1、kubernetes资源管理
K8S:容器编排
- 控制平面
(1) API Server 端口:6443
用户认证:双向认证,要求API Server向客户端发送API Server的证书,也要求客户端向API Server发送客户端的证书,并且必须是API Server自身信任的CA所颁发的证书才能得到API Server的认可,而这个KA是我们再部署K8S时默认生成的证书
[root@master ~]# cd /etc/kubernetes/pki/
[root@master pki]# ls
apiserver.crt apiserver-etcd-client.key apiserver-kubelet-client.crt ca.crt etcd front-proxy-ca.key front-proxy-client.key sa.pub
apiserver-etcd-client.crt apiserver.key apiserver-kubelet-client.key ca.key front-proxy-ca.crt front-proxy-client.crt sa.key注意:上面的ca.crt是私有的ca证书
[root@master kubernetes]# ls
admin.conf controller-manager.conf kubelet.conf manifests pki scheduler.conf
[root@master kubernetes]# pwd
/etc/kubernetes注意:上面的admin.conf下就持有一个客户端所颁发的CA证书,这个文件定义好了API Server要定义好的服务器地址以及服务器端口和隐藏起来的证书信息
[root@master kubernetes]# kubectl config view #查看config文件
apiVersion: v1
clusters: #需要访问的kubernetes集群
- cluster:
certificate-authority-data: DATA+OMITTED #这个是CA证书隐藏起来了
server: https://192.168.19.131:6443
name: kubernetes
contexts: #配置访问kubernetes集群的的具体上下文环境
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes #配置当前使用的上下文环境
kind: Config
preferences: {}
users: #配置访问的用户信息,用户名以及证书环境
- name: kubernetes-admin
user:
client-certificate-data: REDACTED #连接CA时客户端证书隐藏起来了
client-key-data: REDACTED #客户端私钥隐藏起来了
(2) Scheduler:
(3) Cotroller:
- Node 运行Pod,给pod相关的service转换为当前节点上的IPtables或ipvs规则,而这一切靠的是每一个Node上运行的kube-proxy的程序组件来完成,kube-proxy它随时监视着k8s-API Service上的变动尤其是Service资源的变动,它会把每一个Service资源的变动反馈到当前节点上的对应的IPtables或IPvs规则
- 因此再K8S上最为重要的几个组件为Pod,Pod Controller,Service
-
(1) Pod Controller
Pod Controller的类型:Deployment -> ngx-deploy -> nginx Pod,我需要它这个类型的属性赋值以后创建出具体的特定的控制器来,然后才可以工作,因此需要创建一个真正的Deployment,例如就交ngx-depoly这表示我么正在用来管理ng的一个deploy,由这个deploy去创建Pod
Service -> nginx-svc
#查看当前集群有几个名称空间
[root@master kubernetes]# kubectl get ns
NAME STATUS AGE
default Active 18h #默认不指定名称空间会运行在default下
kube-node-lease Active 18h
kube-public Active 18h #公共的任何人都可以访问的
kube-system Active 18h #我们系统级的Pod运行在这个名称空间下
#列出当前镜像中的Pod
[root@master kubernetes]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-dk8dc 1/1 Running 0 17h
[root@master kubernetes]# kubectl get pods -n kube-system -o wide #我们使用-o wide 是显示长格式的信息,就像ls -l一样,可以查看到pod运行在哪个IP哪个节点上
#我们可以指定某个名称空间中的Pod 用-n选项即可
[root@master kubernetes]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-9g25w 0/1 CrashLoopBackOff 17 18h
coredns-6c76c8bb89-vqgf8 0/1 CrashLoopBackOff 17 18h
etcd-master 1/1 Running 0 18h
kube-apiserver-master 1/1 Running 0 18h
kube-controller-manager-master 1/1 Running 2 18h
kube-flannel-ds-2w5vd 1/1 Running 0 17h
kube-flannel-ds-cc8kv 1/1 Running 0 17h
kube-flannel-ds-zhxjz 1/1 Running 0 17h
kube-proxy-s58ct 1/1 Running 0 18h
kube-proxy-xqb77 1/1 Running 0 18h
kube-proxy-zbfnh 1/1 Running 0 18h
