四虎tv,特黄特色的大片观看免费视频,翁淫系的小说短篇目录

一、應(yīng)用部署

# 部署httpd，2個(gè)副本。
root@k8s:~# kubectl create deployment httpd-test --image=httpd --replicas=2
deployment.apps/httpd-test created


# pod IP地址為安裝時(shí)指定的--pod-network-cidr=10.244.0.0/16地址段。
root@k8s:~# kubectl get pod -o wide
NAME                         READY   STATUS    RESTARTS   AGE     IP           NODE    NOMINATED NODE   READINESS GATES
httpd-app-675b65488d-6kgk6   1/1     Running   0          20h     10.244.2.2   node2              
httpd-app-675b65488d-9w69v   1/1     Running   0          20h     10.244.1.2   node1              
httpd-test-fd769fcb7-nbqsn   1/1     Running   0          2m29s   10.244.2.3   node2              
httpd-test-fd769fcb7-nnm99   1/1     Running   0          2m29s   10.244.1.3   node1              


httpd-app-*為僅執(zhí)行了kubectl create deployment，而沒(méi)有執(zhí)行kubectl expose deployment。


# 通過(guò)POD ID地址都能訪問(wèn)
root@k8s:~# curl 10.244.1.2
It works!1>
root@k8s:~# curl 10.244.2.2
It works!1>
root@k8s:~# curl 10.244.1.3
It works!1>
root@k8s:~# curl 10.244.2.3
It works!1>

二、服務(wù)發(fā)布與訪問(wèn)

Service是Kubernetes最核心的概念，本質(zhì)上是篩選具有相同功能的容器，并提供一個(gè)統(tǒng)一的入口地址，進(jìn)而進(jìn)行負(fù)載并分發(fā)到后端的Endpoint（容器應(yīng)用）上。

kubernetes發(fā)布Service時(shí)，有不同的類型：

ClusterIP：默認(rèn)ServiceType，供集群內(nèi)部訪問(wèn)；
NodePort：供集群外部訪問(wèn)，采用集群Node節(jié)點(diǎn)IP，形式為NodeIP:NodePort；
LoadBalancer: 供集群外部訪問(wèn)，通常是公有云使用。

1、通過(guò)ClusterIP訪問(wèn)httpd（集群內(nèi)部）

（1）對(duì)外開放服務(wù)（ClusterIP），不指定--type，默認(rèn)為ClusterIP。

root@k8s:~# kubectl expose deployment httpd-test --port=80
service/httpd-test exposed

（2）httpd 服務(wù)信息

# 查看所有的服務(wù)
root@k8s:~# kubectl get services --all-namespaces
NAMESPACE     NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
default       httpd-test   ClusterIP   10.97.122.105           80/TCP                   6s
default       kubernetes   ClusterIP   10.96.0.1               443/TCP                  44h
kube-system   kube-dns     ClusterIP   10.96.0.10              53/UDP,53/TCP,9153/TCP   44h
# httpd-test的詳細(xì)信息 
root@k8s:~# kubectl describe services httpd-test
Name:              httpd-test
Namespace:         default
Labels:            app=httpd-test
Annotations:       
Selector:          app=httpd-test
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.97.122.105 # service CLUSTER-IP
IPs:               10.97.122.105
Port:                80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.3:80,10.244.2.3:80 # Pod IP:PORT
Session Affinity:  None
Events:

（3）通過(guò)CLUSTERID訪問(wèn)httpd

root@k8s:/etc/kubernetes# curl 10.97.122.105
<html><body><h1>It works!h1>body>html>

