1.k8s是什么?
Kubernetes是用于配置,管理和扩展应用程序的容器编排软件。 换句话说,Kubernetes允许您管理集群中的容器化应用程序(例如VM集群或物理计算机集群中的容器应用)的生命周期。
一个应用程序可能需要许多其他资源才能运行,例如卷,网络和Secrets信息,这些资源将帮助完成诸如连接数据库,与防火墙后端通信以及保护密钥之类的事情。 Kubernetes可以帮助将这些资源添加到应用程序中。应用程序所需的基础结构资源以声明方式进行管理。
像Apache Mesos和Docker Swarm一样,Kubernetes是一个容器编排器,用于供应,管理和扩展应用程序。
The key paradigm of Kubernetes is its declarative model. The user provides the desired state and Kubernetes will do its best to make it happen. If you need five instances, you do not start five separate instances on your own but rather tell Kubernetes that you need five instances, and Kubernetes will reconcile the state automatically. At this point, you simply need to know that you declare the state that you want and Kubernetes makes that happen. If something goes wrong with one of your instances and it crashes, Kubernetes still knows the desired state and creates new instances on an available node.
Kubernetes的关键范例是其声明模型(declarative model)。用户提供所需的状态,Kubernetes会尽力做到这一点。如果您需要五个实例,则不必自己启动五个单独的实例,而是告诉Kubernetes您需要五个实例,Kubernetes会自动协调状态。此时,您只需要知道您声明了所需的状态,Kubernetes便会做到这一点。如果您的一个实例出了问题并且崩溃了,Kubernetes仍然知道所需的状态并在可用节点上创建新实例。
Kubernetes是由社区开发的,旨在解决容器扩展和管理需求。
2.k8s架构
Kubernetes的核心是数据存储(存储数据使用的是etcd数据库)。 声明性模型(declarative model)作为对象(object)存储在数据存储中,这意味着当您说要使用一个容器的五个实例时,该请求将存储在数据库etcd中。 请求信息的更改会被监视,而且请求会被委派给控制器以采取措施。 控制器会对(declarative model)模型做出反应,并尝试采取措施以达到所需状态。 Kubernetes的强大之处在于其简单的模型。
在下图中,API服务器是一个简单的HTTP服务器,用于处理数据存储上的创建/读取/更新/删除(CRUD)操作。 控制器会确定您想要的更改,然后进行更改。
控制器负责实例化任何Kubernetes资源所代表的实际资源。 这些实际资源是您的应用程序成功运行所需要的。
3.k8s资源模型
参考资料:https://kubernetes.io/docs/concepts/
Kubernetes基础架构为每种目的定义了一种资源。 每个资源均由控制器监视和处理。 定义应用程序时,它包含这些资源的集合。 然后,控制器将读取此集合以构建应用程序的actual backing instances。
k8s里面的一些资源resource的解释:
Config maps: holds configuration data for pods to consume
Daemon sets: ensures that each node in the cluster runs this pod
Deployments: defines a desired state of a deployment object
Events: provides life cycle events on pods and other deployment objects
Endpoints: allows an inbound connections to reach the cluster services
Ingress: a collection of rules that allows inbound connections to reach the cluster services
Jobs: creates one or more pods and when they complete successfully, the job is marked as completed
Node: a worker machine in Kubernetes
Namespaces: multiple virtual clusters backed by the same physical cluster
Pods: the smallest deployable units of computing that can be created and managed in Kubernetes
Persistent volumes: provides an API for users and administrators to abstract details about how storage is provided from how it is consumed
Replica sets: ensures that a specified number of pod replicas are running at any given time
Secrets: holds sensitive information, such as passwords, OAuth tokens, and SSH keys
Service accounts: provides an identity for processes that run in a pod
Services: an abstraction that defines a logical set of pods and a policy by which to
access them, sometimes called a microservice
Stateful sets: the workload API object that manages stateful applications
4.pod是什么?
pod是您可以创建和运行的最小的对象模型。可以给pod添加一个label。当准备扩展应用程序时,可以使用label来告诉Kubernetes需要扩展哪个Pod。pod通常代表集群中的一个进程。 Pod至少包含一个运行job的容器,此外,其中可能还包含称为“sidecars”的其他容器,比如用于监视的容器,记录日志的容器等。本质上,pod是一组容器。
一个app通常是一组Pod组成的。尽管整个应用程序可以在单个Pod中运行,但是通常会构建多个Pod,这些Pod可以相互通信以创建有用的应用程序。
Best practice:在构建应用程序时将应用程序逻辑和后端数据库分为单独的Pod可以方便后期更好地进行扩展。
Kubernetes可以人通过Kubectl命令修改数据库etcd中的模型来管理应用程序以及管理集群和集群资源。
命令:
kubectl(创建|获取|应用|删除)-f myResource.yaml //通常通过YAML来直接操纵资源更加简单。
Kubernetes使用可用性检查(活动性探针(liveness probes) )来知道何时重新启动容器。 例如,活动性探针可以捕获正在运行应用程序的死锁。 在这种状态下重新启动容器可以帮助使应用程序更有效的运行,尽管可能存在错误。
另外,Kubernetes使用就绪检查来了解容器何时准备开始接受流量。 当pod里面的所有容器都准备就绪时,将其视为就绪。 此检查的一种用途是控制将哪些pod用作服务的后端。 如果未准备好pod,则将其从负载均衡器中卸下。
5.应用是如何被deploy到k8s环境中的?
- The user deploys a new app by using the kubectl CLI. Kubectl sends the request to the API server.
- The API server receives the request and stores it in the data store (etcd). After the request is written to the data store, the API server is done with the request.
- Watchers detect the resource changes and send notifications to the Controller to act on those changes.
- The Controller detects the new app and creates new pods to match the desired number of instances. Any changes to the stored model will be used to create or delete pods.
- The Scheduler assigns new pods to a node based on specific criteria. The Scheduler decides on whether to run pods on specific nodes in the cluster. The Scheduler modifies the model with the node information.
- A Kubelet on a node detects a pod with an assignment to itself and deploys the requested containers through the container runtime, for example, Docker. Each node watches the storage to see what pods it is assigned to run. The node takes necessary actions on the resources assigned to it such as to create or delete pods.
- Kubeproxy manages network traffic for the pods, including service discovery and load balancing. Kubeproxy is responsible for communication between pods that want to interact.