k8s基础
1.各组件作用及部署
Master组件:
kube-apiserver:集群统一入口,各组件协调者,以HTTP API 提供接口服务,所有对象资源的增删改查和监听操作都交给APIServer处理后再提交给etcd存储
kube-controller-manager:处理集群中常规后台任务,一个资源对应一个控制器,而ControllerManager就是负责管理这些控制器的。
kube-scheduler:根据调度算法为新创建的Pod选择一个Node节点。
Node组件:
kubelet:是master在node节点上的Agent,管理本机运行容器的生命周期,比如创建容器、Pod挂载卷、下载servret、获取容器和节点状态等工作。kubelet将每个Pod转换成一组容器。
kube-proxy:在Node节点上实现Pod网络代理,维护网络规划和四层负载均衡工作
自动化部署:参考 https://github.com/unixhot/salt-kubernetes
2.使用pod管理容器
docker pull nginx:1.13.12 ##从docker仓库拉取nginx镜像
docker pull nginx:1.14.0 ##从docker仓库拉取nginx镜像
docker login 192.168.56.11 ##登录harbor
docker tag nginx:1.13.12 192.168.56.11/devopsedu/nginx:1.13.12 ##给镜像打标签
docker push 192.168.56.11/devopsedu/nginx:1.13.12 ##把镜像推送到harbor上
配置yaml不能用tab键,注意缩进
- 表示列表
: key value
harbor秘钥配置
cat /root/.docker/config.json |base64 #对harbor密码进行编码
cat harbor-secret.yaml 内容如下:
apiVersion: v1 kind: Secret metadata: name: harbor-secret namespace: default data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjU2LjExIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA5LjAgKGxpbnV4KSIKCX0KfQ== type: kubernetes.io/dockerconfigjson
kubectl create -f harbor-secret.yaml ##创建秘钥
配置pod.yaml,内容如下:
apiVersion: v1 #版本号
kind: Pod #Pod方法,资源对象类型
metadata: #元数据
name: nginx-pod #metadata.name Pod的名称
labels: #自定义标签列表
app: nginx
spec: # Pod中容器的详细定义
containers: #容器列表
- name: nginx #容器名称
image: 192.168.56.11/devopsedu/nginx:1.13.12 #容器镜像名称
ports: #容器需要暴露的端口列表
- containerPort: 80
imagePullSecrets:
- name: harbor-secret #引用harbor秘钥
kubectl create -f nginx-pod.yaml #创建pod
kubectl get pod #获取pod
kubectl get pod -o wide #获取pod详细信息
kubectl describe pod nginx-pod #查看pod详细情况
kubectl delete pod nginx-pod #删除pod
3.使用RC管理pod
RC(Replication Contorller):监控pod,保证pod高可用,指定并管理副本
rc.yaml配置如下
cat nginx-rc.yaml
apiVersion: v1 kind: ReplicationController metadata: name: nginx-rc spec: replicas: 3 selector: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: 192.168.56.11/devopsedu/nginx:1.13.12 ports: - containerPort: 80 imagePullSecrets: - name: harbor-secret
kubectl create -f nginx-rc.yaml #创建rc
kubectl get rc -o wide ##获取rc
kubectl describe rc ##查看rc详细信息
kubectl scale rc nginx-rc --replicas=4 #指定rc副本数量
kubectl rolling-update nginx-rc --image=192.168.56.11/devopsedu/nginx:1.14.0 #滚动升级容器
使用RS和Deployment管理pod
Deployment表示对k8s集群的一次性操作,比rs应用模式更广的api对象,对rs有做一层封装
rs配置如下:
apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-rs labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: 192.168.56.11/devopsedu/nginx:1.13.12 ports: - containerPort: 80 imagePullSecrets: - name: harbor-secret
cat nginx-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: 192.168.56.11/devopsedu/nginx:1.13.12 ports: - containerPort: 80 imagePullSecrets: - name: harbor-secret
kubectl create -f nginx-deployment.yaml --record #创建并记录创建过程
kubectl get deploy #获取deployment
kubectl get pod --show-labels #查看pod标签
kubectl set image deployment/nginx-deployment nginx=192.168.56.11/devopsedu/nginx:1.14.0 #更新镜像
kubectl rollout history deployment/nginx-deployment #查看版本更详细历史
kubectl rollout history deployment/nginx-deployment --revision=1 #查看第一个版本的执行明细
kubectl rollout undo deployment/nginx-deployment ##回滚到上一版本
kubectl rollout undo deployment/nginx-deployment --to-revision=2 ##回滚到指定版本
kubectl scale deployment nginx-deployment --replicas 5 ##扩容
kubectl scale deployment nginx-deployment --replicas 2 ##缩容
DaemonSet管理pod和node Labels
Daemonset确保每个node运行一个pod副本,当有集群增加或减少时,也会增加或减少pod副本
yaml配置:
