K8S介绍及优化
kubernetes简称k8s,k8s是一个容器化管理平台
优化:
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
一,POD
1,POD介绍
1) k8s集群中部署的最小单元;Pod最主要的功能管理是将一个业务或者一个调用链的所有服务(容器)
2) Pod 的设计理念,支持多个容器在一个 Pod 中共享网络地址和文件系统,可以通过进程间通信和文件共享这种简单高效的方式组合完成服务
3) Pod 是 K8s 集群中所有业务类型的基础,可以看作运行在 K8s 集群中的小机器人,不同类型的业务就需要不同类型的小机器人去执行
2,POD生命周期
生命周期图示
image.png
1、创建pod
2、创建pause基础容器,提供共享名称空间(主容器 --> 业务容器)
3、串行业务容器容器初始化
4、启动业务容器,启动那一刻会同时运行主容器上定义的Poststart钩子事件
5、健康状态监测,判断容器是否启动成功;持续存活状态监测、就绪状态监测
6、结束时,执行prestop钩子事件
7、终止容器 (先终止业务容器 ---> 再终止主容器)
3,POD优势及工作原理
管理多个容器:
Pod 中可以同时运行多个进程(作为容器运行)协同工作;
同一个 Pod 中的容器会自动的分配到同一个 node上;同一个 Pod 中的容器共享资源、网络环境和依赖,所以它们总是被同时调度。
POD优势:
1. 做为一个可以独立运行的服务单元,简化了应用部署的难度,以更高的抽象层次为应用部署管提供了极大的方便。
2. 做为最小的应用实例可以独立运行,因此可以方便的进行部署、水平扩展和收缩、方便进行调度管理与资源的分配。
3. pod中的容器共享相同的数据和网络地址空间,Pod 之间也进行了统一的资源管理与分配
4,POD重启策略
1. Always:当容器失效时,由 kubelet 自动重启该容器。
(不管什么原因容器挂掉都会重启)
2. OnFailure:当容器终止运行且退出码不为 0 时,由 kubelet 自动重启该容器
(容易意外故障退出重启) -----推荐
3. Never:不论容器运行状态如何,kubelet 都不会重启该容器。
5,POD体验
apiVersion: v1
kind: Pod
metadata:
name: wordpress
spec:
containers:
- name: nginx
image: nginx
- name: php
image: php
apiVersion : 指定k8s部署的api版本号
kind : 指定资源类型(pod)
metadata : 记录部署应用的基础信息
spec : 指定部署详情
# 版本号和类型可以下命令查询, kubectle explain 资源类型
[root@\ k8s-m-01~]# kubectl explain pod
KIND: Pod
VERSION: v1
... ...
6,创建pod
[root@\ k8s-m-01~]# kubectl apply -f test1.yaml
pod/test1 created
#获取资源pod
[root@\ k8s-m-01~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
deployment-5849786498-nvhg2 1/1 Running 0 4h27m
test1 0/2 ContainerCreating 0 12s
二,名称空间 ,标签
1,名称空间
1) 名称空间概念
k8s中名称空间是用来隔离集群资源,而k8s中的资源也分为名称空间级资源以及集群级资源。(业内默认标准,一个微服务一个namespace)
k8s集群中:
1,集群级资源:所有命名空间都能够使用
2,命名空间级资源:只能在同一个命名空间使用
# kubectl是k8s客户端,它跟k8s没有任何关系。
## kubectl get [资源名称] 获取集群资源的命令
2) 命名规范
1、必须小写
2、必须以字母开头
3、名称当中只能够包含字母、数字和中划线(-)
3) 创建,获取名称空间
# 注:部署应用一般是部署在自己的名称空间之内
[root@\ k8s-m-01~]# kubectl get namespaces
NAME STATUS AGE
default Active 5d20h
kube-node-lease Active 5d20h
kube-public Active 5d20h
kube-system Active 5d20h
wordpress Active 6h58m
[root@\ k8s-m-01~]# kubectl get ns
NAME STATUS AGE
default Active 5d20h
kube-node-lease Active 5d20h
kube-public Active 5d20h
kube-system Active 5d20h
wordpress Active 6h58m
#创建命名空间
[root@\ k8s-m-01~]# kubectl create namespace lnmp
namespace/lnmp created
[root@\ k8s-m-01~]# kubectl get ns
NAME STATUS AGE
default Active 5d20h
kube-node-lease Active 5d20h
kube-public Active 5d20h
kube-system Active 5d20h
lnmp Active 2s
wordpress Active 6h59m
2,标签 (针对于pod)
1)概念
Label :相当于我们熟悉的“标签”,給某个资源对象定义一个 Label,就相当于給它打了一个标签, 随后可以通过 Label Selector(标签选择器)查询和筛选拥有某些 Label 的资源对象
