一、常见资源类型及API
资源对象:Pod、ReplicaSet、ReplicationController、Deployment、StatefulSet、DaemonSet、Job、CronJob.HorizontalPodAutoscaling、Node、Namespace、Service、Ingress、Label、CustomResourceDefinition
存储对象:Volume、PersistentVolume、PersistentVolumeClaim、Secret、ConfigMap
策略对象:SecurityContext.ResourceQuota、LimitRange
身份对象:ServiceAccount、Role、ClusterRole
查询资源对象与内置api
#通过kubectl查询常见资源类型
kubectl api-resources
#通过kubectl查看api对象
#kubectl explain RESOURCE [options]
kubectl explain pod.metadata
#通过curl命令查询内置api
curl -k --cacert /etc/kubeasz/clusters/k8s-cluster1/ssl/ca.pem -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Il93bjV6QmZ6cmI0TVZ6bFZrOGFDVUtoR0lpMnliTXAxWmJ4TmV6UEtFOU0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTdrbGdjIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiOGIyYTNlNi00ODgzLTRlMjEtODFlMy1mZDMyNDRmZGEwOTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.bybmSiut1Xi9QKCpxBo9mhnRYcetIMEINMQG3_99aQEGIqfCd948V-100DtYVAhmuOpDfc9kjG0d96EMKj0eQWZ4lzNL2OJdGq39t_QMAWAwyg71w-9t_54u0d_pKJRoyZ8YWxcqUrj_Lk-yv_zRlrRL49Ql4484lTTNJP7YrWAWxrU55WgLolUxV008pr5iqCnUDe5A3oH8F6FJ8jkJV2HYy3IjGKNt8bMy2LnstyM-tU5lHQJrHmdIS0sp81GQ6ncg_0BahqzG66fJ58UB3S3n0x94WOaUMyvyH1J7u46w5I2whUwfloXa8rngSXtPVZr4pRxApme9MfvZnDcZSg" https://192.168.74.144:6443
##通过curl命令查看pod信息
curl -k --cacert /etc/kubeasz/clusters/k8s-cluster1/ssl/ca.pem -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Il93bjV6QmZ6cmI0TVZ6bFZrOGFDVUtoR0lpMnliTXAxWmJ4TmV6UEtFOU0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlc5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTdrbGdjIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiOGIyYTNlNi00ODgzLTRlMjEtODFlMy1mZDMyNDRmZGEwOTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.bybmSiut1Xi9QKCpxBo9mhnRYcetIMEINMQG3_99aQEGIqfCd948V-100DtYVAhmuOpDfc9kjG0d96EMKj0eQWZ4lzNL2OJdGq39t_QMAWAwyg71w-9t_54u0d_pKJRoyZ8YWxcqUrj_Lk-yv_zRlrRL49Ql4484lTTNJP7YrWAWxrU55WgLolUxV008pr5iqCnUDe5A3oH8F6FJ8jkJV2HYy3IjGKNt8bMy2LnstyM-tU5lHQJrHmdIS0sp81GQ6ncg_0BahqzG66fJ58UB3S3n0x94WOaUMyvyH1J7u46w5I2whUwfloXa8rngSXtPVZr4pRxApme9MfvZnDcZSg" https://192.168.74.144:6443/api/v1/pods
二、Replication Controller、ReplicaSet、Deployment控制器的区别
RC:当 Pod 数量过多时,ReplicationController 会终止多余的 Pod。当 Pod 数量太少时,ReplicationController 将会启动新的 Pod。 与手动创建的 Pod 不同,由 ReplicationController 创建的 Pod 在失败、被删除或被终止时会被自动替换。 例如,在中断性维护(如内核升级)之后,你的 Pod 会在节点上重新创建。 因此,即使你的应用程序只需要一个 Pod,你也应该使用 ReplicationController 创建 Pod。 ReplicationController 类似于进程管理器,但是 ReplicationController 不是监控单个节点上的单个进程,而是监控跨多个节点的多个 Pod。
RS:ReplicaSet 是下一代 ReplicationController, 支持新的基于集合的标签选择算符。 它主要被 Deployment 用来作为一种编排 Pod 创建、删除及更新的机制。
Deployment:Deployment 是一种更高级别的 API 对象,用于更新其底层 ReplicaSet 及其 Pod。 如果你想要这种滚动更新功能,那么推荐使用 Deployment,因为它们是声明式的、服务端的,并且具有其它特性。
Deployment官方简介:https://kubernetes.io/zh/docs/concepts/workloads/controllers/deployment/
#Deployment滚动升级
#更新pod的yaml
kubectl apply -f nginx.yaml
deployment.apps/linux66-nginx-deployment configured
service/linux66-nginx-service configured
#滚动升级状态1
kubectl get pod -n linux66 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux66-nginx-deployment-75c484b766-twtqg 0/1 ContainerCreating 0 2s <none> 192.168.74.148 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-6ql2j 1/1 Running 1 (8d ago) 8d 10.200.135.141 192.168.74.147 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-k9qnv 1/1 Running 0 3m 10.200.169.138 192.168.74.148 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-z66p2 1/1 Running 0 3m 10.200.100.69 192.168.74.149 <none> <none>
#滚动升级状态1
