存储
- configMap 存储配置信息
- Secret 秘钥信息
- volume 共享存储卷 nfs
- Persistent Volume 持久卷
configMap
- 提供想容器中注入配置信息的机制
- kubectl create configmap game-config --from-file=/tmp/configmap/kubectl
- kubectl get cm game-config -o yaml
ls /tmp/configmap/kubectl/
game.properties文件
enemies=aliens
secret.code.allowed=true
ui.properties文件
color.bad=yellow
服务网格 分布式 istio
ingress
- 解决传统的4层代理,实现七层代理
- ingress 先绑定域名,房问nginx,会反向代理,访问后端的svc
- ?nginx以何种形式和后端service连接的:nginx常见的部署方案是NodePort的方式
- nginx 配置文件添加 proxy_pass 配置,只是通过ingress 通过自动添加的形式
- ingress原理流程 :
- pod 协程通过 informer模式监听 资源变化
- 写入updatechannel, NginxController读取更新事件
- 向队列syncQueue追加同步任务
- 定去拉取队列任务是否需要 reload
- 需要重写配置文件 nginx-sreload
- 不需要 ,或重载后 想Lua Server post数据
- 以nginx模块运行的Lua Server
- wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
- kubectl get svc -n ingress-nginx
- kubectl get pod -n ingress-nginx
- kubectl exec nginx-ingress-xxx-xxx-xx -it – /bin/bash
- cat /etc/nginx/nginx.conf
ingress-nginx.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: nginx-svc # ingress 链接 svc的名称
servicePort: 80
service 代理
- userspace 通过kube-proxy 压力较大,服务更新端口维护
- iptables 通过防火墙 直接调度
- ipvs 不经过kube-proxy 管理端点的绑定信息
* rr轮训
* lc最小连接数
* dh目标哈希
* sed最短期望延迟
* nq不排队调度
round-robin DNS 不用是因为存在缓存
*ipvsadm -L - ClusterIP 使用iptables 或 lvs
- svc创建过程
- 1、通过kubectl 向apiserver 发送创建service命令,接收到请求后将数据存储在etcd
- 2、节点kube-proxy进程负责感知service,pod的变化,并将信息写入本地的iptables规则中
- 3、iptables、ipvs 使用NAT转换将virtualIP流量转至endpoint中
myapp-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: myapp
release: stabel
template:
metadata:
labels: # 标签3个值
app: myapp
release: stabel
env: test
spec:
containers:
- name: myapp
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
kubectl apply -f myapp-deployment.yaml
myapp-service.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
type: ClusterIP # svc类型
selector:
app: myapp # 标签选择deployment中定义的labels标签
release: stabel # 标签选择deployment中定义的labels标签
ports:
- name: http
port: 80
targetPort: 80
kubectl apply -f myapp-service.yaml
- kubectl get svc
- curl clustip:80 访问不通,原因标签字段不一致所以匹配不到
- kubectl delete -f myapp-service.yaml 删除
- Headless Service apec.clusterIP: “None” # 不需要负载均衡对 StatefulSet的支持
- svc 创建后会写入coredns中
- kubectl get pod -n kube-system -o wide
- 获取codednsip
- dig -t A myapp-deployment.default.svc.cluster.local. @10.244.0.21 #无头服务
NodePort
- spec.type: NodePort
- ipvsadm -Ln | grep ip
还有一个域名别名操作
ExternalName - spec.type: ExternalName
- spec.ExternalName: xx.xx.com
kubeadm join 集群
- kubeadmin join xxx:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxxxxx
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster…
[preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
[kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
[kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap…
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher
service svc
- 只提供四层负载能力 基于ip地址和端口转发,没有7层负载功能
- 可以添加ingress 实现7层功能
- 基于标签 如 app=nginx 负载
- service 类型
- ClusterIp 默认类型,cluster内部可访问
- NodePort 在clusterip基础上在每天node上暴露对应端口 ,nginx 可以负载多个node 对应port负载均衡
- LoadBalancer 云供应商的负载均衡器
- ExternalName 集群外部服务引入到内部直接使用
CronJob
- 定期创建job
- spec.template
- RestartPolicy Never 永不重启,OnFailure失败后重启
- spec.completions job运行成功运行的pod默认为1
- spec.parallelism 并行pod数1
- spec.activeDeadlineSeconds 失败pod 重试最大时间
- spec.startingDeadlineSeconds 可选,错过执行时间的job
- spec.concurrencyPolicy 并发策略 任务未运行中是否允许并发
