本文收錄在容器技術學習系列文章總目錄 1、認識kubernetes資源 1.1 常用資源/對象 workload工作負載型資源:pod,ReplicaSet,Deployment,StatefulSet,daemonset,job... 伺服器發現及均衡:Service,Lngress... 配置與 ...
本文收錄在容器技術學習系列文章總目錄
1、認識kubernetes資源
1.1 常用資源/對象
- workload工作負載型資源:pod,ReplicaSet,Deployment,StatefulSet,daemonset,job...
- 伺服器發現及均衡:Service,Lngress...
- 配置與存儲:volume,CSI
- configmap,secret
- downwardAPI
- 集群級資源
- namespace,node,role,clusterrole,rolebinding,clusterrolebinding
- 元數據型資源
- HPA,podtemplate,limitrange
1.2 創建資源的方法
- apiserver 僅接受JSON格式的資源定義;
- yaml格式提供配置清單,apiserver 可自動將其轉為JSON格式,而後再提交;
1.3 大部分(主流)資源的配置清單:有5個一級欄位組成
- apiserver:group/version
- 查詢當前支持哪些apiserver:$ kubectl api-versions
- kind:資源類別
- metadata:元數據
- name:名稱
- namespace:名稱空間
- labels:標簽
- annotation:資源註解
- selfLink:每個資源的引用PATH,/api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
- spec:期望的狀態(disired state),期望資源應該用於什麼特性
- status:當前狀態(current state),本欄位由kubernetes集群維護,用戶不能自己定義
1.4 使用kubectl explain查詢每個資源如何配置
(1)例如查詢如何定義pod資源
[root@master ~]# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
... ...
kind <string>
... ...
metadata <Object>
... ...
spec <Object>
... ...
status <Object>
... ...
(2)能一級一級進入查詢;如查詢定義pod 的metadata欄位
[root@master ~]# kubectl explain pod.spec KIND: Pod VERSION: v1 RESOURCE: spec <Object> DESCRIPTION: ... ... FIELDS: ... .. affinity <Object> ... ... [root@master ~]# kubectl explain pod.spec.containers KIND: Pod VERSION: v1 RESOURCE: containers <[]Object> DESCRIPTION: ... ... FIELDS: args <[]string> ... ... command <[]string> ... ...
自己定義資源時,不清楚如何定義,可以進行快速的查詢
1.5 示例
(1)查詢集群中的pod(上篇創建的pod)
[root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE client 1/1 Running 0 4h myapp-848b5b879b-9slqg 1/1 Running 0 46m myapp-848b5b879b-wtrjr 1/1 Running 0 46m myapp-848b5b879b-z2sqc 1/1 Running 0 46m
(2)-o yaml輸出為yaml格式,查看pod創建的操作
[root@master ~]# kubectl get pod myapp-848b5b879b-9slqg -o yaml
apiVersion: v1 #api版本
kind: Pod #資源類別
metadata: #元數據
annotations:
cni.projectcalico.org/podIP: 10.244.1.60/32
labels:
pod-template-hash: "4046164356"
run: myapp
name: myapp-848b5b879b-9slqg
namespace: default
... ...
selfLink: /api/v1/namespaces/default/pods/myapp-848b5b879b-9slqg
spec: #規格、規範;期望資源應該用於什麼特性;期望目標狀態
... ...
status: #當前狀態
... ...
1.6 演示:基於yaml格式文件,創建pod
[root@master ~]# mkdir manifests [root@master ~]# cd manifests/
(1)編寫pod-demo.yaml文件
創建2個容器,一個運行nginx;一個在busybox中執行sleep命令
[root@master manifests]# vim pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
#labels: {app:myapp, tier:frontend} #映射可以寫為{}形式;
labels: #也可以在下邊分級寫
app: myapp
tier: frontend
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
- name: busybox
image: busybox:latest
#command: ["/bin/sh","-c","sleep 3600"] #列表可以寫為[]形式;
command: #也可以在下邊分級寫,要加-
- "/bin/sh"
- "-c"
- "sleep 3600"
(2)基於pod-demo.yaml 文件創建create pod
[root@master manifests]# kubectl create -f pod-demo.yaml pod/pod-demo created
(3)驗證
① 查詢創建pod的信息
[root@master manifests]# kubectl create -f pod-demo.yaml pod/pod-demo created [root@master manifests]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE pod-demo 2/2 Running 0 1m 10.244.1.61 node1 ---查看詳細信息 [root@master manifests]# kubectl describe pods pod-demo Name: pod-demo Namespace: default ... ...
