文章目录
概念
- k8s:可以管理多台主机,并将应用以容器化的方式部署,并提供应用的规划、部署、维护等机制
- Pod:最基础的对象,也是部署应用的最小单元,一个Pod可以有多个容器,但都有一个主容器,其他容器主要是起辅助作用
- RC/RS:管理和定义Pod的副本数量,保证高可用
- Deployment:在控制器的基础上增加升级滚动的策略
- Service:将Pod的服务暴露给外部,可以定义多种服务类型,并提供负载均衡
- Volume:将数据挂载到存储卷上,存储卷的类型支持多种
- ConfigMap/Screat:定义配置文件和密码的配置
常用命令
# 命令启用一个控制器
kubectl run nginx-deploy --image=ikubernetes/nginx:1.7.5 --port=88 --replicas=1
# 命令暴露端口
kubectl expose deployment nginx-deploy --name=nginx --port=88 --target-port=88 --protocol=TCP
# 修改副本数量
kubectl scale --replicas=3 deployment nginx-deploy
# 镜像升级
kubuctl set image deployment myapp myapp=ikubernetes/myapp:v2
# 获取配置清单字段如何配置
kubectl explain pods.spec
# 过滤
kubectl get pods -l run,!release --show-labels
# 等值关系标签选择器
kubectl get pods -l release!=stable,run=nginx-deploy --show-labels
# 集合关系标签选择器
kubectl get pods -l "release notin (stable,canary,beta,alpha)" --show-labels
# 监控pods
kubectl get pods -w
# 查看ip等详细信息
kubectl get pods -o wide
# 显示标签
kubectl get pods -L run,app
# 修改标签
kubectl label pods pod-demo release=stable --overwrite
# 修改升级rs,但修改pod模板,pod在不创建的情况下,不会修改
kubectl edit rs myapp
# 查看滚动历史
kubectl rollout history deployment myapp-deploy
# 镜像回滚到上一版本
kubectl rollout undo deployment myapp
# 镜像回滚到第一个版本
kubectl rollout undo deployment myapp --to-revision=1
# 打补丁
kubectl patch deployment myapp-deploy -p '{"spec":{"replicas":5}}'
# 暂停命令,暂停deployment更新
kubectl rollout pause deployment myapp-deploy
# 取消平暂停命令
kubectl rollout resume deployment myapp-deploy
# 查看更新状态
kubectl status deployment myapp-deploy
# 更新ds的镜像
kubectl set image daemonsets filebeat filebeat=ikubernetes/filebeat:5.6.6-alpine
# 创建configmap
kubectl create configmap nginx-config --from-literal=nginx_port=8080 --from-literal=server_name=myapp.sean.com
# 创建configmap
kubectl create configmap nginx-config2 --from-file=./myconfig2.conf
# 创建secret
kubectl create secret generic mysql-root-password --from-literal=password=My@Pass123
配置清单通用数据
# group/version通过 以下命令获取 $ kubectl api-versions
apiVersion: group/version
kind: #资源类别
metadata: #元数据
name:
namespace:
labels:
# key:字母、数字、_、-、. 长度为64个字符,以字母和数字开头
# value:可以为空,字母、数字、_、-、. 长度为64个字符,以字母和数字开头及结尾
key: value
annotations:
#每个资源的应用PATH
selfLink: /api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
spec: #期望的状态, disired state
nodeSelector: # 节点标签选择器
nodeName: # 节点名称
restartPolicy: # 重启策略 Always, OnFailure, Never. Default to Always.
containers:
- name:
image:
imagePullPolice: # 镜像拉取策略 Always,Never,IfNotPresent,若image的版本为latest,则使用Always策略
ports: # 端口
- name: #端口名称,svr可引用该名称
containerPort: # 暴露端口
#探测的三种方式 ExecAction:exec; TCPSocketAction:topSocket; HTTPGetAction:httpGet
livenessProbe: # 存活探测器
readinessProbe: # 就绪探测器
lifecycle:
postStart: #启动后执行
preStop: #停止前执行
Volumes: # 数据卷挂载
- name: html
emptyDir:
medium:
sizeLimit:
status: #当前状态,current state 本字段由kubernetes集群维护;
matchLabels: #直接给定键值
matchExpressions: #匹配表达式
Pod
Pod的生命周期
- 状态:Pending,Running,Failed,Succeeded,Unknown
- 创建Pod:
- Pod生命周期中的重要行为:
- 初始化容器
- 容器探测:
- liveness
- readliness
Pod的配置清单
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
annotations:
sean.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/nginx:1.16.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/
- name: busybox
image: ikubernetes/busybox:1.28
imagePullPolicy: IfNotPresent
volumeMounts:
- name: html
mountPath: /data/
command: ["/bin/sh"]
args: ["-c","while true; do echo $(date) >> /data/index.html; sleep 2; done"]
volumes:
- name: html
emptyDir: {}
控制器
控制器常用类别
- ReplicaSet:部署Pod,弹性可伸缩,关注群体,通过标签选择器管理Pod,通过其中的Template部署相应的pod
- Deployment:建构在RS之上,管理多个RS,声明式部署(使用apply——既可以是创建,也可以是更新),可定义当前最少多少个,最多多少个Pod,控制pod粒度
- DamenSet:每一个节点只运行一个Pod
- Job:执行一次任务,任务完成后不启动,任务执行失败需要重新执行
- CronJob:周期性执行任务
- StaefulSet:有状态应用的控制器
ReplicatSet的配置清单
apiVersion: api/v1
kind: ReplicatSet
metadata:
name: myapp
namespace: default
spec:
replicas: 2
# 两类标签选择器
selector:
matchLabels:
app: myapp
release: canary
matchExpressions:
template:
metadata:
name: myapp-pod
# 此处的标签选择器需要能被上述标签选择
labels:
app: myapp
