介紹:k8s是一個(gè)docker集群的管理工具
2.1 k8s的核心功能
自愈: 重新啟動(dòng)失敗的容器溺欧,在節(jié)點(diǎn)不可用時(shí)鲤拿,替換和重新調(diào)度節(jié)點(diǎn)上的容器良姆,對(duì)用戶定義的健康檢查不響應(yīng)的容器會(huì)被中止型宝,并且在容器準(zhǔn)備好服務(wù)之前不會(huì)把其向客戶端廣播。
彈性伸縮: 通過(guò)監(jiān)控容器的cpu的負(fù)載值,如果這個(gè)平均高于80%,增加容器的數(shù)量,如果這個(gè)平均低于10%,減少容器的數(shù)量
服務(wù)的自動(dòng)發(fā)現(xiàn)和負(fù)載均衡: 不需要修改您的應(yīng)用程序來(lái)使用不熟悉的服務(wù)發(fā)現(xiàn)機(jī)制畜普,Kubernetes 為容器提供了自己的 IP 地址和一組容器的單個(gè) DNS 名稱唉韭,并可以在它們之間進(jìn)行負(fù)載均衡。
滾動(dòng)升級(jí)和一鍵回滾: Kubernetes 逐漸部署對(duì)應(yīng)用程序或其配置的更改挟裂,同時(shí)監(jiān)視應(yīng)用程序運(yùn)行狀況,以確保它不會(huì)同時(shí)終止所有實(shí)例背率。 如果出現(xiàn)問(wèn)題话瞧,Kubernetes會(huì)為您恢復(fù)更改,利用日益增長(zhǎng)的部署解決方案的生態(tài)系統(tǒng)寝姿。
2.2 k8s的歷史
2014年 docker容器編排工具交排,立項(xiàng)
2015年7月 發(fā)布kubernetes 1.0, 加入cncf
2016年,kubernetes干掉兩個(gè)對(duì)手饵筑,docker swarm埃篓,mesos 1.2版
2017年
2018年 k8s 從cncf基金會(huì) 畢業(yè)
2019年: 1.13, 1.14 ,1.15
cncf cloud native compute foundation
kubernetes (k8s): 希臘語(yǔ) 舵手根资,領(lǐng)航 容器編排領(lǐng)域架专,
谷歌16年容器使用經(jīng)驗(yàn),borg容器管理平臺(tái)玄帕,使用golang重構(gòu)borg部脚,kubernetes
2.3 k8s的安裝
yum安裝 1.5 最容易安裝成功,最適合學(xué)習(xí)的
源碼編譯安裝---難度最大 可以安裝最新版
二進(jìn)制安裝---步驟繁瑣 可以安裝最新版 shell,ansible,saltstack
kubeadm 安裝最容易, 網(wǎng)絡(luò) 可以安裝最新版
minikube 適合開發(fā)人員體驗(yàn)k8s, 網(wǎng)絡(luò)
2.4 k8s的應(yīng)用場(chǎng)景
k8s最適合跑微服務(wù)項(xiàng)目!
