Kubernetes集群实战（微课版）-项目实训参考 项目1-9 从 ocker 转向Kubernetes-持续集成和持续部署

《Kubernetes集群实战（微课版）》

项目实训参考指导项目1从Docker转向Kubernetes实训1安装DockerEngine并进行镜像和容器的基本操作实训目的（1）了解Docker版本和安装方式。（2）掌握DockerEngine的安装方法。（3）掌握镜像和容器的基本操作方法。实训内容建议参照任务1.1.1通过Docker的软件仓库安装Docker；参照任务1.2.1操作镜像和容器。（1）准备Docker安装环境。操作系统选择CentOSStream8或CentOSStream9；更改主机名；修改网络连接配置；禁用防火墙和SELinux；更改时区。（2）设置Docker软件仓库。yuminstall-yyum-utilsyum-config-manager--add-repo\/docker-ce/linux/centos/docker-ce.repo（3）安装DockerEngine软件包。如果运行的是CentOSStream8，则需要先卸载默认的容器引擎Podman：yumerasepodmanbuilda如果运行的是CentOSStream9，则无需此操作。建议安装指定版本的DockerEngine：yuminstalldocker-ce-20.10.21docker-ce-cli-20.10.21containerd.io-1.6.10也可以尝试安装最新版本：yuminstalldocker-cedocker-ce-clicontainerd.iodocker-buildx-plugindocker-compose-plugin目前最新版本涉及DockerCompose的安装。（4）启动Docker并运行hello-world镜像进行测试。systemctlstartdockerdockerrunhello-world因国内网络环境限制，实际应用中我们会遇到无法拉取Docker镜像的情况。最简单的解决方案是使用镜像加速器。推荐使用以下镜像加速器：Daocloud镜像加速器：https://docker.m.daocloud.io阿里云镜像加速器：https://XXXXX.华为云镜像加速器：XXXXX.阿里云和华为云需要登录账号，获取特定的镜像加速器地址。需要注意的是，之前一些常用的镜像加速器已变得不好用，列举如下：Docker官方镜像（中国区）镜像加速器：腾讯云镜像加速器：中国科学技术大学：网易云镜像加速器：南京大学镜像加速器：（5）执行拉取镜像、显示镜像列表和查看镜像构建历史信息的操作。dockerpullubuntu:18.04dockerimagesdockerhistoryubuntu:18.04（6）基于httpd镜像以后台方式运行Apache容器并对外开放80端口。dockerrun-d-p80:80--nametestwebhttpd（7）使用dockerexec命令进入Apache容器查看当前目录。dockerexec-ittestweb/bin/bash（8）停止并删除Apache容器。dockerstoptestwebdockerrmtestweb实训2对Node.jsWeb应用程序进行容器化实训目的（1）了解应用程序容器化的基本步骤。（2）学会应用程序容器化的基本方法。实训内容直接从源码托管平台克隆一个公告板应用程序项目node-bulletin-board使用。（1）创建项目目录。mkdirbulletin&&cdbulletin（2）使用Git工具将node-bulletin-board库克隆到本地。若实验环境中没有安装Git客户端，先执行进行安装：yuminstall-ygit从GitHub网站获取该项目。[root@docker_devbulletin]#gitclone/docker-training/node-bulletin-board正克隆到'node-bulletin-board'...remote:Enumeratingobjects:213,done.remote:Countingobjects:100%(23/23),done.remote:Compressingobjects:100%(19/19),done.remote:Total213(delta8),reused17(delta4),pack-reused190接收对象中:100%(213/213),197.64KiB|602.00KiB/s,完成.处理delta中:100%(90/90),完成.（3）查看克隆到本地的应用程序和Dockerfile。[root@docker_devbulletin]#lsnode-bulletin-board[root@docker_devbulletin]#cdnode-bulletin-board[root@docker_devnode-bulletin-board]#lsbulletin-board-appLICENSE[root@docker_devnode-bulletin-board]#tree.├──bulletin-board-app│

