目录
1. Namespace
1.1 Namespace介绍
- 1. Namespace
- 1.1 Namespace介绍
- 1.2 Namespace的Kubectl命令行操作
- 1.2.1 查看所有的命名空间
- 1.2.2 查看指定的命名空间
- 1.2.3 查看命名空间的详情
- 1.2.4 创建命名空间
- 1.2.5 删除命名空间
- 1.3 Namespace的Kubectl配置文件操作
- 1.3.1 通过命令式对象配置进行创建和删除
- 2. Pod
- 2.1 Pod的介绍
- 2.2 Pod的Kubectl命令行操作
- 2.2.1 创建并运行Pod
- 2.2.2 查询所有Pod的基本信息
- 2.2.3 查看Pod的详细信息
- 2.2.4 访问pod中容器提供的服务
- 2.2.5 查看pod的日志
- 2.2.6 删除指定的Pod
- 2.3 Pod的Kubectl配置文件操作
- 2.3.1 通过命令式对象配置进行创建和删除
- 3. Label
- 3.1 Label的介绍
- 3.2 Label的定义和筛选
- 3.3 Lable的Kubectl命令行操作
- 3.3.1 为资源打标签
- 3.3.2 更新资源的标签
- 3.3.3 查看Pod所有标签
- 3.3.4 筛选Pod标签
- 3.3.5 删除标签
- 3.4 Lable的Kubectl配置文件操作
- 3.4.1 通过命令式对象配置进行创建和删除
- 4. Deployment
- 4.1 Deployment的介绍
- 4.2 Deployment的Kubectl命令行操作
- 4.2.1 创建指定名称的deployement
- 4.2.2 将deploy的一个pod拓展到4个pod
- 4.2.3 查看deployment的信息
- 4.2.4 查看deployment的详细信息
- 4.2.5 删除deployment
- 4.3 Deployment的Kubectl配置文件操作
- 4.3.1 通过命令式对象配置进行创建和删除
- 5. Service
- 5.1 Service的介绍
- 5.2 Service的Kubectl命令行操作
- 5.2.1 暴露Service
- 5.2.2 查看Service
- 5.2.3 访问Service暴露的服务
- 5.2.4 删除服务
- 5.3 Service的Kubectl配置文件操作
- 4.3.1 通过命令式对象配置进行创建和删除
- Namespace是kubernetes系统中的一种资源,是用来实现多套系统的资源隔离。比如开发环境和测试环境的资源隔离
- 不同Namespace的Pod不能相互访问,同一Namespace的Pod可以相互访问。通过Namespace进行统一的管理
- kubernetes的资源配额机制,限定不同Namespace能占用的CPU、内存资源使用量等。通过kubernetes的授权机制,将不同的Namespace交给不同租户进行管理
kubernetes默认创建的namespace
[root@k8s-master ~]# kubectl get namespace
NAME STATUS AGE
default Active 2d3h
kube-node-lease Active 2d3h
kube-public Active 2d3h
kube-system Active 2d3h
[root@k8s-master ~]#
- default:所有未指定Namespace的对象都会被分配在default命名空间
- kube-node-lease:用于集群节点之间的心跳维护
- kube-public:此命名空间的资源可以被所有人访问,包括未认证用户
- kube-system:所有由kubernetes系统创建的资源都处于这个命名空间
[root@k8s-master ~]# kubectl get ns
也可以指定以json或yaml格式查看结果
[root@k8s-master ~]# kubectl get namespace default -o wide
NAME STATUS AGE
default Active 2d5h
[root@k8s-master ~]#
其中resource quota是针对命名空间做的资源限制。LimitRange resource是针对命名空间中每个组件做的资源限制
[root@k8s-master ~]# kubectl describe namespace default
Name: default
Labels: kubernetes.io/metadata.name=default
Annotations:
Status: Active
No resource quota.
No LimitRange resource.
