容器編排系統之Kubectl工具的基礎使用

  前文咱們瞭解了k8s的架構和基本的工做過程以及測試環境的k8s集羣部署,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/14126750.html;今天咱們主要來了解下k8s命令行工具kubectl的基礎操做;html

  kubectl簡介node

  kubectl是k8s官方提供的工具,它是一款命令行工具,咱們可使用它來部署k8s集羣,管理k8s集羣上的資源;kubectl這個工具備不少子命令,每一個子命令都有不一樣的功能,好比建立資源咱們可使用create或apply子命令來實現;不一樣的是在k8s上建立資源的方式有兩種,一種是陳述式接口,一種是聲明式接口;所謂聲明式接口就是把咱們要建立的資源,經過寫成一個配置文件,而後使用apply子命令應用指定的配置文件的方式;陳述式接口是指咱們要在命令行告訴k8s怎麼去建立資源,好比建立pod控制器,使用什麼鏡像,副本數量等等;一般咱們使用create子命令來陳述建立一個資源;固然create子命令也能夠指定一個資源清單的方式來建立資源;二者不一樣的是apply能夠屢次執行,若是發現對應清單有變化就應用變化部分,沒變化就不該用;而create不能屢次執行;nginx

  kubectl工具使用的語法golang

kubectl [flags] [options]

  提示:flages是用來指定子命令,options是對應子命令的選項;web

  查看kubectl工具的使用幫助docker

[root@master01 ~]# kubectl --help
kubectl controls the Kubernetes cluster manager.

 Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/

Basic Commands (Beginner):
  create        Create a resource from a file or from stdin.
  expose        Take a replication controller, service, deployment or pod and expose it as a new
Kubernetes Service
  run           Run a particular image on the cluster
  set           Set specific features on objects

Basic Commands (Intermediate):
  explain       Documentation of resources
  get           Display one or many resources
  edit          Edit a resource on the server
  delete        Delete resources by filenames, stdin, resources and names, or by resources and label
selector

Deploy Commands:
  rollout       Manage the rollout of a resource
  scale         Set a new size for a Deployment, ReplicaSet or Replication Controller
  autoscale     Auto-scale a Deployment, ReplicaSet, or ReplicationController

Cluster Management Commands:
  certificate   Modify certificate resources.
  cluster-info  Display cluster info
  top           Display Resource (CPU/Memory/Storage) usage.
  cordon        Mark node as unschedulable
  uncordon      Mark node as schedulable
  drain         Drain node in preparation for maintenance
  taint         Update the taints on one or more nodes

Troubleshooting and Debugging Commands:
  describe      Show details of a specific resource or group of resources
  logs          Print the logs for a container in a pod
  attach        Attach to a running container
  exec          Execute a command in a container
  port-forward  Forward one or more local ports to a pod
  proxy         Run a proxy to the Kubernetes API server
  cp            Copy files and directories to and from containers.
  auth          Inspect authorization
  debug         Create debugging sessions for troubleshooting workloads and nodes

Advanced Commands:
  diff          Diff live version against would-be applied version
  apply         Apply a configuration to a resource by filename or stdin
  patch         Update field(s) of a resource
  replace       Replace a resource by filename or stdin
  wait          Experimental: Wait for a specific condition on one or many resources.
  kustomize     Build a kustomization target from a directory or a remote url.

Settings Commands:
  label         Update the labels on a resource
  annotate      Update the annotations on a resource
  completion    Output shell completion code for the specified shell (bash or zsh)

Other Commands:
  api-resources Print the supported API resources on the server
  api-versions  Print the supported API versions on the server, in the form of "group/version"
  config        Modify kubeconfig files
  plugin        Provides utilities for interacting with plugins.
  version       Print the client and server version information

Usage:
  kubectl [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]# 

  查看子命令幫助shell

[root@master01 ~]# kubectl create --help
Create a resource from a file or from stdin.

 JSON and YAML formats are accepted.