2、通過(guò)NodePorT訪問(wèn)httpd-app（集群外部）

集群外部訪問(wèn)服務(wù)的方式有：Loadblancer；Nodeport；ingress。

root@k8s:/etc/kubernetes# kubectl expose deployment httpd-test --port=80 --type=NodePort
Error from server (AlreadyExists): services "httpd-test" already exists


root@k8s:/etc/kubernetes# kubectl expose deployment httpd-app --port=80 --type=NodePort
service/httpd-app exposed


root@k8s:/etc/kubernetes# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
httpd-app    NodePort    10.106.113.156           80:31248/TCP   14s
httpd-test   ClusterIP   10.97.122.105            80/TCP         3h43m
kubernetes   ClusterIP   10.96.0.1                443/TCP        2d


root@k8s:/etc/kubernetes# curl 10.106.113.156
It works!1>


root@k8s:/etc/kubernetes# curl 30.0.1.180
curl: (7) Failed to connect to 30.0.1.180 port 80: Connection refused


root@k8s:/etc/kubernetes# curl 30.0.1.180:31248
It works!1>


root@k8s:~# kubectl describe services httpd-app
Name:                     httpd-app
Namespace:                default
Labels:                   app=httpd-app
Annotations:              
Selector:                 app=httpd-app
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.106.113.156 # ClusterIP
IPs:                      10.106.113.156
Port:                       80/TCP
TargetPort:               80/TCP
NodePort:                   31248/TCP # NODEIP + 端口號(hào)
Endpoints:                10.244.1.2:80,10.244.2.2:80 # PODID + 端口號(hào)
Session Affinity:         None
External Traffic Policy:  Cluster
Events:

