kubernetes基础
master/node:
master:API server,Scheduler,Controller-Manager,etcd
node:kubelet,docker,kube-proxy
POD,Label,Label Selector
Label:key=value
Label seclector:
Pod:
自主式pod
控制器管理的Pod:
Replication Controller
ReplicaSet
Deployment
StatefulSet
DaemonSet
Job,Ctonjob
CNI:
flannel:网络配置
calico:网络配置,网络策略
canel:
资源:对象
workload:运行应用程序,提供服务,如Pod,ReplicaSet,Deployoment,StatefulSet,DaemonSet,Job,Cronjob
服务发现及均衡:Service,Ingress,
配置及存储:Volume,CSI
COnfigMap.Secret
DownwardAPI
集群级资源:
Namespace,Node,Role,ClusterRole,ClusterRoleBinding
元数据型资源:
HPA,PodTemplate,LimitRange
创建资源的方法:
apiserver仅接收json格式的资源定义;
yaml格式提供的配置清单,apiserver可自动将其转换为json格式
大部分资源配置清单结构:
apiVserfion:group/version
kind:资源类别
metadata:元数据
labels:标签
name:
namespace:
annotations
每个资源引用的PATH
/api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
/api/v1/namespaces/default/pods/nginx-deploy-54d6d94f75-qn2tq
spc:期望的状态,disired state
status:当前的状态,current state,本字段有kubernetes集群维护;
kubectl explain pods #查看Pod有字段信息
kubectl explain pods.apiVeersion #查看Pod的apiVeersion有字段信息
标签:
key=value
key:字母、数字、下划线....
value:可以为空,只能字母,数字开头及结尾
标签选择器:
等值关系:=,==,!=
集合关系:
KEY in (value1,value3,...)
KEY notin (value1,value3,...)
KEY
!KEY
许多资源支持内嵌字段定义其使用的标签选择器:
mathchLabels:直接给定键值
mathchExpressions:基于给定的表达式来定义使用标签选择器,{key:"KEY", operator:"OPERATOR",values:[VALUE1,VALUE2,...]}
操作符:
In,NotIn:values字段的值必须为非空列表;
Exists,NotExists:values字段的值吸引为空列表;
节点选择器:
nodeSelector <map[string] string>
nodeSelector:
resource_type:NA_Container
annotations:资源注解
与label不同的地方在于,它不能用于挑选资源对象,仅用于为对象提供“元数据”。
Pod生命周期:
状态:Pending,Running,Failed,Succeeded,Unknown
创建Pod:api,etcd,schdule
Pod生命中的重要行为;
初始化容器;
容器探测:liveness probe:探测pod是否存活
readiness probe:探测容器能否提供服务
restartPolicy:针对pod
Always,OnFailure,Never;default to always
探针类型有三种(针对container):kubectl explain pods.spec.containers
ExecAction,TCPSocketAction,HTTPGetAction
spec:
containers
nodeSelector
nodeName
restartPolicy
Always,Never,OnFailure
containers:
name
image
imagePullPolicy: Always,Never,IfNotPresent
ports:
name
containerPort
livenessProbe
readinessProbe
liftcycle
ExecAction:exec
TCPSocketAction:tcpSocket
HTTPGetAction:httpGet
------------------------
kubectl api-versions 查看api版本信息 @aiph:内测版;beta:公测版;stable:稳定版
# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
......
