1.k8s集群的安裝(kubeadm安裝)
1.1 k8s的架構(gòu)
從系統(tǒng)架構(gòu)來看陕靠,k8s分為2個(gè)節(jié)點(diǎn)
Master 控制節(jié)點(diǎn) 指揮官
Node 工作節(jié)點(diǎn) 干活的
1.Master節(jié)點(diǎn)組成
API Server :提供k8s API接口
主要處理Rest操作以及更新Etcd中的對(duì)象
是所有資源增刪改查的唯一入口校套。
Scheduler:資源調(diào)度器
根據(jù)etcd里的節(jié)點(diǎn)資源狀態(tài)決定將Pod綁定到哪個(gè)Node上
Controller Manager
負(fù)責(zé)保障pod的健康存在
資源對(duì)象的自動(dòng)化控制中心绍填,Kubernetes集群有很多控制器凝化。
Etcd
這個(gè)是Kubernetes集群的數(shù)據(jù)庫
所有持久化的狀態(tài)信息存儲(chǔ)在Etcd中
2.Node節(jié)點(diǎn)的組成
Docker Engine
負(fù)責(zé)節(jié)點(diǎn)容器的管理工作狭郑,最終創(chuàng)建出來的是一個(gè)Docker容器沛申。
kubelet
安裝在Node上的代理服務(wù)郁岩,用來管理Pods以及容器/鏡像/Volume等祝迂,實(shí)現(xiàn)對(duì)集群對(duì)節(jié)點(diǎn)的管理睦尽。
kube-proxy
安裝在Node上的網(wǎng)絡(luò)代理服務(wù),提供網(wǎng)絡(luò)代理以及負(fù)載均衡型雳,實(shí)現(xiàn)與Service通訊当凡。
除了核心組件山害,還有一些推薦的Add-ons:
| 組件名稱 | 說明 |
|---|---|
| kube-dns | 負(fù)責(zé)為整個(gè)集群提供DNS服務(wù) |
| Ingress Controller | 為服務(wù)提供外網(wǎng)入口 |
| Heapster | 提供資源監(jiān)控 |
| Dashboard | 提供GUI |
| Federation | 提供跨可用區(qū)的集群 |
| Fluentd-elasticsearch | 提供集群日志采集、存儲(chǔ)與查詢 |
1.2實(shí)驗(yàn)環(huán)境準(zhǔn)備
1.初始化操作:
干凈環(huán)境
配置主機(jī)名
配置host解析
關(guān)閉防火墻
關(guān)閉SELinux
配置時(shí)間同步
更新好阿里源
確保網(wǎng)絡(luò)通暢
關(guān)閉SWAP分區(qū)
2.配置信息:
主機(jī)名 IP地址 推薦配置
node1 10.0.0.11 1C4G40G
node2 10.0.0.12 1C4G40G
node3 10.0.0.13 1C4G40G
所有節(jié)點(diǎn)需要做hosts解析
[root@node1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.11 node1
10.0.0.12 node2
10.0.0.13 node3
1.3 安裝指定版本的docker
1.配置阿里源
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2.下載指定版本的docker
yum -y install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7
3.配置docker鏡像加速
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
4.啟動(dòng)
systemctl enable docker && systemctl start docker
5.檢查版本
docker -v
1.4部署kubeadm和kubelet
注意:所有節(jié)點(diǎn)都需要安裝
1.設(shè)置k8s國內(nèi)yum倉庫
cat >/etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.安裝kubeadm
yum install -y kubelet-1.16.2 kubeadm-1.16.2 kubectl-1.16.2 ipvsadm
3.設(shè)置k8s禁止使用swap
cat > /etc/sysconfig/kubelet<<EOF
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF
4.設(shè)置內(nèi)核參數(shù)
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
#加載生效
sysctl --system
5.設(shè)置kubelet開機(jī)啟動(dòng)
systemctl enable kubelet && systemctl start kubelet
6.加載IPVS模塊
cat >/etc/sysconfig/modules/ipvs.modules<<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#添加可執(zhí)行權(quán)限
chmod +x /etc/sysconfig/modules/ipvs.modules
#加載模塊
source /etc/sysconfig/modules/ipvs.modules
#檢測(cè)結(jié)果
[root@node1 ~]# lsmod | grep -e ip_vs -e nf_conntrack_ipv
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 0
ip_vs 145497 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack_ipv4 15053 2
nf_defrag_ipv4 12729 1 nf_conntrack_ipv4
nf_conntrack 133095 7 ip_vs,nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
1.5初始化集群部署Master
注意沿量!只在master節(jié)點(diǎn)運(yùn)行!!!
