kubernetes系列06—kubernetes资源清单定义
1、认识kubernetes资源
1.1 常用资源/对象
- workload工作负载型资源:pod,ReplicaSet,Deployment,StatefulSet,daemonset,job...
- 服务器发现及均衡:Service,Lngress...
- 配置与存储:volume,CSI
- configmap,secret
- downwardAPI
- 集群级资源
- namespace,node,role,clusterrole,rolebinding,clusterrolebinding
- 元数据型资源
- HPA,podtemplate,limitrange
1.2 创建资源的方法
- apiserver 仅接受JSON格式的资源定义;
- yaml格式提供配置清单,apiserver 可自动将其转为JSON格式,而后再提交;
1.3 大部分(主流)资源的配置清单:有5个一级字段组成
- apiserver:group/version
- 查询当前支持哪些apiserver:$ kubectl api-versions
- kind:资源类别
- metadata:元数据
- name:名称
- namespace:名称空间
- labels:标签
- annotation:资源注解
- selfLink:每个资源的引用PATH,/api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
- spec:期望的状态(disired state),期望资源应该用于什么特性
- status:当前状态(current state),本字段由kubernetes集群维护,用户不能自己定义
1.4 使用kubectl explain查询每个资源如何配置
(1)例如查询如何定义pod资源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@master ~] # kubectl explain pod KIND: Pod VERSION: v1 DESCRIPTION: Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. FIELDS: apiVersion <string> ... ... kind <string> ... ... metadata <Object> ... ... spec <Object> ... ... status <Object> ... ... |
(2)能一级一级进入查询;如查询定义pod 的metadata字段
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@master ~] # kubectl explain pod.spec KIND: Pod VERSION: v1 RESOURCE: spec <Object> DESCRIPTION: ... ... FIELDS: ... .. affinity <Object> ... ... [root@master ~] # kubectl explain pod.spec.containers KIND: Pod VERSION: v1 RESOURCE: containers <[]Object> DESCRIPTION: ... ... FIELDS: args <[]string> ... ... command <[]string> ... ... |
自己定义资源时,不清楚如何定义,可以进行快速的查询
1.5 示例
(1)查询集群中的pod(上篇创建的pod)
1
2
3
4
5
6
|
[root@master ~] # kubectl get pods NAME READY STATUS RESTARTS AGE client 1 /1 Running 0 4h myapp-848b5b879b-9slqg 1 /1 Running 0 46m myapp-848b5b879b-wtrjr 1 /1 Running 0 46m myapp-848b5b879b-z2sqc 1 /1 Running 0 46m |
(2)-o yaml输出为yaml格式,查看pod创建的操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@master ~] # kubectl get pod myapp-848b5b879b-9slqg -o yaml apiVersion: v1 #api版本 kind: Pod #资源类别 metadata: #元数据 annotations: cni.projectcalico.org /podIP : 10.244.1.60 /32 labels: pod-template- hash : "4046164356" run: myapp name: myapp-848b5b879b-9slqg namespace: default ... ... selfLink: /api/v1/namespaces/default/pods/myapp-848b5b879b-9slqg spec: #规格、规范;期望资源应该用于什么特性;期望目标状态 ... ... status: #当前状态 ... ... |
1.6 演示:基于yaml格式文件,创建pod
1
2
|
[root@master ~] # mkdir manifests [root@master ~] # cd manifests/ |
(1)编写pod-demo.yaml文件
创建2个容器,一个运行nginx;一个在busybox中执行sleep命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@master manifests] # vim pod-demo.yaml apiVersion: v1 kind: Pod metadata: name: pod-demo namespace: default #labels: {app:myapp, tier:frontend} #映射可以写为{}形式; labels: #也可以在下边分级写 app: myapp tier: frontend spec: containers: - name: myapp image: ikubernetes /myapp :v1 - name: busybox image: busybox:latest #command: ["/bin/sh","-c","sleep 3600"] #列表可以写为[]形式; command : #也可以在下边分级写,要加- - "/bin/sh" - "-c" - "sleep 3600" |
(2)基于pod-demo.yaml 文件创建create pod
1
2
|
[root@master manifests] # kubectl create -f pod-demo.yaml pod /pod-demo created |
(3)验证
