- Kubernetes学习笔记_尚硅谷 - 一代肝帝 - 博客园
- k8s的作用
- 充分利用集群服务器资源,节省成本
- 便于管理大规模的容器,方便部署,方便伸缩,集群服务高可用,无感知部署更新
- 架构图
- Pod控制器类型
- ReplicationController & ReplicaSet & Deployment 新版本的kubernetes用ReplicaSet取代 ReplicationController,用来确保容器应用的副本数,当容器异常退出会新建Pod来替代,如果异常新增的也会自动回收,虽然ReplicaSet可独立使用,但一般建议用Deployment来自动管理,Deployment可以支持回滚更新)
- HPA(Horizontal Pod Autoscaler)
- StatefulSet (解决有状态服务的问题,如mysql,mongodb)
- DaemonSet
- Job CronJob
- ReplicationController & ReplicaSet & Deployment 新版本的kubernetes用ReplicaSet取代 ReplicationController,用来确保容器应用的副本数,当容器异常退出会新建Pod来替代,如果异常新增的也会自动回收,虽然ReplicaSet可独立使用,但一般建议用Deployment来自动管理,Deployment可以支持回滚更新)
- 服务发现
- kubectl命令
// 获取节点 kubectl get node // 创建资源 kubectl apply -f xxx.yml // 第二次创建不会报错 kubectl create -f xxx.yml // 第二次创建会报错 kubectl create -f xxx.yml --record // 会生成历史记录 // 获取deployment kubectl get deployment kubectl get deployment --show-labels // 额外获取标签 // deployment扩容或收缩 kubectl scale deployment nginx-deployment --replicas 10 // 运行deployment,未来将被移除,请使用kubectl create/apply创建 kubectl run nginx-deployment --image=wangyanglinux/myapp:v1 --port=80 --replicas=1 kubectl scale --replicas=3 deployment/nginx-deployment // 扩展deployment的pod副本数 // deployment更新pod的镜像 kubectl set image deployment/nginx-deployment nginx=wangyanglinux/myapp:v2 // deployment回滚 kubectl rollout undo deployment/nginx-deployment kubectl rollout undo deployment/nginx-deployment --to-revision=1 // 指定回滚版本,版本号为历史序号 kubectl rollout status deployments nginx-deployment // 查询deployment回滚状态 kubectl rollout history deployment/nginx-deployment // 查询deployment回滚历史,但必须在创建deployment时加上--record // 删除deployment kubectl delete deployment --all // 获取rs kubectl get rs // 删除rs kubectl delete rs --all // 获取job kubectl get job // pod的配置字段说明 kubectl explain pod kubectl explain pod.apiVersion // 获取pod kubectl get pod kubectl get pod -o wide // 更详细信息 kubectl get pod -w // 实时获取pod状态 kubectl get pod --show-labels // 额外获取标签 kubectl get pod -n kube-system -o wide // -n kube-system 名称空间,不加默认default,kubernetes的系统组件默认安装kube-system名称空间下 // 查看pod创建时,运行时的具体信息,比如正在下载镜像 kubectl describe pod myapp-pod // 查看pod里的容器日志(如果pod里只有一个容器,不需要-c指定) kubectl log myapp-pod -c test // 删除pod kubectl delete pod myapp-pod // 删除单个pod kubectl delete pod --all // 删除所有pod // 执行pod里的容器命令 kubectl exec readiness-httpget-pod -it -- /bin/sh //如果pod里只有一个容器,也可以不指定容器 kubectl exec readiness-httpget-pod -c readiness-httpgentainer -it -/sh- /bin/sh // 强制修改控制器中pod的标签名 kubectl label pod frontend-c9blc tier=frontend1 --overwrite=True // 获取svc kubectl get svc kubectl get svc -n ingress-nginx // 删除svc kubectl delete svc nginx-deployment // 查看负载均衡 ipvsadm -Ln // 创建configmap kubectl create configmap game-config --from-file=/root/configMap // 获取configmap kubectl get cm kubectl get cm game-config // 加上configmap名称 // 查询configmap键值对等信息 kubectl get cm game-config -o yaml kubectl describe cm game-config // 查看secret kubectl get secret
-
配置常用字段
-
必须存在的属性
-
主要对象
-
额外的参数项
-
-
- pod生命周期
- init 模板
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:v1 imagePullPolicy: Never command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:v1 imagePullPolicy: Never command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - name: init-mydb image: busybox:v1 imagePullPolicy: Never command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
- 容器探针
- 因为initC检测服务是否可用并不代表主程序能连上服务,所以最好在主容器内进行探测
- 探测方式
- 就绪检测
apiVersion: v1 kind: Pod metadata: name: readiness-httpget-pod namespace: default spec: containers: - name: readiness-httpget-container image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent readinessProbe: httpGet: port: 80 path: /index1.html initialDelaySeconds: 1 periodSeconds: 3
-
存活检测
-
ExecAction
apiVersion: v1 kind: Pod metadata: name: liveness-exec-pod namespace: default spec: containers: - name: liveness-exec-container image: busybox:v1 imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","touch /tmp/live ; sleep 60; rm -rf /tmp/live; sleep 3600"] livenessProbe: exec: command: ["test","-e","/tmp/live"] initialDelaySeconds: 1 periodSeconds: 3
