安装busybox
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.28
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
或者在default下临时启一个容器(实际上是启了一个pod,退出后pod自动删除)
kubectl run -i --tty --image busybox:1.28.4 dns-test --restart=Never --rm /bin/sh
验证集群
Pod必须能解析Service
集群安装成功后都会在default下生成一个service,地址为10.96.0.1
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
使用同default空间下得busybox去解析这个service,可以解析成功
[root@k8s-master01 ~]# kubectl exec busybox -n default -- nslookup kubernetes
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
Pod必须能解析跨namespace的Service
跨namespace看能否解析成功
[root@k8s-master01 ~]# kubectl exec busybox -n default -- nslookup kube-dns.kube-system
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kube-dns.kube-system
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
每个节点都必须要能访问Kubernetes的kubernetes svc 443和kube-dns的service 53
查看k8s的service的地址与端口
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 15h
每个节点去测试看端口是否通
[root@k8s-node02 ~]# telnet 10.96.0.1 443
Trying 10.96.0.1...
Connected to 10.96.0.1.
Escape character is '^]'.
查看coredns的IP与端口
[root@k8s-master01 ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
calico-typha ClusterIP 10.96.79.142 <none> 5473/TCP 13h
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 13h
metrics-server ClusterIP 10.96.213.179 <none> 443/TCP 13h
每个节点去测试看端口是否通
[root@k8s-node01 ~]# telnet 10.96.0.10 53
Trying 10.96.0.10...
Connected to 10.96.0.10.
Escape character is '^]'.
Connection closed by foreign host.
或者用curl测试
[root@k8s-node01 ~]# curl 10.96.0.10:53
curl: (52) Empty reply from server
Pod和Pod之前要能通
a) 同namespace能通信
启动了两个busybox(开头两种创建方式)
[root@k8s-master01 ~]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 33m 172.27.14.194 k8s-node02 <none> <none>
dns-test 1/1 Running 0 77s 172.25.244.195 k8s-master01 <none> <none>
测试同namespace通信
[root@k8s-master02 ~]# kubectl run -i --tty --image busybox:1.28.4 dns-test --restart=Never --rm /bin/sh
If you don't see a command prompt, try pressing enter.
/ # ping 172.27.14.194
PING 172.27.14.194 (172.27.14.194): 56 data bytes
64 bytes from 172.27.14.194: seq=0 ttl=62 time=0.373 ms
64 bytes from 172.27.14.194: seq=1 ttl=62 time=0.250 ms
b) 跨namespace能通信
查询kube-system空间下的一个地址
[root@k8s-master01 ~]# kubectl get pod -n kube-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6f6595874c-c9jbg 1/1 Running 2 (60m ago) 13h 172.25.92.66 k8s-master02 <none> <none>
calico-node-27t89 1/1 Running 1 (61m ago) 13h 192.168.10.50 k8s-node02 <none> <none>
calico-node-7dnlf 1/1 Running 1 (61m ago) 13h 192.168.10.30 k8s-master03 <none> <none>
calico-node-dwtl9 1/1 Running 1 (61m ago) 13h 192.168.10.40 k8s-node01 <none> <none>
calico-node-hdsdc 1/1 Running 1 (61m ago) 13h 192.168.10.60 k8s-node03 <none> <none>
calico-node-hrcvj 1/1 Running 1 (61m ago) 13h 192.168.10.20 k8s-master02 <none> <none>
calico-node-lbstq 1/1 Running 1 (61m ago) 13h 192.168.10.10 k8s-master01 <none> <none>
calico-typha-6b6cf8cbdf-fbqkt 1/1 Running 1 (61m ago) 13h 192.168.10.20 k8s-master02 <none> <none>
coredns-5db5696c7-dktrs 1/1 Running 1 (61m ago) 13h 172.25.244.194 k8s-master01 <none> <none>
metrics-server-6bf7dcd649-dpzxr 1/1 Running 2 (60m ago) 13h 172.25.214.194 k8s-node03 <none> <none>
测试跨namespace通信
[root@k8s-master02 ~]# kubectl run -i --tty --image busybox:1.28.4 dns-test --restart=Never --rm /bin/sh
If you don't see a command prompt, try pressing enter.
/ # ping 172.25.214.194
PING 172.25.214.194 (172.25.214.194): 56 data bytes
64 bytes from 172.25.214.194: seq=0 ttl=62 time=0.494 ms
64 bytes from 172.25.214.194: seq=1 ttl=62 time=0.384 ms
c) 跨机器能通信
创建3个副本的nginx使用deploy
[root@k8s-master01 ~]# kubectl create deploy nginx --image=nginx --replicas=3
deployment.apps/nginx created
[root@k8s-master01 ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/3 3 1 30s
[root@k8s-master01 ~]# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 42m 172.27.14.194 k8s-node02 <none> <none>
nginx-85b98978db-bf7kl 1/1 Running 0 42s 172.25.214.195 k8s-node03 <none> <none>
nginx-85b98978db-mnrpp 1/1 Running 0 42s 172.17.125.3 k8s-node01 <none> <none>
nginx-85b98978db-v9799 1/1 Running 0 42s 172.25.244.197 k8s-master01 <none> <none>
集群验证完成
清理所有测试pod
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Terminating 0 49m
nginx-85b98978db-bf7kl 1/1 Running 0 7m24s
nginx-85b98978db-mnrpp 1/1 Running 0 7m24s
nginx-85b98978db-v9799 1/1 Running 0 7m24s
[root@k8s-master01 ~]# kubectl delete pod busybox
pod "busybox" deleted
[root@k8s-master01 ~]# kubectl delete deploy nginx
deployment.apps "nginx" deleted
[root@k8s-master01 ~]# kubectl get pod
No resources found in default namespace.