├──app.js│

├──backend│

│

├──api.js│

│

├──events.js│

│

└──index.js│

├──Dockerfile│

├──fonts│

│

└──geomanist│

│

└──hinted-Geomanist-Book.woff2│

├──index.html│

├──LICENSE│

├──package.json│

├──readme.md│

├──server.js│

└──site.css└──LICENSE[root@docker_devnode-bulletin-board]#cdbulletin-board-app[root@docker_devbulletin-board-app]#catDockerfileFROMnode:6.11.5WORKDIR/usr/src/appCOPYpackage.json.RUNnpminstallCOPY..CMD["npm","start"]该项目从现有的node:6.11.5镜像开始构建，但是网络环境限制，直接拉取官方node镜像比较困难，注意使用镜像加速器解决镜像无法拉取的问题。（4）基于Dockerfile构建镜像。[root@docker_devbulletin-board-app]#dockerbuild-tbulletinboard:1.0.SendingbuildcontexttoDockerdaemon45.57kBStep1/6:FROMnode:1.5:Pullingfromlibrary/node85b1f47fba49:Pullcompleteba6bd283713a:Pullcomplete817c8cd48a09:Pullcomplete47cc0ed96dc3:Pullcomplete8888adcbd08b:Pullcomplete6f2de60646b9:Pullcomplete1666693bf996:Pullcomplete2fe410df7942:PullcompleteDigest:sha256:fe109b92edafd9821fbc1c80fd7587a1b4e1ff76fec3af675869e23e50bbf45bStatus:Downloadednewerimagefornode:6.11.5>852391892b9fStep2/6:WORKDIR/usr/src/app>Runningin01963b7cf7f0Removingintermediatecontainer01963b7cf7f0>72cf46a04400Step3/6:COPYpackage.json.>a6d3d413a859Step4/6:RUNnpminstall>Runningin3350ea014600npmWARNdeprecatedq@1.5.1:YouorsomeoneyoudependonisusingQ,theJavaScriptPromiselibrarythatgaveJavaScriptdevelopersstrongfeelingsaboutpromises.TheycanalmostcertainlymigratetothenativeJavaScriptpromisenow.Thankyouliterallyeveryoneforjoiningmeinthisbetagainsttheodds.Beexcellenttoeachother.npmWARNdeprecatednpmWARNdeprecated(ForaCapTPwithnativepromises,see@endo/eventual-sendand@endo/captp)npmWARNdeprecatedglob@5.0.15:Globversionspriortov9arenolongersupportednpmWARNdeprecatedinflight@1.0.6:Thismoduleisnotsupported,andleaksmemory.Donotuseit.Checkoutlru-cacheifyouwantagoodandtestedwaytocoalesceasyncrequestsbyakeyvalue,whichismuchmorecomprehensiveandpowerful.>ejs@2.7.4postinstall/usr/src/app/node_modules/ejs>node./postinstall.jsvue-event-bulletin@1.0.0/usr/src/app+--body-parser@1.20.2|+--bytes@3.1.2|+--content-type@1.0.5|+--debug@2.6.9||`--ms@2.0.0|+--depd@2.0.0|+--destroy@1.2.0|+--http-errors@2.0.0||+--inherits@2.0.4||`--toidentifier@1.0.1|+--iconv-lite@0.4.24||`--safer-buffer@2.1.2|+--on-finished@2.4.1||`--ee-first@1.1.1|+--qs@6.11.0||`--side-channel@1.0.6||+--call-bind@1.0.7|||+--es-define-property@1.0.0|||+--function-bind@1.1.2|||`--set-function-length@1.2.2|||+--define-data-property@1.1.4|||+--gopd@1.0.1|||`--has-property-descriptors@1.0.2||+--es-errors@1.3.0||+--get-intrinsic@1.2.4|||+--has-proto@1.0.3|||+--has-symbols@1.0.3|||`--hasown@2.0.2||`--object-inspect@1.13.2|+--raw-body@2.5.2|+--type-is@1.6.18||+--media-typer@0.3.0||`--mime-types@2.1.35||`--mime-db@1.52.0|`--unpipe@1.0.0+--bootstrap@3.4.1+--ejs@2.7.4+--errorhandler@1.5.1|+--accepts@1.3.8||`--negotiator@0.6.3|`--escape-html@1.0.3+--express@4.19.2|+--array-flatten@1.1.1|+--content-disposition@0.5.4|+--cookie@0.6.0|+--cookie-signature@1.0.6|+--encodeurl@1.0.2|+--etag@1.8.1|+--finalhandler@1.2.0|+--fresh@0.5.2|+--merge-descriptors@1.0.1|+--methods@1.1.2|+--parseurl@1.3.3|+--path-to-regexp@0.1.7|+--proxy-addr@2.0.7||+--forwarded@0.2.0||`--ipaddr.js@1.9.1|+--range-parser@1.2.1|+--safe-buffer@5.2.1|+--send@0.18.0||+--mime@1.6.0||`--ms@2.1.3|+--serve-static@1.15.0|+--setprototypeof@1.2.0|+--statuses@2.0.1|+--utils-merge@1.0.1|`--vary@1.1.2+--method-override@2.3.10+--morgan@1.10.0|+--basic-auth@2.0.1||`--safe-buffer@5.1.2|+--on-finished@2.3.0|`--on-headers@1.0.2+--vue@1.0.28|`--envify@3.4.1|+--jstransform@11.0.3||+--base62@1.2.8||+--commoner@0.10.8|||+--commander@2.20.3|||+--detective@4.7.1||||+--acorn@5.7.4||||`--defined@1.0.1|||+--glob@5.0.15||||+--inflight@1.0.6|||||`--wrappy@1.0.2||||+--minimatch@3.1.2|||||`--brace-expansion@1.1.11|||||+--balanced-match@1.0.2|||||`--concat-map@0.0.1||||+--once@1.4.0||||`--path-is-absolute@1.0.1|||+--graceful-fs@4.2.11|||+--mkdirp@0.5.6||||`--minimist@1.2.8|||+--private@0.1.8|||+--q@1.5.1|||`--recast@0.11.23|||+--ast-types@0.9.6|||+--esprima@3.1.3|||`--source-map@0.5.7||+--esprima-fb@15001.1.0-dev-harmony-fb||+--object-assign@2.1.1||`--source-map@0.4.4||`--amdefine@1.0.1|`--through@2.3.8`--vue-resource@0.1.17npmWARNvue-event-bulletin@1.0.0Norepositoryfield.Removingintermediatecontainer3350ea014600>73d897307a01Step5/6:COPY..>f8f8611a51c1Step6/6:CMD["npm","start"]>Runningin499596b83106Removingintermediatecontainer499596b83106>8a25ef93958aSuccessfullybuilt8a25ef93958aSuccessfullytaggedbulletinboard:1.0（5）基于构建的镜像启动容器。[root@docker_devbulletin-board-app]#dockerrun--publish8000:8080--detach--namebulletinboardbulletinboard:1.04bf78efdd73bba892af0df5756a4a9d114c415be9c2625176cfadb17540bb2b4（6）在浏览器中访问localhost:8000实际测试公告板应用程序。（7）测试完毕后，停止并删除该容器。[root@docker_devbulletin-board-app]#dockerrm--forcebulletinboardbulletinboard项目2部署Kubernetes集群实训1使用kubeadm工具部署三节点Kubernetes集群实训目的（1）了解Kubernetes集群的组成。（2）了解Kubernetes集群的部署方式。（3）学会使用kubeadm工具快速部署Kubernetes集群。实训内容建议参照任务2.1.1至任务2.1.6完成本实现任务。（1）简单规划要部署的Kubernetes集群。（2）准备Kubernetes集群安装环境（3个节点主机）。安装容器运行时containerd时要注意修改配置以解决镜像下载问题。在Kubernetes中，默认情况下，Pod会从官方DockerHub拉取Docker镜像，即docker.io镜像仓库。默认情况下containerd配置文件/etc/containerd/config.toml中相关设置如下：[plugins."io.containerd.grpc.v1.cri".registry][plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]#没有任何设置，containerd将直接从DockerHub拉取镜像考虑到国内网络限制，通常设置镜像加速器来解决拉取Docker镜像的问题。本教材编写时给出的一些镜像加速器自从2024年6月开始不可用。[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint=["","",

