kubenetes笔记

存储
  • configMap 存储配置信息
  • Secret 秘钥信息
  • volume 共享存储卷 nfs
  • Persistent Volume 持久卷
configMap
  • 提供想容器中注入配置信息的机制
  • kubectl create configmap game-config --from-file=/tmp/configmap/kubectl
  • kubectl get cm game-config -o yaml
    ls /tmp/configmap/kubectl/
game.properties文件
enemies=aliens
secret.code.allowed=true

ui.properties文件
color.bad=yellow
服务网格 分布式 istio
ingress
  • 解决传统的4层代理,实现七层代理
  • ingress 先绑定域名,房问nginx,会反向代理,访问后端的svc
  • ?nginx以何种形式和后端service连接的:nginx常见的部署方案是NodePort的方式
  • nginx 配置文件添加 proxy_pass 配置,只是通过ingress 通过自动添加的形式
  • ingress原理流程 :
    • pod 协程通过 informer模式监听 资源变化
    • 写入updatechannel, NginxController读取更新事件
    • 向队列syncQueue追加同步任务
    • 定去拉取队列任务是否需要 reload
    • 需要重写配置文件 nginx-sreload
    • 不需要 ,或重载后 想Lua Server post数据
    • 以nginx模块运行的Lua Server
  • wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
  • kubectl get svc -n ingress-nginx
  • kubectl get pod -n ingress-nginx
  • kubectl exec nginx-ingress-xxx-xxx-xx -it – /bin/bash
  • cat /etc/nginx/nginx.conf
    ingress-nginx.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            serviceName: nginx-svc # ingress 链接 svc的名称
            servicePort: 80
            
service 代理

p31

  • userspace 通过kube-proxy 压力较大,服务更新端口维护
  • iptables 通过防火墙 直接调度
  • ipvs 不经过kube-proxy 管理端点的绑定信息
    * rr轮训
    * lc最小连接数
    * dh目标哈希
    * sed最短期望延迟
    * nq不排队调度
    round-robin DNS 不用是因为存在缓存
    *ipvsadm -L
  • ClusterIP 使用iptables 或 lvs
  • svc创建过程
    • 1、通过kubectl 向apiserver 发送创建service命令,接收到请求后将数据存储在etcd
    • 2、节点kube-proxy进程负责感知service,pod的变化,并将信息写入本地的iptables规则中
    • 3、iptables、ipvs 使用NAT转换将virtualIP流量转至endpoint中
      myapp-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deployment
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: stabel
  template:
    metadata:
      labels: # 标签3个值
        app: myapp
        release: stabel
        env: test
    spec:
      containers:
      - name: myapp
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 80

kubectl apply -f myapp-deployment.yaml
myapp-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  type: ClusterIP # svc类型
  selector:
    app: myapp # 标签选择deployment中定义的labels标签
    release: stabel  # 标签选择deployment中定义的labels标签
  ports:
  - name: http
    port: 80
    targetPort: 80

kubectl apply -f myapp-service.yaml

  • kubectl get svc
  • curl clustip:80 访问不通,原因标签字段不一致所以匹配不到
  • kubectl delete -f myapp-service.yaml 删除
  • Headless Service apec.clusterIP: “None” # 不需要负载均衡对 StatefulSet的支持
  • svc 创建后会写入coredns中
  • kubectl get pod -n kube-system -o wide
  • 获取codednsip
  • dig -t A myapp-deployment.default.svc.cluster.local. @10.244.0.21 #无头服务
NodePort
  • spec.type: NodePort
  • ipvsadm -Ln | grep ip
    还有一个域名别名操作
    ExternalName
  • spec.type: ExternalName
  • spec.ExternalName: xx.xx.com
kubeadm join 集群
  • kubeadmin join xxx:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxxxxx
    [preflight] Running pre-flight checks
    [preflight] Reading configuration from the cluster…
    [preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -o yaml’
    [kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
    [kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”
    [kubelet-start] Starting the kubelet
    [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap…
    [kubelet-check] Initial timeout of 40s passed.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
    [kubelet-check] It seems like the kubelet isn’t running or healthy.
    [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.
    error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
    To see the stack trace of this error execute with --v=5 or higher
service svc
  • 只提供四层负载能力 基于ip地址和端口转发,没有7层负载功能
  • 可以添加ingress 实现7层功能
  • 基于标签 如 app=nginx 负载
  • service 类型
    • ClusterIp 默认类型,cluster内部可访问
    • NodePort 在clusterip基础上在每天node上暴露对应端口 ,nginx 可以负载多个node 对应port负载均衡
    • LoadBalancer 云供应商的负载均衡器
    • ExternalName 集群外部服务引入到内部直接使用
CronJob
  • 定期创建job
  • spec.template
  • RestartPolicy Never 永不重启,OnFailure失败后重启
  • spec.completions job运行成功运行的pod默认为1
  • spec.parallelism 并行pod数1
  • spec.activeDeadlineSeconds 失败pod 重试最大时间
  • spec.startingDeadlineSeconds 可选,错过执行时间的job
  • spec.concurrencyPolicy 并发策略 任务未运行中是否允许并发
    • allow 允许并发job
    • Forbid 禁止并发
    • Replace 取消当前,重新执行
  • spec.suspend 挂起,后续任务挂起
  • spec.successfulJobHistoryLimit failedJobsHistoryLimit 成功或失败最多保留副本数
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            -  -c 
            -  date; echo Hello from thi kubernetes cluster
          restartPolicy: OnFailure

yaml常见报错 error validating data: ValidationError(CronJob.spec.jobTemplate.spec.template.spec): unknown field

