8. 常用操作
8.1 进入集群节点
minikube ssh
8.2 停止集群
minikube stop
8.3 启动集群
minikube start
8.4 删除集群
minikube delete minikube delete --all
8.5 暂停集群
但不影响已部署的应用程序
minikube pause
8.5 取消暂停
minikube unpause
8.6 修改默认内存限制
minikube config set memory 9001
9. 部署 Ingress
启用Ingress插件
$ minikube addons enable ingress 🔎 Verifying ingress addon... 🌟 The 'ingress' addon is enabled
查看 pod
$ kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-6hf47 0/1 Completed 0 91s ingress-nginx-admission-patch-5dpqz 0/1 Completed 0 91s ingress-nginx-controller-6cfb67d797-gqj98 1/1 Running 0 91s
10.管理 dashboard
Dashboard 是一个基于 Web 的 Kubernetes 用户界面。您可以使用它来:
将容器化应用程序部署到 Kubernetes 集群
对您的容器化应用程序进行故障排除
管理集群资源
概览在您的集群上运行的应用程序
创建或修改单个 Kubernetes 资源(例如 Deployment、Jobs、DaemonSets 等)
例如,您可以使用部署向导扩展部署、启动滚动更新、重新启动 pod 或部署新应用程序。
10.1 创建 dashboard
minikube dashboard
输出:
🔌 Enabling dashboard ... ▪ Using image docker.io/kubernetesui/dashboard:v2.7.0 ▪ Using image docker.io/kubernetesui/metrics-scraper:v1.0.8 💡 Some dashboard features require the metrics-server addon. To enable all features please run: minikube addons enable metrics-server 🤔 Verifying dashboard health ... 🚀 Launching proxy ... 🤔 Verifying proxy health ... http://127.0.0.1:43995/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
当然,我们可以指定喜欢的端口(port)
$ minikube dashboard --port 8081 🤔 Verifying dashboard health ... 🚀 Launching proxy ... 🤔 Verifying proxy health ... http://127.0.0.1:8081/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
这将启用 dashboard 插件,并在默认 Web 浏览器中打开代理。
要停止代理(使仪表板保持运行),请中止已启动的进程 ( Ctrl+C)。
查看 dashboard 是否启动正常
$ kubectl get all -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE pod/dashboard-metrics-scraper-57d8d5b8b8-zhtjq 1/1 Running 0 126m pod/kubernetes-dashboard-6f75b5c656-dxr87 1/1 Running 0 126m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard-metrics-scraper ClusterIP 10.97.77.170 <none> 8000/TCP 126m service/kubernetes-dashboard ClusterIP 10.101.172.254 <none> 80/TCP 126m NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/dashboard-metrics-scraper 1/1 1 1 126m deployment.apps/kubernetes-dashboard 1/1 1 1 126m NAME DESIRED CURRENT READY AGE replicaset.apps/dashboard-metrics-scraper-57d8d5b8b8 1 1 1 126m replicaset.apps/kubernetes-dashboard-6f75b5c656 1 1 1 126m
查看界面 URL
$ minikube dashboard --url 🤔 Verifying dashboard health ... 🚀 Launching proxy ... 🤔 Verifying proxy health ... http://127.0.0.1:43995/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
、
10.2 访问 API
访问 dashboard API资源
$ curl http://127.0.0.1:43995/ { "paths": [ "/.well-known/openid-configuration", "/api", "/api/v1", "/apis", "/apis/", "/apis/admissionregistration.k8s.io", "/apis/admissionregistration.k8s.io/v1", "/apis/apiextensions.k8s.io", "/apis/apiextensions.k8s.io/v1", "/apis/apiregistration.k8s.io", "/apis/apiregistration.k8s.io/v1", "/apis/apps", "/apis/apps/v1", "/apis/authentication.k8s.io", "/apis/authentication.k8s.io/v1", "/apis/authorization.k8s.io", "/apis/authorization.k8s.io/v1", "/apis/autoscaling", "/apis/autoscaling/v1", "/apis/autoscaling/v2", "/apis/autoscaling/v2beta1", "/apis/autoscaling/v2beta2", "/apis/batch", "/apis/batch/v1", "/apis/batch/v1beta1", "/apis/certificates.k8s.io", "/apis/certificates.k8s.io/v1", "/apis/coordination.k8s.io", "/apis/coordination.k8s.io/v1", "/apis/discovery.k8s.io", "/apis/discovery.k8s.io/v1", "/apis/discovery.k8s.io/v1beta1", "/apis/events.k8s.io", "/apis/events.k8s.io/v1", "/apis/events.k8s.io/v1beta1", "/apis/flowcontrol.apiserver.k8s.io", "/apis/flowcontrol.apiserver.k8s.io/v1beta1", "/apis/flowcontrol.apiserver.k8s.io/v1beta2", "/apis/networking.k8s.io", "/apis/networking.k8s.io/v1", "/apis/node.k8s.io", "/apis/node.k8s.io/v1", "/apis/node.k8s.io/v1beta1", "/apis/policy", "/apis/policy/v1", "/apis/policy/v1beta1", "/apis/rbac.authorization.k8s.io", "/apis/rbac.authorization.k8s.io/v1", "/apis/scheduling.k8s.io", "/apis/scheduling.k8s.io/v1", "/apis/storage.k8s.io", "/apis/storage.k8s.io/v1", "/apis/storage.k8s.io/v1beta1", "/healthz", "/healthz/autoregister-completion", "/healthz/etcd", "/healthz/log", "/healthz/ping", "/healthz/poststarthook/aggregator-reload-proxy-client-cert", "/healthz/poststarthook/apiservice-openapi-controller", "/healthz/poststarthook/apiservice-registration-controller", "/healthz/poststarthook/apiservice-status-available-controller", "/healthz/poststarthook/bootstrap-controller", "/healthz/poststarthook/crd-informer-synced", "/healthz/poststarthook/generic-apiserver-start-informers", "/healthz/poststarthook/kube-apiserver-autoregistration", "/healthz/poststarthook/priority-and-fairness-config-consumer", "/healthz/poststarthook/priority-and-fairness-config-producer", "/healthz/poststarthook/priority-and-fairness-filter", "/healthz/poststarthook/rbac/bootstrap-roles", "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes", "/healthz/poststarthook/start-apiextensions-controllers", "/healthz/poststarthook/start-apiextensions-informers", "/healthz/poststarthook/start-cluster-authentication-info-controller", "/healthz/poststarthook/start-kube-aggregator-informers", "/healthz/poststarthook/start-kube-apiserver-admission-initializer", "/livez", "/livez/autoregister-completion", "/livez/etcd", "/livez/log", "/livez/ping", "/livez/poststarthook/aggregator-reload-proxy-client-cert", "/livez/poststarthook/apiservice-openapi-controller", "/livez/poststarthook/apiservice-registration-controller", "/livez/poststarthook/apiservice-status-available-controller", "/livez/poststarthook/bootstrap-controller", "/livez/poststarthook/crd-informer-synced", "/livez/poststarthook/generic-apiserver-start-informers", "/livez/poststarthook/kube-apiserver-autoregistration", "/livez/poststarthook/priority-and-fairness-config-consumer", "/livez/poststarthook/priority-and-fairness-config-producer", "/livez/poststarthook/priority-and-fairness-filter", "/livez/poststarthook/rbac/bootstrap-roles", "/livez/poststarthook/scheduling/bootstrap-system-priority-classes", "/livez/poststarthook/start-apiextensions-controllers", "/livez/poststarthook/start-apiextensions-informers", "/livez/poststarthook/start-cluster-authentication-info-controller", "/livez/poststarthook/start-kube-aggregator-informers", "/livez/poststarthook/start-kube-apiserver-admission-initializer", "/logs", "/metrics", "/openapi/v2", "/openid/v1/jwks", "/readyz", "/readyz/autoregister-completion", "/readyz/etcd", "/readyz/informer-sync", "/readyz/log", "/readyz/ping", "/readyz/poststarthook/aggregator-reload-proxy-client-cert", "/readyz/poststarthook/apiservice-openapi-controller", "/readyz/poststarthook/apiservice-registration-controller", "/readyz/poststarthook/apiservice-status-available-controller", "/readyz/poststarthook/bootstrap-controller", "/readyz/poststarthook/crd-informer-synced", "/readyz/poststarthook/generic-apiserver-start-informers", "/readyz/poststarthook/kube-apiserver-autoregistration", "/readyz/poststarthook/priority-and-fairness-config-consumer", "/readyz/poststarthook/priority-and-fairness-config-producer", "/readyz/poststarthook/priority-and-fairness-filter", "/readyz/poststarthook/rbac/bootstrap-roles", "/readyz/poststarthook/scheduling/bootstrap-system-priority-classes", "/readyz/poststarthook/start-apiextensions-controllers", "/readyz/poststarthook/start-apiextensions-informers", "/readyz/poststarthook/start-cluster-authentication-info-controller", "/readyz/poststarthook/start-kube-aggregator-informers", "/readyz/poststarthook/start-kube-apiserver-admission-initializer", "/readyz/shutdown", "/version" ] }
例如,访问集群是否健康
$ curl http://127.0.0.1:8085/healthz ok
10.3 域名访问
我准备中止已启动的进程 ( Ctrl+C),实现通过域名访问 kubernetes-dashboard,我们已经部署了ingress-controller,只需要编写一个ingress yaml文件即可。
dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dashboard-ingress namespace: kubernetes-dashboard annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: dashboard.com http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 80