-
TCPSocketAction
apiVersion: v1 kind: Pod metadata: name: probe-tcp spec: containers: - name: nginx image: wangyanglinux/myapp:v1 livenessProbe: initialDelaySeconds: 5 timeoutSeconds: 1 tcpSocket: port: 8080
-
HTTPGetAction
apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness-httpget-container image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http path: /index.html initialDelaySeconds: 1 periodSeconds: 3 timeoutSeconds: 10
-
-
就绪检测和存活检测共同设置
apiVersion: v1 kind: Pod metadata: name: readiness-liveness-probe spec: containers: - name: nginx image: wangyanglinux/myapp:v1 readinessProbe: httpGet: port: 80 path: /index1.html initialDelaySeconds: 1 periodSeconds: 3 livenessProbe: httpGet: port: 80 path: /index.html initialDelaySeconds: 5 timeoutSeconds: 1 tcpSocket: port: 80 periodSeconds: 3
-
启动退出动作
apiVersion: v1 kind: Pod metadata: name: lifecycle-demo spec: containers: - name: lifecycle-demo-container image: wangyanglinux/myapp:v1 lifecycle: postStart: exec: command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] preStop: exec: command: ["/bin/sh", "-c", "echo Hello from the poststop handler > /usr/share/message"]
- 控制器
- ReplicationController & ReplicaSet & Deployment(应用程序)
- pod的分类
- Deployment(建议使用替代rc,功能更多)
- Deployment滚动升级和回滚应用
- Deployment控制创建Pod和ResplicaSet
- 当滚动升级时,Deployment控制创建新的ResplicaSet,并将旧的ResplicaSet的Pod按减一个加一个的方式移动到新的ResplicaSet下
- 当回滚应用时,将旧的ResplicaSet启动,Pod按减一个加一个的方式移动回ResplicaSet下
- Deployment更新策略
- Rollover
- Deployment资源清单模板
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: wangyanglinux/myapp:v1 ports: - containerPort: 80
- Deployment滚动升级和回滚应用
- Deployment(建议使用替代rc,功能更多)
- pod的分类
- DaemonSet(守护进程)
apiVersion: apps/v1 kind: DaemonSet metadata: name: deamonset-example labels: app: daemonset spec: selector: matchLabels: name: deamonset-example template: metadata: labels: name: deamonset-example spec: containers: - name: daemonset-example image: wangyanglinux/myapp:v1
- Job & CronJob(批处理)
- Job
- 特殊说明
apiVersion: batch/v1 kind: Job metadata: name: pi spec: template: metadata: name: pi spec: containers: - name: pi image: perl imagePullPolicy: IfNotPresent command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] restartPolicy: Never
- 特殊说明
- CronJob
-
CronJob Spec
apiVersion: batch/v1beta1 kind: CronJob metadata: name: hello spec: schedule: "*/1 * * * *" jobTemplate: spec: template: spec: containers: - name: hello image: busybox:v1 imagePullPolicy: Never args: - /bin/sh - -c - date; echo Hello from the Kubernetes cluster restartPolicy: OnFailure
-
- Job
- StatefulSet
-
mysql在k8s支持的不太好,但mongodb却完美支持
-
-
Horizontal Pod Autoscaler(HPA,自动扩展)
控制诸如deployment,rs这些控制器
- ReplicationController & ReplicaSet & Deployment(应用程序)
- Service
-
svc原理图
-
Service的类型
-
ClusterIp
-
创建类型为ClusterIp的svc
apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: type: ClusterIP selector: app: myapp release: stabel ports: - name: http port: 80 targetPort: 80
-
创建有三个副本的deployment
apiVersion: apps/v1 kind: Deployment metadata: name: myapp-deploy namespace: default spec: replicas: 3 selector: matchLabels: app: myapp release: stabel template: metadata: labels: app: myapp release: stabel env: test spec: containers: - name: myapp image: wangyanglinux/myapp:v2 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80
-
-
NodePort(每个node都开放端口给外部访问)
-
创建类型为NodePort的svc
apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: type: NodePort selector: app: myapp release: stabel ports: - name: http port: 80 targetPort: 80
-
-
-
Ingress Service
-
Ingress Nginx流程图
-
Ingress Nginx安装
-
下载mandatory.yaml后安装,kuatbectl apply -f mandory.yaml(资源清单中的镜像提前打包加载,避免网络原因导致创建不成功),参考:Ingress-nginx安装部署_weixin_41083358的博客-CSDN博客_ingress-nginx 安装
-
创建NodePort类型的svc,支持http和https,因为是要在指定的命名空间,查询需在后面加上-n ingress-nginx,服务启动后会去找ingress类型的匹配规则
apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP - name: https port: 443 targetPort: 443 protocol: TCP selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
-
创建http服务
-
创建deployment,svc和ingress,ingress主要用于配置域名(这里创建两个服务,通过不同域名访问http)
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: deployment1 spec: replicas: 2 template: metadata: labels: name: nginx1 spec: containers: - name: nginx image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: svc-1 spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx1 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress1 spec: rules: - host: www1.atguigu.com http: paths: - path: / backend: serviceName: svc-1 servicePort: 80
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: deployment2 spec: replicas: 2 template: metadata: labels: name: nginx2 spec: containers: - name: nginx image: wangyanglinux/myapp:v2 imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: svc-2 spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx2 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress2 spec: rules: - host: www2.atguigu.com http: paths: - path: / backend: serviceName: svc-2 servicePort: 80
-
在外网机器配置host后访问,查询ingress映射的端口 kubectl get svc -n ingress-nginx,使用http在外网机器访问
-
- 创建https
- 创建https证书
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc" kubectl create secret tls tls-secret --key tls.key --cert tls.crt
-
创建deployment,svc和ingress
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: deployment3 spec: replicas: 2 template: metadata: labels: name: nginx3 spec: containers: - name: nginx image: wangyanglinux/myapp:v2 imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: svc-3 spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx3 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: https spec: tls: - hosts: - www3.atguigu.com secretName: tls-secret rules: - host: www3.atguigu.com http: paths: - path: / backend: serviceName: svc-3 servicePort: 80
-
在外网机器配置host后访问,查询ingress映射的端口 kubectl get svc -n ingress-nginx,使用https在外网机器访问
- 创建https证书
-
-
-
-
存储
-
configmap
-
使用目录创建
$ cat docs/user-guide/configmap/kubectl/game.properties enemies=aliens lives=3 enemies.cheat=true enemies.cheat.level=noGoodRotten secret.code.passphrase=UUDDLRLRBABAS secret.code.allowed=true secret.code.lives=30 $ cat docs/user-guide/configmap/kubectl/ui.properties color.good=purple color.bad=yellow allow.textmode=true how.nice.to.look=fairlyNice
-
使用文件创建
kubectl create configmap game-config-2 --from-file=docs/user- guide/configmap/kubectl/game.properties
-
使用字面值创建
kubectl create configmap special-config --from-literal=special.how=very --from- literal=special.type=charm
-
使用资源清单创建
apiVersion: v1 kind: ConfigMap metadata: name: env-config namespace: default data: log_level: INFO
-
将配置注入pod
apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent command: [ "/bin/sh", "-c", "env" ] env: - name: SPECIAL_LEVEL_KEY valueFrom: configMapKeyRef: name: special-config key: special.how - name: SPECIAL_TYPE_KEY valueFrom: configMapKeyRef: name: special-config key: special.type envFrom: - configMapRef: name: env-config restartPolicy: Never
-
设置命令行参数
apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ] env: - name: SPECIAL_LEVEL_KEY valueFrom: configMapKeyRef: name: special-config key: special.how - name: SPECIAL_TYPE_KEY valueFrom: configMapKeyRef: name: special-config key: special.type envFrom: - configMapRef: name: env-config restartPolicy: Never
-
通过数据卷插件使用ConfigMap(在数据卷里面使用这个 ConfigMap,有不同的选项。最基本的就是将文件填入数据卷,在这个文件中,键就是文
件名,键值就是文件内容)apiVersion: v1 kind: Pod metadata: name: dapi-test-pod-1 spec: containers: - name: test-container image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent command: [ "/bin/sh", "-c", "sleep 600s" ] volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: special-config restartPolicy: Never
-
configMap的热更新
