一、资源管理
在kubernetes中,所有的内容都抽象为资源,用户需要通过操作资源来管理kubernetes。
kubernetes的本质上是一个集群系统,用户可以在集群中部署各种服务,部署服务,就是在kubernetes集群中运行一个个的容器,并将指定的程序跑在容器中。
kubernetes的最小管理单元是pod而不是容器,所以只能将容器放在Pod中,而kubernetes一般也不会直接管理Pod,而是通过Pod控制器来管理Pod的。
Pod可以提供服务之后,就要考虑如何访问Pod中服务,kubernetes提供了Service资源实现这个功能。
果Pod中程序的数据需要持久化,kubernetes还提供了各种存储系统。
二、资源管理方式
| 类型 | 操作对象 | 适用环境 | 优点 | 缺点 |
|---|---|---|---|---|
| 命令式对象管理 | 对象 | 测试 | 简单 | 只能操作活动对象,无法审计、跟踪 |
| 命令式对象配置 | 文件 | 开发 | 可以审计、跟踪 | 项目大时,配置文件多,操作麻烦 |
| 声明式对象配置 | 目录 | 开发 | 支持目录操作 | 意外情况下难以调试 |
1.命令式对象管理
直接使用命令去操作kubernetes资源
kubectl命令
kubectl是kubernetes集群的命令行工具,通过它能够对集群本身进行管理,并能够在集群上进行容器化应用的安装部署。
语法:kubectl [command] [type] [name] [flags]
- comand:指定要对资源执行的操作,例如create、get、delete
- type:指定资源类型,比如deployment、pod、service
- name:指定资源的名称,名称大小写敏感
- flags:指定额外的可选参数
pod命令:
- 查看所有pod:
kubectl get pod - 查看某个pod:
kubectl get pod pod_name - 查看某个pod,以yaml格式展示结果:
kubectl get pod pod_name -o yaml
资源类型:kubernetes中所有的内容都抽象为资源,查看:kubectl api-resources
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6867cdf567-vtcd9 1/1 Running 0 6d20h
[root@master ~]# kubectl get pod nginx-6867cdf567-vtcd9
NAME READY STATUS RESTARTS AGE
nginx-6867cdf567-vtcd9 1/1 Running 0 6d20h
[root@master ~]# kubectl get pod nginx-6867cdf567-vtcd9 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6867cdf567-vtcd9 1/1 Running 0 6d20h 10.244.1.2 node2 <none> <none>
[root@master ~]# kubectl get pod nginx-6867cdf567-vtcd9 -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2023-07-02T06:31:19Z"
generateName: nginx-6867cdf567-
labels:
app: nginx
pod-template-hash: 6867cdf567
name: nginx-6867cdf567-vtcd9
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-6867cdf567
uid: 21b4b66c-a10f-4362-805d-a704ceed5ee8
resourceVersion: "17124"
selfLink: /api/v1/namespaces/default/pods/nginx-6867cdf567-vtcd9
uid: be00c04e-bda2-49b4-88ab-2678df05a169
spec:
containers:
- image: nginx:1.14-alpine
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-xc5qc
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: node2
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-xc5qc
secret:
defaultMode: 420
secretName: default-token-xc5qc
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-07-02T06:48:53Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-07-02T06:49:11Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-07-02T06:49:11Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-07-02T06:48:53Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://f034e05574a1b321936113e57f83a217e2f497f3d2e9f0ca343c876566f22927
image: nginx:1.14-alpine
imageID: docker-pullable://nginx@sha256:485b610fefec7ff6c463ced9623314a04ed67e3945b9c08d7e53a47f6d108dc7
lastState: {}
name: nginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-07-02T06:49:11Z"
hostIP: 192.168.108.102
phase: Running
podIP: 10.244.1.2
podIPs:
- ip: 10.244.1.2
qosClass: BestEffort
startTime: "2023-07-02T06:48:53Z"
[root@master ~]#
[root@master ~]# kubectl create ns qa
namespace/qa created
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 6d22h
kube-flannel Active 6d20h
kube-node-lease Active 6d22h
kube-public Active 6d22h
kube-system Active 6d22h
qa Active 14s
[root@master ~]# kubectl run pod --image=nginx -n qa
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/pod created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-6867cdf567-vtcd9 1/1 Running 0 6d20h
[root@master ~]# kubectl get pods -n qa
NAME READY STATUS RESTARTS AGE
pod-864f9875b9-v2g45 0/1 ContainerCreating 0 23s
[root@master ~]# kubectl describe pods pod-864f9875b9-v2g45 -n qa
Name: pod-864f9875b9-v2g45
Namespace: qa
Priority: 0
Node: node1/192.168.108.101
Start Time: Sun, 09 Jul 2023 11:25:18 +0800
Labels: pod-template-hash=864f9875b9
run=pod
Annotations: <none>
Status: Running
IP: 10.244.2.2
IPs:
IP: 10.244.2.2
Controlled By: ReplicaSet/pod-864f9875b9
Containers:
pod:
Container ID: docker://5659e8f0269b7cdcd9f47317a3d1d8db66dea0a8483486f4f904f52da83895dd
Image: nginx
Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: <none>
Host Port: <none>
State: Running
Started: Sun, 09 Jul 2023 11:25:40 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-t65nv (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-t65nv:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-t65nv
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 58s default-scheduler Successfully assigned qa/pod-864f9875b9-v2g45 to node1
Normal Pulling 57s kubelet, node1 Pulling image "nginx"
Normal Pulled 36s kubelet, node1 Successfully pulled image "nginx"
Normal Created 36s kubelet, node1 Created container pod
Normal Started 36s kubelet, node1 Started container pod
[root@master ~]# kubectl delete pods pod-864f9875b9-v2g45 -n qa
pod "pod-864f9875b9-v2g45" deleted
[root@master ~]# kubectl get pods -n qa
NAME READY STATUS RESTARTS AGE
pod-864f9875b9-ls5lb 1/1 Running 0 24s
[root@master ~]# kubectl delete ns qa
namespace "qa" deleted
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 6d22h
kube-flannel Active 6d20h
kube-node-lease Active 6d22h
kube-public Active 6d22h
kube-system Active 6d22h
[root@master ~]# kubectl get pods -n qa
No resources found in qa namespace.