创建为 dashboard-ingress
$ k apply -f dashboard-ingress.yaml ingress.networking.k8s.io/dashboard-ingress created 注意:这里ADDRESS需要等待一段时间域名才能解析到主机地址 $ k get -n kubernetes-dashboard ingress NAME CLASS HOSTS ADDRESS PORTS AGE dashboard-ingress nginx dashboard.com 80 23s 等到了 $ k get -n kubernetes-dashboard ingress --watch NAME CLASS HOSTS ADDRESS PORTS AGE dashboard-ingress nginx dashboard.com 192.168.10.25 80 11m
在主机hosts文件添加此映射配置
cat <<EOF >> /etc/hosts 192.168.10.25 dashboard.com EOF
windows: 在 C:\Windows\System32\drivers\etc\hosts添加192.168.10.25 dashboard.com
访问 dashboard.com
- 更多关于 kubernetes dashboard 内容请参考这篇文章
11. 部署应用
11.1 创建 NodePort 类型的deployment
kubectl create deployment hello-minikube --image=docker.io/nginx:1.23 kubectl expose deployment hello-minikube --type=NodePort --port=80
$ kubectl get services hello-minikube NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube NodePort 10.96.236.93 <none> 80:30578/TCP 60m $ minikube service hello-minikube |-----------|----------------|-------------|----------------------------| | NAMESPACE | NAME | TARGET PORT | URL | |-----------|----------------|-------------|----------------------------| | default | hello-minikube | 80 | http://192.168.10.25:30578 | |-----------|----------------|-------------|----------------------------| 🎉 Opening service default/hello-minikube in default browser... 👉 http://192.168.10.25:30578
浏览器访问:
查询 URL
$ minikube service hello-minikube --url http://192.168.10.25:30578
或者,使用kubectl转发端口:
$ kubectl port-forward service/hello-minikube 7080:80 Forwarding from 127.0.0.1:7080 -> 80 Forwarding from [::1]:7080 -> 80
新打开一个终端:
$ curl 127.0.0.1:7080 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
11.2 创建 LoadBalancer 类型的 deployment
当你想被集群外访问,创建 LoadBalancer 类型的 deployment
kubectl create deployment hello-minikube1 --image=docker.io/nginx:1.23 kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
查看svc
$ k get svc hello-minikube1 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube1 LoadBalancer 10.101.92.170 <pending> 8080:31412/TCP 113s
pending,那么如何获取EXTERNAL-IP
minikube tunnel 作为一个进程运行,在主机上使用集群的IP地址作为网关创建到集群的服务CIDR的网络路由。tunnel命令直接向主机操作系统上运行的任何程序公开外部IP。
$ minikube tunnel Status: machine: minikube pid: 15915 route: 10.96.0.0/12 -> 192.168.10.25 minikube: Running services: [hello-minikube1] errors: minikube: no errors router: no errors loadbalancer emulator: no errors
新打开一个终端
$ kubectl get svc hello-minikube1 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube1 LoadBalancer 10.101.92.170 10.101.92.170 8080:31412/TCP 5m48s
在浏览器中打开(确保没有代理)
访问:http://REPLACE_WITH_EXTERNAL_IP:8080
虽然获取到了EXTERNAL_IP,但访问测试没通,姿势不对。
讨论:
Minikube - External IP not match host’s public IP
Unable to access application through minikube tunnel
11.3 TLS 域名访问
创建证书
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
根据证书生成 secret
kubectl -n default create secret tls mkcert --key key.pem --cert cert.pem
创建 app 应用
kubectl create deployment hello-minikube1 --image=docker.io/nginx:1.23 kubectl expose deployment hello-minikube1 --port=80
查看 svc
$ k get svc hello-minikube1 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube1 ClusterIP 10.99.155.128 <none> 80/TCP 8m10s
编写 tls-ingress-nginx 文件
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: secure-ingress-hello annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: tls: - hosts: - minikube.nginx.com secretName: mkcert rules: - host: minikube.nginx.com http: paths: - path: /hello pathType: Prefix backend: service: name: hello-minikube1 port: number: 80
查看域名获取地址
$ k get ingress --watch NAME CLASS HOSTS ADDRESS PORTS AGE secure-ingress-hello nginx minikube.nginx.com 192.168.10.25 80, 443 9m43s
访问:https://minikube.nginx.com/hello
✈推荐阅读:
- 更多 Minikube 操作请参阅
- kind 部署 kubernetes 集群
- Minikube 在 Ubuntu 部署 Kubernetes
- Minikube 在 Centos 7 部署 Kubernetes
- kubeadm 部署 kubernetes 集群
- 云原生圣经