- allow 允许并发job
- Forbid 禁止并发
- Replace 取消当前,重新执行
- spec.suspend 挂起,后续任务挂起
- spec.successfulJobHistoryLimit failedJobsHistoryLimit 成功或失败最多保留副本数
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date; echo Hello from thi kubernetes cluster
restartPolicy: OnFailure
yaml常见报错 error validating data: ValidationError(CronJob.spec.jobTemplate.spec.template.spec): unknown field
- kubectl get cronjob -w
- kubectl get job
- kubectl logs podname 查看日志
job
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
template:
metadata:
name: pi # job名称 pod名称前缀
spec:
containers:
- name: pi # 容器名称
image: perl
command: ["perl","-Mbignum=bpi","-wle","print bpi(2000)"] # 圆周率小数点计算后2000位
restartPolicy: Never # 用不重启
- kubectl create -f job.yaml
- kubectl get job -w
- kubectl get pod -w 实时查看
completions 完成数目
NAME COMPLETIONS DURATION AGE
pi 1/1 27s 2m37s
- kubectl describe pod pi-6bsxh
DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: daemonset-example
labels:
app: daemonset
spec:
selector:
matchLabels:
name: deamonset-example
template:
metadata:
labels:
name: deamonset-example
spec:
containers:
- name: daemonset-example
image: nginx:latest
deployment 回退
当修改.spec.template 中的label 和 容器镜像是会创建一个新的revision,扩容修改副本数不会创建
- kubectl rollout status deployment/nginx-deployment
- kubectl rollout history deployment/nginx-deployment
- kubectl rollout undo deployment/nginx-deployment
- kubectl rollout undo deployment/nginx-deployment --to-revision=1
- kubectl rollout undo deployment/nginx-deployment --to-revision=2
- kubectl rollout pause deployment/nginx-deployment 暂停更新
- 判断是否成功 kubectl rollout status deploy/nginx && echo$? 是否为0来判断
- 保留的历史版本上线.spec.revisonHistoryLimit 如果为0表示不允许回退
滚动发布
- kubectl set image deployment/nginx-deployment nginx=nginx:1.9.1
- deployment下得nginx-deployment
- Rollover(多rolout)创建副本数未到指定期望值,回滚版本,会立刻杀死在建副本,重新部署
扩容
- kubectl scale deployment nginx-deployment --replicas 10
- 集群支持hpa,自动扩容
- kubectl autoscale deployment nginx-deployment --min=10 --max=15 --cpu-percent=80
nginx
- kebectl apply -f nginx-deployment.yaml --record
record 在执行过程中的记录 - kubectl get deployment
- kubectl get pod -o wide 查看ip node节点信息
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
label管理
kubectl get pod --show-labels
kubectl label pod podname tier=frontend1 --overwrite=True
手动修改pod 标签,rs检测副本不符合,需额外修改
mainc start stop
spec:
containers:
- name:
image:nginx
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","echo hi > /usr/share/message"]
postStop:
exec:
command: ["/usr/sbin/nginx","-s","quit"]
kubectl get pod
status 状态
pod phase 状态值
- 挂起 Pending 下载镜像
- 运行中 Running pod 至少有一个容器正在创建或处于重启
- 成功 Succeeded 所有容器成功终止,不会再重启 常出现在job createjob中
- 失败 Failed 容器以非0状态退出
- 未知 Unknown 无法获取pod状态与host同事失败
pod 分类
- 自主是pod
- 控制器管理的pod
控制器的类型 - replication controller 控制副本数量
- replicaset 多出一个标签
- Deployment 声明式定义 apply 定义rs 滚动升级、扩缩容 控制rs的副本数量和版本,rs-old -》rs-new
- DaemonSet
- job 运行脚本非0退出,重试机制几次、CronJob在特定时间创建job *****分时日月周
- StatefulSet 持久化存储方案 pvc mysql,有序部署、有序扩展 基于 init containers 不会对pod镜像发生改变,有序收缩,有序删除创建0 - n-1 删除 n-1 - 0
RS 创建
kubectl explain rs
ReplicaSet
apiVersion: extensions/v1beta1
kind:ReplicaSet
metadata:
name: frontend
spec:
replicas: 3
selector:
matchLabels:
tier: frontend
template:
metadata:
labels:
tier: frontend
spec:
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
env:
- name: GET_HOSTS_FROM
value: dns
ports:
- containerPort: 80