[root@master ~]#
常用资源:
image.png
常用操作:
image.png
2.命令式对象配置
通过命令配置和配置文件去操作kubernetes资源
kubectl create/patch -f nginx-pod.yaml
①创建一个nginxpod.yaml:
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: v1
kind: Pod
metadata:
name: nginxpod
namespace: test
spec:
containers:
- name: nginx-containers
image: nginx:1.17.1
②执行create命令,创建资源
[root@master ~]# kubectl create -f nginxpod.yaml
namespace/test created
pod/nginxpod created
③执行get命令,查看资源
[root@master ~]# kubectl get -f nginxpod.yaml
NAME STATUS AGE
namespace/test Active 39s
NAME READY STATUS RESTARTS AGE
pod/nginxpod 1/1 Running 0 38s
④执行delete命令,删除资源:
[root@master ~]# kubectl delete -f nginxpod.yaml
namespace "test" deleted
pod "nginxpod" deleted
[root@master ~]# kubectl get -f nginxpod.yaml
Error from server (NotFound): namespaces "test" not found
Error from server (NotFound): namespaces "test" not found
3.声明式对象配置
通过apply命令和配置文件去操作kubernetes资源
kubectl apply -f nginx-pod.yaml
①apply:资源不存在则创建,存在则更新
[root@master ~]# kubectl apply -f nginxpod.yaml
namespace/test created
pod/nginxpod created
[root@master ~]# kubectl get ns test
NAME STATUS AGE
test Active 11m
[root@master ~]# kubectl get pods -n test
NAME READY STATUS RESTARTS AGE
nginxpod 1/1 Running 0 11m
[root@master ~]# kubectl apply -f nginxpod.yaml
namespace/test unchanged
pod/nginxpod unchanged
# 升级一下nginx的版本:
[root@master ~]# vim nginxpod.yaml
[root@master ~]# kubectl apply -f nginxpod.yaml
namespace/test unchanged
pod/nginxpod configured
三、让node节点也可以执行kubectl
[root@master ~]# scp -r ~/.kube node1:~/
The authenticity of host 'node1 (192.168.108.101)' can't be established.
ECDSA key fingerprint is SHA256:STqwIDvDBkh4qr3q9pJEJOS81ndmJpr6bl7WFurAc+8.
ECDSA key fingerprint is MD5:62:73:79:57:fa:28:06:10:34:67:d4:47:3a:ea:dd:c3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1,192.168.108.101' (ECDSA) to the list of known hosts.
