前言
通过配置文件操作Kubernetes
根据配置文件执行操作
-f <yml>:指定配置文件
<yml>:.yml格式的配置文件
执行操作
创建操作
删除操作
对命名空间Namespace的操作
创建命名空间
<namespace_name>:命名空间名称
1
2
3
4
| apiVersion: v1
kind: Namespace
metadata:
name: <namespace_name>
|
对Pod的操作
创建Pod
apiVersion: v1:api版本
kind::定义配置文件类型(核心配置)
Pod:用于创建容器的配置文件
Namespace:用于创建命名空间的配置文件
metadata.name:定义名称。如果是Pod类型,会自动在末尾生成随机字符串用于区分
spec.containers:对容器的配置
spec.containers.image:docker镜像名(核心配置)
spec.containers.imagePullPolicy:是否联网下载镜像
Never:不联网下载镜像
metadata.namespace:指定命名空间
spec.containers.name:定义镜像名
spec.containers.ports.containerPort:容器暴露的端口(可选)
1
2
3
4
5
6
7
8
9
10
11
12
13
| apiVersion: v1
kind: Pod
metadata:
name: <pod_name>
namespace: <namespace_name>
spec:
containers:
- image: <image>:<tag>
imagePullPolicy: Never
name: <container_name>
ports:
- containerPort: 8080
protocol: TCP
|
包含节点选择器
spec.nodeSelector:节点选择器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apiVersion: v1
kind: Pod
metadata:
name: kubia-manual
spec:
nodeSelector:
<key>: <value>
containers:
- image: luksa/kubia
imagePullPolicy: Never
name: kubia
ports:
- containerPort: 8080
protocol: TCP
|
对Deployment工作负载的操作
创建Deployment
- 配置文件与RS相似,因为Deployment会自动启动RS做滚动升级操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| apiVersion: apps/v1
kind: Deployment
metadata:
name: kubia
spec:
replicas: 3
selector:
matchLabels:
app: kubia
template:
metadata:
name: kubia
labels:
app: kubia
spec:
containers:
- image: luksa/kubia:v1
imagePullPolicy: Never
name: nodejs
|
改变滚动升级速率
spec.strategy.rollingUpdate.maxSurge:允许超出容器的数量,可以为百分比或数值,默认值为25%
spec.strategy.rollingUpdate.maxUnavailable:允许不可用容器的数量,可以为百分比或数值,默认值为25%
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| apiVersion: apps/v1
kind: Deployment
metadata:
name: kubia
spec:
replicas: 3
selector:
matchLabels:
app: kubia
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
name: kubia
labels:
app: kubia
spec:
containers:
- image: luksa/kubia:v1
imagePullPolicy: Never
name: nodejs
|
就绪探针
- 通过就绪探针判定是否就绪,未就绪会阻塞,阻塞10分钟,升级不再执行
spec.minReadySeconds:判定就绪的时间(单位:秒)
spec.template.spec.containers.readinessProbe:配置就绪探针
spec.template.spec.containers.readinessProbe.periodSeconds:间隔时间
spec.template.spec.containers.readinessProbe.httpGet.path:探测路径
spec.template.spec.containers.readinessProbe.httpGet.port:探测端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| apiVersion: apps/v1
kind: Deployment
metadata:
name: kubia
spec:
replicas: 3
selector:
matchLabels:
app: kubia
minReadySeconds: 10
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
name: kubia
labels:
app: kubia
spec:
containers:
- image: luksa/kubia:v3
name: nodejs
imagePullPolicy: Never
readinessProbe:
periodSeconds: 1
httpGet:
path: /
port: 8080
|
对Service服务的操作
创建服务
metadata.name:Service的名称,要求必须与Deployment的名称一致
<key>: <value>:需要与Deployment中的spec.template.metadata.labels保持一致
spec.ports.port:服务向外暴露的端口
spec.ports.targetPort:容器内部的端口
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: Service
metadata:
name: kubia
spec:
selector:
<key>: <value>
ports:
- port: 80
targetPort: 80
type: NodePort
|
对外端口暴露
NodePort
spec.type:对外暴露类型
NodePort:在每个节电上开放访问端口
spec.ports.nodePort:外部访问端口
1
2
3
4
5
6
7
8
9
10
11
12
| apiVersion: v1
kind: Service
metadata:
name: kubia-nodeport
spec:
type: NodePort
ports:
- port: 80
targetPort: 8080
nodePort: 30123
selector:
<key>: <value>
|
LoadBalance
- NodePort的一种扩展,负载均衡器需要云基础设施来提供
Ingress
<host>:指定用于访问的域名
Prefix:前缀匹配,只要前缀与path相同,则匹配成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: networking.k8s.io/v1
kend: Ingress
metadata:
namespace: default
name: <ingress_name>
spec:
ingressClassName: ingress
rules:
- host: <host>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: <deployment_name>
port:
number: 80
|
192.168.0.1:网卡上的真实IP地址
<host>:刚刚配置的域名
手动创建Endpoints对象
