一、API资源对象Job
可以理解成一次性运行后就退出的Pod。
先来生成一个YAML文件:
kubectl create job job-demo --image=busybox --dry-run=client -o yaml > jobdemo.
yaml
vi job-demo.yaml
[root@aminglinux01 ~]# cat job-demo.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: job-demo
spec:
template: ##模板,基于此模板来创建pod,它用来定义pod的属性,比如container
spec:
restartPolicy: OnFailure ##定义pod运行失败时的策略,可以是OnFailure和Nerver,其中OnFailure表示失败的话需要重启容器,Nerver表示失败的话不重启容器,而是重新生成一个新的Pod
containers:
- image: registry.cn-hangzhou.aliyuncs.com/*/busybox:latest
name: job-demo
command: ["/bin/echo"]
args: ["hello","world"]
[root@aminglinux01 ~]#
创建Job
kubectl apply -f job-demo.yaml
[root@aminglinux01 ~]# kubectl apply -f job-demo.yaml
job.batch/job-demo created
[root@aminglinux01 ~]#
查看job
kubectl get job,pod 可以看到该容器运行完成后状态就变成了Completed。
[root@aminglinux01 ~]# kubectl get job,pod
NAME COMPLETIONS DURATION AGE
job.batch/job-demo 1/1 6s 2m53s
NAME READY STATUS RESTARTS AGE
pod/ds-demo-7kqhx 1/1 Running 0 15h
pod/ds-demo-js2rl 1/1 Running 0 15h
pod/ds-demo-pkpb6 1/1 Running 0 15h
pod/job-demo-fg2pg 0/1 Completed 0 2m53s ####运行一次后,变为completed
pod/lucky-6cdcf8b9d4-qslbj 1/1 Running 2 (16h ago) 4d12h
pod/ng-deploy-6d94878b66-8t2hq 1/1 Running 2 (16h ago) 40h
pod/ng-deploy-6d94878b66-gh95m 1/1 Running 2 (16h ago) 40h
pod/ngnix 1/1 Running 2 (16h ago) 3d18h
pod/pod-demo 1/1 Running 2 (16h ago) 3d20h
pod/pod-demo1 1/1 Running 2 (16h ago) 3d20h
pod/redis-sts-0 1/1 Running 0 14h
pod/redis-sts-1 1/1 Running 0 13h
[root@aminglinux01 ~]#
对于Job,还有几个特殊字段:
- activeDeadlineSeconds,设置 Pod 运行的超时时间。
- backoffLimit,设置 Pod 的失败重试次数。
- completions,Job 完成需要运行多少个 Pod,默认是 1 个。
- parallelism,它与 completions 相关,表示允许并发运行的 Pod 数量,避免过多占用资源。
vi myjob.yaml
[root@aminglinux01 ~]# cat myjob.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: sleep-job
spec:
activeDeadlineSeconds: 15 ##15s就超时
backoffLimit: 2 ##失败重试2次就放弃
completions: 4 ##要运行4个pod,才算完成
parallelism: 2 ##允许并发运行2个pod
template:
spec:
restartPolicy: Never
containers:
- image: registry.cn-hangzhou.aliyuncs.com/*/busybox:latest
name: echo-job
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- sleep 10; echo done
[root@aminglinux01 ~]#
创建job,并查看job情况
kubectl apply -f myjob.yaml ; kubectl get pod -w
[root@aminglinux01 ~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
ds-demo-7kqhx 1/1 Running 0 15h
ds-demo-js2rl 1/1 Running 0 15h
ds-demo-pkpb6 1/1 Running 0 15h
job-demo-fg2pg 0/1 Completed 0 13m
lucky-6cdcf8b9d4-qslbj 1/1 Running 2 (16h ago) 4d12h
ng-deploy-6d94878b66-8t2hq 1/1 Running 2 (16h ago) 40h
ng-deploy-6d94878b66-gh95m 1/1 Running 2 (16h ago) 40h
ngnix 1/1 Running 2 (16h ago) 3d18h
pod-demo 1/1 Running 2 (16h ago) 3d20h
pod-demo1 1/1 Running 2 (16h ago) 3d20h
redis-sts-0 1/1 Running 0 14h
redis-sts-1 1/1 Running 0 13h
sleep-job-4rk8t 0/1 InvalidImageName 0 11s
sleep-job-rdtv6 0/1 InvalidImageName 0 11s
sleep-job-rdtv6 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-rdtv6 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-rdtv6 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-rdtv6 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-4rk8t 0/1 Terminating 0 15s
sleep-job-rdtv6 0/1 Terminating 0 16s
sleep-job-rdtv6 0/1 Terminating 0 16s
二、API资源对象CronJob
CronJob简称(cj)是一种周期运行的Pod,比如有些任务需要每天执行一次,就可以使用CronJob。
先生成一个YAML:
kubectl create cj cj-demo --image=busybox --schedule="" --dry-run=client -o
yaml > cj-demo.yaml
[root@aminglinux01 ~]# kubectl create cj cj-demo --image=registry.cn-hangzhou.aliyuncs.com/daliyused/busybox:latest --schedule="" --dry-run=client -o yaml > cj-demo.yaml
[root@aminglinux01 ~]# ls
anaconda-ks.cfg
calico-cni.tar
calico-kube-controllers.tar
calico-node.tar
calico-pod2daemon.tar
calico.yaml
cj-demo.yaml
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# cat cj-demo.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