三、訪問(wèn)應(yīng)用的背后

ClusterIP對(duì)應(yīng)的鏈路是“cluster ip --> POD IP”；

NodePort對(duì)應(yīng)的鏈路是“NodePort -- clusterIP --> POD IP”。

那么，這些鏈路是如何轉(zhuǎn)換的呢？基本原理是通過(guò)iptables的NAT轉(zhuǎn)換進(jìn)行的。

root@k8s:~# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-N KUBE-KUBELET-CANARY
-N KUBE-MARK-DROP
-N KUBE-MARK-MASQ
-N KUBE-NODEPORTS
-N KUBE-POSTROUTING
-N KUBE-PROXY-CANARY
-N KUBE-SEP-5OCXZNKOYHPOQMHR
-N KUBE-SEP-6E7XQMQ4RAYOWTTM
-N KUBE-SEP-B7WZ6X3JS7NGRAGL
-N KUBE-SEP-C3AY35NSVPYD6C6M
-N KUBE-SEP-IT2ZTR26TO4XFPTO
-N KUBE-SEP-JEHA6AXBK4XAVWB5
-N KUBE-SEP-MPQE5E3FPNMZ422T
-N KUBE-SEP-N4G2XR5TDX7PQE7P
-N KUBE-SEP-YIL6JZP7A3QYXJU2
-N KUBE-SEP-ZP3FB6NMPNCO4VBJ
-N KUBE-SEP-ZXMNUKOKXUTL2MK2
-N KUBE-SERVICES
-N KUBE-SVC-47MZKVTVFE2WTG5V
-N KUBE-SVC-ERIFXISQEP7F7OF4
-N KUBE-SVC-JD5MR3NA4I4DYORP
-N KUBE-SVC-NPX46M4PTMTKRN6Y
-N KUBE-SVC-TCOU7JCQXEZGVUNU
-N KUBE-SVC-ZLFK63IBL3TQ6LW7
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 10.244.0.0/16 -d 10.244.0.0/16 -j RETURN
-A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/24 -j RETURN
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/httpd-app" -m tcp --dport 31248 -j KUBE-SVC-47MZKVTVFE2WTG5V
-A KUBE-POSTROUTING -m mark ! --mark 0x4000/0x4000 -j RETURN
-A KUBE-POSTROUTING -j MARK --set-xmark 0x4000/0x0
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE
-A KUBE-SEP-5OCXZNKOYHPOQMHR -s 10.244.1.3/32 -m comment --comment "default/httpd-test" -j KUBE-MARK-MASQ
-A KUBE-SEP-5OCXZNKOYHPOQMHR -p tcp -m comment --comment "default/httpd-test" -m tcp -j DNAT --to-destination 10.244.1.3:80
-A KUBE-SEP-6E7XQMQ4RAYOWTTM -s 10.244.0.3/32 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-6E7XQMQ4RAYOWTTM -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.3:53
-A KUBE-SEP-B7WZ6X3JS7NGRAGL -s 10.244.2.2/32 -m comment --comment "default/httpd-app" -j KUBE-MARK-MASQ
-A KUBE-SEP-B7WZ6X3JS7NGRAGL -p tcp -m comment --comment "default/httpd-app" -m tcp -j DNAT --to-destination 10.244.2.2:80
-A KUBE-SEP-C3AY35NSVPYD6C6M -s 30.0.1.180/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-C3AY35NSVPYD6C6M -p tcp -m comment --comment "default/kubernetes:https" -m tcp -j DNAT --to-destination 30.0.1.180:6443
-A KUBE-SEP-IT2ZTR26TO4XFPTO -s 10.244.0.2/32 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-IT2ZTR26TO4XFPTO -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.2:53
-A KUBE-SEP-JEHA6AXBK4XAVWB5 -s 10.244.1.2/32 -m comment --comment "default/httpd-app" -j KUBE-MARK-MASQ
-A KUBE-SEP-JEHA6AXBK4XAVWB5 -p tcp -m comment --comment "default/httpd-app" -m tcp -j DNAT --to-destination 10.244.1.2:80
-A KUBE-SEP-MPQE5E3FPNMZ422T -s 10.244.2.3/32 -m comment --comment "default/httpd-test" -j KUBE-MARK-MASQ
-A KUBE-SEP-MPQE5E3FPNMZ422T -p tcp -m comment --comment "default/httpd-test" -m tcp -j DNAT --to-destination 10.244.2.3:80
-A KUBE-SEP-N4G2XR5TDX7PQE7P -s 10.244.0.2/32 -m comment --comment "kube-system/kube-dns:metrics" -j KUBE-MARK-MASQ
-A KUBE-SEP-N4G2XR5TDX7PQE7P -p tcp -m comment --comment "kube-system/kube-dns:metrics" -m tcp -j DNAT --to-destination 10.244.0.2:9153
-A KUBE-SEP-YIL6JZP7A3QYXJU2 -s 10.244.0.2/32 -m comment --comment "kube-system/kube-dns:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-YIL6JZP7A3QYXJU2 -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.244.0.2:53
-A KUBE-SEP-ZP3FB6NMPNCO4VBJ -s 10.244.0.3/32 -m comment --comment "kube-system/kube-dns:metrics" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZP3FB6NMPNCO4VBJ -p tcp -m comment --comment "kube-system/kube-dns:metrics" -m tcp -j DNAT --to-destination 10.244.0.3:9153
-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -s 10.244.0.3/32 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZXMNUKOKXUTL2MK2 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.244.0.3:53
-A KUBE-SERVICES -d 10.96.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES -d 10.96.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES -d 10.96.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES -d 10.96.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-SVC-JD5MR3NA4I4DYORP
-A KUBE-SERVICES -d 10.97.122.105/32 -p tcp -m comment --comment "default/httpd-test cluster IP" -m tcp --dport 80 -j KUBE-SVC-ZLFK63IBL3TQ6LW7
-A KUBE-SERVICES -d 10.106.113.156/32 -p tcp -m comment --comment "default/httpd-app cluster IP" -m tcp --dport 80 -j KUBE-SVC-47MZKVTVFE2WTG5V
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-47MZKVTVFE2WTG5V ! -s 10.244.0.0/16 -d 10.106.113.156/32 -p tcp -m comment --comment "default/httpd-app cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-47MZKVTVFE2WTG5V -p tcp -m comment --comment "default/httpd-app" -m tcp --dport 31248 -j KUBE-MARK-MASQ
-A KUBE-SVC-47MZKVTVFE2WTG5V -m comment --comment "default/httpd-app" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-JEHA6AXBK4XAVWB5
-A KUBE-SVC-47MZKVTVFE2WTG5V -m comment --comment "default/httpd-app" -j KUBE-SEP-B7WZ6X3JS7NGRAGL
-A KUBE-SVC-ERIFXISQEP7F7OF4 ! -s 10.244.0.0/16 -d 10.96.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-IT2ZTR26TO4XFPTO
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m comment --comment "kube-system/kube-dns:dns-tcp" -j KUBE-SEP-ZXMNUKOKXUTL2MK2
-A KUBE-SVC-JD5MR3NA4I4DYORP ! -s 10.244.0.0/16 -d 10.96.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-MARK-MASQ
-A KUBE-SVC-JD5MR3NA4I4DYORP -m comment --comment "kube-system/kube-dns:metrics" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-N4G2XR5TDX7PQE7P
-A KUBE-SVC-JD5MR3NA4I4DYORP -m comment --comment "kube-system/kube-dns:metrics" -j KUBE-SEP-ZP3FB6NMPNCO4VBJ
-A KUBE-SVC-NPX46M4PTMTKRN6Y ! -s 10.244.0.0/16 -d 10.96.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-C3AY35NSVPYD6C6M
-A KUBE-SVC-TCOU7JCQXEZGVUNU ! -s 10.244.0.0/16 -d 10.96.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-YIL6JZP7A3QYXJU2
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m comment --comment "kube-system/kube-dns:dns" -j KUBE-SEP-6E7XQMQ4RAYOWTTM
-A KUBE-SVC-ZLFK63IBL3TQ6LW7 ! -s 10.244.0.0/16 -d 10.97.122.105/32 -p tcp -m comment --comment "default/httpd-test cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SVC-ZLFK63IBL3TQ6LW7 -m comment --comment "default/httpd-test" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-5OCXZNKOYHPOQMHR
-A KUBE-SVC-ZLFK63IBL3TQ6LW7 -m comment --comment "default/httpd-test" -j KUBE-SEP-MPQE5E3