3:k8s常用的資源
3.1 創(chuàng)建pod資源
k8s yaml的主要組成
apiVersion: v1 api版本
kind: pod 資源類型
metadata: 屬性
spec: 詳細(xì)
k8s_pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
pod資源:至少由兩個(gè)容器組成,pod基礎(chǔ)容器和業(yè)務(wù)容器組成
pod配置文件2:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
- name: busybox
image: 10.0.0.11:5000/busybox:latest
command: ["sleep","10000"]
pod是k8s最小的資源單位
3.2 ReplicationController資源
rc:保證指定數(shù)量的pod始終存活,rc通過(guò)標(biāo)簽選擇器來(lái)關(guān)聯(lián)pod
k8s資源的常見(jiàn)操作:
kubectl create -f xxx.yaml
kubectl get pod|rc
kubectl describe pod nginx
kubectl delete pod nginx
或者
kubectl delete -f xxx.yaml
kubectl edit pod nginx
創(chuàng)建一個(gè)rc
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 5
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
rc的滾動(dòng)升級(jí) 新建一個(gè)nginx-rc1.15.yaml
升級(jí) kubectl rolling-update nginx -f nginx-rc1.15.yaml --update-period=10s
回滾 kubectl rolling-update nginx2 -f nginx-rc.yaml --update-period=1s
3.3 service資源
service幫助pod暴露端口
創(chuàng)建一個(gè)service
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort #ClusterIP
ports:
- port: 80 #clusterIP
nodePort: 30000 #nodeport
targetPort: 80 #podport
selector:
app: myweb2
修改nodePort范圍
vim /etc/kubernetes/apiserver
KUBE_API_ARGS="--service-node-port-range=3000-50000"</pre>
service默認(rèn)使用iptables來(lái)實(shí)現(xiàn)負(fù)載均衡, k8s 1.8新版本中推薦使用lvs(四層負(fù)載均衡)
3.4 deployment資源
有rc在滾動(dòng)升級(jí)之后,會(huì)造成服務(wù)訪問(wèn)中斷,于是k8s引入了deployment資源
創(chuàng)建deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
resources:
limits:
cpu: 100m
requests:
cpu: 100m
deployment升級(jí)和回滾
命令行創(chuàng)建deployment
kubectl run nginx --image=10.0.0.11:5000/nginx:1.13 --replicas=3 --record
命令行升級(jí)版本
kubectl set image deploy nginx nginx=10.0.0.11:5000/nginx:1.15
查看deployment所有歷史版本
kubectl rollout history deployment nginx
deployment回滾到上一個(gè)版本
kubectl rollout undo deployment nginx
deployment回滾到指定版本
kubectl rollout undo deployment nginx --to-revision=2
3.5 tomcat+mysql練習(xí)
在k8s中容器之間相互訪問(wèn),通過(guò)VIP地址!
4:k8s的附加組件
4.1 dns服務(wù)
安裝dns服務(wù)
1:下載dns_docker鏡像包
wget [http://192.168.12.201/docker_image/docker_k8s_dns.tar.gz](http://192.168.12.201/docker_image/docker_k8s_dns.tar.gz)
2:導(dǎo)入dns_docker鏡像包(node2節(jié)點(diǎn))
3:修改skydns-rc.yaml
spec:
nodeSelector:
kubernetes.io/hostname: 10.0.0.13
containers:
4:創(chuàng)建dns服務(wù)
kubectl create -f skydns-rc.yaml
5:檢查
kubectl get all --namespace=kube-system
6:修改所有node節(jié)點(diǎn)kubelet的配置文件
vim /etc/kubernetes/kubelet
KUBELET_ARGS="--cluster_dns=10.254.230.254 --cluster_domain=cluster.local"
systemctl restart kubelet
4.2 namespace命令空間
namespace做資源隔離
4.3 健康檢查
4.3.1 探針的種類
livenessProbe:健康狀態(tài)檢查裤纹,周期性檢查服務(wù)是否存活委刘,檢查結(jié)果失敗,將重啟容器
readinessProbe:可用性檢查鹰椒,周期性檢查服務(wù)是否可用锡移,不可用將從service的endpoints中移除
4.3.2 探針的檢測(cè)方法
* exec:執(zhí)行一段命令
* httpGet:檢測(cè)某個(gè) http 請(qǐng)求的返回狀態(tài)碼
* tcpSocket:測(cè)試某個(gè)端口是否能夠連接
4.3.3 liveness探針的exec使用
vi nginx_pod_exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: exec
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5
periodSeconds: 5
4.3.4 liveness探針的httpGet使用
vi nginx_pod_httpGet.yaml
apiVersion: v1
kind: Pod
metadata:
name: httpget
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /index.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
4.3.5 liveness探針的tcpSocket使用
vi nginx_pod_tcpSocket.yaml
apiVersion: v1
kind: Pod
metadata:
name: tcpSocket
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 3
periodSeconds: 3
4.3.6 readiness探針的httpGet使用
vi nginx-rc-httpGet.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: readiness
spec:
replicas: 2
selector:
app: readiness
template:
metadata:
labels:
app: readiness
spec:
containers:
- name: readiness
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /qiangge.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
4.4 dashboard服務(wù)
1:上傳并導(dǎo)入鏡像,打標(biāo)簽
2:創(chuàng)建dashborad的deployment和service
3:訪問(wèn)[http://10.0.0.11:8080/ui/](http://10.0.0.11:8080/ui/)
4.5 通過(guò)apiservicer反向代理訪問(wèn)service
第一種:NodePort類型
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30008
?
