VMware vSphere Tanzu部署_14_部署容器应用

整体文章

VMware vSphere Tanzu部署_01_Tanzu架构设计

VMware vSphere Tanzu部署_02_ESXI系统安装

VMware vSphere Tanzu部署_03_vCenter部署

VMware vSphere Tanzu部署_04_vCenter管理esxi并迁移网卡到DSwitch

VMware vSphere Tanzu部署_05_vyos虚拟路由器部署

VMware vSphere Tanzu部署_06_haproxy部署

VMware vSphere Tanzu部署_07_tanzu存储策略配置

VMware vSphere Tanzu部署_08_配置tanzu为单节点

VMware vSphere Tanzu部署_09_配置tanzu内容库

VMware vSphere Tanzu部署_10_开启Tanzu功能

VMware vSphere Tanzu部署_11_创建TKC命名空间

VMware vSphere Tanzu部署_12_下载使用Tanzu-K8S工具

VMware vSphere Tanzu部署_13_创建TKC集群

VMware vSphere Tanzu部署_14_部署容器应用

VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取

1.部署运行容器应用

1.1. 登录tkc集群

jianhua@napp:~/tkc$ kubectl vsphere login --server=192.168.203.194 \
--tanzu-kubernetes-cluster-name  tkc-dev-cluster \
--tanzu-kubernetes-cluster-namespace tkc-01 \
--vsphere-username administrator@vsphere.local \
--insecure-skip-tls-verify


KUBECTL_VSPHERE_PASSWORD environment variable is not set. Please enter the password below
Password: 
Logged in successfully.

You have access to the following contexts:
   192.168.203.194
   tkc-01
   tkc-dev-cluster

If the context you wish to use is not in this list, you may need to try
logging in again later, or contact your cluster administrator.

To change context, use `kubectl config use-context <workload name>`
jianhua@napp:~/tkc$ 

jianhua@napp:~/tkc$ kubectl config use-context tkc-dev-cluster
Switched to context "tkc-dev-cluster".
jianhua@napp:~/tkc$

1.2.运行容器配置设置

不进行配置设置,运行容器时会出现如下报错

jianhua@napp:~/tkc$ kubectl run nginx --image=nginx:latest
Error from server (Forbidden): pods "nginx" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
jianhua@napp:~/tkc$

1.2.1pod security配置

jianhua@napp:~/tkc$ kubectl label --overwrite ns default pod-security.kubernetes.io/enforce=privileged
namespace/default labeled
jianhua@napp:~/tkc$

1.2.2.rolebindings配置

jianhua@napp:~/tkc$ cat rolebindings-default-namespace.yaml 
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rolebinding-default-privileged-sa-ns_default
  namespace: default
roleRef:
  kind: ClusterRole
  name: psp:vmware-system-privileged
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  apiGroup: rbac.authorization.k8s.io
  name: system:serviceaccounts
jianhua@napp:~/tkc$
  • 配置示例
jianhua@napp:~/tkc$ kubectl apply -f rolebindings-default-namespace.yaml 
rolebinding.rbac.authorization.k8s.io/rolebinding-default-privileged-sa-ns_default created
jianhua@napp:~/tkc$ kubectl get rolebindings
NAME                                           ROLE                                       AGE
rolebinding-default-privileged-sa-ns_default   ClusterRole/psp:vmware-system-privileged   7s
jianhua@napp:~/tkc$

1.3 运行容器

  • 运行容器
jianhua@napp:~/tkc$ kubectl run nginx --image=quay.io/jitesoft/nginx
pod/nginx created
jianhua@napp:~/tkc$ kubectl get pod
NAME    READY   STATUS              RESTARTS   AGE
nginx   0/1     ContainerCreating   0          1s
jianhua@napp:~/tkc$
jianhua@napp:~/tkc$ kubectl get pod -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP            NODE                                                          NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          62s   172.20.18.2   tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-kl9tx   <none>           <none>
jianhua@napp:~/tkc$
  • 对外暴露端口
jianhua@napp:~$ kubectl expose pod nginx --port=80 --target-port=80 --type=LoadBalancer --name=nginx-svc
service/nginx-svc exposed
jianhua@napp:~$ kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE   SELECTOR
kubernetes   ClusterIP      172.20.0.1     <none>        443/TCP        19h   <none>
nginx-svc    LoadBalancer   172.20.10.50   <pending>     80:32720/TCP   2s    run=nginx
supervisor   ClusterIP      None           <none>        6443/TCP       19h   <none>
jianhua@napp:~$ kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)        AGE   SELECTOR
kubernetes   ClusterIP      172.20.0.1     <none>            443/TCP        19h   <none>
nginx-svc    LoadBalancer   172.20.10.50   192.168.203.196   80:32720/TCP   8s    run=nginx
supervisor   ClusterIP      None           <none>            6443/TCP       19h   <none>
jianhua@napp:~$


posted @ 2024-07-04 17:11  二乘八是十六  阅读(49)  评论(0编辑  收藏  举报