创建一个deployment, 此名称为test-httpd, replicas为5, 镜像使用httpd. selector是必须的
spec.selector.matchLabels.app的value必须何metadata.name的值一致
spec.template.metadata.labels.app的value必须何metadata.name的值一致
spec.template.metadata.name的value可以metadata.name的值不一致
test-hpptd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-httpd
spec:
replicas: 5
selector:
matchLabels:
#这个app的值必须和metadata.name的一样
app: test-httpd
template:
metadata:
# 这个name的值可以不和metadata.name的一样
name: test-httpdx
labels:
#这个app的值必须和metadata.name的一样
app: test-httpd
spec:
containers:
- name: httpd
image: httpd
ports:
- containerPort: 80
kubectl apply -f test-httpd.yaml
kubectl get pods
# kubectl get pods
NAME READY STATUS RESTARTS AGE
test-httpd-6dd4c6fb76-9bldc 1/1 Running 0 4s
test-httpd-6dd4c6fb76-cfqwc 0/1 ContainerCreating 0 4s
test-httpd-6dd4c6fb76-mrc82 0/1 ContainerCreating 0 4s
test-httpd-6dd4c6fb76-mzzhb 0/1 ContainerCreating 0 4s
test-httpd-6dd4c6fb76-p44v6 0/1 ContainerCreating 0 4s
# get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-httpd-6dd4c6fb76-9bldc 1/1 Running 0 68s 10.244.1.17 node01 <none> <none>
test-httpd-6dd4c6fb76-cfqwc 1/1 Running 0 68s 10.244.1.21 node01 <none> <none>
test-httpd-6dd4c6fb76-mrc82 1/1 Running 0 68s 10.244.1.20 node01 <none> <none>
test-httpd-6dd4c6fb76-mzzhb 1/1 Running 0 68s 10.244.1.18 node01 <none> <none>
test-httpd-6dd4c6fb76-p44v6 1/1 Running 0 68s 10.244.1.19 node01 <none> <none>
events属于事件提示,它描述了整个资源从开始到现在所经历的全部过程。
Deployment没有像我们想象中直接创建并控制后端的Pod,而是又创建了一个新的资源对象:ReplicaSet(test-httpd-bc546df6f )。
Deployment--> RS(ReplicaSet)--> Pods..
# kubectl describe deployment. test-httpd
Name: test-httpd
Namespace: default
CreationTimestamp: Wed, 19 May 2021 09:01:13 +0000
Labels: <none>
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=test-httpd
Replicas: 5 desired | 5 updated | 5 total | 5 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=test-httpd
Containers:
httpd:
Image: httpd
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: test-httpd-bc546df6f (5/5 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 3m deployment-controller Scaled up replica set test-httpd-6dd4c6fb76 to 5
查看该RS的详细信息,会看到RS整个的Events
kubectl describe rs test-httpd-6dd4c6fb76
Name: test-httpd-6dd4c6fb76
Namespace: default
Selector: app=test-httpd,pod-template-hash=6dd4c6fb76
Labels: app=test-httpd
pod-template-hash=6dd4c6fb76
Annotations: deployment.kubernetes.io/desired-replicas: 5
deployment.kubernetes.io/max-replicas: 7
deployment.kubernetes.io/revision: 1
Controlled By: Deployment/test-httpd
Replicas: 5 current / 5 desired
Pods Status: 5 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=test-httpd
pod-template-hash=6dd4c6fb76
Containers:
httpd:
Image: httpd
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 68s replicaset-controller Created pod: test-httpd-6dd4c6fb76-fxdt5
Normal SuccessfulCreate 68s replicaset-controller Created pod: test-httpd-6dd4c6fb76-8nsmh
Normal SuccessfulCreate 68s replicaset-controller Created pod: test-httpd-6dd4c6fb76-bhjl9