"",""]其中后面3个当前皆不可用：腾讯云中国区镜像"网易而Daocloud镜像加速器：https://docker.m.daocloud.io目前可用，建议将其加入镜像加速器列表，该设置改为：[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint=["https://docker.m.daocloud.io",""]（3）部署Kubernetes集群节点。（4）安装Pod网络插件。（5）通过部署Nginx来测试Kubernetes集群的使用。（6）练习crictl命令的使用。实训2安装和使用KubernetesDashboard实训目的（1）了解KubernetesDashboard的基本功能。（2）学会使用KubernetesDashboard对集群进行可视化管理操作。实训内容建议参照任务2.2.1和任务2.2.2完成本实现任务。（1）准备Kubernetes实验环境。（2）安装KubernetesDashboard。（3）获取dashboard-admin服务账户的令牌并登录Dashboard。（4）熟悉Dashboard的基本操作。（5）尝试使用Dashboard部署Nginx。（6）删除所部署的应用程序。项目3熟悉Kubernetes基本操作实训1操作指定名称空间中对象的标签实训目的（1）了解Kubernetes名称空间和对象的标签。（2）学会Kubernetes名称空间的基本用法。（3）学会Kubernetes对象的基本操作。实训内容注意本实训的对象操作都要指定名称空间，在控制平面主机上执行操作。（1）准备Kubernetes集群实验环境。（2）创建一个实验用的名称空间。[root@master01~]#kubectlcreatenamespacemynsnamespace/mynscreated（3）在该名称空间中创建一个Pod对象并为其添加标签app=test。[root@master01~]#kubectlrunmynginx--image=nginx-lapp=test-nmynspod/mynginxcreated[root@master01~]#kubectlgetpod--show-labels-nmynsNAMEREADYSTATUSRESTARTSAGELABELSmynginx1/1Running02m34sapp=test（4）将该对象的标签app=test修改为app=dev。[root@master01~]#kubectllabelpodmynginxapp=dev--overwriteErrorfromserver(NotFound):pods"mynginx"notfound[root@master01~]#kubectllabelpodmynginxapp=dev--overwrite-nmynspod/mynginxlabeled[root@master01~]#kubectlgetpod--show-labels-nmynsNAMEREADYSTATUSRESTARTSAGELABELSmynginx1/1Running04m19sapp=dev（5）为该对象增加标签ver=1.5。[root@master01~]#kubectllabelpodmynginxver=1.5-nmynspod/mynginxlabeled[root@master01~]#kubectlgetpod--show-labels-nmynsNAMEREADYSTATUSRESTARTSAGELABELSmynginx1/1Running06m50sapp=dev,ver=1.5（6）删除该对象名为app的标签。[root@master01~]#kubectllabelpodmynginxapp--nmynspod/mynginxunlabeled[root@master01~]#kubectlgetpod--show-labels-nmynsNAMEREADYSTATUSRESTARTSAGELABELSmynginx1/1Running07m52sver=1.5（7）删除该对象。[root@master01~]#kubectldeletepodmynginx-nmynspod"mynginx"deleted[root@master01~]#kubectlgetpod-nmynsNoresourcesfoundinmynsnamespace.（8）删除该名称空间。[root@master01~]#kubectldeletenamespacemynsnamespace"myns"deleted实训2创建一个多容器Pod并进行测试实训目的（1）了解多容器Pod。（2）增加对多容器Pod的认识。实训内容（1）参照任务3.3.1进行操作。（2）编写定义Pod的配置文件，其中涉及的两个容器分别运行Nginx和BusyBox，两个容器共享卷。（3）基于该配置文件创建Pod。（4）查看Pod及其容器的信息，以YAML格式输出。（5）进入Nginx容器的Shell，使用curl命令向Nginx服务器发起请求，以验证结果。（6）使用curl命令向Pod的IP地址发起请求，进一步验证结果。（7）删除该Pod。项目4部署和运行应用程序实训1使用Deployment运行Apache服务实训目的（1）了解Deployment的基本用法。（2）学会使用Deployment运行和管理无状态应用程序。实训内容（1）准备Kubernetes集群实验环境。（2）使用Deployment创建有3个副本的httpd服务（使用httpd镜像）。