Kubernetes 學習總結(3) Manifests
APIserver符合RESTful風格,支持GET/PUT/DELETE/POST等各類操做。因此也支持kubectl經過一系列命令對各處資源進行管理控制。
經常使用的資源
1)、workLoad(工做負載型資源,運行APP,對外提供服務): Pod/ReplicaSet/Deployment/ StatefulSet/ DaemonSet/ Job/ Cronjob /
2)、service discovery and Load Balance(服務發現及均衡型資源):Service/ Ingress
3)、configuration and storage(配置與存儲類型資源) :Volume,CSI(容器存儲接口,擴展第三方的存儲)
ConfigMap,Secret(特殊的配置類型資源)
Downward API(配置類型資源)
4)、集羣級資源(配置在名稱空間級別): namespace, node, role, clusterRole, roleBinding, clusterRoleBinding
5)、元數據類型資源:HPA、PodTemplate、limitRange(讀取權限)html
1、配置清單(configuration mainfest)
kubectl 一般經過ymal格式的配置清單對資源進行管理控制。APIserver僅處理Json格式定義的資源定義。ymal格式的配置清單由APIserver自動將其轉爲json格式,然後再提交處理。
[root@docker79 ~]# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-deploy 2 2 2 2 1d
[root@docker79 ~]# kubectl get deployment nginx-deploy -o yaml (查看nginx-deploy的配置清單)
配置清單主格式以下
apiVersion: group/version (若是group省略表示core組)
kind: Pod (資源類型)
metadata: 元數據
spec: 指望狀態 disired state
status: 當前狀態, current state ,本字段由kubernetes 集羣維護;node
[root@docker79 ~]# kubectl api-versions (查看默認支持的group與version)linux
admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 apps/v1beta1 apps/v1beta2 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 batch/v1 batch/v1beta1 certificates.k8s.io/v1beta1 events.k8s.io/v1beta1 extensions/v1beta1 networking.k8s.io/v1 policy/v1beta1 rbac.authorization.k8s.io/v1 rbac.authorization.k8s.io/v1beta1 scheduling.k8s.io/v1beta1 storage.k8s.io/v1 storage.k8s.io/v1beta1 v1
[root@docker79 ~]#nginx
kubectl explain
kubectl explain Resource_Kind[.Subitem...] 查看相關resource 在定義配置清單時的幫助信息。在幫助信息中常見格式以下:
apiVersion <string> 表示字符串類型
metadata <Object> 表示須要嵌套多層字段
labels <map[string]string> 表示由k:v組成的映射
finalizers <[]string> 表示字串列表
ownerReferences <[]Object> 表示對象列表docker
資源清單 例1:
[root@docker79 ~]# mkdir manifests
[root@docker79 ~]# cd manifests/
[root@docker79 manifests]# vim pod-demo.yaml
[root@docker79 manifests]# cat pod-demo.yamljson
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: nginx
tier: frontend
spec:
containers:
- name: nginx
image: nginx:1-alpine
- name: busybox
image: busybox:latest
command:
- "/bin/sh"
- "-c"
- "sleep 3600"
[root@docker79 manifests]# kubectl create -f pod-demo.yaml
pod/pod-demo created
[root@docker79 manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-demo 2/2 Running 0 8s
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 2/2 Running 0 17s 10.244.1.9 docker78 <none>
[root@docker79 manifests]#
[root@docker79 manifests]# kubectl logs pod-demo busybox
[root@docker79 manifests]# kubectl logs pod-demo nginx
[root@docker79 manifests]# kubectl exec -it pod-demo -c busybox -- /bin/sh
/ # netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
/ # exit
[root@docker79 manifests]# kubectl delete -f pod-demo.yaml
pod "pod-demo" deleted
[root@docker79 manifests]#vim
再次修改資源清單,例2:
[root@docker79 manifests]# vim pod-demo.yaml
[root@docker79 manifests]# cat pod-demo.yamlapi
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: nginx
tier: frontend
spec:
containers:
- name: nginx
image: nginx:1-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: http
- name: https
containerPort: 443
[root@docker79 manifests]# kubectl apply -f pod-demo.yaml
pod/pod-demo created
[root@docker79 manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-demo 1/1 Running 0 6s
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 1/1 Running 0 14s 10.244.1.10 docker78 <none>