root@node1's password:
config 100% 5455 5.7MB/s 00:00
389b4ee849a4fbb2cf4c2e041e9115d5 100% 247 339.7KB/s 00:00
01fb81f9ee54af6a1db9402d325778c6 100% 4308 5.2MB/s 00:00
8563b78e18cf285697ac57a0dc15f517 100% 619 1.0MB/s 00:00
a39d53be760713bf5e312fdc7af72dd6 100% 434 604.2KB/s 00:00
a819e6de8e39c4b757465e334b0f10ae 100% 618 780.1KB/s 00:00
79b39db8328949aa4a160edf09edda12 100% 416 606.6KB/s 00:00
c3c3c8523cb831ee225f2e20f261d15a 100% 6021 3.4MB/s 00:00
f0cf69a182d02364b8ebba25d0543230 100% 618 831.8KB/s 00:00
618fc0302b8426e708039d7b9791818b 100% 532 733.8KB/s 00:00
6e51ef199282508875fd0edb964a3396 100% 506 652.6KB/s 00:00
3594cf4efca3e842b15593afb2d38ea4 100% 537 746.9KB/s 00:00
56aaa52bdd281724bba2ce59a4ac99fc 100% 695 868.4KB/s 00:00
f1300e3173cb7971528334f61989c21c 100% 516 719.4KB/s 00:00
2226223cc29d46e6c8393c7cf03ab106 100% 547 682.6KB/s 00:00
8e415cda14f85abba25ea38e8a7fd321 100% 705 874.3KB/s 00:00
0a265da455986f44c0861462be14d7dc 100% 753 866.9KB/s 00:00
c82cf74002a57b3c00c9b3c61b0e3508 100% 437 497.6KB/s 00:00
ab381c746e09015c429d04977ae93829 100% 1029 1.5MB/s 00:00
2bd5bc7c14744bc3a959d37255f1d2c4 100% 613 899.2KB/s 00:00
990b411c921d3e07281bde558f8c5211 100% 969 1.2MB/s 00:00
3fda063785f7f8f55c1417babe3bd513 100% 2306 2.7MB/s 00:00
85b45a482aae7d43f4a4c8062de9cf84 100% 417 547.8KB/s 00:00
3ed1cb7aa6cc8622e320bd49fbb6eeb2 100% 541 700.4KB/s 00:00
116c1cd10bfaca5faa7ade7b06c089de 100% 311 354.1KB/s 00:00
dad43047cb6f974ad485d7fc081e4864 100% 316 354.2KB/s 00:00
8751cd26905bff18a3bf9b9be9c1cf15 100% 439 554.4KB/s 00:00
8dd784a64db514de2a2d2ab1f35fcf30 100% 813 1.2MB/s 00:00
0ee835dd162109c977a47a1d4b64b9d4 100% 1024 1.3MB/s 00:00
c593d5d2dd9aac8ef5f26401fd2df0ea 100% 700 983.6KB/s 00:00
14fc828a146a08d78ce3d8cb4d62dda6 100% 398 451.4KB/s 00:00
bec85b1c7a0945707e224cf993604980 100% 411 590.7KB/s 00:00
79b1c5e00c6063145311888fd56be3f8 100% 1041 1.4MB/s 00:00
8da12f1d4d5f7aaaf25e185180ecc624 100% 614 839.8KB/s 00:00
5c60a6f95a1fac0ee7cec4f0c07deea7 100% 403 254.9KB/s 00:00
920b7995e6df859a8ff77abdab4c2a91 100% 700 835.0KB/s 00:00
787216d51eba27b309bb30d6e5f3256f 100% 2815KB 65.8MB/s 00:00
ec24dab38e7fb1993ac6dfff8eebfc97 100% 372 269.7KB/s 00:00
servergroups.json 100% 4319 4.9MB/s 00:00
serverresources.json 100% 510 485.9KB/s 00:00
serverresources.json 100% 505 632.5KB/s 00:00
serverresources.json 100% 325 401.4KB/s 00:00
serverresources.json 100% 330 462.8KB/s 00:00
serverresources.json 100% 2196 3.1MB/s 00:00
serverresources.json 100% 509 511.6KB/s 00:00
serverresources.json 100% 509 511.5KB/s 00:00
serverresources.json 100% 504 682.0KB/s 00:00
serverresources.json 100% 307 413.1KB/s 00:00
serverresources.json 100% 5932 5.7MB/s 00:00
serverresources.json 100% 423 487.4KB/s 00:00
serverresources.json 100% 428 389.8KB/s 00:00
serverresources.json 100% 397 217.0KB/s 00:00
serverresources.json 100% 438 518.0KB/s 00:00
serverresources.json 100% 586 756.5KB/s 00:00
serverresources.json 100% 591 537.9KB/s 00:00
serverresources.json 100% 425 470.5KB/s 00:00
serverresources.json 100% 596 602.4KB/s 00:00
serverresources.json 100% 591 386.9KB/s 00:00
serverresources.json 100% 644 518.4KB/s 00:00
serverresources.json 100% 328 436.3KB/s 00:00
serverresources.json 100% 432 329.0KB/s 00:00
serverresources.json 100% 920 1.3MB/s 00:00
serverresources.json 100% 915 1.0MB/s 00:00
serverresources.json 100% 860 855.5KB/s 00:00
serverresources.json 100% 932 1.1MB/s 00:00
serverresources.json 100% 308 297.7KB/s 00:00
serverresources.json 100% 202 260.7KB/s 00:00
serverresources.json 100% 207 296.3KB/s 00:00
serverresources.json 100% 704 711.7KB/s 00:00
serverresources.json 100% 289 330.0KB/s 00:00
serverresources.json 100% 294 294.5KB/s 00:00
serverresources.json 100% 302 363.8KB/s 00:00
[root@master ~]#
网友评论