reslease: canary
environment: qa
spec:
containers:
- name: myapp-container
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
resources:
requests: # 需求,下线
memory: "64Mi"
cpu: "500m"
limits: # 最大
memory: "128Mi"
cpu: "600m"
Deployment的配置清单
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
strategy:
type: # 更新策略 recreate:重建更新 RollingUpdate:滚动更新,控制更新粒度
rollingUpdate: # 只有type为RollingUpdate该类型时,才能定义该字段
maxSurge: # 最多能多几个
maxUnavailable: # 最多能少几个
revisionHistoryLimit: # 历史的保存几个
# 其他与rs相同
DemanSet的yaml定义
apiVersion: apps/v1
kind: DemanSet
metadata:
name: filebeat-ds
namespace: default
spec:
selector:
matchLabels:
app: filebeat
release: stable
matchExpressions:
template:
metadata:
# 此处的标签选择器需要能被上述标签选择
labels:
app: filebeat
reslease: stable
spec:
containers:
- name: filebeat
image: ikubernetes/filebeat:5.6.5-alpine
env:
- name: REDIS_HOST
value: redis.default.svc.cluster.local
- name: REDIS_LOG_LEVEL
value: info
Service
相关概念
-
工作模式:
- userspace: 1.1-
- iptables: 1.10-
- ipvs: 1.11+
-
类型:ExternamName:集群内部访问集群外部的服务;ClusterIp:集群内部使用; NodePort:节点端口,集群外部访问; LoadBlance:用虚拟机的负载均衡
- NodePort:client -> Node IP:NodePort -> ClusterIp:ClusterPort -> PodIP:containerPort
-
资源记录:SVC_NAME.NS_NAME.DOMAIN.LTD. redis.default.svc.cluster.local.
配置清单
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
selector: # 只支持一种标签选择器
app: redis
role: logstor
type: NodePort
port:
- port: # 对外容器的端口
targetPort: # 容器的端口
nodePort: #节点暴露的端口
protocol: #协议 TCP
sessionAffinity: # ClientIp:同一个客户端只会访问统一节点,None则会多个节点都会请求到
ClusterIp: # 可以指定IP,若为None,则为无头Service,会直接绑定到Pod的IP上
存储卷
存储卷分类
- 网络存储
- SAN: ISCSI
- NAS: nfs, cifs
- 分布式存储:glusterfs, rbg, cephfs
- 云存储: EBS, Azure Disk
常用存储卷
- emptyDir:生命周期同Pod生命周期
- gitRepo:从远程仓库拉到本地的emptyDir存储卷中
- hostPath:宿主机的文件路径
- nfs:nfs的存储卷
- pvc:pv的声明,是pod和pv的桥梁,开发人员只需定义pvc即可,而由k8s配置工程师配置pv
hostpath配置清单
apiVersion: v1
kind: Pod
metadata:
name: pod-vol-hostpath
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/
volumes:
- name: html
hostPath:
path: /data/pod/volume1
type: DirectoryOrCreate
nfs配置清单
apiVersion: v1
kind: Pod
metadata:
name: pod-vol-nfs
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/
volumes:
- name: html
nfs:
path: /data/volumes # Nfs服务器挂载路径
server: stor01.sean.com # Nfs地址
pv/pvc配置清单
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv001
labels:
name: pv001
spec:
nfs:
path: /data/volumes/v1 # Nfs服务器挂载路径
server: stor01.sean.com # Nfs地址
accessModes: ["ReadWriteMony","ReadWriteOnce","ReadOnlyMany"]
capacity:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv002
labels:
name: pv002
spec:
nfs:
path: /data/volumes/v2 # Nfs服务器挂载路径
server: stor01.sean.com # Nfs地址
accessModes: ["ReadWriteMony","ReadOnlyMany"]
capacity:
storage: 5Gi
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mypvc
namespace: default
spec:
accessModes: ["ReadWriteMony"]
resources:
requests:
storage: 3Gi
---
apiVersion: v1
kind: Pod
metadata:
name: pod-vol-hostpath
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/
volumes:
- name: html
PersistentVolumeClaim:
cliamName: mypvc
ConfigMap
应用方式
- 配置容器化应用的方式
- 自定义命令行参数 args:[]
- 把配置文件直接放进镜像中
- 环境变量
- Cloud Native的应用程序一般可通过环境变量加载配置;
- 通过entrypoint脚本来预处理变量为配置文件中的配置信息
- Cloud Native的应用程序一般可通过环境变量加载配置;
- 存储卷
环境变量的配置清单(只在Pod启动时有效,不会重载)
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
env:
- name: NGINX_SERVER_PORT
valueFrom:
configMapKeyRef:
name: nginx-confg
key: nginx_port
- name: NGINX_SERVER_NAME
valueFrom:
configMapKeyRef:
name: nginx-confg
key: nginx_name
文件内容的ConfgMap配置清单(会重载)
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-2
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/config.d/
readOnly: true # 容器不能修改其内容
volumes:
- name: nginxconf
configMap:
name: nginx-config
Screat
配置清单
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: defalut
spec:
containers:
- name: myapp
image: ikuburntes/myapp:v1
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root-password
key: password
7698
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
