SlideShare a Scribd company logo

Kubernetes Tutorial

C
Ci Jie Li

This document provides instructions for deploying Docker and Kubernetes on an Ubuntu server. It includes steps to install Docker, initialize a Kubernetes cluster with kubeadm, join additional nodes, and deploy the Kubernetes Dashboard for management and monitoring.

1 of 112
Download to read offline
Ci-Jie T :4 n .(- C - 4 44 n F SJ DM /) n 4 4 4 K N 4# #
n / .- . - - .. n / -
n 0( . (0 0 n 41 0( . 6 0( . . 0 ) . n 64
1 0 .() ) ) 4 (. .
n ( ( ( n M D n n K )
n H A eKac n G b NSi H C ac n O ac Gi M g E h , H n g /. A - . B. : d W A : A A A C
n H M n A K n A KM n N n . / / ./-. : / / / . -/ .
n LR : E / A E . E 69 04 1 FH n UM P FH .7: S 2- 5 O a G + B HE AF F B FFC AE CC B D
n 6 n 6 4 n .0 1
$ sudo su $ apt-get update $ apt-get install -y apt-transport-https ca-certificates curl software- properties-common $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - $ add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" $ apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
$ docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 03:35:14 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 03:35:14 2017 OS/Arch: linux/amd64 Experimental: false
$ apt-get update && apt-get install -y apt-transport-https curl $ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt- key add - $ cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb http://apt.kubernetes.io/ kubernetes-xenial main EOF $ apt-get update $ apt-get install -y kubelet kubeadm kubectl
$ kubeadm version … Usage: kubeadm [command] Available Commands: alpha Experimental sub-commands not yet fully functional. completion Output shell completion code for the specified shell (bash or zsh). config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster. help Help about any command init Run this command in order to set up the Kubernetes master. join Run this on any machine you wish to join an existing cluster reset Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'. token Manage bootstrap tokens. …
$ kubeadm init … You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 192.168.1.13:6443 --token 6lkv4n.uob08598143vuqdg --discovery-token-ca-cert-hash sha256:b031704cd27c0911d6a5723c9d186da3d43bd772bc7d6f5efab95e463894f963… …
$ mkdir -p $HOME/.kube $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 NotReady master 56m v1.11.0
n ) - n ) ) n ) n n ) ) n ( ) C
$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s- version=$(kubectl version | base64 | tr -d 'n')" serviceaccount/weave-net created clusterrole.rbac.authorization.k8s.io/weave-net created clusterrolebinding.rbac.authorization.k8s.io/weave-net created role.rbac.authorization.k8s.io/weave-net created rolebinding.rbac.authorization.k8s.io/weave-net created daemonset.extensions/weave-net created
$ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 56m v1.11.0
$ kubeadm join 192.168.1.13:6443 --token 6lkv4n.uob08598143vuqdg -- discovery-token-ca-cert-hash sha256:b031704cd27c0911d6a5723c9d186da3d43bd772bc7d6f5efab95e 463894f963 … This node has joined the cluster: * Certificate signing request was sent to master and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.
$ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 7m v1.11.0 k8s-2 Ready <none> 3m v1.11.0
$ kubeadm token create --print-join-command I0628 09:14:48.723888 19798 feature_gate.go:230] feature gates: &{map[]} kubeadm join 192.168.1.13:6443 --token kgze8w.jfqyowrqj9aoi877 --discovery-token-ca-cert-hash sha256:15fb8bd02a82ef008ffdb1ebd4e7392e70115ffc4d6ae1caac8a32ba10ed3923
$ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 22m v1.11.0 k8s-2 Ready <none> 18m v1.11.0 k8s-3 Ready <none> 2m v1.11.0
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/d eploy/recommended/kubernetes-dashboard.yaml ommended/kubernetes-dashboard.yaml secret/kubernetes-dashboard-certs created serviceaccount/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created deployment.apps/kubernetes-dashboard created service/kubernetes-dashboard created
$ kubectl proxy (screen) $ curl http://localhost:8001/api/v1/namespaces/kube- system/services/https:kubernetes-dashboard:/proxy/ <!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng- controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.93db0a0d.css"> <link rel="stylesheet" href="static/app.93e259f7.css"> </head> <body ng-controller="kdMain as $ctrl"> <!--[if lt IE 10]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <kd-login layout="column" layout-fill="" ng-if="$ctrl.isLoginState()"> </kd-login> <kd- chrome layout="column" layout-fill="" ng-if="!$ctrl.isLoginState()"> </kd-chrome> <script src="static/vendor.bd425c26.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.b5ad51ac.js"></script> </body> </html>
$ kubectl edit svc kubernetes-dashboard -n kube-system $ kubectl get svc –n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 40m kubernetes-dashboard NodePort 10.110.140.252 <none> 443:30225/TCP 9m
- - $ vim admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
$ kubectl create -f admin-user.yaml serviceaccount/admin-user created
$ kubectl get sa -n kube-system NAME SECRETS AGE admin-user 1 1m attachdetach-controller 1 18h bootstrap-signer 1 18h certificate-controller 1 18h clusterrole-aggregation-controller 1 18h coredns 1 18h …
