目录
平时我们进入k8s的pod都是通过kubectl exec进入,在一次开发过程中,有一个
需要从集群外部通过ssh进入pod
的需求。这里简单记录一下
一、修改docker镜像并上传
1. 通过docker run 进入容器,下载安装ssh服务,并初始化root密码
我这里用的是阿里云的spark镜像
// 查看镜像
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-hangzhou.aliyuncs.com/google_containers/spark 1.5.2_v1 22712970844d 6 years ago 990MB
// 进入容器
[root@master ~]# docker run -it 22712970844d
// 下载安装ssh
root@183fe4c73b7e:/# apt-get update
root@183fe4c73b7e:/# apt-get -y install openssh-server
// 修改ssh配置文件,将PermitRootLogin改为yes
vim /etc/ssh/sshd_config
PermitRootLogin yes
// 通过脚本启动ssh,以及初始化root密码,
// 我这里密码是通过参数$1传递进来的,并未写死
root@183fe4c73b7e:/# cat init.sh
#!/bin/bash
service ssh start
echo root:$1|chpasswd
我这里spark的启动命令是 /start-master 和 /start-worker
所以 在这两个文件中,加入 /init.sh $1
其他镜像可忽略此步
2、将镜像打包上传到镜像仓库
// 退出修改好的容器
root@183fe4c73b7e:/# exit
exit
// 找到刚才退出的容器id
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d6f509fb772d 70f311871ae1 "/coredns -conf /etc…" 2 hours ago Up 2 hours k8s_coredns_coredns-6955765f44-gc9cq_kube-system_b0334549-d9bf-447d-90d1-2a196bed33f9_4
// 提交到本地仓库
[root@master ~]# docker commit -m="add ssh and init root" -a="fanb" d6f509fb772d myspark:1.5.2_v1
提交到阿里云镜像仓库,官网教程很详细
https://cr.console.aliyun.com/repository/
// 登录阿里云
// 首先改名,使镜像名和自己仓库名字一致
[root@master ~]# docker tag myspark:1.5.2_v1 registry.cn-shanghai.aliyuncs.com/fanb/myspark:1.5.2_v1
// push到仓库
[root@master ~]# docker push registry.cn-shanghai.aliyuncs.com/fanb/myspark:1.5.2_v1
二、配置kubenetes的deploy以及service
我是通过client-go代码实现的deploy和service的部署
这里简单给出关键步骤
1. deploy中容器镜像换成自己的镜像仓库
2. deploy中添加启动命令command和参数args(这里参数即为root密码)
3. deploy中开启22端口
我这里因为是spark-master,所以还开启了7077和8080端口
4.service中选择nodeport,映射22端口
三、部署测试
// 部署成功后,查看svc,获得22端口映射到node的端口为多少
// 也可以在部署svc时自己指定,我这里没写,系统自动分配一个port
[root@master ~]# kubectl get svc -n spark-1660585042012467800
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
spark-master NodePort 10.103.250.24 <none> 7077:31785/TCP,8080:32180/TCP,22:31662/TCP 22h
spark-worker-service NodePort 10.102.180.54 <none> 8081:30976/TCP,22:31506/TCP 22h
// 用ssh测试一下
// 通过node ip 加 刚才的port
[root@master ~]# ssh root@192.168.139.131 -p 31662
The authenticity of host '[192.168.139.131]:31662 ([192.168.139.131]:31662)' can't be established.
ECDSA key fingerprint is SHA256:a8Pwyq1gds84vzASJpBBqjWEyKtQhJmiGaMaWUQNR1k.
ECDSA key fingerprint is MD5:95:ba:11:79:a8:97:0f:8a:3c:17:84:df:4b:d1:87:6c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.139.131]:31662' (ECDSA) to the list of known hosts.
root@192.168.139.131's password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@spark-master-deploy-8686887d56-l88hl:~# ls
root@spark-master-deploy-8686887d56-l88hl:~# cd /
root@spark-master-deploy-8686887d56-l88hl:/# ls
bin dev home lib media opt root sbin start-common.sh start-worker tmp var
boot etc init.sh lib64 mnt proc run srv start-master sys usr
测试成功!
版权声明:本文为qq_51287641原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。