1 apiVersion: apps/v1 2 kind: DaemonSet 3 metadata: 4 name: nginx-daemonset 5 labels: 6 app: nginx 7 spec: 8 selector: 9 matchLabels: 10 app: nginx 11 template: 12 metadata: 13 labels: 14 app: nginx 15 spec: 16 containers: 17 - name: nginx 18 image: nginx:1.13.12 19 ports: 20 - containerPort: 80
当需要指定node是,添加
nodeSelector:
disktype: ssd
和containers同级。
kubectl create -f daemonset nginx-daemonset.yaml ##创建daemonset
Node Selector操作:使pod运行在指定的node上
kubectl label nodes 192.168.56.13 disktype=ssd #先给指定node打标签
kubectl get nodes --show-labels #查看node标签
service管理pod访问
ip是固定的
kind: Service apiVersion: v1 metadata: name: nginx-service spec: selector: app: nginx ports: - protocol: TCP port: 80 targetPort: 80
kubectl create -f nginx-service.yaml
kubectl get service
kubectl apply -f nginx-service.yaml ##重新应用(加载)
通常情况下,deployment和service一块创建,配置如下:
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: 192.168.56.11/devopsedu/nginx:1.13.12 ports: - containerPort: 80 imagePullSecrets: - name: harbor-secret kind: Service apiVersion: v1 metadata: name: nginx-service spec: selector: app: nginx ports: - name: http protocol: TCP port: 80 targetPort: 80 - name: https protocol: TCP port: 443 targetPort: 80
在下面跟ports同级加上type: NodePort 就能通过node + IP:端口访问了。 http://192.168.56.12:20046
使用Traefik实现Ingress
service只能实现4层 ip+端口的形式访问,如果要实现7层的访问,就要用到ingress。
kubectl label nodes 192.168.56.12 edgenode=true #打标签
kubectl get nodes --show-lables ##获取标签
kubectl create -f /srv/addons/ingress/ #创建traefik
ingress目录配置如下:
1 #cat daemonset.yml 2 apiVersion: extensions/v1beta1 3 kind: DaemonSet 4 metadata: 5 name: traefik-ingress-lb 6 namespace: kube-system 7 labels: 8 k8s-app: traefik-ingress-lb 9 spec: 10 template: 11 metadata: 12 labels: 13 k8s-app: traefik-ingress-lb 14 name: traefik-ingress-lb 15 spec: 16 terminationGracePeriodSeconds: 60 17 hostNetwork: true 18 restartPolicy: Always 19 serviceAccountName: ingress 20 containers: 21 - image: traefik:v1.6 22 name: traefik-ingress-lb 23 resources: 24 limits: 25 cpu: 200m 26 memory: 80Mi 27 requests: 28 cpu: 100m 29 memory: 50Mi 30 ports: 31 - name: http 32 containerPort: 80 33 hostPort: 80 34 - name: admin 35 containerPort: 8580 36 hostPort: 8580 37 args: 38 - --web 39 - --web.address=:8580 40 - --kubernetes 41 nodeSelector: 42 edgenode: "true" 43 44 #cat ingress-rbac.yml 45 apiVersion: v1 46 kind: ServiceAccount 47 metadata: 48 name: ingress 49 namespace: kube-system 50 51 --- 52 53 kind: ClusterRoleBinding 54 apiVersion: rbac.authorization.k8s.io/v1beta1 55 metadata: 56 name: ingress 57 subjects: 58 - kind: ServiceAccount 59 name: ingress 60 namespace: kube-system 61 roleRef: 62 kind: ClusterRole 63 name: cluster-admin 64 apiGroup: rbac.authorization.k8s.io 65 66 #cat traefik-ui.yml 67 apiVersion: v1 68 kind: Service 69 metadata: 70 name: traefik-web-ui 71 namespace: kube-system 72 spec: 73 selector: 74 k8s-app: traefik-ingress-lb 75 ports: 76 - name: web 77 port: 80 78 targetPort: 8580 79 --- 80 apiVersion: extensions/v1beta1 81 kind: Ingress 82 metadata: 83 name: traefik-web-ui 84 namespace: kube-system 85 spec: 86 rules: 87 - host: traefik-ui.local 88 http: 89 paths: 90 - path: / 91 backend: 92 serviceName: traefik-web-ui 93 servicePort: web
kubectl create -f nginx-ingress.yaml #创建ingress
nginx-ingress.yaml配置如下:
1 apiVersion: extensions/v1beta1 2 kind: Ingress 3 metadata: 4 name: nginx-ingress 5 spec: 6 rules: 7 - host: www.example.com 8 http: 9 paths: 10 - path: / 11 backend: 12 serviceName: nginx-service 13 servicePort: 80
绑定hosts,访问www.example.com即可。