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create namespace dev
namespace/dev created
[root@k8s-master ~]#
该namespace下的其它资源也会被删除
[root@k8s-master ~]# kubectl delete ns dev
namespace "dev" deleted
[root@k8s-master ~]#
新建ns-dev.yaml,内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
[root@k8s-master ~]# kubectl create -f ns-dev.yaml
namespace/dev created
[root@k8s-master ~]# kubectl delete -f ns-dev.yaml
namespace "dev" deleted
[root@k8s-master ~]#
Pod是kubernetes集群进行管理的最小单元,程序要运行必须部署在容器中,而容器必须存在于Pod中,一个Pod中可以运行一个或多个容器。其中pause是根容器
查看K8s系统自己运行的Pod。pods资源加s不加s都一样
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-57d95cb479-5zppz 1/1 Running 1 (2d8h ago) 2d8h
calico-node-2m8xb 1/1 Running 1 (2d8h ago) 2d8h
calico-node-jnll4 1/1 Running 1 (2d8h ago) 2d8h
calico-node-v6zcv 1/1 Running 1 (2d8h ago) 2d8h
coredns-7f74c56694-snzmv 1/1 Running 1 (2d8h ago) 2d8h
coredns-7f74c56694-whh84 1/1 Running 1 (2d8h ago) 2d8h
etcd-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-apiserver-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-controller-manager-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-9gc7d 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-f9w7h 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-s8rwk 1/1 Running 1 (2d8h ago) 2d8h
kube-scheduler-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create ns dev
namespace/dev created
[root@k8s-master ~]# kubectl run my-nginx --image=nginx:latest --port=80 --namespace=dev
pod/my-nginx created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pods -n dev -o wide -w
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx 1/1 Running 0 70s 10.244.169.134 k8s-node2
可以查看Pod的启动日志
[root@k8s-master ~]# kubectl describe pod my-nginx -n dev
Name: my-nginx
Namespace: dev
Priority: 0
Node: k8s-node2/192.168.23.162
Start Time: Sat, 14 May 2022 22:03:47 +0800
Labels: run=my-nginx
Annotations: cni.projectcalico.org/containerID: 516ad8c4489408f6de6cb0558e266da6eac0600a6fa1ea907818856d8e5e98d5
cni.projectcalico.org/podIP: 10.244.169.134/32
cni.projectcalico.org/podIPs: 10.244.169.134/32
Status: Running
IP: 10.244.169.134
IPs:
IP: 10.244.169.134
Containers:
my-nginx:
Container ID: containerd://fcf04016250a93e27a07b5380d88ce878dc56da4a47107378dbd5d3bb3244d4f
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sat, 14 May 2022 22:04:03 +0800
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-srfct (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-srfct:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 99s default-scheduler Successfully assigned dev/my-nginx to k8s-node2
Normal Pulling 99s kubelet Pulling image "nginx:latest"
Normal Pulled 84s kubelet Successfully pulled image "nginx:latest" in 15.437873591s
Normal Created 84s kubelet Created container my-nginx
Normal Started 84s kubelet Started container my-nginx
[root@k8s-master ~]#
[root@k8s-master ~]# curl 10.244.169.134:80
Welcome to nginx!
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl logs -f my-nginx -n dev
[root@k8s-master ~]# kubectl delete pod my-nginx -n dev
pod "my-nginx" deleted
[root@k8s-master ~]#
新建pod-nginx.yaml,内容如下:
[root@k8s-master ~]# cat pod-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: dev
spec:
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: nginx-container
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create -f pod-nginx.yaml
pod/nginx-pod created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f pod-nginx.yaml
pod "nginx-pod" deleted
[root@k8s-master ~]#
虽然Namespace可以起到隔离,但是不同Namespace的Pod不能相互访问。Label作用就是在资源上添加标识,用来对它们进行区分和选择。实现资源的多纬度分组,以便灵活、方便地进行资源分配、调度、配置和部署等管理工作
Label的特点:
- 一个Label会以key:value键值对的形式附加到各种资源对象上,如Node、Pod、Service等
- 一个资源对象可以定义任意数量的Label,同一个Label也可以被添加到任意数量的资源对象上
- Label可以在资源对象定义时添加,也可以在资源对象创建后动态的添加或删除
一些常用的Label标签示例如下:
- 版本标签:“version”:”release”, ”version”:”stable”
- 环境标签:“env”:”dev”, “env”:”test”, “env”:”pro
- 架构标签:“tier”:”frontend”, ”tier”:”backend”
Label的筛选需要用到Label Selector,共两种
-
基于等式的Label Selector
- env=test:选择所有Label中的key=“env”并且value=“test”的资源对象
- env!=test:选择所Label中的key=“env”并且value!=“test”的资源对象
-
基于集合的Label Selector
- env in (dev,test):选择所有Label中的key=“env”并且value=“dev”或value=“test”的资源对象
- env not in (dev,test):选择所有Label中的key=“env”并且value!=“dev”和value!=“test”的资源对象
-
标签的选择条件可以使用多个,此时将多个Label Selector进行组合,使用逗号
,进行分隔即可。- env=test,version!=stable:选择所有Label中的key=“env”并且value=“test”,并且key=“version”并且value!=“stable”的资源对象
[root@k8s-master ~]# kubectl label pod my-nginx version=1.0 -n dev
pod/my-nginx labeled
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl label pod my-nginx version=2.0 -n dev --overwrite
pod/my-nginx labeled
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
my-nginx 1/1 Running 0 84s run=my-nginx,version=2.0
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -l version=2.0 -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
