文章目录
1. K8S 支持的文件格式
Kubernetes 支持 YAML 和 JSON 文件格式管理资源对象。
- JSON 格式:主要用于 api 接口之间消息的传递
- YAML 格式:用于配置和管理,YAML 是一种简洁的非标记性语言,内容格式人性化,较易读
yaml 和 json 的主要区别:
- YAML 使用空格缩进,这是 Python 开发人员熟悉的领域。
- JavaScript 开发人员喜欢 JSON,因为它是 JavaScript 的一个子集,可以直接在 JavaScript 中解释和编写,同时使用简写方式声明 JSON,在使用没有空格的典型变量名时,不需要键中的双引号。
- 有很多解析器在 YAML 和 JSON 的所有语言中都能很好地工作。
- 在许多情况下,YAML 的空白格式可以更容易查看,因为格式化需要更人性化的方法。
- 如果您的编辑器中没有空格可见或缩进线指示符,那么 YAML 的空白虽然更紧凑,更容易查看,但可能难以手动编辑。
- JSON 的序列化和反序列化要快得多,因为要检查的功能明显少于 YAML,这使得更小更轻的代码能够处理 JSON。
- 一个常见的误解是 YAML 需要较少的标点符号并且比 JSON 更紧凑,但这完全是错误的。空格是不可见的,所以看起来字符较少,但是如果你计算实际的空格是必要的,以便正确解释 YAML 以及正确的缩进,你会发现 YAML 实际上需要比 JSON 更多的字符。JSON 不使用空格来表示层次结构或分组,并且可以通过删除不必要的空格来轻松展平,以实现更紧凑的传输。
2. YAML 语言格式
- 大小写敏感
- 使用缩进表示层级关系
- 不支持 Tab 键制表符缩进,只使用空格缩进
- 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可,通常开头缩进两个空格
- 符号字符后缩进一个空格,如冒号,逗号,短横杠(-)等
---
表示 YAML 格式,一个文件的开始,用于分隔文件#
表示注释
3. 查看 API 资源版本标签
kubectl api-versions
[root@master ~]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
- 如果是业务场景,一般首选使用 apps/v1(apps/v1 从 v1.9 版本开始提供 API)。
- 在 k8s v1.16 版本之前使用的是 extensions/v1beta1,extensions/v1beta1 从 v1.20 版本开始不再提供 Ingress 资源。
- 带有 beta 字样的代表的是测试版本,不用在生产环境中。
4. 编写 nginx-test.yaml 资源配置清单
编写资源配置清单
vim nginx-test.yaml
#指定api版本标签
apiVersion: apps/v1
#定义资源的类型/角色,deployment为副本控制器
#此处资源类型可以是Deployment、Job、Ingress、Service等
kind: Deployment
#定义资源的元数据信息,比如资源的名称、namespace、标签等信息
metadata:
#定义资源的名称,在同一个namespace空间中必须是唯一的
name: nginx-deployment
labels:
app: nginx
#定义deployment资源需要的参数属性,诸如是否在容器失败时重新启动容器的属性
spec:
#定义副本数量
replicas: 3
#定义标签选择器
selector:
#定义匹配标签
matchLabels:
#需与后面的.spec.template.metadata.labels定义的标签保持一致
app: nginx
#定义业务模板,如果有多个副本,所有副本的属性会按照模板的相关配置进行匹配
template:
metadata:
#定义Pod副本将使用的标签,需与前面的.spec.selector.matchLabels定义的标签保持一致
labels:
app: nginx
spec:
#定义容器属性
containers:
#定义一个容器名,一个-name:定义一个容器
- name: nginx
#定义容器使用的镜像以及版本
image: nginx:1.15.4
ports:
#定义容器对外的端口
- containerPort: 80
#------------------------------------------------------------------#
#无注释
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.15.4
ports:
- containerPort: 80
创建资源对象
kubectl create -f nginx-test.yaml --validate=false
查看创建的 pod 资源
kubectl get pods -o wide
5. 创建 service 服务对外提供访问并测试
编写 nginx-svc-test.yaml
[root@master ~]# vim nginx-svc-test.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
#此处定义的selector要与deployment所定义的selector相同
#service依靠标签选择器来检索提供服务的nodes
app: nginx
创建资源对象
[root@master ~]# kubectl create -f nginx-svc-test.yaml
service/nginx-svc created
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
......
nginx-svc NodePort 10.106.107.102 <none> 80:30348/TCP 6s
访问测试
[root@master ~]# curl 10.106.107.102:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]# curl 10.106.107.102:30348
^C
[root@master ~]# echo $?