https://v1-16.docs.kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
0.安裝規(guī)劃
節(jié)點(diǎn)規(guī)劃
node1 master節(jié)點(diǎn) API Server controlle scheduler kube-proxy etcd
node2
node3
IP規(guī)劃
POD IP. 10.2.0.0
Cluster IP. 10.1.0.0
Node IP. 10.0.0.0
1.初始化命令
kubeadm init \
--apiserver-advertise-address=10.0.0.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.16.2 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU
執(zhí)行完成后會(huì)有輸出浪慌,這是node節(jié)點(diǎn)加入k8s集群的命令
kubeadm join 10.0.0.11:6443 --token 24yya0.hwl78tnxu6sc4c3z
--discovery-token-ca-cert-hash sha256:3a31131cf8752bdebe67e1539ad7a625b94e5017b37c0ae8d7f877799b962627
===============================================
2.為kubectl準(zhǔn)備kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
3.獲取node節(jié)點(diǎn)信息
[root@node1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 NotReady master 15m v1.16.
4.支持命令補(bǔ)全
yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
kubectl completion bash >/etc/bash_completion.d/kubectl
5.設(shè)置kube-proxy使用ipvs模式
執(zhí)行命令,然后將mode: ""修改為mode: "ipvs"然后保存退出
kubectl edit cm kube-proxy -n kube-system
重啟kube-proxy(刪除kube-proxy,重新創(chuàng)建朴则,類似修改重載服務(wù))
kubectl get pod -n kube-system |grep kube-proxy |awk '{system("kubectl delete pod "$1" -n kube-system")}'
查看pod信息
kubectl get -n kube-system pod|grep "kube-proxy"
檢查日志权纤,如果出現(xiàn)IPVS rr就表示成功
[root@node1 ~]# kubectl -n kube-system logs -f kube-proxy-vzg52
I0305 14:55:27.188416 1 node.go:135] Successfully retrieved node IP: 10.0.0.11
I0305 14:55:27.188451 1 server_others.go:176] Using ipvs Proxier.
W0305 14:55:27.188647 1 proxier.go:420] IPVS scheduler not specified, use rr by default
檢查IPVS規(guī)則
[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.1.0.1:443 rr
-> 10.0.0.11:6443 Masq 1 0 0
TCP 10.1.0.10:53 rr
TCP 10.1.0.10:9153 rr
UDP 10.1.0.10:53 rr
1.6 部署網(wǎng)絡(luò)插件
注意!只在master節(jié)點(diǎn)上安裝部署7鹨础Q铩!
