首页 > 系统相关 >VMware vSphere Tanzu部署_14_部署容器应用

VMware vSphere Tanzu部署_14_部署容器应用

时间:2024-07-04 17:21:49浏览次数:21  
标签:kubectl vSphere Tanzu tkc napp 部署 nginx -- jianhua

1.部署运行容器应用

1.1. 登录tkc集群

jianhua@napp:~/tkc$ kubectl vsphere login --server=192.168.203.194 \
--tanzu-kubernetes-cluster-name  tkc-dev-cluster \
--tanzu-kubernetes-cluster-namespace tkc-01 \
--vsphere-username [email protected] \
--insecure-skip-tls-verify


KUBECTL_VSPHERE_PASSWORD environment variable is not set. Please enter the password below
Password: 
Logged in successfully.

You have access to the following contexts:
   192.168.203.194
   tkc-01
   tkc-dev-cluster

If the context you wish to use is not in this list, you may need to try
logging in again later, or contact your cluster administrator.

To change context, use `kubectl config use-context <workload name>`
jianhua@napp:~/tkc$ 

jianhua@napp:~/tkc$ kubectl config use-context tkc-dev-cluster
Switched to context "tkc-dev-cluster".
jianhua@napp:~/tkc$ 

1.2.运行容器配置设置

不进行配置设置,运行容器时会出现如下报错

jianhua@napp:~/tkc$ kubectl run nginx --image=nginx:latest
Error from server (Forbidden): pods "nginx" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
jianhua@napp:~/tkc$

1.2.1pod security配置

jianhua@napp:~/tkc$ kubectl label --overwrite ns default pod-security.kubernetes.io/enforce=privileged
namespace/default labeled
jianhua@napp:~/tkc$ 

1.2.2.rolebindings配置

jianhua@napp:~/tkc$ cat rolebindings-default-namespace.yaml 
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rolebinding-default-privileged-sa-ns_default
  namespace: default
roleRef:
  kind: ClusterRole
  name: psp:vmware-system-privileged
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  apiGroup: rbac.authorization.k8s.io
  name: system:serviceaccounts
jianhua@napp:~/tkc$ 
  • 配置示例
jianhua@napp:~/tkc$ kubectl apply -f rolebindings-default-namespace.yaml 
rolebinding.rbac.authorization.k8s.io/rolebinding-default-privileged-sa-ns_default created
jianhua@napp:~/tkc$ kubectl get rolebindings
NAME                                           ROLE                                       AGE
rolebinding-default-privileged-sa-ns_default   ClusterRole/psp:vmware-system-privileged   7s
jianhua@napp:~/tkc$ 

1.3 运行容器

  • 运行容器
jianhua@napp:~/tkc$ kubectl run nginx --image=quay.io/jitesoft/nginx
pod/nginx created
jianhua@napp:~/tkc$ kubectl get pod
NAME    READY   STATUS              RESTARTS   AGE
nginx   0/1     ContainerCreating   0          1s
jianhua@napp:~/tkc$
jianhua@napp:~/tkc$ kubectl get pod -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP            NODE                                                          NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          62s   172.20.18.2   tkc-dev-cluster-tck-dev-worker-zt5ls-779c467dd4xwbb9p-kl9tx   <none>           <none>
jianhua@napp:~/tkc$ 
  • 对外暴露端口
jianhua@napp:~$ kubectl expose pod nginx --port=80 --target-port=80 --type=LoadBalancer --name=nginx-svc
service/nginx-svc exposed
jianhua@napp:~$ kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE   SELECTOR
kubernetes   ClusterIP      172.20.0.1     <none>        443/TCP        19h   <none>
nginx-svc    LoadBalancer   172.20.10.50   <pending>     80:32720/TCP   2s    run=nginx
supervisor   ClusterIP      None           <none>        6443/TCP       19h   <none>
jianhua@napp:~$ kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)        AGE   SELECTOR
kubernetes   ClusterIP      172.20.0.1     <none>            443/TCP        19h   <none>
nginx-svc    LoadBalancer   172.20.10.50   192.168.203.196   80:32720/TCP   8s    run=nginx
supervisor   ClusterIP      None           <none>            6443/TCP       19h   <none>
jianhua@napp:~$


标签:kubectl,vSphere,Tanzu,tkc,napp,部署,nginx,--,jianhua
From: https://www.cnblogs.com/amsilence/p/18284233