# docker中的TAG = 仓库URL/名称空间/仓库名称:版本号
k8s中的标签是用来管理(识别一系列)容器,方便与管理和监控拥有同一标签的所有容器
标签可以称之为资源的标示,一般用于发现资源
[root@\ k8s-m-01~]# kubectl get deployments --show-labels
[root@\ k8s-m-01~]# kubectl get pods --show-labels
2)标签使用
1,配置中增加标签
[root@\ k8s-m-01~]# vim deloyment.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-tag
labels:
release: stable
spec:
containers:
- name: nginx
image: nginx
2,查看label
[root@\ k8s-m-01~]# kubectl apply -f test.yaml
pod/test-tag created
[root@\ k8s-m-01~]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
test-tag 1/1 Running 0 80s release=stable
3,增加label
# kubectl label pod(资源类型) 资源名称 app=tag
[root@\ k8s-m-01~]# kubectl label pod test-tag app=tag
pod/test-tag labeled
[root@\ k8s-m-01~]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
test-tag 1/1 Running 0 3m22s app=tag,release=stable
4,删除label
[root@\ k8s-m-01~]# kubectl label pod test-tag app-
pod/test-tag labeled
[root@\ k8s-m-01~]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
test-tag 1/1 Running 0 4m7s release=stable
# 修改标签,即先删除再增加
三,控制器
控制器: 管理Pod
k8s中控制器分为: deployment , DaemonSet, StatufluSet
1,deployment:用来部署长期运行的,无状态的应用(对启动顺序没有要求)
特点:集群之中,随机部署
2,DaemonSet:每一个节点上部署一个Pod,删除节点自动删除对应的Pod,
特点:每一台节点有且只有一个
3,StatufluSet: 部署有状态应用(对启动顺序有要求)
特点:有启动顺序
1,deployment 控制器
1)介绍
deployment:用来部署长期运行的,无状态的应用(对启动顺序没有要求)
特点:集群之中,随机部署
在Deployment对象中描述所需的状态,然后Deployment控制器将实际状态以受控的速率更改为所需的状态。
(如果删除了节点上的容器,会再次生成)
2) 测试删除节点上的容器
示例一:
在部署节点上删除容器,由于pod作用,容器会再次生成
# 查看test-tag部署在n01节点上
[root@\ k8s-m-01~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-tag 1/1 Running 0 27m 10.244.1.11 k8s-n-01 <none> <none>
# 到n01 查看容器运行状态
[root@\ k8s-n-01~]# docker ps | grep test-tag
698a8f018d45 nginx "/docker-entrypoint.…" 29 minutes ago Up 29 minutes k8s_nginx_test-tag_default_370ed585-6f6d-403b-848b-609a8ba00b23_0
c43c269f628a registry.cn-hangzhou.aliyuncs.com/k8sos/pause:3.2 "/pause" 29 minutes ago Up 29 minutes k8s_POD_test-tag_default_370ed585-6f6d-403b-848b-609a8ba00b23_0
# 删除
[root@\ k8s-n-01~]# docker ps | grep test-tag | awk '{print $1}' | xargs -I {} docker rm -f {}
698a8f018d45
c43c269f628a
# 再次查看又生成
[root@\ k8s-n-01~]# docker ps | grep test-tag
d4c7c29e1a02 nginx "/docker-entrypoint.…" 38 seconds ago Up 37 seconds k8s_nginx_test-tag_default_370ed585-6f6d-403b-848b-609a8ba00b23_0
f7c41394b5c1 registry.cn-hangzhou.aliyuncs.com/k8sos/pause:3.2 "/pause" 42 seconds ago Up 40 seconds k8s_POD_test-tag_default_370ed585-6f6d-403b-848b-609a8ba00b23_0
示例二:
在主节点直接删除pod
[root@\ k8s-m-01~]# kubectl explain deployment
KIND: Deployment
VERSION: apps/v1
... ...