1.部署Flannel網(wǎng)絡(luò)插件
git clone --depth 1 https://github.com/coreos/flannel.git
2.修改資源配置清單
cd flannel/Documentation/
vim kube-flannel.yml
egrep -n "10.2.0.0|mirror|eth0" kube-flannel.yml
128: "Network": "10.2.0.0/16",
172: image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
186: image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
192: - --iface=eth0
3.應(yīng)用資源配置清單
kubectl create -f kube-flannel.yml
[root@node1 ~/flannel/Documentation]# kubectl create -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
4.檢查pod運(yùn)行狀態(tài)芥被,等一會(huì)應(yīng)該全是running
[root@node1 ~/flannel/Documentation]# kubectl -n kube-system get pod
NAME READY STATUS RESTARTS AGE
coredns-58cc8c89f4-bd6gz 0/1 Running 0 48m
coredns-58cc8c89f4-jbgss 1/1 Running 0 48m
etcd-node1 1/1 Running 0 47m
kube-apiserver-node1 1/1 Running 0 47m
kube-controller-manager-node1 1/1 Running 0 47m
kube-flannel-ds-amd64-ct5tn 1/1 Running 0 34s
kube-proxy-vzg52 1/1 Running 0 15m
kube-scheduler-node1 1/1 Running 0 47m
1.7部署Node節(jié)點(diǎn)
1.在master節(jié)點(diǎn)上輸出增加節(jié)點(diǎn)的命令
kubeadm token create --print-join-command
2.在node2和node3節(jié)點(diǎn)執(zhí)行加入集群的命令 每個(gè)人的token不一樣
kubeadm join 10.0.0.11:6443 --token 24yya0.hwl78tnxu6sc4c3z
--discovery-token-ca-cert-hash sha256:3a31131cf8752bdebe67e1539ad7a625b94e5017b37c0ae8d7f877799b962627
===============================================
3.在node1節(jié)點(diǎn)上查看狀態(tài)
[root@node1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 Ready master 53m v1.16.2
node2 NotReady <none> 47s v1.16.2
node3 Ready <none> 42s v1.16.2
4.給節(jié)點(diǎn)打標(biāo)簽
主節(jié)點(diǎn)操作:
[root@node1 ~]# kubectl label nodes node2 node-role.kubernetes.io/node=
node/node2 labeled
[root@node1 ~]# kubectl label nodes node3 node-role.kubernetes.io/node=
node/node3 labeled
5.再次查看節(jié)點(diǎn)狀態(tài)
[root@node1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 Ready master 55m v1.16.2
node2 NotReady node 2m42s v1.16.2
node3 Ready node 2m37s v1.16.2
至此k8s集群搭建完成欧宜,這種黑盒安裝不利于了解其組成架構(gòu),不利于學(xué)習(xí)拴魄,學(xué)習(xí)還是使用yum一步步安裝冗茸。
1.8配置master為鏡像倉庫
安裝docker
1.配置阿里源
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2.下載指定版本的docker
yum -y install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7
3.配置docker鏡像加速
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
4.啟動(dòng)
systemctl enable docker && systemctl start docker
5.檢查版本
docker -v
安裝harbor
1.下載harbor
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
2.在node4上安裝harbor
cd /opt/
tar zxf harbor-offline-installer-v1.9.0-rc1.tgz
cd harbor/
3.編輯harbor配置文件
vim harbor.yml
...
hostname: 10.0.0.14
harbor_admin_password: 123456
data_volume: /data/harbor
...
4.執(zhí)行安裝
yum install docker-compose -y
./install.sh
5.瀏覽器訪問
http://10.0.0.14
admin
123456
6.建立鏡像倉庫
這里有2種訪問級(jí)別:
公開:任何人都可以直接訪問并下載鏡像
私有:登陸授權(quán)后才允許下載鏡像
.使用harbor作為k8s私有倉庫
1.創(chuàng)建鏡像倉庫
2.所有節(jié)點(diǎn)都配置docker信任harbor倉庫并重啟docker
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries" : ["http://10.0.0.14"]
}
EOF
systemctl restart docker
3.為鏡像打標(biāo)簽
[root@node2 ~]# docker tag d5cea958d330 10.0.0.14/k8s/mysql:5.7
[root@node2 ~]# docker tag a29e200a18e9 10.0.0.14/k8s/tomcat-app:v1
4.登錄harbor并推送鏡像到harbor
[root@node2 ~]# docker login 10.0.0.14
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node2 ~]# docker push 10.0.0.14/k8s/tomcat-app:v1
The push refers to repository [10.0.0.14/k8s/tomcat-app]
fe9a890c4f24: Pushed
5f70bf18a086: Pushed
a072f755a133: Pushed
6d0267f8a9fd: Pushed
7bb92eb08c02: Pushed
d8ba5f179687: Pushed
2275023dea33: Pushed
d490458a60cb: Pushed
bb3e02b5a488: Pushed
3b7a0c95e085: Pushed
02adacdfda2f: Pushed
d2c5e3a8d3d3: Pushed
4dcab49015d4: Pushed
v1: digest: sha256:565bb4e52ac67b4d37feed9ea4626b786f23e0871451587c7187683532a6188f size: 5719
[root@node2 ~]# docker push 10.0.0.14/k8s/mysql:5.7
The push refers to repository [10.0.0.14/k8s/mysql]
ef78375f166a: Pushed
549184ef4a0e: Pushed
3be346044c35: Pushed
c7c9b9502281: Pushed
80c697004ac9: Pushed
f24603cb3885: Pushed
cee57cdf5101: Pushed
1a527f11e03e: Pushed
4dac9b6b28ce: Pushed
605f8f2fe1e5: Pushed
e0db3ba0aaea: Pushed
5.7: digest: sha256:1be1f2cbd2c18563b167ffda45f67c5b0afb1bfe6a77cbc506306836fb1317b5 size: 2622
5.查看docker登陸的密碼文件
[root@node1 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.14": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.7 (linux)"
}
}
6.將docker密碼文件解碼成base64編碼
[root@node1 ~/demo]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9
7.創(chuàng)建并應(yīng)用docker登陸的Secret資源
注意!Fブ小夏漱!