kube-scheduler-master 1/1 Running 1 18h
#查看当前系统上名称空间为 kube-system的deploy有哪些
[root@master kubernetes]# kubectl get deploy -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
coredns 0/2 2 0 20h
#查看当前系统上有多少个deploy控制器
[root@master kubernetes]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 19h
#查看当前系统上支持多少种资源类型
[root@master kubernetes]# kubectl api-resources
#创建新的名称空间 namespace
[root@master kubernetes]# kubectl create namespace develop #kubectl create namespace 名称
namespace/develop created
[root@master kubernetes]# kubectl create namespace testing
namespace/testing created
[root@master kubernetes]# kubectl create namespace production
namespace/production created[root@master kubernetes]# kubectl get ns #查看名称空间
NAME STATUS AGE
default Active 21h
develop Active 2m33s
kube-node-lease Active 21h
kube-public Active 21h
kube-system Active 21h
production Active 89s
testing Active 2m20s
#删除资源 注意引用资源时先指明类型 比如删除develop的名称空间 就需要指明是namespace
[root@master kubernetes]# kubectl delete namespaces develop #一次只能删除一个资源
namespace "develop" deleted[root@master kubernetes]# kubectl get ns # 会发现develop的名称空间已被删除
NAME STATUS AGE
default Active 21h
kube-node-lease Active 21h
kube-public Active 21h
kube-system Active 21h
production Active 5m52s
testing Active 6m43s还有另外一种方式 类型和名称之间用/隔开 例如ns/testing
[root@master kubernetes]# kubectl delete ns/production ns/testing #这种写法可以一次删除多个
namespace "production" deleted
namespace "testing" deleted
#输出名称空间为default的yaml格式的信息
[root@master kubernetes]# kubectl get ns/default -o yaml
apiVersion: v1 #api版本
kind: Namespace #所属类型
metadata: #元数据
creationTimestamp: "2020-11-03T09:11:50Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:phase: {}
manager: kube-apiserver
operation: Update
time: "2020-11-03T09:11:50Z"
name: default
resourceVersion: "162"
selfLink: /api/v1/namespaces/default
uid: 55a5235f-ed76-4c41-b578-1f8b207ea4e4
spec: #用户期望的状态
finalizers:
- kubernetes
status: #当前状态
phase: Active
#输出名称空间为default的json格式的信息
[root@master kubernetes]# kubectl get ns/default -o json
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"creationTimestamp": "2020-11-03T09:11:50Z",
"managedFields": [
{
"apiVersion": "v1",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:status": {
"f:phase": {}
}
},
"manager": "kube-apiserver",
"operation": "Update",
"time": "2020-11-03T09:11:50Z"
}
],
"name": "default",
"resourceVersion": "162",
"selfLink": "/api/v1/namespaces/default",
"uid": "55a5235f-ed76-4c41-b578-1f8b207ea4e4"
},
"spec": {
"finalizers": [
"kubernetes"
]
},
"status": {
"phase": "Active"
}
}
#输出ns/default描述信息 一般是指当前的状态信息
[root@master kubernetes]# kubectl describe ns/default
Name: default
Labels: <none>
Annotations: <none>
Status: ActiveNo resource quota.
No LimitRange resource.