Endpoint是在Service和pod之间的一种资源
一个Endpoint资源,包含一组pod的地址列表
创建与Service同名的Endpoints即可建立关联
subsets.addresses:包含的地址列表
ip: <ip>:访问地址
subsets.ports.port:目标服务的端口
1
2
3
4
5
6
7
8
9
10
| apiVersion: v1
kind: Endpoints
metadata:
name: kubia
subsets:
- addresses:
- ip: 120.52.99.224
- ip: 117.136.190.162
ports:
- port: 80
|
对Labels标签的操作
新建容器时,为新容器贴标签
metadate.labels:标签设置,键值对形式,每个标签占一行
<key>:标签键
<value>:标签值
1
2
3
| metadata:
labels:
<key>: <value>
|
对控制器的操作
创建控制器
ReplicationController
- RC可以自动化维护多个pod,只需指定pod副本的数量,就可以轻松实现自动扩容缩容
- 当一个pod宕机,RC可以自动关闭pod,并启动一个新的pod替代它
- 标签的完整匹配
apiVersion: v1:api版本
kind::定义配置文件类型(核心配置)
ReplicationController:用于创建RC控制器的配置文件
metadata.name:定义名称
spec.replicas:容器副本的数量
spec.selector:根据选择器来选择RC管理的容器
<key>:标签键
<value>:标签值
spec.template:定义容器的模版
spec.template.metadata.labels:创建容器时为容器贴标签
<key>:标签键
<value>:标签值
spec.containers:对容器的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| apiVersion: v1
kind: ReplicationController
metadata:
name: kubia
spec:
replicas: 3
selector:
<key>: <value>
template:
metadata:
labels:
<key>: <value>
spec:
containers:
- name: kubia
image: luksa/kubia
imagePullPolicy: Never
ports:
- containerPort: 8080
|
ReplicaSet
- 标签选择可以使用运算符
- 是ReplcationController的新版控制器
matchLabels
apiVersion: v1:api版本
kind::定义配置文件类型(核心配置)
ReplicationController:用于创建RS控制器的配置文件
spec.selector.matchLabels:使用label选择器,对标签进行完整匹配
<key>:标签键
<value>:标签值
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: kubia
spec:
replicas: 3
selector:
matchLabels:
app: kubia
template:
metadata:
labels:
<key>: <value>
spec:
containers:
- name: kubia
image: luksa/kubia
imagePullPolicy: Never
|
matchExpressions
apiVersion: v1:api版本
kind::定义配置文件类型(核心配置)
ReplicationController:用于创建RS控制器的配置文件
spec.selector.matchLabels:表达式匹配选择器
spec.selector.matchLabels.key:指定标签键
spec.selector.matchLabels.operator:运算符
In:label与其中一个值匹配
NotIn:label与任何一个值都不匹配
Exists:包含指定labet名称,值任意
DoesNotExeists:不包含指定label名称,值任意
spec.selector.matchLabels.values:指定标签值,label值列表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: kubia
spec:
replicas: 4
selector:
matchExpressions:
- key: <key>
operator: In
values:
- <value_1>
- <value_2>
template:
metadata:
labels:
app: kubia
spec:
containers:
- name: kubia
image: luksa/kubia
imagePullPolicy: Never
|
DaemonSet
- 在每个节点上运行一个 pod,包括主控服务器
- 主要用途:资源监控,kube-proxy等
- DaemonSet不指定pod数量,它会在每个节点上部署一个pod
不含节点选择器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ssd-monitor
spec:
selector:
matchLabels:
<key>: <value>
template:
metadata:
labels:
<key>: <value>
spec:
containers:
- name: main
image: luksa/ssd-monitor
imagePullPolicy: Never
|
包含节点选择器
spec.template.spec.nodeSelector:节点选择器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ssd-monitor
spec:
selector:
matchLabels:
<key>: <value>
template:
metadata:
labels:
<key>: <value>
spec:
nodeSelector:
<key>: <value>
containers:
- name: main
image: luksa/ssd-monitor
imagePullPolicy: Never
|
Job
- Job 用来运行单个任务,任务结束后pod不再重启
单个运行运行单次
spec.template.spec.restartPolicy:重启策略
OnFailure:任务失败时
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| apiVersion: batch/v1
kind: Job
metadata:
name: batch-job
spec:
template:
metadata:
labels:
<key>: <value>
spec:
restartPolicy: OnFailure
containers:
- name: main
image: luksa/batch-job
imagePullPolicy: Never
|
单个运行运行多次
sepc.completions:指定任务执行总次数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| apiVersion: batch/v1
kind: Job
metadata:
name: multi-completion-batch-job
spec:
completions: 5
template:
metadata:
labels:
<key>: <value>
spec:
restartPolicy: OnFailure
containers:
- name: main
image: luksa/batch-job
imagePullPolicy: Never
|
并行运行运行共多少次
spec.parallelism:并行运行任务数量
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| apiVersion: batch/v1
kind: Job
metadata:
name: multi-completion-parallel-batch-job
