3. kubernetes应用
[TOC]
本文基于马哥的docker和k8s视频总结, 在此致谢马哥.
kubectl是唯一连接kube-apiserver的工具
kubectl可以控制的对象:
pod, service, replicaset, deployment, statefulet, daemonset, job, cronjob, node
查看集群相关信息
kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:05:50Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
kubectl cluster-info
Kubernetes master is running at https://192.168.200.200:6443
KubeDNS is running at https://192.168.200.200:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
创建pod并测试
kubectl run --help
Create and run a particular image, possibly replicated.
Creates a deployment or job to manage the created container(s)
# deployment和job均为控制器, pod是kubectl控制的最小单位
kubectl run nginx --image=nginx \
--port=80 \
--replicas=5 \
--dry-run=true \
--restart=Never
# nginx 控制器名称
# --image=nginx 默认使用latest的镜像创建pod
# --port=80 暴露80端口
# --replicas=5 启动5个pod
# --dry-run=true 启用干跑模式, 不会真正启动pod
# --restart=Never 当pod或者container丢失时, 是否再次启动一个补上, 默认会补上, Never表示不启动新的补上
# --command -- <cmd> <arg1> ... <argN> 启动容器时不想运行镜像中默认的命令, 而使用自定义的命令
# 创建实例, 如果使用私有仓库中的镜像, 需要指明私有仓库的地址和端口
# 创建时从节点会自动拉取对应镜像并创建pod
kubectl run nginx-deploy --image=nginx:1.14-alpine --port=80 --replicas=1
# 查看当前系统已被创建的deployment
kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 1/1 1 1 79s
# AVAILABLE在创建之初值可能为0, 因为创建后系统会先做就绪性检查
# 查看已创建的pod, -o wide表示显示更多信息
kubectl get pods [-o wide]
NAME READY STATUS RESTARTS AGE
nginx-deploy-7689897d8d-7j2xz 1/1 Running 0 11m
| NAME | READY | STATUS | RESTARTS | AGE | IP | NODE | NOMINATED NODE | READINESS GATES |
|---|---|---|---|---|---|---|---|---|
| nginx-deploy-7689897d8d-7j2xz | 1/1 | Running | 0 | 5m24s | 10.244.1.2 | node2 | <none> | <none> |
# 此时在node2查看网络, 可发现新建的pod属于cni0桥
ifconfig
cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.1.1 netmask 255.255.255.0 broadcast 0.0.0.0
kubectl delete pods nginx-deploy-7689897d8d-7j2xz
# 因为在创建时指定了replicas为1, 故删除后会自动重建一个新的pod,
# 但新pod上的container对应的ip已改变
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deploy-7689897d8d-pj5bm 1/1 Running 0 5s
创建service固定端点
kubectl expose (-f FILENAME | TYPE NAME) [--port=port]
[--protocol=TCP|UDP|SCTP] [--target-port=number-or-name] [--name=name]
[--external-ip=external-ip-of-service] [--type=type] [options]
--name= # service name
--port= # service port
--type= # service type, such as ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'
# ClusterIP 此service只有一个service ip, 只能被集群内的各pod客户端所访问
# 特别注意大小写不可出错!!! 大小写有严格的区分!!!
# 创建service固定端点
kubectl expose deployment nginx-deploy \
--name=nginx \
--port=80 \
--target-port=80 \
--protocol=TCP
# deployment nginx-deploy 将nginx-deploy控制器内的资源都创建为一个服务
# --name=nginx 服务名为nginx
# 查看创建的service
kubectl get services
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6h32m
nginx ClusterIP 10.98.70.214 <none> 80/TCP 15s
# 现在在集群内可以使用10.98.70.214这个地址访问80端口
kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-5c98db65d4-9txgv 1/1 Running 13 6h36m 10.244.0.10 node1 <none> <none>
coredns-5c98db65d4-fmqmt 1/1 Running 13 6h36m 10.244.0.11 node1 <none> <none>
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 6h39m
# 使用10.96.0.10的kube-dns来解析刚创建的nginx服务
# 再创建一个pod作为客户端测试nginx, -it 交互终端, 类似于docker的-it选项
kubectl run client --image=busybox --replicas=1 --restart=Never -it
/ # cat /etc/resolv.conf
nameserver 10.96.0.10 # 会发现新建的pod的DNS服务器是10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
/ # wget -O - -q http://nginx:80
# 会被DNS自动解析到service ip及端口, 即10.98.70.214:80, 然后被调度到nginx pod
# svc.cluster.local 特殊域名后缀, 表示kubernetes集群本地pod资源
# default 所属的名称空间的名字
dig -t A nginx.default.svc.cluster.local @10.96.0.10
kubectl delete pods nginx-deploy-7689897d8d-pj5bm
# 删除刚建立的nginx pod, 会发现client上依旧可以访问nginx service
# 因为Selector是根据service的Label做区分
# 查看service nginx的详细信息
kubectl describe svc nginx
Name: nginx
Namespace: default
Labels: run=nginx-deploy
Annotations: <none>
Selector: run=nginx-deploy # 选择器选择所有拥有run标签, 且值为nginx-deploy的pod资源
Type: ClusterIP
IP: 10.98.70.214
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.3:80 # 可以看到关联的ip和port
Session Affinity: None
Events: <none>
kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
client 0/1 Completed 0 45m run=client
nginx-deploy-7689897d8d-pj5bm 1/1 Running 0 103m pod-template-hash=7689897d8d,run=nginx-deploy # 此处的标签被Selector选中
# 可以编辑service的配置
kubectl edit svc nginx
# 将type: ClusterIP改为type: NodePort
# 然后查看svc, 会发现多出来的端口可以用于集群外部访问
kubectl get pods
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8h
nginx NodePort 10.98.70.214 <none> 80:30403/TCP 109m
动态扩展
kubectl scale -h
Set a new size for a Deployment, ReplicaSet, Replication Controller, or
StatefulSet.
Scale also allows users to specify one or more preconditions for the scale action.
# 扩展为5个pod
kubectl scale --replicas=5 deployment nginx-deploy
kubectl get pods
# 缩减为3个pod
kubectl scale --replicas=3 deployment nginx-deploy
kubectl get pods
滚动更新与回退
- 改变镜像版本, 换成新的镜像
kubectl set image -h
# Update existing container image(s) of resources
kubectl set image (-f FILENAME | TYPE NAME) \
CONTAINER_NAME_1=CONTAINER_IMAGE_1 \
... \
CONTAINER_NAME_N=CONTAINER_IMAGE_N [options]
# 1. 查看CONTAINER_NAME和CONTAINER_IMAGE
kuberctl describe pods nginx-deploy-7689897d8d-pj5bm
# 2. 更新所使用的镜像版本
kubectl set image deployment nginx-deploy \
nginx-deploy=nginx:1.14-alpine-v2
# 3. 显示更新过程
kubectl rollout status deployment nginx-deploy
# 4. 若更新出错可以回滚, 默认回退到上一个版本
kubectl rollout undo deployment nginx-deploy
网友评论