[root@\ k8s-m-01~]# vim dep-test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dep-test
spec:
selector: #通过标签关联
matchLabels:
release: stable
template: #控制器用来管理pod,template下面就是pod的模板
metadata:
name: test-tag #名字可以不要,会自动生成
labels:
release: stable
spec:
containers:
- name: nginx
image: nginx
# 创建 查看
[root@\ k8s-m-01~]# kubectl apply -f dep-test.yaml
deployment.apps/dep-test created
[root@\ k8s-m-01~]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
dep-test 0/1 1 0 9s
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-z8jhf 1/1 Running 0 75s
# 删除pod
[root@\ k8s-m-01~]# kubectl delete pod dep-test-5849786498-z8jhf
pod "dep-test-5849786498-z8jhf" deleted
# 再次查询会再次生成,
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-khlnz 1/1 Running 0 17s
以上示例理解以下这句话:
在Deployment对象中描述所需的状态,然后Deployment控制器将实际状态以受控的速率更改为所需的状态
会自动修复
3) 弹性扩容
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-khlnz 1/1 Running 0 55s
# 方式一:修改配置清单
[root@\ k8s-m-01~]# kubectl edit deployments dep-test
replicas: 3 #修改为3,默认为1
#监控查看,生成了3个
[root@\ k8s-m-01~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-khlnz 1/1 Running 0 5m53s
dep-test-5849786498-99b5x 0/1 Pending 0 0s
dep-test-5849786498-99b5x 0/1 Pending 0 0s
dep-test-5849786498-dq6fq 0/1 Pending 0 0s
dep-test-5849786498-dq6fq 0/1 Pending 0 0s
dep-test-5849786498-99b5x 0/1 ContainerCreating 0 0s
dep-test-5849786498-dq6fq 0/1 ContainerCreating 0 0s
dep-test-5849786498-99b5x 1/1 Running 0 7s
dep-test-5849786498-dq6fq 1/1 Running 0 10s
#方式二:打标签
[root@\ k8s-m-01~]# kubectl patch deployments.apps dep-test -p '{"spec":{"replicas":5}}'
deployment.apps/dep-test patched
#查看变成了5台
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-4fqkq 1/1 Running 0 42s
dep-test-5849786498-99b5x 1/1 Running 0 5m21s
dep-test-5849786498-dq6fq 1/1 Running 0 5m21s
dep-test-5849786498-khlnz 1/1 Running 0 11m
dep-test-5849786498-pgnzz 1/1 Running 0 42s
#方式三:scale
[root@\ k8s-m-01~]# kubectl scale deployment/dep-test --replicas=2 # 控制器类型/控制器名称
deployment.apps/dep-test scaled
# 查看
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-test-5849786498-99b5x 1/1 Running 0 8m18s
dep-test-5849786498-khlnz 1/1 Running 0 14m
4) 更新镜像
[root@\ k8s-m-01~]# vim dep-v2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dep-v2
spec:
replicas: 1
selector:
matchLabels:
app: stable
template:
metadata:
labels:
app: stable
spec:
containers:
- name: nginx
image: nginx:1.17.10
[root@\ k8s-m-01~]# kubectl apply -f dep-v2.yaml
deployment.apps/dep-v2 created
[root@\ k8s-m-01~]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
dep-v2 1/1 1 1 31s
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-v2-5b6fddfc87-9pfpc 1/1 Running 0 40s
# 验证其版本
[root@\ k8s-m-01~]# kubectl exec -it dep-v2-5b6fddfc87-9pfpc -- bash
root@dep-v2-5b6fddfc87-9pfpc:/# nginx -v
nginx version: nginx/1.17.10
#方式一 : edit
[root@\ k8s-m-01~]# kubectl edit deployments deployment
containers:
- image: nginx:1.18.0
#方式二 : 修改配置清单
[root@\ k8s-m-01~]# vim deloyment.yaml
... ...