#创建控制器 这个控制器可以控制pod运行起来
[root@master kubernetes]# kubectl create deploy ngx-dep --image=nginx:1.14-alpine # 格式:kubectl create deploy deploy名字 镜像 没指定名称空间默认会是default
deployment.apps/ngx-dep created[root@master ~]# kubectl get all #查看全部
NAME READY STATUS RESTARTS AGE
pod/ngx-dep-5c8d96d457-xnqvr 1/1 Running 0 9m59s #你会发现创建了一个podNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ngx-dep 1/1 1 1 11m #你会发现创建了一个deploymentNAME DESIRED CURRENT READY AGE
replicaset.apps/ngx-dep-5c8d96d457 1 1 1 11m #你会发现创建了一个replicaset[root@master ~]# kubectl get pods #查看pod
NAME READY STATUS RESTARTS AGE
ngx-dep-5c8d96d457-xnqvr 1/1 Running 0 11m[root@master ~]# kubectl get pods -o wide #查看pod运行在了哪个pod上 IP是啥
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ngx-dep-5c8d96d457-xnqvr 1/1 Running 0 11m 10.244.1.2 node1 <none> <none>[root@master ~]# curl 10.244.1.2 #master节点去访问创建的pod 是可以访问的
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>
#删除pod
[root@master kubernetes]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-dk8dc 1/1 Running 0 20h
ngx-dep-5c8d96d457-bphbj 1/1 Running 0 8m16s
[root@master kubernetes]# kubectl delete pods ngx-dep-5c8d96d457-bphbj
pod "ngx-dep-5c8d96d457-bphbj" deleted[root@master kubernetes]# kubectl get pods -o wide #这时你会发现又生成了一个新pod 名字变了
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6799fc88d8-dk8dc 1/1 Running 0 20h 10.244.1.2 node1 <none> <none>
ngx-dep-5c8d96d457-xjmwm 1/1 Running 0 45s 10.244.1.3 node1 <none> <none>
#创建service
[root@master kubernetes]# kubectl create service clusterip ngx-dep --tcp=80:80 #80:80 本地80端口映射远端80端口 svc是service的简写 注意我刚创建了一个ngx-dep的depoly 这里创建ngx-dep的service会自动关联到ngx-dep的depoly
service/ngx-svc created[root@master ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: ClusterIP
IP: 10.110.127.57 #service的IP
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.2:80 #这里可以看到自动绑定到了10.244.1.3的Pod上
Session Affinity: None
Events: <none>我们验证去访问service查看访问得是不是pod
[root@master ~]# curl 10.110.127.57
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>
我们模拟删除一个pod 会自动创建一个pod
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
ngx-dep-5c8d96d457-8zrrq 1/1 Running 0 117m
[root@master ~]# kubectl delete pod ngx-dep-5c8d96d457-8zrrq
pod "ngx-dep-5c8d96d457-8zrrq" deleted[root@master ~]# kubectl get pods -o wide #我们会发现重新建立起来得pod再node2上且IP地址发生了变化
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 80s 10.244.3.2 node2 <none> <none>[root@master ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: ClusterIP
IP: 10.110.127.57 #查看新建得pod的service的IP没有发生变化
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.3.2:80 #发现这里的service关联了新的pod
Session Affinity: None
Events: <none>注意:以上证明所有的变动都会反应到API server上,而API Server会通知到一切关联它的客户端,她们会随之相应的做出改变
[root@master ~]# curl 10.110.127.57 #我们现在还是访问这个service地址会转到新的pod上
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>
#假设service的地址也发生变化,我们可以用service的名称去访问,这里我们模拟用service地址发生变化 用service名称去访问
[root@master ~]# curl ngx-dep #我们直接去访问service的名称会发现解析不了
curl: (6) Could not resolve host: ngx-dep; 未知的错误注意:解析不了的原因很简单,因为你本地默认情况下的地址是/etc/resolv.conf的名称nameserver 是192.168.19.2地址,在你k8s上默认会运行一个dns
[root@master ~]# kubectl get pods -n kube-system #查看k8s上默认会运行一个dns
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-4gdwp 1/1 Running 1 4h4m #dns
coredns-6c76c8bb89-4t2r7 1/1 Running 1 4h4m #dns
etcd-master 1/1 Running 1 4h4m
kube-apiserver-master 1/1 Running 1 4h4m
kube-controller-manager-master 1/1 Running 1 4h4m
kube-flannel-ds-rc5gj 1/1 Running 0 3h21m
kube-flannel-ds-v67dm 1/1 Running 1 3h21m
kube-flannel-ds-v6wm8 1/1 Running 1 3h21m
kube-proxy-4fjtv 1/1 Running 1 3h22m
kube-proxy-85bhb 1/1 Running 0 3h22m
kube-proxy-mdv29 1/1 Running 1 4h4m
kube-scheduler-master 1/1 Running 1 4h4m[root@master ~]# kubectl get svc -n kube-system #查看k8s上默认的kube-dns地址
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 4h6m注意:我们需要把10.96.0.10地址,做成dns服务器才能解析到我们刚创建的service ngx-dep
[root@master ~]# vim /etc/resolv.conf #修改namespace
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 10.96.0.10
~[root@master ~]# curl ngx-dep
curl: (6) Could not resolve host: ngx-dep; 未知的错误注意:我们发现还是访问不了,访问不了得原因是因为它先找寻得是search的localdomain
这里我们加上完整的去访问,ngx-dep是service名称,default这个是service所在的名称空间,svc这个是固定后缀意思是服务,cluster.local这个是当前k8s所在的域名(这里的域名在kubeadm init初始化的时候会有一个选项为--service--dns--domain这里域名如果不指定的话默认会是cluster.local)
[root@master ~]# curl ngx-dep.default.svc.cluster.local.