#自定义pod yaml文件
# vi pod-demo.yaml
apiVsersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
annotations:
cluster.com/created-by: "cluster domain"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
nodeSelector:
resource_type:NA_Container
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
command: #或["/bin/bash","-c","sleep 5"]
- "/bin/bash"
- "-c"
- "sleep 5"
command: ["/bin/sh","-C","touch /tmp/checkhealthy","sleep 30","rm -rf /tmp/checkhealthy","sleep 360"]
livenessProbe:
exec:
command:["test","-e","/tmp/checkhealthy"]
initialDelaySeconds: 1
periodSeconds: 3
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
readinessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
lifecycle:
postStart:
exec:
command:["/bin/sh","-c","mkdir -p /data/web/html;echo Web_Home_Page >>/data/web/html/index.html"]
command: ["/bin/httpd"]
args: ["-f","-h /data/web/html"]
initialDelaySeconds: 1
periodSeconds: 3
--------
根据自定义的yaml创建pod:
# kubectl create -f pod-demo.yaml
# kubectl get pods
pod-demo 1/2 CrashLoopBackOff 6 8m31s app=myapp,tier=frontend
# kubectl describe pod pod-demo
# kubectl logs pod-demo myapp #查看日志
# curl 10.244.3.3 #访问刚创建的pod-demo中的myapp
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
# kubectl logs pod-demo busybox
删除yaml自定义创建的Pod
# kubectl delete -f pod-demo.yaml
根据标签过滤:
# kubectl get pods -l app 过滤出标签中带有app的
# kubectl get pods -l app --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-demo 1/2 RunContainerError 21 84m app=myapp,tier=frontend
# kubectl get pods -L app,run #多个标签
NAME READY STATUS RESTARTS AGE APP RUN
nginx-deploy-54d6d94f75-qn2tq 1/1 Running 0 5h2m nginx-deploy
pod-demo 1/2 CrashLoopBackOff 21 85m myapp
打标签或修改标签:
kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-deploy-54d6d94f75-qn2tq 1/1 Running 0 5h8m pod-template-hash=54d6d94f75,run=nginx-deploy
pod-demo 1/2 ErrImagePull 3 2m7s app=myapp,tier=frontend
# kubectl label pod pod-demo release=cannary
# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-deploy-54d6d94f75-qn2tq 1/1 Running 0 5h10m pod-template-hash=54d6d94f75,run=nginx-deploy
pod-demo 1/2 ErrImagePull 3 4m7s app=myapp,release=cannary,tier=frontend
# kubectl label pod pod-demo release=stable --overwrite
# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-deploy-54d6d94f75-qn2tq 1/1 Running 0 5h12m pod-template-hash=54d6d94f75,run=nginx-deploy
pod-demo 1/2 CrashLoopBackOff 3 6m1s app=myapp,release=stable,tier=frontend
节点选择器:
nodeSelector在yaml文件中,与 containers字段平级,
# kubectl label node vm1.cluster.com resource_type=NA_Container
在yaml文件中指定pod将分配到指定类型的节点上:如pod将被分配到label中有NA_Container的节点上
nodeSelector:
resource_type:NA_Container
分配到指定的节点上:
nodeName string
资源配置清单结构:pod详细信息
# kubectl get pod nginx-deploy-54d6d94f75-qn2tq -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2019-04-06T00:38:24Z"
generateName: nginx-deploy-54d6d94f75-
labels:
pod-template-hash: 54d6d94f75
run: nginx-deploy
name: nginx-deploy-54d6d94f75-qn2tq
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-deploy-54d6d94f75
uid: e68bfe73-57c6-11e9-835d-000c29447357
resourceVersion: "72483"
selfLink: /api/v1/namespaces/default/pods/nginx-deploy-54d6d94f75-qn2tq
uid: 49651e53-5804-11e9-835d-000c29447357
spec:
containers:
- image: nginx:1.14-alpine
imagePullPolicy: IfNotPresent
name: nginx-deploy
ports:
- containerPort: 8080
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-kctgz
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: vm2.cluster.com
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-kctgz
secret:
defaultMode: 420
secretName: default-token-kctgz
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-04-06T11:29:30Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-04-06T11:29:51Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-04-06T11:29:51Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-04-06T02:26:49Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://d65ea401d5953938dfa9d7054c04314a9649809baf5dc76e40efbed7dcd4817d
image: nginx:1.14-alpine
imageID: docker-pullable://nginx@sha256:b67e90a1d8088f0e205c77c793c271524773a6de163fb3855b1c1bedf979da7d
lastState: {}
name: nginx-deploy
ready: true
restartCount: 0
state:
running:
startedAt: "2019-04-06T11:29:51Z"
hostIP: 192.168.31.22
phase: Running
podIP: 10.244.3.2
qosClass: BestEffort
startTime: "2019-04-06T11:29:30Z"
#######
apiVersion: v1 #必选,版本号,例如v1,版本号必须可以用 kubectl api-versions 查询到 .