spec:
containers:
- name: nginx
image: nginx:1.18.0
# 方式三: 设置镜像
[root@\ k8s-m-01~]# kubectl set image deployment/dep-v2 nginx=nginx:1.16.0
deployment.apps/dep-v2 image updated
验证
[root@\ k8s-m-01~]# kubectl exec -it dep-v2-66fd455d7f-xgfbl -- bash
root@dep-v2-66fd455d7f-xgfbl:/# nginx -v
nginx version: nginx/1.16.0
#方式四:打标签
[root@\ k8s-m-01~]# kubectl patch deployments.apps dep-v2 -p '{"spec":{"template":{"spec":{"containers":[{"image":"nginx:1.18.0","name":"nginx"}]}}}}'
deployment.apps/dep-v2 patched
# 查看验证
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dep-v2-5559b96bbf-r65ph 1/1 Running 0 14s
[root@\ k8s-m-01~]# kubectl exec -it dep-v2-5559b96bbf-r65ph -- bash
root@dep-v2-5559b96bbf-r65ph:/# nginx -v
nginx version: nginx/1.18.0
5) 回滚
# 查看回滚历史
[root@\ k8s-m-01~]# kubectl rollout history deployment dep-v2
deployment.apps/dep-v2
REVISION CHANGE-CAUSE
1 <none>
2 <none>
3 <none>
# 方式一: 回滚上一个版本
[root@\ k8s-m-01~]# kubectl rollout undo deployment dep-v2
deployment.apps/dep-v2 rolled back
[root@\ k8s-m-01~]# kubectl rollout history deployment dep-v2
deployment.apps/dep-v2
REVISION CHANGE-CAUSE
1 <none>
3 <none>
4 <none>
一共三个版本,回滚到上一个版本即第二个版本,所以第二个版本的序号没有了,成立了一个新的第四个版本
# 方式二: 回滚指定的版本
[root@\ k8s-m-01~]# kubectl rollout history deployment dep-v2
deployment.apps/dep-v2
REVISION CHANGE-CAUSE
3 <none>
4 <none>
5 <none>
[root@\ k8s-m-01~]# kubectl rollout undo deployment dep-v2 --to-revision 3
deployment.apps/dep-v2 rolled back
2,DaemonSet控制器
1)介绍
集群上所有的节点上只部署一个pod(不支持弹性扩容)
删除一个节点后再次加入集群,会再次生成
2) 测试
[root@\ k8s-m-01~]# kubectl explain DaemonSet
KIND: DaemonSet
VERSION: apps/v1
... ...
[root@\ k8s-m-01~]# vim zabbix.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: zabbix-agent
spec:
selector:
matchLabels:
app: zabbix-agent
template:
metadata:
labels:
app: zabbix-agent
spec:
containers:
- name: zabbix-agent
image: zabbix/zabbix-agent:5.2.6-centos
[root@\ k8s-m-01~]# kubectl apply -f zabbix.yaml
daemonset.apps/zabbix-agent created
[root@\ k8s-m-01~]# kubectl get daemonsets.apps
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
zabbix-agent 2 2 2 2 2 <none> 6h18m
#监控查看状态,分别在node节点1和2都有
[root@\ k8s-m-01~]# kubectl get pods -w -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
zabbix-agent-bgsr2 1/1 Running 0 100s 10.244.1.9 k8s-n-01 <none> <none>
zabbix-agent-sz686 1/1 Running 0 100s 10.244.0.12 k8s-m-01 <none> <none>
zabbix-agent-xcgxj 1/1 Running 0 100s 10.244.2.10 k8s-n-02 <none> <none>
#删除 一个节点
[root@\ k8s-m-01~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-m-01 Ready control-plane,master 5d22h v1.20.5
k8s-n-01 Ready <none> 5d21h v1.20.5
k8s-n-02 Ready <none> 5d21h v1.20.5
[root@\ k8s-m-01~]# kubectl delete nodes k8s-n-02
node "k8s-n-02" deleted
# 查看只有一个node有部署
[root@\ k8s-m-01~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-m-01 Ready control-plane,master 5d22h v1.20.5
k8s-n-01 Ready <none> 5d21h v1.20.5
重新加入集群步骤
1,清空
[root@\ k8s-n-02~]# kubeadm reset
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
2,删除
[root@\ k8s-n-02~]# rm -rf /etc/kubernetes/
3,master执行,重新加入集群
[root@\ k8s-m-01~]# kubeadm token create --print-join-command
kubeadm join 192.168.15.31:6443 --token ix1klt.0sxid4ugubhd2ywa --discovery-token-ca-cert-hash sha256:7bf88b32c590e1057664ec33e93cc239babd8a30efe7677852b924d9b121a4b4
4,token值放在node2执行
[root@\ k8s-n-02~]# kubeadm join 192.168.15.31:6443 --token ix1klt.0sxid4ugubhd2ywa --discovery-token-ca-cert-hash sha256:7bf88b32c590e1057664ec33e93cc239babd8a30efe7677852b924d9b121a4b4
