Pod
sh
kubectl explain pod
# 看下一级属性
kubectl explain pod.metadatapod相关配置
yaml
apiVersion: v1 # required version
kind: Pod # required type
metadata: # required metadata
name: my-pod # required name
namespace: my-namespace # optional namespace, defaults to default
labels: # optional labels
- name: my-app # optional label
spec: # required specification
containers: # required containers
- name: my-container # required container name
image: my-image # required container image
imagePullPolicy: IfNotPresent # optional image pull policy
commands: [string] # optional commands
args: [string] # optional arguments lists
workingDir: string # optional working directory
volumeMounts: # optional volume mounts
- name: my-volume # required volume mount name
mountPath: string # required mount path
subPath: string # optional sub path
readOnly: boolean # optional read only flag
ports: # optional ports
- name: my-port # optional port name
containerPort: int # required container port
hostPort: int # optional host port
protocol: string # optional protocol
hostIP: string # optional host IP
env: # optional environment variables
- name: MY_ENV_VAR # required environment variable name
value: string # optional environment variable value
resources: # optional resources
limits: # optional resource limits
cpu: string # optional CPU limit
memory: string # optional memory limit
requests: # optional resource requests
cpu: string # optional CPU request
memory: string # optional memory request
lifecycle: # optional lifecycle
postStart: # optional post start handler
preStop: # optional pre stop handler
livenessProbe: # optional liveness probe
exec: # optional exec probe
command: [string] # required command
httpGet: # optional HTTP get probe
path: string # required path
port: int # required port
host: string # optional host
scheme: string # optional scheme
httpHeaders: # optional HTTP headers
- name: string # required header name
value: string # optional header value
tcpSocket: # optional TCP socket probe
port: number
initialDelaySeconds: int # optional initial delay seconds
timeoutSeconds: int # optional timeout seconds
periodSeconds: int # optional period seconds
successThreshold: int # optional success threshold
failureThreshold: int # optional failure threshold
securityContext: # optional security context
priviliged: bool # optional privileged
restartPolicy: [Always | OnFailure | Never] # optional restart policy
nodeName: < string > # optional node name
nodeSelector: object # optional node selector
imagePullSecret: # optional image pull secret
- name: < string >
emptyDir: {} # optional emptyDir
hostPath: string # optional hostPath
path: string # optional path
secret: # optional secret
scretname: string # optional secret name
items: # optional items
- key: string # required key
path: string # required path
configMap: # optional configMap
name: string # required configMap name
items: # optional items
- key: string # required key
path: string # required path定义
一级属性
- apiVersion:版本,
kubectl api-versions查看 - kind:类型,
kubectl api-resources查看 - metadata <Object>: 元数据,对资源的描述,常有name、namespace、labels等属性描述
- spec <Object>:描述,对各种资源描述
- status <Object>:状态信息,kubernetes自动定义
spec
- containers <[]Object>:容器列表
- nodeName <string>:根据nodeName的值将pod调度到指定的Node节点上
- nodeSelector <map[]>:根据NodeSelector中定义的信息选择将该Pod调度到包含这些Label的node上
- hostNetwork <boolean>:是否使用主机网络模式,默认为false,如果设为true,表示使用宿主机网络
- volumes <[]Object>:存储卷,用于定义pod上面挂载的存储信息
- restartPolicy <string>:重启策略,表示pod在遇到故障的时候的处理策略
Pod配置
pod.spec.containers
sh
# 查看属性
kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
FIELDS:基本配置
pod-base.yaml
yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-base
namespace: default
labels:
app: pod-base
spec:
containers:
- name: nginx
image: nginx:latest
imagepullPolicy: IfNotPresent # 根据版本号,具体版本号,默认IfNotPresent,Latest是always,Never永远是本地
ports:
- containerPort: 80
resources:
requests: # 设置资源最小需求,不够则无法启动
cpu: '2'
memory: '100Mi'
limits: # 设置资源最大占用,超过则终止重启
cpu: '3'
memory: '200Mi'
- name: busybox
image: busybox:latest启动
sh
# 启动
kubectl apply -f pod.yaml
# check
kubectl get pod -n dev -o wide
kubectl describe pod pod-base -n dev
# 进入查看某个容器
kubectl exec pod-command -n dev -it -c busybox /bin/sh
# 监听 -w
kubectl get pod -n dev -o wide -w
# 添加 IP
ifconfig enp0s8:1 192.168.109.201 netmask 255.255.255.0 up控制器
ReplicaSet(RS)
Deployment(Deploy)
Horizontal Pod Autoscaler(HPA)
安装mertics-server
metrics-server可以用来收集集群中的资源使用情况
sh
# 克隆指定版本,metrics-server
git clone -b v0.3.6 https://github.com/kubernetes-incubator/metrics-serverDaemonSet(DS)
Job
CronJob(CJ)
StatfulSet
services
流量负载组件:Service(四层)和Ingress(七层 )
sh
# 192.168.109.100:80 是Service提供的访问入口
# 当访问这个入口的时候,可以发现后面三个pod的服务在等待调用
# kube-proxy会基于rr(轮询)的策略,将请求分发到其中的一个pod上去
# 这个规则会同时在集群内的所有节点上都生成,所以在任何一个节点上访问都可以
# 查看转发规则
ipvsadm -Lnkube-proxy的三种模式
userspace用户空间
iptables
ipvs
sh
# 此模式必须安装ipvs内核模块,否则会降级为iptables
# 开启ipvs
# 修改里边 model: "ipvs"
kubectl edit cm kube-proxy -n kube-system
kubectl delete pod -l k8s-app=kube-proxy -n kube-system
ipvsadm -Lnservice类型
yaml
apiVersion: v1
kind: Service
metadata:
name: serivice
namespace: dev
spec:
selector:
app: pod
type: LoadBalancer
clusterIP: 10.0.0.1
sessionAffinity:
ports:
- protocol: TCP
port: 80
targetPort: 8080
nodePort: 30001 # 30000-32767四种服务类型
- CLusterIP: 默认值,自动分配虚拟IP,只能在集群内部使用
- NodePort: 将Service通过指定的Node上的端口暴露给外部,通过此方法,就可以在集群外部访问服务
- LoadBalancer: 使用外接负载均衡器完成到服务的负载均衡,此模式需要外部云环境支持
- ExternalName: 把集群外部的服务引入集群内部,直接使用
搭建ingress环境
sh
# 创建文件夹
mkdir ingress-controller
cd ingress-controller
# 获取ingress-nginx
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/provider/baremetal/service-nodeport.yaml
# 运行
kubectl apply -f ./
# 查看ingress-nginx
kubectl get svn -n ingress-nginxhttps代理
sh
# 生成证书
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ=O=nginx/CN=itheima.com"
# 创建秘钥 tls-secret 为证书名字,在yaml文件中使用
kubectl create secret tls tls-secret --key tls.key --cert tls.crt