kind: Pod #必选,Pod
metadata: #必选,元数据
name: string #必选,Pod名称
namespace: string #必选,Pod所属的命名空间,默认为"default"
labels: #自定义标签
- name: string #自定义标签名字
annotations: #自定义注释列表
- name: string
spec: #必选,Pod中容器的详细定义
containers: #必选,Pod中容器列表
- name: string #必选,容器名称,需符合RFC 1035规范
image: string #必选,容器的镜像名称
imagePullPolicy: [ Always|Never|IfNotPresent ] #获取镜像的策略 Alawys表示下载镜像 IfnotPresent表示优先使用本地镜像,否则下载镜像,Nerver表示仅使用本地镜像
command: [string] #容器的启动命令列表,如不指定,使用打包时使用的启动命令
args: [string] #容器的启动命令参数列表
workingDir: string #容器的工作目录
volumeMounts: #挂载到容器内部的存储卷配置
- name: string #引用pod定义的共享存储卷的名称,需用volumes[]部分定义的的卷名
mountPath: string #存储卷在容器内mount的绝对路径,应少于512字符
readOnly: boolean #是否为只读模式
ports: #需要暴露的端口库号列表
- name: string #端口的名称
containerPort: int #容器需要监听的端口号
hostPort: int #容器所在主机需要监听的端口号,默认与Container相同
protocol: string #端口协议,支持TCP和UDP,默认TCP
env: #容器运行前需设置的环境变量列表
- name: string #环境变量名称
value: string #环境变量的值
resources: #资源限制和请求的设置
limits: #资源限制的设置
cpu: string #Cpu的限制,单位为core数,将用于docker run --cpu-shares参数
memory: string #内存限制,单位可以为Mib/Gib,将用于docker run --memory参数
requests: #资源请求的设置
cpu: string #Cpu请求,容器启动的初始可用数量
memory: string #内存请求,容器启动的初始可用数量
livenessProbe: #对Pod内各容器健康检查的设置,当探测无响应几次后将自动重启该容器,检查方法有exec、httpGet和tcpSocket,对一个容器只需设置其中一种方法即可
exec: #对Pod容器内检查方式设置为exec方式
command: [string] #exec方式需要制定的命令或脚本
httpGet: #对Pod内个容器健康检查方法设置为HttpGet,需要制定Path、port
path: string
port: number
host: string
scheme: string
HttpHeaders:
- name: string
value: string
tcpSocket: #对Pod内个容器健康检查方式设置为tcpSocket方式
port: number
initialDelaySeconds: 0 #容器启动完成后首次探测的时间,单位为秒
timeoutSeconds: 0 #对容器健康检查探测等待响应的超时时间,单位秒,默认1秒
periodSeconds: 0 #对容器监控检查的定期探测时间设置,单位秒,默认10秒一次
successThreshold: 0
failureThreshold: 0
securityContext:
privileged: false
restartPolicy: [Always | Never | OnFailure] #Pod的重启策略,Always表示一旦不管以何种方式终止运行,kubelet都将重启,OnFailure表示只有Pod以非0退出码退出才重启,Nerver表示不再重启该Pod
nodeSelector: obeject #设置NodeSelector表示将该Pod调度到包含这个label的node上,以key:value的格式指定
imagePullSecrets: #Pull镜像时使用的secret名称,以key:secretkey格式指定
- name: string
hostNetwork: false #是否使用主机网络模式,默认为false,如果设置为true,表示使用宿主机网络
volumes: #在该pod上定义共享存储卷列表
- name: string #共享存储卷名称 (volumes类型有很多种)
emptyDir: {} #类型为emtyDir的存储卷,与Pod同生命周期的一个临时目录。为空值
hostPath: string #类型为hostPath的存储卷,表示挂载Pod所在宿主机的目录
path: string #Pod所在宿主机的目录,将被用于同期中mount的目录
secret: #类型为secret的存储卷,挂载集群与定义的secre对象到容器内部
scretname: string
items:
- key: string
path: string
configMap: #类型为configMap的存储卷,挂载预定义的configMap对象到容器内部
name: string
items:
- key: string
path: string