creationTimestamp: null
name: cj-demo
spec:
jobTemplate:
metadata:
creationTimestamp: null
name: cj-demo
spec:
template:
metadata:
creationTimestamp: null
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/daliyused/busybox:latest
name: cj-demo
resources: {}
restartPolicy: OnFailure
schedule: ""
status: {}
[root@aminglinux01 ~]#
vi job-demo.yaml
[root@aminglinux01 ~]# cat job-demo.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: job-demo
spec:
schedule: '*/1 * * * *'
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- image: registry.cn-hangzhou.aliyuncs.com/daliyused/busybox:latest
name: job-demo
command: ["/bin/echo"]
args: ["hello","world"]
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl apply -f cj-demo.yaml
cronjob.batch/cj-demo created
[root@aminglinux01 ~]# kubectl get cj
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
cj-demo */1 * * * * False 0 <none> 15s
[root@aminglinux01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
ds-demo-7kqhx 1/1 Running 0 17h
ds-demo-js2rl 1/1 Running 0 17h
ds-demo-pkpb6 1/1 Running 0 17h
job-demo-fg2pg 0/1 Completed 0 167m
lucky-6cdcf8b9d4-qslbj 1/1 Running 2 (19h ago) 4d14h
ng-deploy-6d94878b66-8t2hq 1/1 Running 2 (19h ago) 42h
ng-deploy-6d94878b66-gh95m 1/1 Running 2 (19h ago) 42h
ngnix 1/1 Running 2 (19h ago) 3d21h
pod-demo 1/1 Running 2 (19h ago) 3d23h
pod-demo1 1/1 Running 2 (19h ago) 3d22h
redis-sts-0 1/1 Running 0 16h
redis-sts-1 1/1 Running 0 16h
[root@aminglinux01 ~]#
三、API资源对象Endpoint
Endpoint(简称ep)资源是和Service一一对应的,也就是说每一个Service都会对应一个Endpoint。
[root@aminglinux01 ~]# kubectl get ep
NAME ENDPOINTS AGE
kubernetes 192.168.100.151:6443 4d18h
lucky 10.18.68.141:10661 4d14h
ngx-svc 10.18.206.207:80,10.18.68.140:80 42h
redis-svc 10.18.206.213:6379,10.18.68.148:6379 16h
[root@aminglinux01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.15.0.1 <none> 443/TCP 4d18h
lucky NodePort 10.15.104.133 <none> 16601:31368/TCP 4d14h
ngx-svc NodePort 10.15.157.72 <none> 8080:30009/TCP 42h
redis-svc ClusterIP 10.15.165.5 <none> 6379/TCP 16h
[root@aminglinux01 ~]#
Endpoint可以理解成Service后端对应的资源。
有时候K8s里的Pod需要访问外部资源,比如访问外部的MySQL服务,就可以定义一个对外资源的
Ednpoint,然后再定义一个Service,就可以让K8s里面的其它Pod访问了。
vim testep.yaml
[root@aminglinux01 ~]# cat testep.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: external-mysql ####与service的name保持一致
subsets:
- addresses:
- ip: 10.18.206.207 ####后端pod的IP
ports:
- port: 3306 ####后端pod的端口
---
apiVersion: v1
kind: Service ##注意:该service里并不需要定义selector,只要Server name和Endpoint name保持一致即可。
metadata:
name: external-mysql
spec:
ports:
- port: 3306
[root@aminglinux01 ~]#
[root@aminglinux01 ~]# kubectl apply -f testep.yaml
endpoints/external-mysql created
service/external-mysql created
[root@aminglinux01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
external-mysql ClusterIP 10.15.76.93 <none> 3306/TCP 14s
kubernetes ClusterIP 10.15.0.1 <none> 443/TCP 5d2h
lucky NodePort 10.15.104.133 <none> 16601:31368/TCP 4d23h
ngx-svc NodePort 10.15.157.72 <none> 8080:30009/TCP 2d2h
redis-svc ClusterIP 10.15.165.5 <none> 6379/TCP 25h
[root@aminglinux01 ~]# kubectl get ep
NAME ENDPOINTS AGE
external-mysql 10.18.206.207:3306 19s
kubernetes 192.168.100.151:6443 5d2h
lucky 10.18.68.141:10661 4d23h
ngx-svc 10.18.206.207:80,10.18.68.140:80 2d2h
redis-svc 10.18.206.255:6379,10.18.68.148:6379 25h
[root@aminglinux01 ~]#
四、API资源对象ConfigMap
ConfigMap(简称cm)用来存储配置信息,比如服务端口、运行参数、文件路径等等。
vi mycm.yaml
[root@aminglinux01 ~]# cat mycm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mycm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123456'
ROOT_PASSWORD: '123456'
[root@aminglinux01 ~]#
创建:
[root@aminglinux01 ~]# kubectl apply -f mycm.yaml
configmap/mycm created
查看:
[root@aminglinux01 ~]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d19h
mycm 4 9s
[root@aminglinux01 ~]# kubectl describe cm mycm
Name: mycm
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
DATABASE:
----
db
PASSWORD:
----
123456
ROOT_PASSWORD:
----
123456
USER:
----
wp
BinaryData
====
Events: <none>
[root@aminglinux01 ~]# cat my
mycm.yaml myjob.yaml
[root@aminglinux01 ~]# cat mycm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mycm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123456'
ROOT_PASSWORD: '123456'
[root@aminglinux01 ~]#
调用CM
[root@aminglinux01 ~]# cat testpod.yaml
apiVersion: v1
kind: Pod
metadata:
name: testpod
labels:
app: testpod
spec:
containers:
- image: nginx:latest
name: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
envFrom: ##将cm李的字段全部导入该pod
- prefix: 'NGINX_' ##将导入的字段名前自动加上前缀,如NGINX_DATABASE
configMapRef: ##定义哪个CM
name: mycm
[root@aminglinux01 ~]#
查看pod创建过程中调用
[root@aminglinux01 ~]# kubectl describe pod testpod
Name: testpod
Namespace: default
Priority: 0
Service Account: default
Node: aminglinux02/192.168.100.152
Start Time: Tue, 09 Jul 2024 22:07:23 +0800
Labels: app=testpod
Annotations: cni.projectcalico.org/containerID: 8cfe350f99e0d639b53b088133c536786e76c58885e57755cb06d1e37dcd4580
cni.projectcalico.org/podIP: 10.18.206.236/32
cni.projectcalico.org/podIPs: 10.18.206.236/32
Status: Running
IP: 10.18.206.236
IPs:
IP: 10.18.206.236
Containers:
nginx:
Container ID: containerd://8d2f0e06c902c569574629ee896a999bb10b5317656beca5e05e946cf8c54f30
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:67682bda769fae1ccf5183192b8daf37b64cae99c6c3302650f6f8bf5f0f95df
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 09 Jul 2024 22:07:24 +0800
Ready: True
Restart Count: 0
Environment Variables from:
mycm ConfigMap with prefix 'NGINX_' Optional: false
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-w4n26 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-w4n26:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 114s default-scheduler Successfully assigned default/testpod to aminglinux02
Normal Pulled 114s kubelet Container image "nginx:latest" already present on machine
Normal Created 114s kubelet Created container nginx
Normal Started 113s kubelet Started container nginx
[root@aminglinux01 ~]#
五、API资源对象Secret
Secret定义的数据是加密的。
Secret和cm的结构和用法很类似,不过在 K8s里Secret 对象又细分出很多类,比如:
- 访问私有镜像仓库的认证信息
- 身份识别的凭证信息
- HTTPS 通信的证书和私钥
- 一般的机密信息(格式由用户自行解释)
前几种我们现在暂时用不到,所以就只使用最后一种。
secret创建实例:
vi mysecret.yaml
[root@aminglinux01 ~]# cat mysecret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
user: eWV5dW55aQ== ##由命令echo -n "aming" |base64生成
passwd: MXFhekBXU1g= ##由命令echo -n "linux123"|base64
[root@aminglinux01 ~]#
查看:
[root@aminglinux01 ~]# kubectl apply -f mysecret.yaml
secret/mysecret created
[root@aminglinux01 ~]# kubectl get secret
NAME TYPE DATA AGE
mysecret Opaque 2 9s
[root@aminglinux01 ~]# kubectl describe secret mysecret
Name: mysecret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
passwd: 8 bytes ###加密,无法看到
user: 7 bytes ###加密,无法看到
[root@aminglinux01 ~]#
pod调用secret实例:
vi testpod2.yaml
[root@aminglinux01 ~]# cat testpod2.yaml
apiVersion: v1
kind: Pod
metadata:
name: testpod2
spec:
containers:
- image: busybox
name: busy
imagePullPolicy: IfNotPresent
command: ["/bin/sleep","300"]
env:
- name: USERNAME
valueFrom:
secretKeyRef: ##用来指定从哪个secret找username
name: mysecret
key: user
- name: PASSWORD
valueFrom:
secretKeyRef: ##用来指定从哪个secret找username
name: mysecret
key: passwd
[root@aminglinux01 ~]#
查看:
[root@aminglinux01 ~]# kubectl apply -f testpod2.yaml
pod/testpod2 created
[root@aminglinux01 ~]# kubectl exec -it testpod2 -- sh
/ #
/ # echo $PASSWORD
1qaz@WSX
/ # command terminated with exit code 137
[root@aminglinux01 ~]#