zoukankan      html  css  js  c++  java

  • 练习calico的网络policy

    1.安装docker,kubelet kubeadm kubectl 

    1 ssh-keygen
    2 cat .ssh/authorized_keys
    3 cat .ssh/id_rsa.pub
    4 ssh 47.254.84.60
    5 swapoff -a
    6 vi /etc/fstab
    7 systemctl stop firewalld
    8 cat <<EOF > /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    name=Kubernetes
    baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    exclude=kube*
    EOF

    9 setenforce 0
    10 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
    11 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
    12 systemctl enable --now kubelet
    13 cat <<EOF > /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF

    14 sysctl --system
    15 lsmod | grep br_netfilter
    16 modprobe br_netfilter
    17 lsmod | grep br_netfilter
    18 yum install -y yum-utils device-mapper-persistent-data lvm2
    19 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    20 yum list docker-ce --showduplicates | sort -r
    21 yum install docker-ce
    22 sudo systemctl start docker
    23 systemctl enable docker
    24 systemctl start kubelet
    25 systemctl status kubelet
    26 kubeadm init --pod-network-cidr=192.168.0.0/16
    27 mkdir -p $HOME/.kube
    28 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    29 sudo chown $(id -u):$(id -g) $HOME/.kube/config
    30 kubectl get no
    31 kubectl get pod --all-namespace
    32 kubectl get pod --all-namespaces
    33 kubectl get no
    34 kubectl apply -f https://docs.projectcalico.org/v3.5/getting-started/kubernetes/installation/hosted/etcd.yaml
    35 kubectl apply -f https://docs.projectcalico.org/v3.5/getting-started/kubernetes/installation/hosted/calico.yaml
    36 kubectl get pods --all-namespaces
    37 kubectl get no
    38 kubectl taint nodes --all node-role.kubernetes.io/master-
    39 kubectl get pods --all-namespaces

    2.calico pod策略

    40 kubectl create ns policy-demo
    41 kubectl run --namespace=policy-demo nginx --replicas=2 --image=nginx
    42 kubectl expose --namespace=policy-demo deployment nginx --port=80
    43 kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
    44 kubectl create -f - <<EOF
    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
    name: default-deny
    namespace: policy-demo
    spec:
    podSelector:
    matchLabels: {}
    EOF

    45 kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
    46 kubectl create -f - <<EOF
    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
    name: access-nginx
    namespace: policy-demo
    spec:
    podSelector:
    matchLabels:
    run: nginx
    ingress:
    - from:
    - podSelector:
    matchLabels:
    run: access
    EOF

    47 kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
    48 kubectl run --namespace=policy-demo cant-access --rm -ti --image busybox /bin/sh
    49 kubectl get pod
    50 kubectl get pod --all-namespaces
  • 相关阅读:
    每周分享五个 PyCharm 使用技巧(一)
    深入理解 Python 中的上下文管理器
    Delphi中Chrome Chromium、Cef3学习笔记(四)
    DELPHI中自定义消息的发送和接收
    Delphi2010/XE2下隐藏程序系统任务栏的图标
    批处理经典入门教程!(从不懂到高手)第2/5页
    批处理经典入门教程!(从不懂到高手)1/5
    批处理taskkill运行结束不掉程序以及停留问题
    delphi EncdDecd.pas单元中Encoding方法出现#$D#$A的解决方法
    Delphi中Chrome Chromium、Cef3学习笔记(三)
  • 原文地址:https://www.cnblogs.com/Jt00/p/10718345.html
Copyright © 2011-2022 走看看