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}’) … token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZX Rlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2V ydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTlmdDd4Iiwia3ViZXJuZXRlcy5pby 9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLml vL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhOTdhNWI0ZC03YjRlLTExZTgtYmQwNC 1mYTE2M2U3YjRjMjEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXN lciJ9.P2p- 77_8JlZwInyuTQOIFUBpDipUxv2Pe3f3KdQSVMMuq5TcEhsaUEmNdzlNHXUOSEVn3dSulu9SRLvPZ2OlO- 02BkaZMBy_dioAURmZtPjom9w5Lafcwrb38lCaax0bYFZw-_9yGHukz3zmYk-PnrFQDn1fXb- DgvylBIuK_7nd2GQALlRMKIUub-cyIA- ol9Kq0RjtmGKKots90D8nTo7ok7n2c9Jpi7swkCM9yzo20sVJ6VqwZWw- 5BftAppZdZGQFmUgVkbfzeRv8Q3mR9cA0ix7JksBu- 9k3k8qyJG1OjUNcHzP_0E7XIaPHoQF4lrPDkbyVdGaPyY17JMxsQ
-$ vim admin-user-crb.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
$ kubectl create -f admin-user-crb.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created
$ kubectl get clusterrolebindings NAME AGE admin-user 44s cluster-admin 19h kubeadm:kubelet-bootstrap 19h kubeadm:node-autoapprove-bootstrap 19h …
() $ git clone https://github.com/kubernetes/heapster.git Cloning into 'heapster'... remote: Counting objects: 30434, done. remote: Total 30434 (delta 0), reused 0 (delta 0), pack-reused 30433 Receiving objects: 100% (30434/30434), 39.00 MiB | 7.30 MiB/s, done. Resolving deltas: 100% (15636/15636), done. Checking connectivity... done.
() $ cd heapster/ $ kubectl create -f deploy/kube-config/influxdb/ deployment.extensions/monitoring-grafana created service/monitoring-grafana created serviceaccount/heapster created deployment.extensions/heapster created service/heapster created deployment.extensions/monitoring-influxdb created service/monitoring-influxdb created $ kubectl create -f deploy/kube-config/rbac/heapster-rbac.yaml clusterrolebinding.rbac.authorization.k8s.io/heapster created
()
$ kubectl get svc --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h kube-system heapster ClusterIP 10.97.192.100 <none> 80/TCP 12m kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 21h kube-system kubernetes-dashboard NodePort 10.110.140.252 <none> 443:30225/TCP 21h kube-system monitoring-grafana ClusterIP 10.100.85.131 <none> 80/TCP 12m … -
n . / n / . / n / / n / . . n / . n n / n n . / n /( ). . : / ( /
$ kubectl apply -f deploy/kube-config/influxdb/ deployment.extensions/monitoring-grafana unchanged service/monitoring-grafana unchanged serviceaccount/heapster unchanged deployment.extensions/heapster unchanged service/heapster unchanged deployment.extensions/monitoring-influxdb unchanged service/monitoring-influxdb unchanged…
$ kubectl edit svc kubernetes-dashboard -n kube-system # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 kind: Service metadata: …
$ kubectl logs kubernetes-dashboard-6948bdb78-wcl9q -n kube-system … 2018/06/29 06:32:54 [2018-06-29T06:32:54Z] Outcoming response to 10.32.0.1:38848 with 200 status code 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Incoming HTTP/2.0 GET /api/v1/login/status request from 10.32.0.1:38848: {} 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Outcoming response to 10.32.0.1:38848 with 200 status code 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Incoming HTTP/2.0 GET /api/v1/csrftoken/token request from 10.32.0.1:38848: {} …
$ kubectl get pods -n kube-system -o wide … NAME READY STATUS RESTARTS AGE IP NODE coredns-78fcdf6894-245lt 1/1 Running 0 22h 10.40.0.2 k8s-1 coredns-78fcdf6894-q5hm4 1/1 Running 7 22h 10.40.0.1 k8s-1 etcd-k8s-1 1/1 Running 0 22h 192.168.1.13 k8s-1 heapster-dd6db4f9f-gbvtt 1/1 Running 0 1h 10.38.0.2 k8s-3 … -
$ kubectl describe svc kubernetes-dashboard -n kube-system Name: kubernetes-dashboard Namespace: kube-system Labels: k8s-app=kubernetes-dashboard Annotations: kubectl.kubernetes.io/last-applied- configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s- app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":... Selector: k8s-app=kubernetes-dashboard Type: NodePort IP: 10.110.140.252…
) ( ) ( ( (
n a n . : n . n . n a . N b . / . / . .
$ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod labels: app: nginx spec: containers: - name: nginx-container image: nginx
$ kubectl get po NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 3m $ kubectl get po -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx-pod 1/1 Running 0 4m 10.38.0.3 k8s-3
$ docker ps | grep nginx-container 0fe8adcd42a1 nginx@sha256:62a095e5da5f977b9f830adaf64d604c614024bf239d21068e4ca826d0d629a4 "nginx -g 'daemon ..." 4 minutes ago Up 4 minutes k8s_nginx-container_nginx- pod_default_2b636f3a-7b78-11e8-bd04-fa163e7b4c21_0
$ kubectl exec -ti nginx-pod bash $ apt-get update && apt-get install -y curl $ curl 127.0.0.1:80 … <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to …
n I E . BNP n CL : / ./ / / . -/ : ,/ / /: . -: - -/ : :/ -/: / :/ -/
$ vim nginx-svc.yaml kind: Service apiVersion: v1 metadata: name: nginx-svc spec: ports: - name: http port: 81 targetPort: 80 selector: app: nginx type: ClusterIP
$ kubectl exec -ti nginx-pod bash $ curl 10.103.19.26:81 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } …
$ vim nginx-svc.yaml kind: Service apiVersion: v1 metadata: name: nginx-svc spec: ports: - name: http port: 81 targetPort: 80 nodePort: 30001 selector: app: nginx type: NodePort
$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 1d nginx-svc NodePort 10.103.19.26 <none> 81:30001/TCP 16h
1 1 30
$ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod-2 labels: app: nginx spec: containers: - name: nginx-container image: nginx
$ kubectl get po -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx-pod 1/1 Running 0 16h 10.38.0.3 k8s-3 nginx-pod-2 1/1 Running 0 4m 10.32.0.4 k8s-2
$ kubectl exec -ti nginx-pod bash $ apt-get update && apt-get install -y vim $ vim /usr/share/nginx/html/index.html … <body> <h1>Welcome to nginx! (pod-1)</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> …
$ kubectl exec -ti nginx-pod-2 bash $ apt-get update && apt-get install -y vim $ vim /usr/share/nginx/html/index.html … <body> <h1>Welcome to nginx! (pod-2)</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> …