5,查看node2节点已经加入
[root@\ k8s-m-01~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-m-01 Ready control-plane,master 5d22h v1.20.5
k8s-n-01 Ready <none> 5d21h v1.20.5
k8s-n-02 Ready <none> 55s v1.20.5
6,监控查看node2启动就部署了容器
[root@\ k8s-m-01~]# kubectl get pod -o wide -w
zabbix-agent-2jvjk 1/1 Running 0 3s 10.244.2.2 k8s-n-02 <none> <none
以上验证,daemonset在集群中有且只有一个pod,并会自动生成
3)更新
#方式一
[root@\ k8s-m-01~]# kubectl edit daemonsets.apps zabbix-agent
- image: zabbix/zabbix-agent:centos-5.2.5
# 方式二:打标签
[root@\ k8s-m-01~]# kubectl patch daemonsets.apps zabbix-agent -p '{"spec":{"template":{"spec":{"containers":[{"image":"zabbix/zabbix-agent:centos-5.2.4", "name":"zabbix-agent"}]}}}}'
#方式三:设置镜像
[root@\ k8s-m-01~]# kubectl set image daemonset/zabbix-agent zabbix-agent=zabbix/zabbix-agent:centos-5.2.3
4)回滚
## 回滚到上一个版本
[root@k8s-m-01 ~]# kubectl rollout undo daemonset zabbix-agent
daemonset.apps/zabbix-agent rolled back
## 回滚到指定版本
[root@k8s-m-01 ~]# kubectl rollout undo daemonset zabbix-agent --to-revision=1
daemonset.apps/zabbix-agent rolled back
3, StatefulSet 控制器
StatefulSet : 控制器,有序
示例一:
[root@\ k8s_master~]# kubectl explain StatefulSet
KIND: StatefulSet
VERSION: apps/v1
[root@\ k8s-m-01~]# vim statefulset.yaml
kind: Service
apiVersion: v1
metadata:
name: statefulset
spec:
ports:
- name: http
port: 80
targetPort: 80
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: test
spec:
serviceName: statefulset
selector:
matchLabels:
app: stable
template:
metadata:
labels:
app: stable
spec:
containers:
- name: nginx
image: nginx
[root@\ k8s-m-01~]# kubectl apply -f statefulset.yaml
[root@\ k8s-m-01~]# kubectl get pod
NAME READY STATUS RESTART
test-0 1/1 Running 0
[root@\ k8s-m-01~]# kubectl get statefulsets.apps
NAME READY AGE
test 1/1 7m16s
[root@\ k8s-m-01~]# kubectl get statefulsets test
NAME READY AGE
test 1/1 7m27s
# 弹性扩容到五台
[root@\ k8s-m-01~]# kubectl edit statefulsets.apps test
replicas: 5
# 观察pod,会有序的增加,test1running起来,才会开始下一台test2
[root@\ k8s_master~]# kubectl get pod -w
test-1 0/1 Pending 0
test-1 0/1 Pending 0
test-1 0/1 ContainerCreating 0
test-1 1/1 Running 0
test-2 0/1 Pending 0
test-2 0/1 Pending 0
test-2 0/1 ContainerCreating 0
test-2 1/1 Running 0
test-3 0/1 Pending 0
test-3 0/1 Pending 0
test-3 0/1 ContainerCreating 0
test-3 1/1 Running 0
test-4 0/1 Pending 0
test-4 0/1 Pending 0
test-4 0/1 ContainerCreating 0
test-4 1/1 Running 0
# 再弹性缩减到1
[root@\ k8s-m-01~]# kubectl edit statefulsets.apps test
replicas: 1
#再次观察
[root@\ k8s_master~]# kubectl get pod -w
test-4 1/1 Terminating 0
test-4 0/1 Terminating 0
test-4 0/1 Terminating 0
test-4 0/1 Terminating 0
test-3 1/1 Terminating 0
test-3 0/1 Terminating 0
test-3 0/1 Terminating 0
test-3 0/1 Terminating 0
test-2 1/1 Terminating 0
test-2 0/1 Terminating 0
test-2 0/1 Terminating 0
test-2 0/1 Terminating 0
test-1 1/1 Terminating 0
test-1 0/1 Terminating 0
test-1 0/1 Terminating 0
test-1 0/1 Terminating 0
四,智能负载均衡
service
1)概述
提供负载均衡和服务自动发现;一个service就等同于一个微服务
#pod有生命周期,再次生成ip会随机
#pod内部网络互通,但是不能外网连接
2) 测试
测试一:
#删除,虽然会再生成,ip地址不同
[root@\ k8s-m-01~]# kubectl delete pod zabbix-agent-z9dmz
pod "zabbix-agent-z9dmz" deleted
[root@\ k8s-m-01~]# kubectl get pods -o wide -w
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
abbix-agent-z9dmz 0/1 Terminating 0 10m 10.244.0.14 k8s-m-01 <none> <none>
... ...