② 訪問pod中的服務
[root@master manifests]# curl 10.244.1.61 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ---查詢pod產生的日誌 [root@master manifests]# kubectl logs pod-demo myapp 192.168.130.104 - - [23/Jan/2019:05:35:35 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"
③ 基於yaml文件刪除pod
[root@master manifests]# kubectl delete -f pod-demo.yaml pod "pod-demo" deleted [root@master manifests]# kubectl get pods No resources found.
2、Pod資源
2.1 Pod資源常用選項
- metadata.label:標簽
- key=value
- key:字母、數字、_、-、.
- value:可以為空,只能字母或數字開頭及結尾,中間可使用字母、數字、_、-、.
- key=value
- metadata.annotations:資源註解
- spec.containers <[]object>
- - name:容器名稱
- image:鏡像
- imagePullPolicy:下載鏡像規則,若鏡像時latest標簽,預設是Always;否則預設IfNotPresen
- Always總是鏡像,Never不下載鏡像,IfNotPresent本地有則不下載
- ports:從容器中公開的埠列表
- containerPort:Pod中服務的埠號
- hostIP:暴露綁定在主機哪個IP上
- hostPort:暴露在主機的埠號
- name:暴露這個埠的名稱
- args:參數
- command:執行命令
- spec.nodeSelector:節點標簽選擇器
2.2 演示
(1)修改pod-demo.yaml文件
[root@master manifests]# vim pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
#labels: {app:myapp, tier:frontend} #映射可以寫為{}形式;
labels: #也可以在下邊分級寫
app: myapp
tier: frontend
annotations:
along.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
#command: ["/bin/sh","-c","sleep 3600"] #列表可以寫為[]形式;
command: #也可以在下邊分級寫,要加-
- "/bin/sh"
- "-c"
- "sleep 3600"
nodeSelector:
disktype: ssd
(2)將node1節點打上disktype=ssd的標簽
[root@master manifests]# kubectl label node node1 disktype=ssd [root@master manifests]# kubectl get nodes node1 --show-labels NAME STATUS ROLES AGE VERSION LABELS node1 Ready <none> 140d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disktype=ssd,kubernetes.io/hostname=node1
(3)基於yaml文件創建pod
[root@master manifests]# kubectl create -f pod-demo.yaml pod/pod-demo created
(4)驗證
--- pod只會創建到node1節點上,因為node1的disktype=ssd標簽 [root@master manifests]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE pod-demo 2/2 Running 0 11s 10.244.1.68 node1 --- -l 指定標簽,實現標簽過濾 [root@master manifests]# kubectl get pods --show-labels -l app NAME READY STATUS RESTARTS AGE LABELS pod-demo 2/2 Running 0 30s app=myapp,tier=frontend
3、Pod健康檢測
3.1 pod健康檢測介紹
- pod健康檢測分為存活性探測、 就緒型探測;這在生產環境幾乎是必須配置的;
- 如果沒有就緒型探測;pod一啟動就會被分配用戶流量;若pod中的服務像tomcat等,需要時間啟動;就會導致有一定時間,用戶訪問不到服務;
- 如果沒有存活性探測:pod中服務一旦失敗,沒有檢測,不會將容器重啟關閉;也會導致用戶訪問服務失敗。
3.2 pod健康檢測選項
(1)在spec欄位下、containers欄位配置,可使用explain查看詳細用法
$ kubectl explain pod.spec.containers.
- livenessProbe 存活性探測
- exec:指定檢測的命令
- failureThreshold:連續失敗次數被認為失敗,預設為3,最小值為1
- httpGet:指定要執行的http請求
- initialDelaySeconds:在容器啟動多少秒後再檢測
- periodSeconds:每隔多少秒探測一次;預設為10秒。最低限度值是1
- successThreshold:連續成功次數認為服務正常
- tcpSocket:定涉及TCP埠的操作
- timeoutSeconds:探測超時的秒數,預設為1秒
- readinessProbe 就緒型探測(和livenessProbe 存活性探測選項一樣)
(2)pod中容器掛了,是否重啟pod
$ kubectl explain pod.spec.restartPolicy.