$ kubectl create namespace nginx namespace/nginx created
$ vim nginx-ns.yaml apiVersion: v1 kind: Namespace metadata: name: nginx2
$ kubectl get ns NAME STATUS AGE default Active 1d kube-public Active 1d kube-system Active 1d nginx Active 3m nginx2 Active 3s
$ kubectl delete ns nginx2 namespace "nginx2" deleted
$ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: nginx labels: app: nginx spec: containers: - name: nginx-container image: nginx
$ kubectl get po nginx-pod -n nginx NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 2m
n n
n : n . / / . / / / . / . ./ . /
$ vim nginx-rs.yaml apiVersion: extensions/v1beta1 kind: ReplicaSet metadata: name: replicaset-rs spec: replicas: 3 template: metadata: name: replicaset-po labels: app: nginx spec: containers: - name: replicaset-container image: nginx
$ kubectl get rs -n nginx NAME DESIRED CURRENT READY AGE replicaset-rs 3 3 3 17s
$ kubectl get po -n nginx NAME READY STATUS RESTARTS AGE replicaset-rs-78lwk 1/1 Running 0 13m replicaset-rs-kkqzc 1/1 Running 0 13m replicaset-rs-mtt7h 1/1 Running 0 13m
$ kubectl delete po replicaset-rs-78lwk -n nginx pod "replicaset-rs-78lwk" deleted $ kubectl get po -n nginx NAME READY STATUS RESTARTS AGE replicaset-rs-bgsmv 1/1 Running 0 11s replicaset-rs-kkqzc 1/1 Running 0 16m replicaset-rs-mtt7h 1/1 Running 0 16m
n n : : / / / / . /
$ vim nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deploy namespace: nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
$ kubectl get deploy -n nginx NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx-deploy 3 3 3 3 2m
$ kubectl set image deployment/nginx-deploy nginx- container=nginx:alpine -n nginx deployment.extensions/nginx-deploy image updated
$ kubectl describe po nginx-deploy-7698895786-7wd9d -n nginx … Containers: nginx-container: Container ID: docker://a01d35c2b3dadd0912944e30faeab204632c15bf6dcb91ecea3562fa15a45f 85 Image: nginx:alpine Image ID: docker-pullable://nginx@sha256:4a85273d1e403fbf67 …
$ kubectl rollout status deployment/nginx-deploy -n nginx … Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 2 out of 3 new replicas have been updated …
n n S : n N H n / / / . /
$ vim nginx-ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx-ds namespace: nginx labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
$ vim nginx-ds.yaml … spec: selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 resources: limits: cpu: 100m memory: 200Mi requests: cpu: 100m memory: 200Mi
n . n : . . . / . / / /
$ vim nginx-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: nginx-statefulset namespace: nginx labels: app: nginx spec: serviceName: nginx replicas: 4 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
n N DSPHFR SP E n /): A : /A / . ( : ( C / A- A AA B A A A A A C :B
n - n n -
n C n B G n DA E -
$ vim nginx-pv.yaml kind: PersistentVolume apiVersion: v1 metadata: name: nginx-pv labels: app: nginx spec: storageClassName: manual capacity: storage: 10Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain hostPath: path: "/home/ubuntu/pv-file"
$ kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE nginx-pv 10Gi RWX Retain Available manual 7m
n
$ vim nginx-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nginx-pvc namespace: nginx spec: storageClassName: manual accessModes: - ReadWriteMany resources: requests: storage: 10Gi
$ kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE nginx-pv-1 10Gi RWX Recycle Bound nginx/nginx-pvc manual 1m
$ vim nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deploy namespace: nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 volumeMounts: - mountPath: "/usr/share/nginx/html" name: nginx-storage volumes: - name: nginx-storage persistentVolumeClaim: claimName: nginx-pvc
n n : / . / / / . / .
$ echo -n 'admin' | base64 YWRtaW4= $ vim nginx-secret.yaml apiVersion: v1 kind: Secret metadata: name: nginx-secret namespace: nginx type: Opaque data: username: YWRtaW4=
$ kubectl describe nginx-secret –n nginx Name: nginx-secret Namespace: nginx Labels: <none> Annotations: <none> Type: Opaque Data ==== username: 5 bytes
$ vim nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: nginx spec: containers: - name: nginx-container image: nginx env: - name: SECRET_NAME valueFrom: secretKeyRef: name: nginx-secret key: username
$ kubectl exec -ti nginx-pod bash -n nginx $ export … declare -x KUBERNETES_SERVICE_PORT="443" declare -x KUBERNETES_SERVICE_PORT_HTTPS="443" declare -x NGINX_VERSION="1.15.0-1~stretch" declare -x NJS_VERSION="1.15.0.0.2.1-1~stretch" declare -x OLDPWD declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" declare -x PWD="/" declare -x SECRET_NAME="admin" declare -x SHLVL="1” …
n B : B n / / - - / / / / - - : . - - -
$ vim sa.yaml apiVersion: v1 kind: ServiceAccount metadata: name: nginx-user namespace: nginx
$ kubectl create -f sa.yaml serviceaccount/nginx-user created
$ kubectl describe sa nginx-user -n nginx Name: nginx-user Namespace: nginx Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: nginx-user-token-jnbl5 Tokens: nginx-user-token-jnbl5 Events: <none>
$ vim nginx-r.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: nginx name: nginx-r rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get", "watch", "list", "update", "create", "delete"] -
$ kubectl create -f nginx-r.yaml role.rbac.authorization.k8s.io/nginx-r created
$ vim nginx-rb.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-rb namespace: nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-r subjects: - kind: ServiceAccount name: nginx-user namespace: nginx -
$ kubectl create -f nginx-rb.yaml rolebinding.rbac.authorization.k8s.io/nginx-user created
Kubernetes Tutorial