1.dockerconfigjson: xxx直接寫base64的編碼,不需要換行
2.base64編碼是一整行顶捷,不是好幾行
3.最后的type字段不能少
[root@node1 ~]# vim harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
8.應(yīng)用資源配置清單并查看
[root@node1 ~]# kubectl create -f harbor-secret.yaml
secret/harbor-secret created
[root@node1 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-vz4d9 kubernetes.io/service-account-token 3 30h
harbor-secret kubernetes.io/dockerconfigjson 1 14s
2什么是k8s,k8s有什么功能?
k8s是一個(gè)docker集群的管理工具
2.1 k8s的核心功能
自愈: 重新啟動(dòng)失敗的容器挂绰,在節(jié)點(diǎn)不可用時(shí),替換和重新調(diào)度節(jié)點(diǎn)上的容器服赎,對(duì)用戶定義的健康檢查不響應(yīng)的容器會(huì)被中止葵蒂,并且在容器準(zhǔn)備好服務(wù)之前不會(huì)把其向客戶端廣播。
彈性伸縮: 通過監(jiān)控容器的cpu的負(fù)載值,如果這個(gè)平均高于80%,增加容器的數(shù)量,如果這個(gè)平均低于10%,減少容器的數(shù)量
服務(wù)的自動(dòng)發(fā)現(xiàn)和負(fù)載均衡: 不需要修改您的應(yīng)用程序來使用不熟悉的服務(wù)發(fā)現(xiàn)機(jī)制重虑,Kubernetes 為容器提供了自己的 IP 地址和一組容器的單個(gè) DNS 名稱践付,并可以在它們之間進(jìn)行負(fù)載均衡。
滾動(dòng)升級(jí)和一鍵回滾: Kubernetes 逐漸部署對(duì)應(yīng)用程序或其配置的更改缺厉,同時(shí)監(jiān)視應(yīng)用程序運(yùn)行狀況永高,以確保它不會(huì)同時(shí)終止所有實(shí)例。 如果出現(xiàn)問題提针,Kubernetes會(huì)為您恢復(fù)更改命爬,利用日益增長的部署解決方案的生態(tài)系統(tǒng)。
2.2 k8s的歷史
2014年 docker容器編排工具辐脖,立項(xiàng)
2015年7月 發(fā)布kubernetes 1.0, 加入cncf基金會(huì)
2016年遇骑,kubernetes干掉兩個(gè)對(duì)手,docker swarm揖曾,mesos 1.2版
2017年 1.5
2018年 k8s 從cncf基金會(huì) 畢業(yè)項(xiàng)目
2019年: 1.13, 1.14 落萎,1.15
cncf cloud native compute foundation
kubernetes (k8s): 希臘語 舵手亥啦,領(lǐng)航 容器編排領(lǐng)域,
谷歌15年容器使用經(jīng)驗(yàn)练链,borg容器管理平臺(tái)翔脱,使用golang重構(gòu)borg,kubernetes
2.3 k8s的安裝
yum安裝 1.5 最容易安裝成功媒鼓,最適合學(xué)習(xí)的
源碼編譯安裝---難度最大 可以安裝最新版
二進(jìn)制安裝---步驟繁瑣 可以安裝最新版 shell,ansible,saltstack
kubeadm 安裝最容易, 網(wǎng)絡(luò) 可以安裝最新版
minikube 適合開發(fā)人員體驗(yàn)k8s, 網(wǎng)絡(luò)
2.4 k8s的應(yīng)用場(chǎng)景
k8s最適合跑微服務(wù)項(xiàng)目!