[root@docker79 manifests]#
說明:imagePullPolicy: <string> 有三個值,分別是 Always ,Never,IfNotPresent (若是標籤是latest,默認策略爲Always) ,一項建立本項不能更新。
ports 選項可參考:kubectl explain pod.spec.containers.portsapp
2、Labels、Selector及 Annotation
Lables 是 key=value 格式的鍵值對兒。key最大長度 63字符,只能以字母或數字開頭,由字母、數字、-、_、. 組成。value 最大長度 63字符,能夠爲空。標籤支持前綴,但不能超出253字符(通常都是name或FQDN)
[root@docker79 manifests]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-demo 1/1 Running 0 14m app=nginx,tier=frontend
[root@docker79 manifests]# kubectl get pods -L app
NAME READY STATUS RESTARTS AGE APP
pod-demo 1/1 Running 0 15m nginx
[root@docker79 manifests]# kubectl get pods -l app --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-demo 1/1 Running 0 15m app=nginx,tier=frontend
[root@docker79 manifests]# kubectl label pods pod-demo release=canary 手工打標籤
pod/pod-demo labeled
[root@docker79 manifests]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-demo 1/1 Running 0 24m app=nginx,release=canary,tier=frontend
[root@docker79 manifests]# kubectl label pods pod-demo release=canary2 --overwrite
pod/pod-demo labeled
[root@docker79 manifests]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
pod-demo 1/1 Running 0 25m app=nginx,release=canary2,tier=frontend
[root@docker79 manifests]#frontend
Selector標籤選擇器
支持兩類:一、等值關係的標籤選擇器 ; 二、集合關係的標籤選擇器。
等值關係: = , == , !=
集合關係: in , notin
[root@docker79 manifests]# kubectl get pods -l "release in (canary,beta,alpha)"
NAME READY STATUS RESTARTS AGE
pod-demo 1/1 Running 0 28m
[root@docker79 manifests]#
標籤選擇器關聯其它資源(如pod控制器和service) 。使用如下兩個字段進行關聯:
matchLabels: 直接給定鍵值
matchExpressions: 基於給定的表達式來定義使用標籤選擇器 ,定義格式如 { key: "KEY", operator: "OPERATER", value: [ VAL1, VAL2, …]}
操做符: In , NotIn (values字段的值必須爲非空列表) Exists , NotExists(values字段的值必須爲空列表)
節點標籤選擇器
nodeSelector <map[string]string>
例:
[root@docker79 manifests]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
docker77 Ready <none> 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=docker77
docker78 Ready <none> 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=docker78
docker79 Ready master 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=docker79,node-role.kubernetes.io/master=
[root@docker79 manifests]#
[root@docker79 manifests]# kubectl label node docker77 diskType=ssd
node/docker77 labeled
[root@docker79 manifests]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
docker77 Ready <none> 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,diskType=ssd,kubernetes.io/hostname=docker77
docker78 Ready <none> 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=docker78
docker79 Ready master 2d v1.11.2 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=docker79,node-role.kubernetes.io/master=
[root@docker79 manifests]#
[root@docker79 manifests]# kubectl delete -f pod-demo.yaml
pod "pod-demo" deleted
[root@docker79 manifests]# vim pod-demo.yaml
[root@docker79 manifests]# cat pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: nginx
tier: frontend
spec:
containers:
- name: nginx
image: nginx:1-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: http
- name: https
containerPort: 443
nodeSelector:
diskType: ssd
[root@docker79 manifests]#
[root@docker79 manifests]# kubectl apply -f pod-demo.yaml
pod/pod-demo created
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 0/1 ContainerCreating 0 17s <none> docker77 <none>
[root@docker79 manifests]#