130
[root@master ~]# curl 192.168.10.101:30348
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]# curl 192.168.10.102:30348
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]# curl 192.168.10.100:30348
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
6. 详解 K8S 中的 Port
- port
port 是 k8s 集群内部访问 service 的端口,即通过 clusterIP:port 可以从 Pod 所在的 Node 上访问到 service
- nodePort
nodePort 是外部访问 k8s 集群中 service 的端口,通过 nodeIP:nodePort 可以从外部访问到某个 service
- targetPort
targetPort 是 Pod 的端口,从 port 或 nodePort 来的流量经过 kube-proxy 反向代理负载均衡转发到后端 Pod 的 targetPort 上,最后进入容器
- containerPort
containerPort 是 Pod 内部容器的端口,targetPort 映射到 containerPort
7. 试运行生成 yaml 模板后创建实例
--dry-run
:试运行
kubectl run --dry-run 打印相应的 API 对象而不执行创建
[root@master ~]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/dryrun-test created (dry run)
[root@master ~]# kubectl get pod,deploy
NAME READY STATUS RESTARTS AGE
pod/nginx-554b9c67f9-295wt 1/1 Running 0 46h
pod/nginx-test-9b644dcd5-75qbq 1/1 Running 0 36m
pod/nginx-test-9b644dcd5-wr6v5 1/1 Running 0 36m
pod/nginx-test-9b644dcd5-z8hjp 1/1 Running 0 36m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/nginx 1/1 1 1 46h
deployment.extensions/nginx-test 3/3 3 3 36m
--dry-run
表示试运行,不真正执行命令(测试命令是否正确),即并不会真的创建出 pod 和 deployment 实例,去掉该参数后即可真正执行命令。
查看生成 yaml 格式
使用 --dry-run
试运行可不触发生成命令,然后通过 -o yaml
可实现对其 yaml 资源配置清单的查看
[root@master]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
run: dryrun-test
name: dryrun-test
spec:
replicas: 3
selector:
matchLabels:
run: dryrun-test
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
name: dryrun-test
ports:
- containerPort: 80
resources: {}
status: {}
查看生成 json 格式
可通过 -o json 查看该命令产生的 json 配置清单
[root@master]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o json
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
{
"kind": "Deployment",
"apiVersion": "apps/v1",
"metadata": {
"name": "dryrun-test",
"creationTimestamp": null,
"labels": {
"run": "dryrun-test"
}
},
"spec": {
"replicas": 3,
"selector": {
"matchLabels": {
"run": "dryrun-test"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "dryrun-test"
}
},
"spec": {
"containers": [
{
"name": "dryrun-test",
"image": "nginx",
"ports": [
{
"containerPort": 80
}
],
"resources": {}
}
]
}
},
"strategy": {}
},
"status": {}
}
使用 yaml 格式导出生成模板
[root@master]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
[root@master]# ls
dryrun-test.yaml nginx-svc-test.yaml nginx-test.yaml
删除一些不必要的参数
[root@master test]# vim dryrun-test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
#删除下行
creationTimestamp: null
labels:
run: dryrun-test
name: dryrun-test
spec:
replicas: 3
selector:
matchLabels:
run: dryrun-test
#删除下行
strategy: {}
template:
metadata:
#删除下行
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
name: dryrun-test
ports:
- containerPort: 80
#删除下行
resources: {}
#删除下行
status: {}
使用 yaml 模板创建实例
[root@master]# kubectl apply -f dryrun-test.yaml
deployment.apps/dryrun-test created
[root@master]# kubectl get pod,deploy
NAME READY STATUS RESTARTS AGE
pod/dryrun-test-6c4ddc89bd-25lcm 1/1 Running 0 39s
pod/dryrun-test-6c4ddc89bd-bbsnm 1/1 Running 0 39s
pod/dryrun-test-6c4ddc89bd-rnmjk 1/1 Running 0 39s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/dryrun-test 3/3 3 3 39s
8. 将现有资源生成 yaml 模板导出并保存为文件
--expose
查看现有资源的 yaml 配置清单
[root@master]# kubectl get deploy dryrun-test --export -o yaml
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"run":"dryrun-test"},"name":"dryrun-test","namespace":"default"},"spec":{"replicas":3,"selector":{"matchLabels":{"run":"dryrun-test"}},"template":{"metadata":{"labels":{"run":"dryrun-test"}},"spec":{"containers":[{"image":"nginx","name":"dryrun-test","ports":[{"containerPort":80}]}]}}}}
creationTimestamp: null
generation: 1
labels:
run: dryrun-test
name: dryrun-test
selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/dryrun-test
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
run: dryrun-test
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: dryrun-test
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
status: {}
保存到文件中
[root@master]# kubectl get deploy dryrun-test --export -o yaml > export-test.yaml
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
[root@master]# ls
dryrun-test.yaml export-test.yaml nginx-svc-test.yaml nginx-test.yaml
9. 查看字段帮助信息
explain
可一层层的查看相关资源对象的帮助信息
[root@master]# kubectl explain deployments.spec.template.spec.containers
KIND: Deployment
VERSION: extensions/v1beta1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
args <[]string>
Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
with a double $$, ie: $$(VAR_NAME). Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
......
[root@master]# kubectl explain pods.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
args <[]string>
Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
with a double $$, ie: $$(VAR_NAME). Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
......
10. 获取资源配置清单的总结
- 没有相关资源,使用 run 命令
--dry-run
选项
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml
- 已有相关资源,使用 get 命令
--export
选项
kubectl get deploy dryrun-test --export -o yaml > export-test.yaml