3k8s常用的資源
1.POD
POD是k8s的最小資源單位
POD的IP地址是隨機(jī)的届吁,刪除POD會(huì)改變IP
POD都有一個(gè)基礎(chǔ)容器
一個(gè)POD內(nèi)可以由一個(gè)或多個(gè)容器組成
一個(gè)POD內(nèi)的容器共享根容器的網(wǎng)絡(luò)命名空間
一個(gè)POD的內(nèi)的網(wǎng)絡(luò)地址由根容器提供
2.Controller
用來管理POD
控制器的種類有很多
- RC Replication Controller 控制POD有多個(gè)副本
- RS ReplicaSet RC控制的升級(jí)版
- Deployment 推薦使用,功能更強(qiáng)大绿鸣,包含了RS控制器
- DaemonSet 保證所有的Node上有且只有一個(gè)Pod在運(yùn)行
- StatefulSet 有狀態(tài)的應(yīng)用疚沐,為Pod提供唯一的標(biāo)識(shí),它可以保證部署和scale的順序
3.Service提供網(wǎng)絡(luò)代理負(fù)債均衡
NodeIP
CluterIP
POD IP
3.1 創(chuàng)建pod資源
創(chuàng)建資源的方法
apiserver僅能接受json格式的資源定義 ,yaml格式提供的清單潮模,apiserver可以自動(dòng)將其轉(zhuǎn)換為json格式再提交亮蛔。
k8s yaml的主要組成:
#查看資源清單所需的字段
[root@node1 ~]# kubectl explain pod
apiVersion: v1 api版本
kind: pod 資源類型
metadata: 屬性
spec: 詳細(xì)
#查看資源清單嵌套的命令
kubectl explain pod
kubectl explain pod.spec
kubectl explain pod.spec.volumes
使用命令行創(chuàng)建一個(gè)pod
#創(chuàng)建pod
kubectl create deployment nginx --image=nginx:alpine
#查看pod詳細(xì)信息
kubectl get pod -o wide
#將剛才創(chuàng)建的pod配置到處成yaml格式
kubectl get pod -o yaml > nginx-pod.yaml
[root@node1 ~]# vim nginx-pod.yaml
apiVersion: v1 #api版本
kind: Pod #資源類型
metadata: #元數(shù)據(jù)
name: nginx #元數(shù)據(jù)名稱
labels: #pod標(biāo)簽
app: nginx
spec:
containers: #容器的特性
- name: nginx #容器名稱
image: nginx:alpine #容器的鏡像名稱
imagePullPolicy: IfNotPresent #容器的拉取策略
ports: #容器端口
- name: http
containerPort: 80 #容器暴露的端口
根據(jù)應(yīng)用資源配置清單創(chuàng)建pod
kubectl create -f nginx-pod.yaml
查看pod信息
kubectl get pod -o wide
查看pod創(chuàng)建過程的詳細(xì)信息
kubectl describe pod nginx
pod資源:至少由兩個(gè)容器組成,pod基礎(chǔ)容器和業(yè)務(wù)容器組成(最多1+4)
pod配置文件2:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.0.14/nginx:1.14
ports:
- containerPort: 80
- name: busybox
image: 10.0.0.14/busybox:latest
command: ["sleep","10000"] #間隔時(shí)間
Node打標(biāo)簽
說明:通過nodeSelector來選擇node標(biāo)簽在特定節(jié)點(diǎn)生成pod,默認(rèn)是根據(jù)etcd里的節(jié)點(diǎn)資源狀態(tài)決定將Pod綁定到哪個(gè)Node上擎厢。
1.查看node的標(biāo)簽
kubectl get node --show-labels
2.給node打標(biāo)簽
kubectl label nodes node2 CPU=Xeon
kubectl label nodes node3 disktype=ssd
3.編輯POD資源配置清單究流,使用node標(biāo)簽選擇器
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
nodeSelector:
#CPU: Xeon
disktype: SSD
4.刪除容器重新創(chuàng)建
kubectl delete pod nginx
kubectl create -f nginx-pod.yaml
5.查看結(jié)果
kubectl get pod -o wide
6.刪除節(jié)點(diǎn)標(biāo)簽
kubectl label nodes node2 CPU-
kubectl label nodes node3 disktype-
容器打標(biāo)簽
1.標(biāo)簽說明
一個(gè)標(biāo)簽可以給多個(gè)POD使用
一個(gè)POD也可以擁有多個(gè)標(biāo)簽
2.查看POD標(biāo)簽
kubectl get pod --show-labels
3.添加標(biāo)簽方法
方法1:直接編輯資源配置清單:
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
release: beta
方法2:命令行打標(biāo)簽
kubectl label pods nginx release=beta