编写Deployment配置文件（文件名httpd-deploy.yaml）：apiVersion:apps/v1#版本号kind:Deployment#类型为Deploymentmetadata:#元数据name:httpd-deploylabels:#标签app:httpdspec:#详细信息replicas:3#副本数量strategy:#策略type:RollingUpdate#滚动更新策略rollingUpdate:#滚动更新设置maxSurge:25%#更新过程中允许超出期望Pod副本数的Pod数量，用百分比或整数表示maxUnavailable:25%#更新过程中不可用的Pod数量上限，用百分比或整数表示selector:#选择器，指定该控制器管理哪些PodmatchLabels:#匹配规则app:httpdtemplate:#定义模板，当副本数量不足时会根据模板定义创建Pod副本metadata:labels:app:httpd#Pod的标签spec:containers:#容器列表（本例仅定义一个容器）-name:httpd#容器的名称image:httpd:2.2#容器所用的镜像ports:-containerPort:80#容器需要暴露的端口基于该文件创建创建Deployment：[root@master01~]#kubectlapply-fhttpd-deploy.yamldeployment.apps/httpd-deploycreated查看和测试：[root@master01~]#kubectlgetdeployhttpd-deploy-owideNAMEREADYUP-TO-DATEAVAILABLEAGECONTAINERSIMAGESSELECTORhttpd-deploy0/33040shttpdhttpd:2.2app=httpd[root@master01~]#kubectlgetdeployhttpd-deploy-owideNAMEREADYUP-TO-DATEAVAILABLEAGECONTAINERSIMAGESSELECTORhttpd-deploy3/333116shttpdhttpd:2.2app=httpd[root@master01~]#kubectlgetpods-owideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATEDNODEREADINESSGATEShttpd-deploy-7ffdc45d4-2xh2c1/1Running067s6node02<none><none>httpd-deploy-7ffdc45d4-5zx521/1Running067s22node02<none><none>httpd-deploy-7ffdc45d4-vjk441/1Running067s78node01<none><none>[root@master01~]#curl6<html><body><h1>Itworks!</h1></body></html>（3）测试Deployment更新。[root@master01~]#kubectlsetimagedeployment.v1.apps/httpd-deployhttpd=httpd:2.4.46deployment.apps/httpd-deployimageupdated（4）测试Deployment回滚。[root@master01~]#kubectlrollouthistorydeployment/httpd-deploydeployment.apps/httpd-deployREVISIONCHANGE-CAUSE1<none>2<none>[root@master01~]#kubectlrolloutundodeployment/httpd-deploydeployment.apps/httpd-deployrolledback（5）将Deployment扩容到5个副本。[root@master01~]#kubectlscaledeployment/httpd-deploy--replicas=5deployment.apps/httpd-deployscaled[root@master01~]#kubectlgetdeployhttpd-deploy-owideNAMEREADYUP-TO-DATEAVAILABLEAGECONTAINERSIMAGESSELECTORhttpd-deploy5/5559m15shttpdhttpd:2.2app=httpd（6）将Deployment缩容到2个副本。[root@master01~]#kubectlscaledeployment/httpd-deploy--replicas=2deployment.apps/httpd-deployscaled[root@master01~]#kubectlgetdeployhttpd-deploy-owideNAMEREADYUP-TO-DATEAVAILABLEAGECONTAINERSIMAGESSELECTORhttpd-deploy2/2229m49shttpdhttpd:2.2app=httpd（7）删除Deployment。[root@master01~]#kubectldelete-fhttpd-deploy.yamldeployment.apps"httpd-deploy"deleted详细操作请参考任务4.1中的任务实现部分。实训2使用DaemonSet在所有工作节点上部署Nginx实训目的（1）了解DaemonSet的基本用法。（2）学会使用DaemonSet部署和管理集群守护进程集。实训内容（1）使用DaemonSet在每个工作节点上运行Nginx。