Kubernetes 學習5 kubernetes資源清單定義入門

1、kubernetes是有一個restful風格的 API，把各類操做對象都一概當作資源來管理。而且可經過標準的HTTP請求的方法 GET，PUT，DELETE，POST，等方法來完成操做，不過是經過相應的命令反饋在kubectl 之上，如kubectl run，get，edit，...。

2、k8s經常使用的資源實例化後咱們稱之爲對象。k8s相關的核心資源以下。

　　一、workload(工做負載型資源對象)：Pod，ReplicaSet，Deployment，StatefulSet，DaemonSet，Job,Cronjob...

　　二、Service，Ingress 服務發現和負載均衡有關 ....

　　三、Volume 配置與存儲。 如今的k8s版本還支持基於CSI，容器存儲接口來支持各類各樣的存儲卷。咱們還有另外兩種特殊類型的存儲卷。

　　　　a、ConfigMap ：用來當配置中心使用的資源

　　　　b、Secret：和ConfigMap 功能相同可是用來保存敏感數據。

　　　　c、DownwardAPI：把外部環境中的信息輸出給容器

　　四、集羣級的資源

　　　　a、Namespace，Node，Role(名稱空間級的資源),ClusterRole，RoleBinding，ClusterRoleBinding

　　五、元數據型資源

　　　　a、HPA

　　　　b、PodTemplate用於pod控制器建立pod時使用的模板。

　　　　c、LimitRange 定義資源限制

　　六、包括但不只限於上述資源

3、yaml詳解

　　一、將pod信息以yaml格式輸出

[root@k8smaster ~]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
myapp-848b5b879b-5k4s4        1/1       Running   0          22h
myapp-848b5b879b-bzblz        1/1       Running   0          22h
myapp-848b5b879b-hzbf5        1/1       Running   0          22h
nginx-deploy-5b595999-d9lv5   1/1       Running   0          1d
[root@k8smaster ~]# kubectl get pod myapp-848b5b879b-5k4s4 -o yaml  #以yaml格式輸出
apiVersion: v1 #定義對象屬於k8s哪個對應的api羣組的名稱和版本，給定api版本時由兩個部分組成，group/version，group若是省略，表示core定義（核心組，最根本的資源）
kind: Pod   #定義資源類別。用來指明這是每一種資源用來實例化成一個具體的資源對象時使用。
metadata:　　#元數據，內部嵌套不少二級字段和三級字段來定義
  creationTimestamp: 2019-05-09T09:10:00Z
  generateName: myapp-848b5b879b-
  labels:
    pod-template-hash: "4046164356"
    run: myapp
  name: myapp-848b5b879b-5k4s4
  namespace: default
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: myapp-848b5b879b
    uid: 8f3f5833-7232-11e9-be24-000c29d142be
  resourceVersion: "48605"
  selfLink: /api/v1/namespaces/default/pods/myapp-848b5b879b-5k4s4
  uid: 3977b5e7-723a-11e9-be24-000c29d142be
spec:  #specifications，規格。定義接下來須要建立的資源對象應該具備什麼樣的特性，應該知足什麼樣的規範。確保控制器可以被知足。
  containers:
  - image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    name: myapp
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-jvtl7
      readOnly: true
  dnsPolicy: ClusterFirst
  nodeName: k8snode2
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:  #容忍度，能容忍哪些污點
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-jvtl7
    secret:
      defaultMode: 420
      secretName: default-token-jvtl7
status: #顯示當前資源的當前的狀態，只讀，由系統維護，而spec由用戶定義。若是當前狀態和目標狀態不同，k8s就是爲了確保每個資源定義完之後其當前狀態無限向目標狀態靠近。從而能知足用戶指望。
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2019-05-08T15:36:44Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2019-05-08T15:36:46Z
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: 2019-05-09T09:10:00Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://0eccbcf513dc608277089bfe2a7b92e1639b1d63ec5d76212a65b30fffa78774
    image: ikubernetes/myapp:v1
    imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    lastState: {}
    name: myapp
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2019-05-08T15:36:45Z
  hostIP: 192.168.10.12
  phase: Running
  podIP: 10.244.2.14
  qosClass: BestEffort
  startTime: 2019-05-08T15:36:44Z