Examples:
  # Create a pod using the data in pod.json.
  kubectl create -f ./pod.json
  
  # Create a pod based on the JSON passed into stdin.
  cat pod.json | kubectl create -f -
  
  # Edit the data in docker-registry.yaml in JSON then create the resource using the edited data.
  kubectl create -f docker-registry.yaml --edit -o json

Available Commands:
  clusterrole         Create a ClusterRole.
  clusterrolebinding  Create a ClusterRoleBinding for a particular ClusterRole
  configmap           Create a configmap from a local file, directory or literal value
  cronjob             Create a cronjob with the specified name.
  deployment          Create a deployment with the specified name.
  ingress             Create an ingress with the specified name.
  job                 Create a job with the specified name.
  namespace           Create a namespace with the specified name
  poddisruptionbudget Create a pod disruption budget with the specified name.
  priorityclass       Create a priorityclass with the specified name.
  quota               Create a quota with the specified name.
  role                Create a role with single rule.
  rolebinding         Create a RoleBinding for a particular Role or ClusterRole
  secret              Create a secret using specified subcommand
  service             Create a service using specified subcommand.
  serviceaccount      Create a service account with the specified name

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
      --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
      --edit=false: Edit the API resource before creating
      --field-manager='kubectl-create': Name of the manager used to track field ownership.
  -f, --filename=[]: Filename, directory, or URL to files to use to create the resource
  -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f
or -R.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
      --raw='': Raw URI to POST to the server.  Uses the transport specified by the kubeconfig file.
      --record=false: Record current kubectl command in the resource annotation. If set to false, do
not record the command. If set to true, record the command. If not set, default to updating the
existing annotation value only if one already exists.
  -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you
want to manage related manifests organized within the same directory.
      --save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
  -l, --selector='': Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l
key1=value1,key2=value2)
      --template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http://golang.org/pkg/text/template/#pkg-overview].
      --validate=true: If true, use a schema to validate the input before sending it
      --windows-line-endings=false: Only relevant if --edit=true. Defaults to the line ending native
to your platform.

Usage:
  kubectl create -f FILENAME [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]# 

  提示:create是用來建立一個資源,在k8s上資源有不少類型,使用不一樣的子命令表示建立不一樣類型的資源,固然建立不一樣類型的資源對應的選項也有所不一樣;json

  查看建立控制器deploy的幫助windows

[root@master01 ~]# kubectl create deploy --help
Create a deployment with the specified name.

Aliases:
deployment, deploy

Examples:
  # Create a deployment named my-dep that runs the busybox image.
  kubectl create deployment my-dep --image=busybox
  
  # Create a deployment with command
  kubectl create deployment my-dep --image=busybox -- date
  
  # Create a deployment named my-dep that runs the nginx image with 3 replicas.
  kubectl create deployment my-dep --image=nginx --replicas=3
  
  # Create a deployment named my-dep that runs the busybox image and expose port 5701.
  kubectl create deployment my-dep --image=busybox --port=5701

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
      --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
      --field-manager='kubectl-create': Name of the manager used to track field ownership.
      --image=[]: Image names to run.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
      --port=-1: The port that this container exposes.
  -r, --replicas=1: Number of replicas to create. Default is 1.
      --save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
      --template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http://golang.org/pkg/text/template/#pkg-overview].
      --validate=true: If true, use a schema to validate the input before sending it

Usage:
  kubectl create deployment NAME --image=image -- [COMMAND] [args...] [options]

Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]# 

  提示:deploy是pod控制器,建立pod控制器須要指定對應控制器要使用那個鏡像來運行pod,其次要指定pod裏運行容器的副本數量,默認不指定就表示默認副本爲1;後端

  示例:建立一個nginx pod控制器,指定使用nginx:1.14-alpine鏡像來運行pod

[root@master01 ~]# kubectl create deploy ngx-dep --image=nginx:1.14-alpine 
deployment.apps/ngx-dep created
[root@master01 ~]# 

  查看pod建立狀況

[root@master01 ~]# kubectl get pod 
NAME                        READY   STATUS    RESTARTS   AGE
nginx-dep-8967df55d-j8zp7   1/1     Running   0          71m
ngx-dep-5c8d96d457-62qd6    1/1     Running   0          33s
[root@master01 ~]# 