spec:
completions: 5
parallelism: 2
template:
metadata:
labels:
<key>: <value>
spec:
restartPolicy: OnFailure
containers:
- name: main
image: luksa/batch-job
imagePullPolicy: Never
|
Cronjob
spec.schedule:定义cron的定时任务格式
每个单位数用空格隔开,每组单位数用逗号隔开,如果该单位数每个单位都执行用*表示
第一个单位:分钟
第二个单位:小时
第二个单位:月中的天
第二个单位:月
第二个单位:周中的天
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: batch-job-every-fifteen-minutes
spec:
schedule: "0,15,30,45 * * * *"
jobTemplate:
spec:
template:
metadata:
labels:
app: periodic-batch-job
spec:
restartPolicy: OnFailure
containers:
- name: main
image: luksa/batch-job
imagePullPolicy: Never
|
覆盖docker启动命令和启动参数
spec.containers.command:覆盖ENTRYPOINT启动命令
spec.containers.args:覆盖CMD启动参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: v1
kind: Pod
metadata:
name: fortune
labels:
app: fortune
spec:
containers:
- image: luksa/fortune:args
args: ["2"]
name: html-genrator
imagePullPolicy: Never
volumeMounts:
- name: html
mountPath: /var/htdocs
ports:
- containerPort: 80
protocol: TCP
|
对数据卷的操作
emptyDir
spec.containers.volumeMounts:容器中数据卷的配置
spec.containers.volumeMounts.name:指定容器使用的数据卷名
spec.containers.volumeMounts.mountPath:容器中的挂载路径
spec.containers.volumeMounts.readOnly:是否为只读
spec.volums:数据卷的配置
spec.volums.name:定义数据卷名
spec.volums.emptyDir:定义数据卷类型为emptyDir类型
emptyDir:简单的空目录
hostPath:工作节点中的磁盘路径
gitRepo:从git克隆的本地仓库
nfs:nfs共享文件系统
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| apiVersion: v1
kind: Pod
metadata:
name: fortune
labels:
<key>: <value>
spec:
containers:
- image: luksa/fortune
name: html-genrator
imagePullPolicy: Never
volumeMounts:
- name: html
mountPath: /var/htdocs
- image: nginx:alpine
name: web-server
imagePullPolicy: Never
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
readOnly: true
ports:
- containerPort: 80
protocol: TCP
volumes:
- name: html
emptyDir: {}
|
nfs
准备一个目录
准备一个目录作为共享目录
编辑exports配置文件
/etc/nfs_data:指定共享的目录
192.168.64.0/24:配置共享的网络,0.0.0.0表示不限制网段
rw读写权限
async:异步写入
no_root_squash:访问时不降级root身份的权限
1
| /etc/nfs_data 192.168.64.0/24(rw,async,no_root_squash)
|
192.168.64.191:/etc/nfs_data:远端nfs路径
/etc/web_dir:客户端路径
1
| mount -t nfs 192.168.64.191:/etc/nfs_data /etc/web_dir
|
持久数据卷(持久卷)
创建持久卷
apec.capacity.storage:定义持久卷大小
apec.accessModes:持久卷的权限
ReadWriteOnce:只允许被一个客户端挂载为读写模式
ReadOnlyMany:可以被多个客户端挂载为只读模式
apec.persistentVolumeReclaimPolicy:持久卷声明被释放时的配置
Retain:持久卷声明被释放时,保留持久卷
apec.nfs:配置nfs数据卷
apec.nfs.path:远端数据卷的目录路径
apec.nfs.path:远端数据卷的访问路径
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apiVersion: v1
kind: PersistentVolume
metadata:
name: mongodb-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /etc/nfs_data
server: 192.168.64.191
|
持久卷声明
spec.resources.requests.store:申请存储空间大小
spec.accessModes:读写权限
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-pvc
spec:
resources:
requests:
storage: 1Gi
accessModes:
- ReadWriteOnce
storageClassName: ""
|
挂载持久数据卷声明
spec.volumes.name:定义持久卷名
spec.volumes.persistentVolumeClaim.claimName:引用持久卷声明名称
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| apiVersion: v1
kind: Pod
metadata:
name: mongodb
spec:
containers:
- image: mongo
name: mongodb
imagePullPolicy: Never
securityContext:
runAsUser: 0
volumeMounts:
- name: mongodb-data
mountPath: /data/db
ports:
- containerPort: 27017
protocol: TCP
volumes:
- name: mongodb-data
persistentVolumeClaim:
claimName: mongodb-pvc
|
覆盖docker启动命令和启动参数
spec.containers.command:覆盖ENTRYPOINT启动命令
spec.containers.args:覆盖CMD启动参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: v1
kind: Pod
metadata:
name: fortune
labels:
app: fortune
spec:
containers:
- image: luksa/fortune:args
args: ["2"]
name: html-genrator
imagePullPolicy: Never
volumeMounts:
- name: html
mountPath: /var/htdocs
ports:
- containerPort: 80
protocol: TCP
|
完成
参考文献
哔哩哔哩——云原生技术架构