资源对象文件
1.模板与帮助信息
# 获取 Pod 模板
[root@master ~]# kubectl run myweb --image=myos:nginx --dry-run=client -o yaml
# 获取资源对象模板
[root@master ~]# kubectl create namespace work --dry-run=client -o yaml
# 查询帮助信息
[root@master ~]# kubectl explain Pod.spec.restartPolicy
1)资源对象文件
[root@master ~]# mkdir app
[root@master ~]# cd app
[root@master app]# vim nginx.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: nginx
spec:
containers:
- name: nginx
image: myos:nginx
[root@master app]# vim phpfpm.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: php
spec:
containers:
- name: php
image: myos:php-fpm
2)管理资源对象
# 使用资源对象文件创建应用
[root@master app]# kubectl apply -f nginx.yaml -f phpfpm.yaml
# 删除应用
[root@master app]# kubectl delete -f /root/app/
# 合并资源对象文件
[root@master app]# cat nginx.yaml >>app.yaml
[root@master app]# cat phpfpm.yaml >>app.yaml
# 创建资源对象
[root@master ~]# kubectl apply -f app.yaml
# 删除资源对象
[root@master ~]# kubectl delete -f app.yaml
2.自定义命令(command):
[root@master ~]# vim mycmd.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mycmd
spec:
containers:
- name: linux
image: myos:8.5
command: ["sleep"] # 自定义命令
args: ["30"] # 自定义命令参数
[root@master ~]# kubectl apply -f mycmd.yaml
[root@master ~]# kubectl get pods -w
1)容器保护策略
[root@master ~]# vim mycmd.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mycmd
spec:
restartPolicy: Never # 配置保护策略
containers:
- name: linux
image: myos:8.5
command: ["sleep"]
args: ["30"]
[root@master ~]# kubectl delete -f mycmd.yaml
[root@master ~]# kubectl apply -f mycmd.yaml
[root@master ~]# kubectl get pods -w
2)宽限期策略
[root@master ~]# vim mycmd.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mycmd
spec:
terminationGracePeriodSeconds: 0 # 设置宽限期
restartPolicy: Never
containers:
- name: linux
image: myos:8.5
command: ["sleep"]
args: ["30"]
3)最大生命周期
[root@master ~]# vim mycmd.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mycmd
spec:
terminationGracePeriodSeconds: 0
activeDeadlineSeconds: 60 # 可以执行的最大时长
restartPolicy: Never
containers:
- name: linux
image: myos:8.5
command: ["sleep"]
args: ["300"]
[root@master ~]# kubectl delete -f mycmd.yaml
[root@master ~]# kubectl apply -f mycmd.yaml
[root@master ~]# kubectl get pods -w
4)Pod嵌入脚本
[root@master ~]# vim mycmd.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mycmd
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:8.5
command: ["/bin/bash"]
args:
- -c
- |
while sleep 5;do
echo "hello world."
done
[root@master ~]# kubectl apply -f mycmd.yaml
[root@master ~]# kubectl get pods
[root@master ~]# kubectl logs mycmd
3.多容器Pod
[root@master ~]# vim mynginx.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mynginx
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: nginx
image: myos:nginx
- name: php
image: myos:php-fpm
[root@master ~]# kubectl apply -f mynginx.yaml
pod/mynginx created
[root@master ~]# kubectl get pods
1)管理多容器Pod
收到多容器影响的命令有:cp, logs, exec
[root@master ~]# echo "hello world" >hello.html
[root@master ~]# kubectl cp hello.html mynginx:/usr/local/nginx/html/ -c nginx
[root@master ~]# kubectl exec mynginx -c php -- ps
[root@master ~]# kubectl logs mynginx -c nginx
4.资源监控组件
1)配置授权令牌
[root@master ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@master ~]# systemctl restart kubelet
[root@master ~]# kubectl get certificatesigningrequests
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
xxx 14s kubernetes.io/kubelet-serving system:node:master <none> Pending
[root@master ~]# kubectl certificate approve xxx
[root@master ~]# kubectl get certificatesigningrequests
2)安装插件metrics
# 上传镜像到私有仓库
[root@master metrics]# docker load -i metrics-server.tar.xz
[root@master metrics]# docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
[[ "${i}" =~ ^"harbor:443/".+ ]] && continue
docker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}
docker push harbor:443/plugins/${i##*/}:${t}
docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}
done
# 使用资源对象文件创建服务
[root@master metrics]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' components.yaml
[root@master metrics]# kubectl apply -f components.yaml
# 验证插件 Pod 状态
[root@master metrics]# kubectl -n kube-system get pods -l k8s-app=metrics-server
3)计算节点签发证书
# 查看节点资源指标
[root@master metrics]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 99m 4% 1005Mi 27%
node-0001 <unknown> <unknown> <unknown> <unknown>
node-0002 <unknown> <unknown> <unknown> <unknown>
node-0003 <unknown> <unknown> <unknown> <unknown>
node-0004 <unknown> <unknown> <unknown> <unknown>
node-0005 <unknown> <unknown> <unknown> <unknown>
#--------------- 在所有计算节点配置证书 -----------------
[root@node ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@node ~]# systemctl restart kubelet
#--------------- 在 master 签发证书 -------------------
[root@master ~]# kubectl certificate approve $(kubectl get csr -o name)
[root@master ~]# kubectl get certificatesigningrequests
或者kubectl get csr
4)查看节点资源指标
# 获取资源指标有延时,等待 15s 即可查看
[root@master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 265m 13% 1740Mi 48%
node-0001 129m 6% 988Mi 27%
node-0002 312m 15% 1012Mi 28%
node-0003 145m 7% 932Mi 25%
node-0004 130m 6% 1009Mi 28%
node-0005 334m 16% 1017Mi 28%
5)监控资源指标
memtest.py
#!/usr/libexec/platform-python
import sys
if len(sys.argv) == 2:
try:
n = int(sys.argv[1])
except ValueError:
n = 10000
if n > 9999:
print("number range 1 ~ 9999")
else:
memlist, memstr = [], ' ' * 1024 * 1024
memlist.append(memstr * n)
_ = input('use memory success\npress any key to exit : ')
else:
print("%s number (MB)" % sys.argv[0])
添加执行权限
[root@master ~]# chmod 0755 memtest.py
创建pod对象
[root@master ~]# vim mylinux.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: mylinux
spec:
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
[root@master ~]# kubectl apply -f mylinux.yaml
查看pod资源指标
# 查看 CPU 资源消耗
[root@master ~]# kubectl top pods
# 测试消耗内存资源
[root@master ~]# kubectl cp memtest.py mylinux:/usr/bin/
[root@master ~]# kubectl exec -it mylinux -- memtest.py 2500
#--------------- 在另一个终端查看------------------------
[root@master ~]# kubectl top pods
# 实验完成以后清空所有容器
[root@master ~]# kubectl delete pods --all