kubernetes 基础
k8s基础概念
pod分类
自助式pod
自我管理的pod,创建以后仍然需要提交给apiserver,由apiserver接收以后借助于调度器将其调度至指定的node节点,由node启动此pod
如果此pod出现故障,需要重启容器则由kubelet来完成
如果node节点故障了,那么此pod将会消失。其无法实现全局调度。所以不推荐使用此种pod
控制器管理的pod
常见的pod控制器:
- ReplicationController(复制控制器)
当启动一个pod时,这个pod如果不够用可以再启一个副本,而后由控制器来管理同一类pod的各种副本与对象。一旦副本少了就会自动增加。采取多退少补的规则,精确符合我们所定义的期望。
支持滚动更新 - ReplicaSet
由一个名叫Deployment的声明式更新的控制器来管理 - Deployment
Deployment只能管理无状态的应用 - StateFulSet
有状态副本集,可以管理有状态的应用 - DaemonSet
如果需要在每个node上运行一个副本的时候可以用DaemonSet - Job
- Cronjob
- 以上每种控制器都是用来实现一种特定的应用管理的
核心组件
HPA
Deployment还支持二级控制器
HPA(HorizontalPodAutoscaler,水平pod自动伸缩控制器)
一般情况下我们可以确保一个node上有2个pod在运行,万一用户访问流量增加,2个pod不足以承载这么多访问量怎么办?此时我们就应该要增加pod资源,那么到底应该加几个?
HPA控制器可自动监控pod、自动进行扩展。
service
假如有2个pod,pod有其生命周期,万一pod所在的节点宕机,那么此pod将应该要在其他的节点上重建,而重建完的pod与原来的pod已经不是同一个pod了,只是两者都是运行的同一个服务而已。且每个容器都有其IP地址,重建的pod中的容器其IP地址与之前的pod中容器的IP地址是不一样的,如此—来就会存在一个问题,客户端如何访问这些pod中的容器呢?
服务发现 (集贸市场例子:注册摊位、声明地址)
pod是有生命周期的,一个pod随时都有可能离去,随时都有可能会有其他pod加进来,假如它们提供的是同一种服务,客户端是无法通过固定的手段来访问这些pod的,因为pod本身是不固定的,它们随时可能被替换掉,无论使用主机名还是IP地址,都随时会被替换掉。
为了尽可能的降低客户端与pod间协调的复杂度,k8s为每一组提供同类服务的pod和其客户端之间添加了一个中间层,这个中间层是固定的,这个中间层就叫service
service只要不被删除,其地址与名称皆是固定的,当客户端需要在其配置文件中写上访问某个服务时,它不再需要自动发现,只需要在配置文件中写明service的名称即可,而这个service是个调度器,其不但能够提供一个稳定的访问入口,还可以做反向代理,当service接收到客户端的请求后,会将其代理到后端的pod之上,一旦pod宕机了会立即新建一个pod,这个新建的pod会立即被service关联上,作为service后端的可用pod之一
客户端程序访问服务都是通过IP+端口或者主机名+端口的方式来实现的。而service关联后端的pod不是靠它的IP和主机名,而是靠pod的标签选择器。只要创建的pod的label是统一的,无论P地址和主机如何改变,其都能被service所识别。如此一来,只要pod属于标签选择器,只要其在service的管理范围之内,则其就会被关联到service中,当这个动态的pod关联到service中之后,再进行动态的探测此pod的IP地址、端口,再将其作为自己后端可调度的可用服务器主机对象。因此,客户端的请求发送到service,然后由service代理到后端真实的pod中的容器进行响应。
service不是一个程序,也不是一个组件,它只是一个iptables的dnat规则
service作为k8s的对象,有其自身的名称,而service的名称相当于服务的名称,而这个名称可以被解析。
AddOne附件
dns pod
- 装完k8s后第一件事就需要在k8s集群上部署一个dns pod,以确保各service的名称能够被解析
- 可以动态改变,包括动态创建、动态删除、动态修改
- 比如把service的名称改了,dns pod会自动触发,将dns解析记录中的名称也给改掉;假如我们手动把service的ip地址给改了,改完以后会自动触发,将dns服务中的解析记录给改掉
- 如此一来,客户端去访问pod资源的时候可以直接访问service的名称,然后由集群中专用的dns服务来负责解析
这种pod是k8s自身的服务就需要用到的pod,所以我们把它称为基础性的系统架构级的pod对象,而且它们也被称为集群附件
k8s网络模型
- 节点网络
- service集群网络
- pod网络
- k8s的三种网络模型分属于三个网段,由此延伸出来三个问题
- 同一pod内的多个容器间如何通信?