第二種:ClusterIP類型
type: ClusterIP
ports:
- port: 80
targetPort: 80</pre>
5: k8s彈性伸縮
k8s彈性伸縮,需要附加插件heapster監(jiān)控
5.1 安裝heapster監(jiān)控
1:上傳并導(dǎo)入鏡像,打標(biāo)簽
ls *.tar.gz for n in `ls *.tar.gz`;do docker load -i $n ;done docker tag docker.io/kubernetes/heapster_grafana:v2.6.0 10.0.0.11:5000/heapster_grafana:v2.6.0 docker tag docker.io/kubernetes/heapster_influxdb:v0.5 10.0.0.11:5000/heapster_influxdb:v0.5 docker tag docker.io/kubernetes/heapster:canary 10.0.0.11:5000/heapster:canary
2:上傳配置文件,kubectl create -f .
3:打開dashboard驗(yàn)證
5.2 彈性伸縮
1:修改rc的配置文件
containers:
- name: myweb
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
resources:
limits:
cpu: 100m
requests:
cpu: 100m
2:創(chuàng)建彈性伸縮規(guī)則
kubectl autoscale -n qiangge replicationcontroller myweb --max=8 --min=1 --cpu-percent=8
3:測(cè)試
ab -n 1000000 -c 40 [http://172.16.28.6/index.html](http://172.16.28.6/index.html)
ab -n 300000 -c 100 [http://172.16.23.14/index.html](http://172.16.23.14/index.html)
擴(kuò)容截圖
image.png
image.png
縮容:
image.png
image.png
image.png
6:持久化存儲(chǔ)
pv: persistent volume 全局的資源 pv,node
pvc: persistent volume claim 局部的資源(namespace)pod漆际,rc淆珊,svc
6.1:安裝nfs服務(wù)端(10.0.0.11)
yum install nfs-utils.x86_64 -y (所有節(jié)點(diǎn))
mkdir /data
vim /etc/exports
/data 10.0.0.0/24(rw,async,no_root_squash,no_all_squash)
systemctl start rpcbind
systemctl start nfs
6.2:在node節(jié)點(diǎn)安裝nfs客戶端
yum install nfs-utils.x86_64 -y
showmount -e 10.0.0.11
6.3:創(chuàng)建pv和pvc
上傳yaml配置文件,創(chuàng)建pv和pvc
6.4:創(chuàng)建mysql-rc,pod模板里使用volume
volumeMounts:
- name: mysql
mountPath: /var/lib/mysql
volumes:
- name: mysql
persistentVolumeClaim:
claimName: tomcat-mysql
6.5: 驗(yàn)證持久化
驗(yàn)證方法1:刪除mysql的pod,數(shù)據(jù)庫(kù)不丟
kubectl delete pod mysql-gt054
驗(yàn)證方法2:查看nfs服務(wù)端,是否有mysql的數(shù)據(jù)文件
image.png
6.6: 分布式存儲(chǔ)glusterfs
image.png
- a: 什么是glusterfs
Glusterfs是一個(gè)開源分布式文件系統(tǒng),具有強(qiáng)大的橫向擴(kuò)展能力奸汇,可支持?jǐn)?shù)PB存儲(chǔ)容量和數(shù)千客戶端施符,通過(guò)網(wǎng)絡(luò)互
聯(lián)成一個(gè)并行的網(wǎng)絡(luò)文件系統(tǒng)。具有可擴(kuò)展性擂找、高性能戳吝、高可用性等特點(diǎn)。
- b: 安裝glusterf
所有節(jié)點(diǎn):
yum install centos-release-gluster -y
yum install glusterfs-server -y
systemctl start glusterd.service
systemctl enable glusterd.service
mkdir -p /gfs/test1
mkdir -p /gfs/test2
- c: 添加存儲(chǔ)資源池
master節(jié)點(diǎn):
gluster pool list
gluster peer probe k8s-node1
gluster peer probe k8s-node2
gluster pool list
- d: glusterfs卷管理
創(chuàng)建分布式復(fù)制卷
gluster volume create qiangge replica 2 k8s-master:/gfs/test1 k8s-master:/gfs/test2 k8s- node1:/gfs/test1 k8s-node1:/gfs/test2 force