① 查询创建pod的信息
1
2
3
4
5
6
7
8
9
10
|
[root@master manifests] # kubectl create -f pod-demo.yaml pod /pod-demo created [root@master manifests] # kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE pod-demo 2 /2 Running 0 1m 10.244.1.61 node1 ---查看详细信息 [root@master manifests] # kubectl describe pods pod-demo Name: pod-demo Namespace: default ... ... |
② 访问pod中的服务
1
2
3
4
5
|
[root@master manifests] # curl 10.244.1.61 Hello MyApp | Version: v1 | <a href= "hostname.html" >Pod Name< /a > ---查询pod产生的日志 [root@master manifests] # kubectl logs pod-demo myapp 192.168.130.104 - - [23 /Jan/2019 :05:35:35 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-" |
③ 基于yaml文件删除pod
1
2
3
4
|
[root@master manifests] # kubectl delete -f pod-demo.yaml pod "pod-demo" deleted [root@master manifests] # kubectl get pods No resources found. |
2、Pod资源
2.1 Pod资源常用选项
- metadata.label:标签
- key=value
- key:字母、数字、_、-、.
- value:可以为空,只能字母或数字开头及结尾,中间可使用字母、数字、_、-、.
- key=value
- metadata.annotations:资源注解
- spec.containers <[]object>
- - name:容器名称
- image:镜像
- imagePullPolicy:下载镜像规则,若镜像时latest标签,默认是Always;否则默认IfNotPresen
- Always总是镜像,Never不下载镜像,IfNotPresent本地有则不下载
- ports:从容器中公开的端口列表
- containerPort:Pod中服务的端口号
- hostIP:暴露绑定在主机哪个IP上
- hostPort:暴露在主机的端口号
- name:暴露这个端口的名称
- args:参数
- command:执行命令
- spec.nodeSelector:节点标签选择器
2.2 演示
(1)修改pod-demo.yaml文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@master manifests] # vim pod-demo.yaml apiVersion: v1 kind: Pod metadata: name: pod-demo namespace: default #labels: {app:myapp, tier:frontend} #映射可以写为{}形式; labels: #也可以在下边分级写 app: myapp tier: frontend annotations: along.com /created-by : "cluster admin" spec: containers: - name: myapp image: ikubernetes /myapp :v1 ports: - name: http containerPort: 80 - name: https containerPort: 443 - name: busybox image: busybox:latest imagePullPolicy: IfNotPresent #command: ["/bin/sh","-c","sleep 3600"] #列表可以写为[]形式; command : #也可以在下边分级写,要加- - "/bin/sh" - "-c" - "sleep 3600" nodeSelector: disktype: ssd |
(2)将node1节点打上disktype=ssd的标签
1
2
3
4
|
[root@master manifests] # kubectl label node node1 disktype=ssd [root@master manifests] # kubectl get nodes node1 --show-labels NAME STATUS ROLES AGE VERSION LABELS node1 Ready <none> 140d v1.11.2 beta.kubernetes.io /arch =amd64,beta.kubernetes.io /os =linux,disktype=ssd,kubernetes.io /hostname =node1 |
(3)基于yaml文件创建pod
1
2
|
[root@master manifests] # kubectl create -f pod-demo.yaml pod /pod-demo created |
(4)验证
1
2
3
4
5
6
7
8
|
--- pod只会创建到node1节点上,因为node1的disktype=ssd标签 [root@master manifests] # kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE pod-demo 2 /2 Running 0 11s 10.244.1.68 node1 --- -l 指定标签,实现标签过滤 [root@master manifests] # kubectl get pods --show-labels -l app NAME READY STATUS RESTARTS AGE LABELS pod-demo 2 /2 Running 0 30s app=myapp,tier=frontend |
3、Pod健康检测
3.1 pod健康检测介绍
- pod健康检测分为存活性探测、 就绪型探测;这在生产环境几乎是必须配置的;
- 如果没有就绪型探测;pod一启动就会被分配用户流量;若pod中的服务像tomcat等,需要时间启动;就会导致有一定时间,用户访问不到服务;
- 如果没有存活性探测:pod中服务一旦失败,没有检测,不会将容器重启关闭;也会导致用户访问服务失败。
3.2 pod健康检测选项
(1)在spec字段下、containers字段配置,可使用explain查看详细用法
$ kubectl explain pod.spec.containers.