- Always:總是重啟(預設)
- OnFailure:只有容器狀態為錯誤時,才重啟
- Never:絕不重啟
3.3 演示:exec方式實現存活性探測
(1)編寫yaml文件
當探測到/tmp/healthy文件不存在時,認為服務故障;
容器在30秒後執行刪除/tmp/healthy文件
[root@master manifests]# vim liveness-exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"]
livenessProbe:
exec:
command: ["test","-e","/tmp/healthy"]
initialDelaySeconds: 1 #在容器啟動後1秒開始檢測
periodSeconds: 3 #每隔3秒探測一次
restartPolicy: Always #總是重啟pod
(2)創建運行pod
[root@master manifests]# kubectl create -f liveness-exec.yaml pod/liveness-exec-pod created [root@master manifests]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-exec-pod 1/1 Running 0 6s
(3)等30s,容器就會檢測失敗,重啟pod;使用describe可以查看詳細信息
[root@master manifests]# kubectl describe pods liveness-exec-pod
... ...
State: Running
Started: Wed, 23 Jan 2019 16:58:09 +0800
Last State: Terminated #上次狀態為終止
Reason: Error
Exit Code: 137
Started: Wed, 23 Jan 2019 16:57:01 +0800
Finished: Wed, 23 Jan 2019 16:58:09 +0800
Ready: True
Restart Count: 1 #重啟次數1次
Liveness: exec [test -e /tmp/healthy] delay=1s timeout=1s period=3s #success=1 #failure=3
... ...
3.4 演示:httpget方式實現存活性探測
(1)編寫yaml文件,創建並運行pod
當探測不到容器內80埠,和提供80埠的/index.html文件時,認為服務故障;
[root@master manifests]# vim liveness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
livenessProbe:
httpget:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
restartPolicy: Always
[root@master manifests]# kubectl create -f liveness-httpget.yaml
pod/liveness-httpget-pod created
(2)手動連入容器,刪除index.html文件
[root@master manifests]# kubectl exec -it liveness-httpget-pod -- /bin/sh / # rm -f /usr/share/nginx/html/index.html
(3)容器會檢測失敗,重啟pod;使用describe可以查看詳細信息
[root@master manifests]# kubectl describe pods liveness-httpget-pod
... ...
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 23 Jan 2019 17:10:03 +0800
Last State: Terminated #上次狀態為終止
Reason: Completed
Exit Code: 0
Started: Wed, 23 Jan 2019 17:08:22 +0800
Finished: Wed, 23 Jan 2019 17:10:03 +0800
Ready: True
Restart Count: 1 #重啟次數1次
Liveness: http-get http://:http/index.html delay=1s timeout=1s period=3s #success=1 #failure=3
... ...
3.5 演示:exec方式實現就緒性探測
(1)編寫yaml文件,創建啟動容器
當探測到/tmp/healthy文件不存在時,就認為服務就緒不成功;pod啟動失敗;
[root@master manifests]# vim readiness-exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: readiness-exec-pod
namespace: default
spec:
containers:
- name: readiness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
#command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"]
command: ["sleep 3600"]
readinessProbe:
exec:
command: ["test","-e","/tmp/healthy"]
periodSeconds: 3
restartPolicy: Always
[root@master manifests]# kubectl create -f readiness-exec.yaml
pod/readiness-exec-pod created
(2)查看,pod啟動就緒失敗
[root@master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE readiness-exec-pod 0/1 RunContainerError 1 12s
4、Pod啟動前/後鉤子
4.1 介紹
- pod在啟動前後都可以設置鉤子hook;在spec.containers.lifecycle欄位下設置;
- postStart:創建容器後立即調用PostStart操作;如果失敗,根據重啟策略終止;
- preStop:在容器終止之前立即調用PreStop操作,該容器在處理程式完成後終止
4.2 語法
$ kubectl explain pod.spec.containers.lifecycle
- postStart
- exec:指定了要採取的命令;
- httpGet:指定要執行的http請求;
- tcpSocket:指定涉及TCP埠的操作
- preStop (和postStart命令一樣)
4.3 演示:使用exec設置pod啟動前鉤子
(1)編寫yaml文件,創建啟動容器
啟動容器前,先創建準備一個httpd服務的主頁面文件/tmp/index.html
[root@master manifests]# vim poststart-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: poststart-pod
namespace: default
spec:
containers:
- name: poststart-container
image: busybox:latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ['/bin/sh','-c','echo hello > /tmp/index.html']
command: ['/bin/sh','-c','/bin/httpd -f -h /tmp']
[root@master manifests]# kubectl create -f poststart-pod.yaml
pod/poststart-pod created
(2)驗證,訪問服務
[root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE poststart-pod 1/1 Running 0 26s 10.244.2.69 node2 [root@master ~]# curl 10.244.2.69 hello