　　二、建立資源的方法

　　　　a、apiserver在定義資源時僅接收json格式的資源定義，所以，像咱們之前使用的run來建立deployment時，run命令會自動將給定的命令轉成json格式。

　　　　b、yaml格式提供配置清單，apiserver可自動將其轉爲json，然後再提交；

　　三、大部分資源的配置清單都由五個組成：

　　　　a、apiVersion（group/version）：用來指明咱們要建立的資源屬於哪一個資源羣組　及版本，k8s把整個api-server所支持的api有多少種分組來進行管理。分了組後，某一組中的改變咱們只須要改變一個組就好了，其它組不受影響能夠繼續使用，另外，還有一個功能，可讓一個組加版本號之後同一個羣組不一樣版本還可以並存。pod是最核心資源，因此其屬於核心羣組 v1，控制器deployment等屬於應用程序管理的核心資源，屬於apps/v1。咱們集羣通常會有三個版本，阿爾法（內測版），貝塔（公測版），stable（穩定版）。

[root@k8smaster ~]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

　　　　b、kind：資源類別

　　　　c、metadata：元數據，主要提供如下幾個字段

　　　　　　1）、name，在同一類別中資源name是惟一的。實例化出來的這個資源類別下的實例的名稱。

　　　　　　2）、namespace

　　　　　　3）、labels，每一種類型的資源均可以有標籤，標籤就是鍵值數據

　　　　　　4）、annotations，註釋

　　　　　　5）、ownerReferences

　　　　　　6）、resourceVersion

　　　　　　7）、uid，惟一標識，由系統自動生成。

　　　　　　8）、selfLink，自引用，就是在咱們api中這個資源的格式，好比

selfLink: /api/v1/namespaces/default/pods/myapp-848b5b879b-5k4s4 #在api下v1版本下namespaces爲default中名稱爲

myapp-848b5b879b-5k4s4的pod資源類型
　　　　　　　　所以每一個資源的引用PATH爲固定格式 /api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME

　　　　　　　　...

　　　　d、spec：spec可能會嵌套不少其它的二級或三級字段，不一樣的資源類型其spec中可嵌套的字段不盡相同。其定義用戶的指望狀態（disired state），資源被建立後狀態有可能會不符合條件，所以當前狀態會向指望狀態靠近。因爲有不少字段，所以k8s有內建的格式定義可用explain查看。

[root@k8smaster ~]# kubectl explain（解釋，註解） pod
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.

FIELDS:
   apiVersion    <string>#字符串
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

   kind    <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

   metadata    <Object>#對象，須要嵌套不少二級字段
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

   spec    <Object>
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

   status    <Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

　　　　　　還能夠作二級字段探究

[root@k8smaster ~]# kubectl explain pods.metadata
KIND:     Pod
VERSION:  v1

RESOURCE: metadata <Object>

DESCRIPTION:
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

     ObjectMeta is metadata that all persisted resources must have, which
     includes all objects users must create.

FIELDS:
   annotations    <map[string]string>
     Annotations is an unstructured key value map stored with a resource that
     may be set by external tools to store and retrieve arbitrary metadata. They
     are not queryable and should be preserved when modifying objects. More
     info: http://kubernetes.io/docs/user-guide/annotations

   clusterName    <string>
     The name of the cluster which the object belongs to. This is used to
     distinguish resources with same name and namespace in different clusters.
     This field is not set anywhere right now and apiserver is going to ignore
     it if set in create or update request.

...