zabbix-agent-b5lfk 1/1 Running 0 2s 10.244.0.15 k8s-m-01 <none> <none>
测试二:
# dep-test-5849786498-vnct9 部署的nginx
[root@\ k8s-m-01~]# kubectl get pods -o wide -w
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dep-test-5849786498-khlnz 1/1 Running 0 84m 10.244.1.13 k8s-n-01 <none> <none>
dep-test-5849786498-vnct9 1/1 Running 0 30m 10.244.1.19 k8s-n-01 <none> <none>
# 内网可以访问,外网不可以
[root@\ k8s-m-01~]# curl 10.244.1.19
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title
3)负载均衡测试
[root@\ k8s-m-01~]# vim service.yaml
apiVersion: v1
kind: Service
metadata:
name: service
spec:
selector:
release: stable
ports:
- name: http
port: 80 #负载均衡向外暴露的端口
targetPort: 80 # 内部端口
protocol: "TCP"
- name: https
port: 443
targetPort: 443
protocol: "TCP"
[root@\ k8s-m-01~]# kubectl apply -f service.yaml
service/service created
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service ClusterIP 10.96.60.35 <none> 80/TCP,443/TCP 82s
# 可以ping通,此时已经完成了负载均衡,无法验证
[root@\ k8s-m-01~]# curl 10.96.60.35
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
... ...
[root@\ k8s-m-01~]# vim deloyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
replicas: 1
selector:
matchLabels:
release: stable
template:
metadata:
name: test-tag
labels:
release: stable
spec:
containers:
- name: nginx
image: alvinos/django:v1
[root@\ k8s-m-01~]# kubectl apply -f deloyment.yaml
deployment.apps/deployment configured
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d22h
service ClusterIP 10.96.60.35 <none> 80/TCP,443/TCP 8m31s
[root@\ k8s-m-01~]# curl 10.96.60.35/index
主机名:deployment-5d4fd8d67-l9nsf,版本:v1
#弹性扩容
[root@\ k8s-m-01~]# kubectl edit deployments.apps deployment
replicas: 5
# 查看,实现负载均衡
[root@\ k8s-m-01~]# while true ;do curl 10.96.60.35/index; sleep 1; echo ; done
主机名:deployment-5d4fd8d67-q6mbx,版本:v1
主机名:deployment-5d4fd8d67-qbh7z,版本:v1
主机名:deployment-5d4fd8d67-q6mbx,版本:v1
主机名:deployment-5d4fd8d67-q6mbx,版本:v1
主机名:deployment-5d4fd8d67-qbh7z,版本:v1
PS:
[root@\ k8s-m-01~]# cat service.yaml
apiVersion: v1
kind: Service
metadata:
name: service
spec:
selector:
release: stable
ports:
- name: http
port: 80
targetPort: 80
protocol: "TCP"
- name: https
port: 443
targetPort: 443
protocol: "TCP"
[root@\ k8s-m-01~]# cat deloyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
replicas: 1
selector:
matchLabels:
release: stable
template:
metadata:
name: test-tag
labels:
release: stable
spec:
containers:
- name: nginx
image: alvinos/django:v1
以上实现网络互通原理,是通过标签关联
4)service的几种类型
1,CluserIP(默认使用) : 向集群内布暴露一个IP
2,nodePort : 在宿主机中开启一个端口与负载均衡IP的端口一一对应,外界可以使用宿主机的端口访问集群内部服务
3,LoadBalancer : 实现暴露服务的另一种解决方案,,依赖于公有云弹性IP实现 (公有云的弹性IP可测试)
4,ExternalName
--1)CluserIP
# 推荐使用CluserIP,默认
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d23h
service ClusterIP 10.96.60.35 <none> 80/TCP,443/TCP 24m
--2)nodePort
更改配置
[root@\ k8s-m-01~]# kubectl edit service service
type: NodePort
# 多了映射端口,可以直接访问
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 5d23h
service NodePort 10.96.60.35 <none> 80:30765/TCP,443:30253/TCP 27m
image.png
实现负载均衡
node节点ip一样可以访问
image.png
--3)ExternalName
[root@\ k8s-m-01~]# vim exter.yaml
apiVersion: v1
kind: Service
metadata:
name: external-name
spec:
type: ExternalName
externalName: www.jd.com
[root@\ k8s-m-01~]# kubectl apply -f exter.yaml
service/external-name created
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
external-name ExternalName <none> www.baidu.com <none> 6s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6d14h
service NodePort 10.96.60.35 <none> 80:30765/TCP,443:30253/TCP 15h
[root@\ k8s-m-01~]# kubectl run test -it --rm --image=busybox:1.28.3
If you don't see a command prompt, try pressing enter.