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>我们这里删除service
[root@master ~]# kubectl get svc #我们先查看ngx-dep svc的地址
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h20m
ngx-dep ClusterIP 10.110.127.57 <none> 80/TCP 36m
[root@master ~]# kubectl delete svc ngx-dep # 删除svc
service "ngx-dep" deleted
[root@master ~]# kubectl create service clusterip ngx-dep --tcp=80:80 #新建svc
service/ngx-dep created
[root@master ~]# kubectl get svc #查看新建的scv的地址是否发生变化
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h22m
ngx-dep ClusterIP 10.106.98.49 <none> 80/TCP 10s[root@master ~]# curl ngx-dep.default.svc.cluster.local. #我们使用名称去访问service是可以访问的
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p>
</body>
</html>所以以后客户端访问可以访问service的名称,不管service是哪个IP地址,不用管service背后的pod是什么
#deploy可以按需伸缩pod规模,pod扩容和缩容
[root@master ~]# kubectl create deploy myapp --image=ikubernetes/myapp:v1 #我们创建一个新的deploy
deployment.apps/myapp created
[root@master ~]# kubectl get deploy #查看我们新建的myapp的deploy deploy拖出来镜像以后会去给我们创建pod
NAME READY UP-TO-DATE AVAILABLE AGE
myapp 0/1 1 0 18s
ngx-dep 1/1 1 1 158m[root@master ~]# kubectl get pods #查看myapp的pod
NAME READY STATUS RESTARTS AGE
myapp-7d4b7b84b-wf4nd 1/1 Running 0 111s
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 41m[root@master ~]# kubectl get pods -o wide #查看myapp地址
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-7d4b7b84b-wf4nd 1/1 Running 0 3m41s 10.244.1.3 node1 <none> <none>
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 43m 10.244.3.2 node2 <none> <none>
[root@master ~]# curl 10.244.1.3 #去访问myapp
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>[root@master ~]# curl 10.244.1.3/hostname.html #如果想知道主机名可以加上hostname.html 会显示当前这个pod名称
myapp-7d4b7b84b-wf4nd#我们现在把myapp也创建一个service
[root@master ~]# kubectl create service clusterip myapp --tcp=80:80
service/myapp created
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h37m
myapp ClusterIP 10.101.107.198 <none> 80/TCP 9s
ngx-dep ClusterIP 10.106.98.49 <none> 80/TCP 15m[root@master ~]# curl myapp.default.svc.cluster.local. #我们直接使用名称来访问myapp的pod
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>[root@master ~]# curl myapp.default.svc.cluster.local/hostname.html #这表示我后端可以直接看到响应我们的pod名称
myapp-7d4b7b84b-wf4nd接下来我们看下负载均衡效果,实现后端pod扩缩容,现在我们myapp后端有一个pod,假设一个pod不够,我们扩容到三个pod
[root@master ~]# kubectl scale --replicas=3 deployment myapp # scale是扩容 给deployment myapp扩容到3个
deployment.apps/myapp scaled[root@master ~]# kubectl get pods #查看pod会发现myapp的pods变成了3个
NAME READY STATUS RESTARTS AGE
myapp-7d4b7b84b-bvvj2 1/1 Running 0 87s
myapp-7d4b7b84b-rcnp8 1/1 Running 0 87s
myapp-7d4b7b84b-wf4nd 1/1 Running 0 35m
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 75m[root@master ~]# kubectl get pods -o wide #查看myapp的pods的在哪几个节点上
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-7d4b7b84b-bvvj2 1/1 Running 0 2m15s 10.244.1.4 node1 <none> <none>