- lop网卡
- 各pod之间如何通信?
- 物理桥桥接,规模大的情况下会产生广播风暴(很少用这种方式)
- Overlay Network,通过隧道的方式转发报文(基本上都会用这个方式)
- pod与service之间如何通信?
- 同一pod内的多个容器间如何通信?
Kubectl管理工具
kuberconfig配置文件
kubectl使用kubeconfig认证文件连接k8s集群,使用kubectl config指令生成kubeconfig文件。
kubeconfig连接k8s认证文件:
- 集群
apiVersion:v1
kind:Config
clusters:
- cluster:
certificate-authority-data:
server:https://192.168.31.61:6443
name:kubernetes
- 上下文
contexts:
- context:
cluster:kubernetes
user:kubernetes-admin
name:kubernetes-admin@kubernetes
- 当前上下文
currnet-context:kubernetes-admin@kubernetes
- 客户端认证
users:
- name:kubernetes
user:
client-certificate-data:
client-key-data:
kubectl管理命令概述
| 类型 | 命令 | 概述 |
| 基础命令 | create | 通过文件名或标准输入创建资源 |
| expose | 为Deployment,Pod创建Service | |
| run | 在集群中运行一个特定的镜像 | |
| set | 在对象上设置特定的功能 | |
| explain | 文档参考资料 | |
| get | 显示一个或多个资源 | |
| edit | 使用系统编辑一个资源 | |
| delete | 通过文件名、标准输入、资源名称或标签选择器来删除资源 | |
| 部署命令 | rollout | 管理Deployment,Daemonset资源的发布(例如状态、发布记录、回滚等) |
| rolling-update | 滚动升级,仅限ReplicationController | |
| scale | 对Deployment、ReplicaSet、RC或Job资源扩容或收缩Pod数量 | |
| autoscale | 为Deploy,RS,RC配置自动伸缩规则(依赖metrics-server和hpa) | |
| 集群管理命令 | certificate | 修改证书资源 |
| cluster-info | 显示集群信息 | |
| top | 查看资源利用率(依赖metrics-server) | |
| cordon | 标记节点不可调度 | |
| uncordon | 标记节点可调度 | |
| drain | 驱逐节点上的应用,准备下线维护 | |
| taint | 修改节点taint标记 |
Kubectl命令的使用
Kubectl命令入门
create
创建一个来源一个文件或标准输入的资源
[root@master ~]# kubectl create deployment b1 --image busybox
deployment.apps/b1 created
创建好后查看,发现b1状态是ContainerCreating,表示正在拉镜像,如果你的镜像早早拉下来了,那它就直接启动了
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
b1-68578fbb6c-gzhn2 0/1 ContainerCreating 0 10s
过了一会再查看b1,发现是CrashLoopBackOff,表示已经退掉了,退掉了并不代表没运行,它是运行了,运行之后退出了;因为busybox默认是打开/bin/sh程序,而/bin/sh一执行就退出了,跟容器里面一样的,一启动就退出了。
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
b1-68578fbb6c-gzhn2 0/1 CrashLoopBackOff 3 102s
再创建一个b2,在命令后面加上一个-- date,过一会查看状态,发现也挂掉了,因为-- date命令也是一样的一执行就没了
[root@master ~]# kubectl create deployment b2 --image busybox -- date
deployment.apps/b2 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
b1-68578fbb6c-gzhn2 0/1 CrashLoopBackOff 7 14m
b2-75d5678b7f-76zpc 0/1 CrashLoopBackOff 7 12m
再创建一个b3,还是在创建b1的命令后,加上-- sleep 6000,过了一会发现,运行起来了
[root@master ~]# kubectl create deployment b3 --image busybox -- sleep 6000
deployment.apps/b3 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
b1-68578fbb6c-gzhn2 0/1 CrashLoopBackOff 7 14m
b2-75d5678b7f-76zpc 0/1 CrashLoopBackOff 7 13m
b3-84d7f7d4bf-lbcnh 1/1 Running 0 47s
由此发现b3里面有任务,就可以运行的,而前面两个是没有任务的,或者说任务一执行就没了,就会挂掉
一下启动三个pods,用kubectl create <TYPE NAME> <POD NAME>--image <镜像> --replicas <启动pod的数量>,这里我们创建的是deployment无状态)类型的,replicas是用来设置要启动多少pods