　　　　e、status：當前狀態（current state），本字段由kubernetes集羣維護，用戶不能定義它也不能刪除它。

4、定義yaml文件

[root@k8smaster manifests]# pwd
/root/manifests
[root@k8smaster manifests]# ls
pod-demo.yaml
[root@k8smaster manifests]# cat pod-demo.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels: #也能夠在此處寫上{app:myapp,tier:frontend}代替下面兩行
    app: myapp
    tier: frontend
spec:
  containers: #是一個列表，具體定義方式以下
  - name: myapp
    image: ikubernetes/myapp:v1
  - name: busybox
    image: busybox:latest
    command: #也能夠寫成中括號形式，好比能夠在此處寫上["/bin/sh","-c","sleep 3600"]
    - "/bin/sh"
    - "-c"
    - "echo ${date} >> /usr/share/nginx/html/index.html;sleep 5"
[root@k8smaster manifests]# kubectl create -f pod-demo.yaml 
Error from server (AlreadyExists): error when creating "pod-demo.yaml": pods "pod-demo" already exists
[root@k8smaster manifests]# kubectl get pods -o wide
NAME                          READY     STATUS             RESTARTS   AGE       IP            NODE
myapp-848b5b879b-5k4s4        1/1       Running            0          3d        10.244.2.14   k8snode2
myapp-848b5b879b-bzblz        1/1       Running            0          3d        10.244.1.21   k8snode1
myapp-848b5b879b-hzbf5        1/1       Running            0          3d        10.244.1.22   k8snode1
nginx-deploy-5b595999-d9lv5   1/1       Running            0          3d        10.244.2.4    k8snode2
pod-demo                      1/2       CrashLoopBackOff   7          17m       10.244.2.15   k8snode2
[root@k8smaster manifests]# kubectl describe pod pod-demo
Name:               pod-demo
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               k8snode2/192.168.10.12
Start Time:         Thu, 09 May 2019 12:26:59 +0800
Labels:             app=myapp
                    tier=frontend
Annotations:        kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"myapp","tier":"frontend"},"name":"pod-demo
","namespace":"default"},"spec"...Status:             Running
IP:                 10.244.2.15
Containers:
  myapp:
    Container ID:   docker://b8e4c51d55ac57796b6f55499d119881ef522bcf43e673440bdf6bfe3cd81aa5
    Image:          ikubernetes/myapp:v1
    Image ID:       docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 09 May 2019 12:27:00 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro)
  busybox:
    Container ID:  docker://1d3d2c9ab4768c1d9a9dda875c772e9a3a5a489408ad965b09af4d28ee5d5092
    Image:         busybox:latest
    Image ID:      docker-pullable://busybox@sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      -c
      echo ${date} >> /usr/share/nginx/html/index.html;sleep 5
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Thu, 09 May 2019 12:44:14 +0800
      Finished:     Thu, 09 May 2019 12:44:19 +0800
    Ready:          False
    Restart Count:  8
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jvtl7 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-jvtl7:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jvtl7
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Pulled     4d                kubelet, k8snode2  Container image "ikubernetes/myapp:v1" already present on machine
  Normal   Created    4d                kubelet, k8snode2  Created container
  Normal   Started    4d                kubelet, k8snode2  Started container
  Normal   Pulling    4d (x4 over 4d)   kubelet, k8snode2  pulling image "busybox:latest"
  Normal   Pulled     4d (x4 over 4d)   kubelet, k8snode2  Successfully pulled image "busybox:latest"
  Normal   Created    4d (x4 over 4d)   kubelet, k8snode2  Created container
  Normal   Started    4d (x4 over 4d)   kubelet, k8snode2  Started container
  Warning  BackOff    4d (x63 over 4d)  kubelet, k8snode2  Back-off restarting failed container
  Normal   Scheduled  17m               default-scheduler  Successfully assigned default/pod-demo to k8snode2

　　　　　　查看日誌

[root@k8smaster manifests]# curl 10.244.2.15
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@k8smaster manifests]# kubectl logs pod-demo myapp
10.244.0.0 - - [09/May/2019:04:49:18 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"
[root@k8smaster manifests]# kubectl logs pod-demo busybox
/bin/sh: can't create /usr/share/nginx/html/index.html: nonexistent directory

　　　　　　改變容器busybox的啓動命令後啓動成功

[root@k8smaster manifests]# cat pod-demo.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels: #也能夠在此處寫上{app:myapp,tier:frontend}代替下面兩行
    app: myapp
    tier: frontend
spec:
  containers: #是一個列表，具體定義方式以下
  - name: myapp
    image: ikubernetes/myapp:v1
  - name: busybox
    image: busybox:latest
    command: #也能夠寫成中括號形式，好比能夠在此處寫上["/bin/sh","-c","sleep 3600"]
    - "/bin/sh"
    - "-c"
    - "sleep 3600"
[root@k8smaster manifests]# kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
myapp-848b5b879b-5k4s4        1/1       Running   0          3d
myapp-848b5b879b-bzblz        1/1       Running   0          3d
myapp-848b5b879b-hzbf5        1/1       Running   0          3d
nginx-deploy-5b595999-d9lv5   1/1       Running   0          3d
pod-demo                      2/2       Running   0          1m

　　　　　　進入到容器中

[root@k8smaster manifests]# kubectl exec -it pod-demo -c busybox /bin/sh
/ # ls
bin   dev   etc   home  proc  root  sys   tmp   usr   var
/ # 

 5、使用kubectl管理資源有三種用法

　　一、命令式用法

　　二、配置清單式用法 （命令式資源清單）

　　三、使用另外命令（聲明式資源清單），確保資源儘量的向咱們聲明的狀態改變並隨時應用。