Recommended

使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台
NUTC, imac
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作
NUTC, imac
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloud
NUTC, imac
 
Containers for sysadmins
Containers for sysadminsContainers for sysadmins
Containers for sysadmins
Carlos de Alfonso Laguna
 
Come configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleCome configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleAntonio Musarra
 
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Maarten Mulders
 
Bash tricks
Bash tricksBash tricks
Bash tricks
Carlo Caputo
 
Gevent rabbit rpc
Gevent rabbit rpcGevent rabbit rpc
Gevent rabbit rpc
Aleksandr Mokrov
 

Recommended

使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台
NUTC, imac
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作
NUTC, imac
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloud
NUTC, imac
 
Containers for sysadmins
Containers for sysadminsContainers for sysadmins
Containers for sysadmins
Carlos de Alfonso Laguna
 
Come configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleCome configurare Liferay 6.0 per Oracle
Come configurare Liferay 6.0 per OracleAntonio Musarra
 
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)Building a DSL with GraalVM (VoxxedDays Luxembourg)
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Maarten Mulders
 
Bash tricks
Bash tricksBash tricks
Bash tricks
Carlo Caputo
 
Gevent rabbit rpc
Gevent rabbit rpcGevent rabbit rpc
Gevent rabbit rpc
Aleksandr Mokrov
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
Eric Ahn
 
Tests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTapTests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTap
Rodolphe Quiédeville
 
No more (unsecure) secrets, Marty
No more (unsecure) secrets, MartyNo more (unsecure) secrets, Marty
No more (unsecure) secrets, Marty
Mathias Herberts
 
Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)
Maarten Mulders
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
Alexander Kachur
 
ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale Subbu Allamaraju
 
PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22
Yuya Takei
 
This is not your father's monitoring.
This is not your father's monitoring.This is not your father's monitoring.
This is not your father's monitoring.
Mathias Herberts
 
Docker practice
Docker practiceDocker practice
Docker practice
wonyong hwang
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
Hideo Amezawa
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)
Fernand Galiana
 
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbСтажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
SmartTools
 
Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108
Mathias Herberts
 
Workflow && t1k
Workflow && t1kWorkflow && t1k
Workflow && t1k
Rodrigo Maia
 
Star bed 2018.07.19
Star bed 2018.07.19Star bed 2018.07.19
Star bed 2018.07.19
Ruo Ando
 
X64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newX64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newYiwei Ma
 
Crack.ba
Crack.baCrack.ba
Crack.ba
Yance Iyai
 
Dtalk shell
Dtalk shellDtalk shell
Dtalk shell
Miha Mencin
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb
Connor McDonald
 
Bluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a BudgetBluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a Budget
Blaine Carter
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
Eueung Mulyana
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
wonyong hwang
 

More Related Content

What's hot

Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
Eric Ahn
 
Tests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTapTests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTap
Rodolphe Quiédeville
 
No more (unsecure) secrets, Marty
No more (unsecure) secrets, MartyNo more (unsecure) secrets, Marty
No more (unsecure) secrets, Marty
Mathias Herberts
 
Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)
Maarten Mulders
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
Alexander Kachur
 
ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale Subbu Allamaraju
 
PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22
Yuya Takei
 
This is not your father's monitoring.
This is not your father's monitoring.This is not your father's monitoring.
This is not your father's monitoring.
Mathias Herberts
 
Docker practice
Docker practiceDocker practice
Docker practice
wonyong hwang
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
Hideo Amezawa
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)
Fernand Galiana
 
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbСтажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
SmartTools
 
Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108
Mathias Herberts
 
Workflow && t1k
Workflow && t1kWorkflow && t1k
Workflow && t1k
Rodrigo Maia
 
Star bed 2018.07.19
Star bed 2018.07.19Star bed 2018.07.19
Star bed 2018.07.19
Ruo Ando
 
X64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newX64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newYiwei Ma
 
Crack.ba
Crack.baCrack.ba
Crack.ba
Yance Iyai
 
Dtalk shell
Dtalk shellDtalk shell
Dtalk shell
Miha Mencin
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb
Connor McDonald
 
Bluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a BudgetBluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a Budget
Blaine Carter
 

What's hot (20)

Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 
Tests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTapTests unitaires pour PostgreSQL avec pgTap
Tests unitaires pour PostgreSQL avec pgTap
 
No more (unsecure) secrets, Marty
No more (unsecure) secrets, MartyNo more (unsecure) secrets, Marty
No more (unsecure) secrets, Marty
 
Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)Building a DSL with GraalVM (CodeOne)
Building a DSL with GraalVM (CodeOne)
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
 
ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale ql.io: Consuming HTTP at Scale
ql.io: Consuming HTTP at Scale
 
PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22PFIセミナー資料 H27.10.22
PFIセミナー資料 H27.10.22
 
This is not your father's monitoring.
This is not your father's monitoring.This is not your father's monitoring.
This is not your father's monitoring.
 