my-nginx 1/1 Running 0 117s run=my-nginx,version=2.0
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl label pod my-nginx version- -n dev
pod/my-nginx unlabeled
[root@k8s-master ~]#
新建pod-nginx.yaml,内容如下:
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: dev
labels:
version: "3.0"
env: "test"
spec:
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: nginx-container
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
[root@k8s-master ~]# kubectl create -f pod-nginx.yaml
pod/nginx-pod created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-pod 1/1 Running 0 10s env=test,version=3.0
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f pod-nginx.yaml
pod "nginx-pod" deleted
[root@k8s-master ~]#
- kubernetes很少直接控制Pod,一般通过Pod控制器来完成的
- Pod控制器用于Pod的管理,确保Pod资源符合预期的状态,当Pod的资源出现故障的时候,会尝试进行重启或重建Pod。比如预期启动3个nginx pod,挂了一个,又会重启一个
- 这里我们只介绍Deployment这一种Pod控制器。Pod上定义Label,Deployment通过Label Selector进行Pod的选择
[root@k8s-master ~]# kubectl create ns dev
namespace/dev created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create deployment my-nginx --image=nginx -n dev
deployment.apps/my-nginx created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl scale deployment my-nginx --replicas=4 -n dev
deployment.apps/my-nginx scaled
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
my-nginx 4/4 4 4 4m2s
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
my-nginx-7cddc5685c-5mtfx 1/1 Running 0 104s
my-nginx-7cddc5685c-8wj5d 1/1 Running 0 4m11s
my-nginx-7cddc5685c-hz258 1/1 Running 0 104s
my-nginx-7cddc5685c-zxrnh 1/1 Running 0 104s
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl describe deployment my-nginx -n dev
Name: my-nginx
Namespace: dev
CreationTimestamp: Sun, 15 May 2022 10:05:03 +0800
Labels: app=my-nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=my-nginx
Replicas: 4 desired | 4 updated | 4 total | 4 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=my-nginx
Containers:
nginx:
Image: nginx
Port:
Host Port:
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
---- ------ ------
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: my-nginx-7cddc5685c (4/4 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 4m32s deployment-controller Scaled up replica set my-nginx-7cddc5685c to 1
Normal ScalingReplicaSet 2m5s deployment-controller Scaled up replica set my-nginx-7cddc5685c to 4
[root@k8s-master ~]#
deployment控制器删除,deployment下的pod也会被删除
[root@k8s-master ~]# kubectl delete deployment my-nginx -n dev
deployment.apps "my-nginx" deleted
[root@k8s-master ~]#
新建nginx-deploy.yaml,内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
run: nginx-pod
template:
metadata:
labels:
run: nginx-pod
spec:
containers:
- image: nginx
name: nginx-container
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
name: nginx-port
[root@k8s-master ~]# kubectl create -f nginx-deploy.yaml
deployment.apps/nginx-deploy created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f nginx-deploy.yaml
deployment.apps "nginx-deploy" deleted
[root@k8s-master ~]#
利用Deployment创建一组Pod提供高可用性的服务,每个Pod都会分配一个单独的IP地址,但却存在如下问题:
- Pod的IP会随着Pod的重建而变化
- Pod的IP仅在K8s集群所在服务器能访问,其它服务器不能访问
Service可以解决这个问题。Service可以看做是一组同类的Pod对外的访问接口,应用可以方便的实现服务发现和负载均衡
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create deployment nginx-deploy --image=nginx --replicas=3 -n dev
deployment.apps/nginx-deploy created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl expose deployment nginx-deploy --name=nginx-svc --type=ClusterIP --port=80 --target-port=80 -n dev
service/nginx-svc exposed
[root@k8s-master ~]#
说明如下:
- 默认是ClusterIP模式。会产生一个Service的IP,在Service的生命周期内,这个IP是不会变化的。该IP只能K8s集群所在服务器访问
- Service创建的时候通过Deployment进行创建。提供服务的时候Service直接通过Label Selector选择Pod提供服务
--port参数是Service的端口,--target-port是Pod中服务的端口
--type=NodePort参数说明: 能够K8s集群外部所在服务器访问,查看Service的信息如下:
[root@k8s-master ~]# kubectl get service -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx-svc NodePort 10.96.74.31 80:30182/TCP 6s app=nginx-deploy
[root@k8s-master ~]#
访问http://k8s集群任意节点IP:30182,都可以访问
5.2.2 查看Service[root@k8s-master ~]# kubectl get service -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx-svc ClusterIP 10.96.149.66 80/TCP 3m55s app=nginx-deploy
[root@k8s-master ~]#
[root@k8s-master ~]# curl 10.96.149.66:80
Welcome to nginx!
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete service nginx-svc -n dev
service "nginx-svc" deleted
[root@k8s-master ~]#
新建nginx-svc.yaml,内容如下。clusterIP不写会随机创建一个
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: dev
spec:
clusterIP: 10.96.68.58
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-deploy
type: ClusterIP
[root@k8s-master ~]# kubectl create -f nginx-svc.yaml
service/nginx-svc created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f nginx-svc.yaml
service "nginx-svc" deleted
[root@k8s-master ~]#
