04、Kubernetes应该快速入门
2019-05-24 本文已影响0人
六弦极品
kubernetes之上的管理对象:
pod, service, controller控制器(replicaser,deployment,statefulet,daemonset,job,cronjob,node)
kubectl get
# kubectl version
# kubectl cluster-info
目前整个集群安装了三个附件:kube-proxy、coredns、flannel
kubernetes 基本操作:增删改查
# kubectl run nginx-deploy --image=nginx:1.14 --port=80 --replicas=1 --dry-run=true
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx-deploy created (dry run)
# kubectl run nginx-deploy --image=nginx:1.14 --port=80 --replicas=1
# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 1/1 1 1 7m37s
# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deploy-79d45c84c5-vfhd6 1/1 Running 0 7m50s
# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deploy-79d45c84c5-vfhd6 1/1 Running 0 11m 10.244.2.2 node02 <none> <none>
# kubectl delete pods nginx-deploy-79d45c84c5-vfhd6
pod "nginx-deploy-79d45c84c5-vfhd6" deleted
# kubectl get pods -o wide ### 删除后控制器会自动新建一个pod
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deploy-79d45c84c5-mw8tg 0/1 ContainerCreating 0 20s <none> node01 <none> <none>
###因为node01节点没有nginx:1.14 镜像,要下载镜像所有会久一下,过会儿查看已完成创建pod
# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deploy-79d45c84c5-mw8tg 1/1 Running 0 2m34s 10.244.1.2 node01 <none> <none>
新建后的pod 名称和IP都会变动,所有用IP和名称访问不理想,所有得给pod定义个固定端点,客户端通过固定端点访问pod, 固定端点是service 提供,service请求转发:
pod_client --------> service_ip:service_port -------> pod_ip:pod_port
给nginx-deploy pod 创建一个service:
# kubectl expose deployment nginx-deploy --name=nginx --port=80 --target-port=80 --protocol=TCP
# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
nginx ClusterIP 10.99.230.45 <none> 80/TCP 28s
这个service IP只能在集群内部才能访问,这种地址更多时候是提供给集群中的pod 客户端访问
pod 访问时可以基于service 名称访问,但pod 客户端解析service 地址需要依赖于coreDNS 服务
# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-fb8b8dccf-5gkgk 1/1 Running 2 20h 10.244.0.5 master01 <none> <none>
coredns-fb8b8dccf-7mwjs 1/1 Running 1 20h 10.244.0.4 master01 <none> <none>
# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 20h
# kubectl run client --image=busybox --replicas=1 -it --restart=Never
/ # cat /etc/resolv.conf
nameserver 10.96.0.10 ###pod 的DNS是 coreDNS 的IP地址
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
/ # wget -O - -q http://nginx/
.....
default.svc.cluster.local 中的svc.cluster.local 指的是k8s集群本地的pod资源,
default表示这个pod所属名称空间的名字
到节点解析:
# dig -t A nginx.default.svc.cluster.local @10.96.0.10
...
nginx.default.svc.cluster.local. 5 IN A 10.99.230.45
...
### 查看service 详细信息
# kubectl describe svc nginx
Name: nginx
Namespace: default
Labels: run=nginx-deploy ###标签
Annotations: <none>
Selector: run=nginx-deploy ###标签选择器
Type: ClusterIP
IP: 10.99.230.45
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.3:80
Session Affinity: None
Events: <none>
# kubectl get pods --show-labels ##查看pod 对应service标签
NAME READY STATUS RESTARTS AGE LABELS
client 1/1 Running 0 49m run=client
nginx-deploy-79d45c84c5-7fxbp 1/1 Running 0 18m pod-template-hash=79d45c84c5,run=nginx-deploy
# kubectl get svc nginx -o wide ##查看nginx service标签信息
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx ClusterIP 10.109.209.166 <none> 80/TCP 2m47s run=nginx-deploy
# kubectl describe deployment nginx-deploy ###查看nginx-deploy控制器详细信息
创建两个副本的myapp pod,并对其创建一个myapp service,对其扩缩容
# kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2 ## 创建一个myapp pod
# kubectl get pods -o wide ##查看运行的pod
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
client 1/1 Running 0 99m 10.244.2.3 node02 <none> <none>
myapp-5bc569c47d-95b6d 1/1 Running 0 114s 10.244.1.4 node01 <none> <none>
myapp-5bc569c47d-jp5j4 1/1 Running 0 114s 10.244.2.4 node02 <none> <none>
nginx-deploy-79d45c84c5-7fxbp 1/1 Running 0 68m 10.244.1.3 node01 <none> <none>