  提示:在k8s上資源有兩種級別,第一種是集羣級別,第二種是名稱空間級別;所謂名稱空間就是把資源用邏輯的方式隔離的機制;在同一名稱空間資源的名稱不能相同;默認不指定名稱空間,都是default名稱空間;

  查看長格式pod信息

[root@master01 ~]# kubectl get pod -o wide
NAME                        READY   STATUS    RESTARTS   AGE     IP           NODE             NOMINATED NODE   READINESS GATES
nginx-dep-8967df55d-j8zp7   1/1     Running   0          74m     10.244.2.2   node02.k8s.org   <none>           <none>
ngx-dep-5c8d96d457-62qd6    1/1     Running   0          3m47s   10.244.1.2   node01.k8s.org   <none>           <none>
[root@master01 ~]# 

  提示:-o用於指定輸出格式,經常使用的有3個值,wide表示顯示長格式信息,這種現實方式可以列出對應資源運行在那個node上,ip地址是多少等等信息;yaml表示輸出yaml格式的,json表示輸出爲json配置文件的方式;

  建立名稱空間

[root@master01 ~]# kubectl create namespace testing
namespace/testing created
[root@master01 ~]# kubectl create namespace prod
namespace/prod created
[root@master01 ~]# kubectl create namespace develop
namespace/develop created
[root@master01 ~]# 

  查看名稱空間

[root@master01 ~]# kubectl get namespaces
NAME              STATUS   AGE
default           Active   132m
develop           Active   31s
kube-node-lease   Active   132m
kube-public       Active   132m
kube-system       Active   132m
prod              Active   41s
testing           Active   57s
[root@master01 ~]# 

  提示:在k8s中資源類型是有簡寫格式,好比namespace能夠簡寫爲ns,service能夠簡寫爲svc;

  刪除名稱空間

[root@master01 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   134m
develop           Active   2m1s
kube-node-lease   Active   134m
kube-public       Active   134m
kube-system       Active   134m
prod              Active   2m11s
testing           Active   2m27s
[root@master01 ~]# kubectl delete ns testing
namespace "testing" deleted
[root@master01 ~]# kubectl get ns           
NAME              STATUS   AGE
default           Active   134m
develop           Active   2m26s
kube-node-lease   Active   134m
kube-public       Active   134m
kube-system       Active   134m
prod              Active   2m36s
[root@master01 ~]# 

  提示:除了以上方式刪除資源,咱們也可使用資源類型/資源名稱的方式來指定資源;用空白字符隔開資源類型和名稱的方式只能一次刪除一個資源,而用斜線隔開的能夠一次刪除多個資源;

  刪除develop、prod名稱空間

[root@master01 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   136m
develop           Active   4m20s
kube-node-lease   Active   136m
kube-public       Active   136m
kube-system       Active   136m
prod              Active   4m30s
[root@master01 ~]# kubectl delete ns/develop ns/prod
namespace "develop" deleted
namespace "prod" deleted
[root@master01 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   137m
kube-node-lease   Active   137m
kube-public       Active   137m
kube-system       Active   137m
[root@master01 ~]# 

  刪除pod

[root@master01 ~]# kubectl get pod
NAME                        READY   STATUS    RESTARTS   AGE
nginx-dep-8967df55d-j8zp7   1/1     Running   0          85m
ngx-dep-5c8d96d457-62qd6    1/1     Running   0          14m
[root@master01 ~]# kubectl delete pod nginx-dep-8967df55d-j8zp7
pod "nginx-dep-8967df55d-j8zp7" deleted
[root@master01 ~]# kubectl get pod
NAME                        READY   STATUS    RESTARTS   AGE
nginx-dep-8967df55d-8fl27   1/1     Running   0          50s
ngx-dep-5c8d96d457-62qd6    1/1     Running   0          15m
[root@master01 ~]# 