[root@master ~]# kubectl create deployment myapp --image nginx --replicas 3
deployment.apps/myapp created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-6d8d776547-chght 1/1 Running 0 4m1s
myapp-6d8d776547-dc7jb 1/1 Running 0 4m1s
myapp-6d8d776547-qb7pt 1/1 Running 0 4m1s
nginx-6799fc88d8-kwd2b 1/1 Running 0 24h
暴露端口号,用-- port <端口号>
[root@master ~]# kubectl create deployment myapp1 --image nginx --port 80
deployment.apps/myapp1 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-6d8d776547-chght 1/1 Running 0 8m18s
myapp-6d8d776547-dc7jb 1/1 Running 0 8m18s
myapp-6d8d776547-qb7pt 1/1 Running 0 8m18s
myapp1-677f4bf9bf-cf8ln 1/1 Running 0 102s
get
获取node节点、pod、service信息
列出所有的pod,在ps终端中打印出来
[root@master ~]# kubectl get pods
显示pods的详细信息
[root@master ~]# kubectl get pods -o wide
列出单replication的控制器的指定名称
[root@master ~]# kubectl get deployment myapp
NAME READY UP-TO-DATE AVAILABLE AGE
myapp 3/3 3 3 15m
一起列出replication的控制器和服务显示
[root@master ~]# kubectl get svc
[root@master ~]# kubectl get service
expose
暴露端口号,--target-port表示暴露目标端口号
创建一个服务,这个服务在它的80端口号连接它的时候用容器的8000,用外面的80访问容器里的8000
## 把80映射到8000,因为它的类型是ClusterIP,表示这个service只能在集群中能访问到;NodePort则表示是在真机上可以访问的
[root@master ~]# kubectl expose deployment myapp --port 80 --target-port 8000
service/myapp exposed
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myapp ClusterIP 10.110.171.169 <none> 80/TCP 3s
nginx NodePort 10.111.4.86 <none> 80:30859/TCP 41h
delete
删除pod和service相同的名字,删除的时候指定你要删除的类型,你用哪个类型创建的就用哪个类型来删除
## 因为b1属于deployment类型的控制器,我们是通过控制器来管理的,而不是通过pod自身,而pod有两种类型,一种是自助式pod,一种是控制器管理的pod;我们现在用的是控制器管理的pod,所有要用控制器来管理它
[root@master ~]# kubectl delete deployment b1
deployment.apps "b1" deleted
[root@master ~]# kubectl get pods
No resources found in default namespace.
[root@master ~]# kubectl delete svc myapp
service "myapp" deleted
[root@master ~]# kubectl delete pods nginx
pod "nginx" deleted
[root@master ~]# kubectl get pods
No resources found in default namespace.
run
启动一个nginx pod
[root@master ~]# kubectl run nginx --image nginx
pod/nginx created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 2m52s
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 3m43s 10.244.2.11 node2.example.com <none> <none>
暴露端口号
[root@master ~]# kubectl run nginx --image nginx --port 80
pod/nginx created
加标签
[root@master ~]# kubectl run nginx --image nginx --labels "app=nginx,env=prod"
pod/nginx created
干跑模式(只是干跑一下,不会真的去跑)
[root@master ~]# kubectl run nginx --image nginx --dry-run server
W1219 20:00:28.790987 1379634 helpers.go:553] --dry-run is deprecated and can be replaced with --dry-run=client.