kubectl get pod -n linux66 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux66-nginx-deployment-75c484b766-jqcb4 1/1 Running 0 17s 10.200.100.70 192.168.74.149 <none> <none>
linux66-nginx-deployment-75c484b766-q488r 1/1 Running 0 35s 10.200.135.142 192.168.74.147 <none> <none>
linux66-nginx-deployment-75c484b766-twtqg 1/1 Running 0 52s 10.200.169.139 192.168.74.148 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-z66p2 1/1 Terminating 0 3m50s 10.200.100.69 192.168.74.149 <none> <none>
#回滚
#查询升级历史
kubectl rollout history -n linux66 deployment/linux66-nginx-deployment
deployment.apps/linux66-nginx-deployment
REVISION CHANGE-CAUSE
1 <none>
2 <none>
#查询历史修订信息
kubectl rollout history -n linux66 deployment/linux66-nginx-deployment --revision=1
deployment.apps/linux66-nginx-deployment with revision #1
Pod Template:
Labels: app=linux66-nginx-selector
pod-template-hash=7d8d8dcdf4
Containers:
linux66-nginx-container:
Image: nginx
Ports: 80/TCP, 443/TCP
Host Ports: 0/TCP, 0/TCP
Environment:
password: 123456
age: 18
Mounts: <none>
Volumes: <none>
#回魂到指定版本
kubectl rollout undo -n linux66 deployment/linux66-nginx-deployment --to-revision=1
deployment.apps/linux66-nginx-deployment rolled back
#获取pod信息
kubectl get pod -n linux66 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux66-nginx-deployment-7d8d8dcdf4-6hl7n 1/1 Running 0 116s 10.200.169.140 192.168.74.148 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-9fd7h 1/1 Running 0 99s 10.200.135.143 192.168.74.147 <none> <none>
linux66-nginx-deployment-7d8d8dcdf4-zz44n 1/1 Running 0 82s 10.200.100.71 192.168.74.149 <none> <none>
#查询升级历史
kubectl rollout history -n linux66 deployment/linux66-nginx-deployment
deployment.apps/linux66-nginx-deployment
REVISION CHANGE-CAUSE
2 <none>
3 <none>
#查询历史修订信息
kubectl rollout history -n linux66 deployment/linux66-nginx-deployment --revision=3
deployment.apps/linux66-nginx-deployment with revision #3
Pod Template:
Labels: app=linux66-nginx-selector
pod-template-hash=7d8d8dcdf4
Containers:
linux66-nginx-container:
Image: nginx
Ports: 80/TCP, 443/TCP
Host Ports: 0/TCP, 0/TCP
Environment:
password: 123456
age: 18
Mounts: <none>
Volumes: <none>
三、service的clusterIP与nodePort类型
ClusterlP:用于内部服务基于service name的访问,默认
NodePort:用于kubernetes集群以外的服务主动访问运行在kubernetes集群内部的服务。
#NodePort
nginx.yaml
...
ports:
- containerPort: 80
protocol: TCP
name: http
- containerPort: 443
protocol: TCP
name: https
...
---
kind: Service
apiVersion: v1
metadata:
labels:
app: linux66-nginx-service-label
name: linux66-nginx-service
namespace: linux66
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30006
- name: https
port: 443
protocol: TCP
targetPort: 443
nodePort: 30443
selector:
app: linux66-nginx-selector
#查看svc
kubectl get svc -o wide -n linux66
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
linux66-nginx-service NodePort 10.100.62.81 <none> 80:30006/TCP,443:30443/TCP 7m10s app=linux66-nginx-selector
#ClusterlP类型
deploy_node.yml
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 1
selector:
#matchLabels: #rs or deployment
# app: ng-deploy3-80
matchExpressions:
- {
key: app, operator: In, values: [ng-deploy-80,ng-rs-81]}
template:
metadata:
labels:
app: ng-deploy-80
spec:
containers:
- name: ng-deploy-80
image: nginx:1.17.5
ports:
- containerPort: 80
#nodeSelector:
# env: group1
svc_service.ymlapiVersion: v1
kind: Service
metadata:
name: ng-deploy-80
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
type: ClusterIP
selector:
app: ng-deploy-80
#查看pod详情
kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-79bcbf4f5-wwn96 1/1 Running 0 2m9s 10.200.169.142 192