Docker practice
Docker practiceDocker practice
Docker practice
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
 
R-House (LSRC)
R-House (LSRC)R-House (LSRC)
R-House (LSRC)
 
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbСтажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
 
Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108Artimon - Apache Flume (incubating) NYC Meetup 20111108
Artimon - Apache Flume (incubating) NYC Meetup 20111108
 
Workflow && t1k
Workflow && t1kWorkflow && t1k
Workflow && t1k
 
Star bed 2018.07.19
Star bed 2018.07.19Star bed 2018.07.19
Star bed 2018.07.19
 
X64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newX64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 new
 
Crack.ba
Crack.baCrack.ba
Crack.ba
 
Dtalk shell
Dtalk shellDtalk shell
Dtalk shell
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb
 
Bluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a BudgetBluetooth Beacon Tracking on a Budget
Bluetooth Beacon Tracking on a Budget
 

Similar to Kubernetes Tutorial

Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
Eueung Mulyana
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
wonyong hwang
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
Lorin Hochstein
 
k8s practice 2023.pptx
k8s practice 2023.pptxk8s practice 2023.pptx
k8s practice 2023.pptx
wonyong hwang
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
Simon Su
 
AtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration trainingAtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration training
Steve Smith
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
Matthew Jones
 
DeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to DockerDeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to Docker
Steve Smith
 
Multinode kubernetes-cluster
Multinode kubernetes-clusterMultinode kubernetes-cluster
Multinode kubernetes-cluster
Ram Nath
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
DongHyeon Kim
 
$ kubectl hacking @DevOpsCon Berlin 2019
$ kubectl hacking @DevOpsCon Berlin 2019$ kubectl hacking @DevOpsCon Berlin 2019
$ kubectl hacking @DevOpsCon Berlin 2019
Tobias Schneck
 
Kubernetes installation
Kubernetes installationKubernetes installation
Kubernetes installation
Ahmed Mekawy
 
K8s Basic
K8s BasicK8s Basic
K8s Basic
iPride Co., Ltd.
 
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
Anne Nicolas
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPF
Brendan Gregg
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
Roberto Boccadoro
 
Drizzle to MySQL, Stress Free Migration
Drizzle to MySQL, Stress Free MigrationDrizzle to MySQL, Stress Free Migration
Drizzle to MySQL, Stress Free Migration
Andrew Hutchings
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutions
Sander van der Burg
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguideAdarsh Patil
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic Auth
Remotty
 

Similar to Kubernetes Tutorial (20)

Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
 
k8s practice 2023.pptx
k8s practice 2023.pptxk8s practice 2023.pptx
k8s practice 2023.pptx
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
 
AtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration trainingAtlasCamp 2015 Docker continuous integration training
AtlasCamp 2015 Docker continuous integration training
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
 
DeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to DockerDeveloperWeek 2015: A Practical Introduction to Docker
DeveloperWeek 2015: A Practical Introduction to Docker
 
Multinode kubernetes-cluster
Multinode kubernetes-clusterMultinode kubernetes-cluster
Multinode kubernetes-cluster
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
$ kubectl hacking @DevOpsCon Berlin 2019
$ kubectl hacking @DevOpsCon Berlin 2019$ kubectl hacking @DevOpsCon Berlin 2019
$ kubectl hacking @DevOpsCon Berlin 2019
 
Kubernetes installation
Kubernetes installationKubernetes installation
Kubernetes installation
 
K8s Basic
K8s BasicK8s Basic
K8s Basic
 
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...
 
Kernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPFKernel Recipes 2017: Performance Analysis with BPF
Kernel Recipes 2017: Performance Analysis with BPF
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
Drizzle to MySQL, Stress Free Migration
Drizzle to MySQL, Stress Free MigrationDrizzle to MySQL, Stress Free Migration
Drizzle to MySQL, Stress Free Migration
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutions
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguide
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic Auth
 

Recently uploaded

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 

Recently uploaded (20)