  提示:能夠看到咱們刪除pod之後,再次查看,pod又從新建立起來了;其緣由是咱們使用pod控制器建立的pod它有自愈功能;咱們知道在k8s上控制器的 做用就是負責建立和監控對應資源狀態是否符合咱們定義的狀態,若是不符合它就會試着重啓或重建的方式讓其對應資源和咱們定義的資源狀態保持一致;上述命令咱們刪除了pod,但對應控制器發現對應pod被刪除了,它就會試着從新新建一個pod,讓其始終保持和咱們指望的狀態保持一致;

  查看deploy控制器

[root@master01 ~]# kubectl get deploy 
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
nginx-dep   1/1     1            1           94m
ngx-dep     1/1     1            1           23m
[root@master01 ~]# kubectl get deploy -o wide
NAME        READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES              SELECTOR
nginx-dep   1/1     1            1           94m   nginx        nginx:1.14-alpine   app=nginx-dep
ngx-dep     1/1     1            1           23m   nginx        nginx:1.14-alpine   app=ngx-dep
[root@master01 ~]# 

  刪除控制器

[root@master01 ~]# kubectl get deploy -o wide
NAME        READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES              SELECTOR
nginx-dep   1/1     1            1           95m   nginx        nginx:1.14-alpine   app=nginx-dep
ngx-dep     1/1     1            1           24m   nginx        nginx:1.14-alpine   app=ngx-dep
[root@master01 ~]# kubectl delete deploy nginx-dep
deployment.apps "nginx-dep" deleted
[root@master01 ~]# kubectl get deploy -o wide     
NAME      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES              SELECTOR
ngx-dep   1/1     1            1           24m   nginx        nginx:1.14-alpine   app=ngx-dep
[root@master01 ~]# kubectl get pod
NAME                       READY   STATUS    RESTARTS   AGE
ngx-dep-5c8d96d457-62qd6   1/1     Running   0          24m
[root@master01 ~]# 

  提示:刪除控制器它會連同控制器所建立的資源一併刪除;

  建立service

  在k8s中,service資源是用來訪問pod資源而存在的;咱們知道刪除一個pod資源後,因爲控制的緣由,它會從新建立一個pod,那麼新建的pod怎麼讓外部訪問到呢?若是直接訪問podip,那麼每次訪問咱們都須要查看對應的podip纔會訪問到對應的pod,很顯然這種不是咱們想要的方式;對於service資源來講,它能夠幫助咱們自動的關聯對應的pod,從而實現咱們只須要訪問對應service就能夠訪問到pod;一般service的ip地址不會怎麼改變,或者變動沒有pod變動的快,service的做用就是幫助咱們關聯對應名稱的pod,從而實現咱們訪問serviceip就能夠反代到對應的pod上;對於建立service來講,它有幾種類型;第一種clusterip,這種service可以實現訪問service的ip地址+pod監聽端口就能訪問到對應pod,能夠在k8s集羣任意節點訪問serviceip+podport從而訪問到對應pod;第二種是nodeport類型,這種service能夠實現把外部任何主機訪問節點k8s任何一個節點的ip地址+一個固定端口就能訪問到pod;

  示例:建立clusterip類型的service,並關聯ngx-dep控制器

[root@master01 ~]# kubectl create service clusterip ngx-dep --tcp=80
service/ngx-dep created
[root@master01 ~]#

  提示:關聯pod只須要將service的名稱和對應控制器的名稱寫成同樣便可;

  查看ngx-dep service詳細信息

[root@master01 ~]# kubectl describe svc/ngx-dep   
Name:              ngx-dep
Namespace:         default
Labels:            app=ngx-dep
Annotations:       <none>
Selector:          app=ngx-dep
Type:              ClusterIP
IP Families:       <none>
IP:                10.101.104.228
IPs:               10.101.104.228
Port:              80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.2:80
Session Affinity:  None
Events:            <none>
[root@master01 ~]# 

  提示:能夠看到ngx-dep service的ip地址爲10.101.104.228;對應關聯的後端pod的地址爲10.244.1.2:80

  訪問servcieip看看是否可以訪問到對應pod?

[root@master01 ~]# curl  10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]# 

  在node01上訪問serviceip看看是否可以訪問到對應pod呢?