  • kubectl get cronjob -w
  • kubectl get job
  • kubectl logs podname 查看日志
job
apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    metadata:
      name: pi # job名称 pod名称前缀
    spec:
      containers:
      - name: pi # 容器名称
        image: perl
        command: ["perl","-Mbignum=bpi","-wle","print bpi(2000)"] # 圆周率小数点计算后2000位
      restartPolicy: Never # 用不重启
  • kubectl create -f job.yaml
  • kubectl get job -w
  • kubectl get pod -w 实时查看
completions 完成数目
NAME   COMPLETIONS   DURATION   AGE
pi     1/1           27s        2m37s
  • kubectl describe pod pi-6bsxh
DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: daemonset-example
  labels:
    app: daemonset
spec:
  selector:
    matchLabels:
      name: deamonset-example
  template:
    metadata:
      labels:
        name: deamonset-example
    spec:
      containers:
      - name: daemonset-example
        image: nginx:latest
deployment 回退

当修改.spec.template 中的label 和 容器镜像是会创建一个新的revision,扩容修改副本数不会创建

  • kubectl rollout status deployment/nginx-deployment
  • kubectl rollout history deployment/nginx-deployment
  • kubectl rollout undo deployment/nginx-deployment
  • kubectl rollout undo deployment/nginx-deployment --to-revision=1
  • kubectl rollout undo deployment/nginx-deployment --to-revision=2
  • kubectl rollout pause deployment/nginx-deployment 暂停更新
  • 判断是否成功 kubectl rollout status deploy/nginx && echo$? 是否为0来判断
  • 保留的历史版本上线.spec.revisonHistoryLimit 如果为0表示不允许回退
滚动发布
  • kubectl set image deployment/nginx-deployment nginx=nginx:1.9.1
  • deployment下得nginx-deployment
  • Rollover(多rolout)创建副本数未到指定期望值,回滚版本,会立刻杀死在建副本,重新部署
扩容
  • kubectl scale deployment nginx-deployment --replicas 10
  • 集群支持hpa,自动扩容
  • kubectl autoscale deployment nginx-deployment --min=10 --max=15 --cpu-percent=80
nginx
  • kebectl apply -f nginx-deployment.yaml --record
    record 在执行过程中的记录
  • kubectl get deployment
  • kubectl get pod -o wide 查看ip node节点信息
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80
label管理

kubectl get pod --show-labels
kubectl label pod podname tier=frontend1 --overwrite=True
手动修改pod 标签,rs检测副本不符合,需额外修改

mainc start stop
spec:
  containers:
  - name:
    image:nginx
    lifecycle:
      postStart:
        exec:
          command: ["/bin/sh","-c","echo hi > /usr/share/message"]
      postStop:
        exec:
          command: ["/usr/sbin/nginx","-s","quit"]

kubectl get pod
status 状态
pod phase 状态值

  • 挂起 Pending 下载镜像
  • 运行中 Running pod 至少有一个容器正在创建或处于重启
  • 成功 Succeeded 所有容器成功终止,不会再重启 常出现在job createjob中
  • 失败 Failed 容器以非0状态退出
  • 未知 Unknown 无法获取pod状态与host同事失败
pod 分类
  • 自主是pod
  • 控制器管理的pod
    控制器的类型
  • replication controller 控制副本数量
  • replicaset 多出一个标签
  • Deployment 声明式定义 apply 定义rs 滚动升级、扩缩容 控制rs的副本数量和版本,rs-old -》rs-new
  • DaemonSet
  • job 运行脚本非0退出,重试机制几次、CronJob在特定时间创建job *****分时日月周
  • StatefulSet 持久化存储方案 pvc mysql,有序部署、有序扩展 基于 init containers 不会对pod镜像发生改变,有序收缩,有序删除创建0 - n-1 删除 n-1 - 0
RS 创建

kubectl explain rs
ReplicaSet

apiVersion: extensions/v1beta1
kind:ReplicaSet 
metadata:
  name: frontend
spec:
  replicas: 3
  selector:
    matchLabels:
      tier: frontend
  template:
    metadata:
      labels:
        tier: frontend
    spec:
      containers:
        - name: php-redis
          image: gcr.io/google_samples/gb-frontend:v3
          env:
          - name: GET_HOSTS_FROM
            value: dns
          ports:
          - containerPort: 80
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值