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 

Kubernetes Tutorial

  • 1.
  • 2. Ci-Jie T :4 n .(- C - 4 44 n F SJ DM /) n 4 4 4 K N 4# #
  • 3. n / .- . - - .. n / -
  • 4. n 0( . (0 0 n 41 0( . 6 0( . . 0 ) . n 64
  • 5. 1 0 .() ) ) 4 (. .
  • 6. n ( ( ( n M D n n K )
  • 7. n H A eKac n G b NSi H C ac n O ac Gi M g E h , H n g /. A - . B. : d W A : A A A C
  • 8. n H M n A K n A KM n N n . / / ./-. : / / / . -/ .
  • 9. n LR : E / A E . E 69 04 1 FH n UM P FH .7: S 2- 5 O a G + B HE AF F B FFC AE CC B D
  • 10. n 6 n 6 4 n .0 1
  • 11. $ sudo su $ apt-get update $ apt-get install -y apt-transport-https ca-certificates curl software- properties-common $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - $ add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" $ apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
  • 12. $ docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 03:35:14 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 03:35:14 2017 OS/Arch: linux/amd64 Experimental: false
  • 13. $ apt-get update && apt-get install -y apt-transport-https curl $ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt- key add - $ cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb http://apt.kubernetes.io/ kubernetes-xenial main EOF $ apt-get update $ apt-get install -y kubelet kubeadm kubectl
  • 14. $ kubeadm version … Usage: kubeadm [command] Available Commands: alpha Experimental sub-commands not yet fully functional. completion Output shell completion code for the specified shell (bash or zsh). config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster. help Help about any command init Run this command in order to set up the Kubernetes master. join Run this on any machine you wish to join an existing cluster reset Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'. token Manage bootstrap tokens. …
  • 15. $ kubeadm init … You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 192.168.1.13:6443 --token 6lkv4n.uob08598143vuqdg --discovery-token-ca-cert-hash sha256:b031704cd27c0911d6a5723c9d186da3d43bd772bc7d6f5efab95e463894f963… …
  • 16. $ mkdir -p $HOME/.kube $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ chown $(id -u):$(id -g) $HOME/.kube/config
  • 17. $ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 NotReady master 56m v1.11.0
  • 18. n ) - n ) ) n ) n n ) ) n ( ) C
  • 19. $ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s- version=$(kubectl version | base64 | tr -d 'n')" serviceaccount/weave-net created clusterrole.rbac.authorization.k8s.io/weave-net created clusterrolebinding.rbac.authorization.k8s.io/weave-net created role.rbac.authorization.k8s.io/weave-net created rolebinding.rbac.authorization.k8s.io/weave-net created daemonset.extensions/weave-net created
  • 20. $ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 56m v1.11.0
  • 21. $ kubeadm join 192.168.1.13:6443 --token 6lkv4n.uob08598143vuqdg -- discovery-token-ca-cert-hash sha256:b031704cd27c0911d6a5723c9d186da3d43bd772bc7d6f5efab95e 463894f963 … This node has joined the cluster: * Certificate signing request was sent to master and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.
  • 22. $ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 7m v1.11.0 k8s-2 Ready <none> 3m v1.11.0
  • 23. $ kubeadm token create --print-join-command I0628 09:14:48.723888 19798 feature_gate.go:230] feature gates: &{map[]} kubeadm join 192.168.1.13:6443 --token kgze8w.jfqyowrqj9aoi877 --discovery-token-ca-cert-hash sha256:15fb8bd02a82ef008ffdb1ebd4e7392e70115ffc4d6ae1caac8a32ba10ed3923
  • 24. $ kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-1 Ready master 22m v1.11.0 k8s-2 Ready <none> 18m v1.11.0 k8s-3 Ready <none> 2m v1.11.0
  • 25. $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/d eploy/recommended/kubernetes-dashboard.yaml ommended/kubernetes-dashboard.yaml secret/kubernetes-dashboard-certs created serviceaccount/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created deployment.apps/kubernetes-dashboard created service/kubernetes-dashboard created
  • 26. $ kubectl proxy (screen) $ curl http://localhost:8001/api/v1/namespaces/kube- system/services/https:kubernetes-dashboard:/proxy/ <!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng- controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.93db0a0d.css"> <link rel="stylesheet" href="static/app.93e259f7.css"> </head> <body ng-controller="kdMain as $ctrl"> <!--[if lt IE 10]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <kd-login layout="column" layout-fill="" ng-if="$ctrl.isLoginState()"> </kd-login> <kd- chrome layout="column" layout-fill="" ng-if="!$ctrl.isLoginState()"> </kd-chrome> <script src="static/vendor.bd425c26.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.b5ad51ac.js"></script> </body> </html>
  • 27. $ kubectl edit svc kubernetes-dashboard -n kube-system $ kubectl get svc –n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 40m kubernetes-dashboard NodePort 10.110.140.252 <none> 443:30225/TCP 9m
  • 28.
  • 29. - - $ vim admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
  • 30. $ kubectl create -f admin-user.yaml serviceaccount/admin-user created
  • 31. $ kubectl get sa -n kube-system NAME SECRETS AGE admin-user 1 1m attachdetach-controller 1 18h bootstrap-signer 1 18h certificate-controller 1 18h clusterrole-aggregation-controller 1 18h coredns 1 18h …
  • 32. $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}’) … token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZX Rlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2V ydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTlmdDd4Iiwia3ViZXJuZXRlcy5pby 9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLml vL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhOTdhNWI0ZC03YjRlLTExZTgtYmQwNC 1mYTE2M2U3YjRjMjEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXN lciJ9.P2p- 77_8JlZwInyuTQOIFUBpDipUxv2Pe3f3KdQSVMMuq5TcEhsaUEmNdzlNHXUOSEVn3dSulu9SRLvPZ2OlO- 02BkaZMBy_dioAURmZtPjom9w5Lafcwrb38lCaax0bYFZw-_9yGHukz3zmYk-PnrFQDn1fXb- DgvylBIuK_7nd2GQALlRMKIUub-cyIA- ol9Kq0RjtmGKKots90D8nTo7ok7n2c9Jpi7swkCM9yzo20sVJ6VqwZWw- 5BftAppZdZGQFmUgVkbfzeRv8Q3mR9cA0ix7JksBu- 9k3k8qyJG1OjUNcHzP_0E7XIaPHoQF4lrPDkbyVdGaPyY17JMxsQ
