K8s系列之:无状态和有状态、DaemonSet、cronjob、Secret、ConfigMap应用案例
一、无状态和有状态
无状态:
- 认为Pod都是一样的
- 没有顺序要求
- 不用考虑在哪个node上运行
- 随意进行伸缩和扩展
有状态:
- 上面因素都需要考虑到
- 每个Pod独立的,保持Pod启动顺序和唯一性
- 唯一的网络标识符,持久存储
- 有序,比如mysql主从
二、部署有状态应用
无头service:
- ClusterIP:none
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nginx-statefulset
namespace: default
spec:
serviceName: nginx
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
kubectl apply -f stats.yaml
kubectl get pods
kubectl get svc
格式:
- 主机名称.service名称.名称空间.svc.cluster.local
- nginx-statefulset-0.nginx.defalult.svc.cluster.local
kubectl delete statefulset --all
kubectl delete svc nginx
kubectl delete svc web
三、DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ds-test
labels:
app: filebeat
spec:
selector:
matchLabels:
app: filebeat
template:
metadata:
labels:
app: filebeat
spec:
containers:
- name: logs
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: varlog
mountPath: /tmp/log
volumes:
- name: varlog
hostPath:
path: /var/log
kubectl exec -it ds-test-cbk6v bash
ls /tmp/log
四、cronjob(定时任务)
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spce:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date;echo Hello from the k8s cluster
restartPolicy: OnFailure
五、Secret
加密数据存储在etcd里面,让Pod容器以挂载Volume方式进行访问。场景:凭证
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: optics
password: optics123
kubectl create -f secret.yaml
kubectl get secret
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
kubectl exec -it mypod bash
echo $SECRET_USERNAME
以Volume形式挂载到容器中
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
volumemounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
六、ConfigMap
- 存储不加密数据到etcd,让Pod以变量或者Volume挂载到容器中
- 场景:配置文件
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
kubectl configmap redis-config --from-file=redis.properties
kubectl get cm
kubectl describe cm redis-config
1.以volume形式挂载到容器pod中
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh","-c","cat /etc/config/redis.properties"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: redis-config
restartPolicy: Never
2.以变量形式挂载到pod容器中
创建yaml,声明变量信息,configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
special.level: info
special.type: hello
kubectl apply -f myconfig.yaml
kubectl get cm
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh","-c","echo $(LEVEL) $(TYPE)"]
env:
- name: LEVEL
valueFrom:
configMapKeyRef:
name: myconfig
key: special.level
- name: TYPE
valueFrom:
configMapKeyRef:
name: myconfig
key: special.type
restartPolicy: Never