啟動(dòng)卷
gluster volume start qiangge
查看卷
gluster volume info qiangge
掛載卷
[root@glusterfs01 ~]# mount -t glusterfs 10.0.0.14:/qiangge /mnt
[root@glusterfs01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 48G 1.8G 47G 4% /
/dev/sdb 10G 33M 10G 1% /gfs/test1
/dev/sdc 10G 33M 10G 1% /gfs/test2
10.0.0.14:/qiangge 30G 404M 30G 2% /mnt
- e: 分布式復(fù)制卷講解
image.png
- f: 分布式復(fù)制卷擴(kuò)容
擴(kuò)容前查看容量:
df -h
擴(kuò)容命令:
gluster volume add-brick qiangge k8s-node2:/gfs/test1 k8s-node2:/gfs/test2 force
擴(kuò)容后查看容量:
[root@glusterfs01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 48G 1.8G 47G 4% /
/dev/sdb 10G 33M 10G 1% /gfs/test1
/dev/sdc 10G 33M 10G 1% /gfs/test2
10.0.0.14:/qiangge 30G 404M 30G 2% /mnt
6.7 k8s 對(duì)接glusterfs存儲(chǔ)
- a:創(chuàng)建endpoint
vi glusterfs-ep.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: glusterfs
namespace: default
subsets:
- addresses:
- ip: 10.0.0.11
- ip: 10.0.0.12
- ip: 10.0.0.13
ports:
- port: 49152
protocol: TCP
- b: 創(chuàng)建service
vi glusterfs-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: glusterfs
namespace: default
spec:
ports:
- port: 49152
protocol: TCP
targetPort: 49152
sessionAffinity: None
type: ClusterIP
- c: 創(chuàng)建gluster類型pv
apiVersion: v1
kind: PersistentVolume
metadata:
name: gluster
labels:
type: glusterfs
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: "glusterfs"
path: "qiangge"
readOnly: false
- d: 創(chuàng)建pvc
vim gluster_pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gluster
spec:
selector:
matchLabels:
type: glusterfs
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
- e:在pod中使用gluster
vi nginx_pod.yaml
……
volumeMounts:
- name: nfs-vol2
mountPath: /usr/share/nginx/html
volumes:
- name: nfs-vol2
persistentVolumeClaim:
claimName: gluster
7:與jenkins集成實(shí)現(xiàn)ci/cd
| ip地址 | 服務(wù) | 內(nèi)存 |
|---|---|---|
| 10.0.0.11 | kube-apiserver 8080 | 1G |
| 10.0.0.14 | jenkins(tomcat + jdk) 8080 | 1G |
| 10.0.0.15 | gitlab 8080,80 | 2G |
7.1: 安裝gitlab并上傳代碼
#a:安裝
wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm
yum localinstall gitlab-ce-11.9.11-ce.0.el7.x86_64.rpm -y
#b:配置
vim /etc/gitlab/gitlab.rb
external_url 'http://10.0.0.15'
prometheus_monitoring['enable'] = false
#c:應(yīng)用并啟動(dòng)服務(wù)
gitlab-ctl reconfigure
#使用瀏覽器訪問(wèn)http://10.0.0.15,修改root用戶密碼,創(chuàng)建project
#上傳代碼到git倉(cāng)庫(kù)
cd /srv/
rz -E
unzip xiaoniaofeifei.zip
rm -fr xiaoniaofeifei.zip
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
git init
git remote add origin http://10.0.0.15/root/xiaoniao.git
git add .