pod/nginx created (dry run)
[root@master ~]# kubectl get pods
No resources found in default namespace.
explain
是一个资源的文档,后面会去用explain看每一个参数里面可以包含什么东西,里面的参数具体应该写成什么样的格式
[root@master ~]# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
查看spec下一级
[root@master ~]# kubectl explain pod.spec
edit
使用默认编辑器编辑服务器上定义的资源
[root@master ~]# kubectl describe pod nginx
Name: nginx
Namespace: default
Priority: 0
Node: node1.example.com/192.168.47.161
Start Time: Mon, 20 Dec 2021 22:30:38 +0800
Labels: app=nginx
································
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 87s
...
labels:
app: test //将原本的nginx改为pod
name: nginx
[root@master ~]# kubectl describe pod nginx
...
Labels: app=test
scale
动态扩展。扩容或缩容 Deployment、ReplicaSet、Replication Controller或 Job 中Pod数量
将名为nginx中的pod副本数量设置为3
[root@master ~]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 8m30s
[root@master ~]# kubectl scale --replicas 3 deployment/nginx
deployment.apps/nginx scaled
[root@master ~]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/3 3 1 8m56s
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-5tsjt 1/1 Running 0 16s
nginx-6799fc88d8-dwrsh 1/1 Running 0 9m5s
nginx-6799fc88d8-sn82p 1/1 Running 0 15s
如果当前副本数为3,则将其扩展至5
[root@master ~]# kubectl scale --current-replicas 3 --replicas 5 deployment/nginx
deployment.apps/nginx scaled
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-5tsjt 1/1 Running 0 62s
nginx-6799fc88d8-dwrsh 1/1 Running 0 9m51s
nginx-6799fc88d8-jkmln 0/1 ContainerCreating 0 2s
nginx-6799fc88d8-qm5ld 0/1 ContainerCreating 0 2s
nginx-6799fc88d8-sn82p 1/1 Running 0 61s
[root@master ~]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 4/5 5 4 9m58s
autoscale
自动扩展,给定一个范围,自动根据业务的访问量增加或减少
// 设定nginx这个deployment的副本数最少为1,最多为5
[root@master ~]# kubectl autoscale --min 1 --max 5 deployment/nginx
horizontalpodautoscaler.autoscaling/nginx autoscaled
[root@master ~]# kubectl get hpa
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
nginx Deployment/nginx <unknown>/80% 1 5 0 8s
cluster-info
显示集群信息
显示标签为 kubernetes.io/cluster-service=true 的控制平面和服务的地址。要进一步调试和诊断集群问题,请使用“kubectl cluster-info dump”
[root@master ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.47.160:6443
KubeDNS is running at https://192.168.47.160:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
describe
查看特定资源或资源组的详细信息
// 查看名为nginx 的pod的详细信息
[root@master ~]# kubectl describe pod nginx
Name: nginx-6799fc88d8-5tsjt
Namespace: default
Priority: 0
Node: node1.example.com/192.168.47.160
Start Time: Mon, 20 Dec 2021 22:40:28 +0800
Labels: app=nginx
pod-template-hash=6799fc88d8
Annotations: <none>
Status: Running
IP: 10.244.1.5
IPs:
IP: 10.244.1.5
Controlled By: ReplicaSet/nginx-6799fc88d8
Containers:
nginx:
Container ID: docker://5a331ad8c751b41bfa7fd98f4f73e1c97cbc9f8aa76aada48f0be3fe22c10097
Image: nginx
Image ID: docker-pullable://nginx@sha256:9522864dd661dcadfd9958f9e0de192a1fdda2c162a35668ab6ac42b465f0603