myapp-7d4b7b84b-rcnp8 1/1 Running 0 2m15s 10.244.3.3 node2 <none> <none>
myapp-7d4b7b84b-wf4nd 1/1 Running 0 36m 10.244.1.3 node1 <none> <none>
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 76m 10.244.3.2 node2 <none> <none>[root@master ~]# kubectl describe svc/myapp #这个新创建的Pods也会反映在service上
Name: myapp
Namespace: default
Labels: app=myapp
Annotations: <none>
Selector: app=myapp
Type: ClusterIP
IP: 10.101.107.198 #service-IP
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.3:80,10.244.1.4:80,10.244.3.3:80 #三个pod的IP
Session Affinity: None
Events: <none>此时,我们使用curl去访问会调度到后台的三个节点上 注意这里的默认调度方式是随机调度的而非轮询。因此service作为访问接口还能帮我们去调度用户请求到不同Pod上
[root@master ~]# curl myapp.default.svc.cluster.local/hostname.html
myapp-7d4b7b84b-bvvj2
[root@master ~]# curl myapp.default.svc.cluster.local/hostname.html
myapp-7d4b7b84b-rcnp8
[root@master ~]# curl myapp.default.svc.cluster.local/hostname.html
myapp-7d4b7b84b-wf4nd缩容Pod:
[root@master ~]# kubectl scale --replicas=2 deployment myapp #这里会缩容成两个Pod
deployment.apps/myapp scaled[root@master ~]# kubectl get pods #可以看到myapp的pod被缩容成了两个
NAME READY STATUS RESTARTS AGE
myapp-7d4b7b84b-rcnp8 1/1 Running 0 10m
myapp-7d4b7b84b-wf4nd 1/1 Running 0 44m
ngx-dep-5c8d96d457-27hcn 1/1 Running 0 84m注意:必须精确符合用户定义的数量,多退少补
[root@master ~]# kubectl describe svc/myapp #这里可以看到pod的IP只有两个
Name: myapp
Namespace: default
Labels: app=myapp
Annotations: <none>
Selector: app=myapp
Type: ClusterIP
IP: 10.101.107.198
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.3:80,10.244.3.3:80 #Pod的ip
Session Affinity: None
Events: <none>
#我们在同一组pod上,如果我们创建时不是指clusterip,而是指node-port,我们甚至可以再一次转发以后再集群外部访问
[root@master ~]# kubectl delete svc/myapp #我们删除myapp的service
service "myapp" deleted
[root@master ~]# kubectl create service nodeport myapp --tcp=80:80 #创建一个nodeport的service
service/myapp created
[root@master ~]# kubectl get svc #查看myapp的类型为 NodePort
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5h22m
myapp NodePort 10.107.41.0 <none> 80:30424/TCP 9s #30424 这个端口是宿主机的端口,不是后端pod的端口
ngx-dep ClusterIP 10.106.98.49 <none> 80/TCP 60m注意:这个80:30424/TCP端口是内外映射的问题,这个30424端口实际会映射到每一个主机上,每一个节点创建完以后,会在每个节点上去生成相应的iptables规则,反映到每一个宿主机的iptables规则中,可以使用iptables -t nat -vnL去查看端口映射。
我们这里可以去访问集群种任意宿主机的地址都是可以通的
每个节点上都会运行一个kube-proxy,它是负责把你的每一个service变动变成本地的iptables或iptables规则,所以就会使得你的每一个端口的相关节点都可以访问它。
本章需要知道:
1、什么是pod
2、什么是pod控制器
3、什么是service以及各有什么作用
总结:k8s最核心作用无非就是围绕pod展开的,service是让pod的访问更加固定,pod控制器是为了能够确保pod运行不出问题。出了问题可以自动给他恢复
Deployment借助于ReplicaSet来管理Pod,Service是帮pod提供固定访问的入口,Ingress也是,Volume是提供跨节点的数据功能的
APIserver:自身类似于集群的网关,我们和API Server交互时可以使用kubectl
API SERVER把API server中的资源分为了多个逻辑组合,其中每个组合称为一个api group(API 群组)
分成组的优势是可以让每个组独立演进
每个组可以多版本并存
[root@master ~]# kubectl api-versions #查看API的群组以及群组版本
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
discovery.k8s.io/v1beta1
events.k8s.io/v1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1 #核心接口 所有的核心接口都在这个组中