訪問(wèn)的形式為：NodePort:31248，根據(jù)31248就可以查詢到:

-A KUBE-NODEPORTS -p tcp -m comment --comment "default/httpd-app" -m tcp --dport 31248 -j KUBE-SVC-47MZKVTVFE2WTG5V

跳轉(zhuǎn)到KUBE-SVC-47MZKVTVFE2WTG5V的鏈，可以看到，各自以50%的概率進(jìn)行負(fù)載：

-A KUBE-SVC-47MZKVTVFE2WTG5V -m comment --comment "default/httpd-app" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-JEHA6AXBK4XAVWB5
-A KUBE-SVC-47MZKVTVFE2WTG5V -m comment --comment "default/httpd-app" -j KUBE-SEP-B7WZ6X3JS7NGRAGL

KUBE-SEP-JEHA6AXBK4XAVWB5通過(guò)DNAT發(fā)送到10.244.1.2的80端口，KUBE-SEP-B7WZ6X3JS7NGRAGL通過(guò)DNAT發(fā)送到10.244.2.2的80端口。

-A KUBE-SEP-JEHA6AXBK4XAVWB5 -s 10.244.1.2/32 -m comment --comment "default/httpd-app" -j KUBE-MARK-MASQ
-A KUBE-SEP-JEHA6AXBK4XAVWB5 -p tcp -m comment --comment "default/httpd-app" -m tcp -j DNAT --to-destination 10.244.1.2:80
-A KUBE-SEP-B7WZ6X3JS7NGRAGL -s 10.244.2.2/32 -m comment --comment "default/httpd-app" -j KUBE-MARK-MASQ
-A KUBE-SEP-B7WZ6X3JS7NGRAGL -p tcp -m comment --comment "default/httpd-app"

聲明：本文內(nèi)容及配圖由入駐作者撰寫或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人，不代表電子發(fā)燒友網(wǎng)立場(chǎng)。文章及其配圖僅供工程師學(xué)習(xí)之用，如有內(nèi)容侵權(quán)或者其他違規(guī)問(wèn)題，請(qǐng)聯(lián)系本站處理。舉報(bào)投訴