配置文件nginx-daemonset.yaml内容如下：apiVersion:apps/v1kind:DaemonSet#资源类型为DaemonSetmetadata:name:nginx-dslabels:k8s-app:nginx#DaemonSet资源的标签spec:selector:matchLabels:#必须指定与spec.template的标签匹配的Pod选择运算符name:nginxtemplate:#创建Pod副本所依据的模板metadata:labels:#Pod模板必须指定标签name:nginxspec:tolerations:#容忍度设置，此处设置让该守护进程集在控制平面节点或主节点上运行-key:node-role.kubernetes.io/control-planeoperator:Existseffect:NoSchedule-key:node-role.kubernetes.io/masteroperator:Existseffect:NoSchedulecontainers:-name:nginximage:nginx:1.16.1#镜像基于该文件创建DaemonSet：[root@master01~]#kubectlcreate-fnginx-daemonset.yamldaemonset.apps/nginx-dscreated[root@master01~]#kubectlgetdaemonsetnginx-ds-owideNAMEDESIREDCURRENTREADYUP-TO-DATEAVAILABLENODESELECTORAGECONTAINERSIMAGESSELECTORnginx-ds33333<none>3m43snginxnginx:1.16.1name=nginx（2）验证该DaemonSet的Pod的节点部署。[root@master01~]#kubectlgetpods-owideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATEDNODEREADINESSGATESnfs-client-provisioner-bfbc644fc-zq5sw1/1Running15(123mago)62d73node01<none><none>nginx-ds-2skg91/1Running04m19s81node01<none><none>nginx-ds-g4l5w1/1Running04m19s09master01<none><none>（3）测试DaemonSet更新。[root@master01~]#kubectlgetds/nginx-ds-ogo-template='{{.spec.updateStrategy.type}}{{"\n"}}'RollingUpdate[root@master01~]#kubectlsetimageds/nginx-dsnginx=nginx:1.17.2daemonset.apps/nginx-dsimageupdated[root@master01~]#kubectlrolloutstatusdsWaitingfordaemonset"nginx-ds"rollouttofinish:1outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:1outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:1outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:2outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:2outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:2outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:2outof3newpodshavebeenupdated...Waitingfordaemonset"nginx-ds"rollouttofinish:2of3updatedpodsareavailable...daemonset"nginx-ds"successfullyrolledout[root@master01~]#kubectlgetdaemonsetnginx-ds-owideNAMEDESIREDCURRENTREADYUP-TO-DATEAVAILABLENODESELECTORAGECONTAINERSIMAGESSELECTORnginx-ds33333<none>10mnginxnginx:1.17.2name=nginx（4）测试DaemonSet回滚。[root@master01~]#kubectlrollouthistoryds/nginx-dsdaemonset.apps/nginx-dsREVISIONCHANGE-CAUSE1<none>2<none>[root@master01~]#kubectlrolloutundods/nginx-ds--to-revision=1daemonset.apps/nginx-dsrolledback[root@master01~]#kubectlrolloutstatusdsdaemonset"nginx-ds"successfullyrolledout[root@master01~]#kubectlgetdaemonsetnginx-ds-owideNAMEDESIREDCURRENTREADYUP-TO-DATEAVAILABLENODESELECTORAGECONTAINERSIMAGESSELECTORnginx-ds33333<none>12mnginxnginx:1.16.1name=nginx（5）删除DaemonSet对象。[root@master01~]#kubectldelete-fnginx-daemonset.yamldaemonset.apps"nginx-ds"deleted项目5发布应用程序实训1使用Service发布Apache服务并考察Service工作机制实训目的（1）了解Service的概念和基本用法。（2）学会使用Service对外发布应用程序。实训内容参考任务5.1.2创建NodePort类型的Service并发布Apache服务。（1）编写Deployment配置文件，基于该配置文件运行两个副本的Apache（使用httpd镜像）。