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 20 Dec 2021 22:40:37 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-n67dr (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-n67dr:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-n67dr
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m9s default-scheduler Successfully assigned default/nginx-6799fc88d8-5tsjt to node1.example.com
Normal Pulling 8m8s kubelet Pulling image "nginx"
Normal Pulled 8m kubelet Successfully pulled image "nginx" in 7.583042375s
Normal Created 8m kubelet Created container nginx
Normal Started 8m kubelet Started container nginx
label
更新(增加、修改或删除)资源上的 label(标签)
- label 必须以字母或数字开头,可以使用字母、数字、连字符、点和下划线,最长63个字符。
- 如果–overwrite 为 true,则可以覆盖已有的 label,否则尝试覆盖 label 将会报错。
- 如果指定了–resource-version,则更新将使用此资源版本,否则将使用现有的资源版本。
//更改标签
[root@master ~]# kubectl describe deployment/nginx
Name: nginx
Namespace: default
CreationTimestamp: Mon, 20 Dec 2021 22:20:38 +0800
Labels: app=nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx
Replicas: 5 desired | 5 updated | 5 total | 5 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx
Containers:
nginx:
Image: nginx
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-6799fc88d8 (5/5 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 37m deployment-controller Scaled up replica set nginx-6799fc88d8 to 1
Normal ScalingReplicaSet 29m deployment-controller Scaled up replica set nginx-6799fc88d8 to 3
Normal ScalingReplicaSet 28m deployment-controller Scaled up replica set nginx-6799fc88d8 to 5
//追加标签
[root@master ~]# kubectl label deployment/nginx user=jing
deployment.apps/nginx labeled
[root@master ~]# kubectl describe deployment/nginx
Name: nginx
Namespace: default
CreationTimestamp: Mon, 20 Dec 2021 22:20:38 +0800
Labels: app=nginx
user=jing
api-resources
在服务器上打印支持的 API 资源
//查看所有资源
[root@master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
api-versions
在服务器上以’组/版本’的形式打印支持的api版本
[root@master ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
logs
查看日志
输出pod或指定资源中容器的日志。如果pod中只有一个容器,则容器名是可选的
// 查看nginx的日志
[root@master ~]# kubectl logs deployment/nginx
Found 5 pods, using pod/nginx-6799fc88d8-dwrsh
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/20 14:14:43 [notice] 1#1: using the "epoll" event method
2021/12/20 14:14:43 [notice] 1#1: nginx/1.21.4
2021/12/20 14:14:43 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/20 14:14:43 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
2021/12/20 14:14:43 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/20 14:14:43 [notice] 1#1: start worker processes
2021/12/20 14:14:43 [notice] 1#1: start worker process 32
2021/12/20 14:14:43 [notice] 1#1: start worker process 33
attach
附加在一个容器里
连接到一个正在运行的容器
//获取正在运行中的pod nginx的输出,默认连接到pod中的第一个容器
[root@master ~]# kubectl attach nginx
Defaulting container name to nginx.
Use 'kubectl describe pod/nginx -n default' to see all of the containers in this pod.
If you don't see a command prompt, try pressing enter.