kubectl label pods nginx job=linux
kubectl get pod --show-labels
4.刪除標(biāo)簽
kubectl label pod nginx job-
kubectl get pod --show-labels
5.實(shí)驗(yàn): 生成2個(gè)POD,打上不同的標(biāo)簽动遭,然后根據(jù)標(biāo)簽選擇
kubectl create deployment nginx --image=nginx:1.14.0
kubectl get pod --show-labels
kubectl label pods nginx-xxxxxxxx release=stable
kubectl get pod --show-labels
根據(jù)條件查看
kubectl get pods -l release=beta --show-labels
kubectl get pods -l release=stable --show-labels
根據(jù)條件刪除
kubectl delete pod -l app=nginx
3.2 ReplicationController資源
rc:保證指定數(shù)量的pod始終存活,rc通過標(biāo)簽選擇器來關(guān)聯(lián)pod
k8s資源的常見操作:
kubectl create -f xxx.yaml
kubectl get pod|rc
kubectl describe pod nginx
kubectl delete pod nginx 或者kubectl delete -f xxx.yaml
kubectl edit pod nginx
創(chuàng)建一個(gè)rc
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 5
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: 10.0.0.14/nginx:1.14
ports:
- containerPort: 80
rc的滾動(dòng)升級(jí) 新建一個(gè)nginx-rc1.15.yaml
升級(jí) kubectl rolling-update nginx -f nginx-rc1.15.yaml --update-period=10s
回滾 kubectl rolling-update nginx2 -f nginx-rc.yaml --update-period=1s
3.3.編寫RS控制器資源配置清單
cat >nginx-rs.yaml <<EOF
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx-rs
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx-containers
image: nginx:1.14.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
EOF
2.應(yīng)用RS資源配置清單
kubectl create -f nginx-rs.yaml
3.查看RS資源
kubectl get rs
kubectl get pod -o wide
4.動(dòng)態(tài)修改配置 擴(kuò)容 收縮 升級(jí)
kubectl edit rs nginx
kubectl scale rs nginx --replicas=5
5.修改yaml文件應(yīng)用修改
vim nginx-rs.yaml
kubectl apply -f nginx-rs.yaml
3.4deployment資源
有rc在滾動(dòng)升級(jí)之后,會(huì)造成服務(wù)訪問中斷,這是由于調(diào)用的標(biāo)簽需要手動(dòng)修改芬探,于是k8s引入了deployment資源,也是目前使用的pod資源厘惦。
1.Deployment資源配置清單
cat >nginx-dp.yaml<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx-containers
image: nginx:1.14.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
EOF
2.應(yīng)用資源配置清單
kubectl create -f nginx-dp.yaml
3.查看
kubectl get pod -o wide
kubectl get deployments.apps
kubectl describe deployments.apps nginx-deployment
4.更新版本
方法1: 命令行根據(jù)資源配置清單修改鏡像
kubectl set image -f nginx-dp.yaml nginx-containers=nginx:1.16.0
查看有沒有更新
kubectl get pod
kubectl describe deployments.apps nginx-deployment
kubectl describe pod nginx-deployment-7c596b4d95-6ztld
方法2: 命令行根據(jù)資源類型修改鏡像
打開2個(gè)窗口:
第一個(gè)窗口監(jiān)控pod狀態(tài)
kubectl get pod -w
第二個(gè)窗口更新操作
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.14.0
查看更新后的deployment信息
kubectl describe deployments.apps nginx-deployment
----------------------------------------------------
Normal ScalingReplicaSet 14m deployment-controller Scaled up replica set nginx-deployment-7c596b4d95 to 1
