[ec2-user@ip-172-31-27-182 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ec2-user/.ssh/id_rsa.
Your public key has been saved in /home/ec2-user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oSPZf85vNsC7l9z24umLJs4tQ6qDMCrWfqAVXGYoA34 ec2-user@ip-172-31-27-182
The key's randomart image is:
+---[RSA 2048]----+
|o . |
|.o . + |
| .+E+ . |
| .o o . . |
| + + S. |
| oo . o + |
| .+o.. .o.+ o |
|oo .... .==.O.+. |
|o ... .o .*@+==+.|
+----[SHA256]-----+
[ec2-user@ip-172-31-27-182 ~]$
[ec2-user@ip-172-31-27-182 ~]$ kops update cluster dev.k8s.devopscoach.org --yes
*********************************************************************************
A new kops version is available: 1.8.1
Upgrading is recommended
More information: https://github.com/kubernetes/kops/blob/master/permalinks/upgrade_kops.md#1.8.1
*********************************************************************************
I0401 17:13:02.482203 30077 executor.go:91] Tasks: 0 done / 73 total; 31 can run
I0401 17:13:04.389402 30077 vfs_castore.go:430] Issuing new certificate: "apiserver-aggregator-ca"
I0401 17:13:04.628667 30077 vfs_castore.go:430] Issuing new certificate: "ca"
I0401 17:13:07.291294 30077 executor.go:91] Tasks: 31 done / 73 total; 24 can run
I0401 17:13:09.273293 30077 vfs_castore.go:430] Issuing new certificate: "kubelet-api"
I0401 17:13:09.803612 30077 vfs_castore.go:430] Issuing new certificate: "kubelet"
I0401 17:13:09.809131 30077 vfs_castore.go:430] Issuing new certificate: "kube-scheduler"
I0401 17:13:09.973826 30077 vfs_castore.go:430] Issuing new certificate: "apiserver-proxy-client"
I0401 17:13:10.317412 30077 vfs_castore.go:430] Issuing new certificate: "kops"
I0401 17:13:10.321177 30077 vfs_castore.go:430] Issuing new certificate: "apiserver-aggregator"
I0401 17:13:10.440919 30077 vfs_castore.go:430] Issuing new certificate: "kube-controller-manager"
I0401 17:13:10.630182 30077 vfs_castore.go:430] Issuing new certificate: "kubecfg"
I0401 17:13:11.020560 30077 vfs_castore.go:430] Issuing new certificate: "master"
I0401 17:13:11.040010 30077 vfs_castore.go:430] Issuing new certificate: "kube-proxy"
I0401 17:13:12.698208 30077 executor.go:91] Tasks: 55 done / 73 total; 16 can run
I0401 17:13:13.609559 30077 launchconfiguration.go:333] waiting for IAM instance profile "nodes.dev.k8s.devopscoach.org" to be ready
I0401 17:13:13.656221 30077 launchconfiguration.go:333] waiting for IAM instance profile "masters.dev.k8s.devopscoach.org" to be ready
I0401 17:13:24.156701 30077 executor.go:91] Tasks: 71 done / 73 total; 2 can run
I0401 17:13:24.864262 30077 executor.go:91] Tasks: 73 done / 73 total; 0 can run
I0401 17:13:24.864379 30077 dns.go:153] Pre-creating DNS records
I0401 17:13:26.454177 30077 update_cluster.go:248] Exporting kubecfg for cluster
kops has set your kubectl context to dev.k8s.devopscoach.org
Cluster is starting. It should be ready in a few minutes.
Suggestions:
* validate cluster: kops validate cluster
* list nodes: kubectl get nodes --show-labels
* ssh to the master: ssh -i ~/.ssh/id_rsa admin@api.dev.k8s.devopscoach.org
The admin user is specific to Debian. If not using Debian please use the appropriate user based on your OS.
* read about installing addons: https://github.com/kubernetes/kops/blob/master/docs/addons.md
[ec2-user@ip-172-31-27-182 ~]$ kops validate cluster
Using cluster from kubectl context: dev.k8s.devopscoach.org
Validating cluster dev.k8s.devopscoach.org
INSTANCE GROUPS
NAME ROLE MACHINETYPE MIN MAX SUBNETS
master-ap-northeast-1a Master m3.medium 1 1 ap-northeast-1a
nodes Node t2.medium 2 2 ap-northeast-1a
NODE STATUS
NAME ROLE READY
ip-172-20-38-48.ap-northeast-1.compute.internal master True
ip-172-20-45-235.ap-northeast-1.compute.internal node True
ip-172-20-63-157.ap-northeast-1.compute.internal node True
Your cluster dev.k8s.devopscoach.org is ready
[ec2-user@ip-172-31-27-182 ~]$ kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
ip-172-20-38-48.ap-northeast-1.compute.internal Ready master 5m v1.8.7 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=m3.medium,beta.kubernetes.io/os=linux,failure-domain.beta.kubernetes.io/region=ap-northeast-1,failure-domain.beta.kubernetes.io/zone=ap-northeast-1a,kops.k8s.io/instancegroup=master-ap-northeast-1a,kubernetes.io/hostname=ip-172-20-38-48.ap-northeast-1.compute.internal,kubernetes.io/role=master,node-role.kubernetes.io/master=
ip-172-20-45-235.ap-northeast-1.compute.internal Ready node 4m v1.8.7 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=t2.medium,beta.kubernetes.io/os=linux,failure-domain.beta.kubernetes.io/region=ap-northeast-1,failure-domain.beta.kubernetes.io/zone=ap-northeast-1a,kops.k8s.io/instancegroup=nodes,kubernetes.io/hostname=ip-172-20-45-235.ap-northeast-1.compute.internal,kubernetes.io/role=node,node-role.kubernetes.io/node=
ip-172-20-63-157.ap-northeast-1.compute.internal Ready node 4m v1.8.7 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=t2.medium,beta.kubernetes.io/os=linux,failure-domain.beta.kubernetes.io/region=ap-northeast-1,failure-domain.beta.kubernetes.io/zone=ap-northeast-1a,kops.k8s.io/instancegroup=nodes,kubernetes.io/hostname=ip-172-20-63-157.ap-northeast-1.compute.internal,kubernetes.io/role=node,node-role.kubernetes.io/node=
[ec2-user@ip-172-31-27-182 ~]$
创建并访问服务
如下所示的创建两副本的nginx部署,部署的命令 sample-nginx。
1
2
3
4
5
6
7
8
9
[ec2-user@ip-172-31-27-182 ~]$ kubectl run sample-nginx --image=nginx --replicas=2 --port=80
deployment.apps "sample-nginx" created
[ec2-user@ip-172-31-27-182 ~]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
sample-nginx-7588757c8f-jvkjt 1/1 Running 0 5s
sample-nginx-7588757c8f-zq8tj 1/1 Running 0 5s
[ec2-user@ip-172-31-27-182 ~]$ kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
sample-nginx 2 2 2 2 13s
然后将这个部署暴露为服务,使用到Kubernetes的命令如下:
1
2
3
4
5
6
[ec2-user@ip-172-31-27-182 ~]$ kubectl expose deployment sample-nginx --port=80 --type=LoadBalancer
service "sample-nginx" exposed
[ec2-user@ip-172-31-27-182 ~]$ kubectl get services -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 100.64.0.1 <none> 443/TCP 10m <none>
sample-nginx LoadBalancer 100.64.127.19 ae3a1ca9235d111e890d706038dd676b-392190656.ap-northeast-1.elb.amazonaws.com 80:30363/TCP 25s run=sample-nginx