annotations (資源註解)
與label不一樣之處在於: 它不能用於挑選資源對象,僅用於爲對象提供「元數據」。
例:
[root@docker79 manifests]# kubectl delete -f pod-demo.yaml
pod "pod-demo" deleted
[root@docker79 manifests]# vim pod-demo.yaml
[root@docker79 manifests]# cat pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: nginx
tier: frontend
annotations:
inspiry.cn/author: "cluster admin"
spec:
containers:
- name: nginx
image: nginx:1-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: http
- name: https
containerPort: 443
nodeSelector:
diskType: ssd
[root@docker79 manifests]# kubectl apply -f pod-demo.yaml
pod/pod-demo created
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 1/1 Running 0 13s 10.244.2.9 docker77 <none>
[root@docker79 manifests]# kubectl describe pod pod-demo
Name: pod-demo
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: docker77/192.168.20.77
Start Time: Wed, 26 Sep 2018 16:25:44 +0800
Labels: app=nginx
tier=frontend
Annotations: inspiry.cn/author=cluster admin
......
3、pod生命週期
狀態: Pending , Running ,Failed, Successded , Unknown
Pod生命週期中的重要行爲:
1) 初始化container
2) container探測:liveness probe(存活探測) 和 readiness probe (就緒探測)
以上兩種探測使用的探針類型有:ExeAction、TCPSocketAction、HTTPGetAction
探針探測時的經常使用選項以下:
failureThreshold 探測多少次宣告失敗,默認3次
periodSeconds 每次間隔時長,默認10s
timeoutSeconds 每次的超時時長,默認1s
initialDelaySeconds 初始延時的時長,默認當即探測
探測結果的重啓策略restartPolicy 有如下三種值:
Always: 一旦故障,當即重啓
Never: 不重啓
OnFailure: 只有出現 failure狀態時才重啓
3) 啓動後勾子和停止前勾子 lifecycle
kubectl explain pods.spec.containers.lifecycle.postStart
kubectl explain pods.spec.containers.lifecycle.preStop
例1-liveness:
[root@docker79 manifests]# vim liveness-exec.yaml
[root@docker79 manifests]# cat liveness-exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600" ]
livenessProbe:
exec:
command: ["test", "-e" , "/tmp/health"]
initialDelaySeconds: 1
periodSeconds: 3
restartPolicy: Never
[root@docker79 manifests]# kubectl apply -f liveness-exec.yaml
pod/liveness-exec-pod created
[root@docker79 manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
liveness-exec-pod 1/1 Running 0 6s
pod-demo 1/1 Running 0 18m
[root@docker79 manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
liveness-exec-pod 0/1 Error 0 51s
pod-demo 1/1 Running 0 19m
[root@docker79 manifests]#
說明:container啓動以後在30s以內 成功探測/tmp/health 文件存在,因此container status處於running狀態;但30s以後/tmp/health文件被rm,致使探測/tmp/health文件不存在,因此container status處於Eroor 。
例2-liveness:
[root@docker79 manifests]# vim liveness-httpsocket.yaml
[root@docker79 manifests]# cat liveness-httpsocket.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: nginx:1-alpine
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
[root@docker79 manifests]# kubectl apply -f liveness-httpsocket.yaml
pod/liveness-httpget-pod created
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
liveness-httpget-pod 1/1 Running 0 8s 10.244.1.13 docker78 <none>
pod-demo 1/1 Running 0 2h 10.244.2.9 docker77 <none>
[root@docker79 manifests]#
[root@docker79 manifests]# kubectl exec -it liveness-httpget-pod -- /bin/sh
/ # ls /usr/share/nginx/html/
50x.html index.html
/ # rm /usr/share/nginx/html/index.html -f
/ # exit
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
liveness-httpget-pod 1/1 Running 1 2m 10.244.1.13 docker78 <none>
pod-demo 1/1 Running 0 2h 10.244.2.9 docker77 <none>
[root@docker79 manifests]#
說明:當httpGetAction探針探測到沒法訪問 /index.html 時,當即執行restartPolicy重啓策略,該策略默認值always,因此能夠看到 pod 的 restarts 爲1.