配置文件httpd-deploy.yaml：apiVersion:apps/v1#版本号kind:Deployment#类型为Deploymentmetadata:#元数据name:httpd-deploylabels:#标签app:httpd-deployspec:#详细信息replicas:2#副本数量selector:#选择器，指定该控制器管理哪些PodmatchLabels:#匹配规则app:httpd-podtemplate:#定义模板，当副本数量不足时会根据模板定义创建Pod副本metadata:labels:app:httpd-pod#Pod的标签spec:containers:#容器列表（本例仅定义一个容器）-name:httpd#容器的名称image:httpd:2.4.46#容器所用的镜像ports:-name:httpd-portcontainerPort:80#容器需要暴露的端口创建Deployment并查看其副本：[root@master01~]#kubectlcreate-fhttpd-deploy.yamldeployment.apps/httpd-deploycreated[root@master01~]#kubectlgetreplicasets-owideNAMEDESIREDCURRENTREADYAGECONTAINERSIMAGESSELECTORhttpd-deploy-6dc95f869d22239shttpdhttpd:2.4.46（2）编写Service配置文件，关联相应的Pod，注意定义nodePort字段以定义节点端口。配置文件httpd-service.yaml：apiVersion:v1kind:Servicemetadata:name:httpd-svc#设置service的显示名字spec:type:NodePort#Service类型selector:app:httpd-pod#指定pod的标签ports:-port:8080#让集群知道service绑定的端口targetPort:80#目标Pod的端口nodePort:30088#节点上绑定的端口（3）基于Service配置文件创建Service以发布Apache服务。[root@master01~]#kubectlcreate-fhttpd-service.yamlservice/httpd-svccreated[root@master01~]#kubectlgetservice-owideNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGESELECTORhttpd-svcNodePort2<none>8080:30088/TCP40sapp=httpd-pod（4）查看该Service的详细信息，考察节点端口信息和Endpoints对象列表。[root@master01~]#kubectldescribeservicehttpd-svcName:httpd-svcNamespace:defaultLabels:<none>Annotations:<none>Selector:app=httpd-podType:NodePortIPFamilyPolicy:SingleStackIPFamilies:IPv4IP:2IPs:2Port:<unset>8080/TCPTargetPort:80/TCPNodePort:<unset>30088/TCPEndpoints:3:80,86:80SessionAffinity:NoneExternalTrafficPolicy:ClusterEvents:<none>（5）列出该Service的Pod，考察Pod的节点部署情况。[root@master01~]#kubectlgetpods--selector="app=httpd-pod"-owideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATEDNODEREADINESSGATEShttpd-deploy-6dc95f869d-4gwr91/1Running08m27s3node02<none><none>httpd-deploy-6dc95f869d-tm2ss1/1Running08m27s86node01<none><none>（6）获取节点的IP地址，使用节点地址和节点端口来访问发布的Apache服务。[root@master01~]#kubectlgetnodenode01-owideNAMESTATUSROLESAGEVERSIONINTERNAL-IPEXTERNAL-IPOS-IMAGEKERNEL-VERSIONCONTAINER-RUNTIMEnode01Ready<none>594dv1.25.41<none>CentOSStream84.18.0-338.el8.x86_64containerd://1.6.8[root@master01~]#kubectlgetnodenode02-owideNAMESTATUSROLESAGEVERSIONINTERNAL-IPEXTERNAL-IPOS-IMAGEKERNEL-VERSIONCONTAINER-RUNTIMEnode02Ready<none>594dv1.25.42<none>CentOSStream84.18.0-338.el8.x86_64containerd://1.6.8[root@master01~]#curl1:30088<html><body><h1>Itworks!</h1></body></html>[root@master01~]#curl2:30088<html><body><h1>Itworks!</h1></body></html>[root@master01~]#curl0:30088<html><body><h1>Itworks!</h1></body></html>通过集群中任一节点，包括控制平面节点，都可以访问Service所发布的应用程序。（7）参照任务5.1.1运行一个curl应用程序的Pod，测试Service的域名解析，进一步验证基于DNS的服务发现机制。