SRE文档1.查看哪些是属于namespace空间下
shell
#等于true则是在namespace下
[root@kube-master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
endpoints ep v1 true Endpoints
events ev v1 true Event
limitranges limits v1 true LimitRange
namespaces ns v1 false Namespace
nodes no v1 false Node
persistentvolumeclaims pvc v1 true PersistentVolumeClaim
persistentvolumes pv v1 false PersistentVolume
pods po v1 true Pod
podtemplates v1 true PodTemplate
replicationcontrollers rc v1 true ReplicationController
resourcequotas quota v1 true ResourceQuota
secrets v1 true Secret
serviceaccounts sa v1 true ServiceAccount
services svc v1 true Service
。。。。#等于true则是在namespace下
[root@kube-master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
endpoints ep v1 true Endpoints
events ev v1 true Event
limitranges limits v1 true LimitRange
namespaces ns v1 false Namespace
nodes no v1 false Node
persistentvolumeclaims pvc v1 true PersistentVolumeClaim
persistentvolumes pv v1 false PersistentVolume
pods po v1 true Pod
podtemplates v1 true PodTemplate
replicationcontrollers rc v1 true ReplicationController
resourcequotas quota v1 true ResourceQuota
secrets v1 true Secret
serviceaccounts sa v1 true ServiceAccount
services svc v1 true Service
。。。。1.1查看
shell
[root@kube-master ~]# kubectl get namespaces|ns
NAME STATUS AGE
default Active 2d5h
kube-node-lease Active 2d5h
kube-public Active 2d5h
kube-system Active 2d5h[root@kube-master ~]# kubectl get namespaces|ns
NAME STATUS AGE
default Active 2d5h
kube-node-lease Active 2d5h
kube-public Active 2d5h
kube-system Active 2d5h1.2创建
shell
[root@kube-master ~]# kubectl create namespace <ns_name>
namespace/dev created
#查看
[root@kube-master ~]# kubectl get ns -A
NAME STATUS AGE
default Active 2d5h
dev Active 41s
kube-node-lease Active 2d5h
kube-public Active 2d5h
kube-system Active 2d5h
#在dev命名空间下创建pod
[root@kube-master ~]# kubectl create deployment nginx --image=nginx --replicas=2 -n dev
deployment.apps/nginx created
[root@kube-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-k22v5 1/1 Running 0 9s
nginx-6799fc88d8-s5s2t 1/1 Running 0 9s
#查看所有
[root@kube-master ~]# kubectl get all -n dev
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-k22v5 1/1 Running 0 86s
pod/nginx-6799fc88d8-s5s2t 1/1 Running 0 86s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 2/2 2 2 86s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-6799fc88d8 2 2 2 86s[root@kube-master ~]# kubectl create namespace <ns_name>
namespace/dev created
#查看
[root@kube-master ~]# kubectl get ns -A
NAME STATUS AGE
default Active 2d5h
dev Active 41s
kube-node-lease Active 2d5h
kube-public Active 2d5h
kube-system Active 2d5h
#在dev命名空间下创建pod
[root@kube-master ~]# kubectl create deployment nginx --image=nginx --replicas=2 -n dev
deployment.apps/nginx created
[root@kube-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-k22v5 1/1 Running 0 9s
nginx-6799fc88d8-s5s2t 1/1 Running 0 9s
#查看所有
[root@kube-master ~]# kubectl get all -n dev
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-k22v5 1/1 Running 0 86s
pod/nginx-6799fc88d8-s5s2t 1/1 Running 0 86s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 2/2 2 2 86s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-6799fc88d8 2 2 2 86s1.3 测试命名空间隔离性
测试不同名称空间的PodIP⽹络的隔离
shell
#查看默认命名空间中的pod
[root@kube-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-49dd6 1/1 Running 3 (55m ago) 31h
nginx-6799fc88d8-fqrlx 1/1 Running 3 (55m ago) 31h
nginx-6799fc88d8-twksc 1/1 Running 1 (55m ago) 11h
#查看dev下命名空间
[root@kube-master ~]# kubectl get pod -owide -n dev
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6799fc88d8-k22v5 1/1 Running 0 5m52s 172.23.127.76 kube-node02 <none> <none>
nginx-6799fc88d8-s5s2t 1/1 Running 0 5m52s 172.30.0.133 kube-node01 <none> <none>
#进入nginx-6799fc88d8-twksc这个pod 访问172.30.0.133
[root@kube-master ~]# kubectl exec -it nginx-6799fc88d8-twksc -- /bin/bash
root@nginx-6799fc88d8-twksc:/#
root@nginx-6799fc88d8-twksc:/# curl -I 172.30.0.133
HTTP/1.1 200 OK
Server: nginx/1.25.4
Date: Fri, 12 Apr 2024 14:33:29 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT
Connection: keep-alive
ETag: "65cce434-267"
Accept-Ranges: bytes#查看默认命名空间中的pod
[root@kube-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-49dd6 1/1 Running 3 (55m ago) 31h
nginx-6799fc88d8-fqrlx 1/1 Running 3 (55m ago) 31h
nginx-6799fc88d8-twksc 1/1 Running 1 (55m ago) 11h
#查看dev下命名空间
[root@kube-master ~]# kubectl get pod -owide -n dev
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6799fc88d8-k22v5 1/1 Running 0 5m52s 172.23.127.76 kube-node02 <none> <none>
nginx-6799fc88d8-s5s2t 1/1 Running 0 5m52s 172.30.0.133 kube-node01 <none> <none>
#进入nginx-6799fc88d8-twksc这个pod 访问172.30.0.133
[root@kube-master ~]# kubectl exec -it nginx-6799fc88d8-twksc -- /bin/bash
root@nginx-6799fc88d8-twksc:/#
root@nginx-6799fc88d8-twksc:/# curl -I 172.30.0.133
HTTP/1.1 200 OK
Server: nginx/1.25.4
Date: Fri, 12 Apr 2024 14:33:29 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT
Connection: keep-alive
ETag: "65cce434-267"
Accept-Ranges: bytes💡 说明
说明不同名称空间的PodIP⽹络是互通的
测试不同名称空间的ServiceIP隔离
shell
#查看service
[root@kube-master ~]# kubectl get svc -owide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d6h <none>
nginx NodePort 192.168.253.94 <none> 8080:32498/TCP 31h app=nginx
#在访问
root@nginx-6799fc88d8-twksc:/# curl -I 192.168.253.94:8080
HTTP/1.1 200 OK
Server: nginx/1.25.4
Date: Fri, 12 Apr 2024 14:37:49 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT
Connection: keep-alive
ETag: "65cce434-267"
Accept-Ranges: bytes#查看service
[root@kube-master ~]# kubectl get svc -owide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 2d6h <none>
nginx NodePort 192.168.253.94 <none> 8080:32498/TCP 31h app=nginx
#在访问
root@nginx-6799fc88d8-twksc:/# curl -I 192.168.253.94:8080
HTTP/1.1 200 OK
Server: nginx/1.25.4
Date: Fri, 12 Apr 2024 14:37:49 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT
Connection: keep-alive
ETag: "65cce434-267"
Accept-Ranges: bytes💡 说明
说明不同名称空间的ServiceIP⽹络是互通的