例3-readiness:
[root@docker79 manifests]# vim readiness-httpget.yaml
[root@docker79 manifests]# cat readiness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: nginx:1-alpine
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
[root@docker79 manifests]# kubectl apply -f readiness-httpget.yaml
pod/readiness-httpget-pod created
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 1/1 Running 0 3h 10.244.2.9 docker77 <none>
readiness-httpget-pod 1/1 Running 0 9s 10.244.1.14 docker78 <none>
[root@docker79 manifests]# kubectl exec -it readiness-httpget-pod -- /bin/sh
/ # rm -f /usr/share/nginx/html/index.html
/ #
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 1/1 Running 0 3h 10.244.2.9 docker77 <none>
readiness-httpget-pod 0/1 Running 0 1m 10.244.1.14 docker78 <none>
[root@docker79 manifests]# kubectl exec -it readiness-httpget-pod -- /bin/sh
/ # echo readiness > /usr/share/nginx/html/index.html
/ # [root@docker79 manifests]#
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-demo 1/1 Running 0 3h 10.244.2.9 docker77 <none>
readiness-httpget-pod 1/1 Running 0 2m 10.244.1.14 docker78 <none>
[root@docker79 manifests]#
說明:就緒探測與service 調度有緊密關聯,只有就緒的pod才能被調度。例3中當刪除/usr/share/nginx/html/index.html以後,探針沒法獲取/index.html,因此pod的READY狀態處於0/1狀態;當再次建立/usr/share/nginx/html/index.html以後,探針有效探測到/index.html以後,pod的READY狀態處於1/1狀態。
例4-lifecycle:
[root@docker79 manifests]# vim lifecycle-poststart.yaml
[root@docker79 manifests]# cat lifecycle-poststart.yaml
apiVersion: v1
kind: Pod
metadata:
name: lifecycle-poststart-pod
namespace: default
spec:
containers:
- name: lifecycle-poststart-container
image: busybox:latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["mkdir","-p","/var/www/inspiry"]
command: ["/bin/sh","-c","sleep 60; /bin/httpd -f -h /var/www/inspiry"]
[root@docker79 manifests]# kubectl apply -f lifecycle-poststart.yaml
pod/lifecycle-poststart-pod created
[root@docker79 manifests]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
lifecycle-poststart-pod 1/1 Running 0 9s 10.244.1.15 docker78 <none>
[root@docker79 manifests]# kubectl exec -it lifecycle-poststart-pod -- /bin/sh
/ # ls /var/www/
inspiry
/ # netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 1/httpd
/ # exit
[root@docker79 manifests]#
說明:例4中使用lifecycle.postStart.exec 表示pod中container啓動後執行的命令.
- 1. Kubernetes 學習總結(4) Controller
- 2. Kubernetes 學習總結(1) Synopsis
- 3. Kubernetes 學習總結(12) scheduler
- 4. 深度學習總結3
- 5. javaweb學習總結(3)
- 6. Kotlin學習總結3
- 7. Excel學習總結3
- 8. kubernetes學習總結-3網絡通訊模式
- 9. kubernetes學習總結-1架構
- 10. kubernetes學習總結-2Pod控制器
- 更多相關文章...
- • XML 總結 下一步學習什麼呢? - XML 教程
- • 您已經學習了 XML Schema,下一步學習什麼呢? - XML Schema 教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • 適用於PHP初學者的學習線路和建議
-
每一个你不满意的现在,都有一个你没有努力的曾经。