K8S Service-NodePort:固定端口

Service-NodePort:固定端口

两个节点

192.168.81.141 k8s-master

192.168.81.140 k8s-node02

1、service-demo1.yaml定义yaml文件


# -----------------------------------
# 定义Service
# ----------------------------------

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  type: NodePort
  selector:
    app: myapp
  # Service 能够将任意入站 port 映射到某个 targetPort。 默认情况下,出于方便考虑,targetPort 会被设置为与 port 字段相同的值。
  
  # 当在Kubernetes集群中创建多个Service时,确保每个Service使用的NodePort都是唯一的。

  # 使用集群内任意一台nodeIP:nodePort都可以访问到service服务
  ports:
  - port: 18080
    targetPort: 18080
    nodePort: 30001
  
---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  labels:
    app: myapp
spec:
  # 副本数
  replicas: 2
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      imagePullSecrets:
      - name: kevin-registry-secret
      containers:
      - name: myapp
        image: 192.168.81.141:45678/library/myapp:v1
        ports:
        - containerPort: 18080

2、启动Pod

kubectl apply -f service-demo1.yaml

3、查看对应的SVC,Pod

[root@k8s-master workspace]# kubectl get pod -A -o wide | grep myapp
default                myapp-78794f6bf4-vhpmx                       1/1     Running   0               66m     10.244.235.235   k8s-master   <none>           <none>
default                myapp-78794f6bf4-zq7w6                       1/1     Running   0               66m     10.244.58.218    k8s-node02   <none>           <none>
[root@k8s-master workspace]# kubectl get svc -A -o wide | grep myapp
default                myapp                       NodePort    10.105.194.242   <none>        18080:30001/TCP          64m     app=myapp
[root@k8s-master workspace]# 
[root@k8s-master workspace]# curl 192.168.81.140:30001/ping
ok[root@k8s-master workspace]curl 192.168.81.141:30001/ping
ok[root@k8s-master workspace]#

可以看出来,通过nodeIP:nodePort

4、Nginx配置,

upstream  myapp {
    #server   10.105.194.242:18080 max_fails=3  fail_timeout=30s;
    
    server   192.168.81.141:30001 max_fails=3  fail_timeout=30s;
    server   192.168.81.140:30001 max_fails=3  fail_timeout=30s;
}