git commit -m "Initial commit"
git push -u origin master
mv xiaoniaofeifei.zip /srv/
1.Git global setup
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
2.Create a new repository
git clone http://10.0.0.15/root/xiaoniao.git
cd xiaoniao
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master
3.Existing folder
cd existing_folder
git init
git remote add origin http://10.0.0.15/root/xiaoniao.git
git add .
git commit -m "Initial commit"
git push -u origin master
4.Existing Git repository
cd existing_repo
git remote rename origin old-origin
git remote add origin http://10.0.0.15/root/xiaoniao.git
git push -u origin --all
git push -u origin --tags
7.2 安裝jenkins,并自動(dòng)構(gòu)建docker鏡像
1:安裝jenkins
cd /opt/
rz -E
rpm -ivh jdk-8u102-linux-x64.rpm
mkdir /app
tar xf apache-tomcat-8.0.27.tar.gz -C /app
rm -fr /app/apache-tomcat-8.0.27/webapps/*
cp jenkins.war /app/apache-tomcat-8.0.27/webapps/ROOT.war
tar xf jenkin-data.tar.gz -C /root
/app/apache-tomcat-8.0.27/bin/startup.sh
netstat -lntup
2:訪問(wèn)jenkins
訪問(wèn)[http://10.0.0.14:8080/,](http://10.0.0.14:8080/,)默認(rèn)賬號(hào)密碼admin:123456
3:配置jenkins拉取gitlab代碼憑據(jù)
a:在jenkins上生成秘鑰對(duì)
ssh-keygen -t rsa
b:復(fù)制公鑰粘貼gitlab上
image.png
c:jenkins上創(chuàng)建全局憑據(jù)
image.png
4:拉取代碼測(cè)試
image.png
5:編寫dockerfile并測(cè)試
vim dockerfile
FROM 10.0.0.11:5000/nginx:1.13
add . /usr/share/nginx/html
#添加docker build構(gòu)建時(shí)不add的文件
vim .dockerignore
dockerfile
docker build -t xiaoniao:v1 .
docker run -d -p 88:80 xiaoniao:v1
打開瀏覽器測(cè)試訪問(wèn)xiaoniaofeifei的項(xiàng)目
image.png
6:上傳dockerfile和.dockerignore到私有倉(cāng)庫(kù)
git add docker .dockerignore
git commit -m "fisrt commit"
git push -u origin master
image.png
7:點(diǎn)擊jenkins立即構(gòu)建,自動(dòng)構(gòu)建docker鏡像并上傳到私有倉(cāng)庫(kù)
修改jenkins 工程配置
image.png
docker build -t 10.0.0.11:5000/test:v$BUILD_ID .
docker push 10.0.0.11:5000/test:v$BUILD_ID
7.3 jenkins自動(dòng)部署應(yīng)用到k8s
kubectl -s 10.0.0.11:8080 get nodes
shell
if [ -f /tmp/xiaoniao.lock ];then
docker build -t 10.0.0.11:5000/xiaoniao:v$BUILD_ID .
docker push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
kubectl -s 10.0.0.11:8080 set image -n xiaoniao deploy xiaoniao xiaoniao=10.0.0.11:5000/xiaoniao:v$BUILD_ID
echo "更新成功"
else
docker build -t 10.0.0.11:5000/xiaoniao:v$BUILD_ID .
docker push 10.0.0.11:5000/xiaoniao:v$BUILD_ID
kubectl -s 10.0.0.11:8080 create namespace xiaoniao
kubectl -s 10.0.0.11:8080 run xiaoniao -n xiaoniao --image=10.0.0.11:5000/xiaoniao:v$BUILD_ID --replicas=3 --record
kubectl -s 10.0.0.11:8080 expose -n xiaoniao deployment xiaoniao --port=80 --type=NodePort
port=`kubectl -s 10.0.0.11:8080 get svc -n xiaoniao|grep -oP '(?<=80:)\d+'`
echo "你的項(xiàng)目地址訪問(wèn)是http://10.0.0.13:$port"
touch /tmp/xiaoniao.lock
fi
image.png
jenkins一鍵回滾
kubectl -s 10.0.0.11:8080 rollout undo -n xiaoniao deployment xiaoniao
image.png
image.png