/ # nslookup external-name
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: external-name
Address 1: 103.235.46.39
访问103.235.46.39 =====》 就是百度的页面
可以更改配置中的externalName: www.jd.com ,再次解析,就是京东的页面
--4)Headless
#service在创建之前,是可以自定义ip的
[root@\ k8s-m-01~]# vim headless.yaml
apiVersion: v1
kind: Service
metadata:
name: headless-service
spec:
clusterIP: None
selector:
app: wordpress
ports:
- name: http
port: 80
targetPort: 80
[root@\ k8s-m-01~]# kubectl apply -f headless.yaml
service/headless-service created
[root@\ k8s-m-01~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
headless-service ClusterIP None <none> 80/TCP 11s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d18h
service NodePort 10.96.60.35 <none> 80:30765/TCP,443:30253/TCP 44h
[root@\ k8s-m-01~]# cat deloyment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
replicas: 1
selector:
matchLabels:
release: stable
template:
metadata:
name: test-tag
labels:
release: stable
spec:
containers:
- name: nginx
[root@\ k8s-m-01~]# kubectl apply -f deloyment.yaml
deployment.apps/deployment created
[root@\ k8s-m-01~]# kubectl get pod
deployment-c8fc95c-975rr 1/1 Running 0 3s
[root@\ k8s-m-01~]# kubectl get pod --show-labels
deployment-c8fc95c-975rr 1/1 Running 0 40s pod-template-hash=c8fc95c,release=stable
[root@\ k8s-m-01~]# vim service.yaml
apiVersion: v1
kind: Service
metadata:
name: service
spec:
selector:
release: stable
ports:
- name: http
port: 80
targetPort: 80
protocol: "TCP"
[root@\ k8s-m-01~]# kubectl delete -f service.yaml
service "service" deleted
[root@\ k8s-m-01~]# kubectl apply -f service.yaml
service/service created
#查看service详情
[root@\ k8s-m-01~]# kubectl describe service service
Name: service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: release=stable
Type: ClusterIP
IP Families: <none>
IP: 10.97.244.168
IPs: 10.97.244.168
Port: http 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.28:80,10.244.1.29:80,10.244.2.11:80
Session Affinity: None
Events: <none>
#类型属于Type: ClusterIP
# 查看pod
[root@\ k8s-m-01~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dep-test-5849786498-bx4r7 1/1 Running 0 22h 10.244.1.29 k8s-n-01 <none> <none>
dep-test-5849786498-hdp7t 1/1 Running 0 22h 10.244.1.28 k8s-n-01 <none> <none>
deployment-c8fc95c-975rr 1/1 Running 0 5m39s 10.244.2.11 k8s-n-02 <none> <none>
# 查看service
[root@\ k8s-m-01~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service ClusterIP 10.97.244.168 <none> 80/TCP 11s
# 查看 endpoints service的详情
[root@\ k8s-m-01~]# kubectl describe endpoints service
Name: service
Namespace: default
Labels: <none>
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2021-04-02T06:57:07Z
Subsets:
Addresses: 10.244.1.28,10.244.1.29,10.244.2.11
NotReadyAddresses: <none> # 代表不可用的地址
Ports:
Name Port Protocol
---- ---- --------
http 80 TCP
Events: <none>
验证以上不可用地址:
在node2执行
[root@\ k8s-n-02~]# docker ps | grep deployment-c8fc95c-975rr
894d507b2576 0abe8858796c "python3 manage.py r…" 11 minutes ago Up 11 minutes k8s_nginx_deployment-c8fc95c-975rr_default_91884bd4-fb53-4e23-ab54-b34c9d36e619_0
387951ec8f82 registry.cn-hangzhou.aliyuncs.com/k8sos/pause:3.2 "/pause" 11 minutes ago Up 11 minutes k8s_POD_deployment-c8fc95c-975rr_default_91884bd4-fb53-4e23-ab54-b34c9d36e619_0
[root@\ k8s-n-02~]# docker rm -f 894d507b2576
894d507b2576
#在master查看,会有一台不可用地址就是node2上的容器地址(会再很快时间内重新启动)
[root@\ k8s-m-01~]# kubectl describe endpoints service
Name: service
Namespace: default
Labels: <none>
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2021-04-02T07:07:35Z
Subsets:
Addresses: 10.244.1.28,10.244.1.29
NotReadyAddresses: 10.244.2.11
Ports:
Name Port Protocol
---- ---- --------
http 80 TCP
Events: <none>
如上,如果地址不可用不会加载在负载均衡里,可用会再次拉入集群
总结:
service与pod的关系
service创建endpoints(同步创建),endpoints去连接pod
# 删除service,emdpoints也会消失
[root@\ k8s-m-01~]# kubectl delete -f service.yaml
service "service" deleted
