux-servertwo <none> <none>
pod/nginx-proxy-6966ffc86c-f47vl 1/1 Running 0 4m39s 172.17.0.59 linux-servertwo <none> <none>
pod/nginx-proxy-6966ffc86c-hqjvp 1/1 Running 0 4m39s 172.17.0.57 linux-servertwo <none> <none>
# Check ipvs link rules
[root@linux-servertwo nginx]# ipvsadm -ln | grep -A 3 "127.0.0.1:31001"
TCP 127.0.0.1:31001 rr
-> 172.17.0.57:80 Masq 1 0 0
-> 172.17.0.58:80 Masq 1 0 0
-> 172.17.0.59:80 Masq 1 0 0
# Verify load balancing - first enter the container internal configuration html page
[root@linux-servertwo nginx]# kubectl exec -it -n nginx-proxy nginx-proxy-6966ffc86c-289vk -- bash
root@nginx-proxy-6966ffc86c-289vk:/# echo this is 172.17.0.58 nginx > /usr/share/nginx/html/
root@nginx-proxy-6966ffc86c-289vk:/# cat /usr/share/nginx/html/
This is 172.17.0.58 nginx
# Enter container 172.17.0.59
[root@linux-servertwo nginx]# kubectl exec -it -n nginx-proxy nginx-proxy-6966ffc86c-f47vl -- bash
root@nginx-proxy-6966ffc86c-f47vl:/# echo this is 172.17.0.59 nginx > /usr/share/nginx/html/
root@nginx-proxy-6966ffc86c-f47vl:/# cat /usr/share/nginx/html/
this is 172.17.0.59 nginx
# Enter container 172.17.0.57
[root@linux-servertwo nginx]# kubectl exec -it -n nginx-proxy nginx-proxy-6966ffc86c-hqjvp -- bash
root@nginx-proxy-6966ffc86c-hqjvp:/# echo this is 172.17.0.57 nginx > /usr/share/nginx/html/
root@nginx-proxy-6966ffc86c-hqjvp:/# cat /usr/share/nginx/html/
this is 172.17.0.57 nginx
# Access service
root@nginx-proxy-6966ffc86c-hqjvp:/# curl 172.16.44.247
this is 172.17.0.59 nginx
root@nginx-proxy-6966ffc86c-hqjvp:/# curl 172.16.44.247
This is 172.17.0.58 nginx
root@nginx-proxy-6966ffc86c-hqjvp:/# curl 172.16.44.247
this is 172.17.0.57 nginx
root@nginx-proxy-6966ffc86c-hqjvp:/# curl 172.16.44.247
this is 172.17.0.59 nginx7.6. Delete YML
# delete
[root@linux-servertwo nginx]# kubectl delete -f
namespace "nginx-proxy" deleted
"nginx-proxy" deleted
service "svc-nginx" deleted
# Check namespace again
[root@linux-servertwo nginx]# kubectl get namespace nginx-proxy
Error from server (NotFound): namespaces "nginx-proxy" not found
# View Resources
[root@linux-servertwo nginx]# kubectl get deploy,svc,pod -n nginx-proxy -o wide
No resources found in nginx-proxy namespace.