Normal ScalingReplicaSet 14m deployment-controller Scaled down replica set nginx-deployment-9c74bb6c7 to 1
Normal ScalingReplicaSet 14m deployment-controller Scaled up replica set nginx-deployment-7c596b4d95 to 2
Normal ScalingReplicaSet 13m deployment-controller Scaled down replica set nginx-deployment-9c74bb6c7 to 0
Normal ScalingReplicaSet 8m30s deployment-controller Scaled up replica set nginx-deployment-9c74bb6c7 to 1
Normal ScalingReplicaSet 8m29s (x2 over 32m) deployment-controller Scaled up replica set nginx-deployment-9c74bb6c7 to 2
Normal ScalingReplicaSet 8m29s deployment-controller Scaled down replica set nginx-deployment-7c596b4d95 to 1
Normal ScalingReplicaSet 8m28s deployment-controller Scaled down replica set nginx-deployment-7c596b4d95 to 0
----------------------------------------------------
更新過程:
nginx-deployment-7c596b4d95-8z7kf #老的版本
nginx-deployment-7c596b4d95-6ztld #老的版本
nginx-deployment-9c74bb6c7-pgfxz 0/1 Pending
nginx-deployment-9c74bb6c7-pgfxz 0/1 Pending
nginx-deployment-9c74bb6c7-pgfxz 0/1 ContainerCreating #拉取新版本鏡像
nginx-deployment-9c74bb6c7-pgfxz 1/1 Running #運(yùn)行新POD
nginx-deployment-7c596b4d95-8z7kf 1/1 Terminating #停止一個(gè)舊的POD
nginx-deployment-9c74bb6c7-h7mk2 0/1 Pending
nginx-deployment-9c74bb6c7-h7mk2 0/1 Pending
nginx-deployment-9c74bb6c7-h7mk2 0/1 ContainerCreating #拉取新版本鏡像
nginx-deployment-9c74bb6c7-h7mk2 1/1 Running #運(yùn)行新POD
nginx-deployment-7c596b4d95-6ztld 1/1 Terminating #停止一個(gè)舊的POD
nginx-deployment-7c596b4d95-8z7kf 0/1 Terminating #等待舊的POD結(jié)束
nginx-deployment-7c596b4d95-6ztld 0/1 Terminating #等待舊的POD結(jié)束
查看滾動(dòng)更新狀態(tài):
kubectl rollout status deployment nginx-deployment
5.回滾上一個(gè)版本
kubectl describe deployments.apps nginx-deployment
kubectl rollout undo deployment nginx-deployment
kubectl describe deployments.apps nginx-deployment
6.回滾到指定版本
v1 1.14.0
v2 1.15.0
v3 1.16.0
回滾到v1版本
創(chuàng)建第一版 1.14.0
kubectl create -f nginx-dp.yaml --record
更新第二版 1.15.0
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.15.0
更新第三版 1.16.0
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.16.0
查看所有歷史版本
kubectl rollout history deployment nginx-deployment
查看指定歷史版本信息
kubectl rollout history deployment nginx-deployment --revision=1
回滾到指定版本
kubectl rollout undo deployment nginx-deployment --to-revision=1
7.擴(kuò)縮容
kubectl scale deployment nginx-deployment --replicas=5
kubectl scale deployment nginx-deployment --replicas=2
k8s的附加組件
4.1namespace命令空間
namespace做資源隔離
說明:根據(jù)業(yè)務(wù)名命令空間名,默認(rèn)的事default偷仿。命令空間不同,資源名相同也不會(huì)沖突
ubectl create namespace 空間名稱
4.2 健康檢查
4.2.1 探針的種類
livenessProbe:健康狀態(tài)檢查宵蕉,周期性檢查服務(wù)是否存活酝静,檢查結(jié)果失敗,將重啟容器