Normal SuccessfulCreate 68s replicaset-controller Created pod: test-httpd-6dd4c6fb76-2fl86
Normal SuccessfulCreate 68s replicaset-controller Created pod: test-httpd-6dd4c6fb76-mt8qn
查看任意一个Pod的详细信息,能够看到此Pod的完整的工作流程
# kubectl describe pod test-httpd-6dd4c6fb76-fxdt5
Name: test-httpd-6dd4c6fb76-fxdt5
Namespace: default
Priority: 0
Node: node01/172.17.0.89
Start Time: Wed, 19 May 2021 09:09:34 +0000
Labels: app=test-httpd
pod-template-hash=6dd4c6fb76
Annotations: <none>
Status: Running
IP: 10.244.1.3
IPs:
IP: 10.244.1.3
Controlled By: ReplicaSet/test-httpd-6dd4c6fb76
Containers:
httpd:
Container ID: docker://03d6f36550596b83eaeb66f024f45a2faeab11e8acbf55a0c5c30d57113d7e4e
Image: httpd
Image ID: docker-pullable://httpd@sha256:e4c2b93c04762468a6cce6d507d94def02ef4dc285278d0d926e09827f4857db
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 19 May 2021 09:09:49 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-dh94p (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-dh94p:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-dh94p
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m14s default-scheduler Successfully assigned default/test-httpd-6dd4c6fb76-fxdt5 to node01
Normal Pulling 3m12s kubelet, node01 Pulling image "httpd"
Normal Pulled 3m1s kubelet, node01 Successfully pulled image "httpd"
Normal Created 3m kubelet, node01 Created container httpd
Normal Started 2m59s kubelet, node01 Started container httpd
image.png
创建一个Service资源,要求与上述test-httpd进行关联
认情况下Service的资源类型Cluster IP, YAML文件中,spec.ports.port:描述的是Cluster IP的端口。
只是为后端的Pod提供了一个统一的访问入口(在k8s集群内有效)
vim test-httpd-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: test-httpd-svc
spec:
selector:
app: test-httpd
ports:
- protocol: TCP
port: 80
targetPort: 80
kubectl apply -f test-httpd-svc.yaml
kubectl get svc
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13m
test-httpd-svc ClusterIP 10.109.147.35 <none> 80/TCP 6s
# curl 10.109.147.35
<html><body><h1>It works!</h1></body></html>
如果想要让外网能够访问到后端Pod,这里应该将Service的资源类型改为NodePort。
访问Cluster IP ,后端的Pod会轮替着为我们提供服务,也就是有负载均衡,如果没有Service资源,KUBE-PROXY组件也不会生效,因为它就是负责负载均衡,那么现在有了Service资源,它到底是怎么做到负载均衡的?底层的原理是什么?表面上来看,通过describe命令,查看SVC资源对应的Endpoint,就能够知道后端真正的Pod。
# vim test-httpd-svc-nodeport.yaml
apiVersino: v1
kind: Service
metadata:
name: test-httpd-svc
spec:
selector:
app: test-httpd
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30080 # NodePort的端口范围: 30000 - 32767
# kubectl delete svc test-httpd-svc
# kubectl apply -f test-httpd-svc-nodeport.yaml
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23m
test-httpd-svc-nodeport NodePort 10.105.227.168 <none> 80:30080/TCP 12s
# kubectl describe svc test-httpd-svc-nodeport
Name: test-httpd-svc-nodeport
Namespace: default
Labels: <none>
Annotations: Selector: app=test-httpd
Type: NodePort
IP: 10.105.227.168
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30080/TCP
Endpoints: 10.244.1.3:80,10.244.1.4:80,10.244.1.5:80 + 2 more...