server {
       listen 28080;
       server_name localhost;
       location / {
            proxy_pass  http://myapp;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 25s;
            proxy_send_timeout 60s;
            proxy_read_timeout 60s;
      }
}
--- kind: Namespace apiVersion: v1 metadata: name: kube-flannel labels: k8s-app: flannel pod-security.kubernetes.io/enforce: privileged --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: flannel name: flannel rules: - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: flannel name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-flannel --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: flannel name: flannel namespace: kube-flannel --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-flannel labels: tier: node k8s-app: flannel app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "EnableNFTables": false, "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-flannel labels: tier: node app: flannel k8s-app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: ghcr.io/flannel-io/flannel-cni-plugin:v1.7.1-flannel1 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: ghcr.io/flannel-io/flannel:v0.27.0 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: ghcr.io/flannel-io/flannel:v0.27.0 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: EVENT_QUEUE_DEPTH value: "5000" - name: CONT_WHEN_CACHE_NOT_READY value: "false" volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ - name: xtables-lock mountPath: /run/xtables.lock volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg - name: xtables-lock hostPath: path: /run/xtables.lock type: FileOrCreate
最新发布
07-01
<think>我们正在讨论如何部署FlannelCNI插件到Kubernetes集群,特别是关于kube-flannel-dsDaemonSet的配置清单。根据引用[1]和引用[3]中的信息,我们知道在搭建Kubernetes集群时使用了flannel作为网络插件。通常,Flannel的官方配置清单可以从其GitHub仓库获取。我们将使用最新的稳定版本。步骤:1.获取Flannel的配置清单文件(YAML)2.应用这个配置清单以创建DaemonSet注意:在应用Flannel之前,需要确保集群已经初始化(kubeadminit)但还没有安装任何CNI插件。配置清单的官方来源:https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml我们可以直接使用这个URL来部署,或者下载后根据需要进行修改(例如,如果集群的Pod网段不是默认的10.244.0.0/16,则需要修改)。根据引用[1]中提到的,他们使用了flannel,并且没有特别提到修改Pod网段,所以我们可以假设使用默认配置。因此,部署命令通常是:kubectlapply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml但是,用户要求的是配置清单的内容,所以我们可能需要提供这个YAML文件的内容,或者说明如何获取和修改。考虑到用户可能需要查看或修改,我们将提供该YAML文件的核心部分,并说明关键配置。注意:由于网络原因,用户可能无法直接访问GitHub,所以也可以考虑提供一份默认的配置。不过,由于Flannel的配置清单较长,我们在这里提供一份简化版本(但实际部署请使用官方最新版本)并说明关键点。关键配置:-在DaemonSet中,容器镜像通常为flannel镜像,例如:flannel/flannel:v0.22.0(具体版本需查看官方)-网络配置通过ConfigMap传递(kube-flannel-cfg)-需要指定网络后端(默认为vxlan)在官方提供的kube-flannel.yml中,包含以下主要部分:-Namespace: kube-flannel-ServiceAccount: flannel-ClusterRole和ClusterRoleBinding-ConfigMap: kube-flannel-cfg-DaemonSet:kube-flannel-ds下面我们将提供一份从官方获取的配置清单(以v0.22.0为例),但请注意版本可能会更新。由于字符限制,我们可能无法提供完整的超长YAML,但可以描述结构并提供关键部分,并建议用户从官方获取。但是,用户明确要求配置清单,所以我们尽量提供。我们选择从官方版本(v0.22.0)中获取的配置清单(2023年10月左右发布),并确保语法正确。注意:在配置清单中,镜像可能需要根据网络环境选择(如使用国内镜像),但这里我们使用官方镜像。由于内容较长,我们将分步骤提供,并省略一些重复的部分。以下是kube-flannel.yml的内容(版本v0.22.0):</think>### Kubernetes 部署 Flannel CNI 插件指南 Flannel 是 Kubernetes 最常用的 CNI 插件之一,通过 `kube-flannel-ds` DaemonSet 在每个节点部署网络代理。以下是标准配置清单及部署说明: #### 1. **kube-flannel-ds DaemonSet 配置清单** ```yaml # kube-flannel.yml --- apiVersion: v1 kind: Namespace metadata: name: kube-flannel labels: pod-security.kubernetes.io/enforce: privileged --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-flannel --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: flannel rules: - apiGroups: [""] resources: ["pods"] verbs: ["get"] - apiGroups: [""] resources: ["nodes"] verbs: ["list", "watch"] - apiGroups: [""] resources: ["nodes/status"] verbs: ["patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-flannel --- apiVersion: v1 kind: ConfigMap metadata: name: kube-flannel-cfg namespace: kube-flannel labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-flannel labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical serviceAccountName: flannel tolerations: - operator: Exists effect: NoSchedule containers: - name: kube-flannel image: quay.io/flannel/flannel:v0.22.0 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ - name: cni mountPath: /etc/cni/net.d - name: xtables-lock mountPath: /run/xtables.lock volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg - name: xtables-lock hostPath: path: /run/xtables.lock type: FileOrCreate ``` #### 2. **关键配置说明** - **网络配置**: `net-conf.json` 中的 `Network` 字段需与集群 Pod CIDR 一致(默认为 `10.244.0.0/16`)。若初始化集群时指定了 `--pod-network-cidr`(如 `10.244.0.0/16`),需在此处同步修改[^1]。 - **后端模式**: `Backend.Type` 支持 `vxlan`(默认)、`host-gw`、`udp`。生产环境推荐 `vxlan` 或 `host-gw`(需二层网络支持)[^2]。 - **镜像版本**: `quay.io/flannel/flannel:v0.22.0` 为当前稳定版本,可通过[官方仓库](https://github.com/flannel-io/flannel/releases)获取更新。 - **内核要求**: 需开启 `CONFIG_VXLAN` 模块(检查命令:`lsmod | grep vxlan`)。 #### 3. **部署步骤** ```bash # 应用配置清单 kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/v0.22.0/Documentation/kube-flannel.yml # 验证部署状态 kubectl get pods -n kube-flannel -o wide ``` 预期输出: ``` NAME READY STATUS RESTARTS AGE IP NODE kube-flannel-ds-abc12 1/1 Running 0 2m 192.168.1.5 node1 kube-flannel-ds-xyz34 1/1 Running 0 2m 192.168.1.6 node2 ``` #### 4. **故障排查** - **问题**:Pod 卡在 `Init` 状态 **原因**:镜像拉取失败(尤其国内环境) **解决**:替换为国内镜像源(如 `registry.cn-hangzhou.aliyuncs.com/google_containers/flannel:v0.22.0`)[^3]。 - **问题**:节点网络不通 **原因**:防火墙阻止 VXLAN 端口(UDP 8472) **解决**:开放防火墙规则: ```bash sudo firewall-cmd --permanent --add-port=8472/udp sudo firewall-cmd --reload ``` ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

半山猿

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值