readinessProbe:可用性檢查国裳,周期性檢查服務(wù)是否可用形入,不可用將從service的endpoints中移除
4.2.2 探針的檢測(cè)方法
- exec:執(zhí)行一段命令
- httpGet:檢測(cè)某個(gè) http 請(qǐng)求的返回狀態(tài)碼
- tcpSocket:測(cè)試某個(gè)端口是否能夠連接
4.2.3 liveness探針的exec使用
vi nginx_pod_exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: exec
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5
periodSeconds: 5
#創(chuàng)建pod
[root@node1 ~]# kubectl create -f nginx-pod-exec.yaml
#持續(xù)查看結(jié)果
[root@node1 ~]# kubectl get pods exec
NAME READY STATUS RESTARTS AGE
exec 1/1 Running 1 74s
4.2.4 liveness探針的httpGet使用
vi nginx_pod_httpGet.yaml
apiVersion: v1
kind: Pod
metadata:
name: httpget
spec:
containers:
- name: nginx
image: 10.0.0.14/k8s/nginx:1.14
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /index.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
創(chuàng)建pod
[root@node1 ~]# kubectl create -f nginx_pod_httpGet.yaml
pod/httpget created
查看創(chuàng)建結(jié)果
[root@node1 ~]# kubectl get pod httpget
NAME READY STATUS RESTARTS AGE
httpget 1/1 Running 0 52s
進(jìn)入pod 刪除首頁
[root@node1 ~]# kubectl exec -it httpget /bin/bash
root@httpget:/# cd usr/share/nginx/html/
root@httpget:/usr/share/nginx/html# ls
50x.html index.html
root@httpget:/usr/share/nginx/html# rm -rf index.html
root@httpget:/usr/share/nginx/html# exit
測(cè)試結(jié)果(也可以通過查看創(chuàng)建pod過程)
[root@node1 ~]# kubectl get pod httpget
NAME READY STATUS RESTARTS AGE
httpget 1/1 Running 1 3m5s
4.2.5 liveness探針的tcpSocket使用
vi nginx_pod_tcpSocket.yaml
apiVersion: v1
kind: Pod
metadata:
name: tcpSocket
spec:
containers:
- name: nginx
image: 10.0.0.14/k8s/nginx:1.14
ports:
- containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 3
periodSeconds: 3
4.3.6 readiness探針的httpGet使用
vi nginx-rc-httpGet.yaml
iapiVersion: v1
kind: ReplicationController
metadata:
name: readiness
spec:
replicas: 2
selector:
app: readiness
template:
metadata:
labels:
app: readiness
spec:
containers:
- name: readiness
image: 10.0.0.14/k8s/nginx:1.14
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /test.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
創(chuàng)建pod
[root@node1 ~/health]# kubectl create -f nginx-rc-httpGet.yaml
replicationcontroller/readiness created
查看創(chuàng)建結(jié)果
健康監(jiān)測(cè)全跨,創(chuàng)建test.html文件
[root@node1 ~/health]# kubectl exec -it readiness-29f9d /bin/bahs
OCI runtime exec failed: exec failed: container_linux.go:346: starting container process caused "exec: \"/bin/bahs\": stat /bin/bahs: no such file or directory": unknown
command terminated with exit code 126
[root@node1 ~/health]# kubectl exec -it readiness-29f9d /bin/bash
root@readiness-29f9d:/# touch /usr/share/nginx/html/test.html
root@readiness-29f9d:/# exit
exit
查看結(jié)果