[root@master01~]#kubectlruncurl--image=radial/busyboxplus:curl-i--ttyIfyoudon'tseeacommandprompt,trypressingenter.[root@curl:/]$nslookuphttpd-svcServer:0Address1:0kube-dns.kube-system.svc.cluster.localName:httpd-svcAddress1:2httpd-svc.default.svc.cluster.local[root@curl:/]$exitSessionended,resumeusing'kubectlattachcurl-ccurl-i-t'commandwhenthepodisrunning（8）删除本实训所创建的Kubernetes对象。[root@master01~]#kubectldeletepodcurlpod"curl"deleted[root@master01~]#kubectldelete-fhttpd-service.yamlservice"httpd-svc"deleted[root@master01~]#kubectldelete-fhttpd-deploy.yamldeployment.apps"httpd-deploy"deleted实训2部署NginxIngress控制器并使用Ingress发布Apache服务实训目的（1）了解Ingress的概念和基本用法。（2）学会使用Ingress对外发布应用程序。参考任务5.2.1和任务5.2.2完成本实训。实训内容（1）安装NginxIngress控制器。参照任务5.2.1完成NginxIngress控制器的安装。完成安装之后检查。[root@master01~]#kubectlgetpods--namespace=ingress-nginx-owideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATEDNODEREADINESSGATESingress-nginx-controller-528xq1/1Running15(13hago)2d2node02<none><none>[root@master01~]#kubectlgetsvc-ningress-nginxNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGEingress-nginx-controllerLoadBalancer4<pending>80:30417/TCP,443:30630/TCP2dingress-nginx-controller-admissionClusterIP5<none>443/TCP2d（2）基于实训1编写的Deployment配置文件创建Deployment。[root@master01~]#kubectlapply-fhttpd-deploy.yamldeployment.apps/httpd-deploycreated（3）基于实训1编写的Service配置文件创建Service。[root@master01~]#kubectlapply-fhttpd-service.yamlservice/httpd-svccreated（4）编写Ingress配置文件，通过HTTP路由规则关联Service，指定一个域名。配置文件http-ingress.yaml：apiVersion:networking.k8s.io/v1kind:Ingressmetadata:name:http-ingressspec:ingressClassName:nginxrules:-host:#域名http:paths:-path:/pathType:Prefixbackend:service:name:httpd-svcport:number:8080（5）基于Ingress配置文件创建Ingress以发布Apache服务。[root@master01~]#kubectlcreate-fhttp-ingress.yamlworking.k8s.io/http-ingresscreated[root@master01~]#kubectlgeting-owideNAMECLASSHOSTSADDRESSPORTSAGEhttp-ingressnginx8039s（6）查看Ingress对象的详细信息进行考察。[root@master01~]#kubectldescribeinghttp-ingressName:http-ingressLabels:<none>Namespace:defaultAddress:IngressClass:nginxDefaultbackend:<default>Rules:HostPathBackends/httpd-svc:8080(4:80,90:80)Annotations:<none>Events:TypeReasonAgeFromMessageNormalSync93snginx-ingress-controllerScheduledforsync（7）测试通过域名访问发布的Apache服务。通过/etc/hosts文件配置简单的域名解析：2node02访问测试：[root@master01~]#curl<html><body><h1>Itworks!</h1></body></html>最后清理实训所创建的对象。[root@master01~]#kubectldelete-fhttp-ingress.yamlworking.k8s.io"http-ingress"deleted[root@master01~]#kubectldelete-fhttpd-service.yamlservice"httpd-svc"deleted[root@master01~]#kubectldelete-fhttpd-deploy.yamldeployment.apps"httpd-deploy"deleted项目6管