[root@\ k8s-m-01~]# kubectl describe endpoints service
Error from server (NotFound): endpoints "service" not found
--5)Ingress
属于集群创建资源,不属于k8s
ingress是基于域名的网络转发资源
1,下载
[root@\ k8s-m-01~]# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
--2021-04-02 15:18:41-- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18189 (18K) [text/plain]
Saving to: ‘deploy.yaml.1’
100%[=========================================================================================>] 18,189 78.8KB/s in 0.2s
2021-04-02 15:18:42 (78.8 KB/s) - ‘deploy.yaml’ saved [18189/18189]
# 搜索出来的结果,第一个镜像无法下载,需要换个源
[root@\ k8s-m-01~]# cat deploy.yaml | grep image
2, 修改镜像
sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml
3、部署
[root@\ k8s-m-01~]# kubectl apply -f deploy.yaml
4,编辑配置清单
[root@\ k8s-m-01~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
[root@\ k8s-m-01~]# kubectl get endpoints service
NAME ENDPOINTS AGE
service 10.244.1.28:80,10.244.1.29:80,10.244.2.11:80 7s
# 用上面的service
[root@\ k8s-m-01~]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.test.com
http:
paths:
- path: /
backend:
serviceName: service
servicePort: 80
[root@\ k8s-m-01~]# kubectl apply -f ingress.yaml
[root@\ k8s-m-01~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com 192.168.15.33 80 4h45m
5,修改hosts解析访问
# 查看端口
[root@\ k8s-m-01~]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.102.254.20 <none> 80:30654/TCP,443:31066/TCP 5m43s
ingress-nginx-controller-admission ClusterIP 10.111.163.84 <none> 443/TCP 5m43s
可以访问的到
[root@\ k8s-m-01~]# vim dep-test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dep-test
spec:
selector:
matchLabels:
release: stable
template:
metadata:
name: test-tag
labels:
release: stable
spec:
containers:
- name: nginx
image: nginx
---
apiVersion: v1
kind: Service
metadata:
name: test-svc
spec:
selector:
app: nginx
ports:
- name: http
port: 80
targetPort: 80
[root@\ k8s-m-01~]# kubectl apply -f dep-test.yaml
service/test-svc created
[root@\ k8s-m-01~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-svc ClusterIP 10.106.138.213 <none> 80/TCP 42s
# 修改ingress
[root@\ k8s-m-01~]# vim ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.test.com
http:
paths:
- path: /
backend:
serviceName: service
servicePort: 80
- host: www.abc.com
http:
paths:
- path: /
backend:
serviceName: test-svc
servicePort: 80
# 没更新之前查看ingress、只有www.test.com
[root@\ k8s-m-01~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com 192.168.15.33 80 4h56m
# 更新配置清单
[root@\ k8s-m-01~]# kubectl apply -f ingress.yaml
ingress.extensions/ingress-ingress configured
# 再次查看
[root@\ k8s-m-01~]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-ingress <none> www.test.com,www.abc.com 192.168.15.33 80 4h56m
更改hosts,访问www.abc.com
原理
[root@\ k8s-m-01~]# kubectl exec -n ingress-nginx -it ingress-nginx-controller-57dc855f79-j7xgj -- bash
bash-5.1$ cd /etc/nginx/
bash-5.1$ ls
fastcgi.conf koi-utf modsecurity owasp-modsecurity-crs uwsgi_params.default
fastcgi.conf.default koi-win modules scgi_params win-utf
fastcgi_params lua nginx.conf scgi_params.default
fastcgi_params.default mime.types nginx.conf.default template
geoip mime.types.default opentracing.json uwsgi_params
# 搜索www.test.com
bash-5.1$ vi nginx.conf
... ...
## end server www.abc.com
## start server www.test.com
server {
server_name www.test.com ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "default";
set $ingress_name "ingress-ingress";
set $service_name "service";
set $service_port "80";
set $location_path "/";
set $global_rate_limit_exceeding n;
... ...
proxy_pass http://upstream_balancer;
通过一堆的变量
bash-5.1$ cd lua/
bash-5.1$ ls
balancer global_throttle.lua plugins.lua util
balancer.lua lua_ingress.lua tcp_udp_balancer.lua util.lua
certificate.lua monitor.lua tcp_udp_configuration.lua
configuration.lua plugins test
# 主要是这个文件里tcp_udp_balancer.lua 一堆函数调用生成的server_name
这是删除
[root@\ k8s-m-01~]# kubectl get pod -n ingress-nginx
网友评论