首先是namespace对象,它实现了对象的隔离 service deployment statefulset 以及pod都是隶属于namespace下的资源对象。
删除namespace对象需要先删除namespace下的子资源,同时ns存在一把类似锁的对象finalizer对象。
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2022-07-23T10:26:48Z"
labels:
kubernetes.io/metadata.name: default
name: default
resourceVersion: "203"
uid: 2a16a86c-2b02-4a6d-8b1f-609ed1c22661
spec:
finalizers: #该对象不会物理删除,而是给一个标志位
- kubernetes
status: #状态表示ns活着active
phase: Active
pod是容器的组合,共享pid network uts namespace。
pod资源的yaml定义如下
root@master:~# kubectl get pod nginx-test -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations: #用于定义metadta之外的属性,也可以定义被prometheus monitor的annotation
cni.projectcalico.org/containerID: ab15a4d20958a83fa29a0a583a7030d1c7edf31532d3f99cbe544ca03d72e165
cni.projectcalico.org/podIP: 192.168.58.91/32
cni.projectcalico.org/podIPs: 192.168.58.91/32
labels: #pod 会有label,会跟同label的deployment bind以及node
run: nginx-test
name: nginx-test
namespace: default #默认属于default namespace
resourceVersion: "624171"
uid: 0f181789-3928-4d7c-8416-6078ca7b38e5
spec:
containers:
- image: nginx
imagePullPolicy: Always #总是从远程拉取
name: nginx-test
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount #挂载sa
name: kube-api-access-7mhl8
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: harbor #bind在harbor这个node上是schedule调度上去,然后写到etcd并更新pod nodename,本来是空的先创建pod,然后bind
priority: 0 #权重设计到驱逐,权重越高越后驱逐
restartPolicy: Always #pod中容器不论如何停止都将自动重启
schedulerName: default-scheduler
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30 #优雅终止等待容器30秒终止所有进程,30秒后未终止则由kubelet发送SIGKILL信号终止
tolerations: #容忍
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-7mhl8
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
status: "True"
type: Initialized
- lastProbeTime: null
type: Ready
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2022-09-24T09:08:16Z"
status: "True"
type: PodScheduled
containerStatuses:
- image: nginx
imageID: ""
lastState: {}
name: nginx-test
ready: false
restartCount: 0
started: false
state:
waiting:
reason: ContainerCreating
hostIP: 192.168.172.133
phase: Pending
qosClass: BestEffort #
pod探活
livenessprobe是探测容器是否健康不健康则会重新建容器
readinessprobe是检测是否处于kubernetes service可接收流量的状态
startupprobe 探测是否启动完成
apiVersion: v1
kind: Pod
metadata: # pod 的源数据信息,可以写多个
name: nginx-busybox # pod 的名字
spec:
containers:
- name: nginx # 容器的名字
image: nginx:alpine # 镜像的名字
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
httpHeaders:
- name: X-Custom-Header
value: Awesome
initialDelaySeconds: 3
periodSeconds: 3
kubectl expose pod nginx --port 80
把pod暴露出去
创建configmap
kubectl create cm game-demo --from-literal=play_init=test_init
把configmap挂载到container中
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: centos
name: nginx-controller
spec:
replicas: 1
selector:
matchLabels:
run: centos
template:
metadata:
labels:
run: centos
spec:
containers:
- name: centos
image: alpine
command: ["sleep", "3600"]
imagePullPolicy: IfNotPresent
env:
- name: PLAY_INI
valueFrom:
configMapKeyRef:
name: game-demo
key: play_init
- name: PLAY_B
valueFrom:
configMapKeyRef:
name: game-demo
key: play_init
volumeMounts:
- name: config
mountPath: "/config"
readOnly: true
volumes:
- name: config
configMap:
name: game-demo
进入容器查看
kubectl exec -it podname – sh
statefulset
升级
ondelete 删除老的版本新的才能升级
滚动升级
分片升级,升到哪里停下来在升级
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.k8s.io/nginx-slim:0.8
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
Job 是单次作业
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
template:
spec:
containers:
- name: p
image: perl:5.34.0
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4
crontab 是定时任务
apiVersion: batch/v1
kind: CronJob
metadata:
name: hello
spec: #分时日月周
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure
230
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
