从0到1掌握Kubernetes:Fast-Kubernetes实战指南
项目地址: https://gitcode.com/gh_mirrors/fa/Fast-Kubernetes 引言:为什么选择Fast-Kubernetes?
你是否还在为Kubernetes的复杂概念和繁多配置而头疼?面对Pod、Deployment、Service等数十个核心组件感到无从下手?Fast-Kubernetes项目通过15+实战场景和80+可直接运行的配置文件,让你在7天内从Kubernetes新手蜕变为实战专家。本文将带你系统掌握容器编排核心技术,解决"学了不用就忘"的痛点,真正做到边学边练、即学即用。
读完本文你将获得:
- 一套完整的Kubernetes学习路径图
- 10+核心组件的实战配置模板
- 5类存储方案的部署指南
- 3种监控方案的实施步骤
- 企业级应用部署的最佳实践
一、Kubernetes核心概念速览
1.1 容器编排与Kubernetes定位
Kubernetes(简称K8s)是一个开源的容器编排平台,旨在自动化部署、扩展和管理容器化应用程序。它解决了容器化应用在生产环境中面临的服务发现、负载均衡、自愈能力、配置管理等关键挑战。
1.2 核心架构组件
Kubernetes集群由两种主要类型的资源组成:
二、环境准备与快速入门
2.1 本地开发环境搭建
推荐使用Minikube快速搭建单节点K8s集群:
# 安装Minikube(Linux示例)
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
# 启动集群
minikube start --driver=docker --kubernetes-version=v1.32.0
# 验证集群状态
kubectl get nodes
2.2 项目克隆与目录结构
git clone https://gitcode.com/gh_mirrors/fa/Fast-Kubernetes
cd Fast-Kubernetes
项目核心目录结构:
Fast-Kubernetes/
├── labs/ # 实验配置文件
│ ├── deployment/ # 部署配置
│ ├── service/ # 服务配置
│ ├── persistentvolume/ # 存储配置
│ └── ...
├── K8s-*.md # 各类组件实验文档
└── KubernetesCommandCheatSheet.md # 命令速查
三、核心组件实战指南
3.1 Deployment:无状态应用管理
Deployment提供声明式更新能力,是管理无状态应用的推荐方式:
基础部署配置(labs/deployment/deployment1.yaml):
apiVersion: apps/v1
kind: Deployment
metadata:
name: firstdeployment
labels:
team: development
spec:
replicas: 3
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
关键操作命令:
# 创建部署
kubectl apply -f labs/deployment/deployment1.yaml
# 查看部署状态
kubectl get deployments
kubectl get pods -o wide
# 扩缩容
kubectl scale deployment firstdeployment --replicas=5
# 更新镜像
kubectl set image deployment firstdeployment nginx=nginx:1.23
# 回滚版本
kubectl rollout undo deployment firstdeployment
Deployment vs ReplicaSet vs Pod关系:
| 资源类型 | 作用 | 特点 |
|---|---|---|
| Pod | 最小部署单元 | 短暂生命周期,直接创建不具备自愈能力 |
| ReplicaSet | 维持Pod数量 | 确保指定数量的Pod副本运行,无版本管理 |
| Deployment | 管理ReplicaSet | 支持滚动更新、版本回滚,声明式配置 |
3.2 Service:服务发现与负载均衡
Service为Pod提供稳定访问端点,实现Pod的动态发现和负载均衡:
三种核心服务类型:
-
ClusterIP:集群内部访问(默认)
apiVersion: v1 kind: Service metadata: name: backend spec: type: ClusterIP selector: app: backend ports: - protocol: TCP port: 5000 targetPort: 5000 -
NodePort:外部访问(节点端口)
apiVersion: v1 kind: Service metadata: name: frontend spec: type: NodePort selector: app: frontend ports: - protocol: TCP port: 80 targetPort: 80 nodePort: 30080 -
LoadBalancer:云环境负载均衡
apiVersion: v1 kind: Service metadata: name: frontendlb spec: type: LoadBalancer selector: app: frontend ports: - protocol: TCP port: 80 targetPort: 80
服务发现验证:
# 创建服务
kubectl apply -f labs/service/backend_clusterip.yaml
# 查看服务
kubectl get services
# 从集群内部测试访问
kubectl exec -it <frontend-pod-name> -- curl backend:5000
3.3 ConfigMap与Secret:配置管理
ConfigMap:存储非敏感配置数据
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
app.properties: |
environment=production
log_level=info
max_connections=100
ui.properties: |
color.background=blue
color.foreground=white
Secret:存储敏感信息(自动Base64编码)
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
data:
db_username: YWRtaW4= # base64编码的"admin"
db_password: UEBzc3cwcmQh # base64编码的"P@ssw0rd!"