apiVersion: v1 kind: ConfigMap metadata: name: log-config namespace: default data: log_level: INFO --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: my-nginx spec: replicas: 1 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 80 volumeMounts: - name: config-volume mountPath: /etc/config volumes: - name: config-volume configMap: name: log-config
-
校验
kubectl exec my-nginx-c484b98b4-24zpj -it -- cat /etc/config/log_level
-
热更新
kubectl edit configmap log-config # 将INFO改为DEBUG,再运行输出结果是否已更新
-
-
-
Secret
-
Secret的类型
-
Service Account
$ kubectl run nginx --image nginx deployment "nginx" created $ kubectl get pods NAME READY STATUS RESTARTS AGE nginx-3137573019-md1u2 1/1 Running 0 13s $ kubectl exec nginx-3137573019-md1u2 ls /run/secrets/kubernetes.io/serviceaccount ca.crt namespace token
-
Opaque Secret
$ echo -n "admin" | base64 YWRtaW4= $ echo -n "1f2d1e2e67df" | base64 MWYyZDFlMmU2N2Rm
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: MWYyZDFlMmU2N2Rm username: YWRtaW4=
-
将 Secret 挂载到 Volume 中(自己完成解密)
apiVersion: v1 kind: Pod metadata: labels: name: seret-test name: seret-test spec: volumes: - name: secrets secret: secretName: mysecret containers: - image: wangyanglinux/myapp:v1 name: db imagePullPolicy: IfNotPresent volumeMounts: - name: secrets mountPath: "/etc/secrets" readOnly: true
-
将 Secret 导出到环境变量中
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: pod-deployment spec: replicas: 2 template: metadata: labels: app: pod-deployment spec: containers: - name: pod-1 image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 80 env: - name: TEST_USER valueFrom: secretKeyRef: name: mysecret key: username - name: TEST_PASSWORD valueFrom: secretKeyRef: name: mysecret key: password
$ kubectl exec -it pod-deployment-747f78bc67-7m7ps -- /bin/sh $ echo $TEST_USER $ echo $TEST_PASSWORD
-
-
Volume
-
背景
-
卷的类型
-
EmptyDir
apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: - image: wangyanglinux/myapp:v1 name: test-container imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /cache name: cache-volume - image: busybox:v1 name: liveness-exec-container command: ["/bin/sh", "-c", "sleep 6000s"] imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /test name: cache-volume volumes: - name: cache-volume emptyDir: {}
创建pod,里面有两个容器,分别往容器空卷挂载的目录写入内容,都会相互共享覆盖
-
hostpath
apiVersion: v1 kind: Pod metadata: name: test-pd spec: containers: - image: wangyanglinux/myapp:v1 name: test-container imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /test-pd name: test-volume volumes: - name: test-volume hostPath: # directory location on host path: /data # this field is optional type: Directory
-
-
-
Volume Persistent - PVC
-
创建四个pv
apiVersion: v1 kind: PersistentVolume metadata: name: nfspv1 spec: capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /nfsdata server: 192.168.66.100 --- apiVersion: v1 kind: PersistentVolume metadata: name: nfspv2 spec: capacity: storage: 2Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /nfsdata1 server: 192.168.66.100 --- apiVersion: v1 kind: PersistentVolume metadata: name: nfspv3 spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: slow nfs: path: /nfsdata2 server: 192.168.66.100 --- apiVersion: v1 kind: PersistentVolume metadata: name: nfspv4 spec: capacity: storage: 2Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /nfsdata3 server: 192.168.66.100
-
创建3个副本的StatefulSet,挂载到上面已创建的pv上
apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx --- apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: selector: matchLabels: app: nginx serviceName: "nginx" replicas: 3 template: metadata: labels: app: nginx spec: containers: - name: nginx image: wangyanglinux/myapp:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /usr/share/nginx/html volumeClaimTemplates: - metadata: name: www spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "nfs" resources: requests: storage: 1Gi
-
-
kubernetes笔记
于 2022-01-07 22:59:35 首次发布