exec
进到容器内执行一个命令
//默认在pod/nginx的第一个容器中运行date并打印输出
[root@master ~]# kubectl exec deployment/nginx date
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Mon Dec 20 14:38:25 UTC 2021
port-forward
转发一个或多个端口到pod里面去
//将容器中的80端口随即映射到本机的端口
[root@master ~]# kubectl port-forward nginx-6799fc88d8-5tsjt :80
Forwarding from 127.0.0.1:46459 -> 80
Forwarding from [::1]:46459 -> 80
[root@master ~]# curl 127.0.0.1:46459
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]#
cp
拷贝文件或目录到容器中,或者从容器内向外拷贝
//将本地的anaconda-ks.cfg文件传输到pod/nginx的/tmp目录下
[root@master ~]# kubectl cp anaconda-ks.cfg nginx-6799fc88d8-5tsjt:/tmp
[root@master ~]# kubectl exec pod/nginx-6799fc88d8-5tsjt -- ls -l /tmp
total 4
-rw------- 1 root root 1252 Dec 20 14:48 anaconda-ks.cfg
快速部署一个网站
在Kubernetes部署应用流程:
- 制作镜
dockerfile - 使用控制器部署镜像(下面三,任选一个)
Delopment
StatefulSet
DaemonSet - 对外暴露应用
创建一个service让它能够访问 - 日志、监控
- 日常运维
使用Deployment控制器部署镜像:
kubeclt create deployment web --image=lizhenliang/java-demo
kubectl get deploy,pods
使用Service将Pod暴露出去:
kubectl expose deployment web --port=80 --target-port=8080 --type=NodePort ## 用NodePort是可以在真机上访问的
kubectl get service
访问应用:
http://NodeIP:Port ## 端口随机生成,通过get svc获取
基本资源概念
- pod:k8s最小部署单元,一组容器的集合
- Deployment:最常见的控制器,用于更高级别部署和管理pod
- Serivce:为一组pod提供负载均衡,对外提供统一访问入口
- Label:标签,附加到某个资源上,用于关联对象、查询和筛选
- Namespaces:命名空间,将对象逻辑上隔离,也利于权限控制
命名空间
命名空间(Namespace):Kubernetes将资源对象逻辑上隔离,从而形成多个虚拟集群。
应用场景:
- 根据不同团队划分命名空间
- 根据项目划分命名空间
kubectl get namespace
- default:默认命名空间
- kube-system: K8s系统方面的命名空间.
- kube-public: 公开的命名空间,谁都可以访问
- kube-node-lease: K8s内部命名空间
两种方法指定资源命名空间:
- 命令行加-n
- yaml资源元数据里指定namespace字段
// 用Dockerfile编写两个镜像
//制作镜像1
[root@master ~]# mkdir httpd
[root@master ~]# cd httpd
[root@master httpd]# vim Dockerfile
[root@master httpd]# cat Dockerfile
FROM busybox
RUN mkdir /data && \
echo "test page on v1" > /data/index.html
ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
[root@master httpd]# docker build -t wjj200112/httpd:v0.1 .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM busybox
latest: Pulling from library/busybox
3cb635b06aa2: Pull complete
Digest: sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Status: Downloaded newer image for busybox:latest
---> ffe9d497c324
Step 2/3 : RUN mkdir /data && echo "test page on v1" > /data/index.html
---> Running in bf174265c61d
Removing intermediate container bf174265c61d
---> a074d85c6622
Step 3/3 : ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
---> Running in e362ffafa0e2
Removing intermediate container e362ffafa0e2
---> 104d28f2d58c
Successfully built 104d28f2d58c
Successfully tagged wjj200112/httpd:v0.1
//制作镜像2
[root@master httpd]# vim Dockerfile
[root@master httpd]# cat Dockerfile
FROM busybox
RUN mkdir /data && \
echo "test page on v2" > /data/index.html
ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
[root@master httpd]# docker build -t wjj200112/httpd:v2 .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM busybox
---> ffe9d497c324
Step 2/3 : RUN mkdir /data && echo "test page on v2" > /data/index.html
---> Running in aa475f8038dd
Removing intermediate container aa475f8038dd
---> 867882b9f918
Step 3/3 : ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
---> Running in 4cbc3af592c9
Removing intermediate container 4cbc3af592c9
---> e423298d601e
Successfully built e423298d601e
Successfully tagged wjj200112/httpd:v2
[root@master httpd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wjj200112/httpd v2 e423298d601e About a minute ago 1.24MB
wjj200112/httpd v0.1 104d28f2d58c 3 minutes ago 1.24MB
busybox latest ffe9d497c324 13 days ago 1.24MB
[root@master ~]# docker push wjj200112/httpd:v0.1