使用方式对比:
| 注入方式 | ConfigMap | Secret |
|---|---|---|
| 环境变量 | env.valueFrom.configMapKeyRef | env.valueFrom.secretKeyRef |
| 卷挂载 | volume.configMap | volume.secret |
| 访问权限 | 明文访问 | 权限更严格,文件权限0400 |
实战示例:
apiVersion: v1
kind: Pod
metadata:
name: config-demo-pod
spec:
containers:
- name: demo
image: nginx
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: app-secrets
key: db_username
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: app-config
3.4 持久化存储:PV与PVC
Kubernetes存储架构采用PV(PersistentVolume) 和PVC(PersistentVolumeClaim) 分离存储供应和使用:
1. 创建PV(labs/persistentvolume/pv.yaml):
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysqlpv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
path: /data
server: 192.168.1.100
2. 创建PVC:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysqlclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
app: mysql
3. 在Pod中使用:
apiVersion: v1
kind: Pod
metadata:
name: mysql-pod
spec:
containers:
- name: mysql
image: mysql:5.7
volumeMounts:
- name: mysql-data
mountPath: /var/lib/mysql
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: mysqlclaim
存储状态查看:
kubectl get pv
kubectl get pvc
kubectl describe pvc mysqlclaim
四、高级编排特性
4.1 StatefulSet:有状态应用管理
StatefulSet用于管理有状态应用,确保稳定的网络标识和持久的存储:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
StatefulSet vs Deployment:
4.2 DaemonSet:节点守护进程
DaemonSet确保所有(或指定)节点运行相同的Pod,适用于日志收集、监控代理等场景:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
spec:
selector:
matchLabels:
name: fluentd-elasticsearch
template:
metadata:
labels:
name: fluentd-elasticsearch
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
volumeMounts:
- name: varlog
mountPath: /var/log
volumes:
- name: varlog
hostPath:
path: /var/log
关键特性:
- 自动在新节点加入时部署Pod
- 支持节点亲和性和污点容忍
- 删除DaemonSet会级联删除所有Pod
4.3 高级调度:亲和性与污点容忍
节点亲和性示例:
apiVersion: v1
kind: Pod
metadata:
name: with-node-affinity
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: zone
operator: In
values:
- us-west
containers:
- name: nginx
image: nginx
污点(Taint)与容忍(Toleration):
# 为节点添加污点
kubectl taint nodes node1 key=value:NoSchedule
# 在Pod中添加容忍
kubectl apply -f labs/tainttoleration/podtoleration.yaml
五、监控与运维
5.1 Prometheus与Grafana部署
使用Helm快速部署监控栈:
# 添加Helm仓库
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# 安装kube-prometheus-stack
helm install prometheus prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace
访问Grafana:
# 端口转发
kubectl port-forward deployment/prometheus-grafana 3000:80 -n monitoring
# 默认凭据
用户名: admin
密码: prom-operator
关键监控面板:
- Node Exporter: 节点资源监控
- Kubernetes Deployment: 部署状态监控
- Prometheus Stats: 监控系统自身状态
5.2 集群维护实用命令
日常运维命令速查:
# 集群健康检查
kubectl get --raw='/healthz?verbose'
