我用的是Microk 8 s系统配置如下-
部署.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
labels:
app: jenkins
spec:
selector:
matchLabels:
app: jenkins
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins
containers:
- name: jenkins
image: jenkins/jenkins:2.235.1-lts-alpine
imagePullPolicy: IfNotPresent
env:
- name: JAVA_OPTS
value: -Xmx2048m -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 50000
protocol: TCP
volumeMounts:
- mountPath: /var/jenkins_home
name: jenkins
restartPolicy: Always
securityContext:
runAsUser: 0
terminationGracePeriodSeconds: 30
volumes:
- name: jenkins
persistentVolumeClaim:
claimName: jenkins-claim
pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 4Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create","delete","get","list","patch","update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create","delete","get","list","patch","update"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create","delete","get","list","patch","update"]
- apiGroups: [""]
resources: ["services"]
verbs: ["create","delete","get","list","patch","update"]
- apiGroups: [""]
resources: ["ingresses"]
verbs: ["create","delete","get","list","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
service.yaml
apiVersion: v1
kind: Service
metadata:
name: jenkins
labels:
app: jenkins
spec:
type: NodePort
ports:
- name: ui
port: 8080
targetPort: 8080
protocol: TCP
- name: slave
port: 50000
protocol: TCP
- name: http
port: 80
targetPort: 8080
selector:
app: jenkins
我可以从我的节点(主机)访问互联网,但不能从我的pod。我的节点是一台运行在vSphere上的ubuntu 18.04.2 LTS机器,位于VPN内。
在官方文档(https://microk8s.io/docs/troubleshooting)中,它表示
sudo iptables -P FORWARD ACCEPT
sudo apt-get install iptables-persistent
或
sudo ufw default allow routed
两者都解决不了我的问题
我也尝试了https://github.com/ubuntu/microk8s/issues/1484中的建议,但没有成功。
1条答案
按热度按时间ddhy6vgd1#
为了解决Microk8s上的这个问题,请在使用
microk8s enable dns
命令进行部署之前启用dns插件