[root@node01 ~]#  curl  10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@node01 ~]# 

  提示:這個service地址只能在k8s集羣節點上訪問,外部其餘主機不可以正常訪問到;

  測試:刪除pod,看看對應service中endpoint關聯的地址是否會變成對應pod的地址呢?

[root@master01 ~]# kubectl get pod -o wide
NAME                       READY   STATUS    RESTARTS   AGE   IP           NODE             NOMINATED NODE   READINESS GATES
ngx-dep-5c8d96d457-62qd6   1/1     Running   0          57m   10.244.1.2   node01.k8s.org   <none>           <none>
[root@master01 ~]# kubectl delete pod ngx-dep-5c8d96d457-62qd6
pod "ngx-dep-5c8d96d457-62qd6" deleted
[root@master01 ~]# kubectl get pod -o wide                    
NAME                       READY   STATUS    RESTARTS   AGE   IP           NODE             NOMINATED NODE   READINESS GATES
ngx-dep-5c8d96d457-w6nss   1/1     Running   0          19s   10.244.2.3   node02.k8s.org   <none>           <none>
[root@master01 ~]# kubectl describe svc/ngx-dep
Name:              ngx-dep
Namespace:         default
Labels:            app=ngx-dep
Annotations:       <none>
Selector:          app=ngx-dep
Type:              ClusterIP
IP Families:       <none>
IP:                10.101.104.228
IPs:               10.101.104.228
Port:              80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.2.3:80
Session Affinity:  None
Events:            <none>
[root@master01 ~]# 

  提示:能夠看到刪除了pod之後,新建的pod地址變爲了10.244.2.3,對應service中endpoint關聯的地址也變爲了對應pod的ip地址;

  訪問service看看是否可以訪問到pod呢?

[root@master01 ~]# kubectl describe svc/ngx-dep
Name:              ngx-dep
Namespace:         default
Labels:            app=ngx-dep
Annotations:       <none>
Selector:          app=ngx-dep
Type:              ClusterIP
IP Families:       <none>
IP:                10.101.104.228
IPs:               10.101.104.228
Port:              80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.2.3:80
Session Affinity:  None
Events:            <none>
[root@master01 ~]# 
[root@master01 ~]# curl  10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]# 

  提示:之因此咱們在k8s節點上訪問serviceip可以訪問到對應pod,緣由是咱們在建立service時,其實就是在k8s全部節點上生成iptables規則或ipvs規則;

  刪除service

[root@master01 ~]# kubectl delete svc/ngx-dep
service "ngx-dep" deleted
[root@master01 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   3h24m
[root@master01 ~]#

  建立nodeport類型的service

[root@master01 ~]#  kubectl create svc nodeport  ngx-dep --tcp=80
service/ngx-dep created
[root@master01 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        3h24m
ngx-dep      NodePort    10.107.14.221   <none>        80:30492/TCP   11s
[root@master01 ~]# kubectl describe svc/ngx-dep
Name:                     ngx-dep
Namespace:                default
Labels:                   app=ngx-dep
Annotations:              <none>
Selector:                 app=ngx-dep
Type:                     NodePort
IP Families:              <none>
IP:                       10.107.14.221
IPs:                      10.107.14.221
Port:                     80  80/TCP
TargetPort:               80/TCP
NodePort:                 80  30492/TCP
Endpoints:                10.244.2.3:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@master01 ~]# 

  提示:能夠看到如今建立nodeport類型的service後,對應port再也不是80:80而變成了80:30492,後面的30492這個端口不是pod端口,它是k8s集羣節點所監聽的一個固定端口;如今咱們直接訪問k8s集羣任意一個節點的30492端口,就能訪問到對應的pod;

[root@docker_registry ~]# curl 192.168.0.41:30492
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker_registry ~]# curl 192.168.0.44:30492
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker_registry ~]# 

  提示:能夠看到咱們用其餘主機訪問對應k8s任意節點的30492端口都能訪問到對應的pod;