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
# iptables-save |grep 10.105.227.168
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.105.227.168/32 -p tcp -m comment --comment "default/test-httpd-svc-nodeport: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.105.227.168/32 -p tcp -m comment --comment "default/test-httpd-svc-nodeport: cluster IP" -m tcp --dport 80 -j KUBE-SVC-5EC3ZPWMVIKQHGMU
# #如果目标地址是10.105.227.168/32的80端口,并且走的是TCP协议,那么就把这个流量跳转到KUBE-SVC-5EC3ZPWMVIKQHGMU
# iptables-save|grep 30080
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/test-httpd-svc-nodeport:" -m tcp --dport 30080 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/test-httpd-svc-nodeport:" -m tcp --dport 30080 -j KUBE-SVC-5EC3ZPWMVIKQHGMU
# iptables-save|grep KUBE-SVC-5EC3ZPWMVIKQHGMU
:KUBE-SVC-5EC3ZPWMVIKQHGMU - [0:0]
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/test-httpd-svc-nodeport:" -m tcp --dport 30080 -j KUBE-SVC-5EC3ZPWMVIKQHGMU
-A KUBE-SERVICES -d 10.105.227.168/32 -p tcp -m comment --comment "default/test-httpd-svc-nodeport: cluster IP" -m tcp --dport 80 -j KUBE-SVC-5EC3ZPWMVIKQHGMU
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-WEJ2KHPB3UGJ3Q2L
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-KODG77QHMSNA4GDG
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-EWCOVBI4USNML6BQ
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-5Y2WLLQR22GOUUGX
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -j KUBE-SEP-VVJ4XJC3AZ6CMMFS
# iptables-save |grep KUBE-SEP-VVJ4XJC3AZ6CMMFS
:KUBE-SEP-VVJ4XJC3AZ6CMMFS - [0:0]
-A KUBE-SEP-VVJ4XJC3AZ6CMMFS -s 10.244.1.7/32 -m comment --comment "default/test-httpd-svc-nodeport:" -j KUBE-MARK-MASQ
-A KUBE-SEP-VVJ4XJC3AZ6CMMFS -p tcp -m comment --comment "default/test-httpd-svc-nodeport:" -m tcp -j DNAT --to-destination 10.244.1.7:80
-A KUBE-SVC-5EC3ZPWMVIKQHGMU -m comment --comment "default/test-httpd-svc-nodeport:" -j KUBE-SEP-VVJ4XJC3AZ6CMMFS
参数说明
SNAT: Source NAT 源地址转换
DNAT:Destination NAT 目标地址转换
MASQ:动态的源地址转换
Service:实现的负载均衡:默认使用的是iptables规则;
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-httpd-6dd4c6fb76-2fl86 1/1 Running 0 35m 10.244.1.6 node01 <none> <none>
test-httpd-6dd4c6fb76-8nsmh 1/1 Running 0 35m 10.244.1.4 node01 <none> <none>
test-httpd-6dd4c6fb76-bhjl9 1/1 Running 0 35m 10.244.1.5 node01 <none> <none>
test-httpd-6dd4c6fb76-fxdt5 1/1 Running 0 35m 10.244.1.3 node01 <none> <none>
test-httpd-6dd4c6fb76-mt8qn 1/1 Running 0 35m 10.244.1.7 node01 <none> <none>
# curl 10.244.1.6
<html><body><h1>It works!</h1></body></html>
# curl 10.244.1.3
<html><body><h1>It works!</h1></body></html>
# curl 10.244.1.5
<html><body><h1>It works!</h1></body></html>
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 37m
test-httpd-svc-nodeport NodePort 10.105.227.168 <none> 80:30080/TCP 14m
# curl 10.105.227.168
<html><body><h1>It works!</h1></body></html>
# nslookup test-httpd-svc-nodeport
Server: 127.0.0.53
Address: 127.0.0.53#53
# curl 127.0.0.53:30080
<html><body><h1>It works!</h1></body></html>
# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
controlplane Ready master 5m43s v1.18.0 172.17.0.19 <none> Ubuntu 18.04.5 LTS 4.15.0-122-generic docker://19.3.13
node01 Ready <none> 5m13s v1.18.0 172.17.0.21 <none> Ubuntu 18.04.5 LTS 4.15.0-122-generic docker://19.3.13
# curl 172.17.0.21:30080
<html><body><h1>It works!</h1></body></html>
网友评论