/ # wget -O - -q 10.244.1.4/hostname.html ### pod 客户端访问刚创建的pod
myapp-5bc569c47d-95b6d
/ # wget -O - -q 10.244.2.4/hostname.html ### pod 客户端访问刚创建的pod
myapp-5bc569c47d-jp5j4
# kubectl expose deployment myapp --name=myapp --port=80 ## 对myapp pad 创建service myapp
# kubectl get svc ##查看service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h
myapp ClusterIP 10.100.46.2 <none> 80/TCP 9s
nginx ClusterIP 10.109.209.166 <none> 80/TCP 52m
# kubectl get svc myapp -o wide ## 查看指定的service 的详细信息
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp ClusterIP 10.100.46.2 <none> 80/TCP 5m56s run=myapp
# kubectl describe svc myapp ## 查看指定的service 的详细信息
Name: myapp
Namespace: default
Labels: run=myapp
Annotations: <none>
Selector: run=myapp
Type: ClusterIP
IP: 10.100.46.2
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.4:80,10.244.2.4:80
Session Affinity: None
Events: <none>
### pod 客户端访问service myapp相关地址,负载均衡到两个pod
/ # wget -O - -q myapp/hostname.html
myapp-5bc569c47d-95b6d
/ # wget -O - -q myapp/hostname.html
myapp-5bc569c47d-jp5j4
通过循环查看pod扩缩容的访问,转发到后端pod也是轮循的
/ # while true; do wget -O - -q myapp/hostname.html; sleep 1 ;done
# kubectl scale --replicas=5 deployment myapp ## 对控制myapp 扩容pod副本数为5
# kubectl get pods
NAME READY STATUS RESTARTS AGE
client 1/1 Running 0 126m
myapp-5bc569c47d-95b6d 1/1 Running 0 28m
myapp-5bc569c47d-jp5j4 1/1 Running 0 28m
myapp-5bc569c47d-mbz5s 1/1 Running 0 57s
myapp-5bc569c47d-r95bm 1/1 Running 0 57s
myapp-5bc569c47d-wnnvx 1/1 Running 0 57s
nginx-deploy-79d45c84c5-7fxbp 1/1 Running 0 95m
# kubectl scale --replicas=3 deployment myapp ## 对控制myapp 缩减pod副本数为3
# kubectl get pods
NAME READY STATUS RESTARTS AGE
client 1/1 Running 0 128m
myapp-5bc569c47d-95b6d 1/1 Running 0 30m
myapp-5bc569c47d-jp5j4 1/1 Running 0 30m
myapp-5bc569c47d-wnnvx 1/1 Running 0 3m1s
nginx-deploy-79d45c84c5-7fxbp 1/1 Running 0 97m
现在对myapp控制器的pod升级到v2版:目前是三个pod 一个控制器
它自动滚动的一个一个替换升级,灰度的方式实现,将镜像的版本更新为v2版本,及回滚
# kubectl set image --help
....
kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
# kubectl describe pods myapp-5bc569c47d-95b6d ###查看某个pod的详细信息
/ # while true; do wget -O - -q myapp; sleep 1 ;done
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
###对myapp控制器的myapp容器升级到v2版本的镜像
# kubectl set image deployment myapp myapp=ikubernetes/myapp:v2
# kubectl rollout status deployment myapp ###查看myapp的pod更新过程
Waiting for deployment "myapp" rollout to finish: 1 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 1 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 1 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 2 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 2 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 2 out of 3 new replicas have been updated...
Waiting for deployment "myapp" rollout to finish: 1 old replicas are pending termination...
Waiting for deployment "myapp" rollout to finish: 1 old replicas are pending termination...
deployment "myapp" successfully rolled ou
# kubectl get pods ## 查看三个pod 的name 都改变了
# kubectl describe pods myapp-86984b4c7c-79lk6 ##常看某个pod的内部镜像已经被更新到v2版本
# kubectl rollout undo deployment myapp ##回滚到上一个版本,也可以回滚到指定的版本
如果系统内核模块没有安装IPVS模块,将会降级为iptables 的DNAT 转发,默认为IPVS
# iptables -vnL -t nat
如果要想kubernetes 集群外部访问:修改service 类型为NodePort, 默认type: ClusterIP
# kubectl edit svc myapp ###将type的值 ClusterIP 改为NodePort
# kubectl get svc ## 查看service 的信息,80:31242/TCP 这时候访问节点31242端口即可
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h
myapp NodePort 10.100.46.2 <none> 80:31242/TCP 64m
nginx ClusterIP 10.109.209.166 <none> 80/TCP 116m
在集群外部访问以下地址,IP为每个节点都可以,master01或node01,node02都可以,
如果线上在服务,在前端做一个负载均衡转发到node节点即可,master是有状态的,所以不建议转发到master上
http://10.40.6.167:31242/hostname.html