  使用名稱訪問service

  我知道當k8s中的pod刪除之後,從新被建立之後可使用訪問serviceip地址來實現訪問對應pod,那麼問題來了,假如service被刪除又重建之後,咱們怎麼來訪問對應pod呢?使用serviceip咱們要先查看serviceip地址,很顯然這個問題又回到了pod刪除怎麼訪問對應pod;在k8s上除了運行的有幾個核心的pod之外,還有一個dns,名叫kube-dns,這個pod主要用來解析對應的名稱到對應服務ip,它能夠實現服務的動態註冊;所謂服務動態註冊是指在對應的服務發生之後,它可以及時的將變化結果反映到對應的解析記錄上,使得咱們訪問對應服務不被服務變得而受影響;

  查看kube-dns的地址

[root@master01 ~]# kubectl get svc -n kube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   3h45m
[root@master01 ~]# 

  修改maser端節點dns服務器爲kube-dns的地址

[root@master01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search k8s.org
nameserver 10.96.0.10
[root@master01 ~]# 

  訪問服務名稱看看是否可以訪問到對應服務呢?

[root@master01 ~]# curl ngx-dep          
curl: (6) Could not resolve host: ngx-dep; Unknown error
[root@master01 ~]# 

  提示:這裏顯示不能解析ngx-dep,緣由是本機的搜索域爲k8s.org;咱們在初始化master時沒有指定--service-dns-domain的值爲k8s.org,因此默認搜索域爲cluster.local;因此咱們訪問時須要指定絕對名稱

  使用徹底絕對名稱訪問服務

[root@master01 ~]# curl ngx-dep.default.svc.cluster.local.
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]# 

  提示:有了這個絕對的名稱之後,咱們在刪除有重建service就能夠直接使用名稱訪問服務便可;

  驗證:刪除ngx-dep服務,再從新建ngx-dep服務,看看使用名稱可以訪問到對應的服務?

[root@master01 ~]# kubectl get svc/ngx-dep
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
ngx-dep   NodePort   10.107.14.221   <none>        80:30492/TCP   33m
[root@master01 ~]# kubectl delete svc/ngx-dep
service "ngx-dep" deleted
[root@master01 ~]# kubectl create svc clusterip ngx-dep --tcp=80:80
service/ngx-dep created
[root@master01 ~]# kubectl get svc/ngx-dep                              
NAME      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
ngx-dep   ClusterIP   10.106.196.39   <none>        80/TCP    6s
[root@master01 ~]# curl ngx-dep.default.svc.cluster.local               
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]# 

  提示:能夠看到新建的ngx-dep和之前的服務ip地址不同,但咱們能夠經過訪問同一名稱訪問到對應的pod;

  pod動態擴展

  新建pod控制器

[root@master01 ~]# kubectl create deploy myapp-dep --image=ikubernetes/myapp:v1
deployment.apps/myapp-dep created
[root@master01 ~]# kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
myapp-dep-5bc4d8cc74-zcrwz   1/1     Running   0          10s
ngx-dep-5c8d96d457-w6nss     1/1     Running   0          60m
[root@master01 ~]# 

  新建myapp-dep服務

[root@master01 ~]# kubectl create svc clusterip myapp-dep --tcp=80:80
service/myapp-dep created
[root@master01 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP   4h3m
myapp-dep    ClusterIP   10.96.196.189   <none>        80/TCP    7s
ngx-dep      ClusterIP   10.106.196.39   <none>        80/TCP    5m16s
[root@master01 ~]# kubectl describe svc/myapp-dep
Name:              myapp-dep
Namespace:         default
Labels:            app=myapp-dep
Annotations:       <none>
Selector:          app=myapp-dep
Type:              ClusterIP
IP Families:       <none>
IP:                10.96.196.189
IPs:               10.96.196.189
Port:              80-80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.3:80
Session Affinity:  None
Events:            <none>
[root@master01 ~]# 

