Cluster Connection through KubeCtl
Connect to Kubernetes Cluster through kubectl
If users need to connect to the Kubernetes cluster of cloud platform from their local personal computers, they need to use Kubernetes command-line client kubectl. The installation steps of kubectl are as follows.
Operation steps
Download the corresponding kubectl client from Download Page of Kubernetes Version. For other information about kubectl, please see the official Kubernetes Install and Set Kubectl Documentation.
Note:
The operation steps given in this operation guide are all based on the Linux operating environment.
1.Unzip the downloaded file, add the execution permission for kubectl, and put it under PATH
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- Download the cluster credential.
-
You can view and download the cluster credential in the cluster list
-
You can also view and download the cluster credential on the Cluster Details page
-
Configure kubectl, and put the cluster credential downloaded in step 2 in the default configuration path of kubectl.
mv kubectl.conf ~/.kube/config
-
After successful configuration, you can use kubectl to access the Kubernetes cluster from the local computer
kubectl get node
Create Simple Services through kubectl
Create Nginx application
This command assumes that the kubectl command-line tool is already in the PATH and has permission to operate the Kubernetes cluster (that is, the operation of connecting the Kubernetes cluster through kubectl has been completed) and input the following instructions:
kubectl run my-nginx --image=nginx --replicas=3 --port=80
The above command creates 3 Nginx containers, each of which exposes its port 80.
The instructions for creating Nginx container state are as follows:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-858393261-pfjdn 1/1 Running 0 14s
my-nginx-858393261-sn7g5 1/1 Running 0 14s
my-nginx-858393261-spv8w 1/1 Running 0 14s
Note: The "$" symbol represents the input instruction, and the other lines represent the container information displayed after the input instruction.
Expose Services to the Internet
Create service
In the public cloud environment, you can create a service of LoadBalancer type by entering the command. At the same time, you can also link with the public cloud to create a load balance and a public IP. The specific operation instructions are as follows:
kubectl expose deployment my-nginx --port=80 --type=LoadBalancer
Note:
Load balance: By virtualizing multiple cloud platform servers in the same area into a group, setting an internal or external network service address, and forwarding the front-end concurrent access to multiple cloud servers in the background, you can achieve the traffic balance of applications. You can find the BLB instance you created on the cloud platform's BLB page by querying the public network IP obtained by the service. Please see "load balance pricing" for the charging standard. Public IP: As an independent product, it provides users with public bandwidth services. You can query the public IP address you created through View Service. Please see "Elastic IP Pricing"for the charging standard, and the automatic default charging standard is postpaid.
View service
By viewing the command of the service, you can see the status of the service and the created public IP.
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 172.17.0.1 <none> 443/TCP 1h
my-nginx 172.17.44.5 180.76.139.247 80:30356/TCP 47s
Through the link 180.76.139.247, you can see the created service as shown in the figure:
Note: The symbol "$" represents the input instruction, and other lines represent the service information displayed after the input instruction, among which 180.76.139.247 is the service website published to the Internet. In addition to the above instruction calls for the service using load balance, it can also be called by dashboard. For the specific operations, see Create Service through Kubernetes-Dashboard
Delete service
If you need to delete the service, you don't want to expose it to the public network. Services can be deleted directly
kubectl delete svc my-nginx
Note:
Kubernetes will delete the public IP and load balance created just now, and then delete the created service.
Local Access to Kubernetes Dashboard (Web UI)
Precondition
Before using the Kubernetes Dashboard locally, users need to configure kubectl to connect to the Kubernetes cluster of cloud platform through kubectl.
Operation steps
Create Dashboard service. You can create a Dashboard application in the Kubernetes cluster through the kubectl tool locally.
$ kubectl create -f dashboard.yaml
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
clusterrolebinding "kubernetes-dashboard" created
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
The corresponding dashboard.yaml file is:
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: hub.agilecloud.com/public/dashboard:v1.8.3-caas
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
After creating the dashboard, use the kubectl proxy command to open a proxy and connect to the Kubernetes API Server.
kubectl proxy
After successfully opening the proxy, you can access http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login, connect to the dashboard.
Note:
localhost refers to the local machine rather than the virtual machine used by the user, and the corresponding IP address is: 127.0.0.1
Create Services through Kubernetes-Dashboard
1.After visiting the Kubernetes Dashboard (Web UI) locally, enter the Dashboard page, click Create in the upper right corner to start creating services;
2.Enter the Create application page, and enter the application name, container image, and the number of container groups (Pod) to be created;
3.Select external in the service, the background will complete the creation of EIP and BLB, fill in 80, 80 port configurations respectively, select TCP protocol, and then click the deployment button to start the service creation;
4.Wait for the service to be created successfully, and the page shall be refreshed manually;
5.Click the service button on the creation success page to enter the service page;
6.The external network address of the service will be displayed in this page;
7.Enter the Internet address in the browser to show that the service is created successfully;
Create Service with Private Image
If users need to use private images, they need to configure ImagePullSecrets first, and indicate this ImagePullSecrets in the created resources. The following is a brief introduction to the creation steps. For more detailed information about ImagePullSecrets, please see the Official Kubernetes Document.
-
Create ImagePullSecrets from kubectl.
First of all, the user needs to have the user name and password of the private repository space. With the following command, you can create an ImagePullSecret named
myregistrykey
$ kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL secret "myregistrykey" created.
-
Use this ImagePullSecret in the resource you need to create.
For example, the following pod yaml file indicates that this Pod uses the private image
hub.agilecloud.com/private-online/awesomeapp:v1
. At the same time, it uses the imagePullSecrets ofmyregistrykey
to pull the image from the image repository.apiVersion: v1 kind: Pod metadata: name: foo namespace: awesomeapps spec: containers: - name: foo image: hub.baidubce.com/private-online/awesomeapp:v1 imagePullSecrets: - name: myregistrykey
-
Specify the ImagePullSecrets of the created service in the dashboard.
After successfully creating ImagePullSecrets through kubectl, when creating an application in dashboard, you can also choose to use ImagePullSecrets. For example, in the following figure:
We have selected the
myregistrykey
created earlier for the application to be created, so Kubernetes has permission to pull the image of the private repository.
Use kubectl under Windows
-
After creating the cluster, download the kubectl tool of Windows version, such as the 64-bit tool, as follows:
Note: Before downloading kubectl, users need to log in to their servers and use the command
kubectl version
to view the version number of the cluster they created, and then select and download the corresponding kubectl version. E.g.: If the cluster version number of the user is 1.8, the kubectl to download is 1.8.The download link is https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md?spm=5176.app53755.3.2.2uYdIN&file=CHANGELOG.md#client-binaries-17, users can download the corresponding version of the tool according to their cluster version number.
-
After downloading, unzip it to any directory, such as disk D.
- Enter the user's folder under the directory
C:\users\
, for example, if the user name is foo, the folder should beC:\users\foo
. At the same time, enter the directory and create the folder.kube
.
- On the cluster list page, download the cluster configuration file, place it in the
.kube
folder created in the previous step, and rename it toconfig
.
-
Open windows command line prompt.
-
Enter the directory where the kubectl file is stored and run
kubectl.exe get node
to view the nodes of the cluster. -
In the same directory, create the dashboard.yaml file, whose content is the dashboard.yaml in the previous article. For example, you can use Notepad to create.
-
Then enter
kubectl.exe create -f dashboard.yaml
to create dashboard. -
Check whether the creation is successful by the command
kubectl.exe get pod --all-namespaces
. -
Enter
kubectl.exe proxy
to open proxy, and then access127.0.0.1:8001/ui
in the browser to access the dashboard.