# 获取节点详细信息
kubectl describe node <node-name>
# 查看资源使用情况
kubectl top nodes
kubectl top pods
# 事件监控
kubectl get events --sort-by='.lastTimestamp'
# 排查Pod问题
kubectl logs <pod-name> -f
kubectl exec -it <pod-name> -- /bin/bash
kubectl describe pod <pod-name>
六、项目实战:多组件应用部署
6.1 微服务架构部署示例
以下是一个完整的多层应用部署示例,包含前端、后端和数据库:
# 1. 数据库部署 (MySQL)
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
spec:
serviceName: mysql
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
ports:
- containerPort: 3306
volumeMounts:
- name: data
mountPath: /var/lib/mysql
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
---
# 2. 后端API部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend-api
spec:
replicas: 3
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
containers:
- name: backend
image: my-backend:latest
ports:
- containerPort: 8080
env:
- name: DB_HOST
value: mysql-0.mysql
- name: DB_USER
valueFrom:
secretKeyRef:
name: mysql-secret
key: username
---
# 3. 前端部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: my-frontend:latest
ports:
- containerPort: 80
---
# 4. 服务定义
apiVersion: v1
kind: Service
metadata:
name: backend-service
spec:
selector:
app: backend
ports:
- port: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
type: NodePort
selector:
app: frontend
ports:
- port: 80
targetPort: 80
nodePort: 30080
6.2 部署流程与验证
# 1. 创建命名空间
kubectl create namespace app
# 2. 创建密钥
kubectl create secret generic mysql-secret --from-literal=username=root --from-literal=password=P@ssw0rd! -n app
# 3. 部署应用
kubectl apply -f app-deployment.yaml -n app
# 4. 验证部署
kubectl get pods -n app
kubectl get services -n app
# 5. 测试访问
curl http://<node-ip>:30080
七、总结与进阶路线
7.1 核心知识点回顾
本文涵盖了Kubernetes的核心组件和实战技巧,包括:
- 基础架构:控制平面与节点组件
- 核心资源:Pod、Deployment、Service、ConfigMap、Secret
- 存储管理:PV、PVC及动态供应
- 高级编排:StatefulSet、DaemonSet、Job
- 监控运维:Prometheus、Grafana部署与使用
7.2 进阶学习路线
-
深入Kubernetes内部
- 学习kubelet、kube-proxy工作原理
- 理解ServiceMesh(如Istio)
- 掌握CRD(自定义资源定义)开发
-
自动化与CI/CD
- 实现GitOps工作流(ArgoCD/Flux)
- 构建容器镜像最佳实践
- 多环境部署策略
-
生产环境准备
- 高可用集群部署
- 备份与恢复策略
- 安全加固(网络策略、RBAC)
7.3 项目资源与社区
- 项目仓库:https://gitcode.com/gh_mirrors/fa/Fast-Kubernetes
- 官方文档:https://kubernetes.io/docs/home/
- 中文社区:https://kubernetes.io/zh-cn/docs/home/
附录:常用命令速查
| 操作类型 | 命令示例 |
|---|---|
| 基本信息 | kubectl get pods, kubectl get services |
| 部署管理 | kubectl apply -f <file>, kubectl delete deployment <name> |
| 资源查看 | kubectl describe pod <name>, kubectl logs <pod> |
| 集群管理 | kubectl cluster-info, kubectl top nodes |
| 调试工具 | kubectl exec -it <pod> -- sh, kubectl port-forward <pod> 8080:80 |
点赞 + 收藏 + 关注,获取更多Kubernetes实战技巧!下期预告:《Kubernetes故障排查实战指南》。
创作声明:本文部分内容由AI辅助生成(AIGC),仅供参考