  擴展pod

[root@master01 ~]# kubectl get deploy 
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
myapp-dep   1/1     1            1           4m16s
ngx-dep     1/1     1            1           122m
[root@master01 ~]# kubectl scale --replicas=5 deploy/myapp-dep
deployment.apps/myapp-dep scaled
[root@master01 ~]# kubectl get pod
NAME                         READY   STATUS              RESTARTS   AGE
myapp-dep-5bc4d8cc74-fpfvj   1/1     Running             0          7s
myapp-dep-5bc4d8cc74-gqhh5   0/1     ContainerCreating   0          7s
myapp-dep-5bc4d8cc74-j827z   0/1     ContainerCreating   0          7s
myapp-dep-5bc4d8cc74-s5ftj   0/1     ContainerCreating   0          7s
myapp-dep-5bc4d8cc74-zcrwz   1/1     Running             0          5m17s
ngx-dep-5c8d96d457-w6nss     1/1     Running             0          65m
[root@master01 ~]#

  提示:能夠看到如今myapp-dep運行的pod變成了5個;

  縮減pod

[root@master01 ~]# kubectl scale --replicas=3 deploy/myapp-dep
deployment.apps/myapp-dep scaled
[root@master01 ~]# kubectl get pod -o wide
NAME                         READY   STATUS    RESTARTS   AGE     IP           NODE             NOMINATED NODE   READINESS GATES
myapp-dep-5bc4d8cc74-cvkbc   1/1     Running   0          76s     10.244.1.5   node01.k8s.org   <none>           <none>
myapp-dep-5bc4d8cc74-gmt7w   1/1     Running   0          76s     10.244.3.5   node03.k8s.org   <none>           <none>
myapp-dep-5bc4d8cc74-gqhh5   1/1     Running   0          6m54s   10.244.2.4   node02.k8s.org   <none>           <none>
ngx-dep-5c8d96d457-w6nss     1/1     Running   0          72m     10.244.2.3   node02.k8s.org   <none>           <none>
[root@master01 ~]# 

  提示:動態擴縮減pod數量只須要把對應的replicas數量進行修改便可;默認不指定就是爲1;

  如今再次查看service對應的endpoint地址是不是上述三個地址呢?

[root@master01 ~]# kubectl describe svc/myapp-dep
Name:              myapp-dep
Namespace:         default
Labels:            app=myapp-dep
Annotations:       <none>
Selector:          app=myapp-dep
Type:              ClusterIP
IP Families:       <none>
IP:                10.96.196.189
IPs:               10.96.196.189
Port:              80-80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.5:80,10.244.2.4:80,10.244.3.5:80
Session Affinity:  None
Events:            <none>
[root@master01 ~]# 

  提示:能夠看到對應service後端endpoint地址已經關聯到以上3個pod地址;這也意味着咱們訪問service,它會把咱們的請求調度到對應的pod上進行響應,具體會這麼調度呢?

  訪問myapp-dep服務

[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-cvkbc
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-cvkbc
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]# 

  提示:的確service可以調度請求,從上面訪問結果看,service調度是隨機調度,沒有什麼規律;

  以上就是k8s集羣環境中使用kubectl命令行工具來操做k8s上的名稱空間,控制器,服務相關演示和說明;從上面的演示能夠知道,在k8s上全部的操做都在master端進行,由於master端有證書,默認狀況k8s的aipserver會雙向認證,所謂雙向認證是指,不只客戶端要驗證服務端證書,同時服務端也要驗證客戶端證書;在k8s上的全部操做都要先和apiserver打交道;其次建立pod控制器,只要控制器不被刪除,裏面定義的pod它就會一直處於咱們指望的數量和狀態存在,即使咱們手動刪除pod它也會自動重建;對於service來講,在k8s上建立service,從本質上講就是建立iptables或ipvs規則;不一樣類型的service訪問途徑略有不一樣,clusterip類型的service只能在k8s節點上實現訪問,nodeport類型的service能夠實現從外部主機訪問k8s節點ip+對應建立service自動生成的固定端口就能夠訪問到對應服務;除此以外,在k8s上咱們能夠經過kubectl scale來對pod控制器作動態擴縮減pod數量;若是一個service後端對應多個pod時,service還能起到調度的做用;

相關文章
相關標籤/搜索