The push refers to repository [docker.io/wjj200112/httpd]
0d4853dfdf52: Pushed
64cac9eaf0da: Mounted from library/busybox
v0.1: digest: sha256:fb79b8b64543613f2677aeb489451b329ed7b4ccbade1820d9d5205495107f4f size: 734
滚动更新、回滚
用k8s基于httpd:v0.1镜像运行镜像3个pod
[root@master ~]# kubectl create deploy httpd --image wjj200112/httpd:v0.1 --replicas 3
deployment.apps/httpd created
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
httpd-7649d9b878-5lvf7 1/1 Running 0 8m4s
httpd-7649d9b878-ck6cq 1/1 Running 0 8m4s
httpd-7649d9b878-pkqkk 1/1 Running 0 8m4s
//暴露端口
[root@master ~]# kubectl expose deploy httpd --port 80 --type NodePort
service/httpd exposed
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd NodePort 10.111.22.218 <none> 80:31547/TCP 33s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
[root@master ~]# curl 10.111.22.218
test page on v1
[root@master ~]# curl 192.168.47.160:31547
test page on v1
更新
[root@master ~]# kubectl set image deploy/httpd httpd=wjj200112/httpd:v2
deployment.apps/httpd image updated
//创建一个新pod,删除一个旧pod ,直到更新完成
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
httpd-7649d9b878-5lvf7 1/1 Terminating 0 11m
httpd-7649d9b878-ck6cq 1/1 Running 0 11m
httpd-7649d9b878-pkqkk 1/1 Terminating 0 11m
httpd-cb9c79f99-gfk9z 0/1 ContainerCreating 0 10s
httpd-cb9c79f99-w722f 1/1 Running 0 11s
httpd-cb9c79f99-zcsw5 1/1 Running 0 35s
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
httpd-cb9c79f99-gfk9z 1/1 Running 0 101s
httpd-cb9c79f99-w722f 1/1 Running 0 102s
httpd-cb9c79f99-zcsw5 1/1 Running 0 2m6s
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
httpd NodePort 10.111.22.218 <none> 80:31547/TCP 4m54s
//访问
[root@master ~]# curl 10.111.22.218
test page on v2
[root@master ~]# curl 192.168.47.160:31547
test page on v2
回滚
[root@master ~]# kubectl rollout undo deploy/httpd
deployment.apps/httpd rolled back
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
httpd-7649d9b878-96cnm 1/1 Running 0 8s
httpd-7649d9b878-mq6mh 1/1 Running 0 6s
httpd-7649d9b878-rtmjt 1/1 Running 0 10s
httpd-cb9c79f99-gfk9z 1/1 Terminating 0 3m21s
httpd-cb9c79f99-w722f 1/1 Terminating 0 3m22s
httpd-cb9c79f99-zcsw5 1/1 Terminating 0 3m46s
[root@master ~]# curl 10.111.22.218
test page on v1
[root@master ~]# curl 192.168.47.160:31547
test page on v1
//创建版本3
[root@master httpd]# vim Dockerfile
[root@master httpd]# cat Dockerfile
FROM busybox
RUN mkdir /data && \
echo "test page on v3" > /data/index.html
ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
[root@master httpd]# docker build -t wjj200112/httpd:v3 .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM busybox
---> ffe9d497c324
Step 2/3 : RUN mkdir /data && echo "test page on v3" > /data/index.html
---> Running in 3ba8c85f7663
Removing intermediate container 3ba8c85f7663
---> 7259f488af3b
Step 3/3 : ENTRYPOINT ["/bin/httpd","-f","-h","/data"]
---> Running in 4b0eeaad3b71
Removing intermediate container 4b0eeaad3b71
---> 7dabf8af51eb
Successfully built 7dabf8af51eb
Successfully tagged wjj200112/httpd:v3
[root@master httpd]# kubectl set image deploy/httpd httpd=wjj200112/httpd:v3
deployment.apps/httpd image updated
//更新至版本v3
[root@master httpd]# kubectl set image deploy/httpd httpd=wjj200112/httpd:v3
[root@master httpd]# curl 10.111.22.218
test page on v3
//回滚
[root@master httpd]# kubectl rollout undo deploy/httpd
deployment.apps/httpd rolled back
//回到v1
[root@master httpd]# curl 10.111.22.218
test page on v1
//再次回滚
[root@master ~]# kubectl rollout undo deploy/httpd
deployment.apps/httpd rolled back
[root@master httpd]# curl 10.111.22.218
test page on v3
//发现回到了v3,没有回到v2,说明回滚到之前的版本也算一次版本记录,所以最多只能回滚一次
4615
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