  • 33.
  • 34. -$ vim admin-user-crb.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
  • 35. $ kubectl create -f admin-user-crb.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created
  • 36. $ kubectl get clusterrolebindings NAME AGE admin-user 44s cluster-admin 19h kubeadm:kubelet-bootstrap 19h kubeadm:node-autoapprove-bootstrap 19h …
  • 37.
  • 38. () $ git clone https://github.com/kubernetes/heapster.git Cloning into 'heapster'... remote: Counting objects: 30434, done. remote: Total 30434 (delta 0), reused 0 (delta 0), pack-reused 30433 Receiving objects: 100% (30434/30434), 39.00 MiB | 7.30 MiB/s, done. Resolving deltas: 100% (15636/15636), done. Checking connectivity... done.
  • 39. () $ cd heapster/ $ kubectl create -f deploy/kube-config/influxdb/ deployment.extensions/monitoring-grafana created service/monitoring-grafana created serviceaccount/heapster created deployment.extensions/heapster created service/heapster created deployment.extensions/monitoring-influxdb created service/monitoring-influxdb created $ kubectl create -f deploy/kube-config/rbac/heapster-rbac.yaml clusterrolebinding.rbac.authorization.k8s.io/heapster created
  • 40. ()
  • 41. $ kubectl get svc --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h kube-system heapster ClusterIP 10.97.192.100 <none> 80/TCP 12m kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 21h kube-system kubernetes-dashboard NodePort 10.110.140.252 <none> 443:30225/TCP 21h kube-system monitoring-grafana ClusterIP 10.100.85.131 <none> 80/TCP 12m … -
  • 42. n . / n / . / n / / n / . . n / . n n / n n . / n /( ). . : / ( /
  • 43. $ kubectl apply -f deploy/kube-config/influxdb/ deployment.extensions/monitoring-grafana unchanged service/monitoring-grafana unchanged serviceaccount/heapster unchanged deployment.extensions/heapster unchanged service/heapster unchanged deployment.extensions/monitoring-influxdb unchanged service/monitoring-influxdb unchanged…
  • 44. $ kubectl edit svc kubernetes-dashboard -n kube-system # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 kind: Service metadata: …
  • 45. $ kubectl logs kubernetes-dashboard-6948bdb78-wcl9q -n kube-system … 2018/06/29 06:32:54 [2018-06-29T06:32:54Z] Outcoming response to 10.32.0.1:38848 with 200 status code 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Incoming HTTP/2.0 GET /api/v1/login/status request from 10.32.0.1:38848: {} 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Outcoming response to 10.32.0.1:38848 with 200 status code 2018/06/29 06:32:56 [2018-06-29T06:32:56Z] Incoming HTTP/2.0 GET /api/v1/csrftoken/token request from 10.32.0.1:38848: {} …
  • 46. $ kubectl get pods -n kube-system -o wide … NAME READY STATUS RESTARTS AGE IP NODE coredns-78fcdf6894-245lt 1/1 Running 0 22h 10.40.0.2 k8s-1 coredns-78fcdf6894-q5hm4 1/1 Running 7 22h 10.40.0.1 k8s-1 etcd-k8s-1 1/1 Running 0 22h 192.168.1.13 k8s-1 heapster-dd6db4f9f-gbvtt 1/1 Running 0 1h 10.38.0.2 k8s-3 … -
  • 47. $ kubectl describe svc kubernetes-dashboard -n kube-system Name: kubernetes-dashboard Namespace: kube-system Labels: k8s-app=kubernetes-dashboard Annotations: kubectl.kubernetes.io/last-applied- configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s- app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":... Selector: k8s-app=kubernetes-dashboard Type: NodePort IP: 10.110.140.252…
  • 48. ) ( ) ( ( (
  • 49. n a n . : n . n . n a . N b . / . / . .
  • 50. $ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod labels: app: nginx spec: containers: - name: nginx-container image: nginx
  • 51. $ kubectl get po NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 3m $ kubectl get po -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx-pod 1/1 Running 0 4m 10.38.0.3 k8s-3
  • 52. $ docker ps | grep nginx-container 0fe8adcd42a1 nginx@sha256:62a095e5da5f977b9f830adaf64d604c614024bf239d21068e4ca826d0d629a4 "nginx -g 'daemon ..." 4 minutes ago Up 4 minutes k8s_nginx-container_nginx- pod_default_2b636f3a-7b78-11e8-bd04-fa163e7b4c21_0
  • 53. $ kubectl exec -ti nginx-pod bash $ apt-get update && apt-get install -y curl $ curl 127.0.0.1:80 … <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to …
  • 54. n I E . BNP n CL : / ./ / / . -/ : ,/ / /: . -: - -/ : :/ -/: / :/ -/
  • 55. $ vim nginx-svc.yaml kind: Service apiVersion: v1 metadata: name: nginx-svc spec: ports: - name: http port: 81 targetPort: 80 selector: app: nginx type: ClusterIP
  • 56. $ kubectl exec -ti nginx-pod bash $ curl 10.103.19.26:81 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } …
  • 57. $ vim nginx-svc.yaml kind: Service apiVersion: v1 metadata: name: nginx-svc spec: ports: - name: http port: 81 targetPort: 80 nodePort: 30001 selector: app: nginx type: NodePort
  • 58. $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 1d nginx-svc NodePort 10.103.19.26 <none> 81:30001/TCP 16h
  • 60. $ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod-2 labels: app: nginx spec: containers: - name: nginx-container image: nginx
  • 61. $ kubectl get po -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx-pod 1/1 Running 0 16h 10.38.0.3 k8s-3 nginx-pod-2 1/1 Running 0 4m 10.32.0.4 k8s-2
  • 62. $ kubectl exec -ti nginx-pod bash $ apt-get update && apt-get install -y vim $ vim /usr/share/nginx/html/index.html … <body> <h1>Welcome to nginx! (pod-1)</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> …
  • 63. $ kubectl exec -ti nginx-pod-2 bash $ apt-get update && apt-get install -y vim $ vim /usr/share/nginx/html/index.html … <body> <h1>Welcome to nginx! (pod-2)</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> …
  • 64.
  • 65.
  • 66. $ kubectl create namespace nginx namespace/nginx created
  • 67. $ vim nginx-ns.yaml apiVersion: v1 kind: Namespace metadata: name: nginx2