相关文章

  • Windows部署语音转文字项目_Whisper
    Windows部署语音转文字项目_WhisperWindows部署语音转文字项目_Whisper一、前置安装准备Github源仓库,Whisper下载安装whisper及其依赖项官方有两种部署方法,一种是通过默认pip源拉取安装:以管理员身份运行powershell,输入如下命令pipinstall-Uopenai-whisper因国内网络......
  • VMware vSphere Tanzu部署_13_创建TKC集群
    1.登录tanzu集群登录语法为:kubectlvspherelogin--server=--vsphere-username--insecure-skip-tls-verify$kubectlvspherelogin--server=192.168.203.194--vsphere-usernameadministrator@vsphere.local--insecure-skip-tls-verify登录示例jianhua@napp:~$k......
  • K8S学习教程(二):在 PetaExpress KubeSphere容器平台部署高可用 Redis 集群
    前言Redis是在开发过程中经常用到的缓存中间件,为了考虑在生产环境中稳定性和高可用,Redis通常采用集群模式的部署方式。在制定Redis集群的部署策略时,常规部署在虚拟机上的方式配置繁琐并且需要手动重启节点,相较之下,使用PetaExpress提供的Kubernetes(k8s)服务进行Redis集......
  • 若依部署到服务器之后修改头像无法展示(分离版)
    参考链接  https://blog.csdn.net/feng88724/article/details/125591949常见问题  http://doc.ruoyi.vip/ruoyi-vue/other/faq.html#图片上传成功不能显示我用的分离版 按照官方的试了不管用,最后看到兄弟的博客,前半部分跟官方文档差不多,也是不生效由于服务装了宝塔,ng用的......
  • 【Docker安装】OpenEuler系统下部署Docker环境
    【Docker安装】OpenEuler系统下部署Docker环境前言一、本次实践介绍1.1本次实践规划1.2本次实践简介二、检查本地环境2.1检查操作系统版本2.2检查内核版本2.3检查yum仓库三、卸载Docker四、部署Docker环境4.1配置yum仓库4.2检查可用yum仓库......
  • 【实战经验】基于 centos9 安装和部署SoftEther Server 搭建异地组网
    场景描述: 本人长期在远程办公,需要在公司连接家里电脑办公,但是家里有公网IP,并可进行内网穿透,但是如果直接把设备的远程端口暴露在公网上想着不安全,已经被端口扫描了好几次,现在休息在家想着在家里服务器上搭建一个softetherserver,通过暴露1194端口实现,专用网络连接,再从专......
  • 什么是容器和容器化部署?
    容器通俗的意思就是用来装东西的家伙,比如“瓶子”、“箱子”、“水杯”等等。K8S中提到容器也有类似的作用,是用来“装”我们需要部署的应用程序,由于我们的应用程序需要运行时环境,因此它内部装了运行时环境、配置文件、程序代码。早期的部署我们可以直接把程序部署到物理......
  • NoSQL 之 Redis 集群部署
    前言:(1)主从复制:主从复制是高可用Redis的基础,哨兵和集群都是在主从复制基础上实现高可用的。主从复制主要实现了数据的多机备份,以及对于读操作的负载均衡和简单的故障恢复。缺陷:故障恢复无法自动化;写操作无法负载均衡;存储能力受到单机的限制。(2)哨兵:在主从复制的基础上,哨兵实......
  • uniapp h5部署二级目录
    uniapp部署二级目录在uniapp中,如果你想要将应用部署到二级目录中,你需要在manifest.json文件中配置相应的二级目录路径。以下是一个配置示例,假设你想要将应用部署到域名的subdir二级目录下:打开manifest.json文件。找到h5节点。设置router的base路径为你的二级......
  • 基于SpringBoot+Vue+基于微信小程序的音乐播放器系统设计和实现(源码+LW+部署讲解)
    博主介绍:✌全网粉丝50W+,csdn特邀作者、博客专家、CSDN新星计划导师、Java领域优质创作者,博客之星、掘金/华为云/阿里云/InfoQ等平台优质作者、专注于Java技术领域和学生毕业项目实战,高校老师/讲师/同行前辈交流✌技术范围:SpringBoot、Vue、SSM、HLMT、Jsp、PHP、Nodejs、P......