  • 68. $ kubectl get ns NAME STATUS AGE default Active 1d kube-public Active 1d kube-system Active 1d nginx Active 3m nginx2 Active 3s
  • 69. $ kubectl delete ns nginx2 namespace "nginx2" deleted
  • 70. $ vim nginx-po.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: nginx labels: app: nginx spec: containers: - name: nginx-container image: nginx
  • 71. $ kubectl get po nginx-pod -n nginx NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 2m
  • 72. n n
  • 73. n : n . / / . / / / . / . ./ . /
  • 74. $ vim nginx-rs.yaml apiVersion: extensions/v1beta1 kind: ReplicaSet metadata: name: replicaset-rs spec: replicas: 3 template: metadata: name: replicaset-po labels: app: nginx spec: containers: - name: replicaset-container image: nginx
  • 75. $ kubectl get rs -n nginx NAME DESIRED CURRENT READY AGE replicaset-rs 3 3 3 17s
  • 76. $ kubectl get po -n nginx NAME READY STATUS RESTARTS AGE replicaset-rs-78lwk 1/1 Running 0 13m replicaset-rs-kkqzc 1/1 Running 0 13m replicaset-rs-mtt7h 1/1 Running 0 13m
  • 77. $ kubectl delete po replicaset-rs-78lwk -n nginx pod "replicaset-rs-78lwk" deleted $ kubectl get po -n nginx NAME READY STATUS RESTARTS AGE replicaset-rs-bgsmv 1/1 Running 0 11s replicaset-rs-kkqzc 1/1 Running 0 16m replicaset-rs-mtt7h 1/1 Running 0 16m
  • 78. n n : : / / / / . /
  • 79. $ vim nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deploy namespace: nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
  • 80. $ kubectl get deploy -n nginx NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx-deploy 3 3 3 3 2m
  • 81. $ kubectl set image deployment/nginx-deploy nginx- container=nginx:alpine -n nginx deployment.extensions/nginx-deploy image updated
  • 82. $ kubectl describe po nginx-deploy-7698895786-7wd9d -n nginx … Containers: nginx-container: Container ID: docker://a01d35c2b3dadd0912944e30faeab204632c15bf6dcb91ecea3562fa15a45f 85 Image: nginx:alpine Image ID: docker-pullable://nginx@sha256:4a85273d1e403fbf67 …
  • 83. $ kubectl rollout status deployment/nginx-deploy -n nginx … Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 1 out of 3 new replicas have been updated... Waiting for deployment "nginx-deploy" rollout to finish: 2 out of 3 new replicas have been updated …
  • 84. n n S : n N H n / / / . /
  • 85. $ vim nginx-ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx-ds namespace: nginx labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
  • 86. $ vim nginx-ds.yaml … spec: selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 resources: limits: cpu: 100m memory: 200Mi requests: cpu: 100m memory: 200Mi
  • 87. n . n : . . . / . / / /
  • 88. $ vim nginx-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: nginx-statefulset namespace: nginx labels: app: nginx spec: serviceName: nginx replicas: 4 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80
  • 89. n N DSPHFR SP E n /): A : /A / . ( : ( C / A- A AA B A A A A A C :B
  • 91. n C n B G n DA E -
  • 92. $ vim nginx-pv.yaml kind: PersistentVolume apiVersion: v1 metadata: name: nginx-pv labels: app: nginx spec: storageClassName: manual capacity: storage: 10Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain hostPath: path: "/home/ubuntu/pv-file"
  • 93. $ kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE nginx-pv 10Gi RWX Retain Available manual 7m
  • 94. n
  • 95. $ vim nginx-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nginx-pvc namespace: nginx spec: storageClassName: manual accessModes: - ReadWriteMany resources: requests: storage: 10Gi
  • 96. $ kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE nginx-pv-1 10Gi RWX Recycle Bound nginx/nginx-pvc manual 1m
  • 97. $ vim nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deploy namespace: nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx-po labels: app: nginx spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 volumeMounts: - mountPath: "/usr/share/nginx/html" name: nginx-storage volumes: - name: nginx-storage persistentVolumeClaim: claimName: nginx-pvc
  • 98.
  • 99. n n : / . / / / . / .
  • 100. $ echo -n 'admin' | base64 YWRtaW4= $ vim nginx-secret.yaml apiVersion: v1 kind: Secret metadata: name: nginx-secret namespace: nginx type: Opaque data: username: YWRtaW4=
  • 101. $ kubectl describe nginx-secret –n nginx Name: nginx-secret Namespace: nginx Labels: <none> Annotations: <none> Type: Opaque Data ==== username: 5 bytes
  • 102. $ vim nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: nginx spec: containers: - name: nginx-container image: nginx env: - name: SECRET_NAME valueFrom: secretKeyRef: name: nginx-secret key: username
  • 103. $ kubectl exec -ti nginx-pod bash -n nginx $ export … declare -x KUBERNETES_SERVICE_PORT="443" declare -x KUBERNETES_SERVICE_PORT_HTTPS="443" declare -x NGINX_VERSION="1.15.0-1~stretch" declare -x NJS_VERSION="1.15.0.0.2.1-1~stretch" declare -x OLDPWD declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" declare -x PWD="/" declare -x SECRET_NAME="admin" declare -x SHLVL="1” …
  • 104. n B : B n / / - - / / / / - - : . - - -
  • 105. $ vim sa.yaml apiVersion: v1 kind: ServiceAccount metadata: name: nginx-user namespace: nginx
  • 106. $ kubectl create -f sa.yaml serviceaccount/nginx-user created
  • 107. $ kubectl describe sa nginx-user -n nginx Name: nginx-user Namespace: nginx Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: nginx-user-token-jnbl5 Tokens: nginx-user-token-jnbl5 Events: <none>
  • 108. $ vim nginx-r.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: nginx name: nginx-r rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get", "watch", "list", "update", "create", "delete"] -
  • 109. $ kubectl create -f nginx-r.yaml role.rbac.authorization.k8s.io/nginx-r created
  • 110. $ vim nginx-rb.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: nginx-rb namespace: nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: nginx-r subjects: - kind: ServiceAccount name: nginx-user namespace: nginx -
  • 111. $ kubectl create -f nginx-rb.yaml rolebinding.rbac.authorization.k8s.io/nginx-user created