- livenessProbe 存活性探测
- exec:指定检测的命令
- failureThreshold:连续失败次数被认为失败,默认为3,最小值为1
- httpGet:指定要执行的http请求
- initialDelaySeconds:在容器启动多少秒后再检测
- periodSeconds:每隔多少秒探测一次;默认为10秒。最低限度值是1
- successThreshold:连续成功次数认为服务正常
- tcpSocket:定涉及TCP端口的操作
- timeoutSeconds:探测超时的秒数,默认为1秒
- readinessProbe 就绪型探测(和livenessProbe 存活性探测选项一样)
(2)pod中容器挂了,是否重启pod
$ kubectl explain pod.spec.restartPolicy.
- Always:总是重启(默认)
- OnFailure:只有容器状态为错误时,才重启
- Never:绝不重启
3.3 演示:exec方式实现存活性探测
(1)编写yaml文件
当探测到/tmp/healthy文件不存在时,认为服务故障;
容器在30秒后执行删除/tmp/healthy文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@master manifests] # vim liveness-exec.yaml apiVersion: v1 kind: Pod metadata: name: liveness- exec -pod namespace: default spec: containers: - name: liveness- exec -container image: busybox:latest imagePullPolicy: IfNotPresent command : [ "/bin/sh" , "-c" , "touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600" ] livenessProbe: exec : command : [ "test" , "-e" , "/tmp/healthy" ] initialDelaySeconds: 1 #在容器启动后1秒开始检测 periodSeconds: 3 #每隔3秒探测一次 restartPolicy: Always #总是重启pod |
(2)创建运行pod
1
2
3
4
5
|
[root@master manifests] # kubectl create -f liveness-exec.yaml pod /liveness-exec-pod created [root@master manifests] # kubectl get pods NAME READY STATUS RESTARTS AGE liveness- exec -pod 1 /1 Running 0 6s |
(3)等30s,容器就会检测失败,重启pod;使用describe可以查看详细信息
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@master manifests] # kubectl describe pods liveness-exec-pod ... ... State: Running Started: Wed, 23 Jan 2019 16:58:09 +0800 Last State: Terminated #上次状态为终止 Reason: Error Exit Code: 137 Started: Wed, 23 Jan 2019 16:57:01 +0800 Finished: Wed, 23 Jan 2019 16:58:09 +0800 Ready: True Restart Count: 1 #重启次数1次 Liveness: exec [ test -e /tmp/healthy ] delay=1s timeout=1s period=3s #success=1 #failure=3 ... ... |
3.4 演示:httpget方式实现存活性探测
(1)编写yaml文件,创建并运行pod
当探测不到容器内80端口,和提供80端口的/index.html文件时,认为服务故障;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
[root@master manifests] # vim liveness-httpget.yaml apiVersion: v1 kind: Pod metadata: name: liveness-httpget-pod namespace: default spec: containers: - name: liveness- exec -container image: ikubernetes /myapp :v1 ports: - name: http containerPort: 80 livenessProbe: httpGet: port: http path: /index .html initialDelaySeconds: 1 periodSeconds: 3 restartPolicy: Always [root@master manifests] # kubectl create -f liveness-httpget.yaml pod /liveness-httpget-pod created |
(2)手动连入容器,删除index.html文件
1
2
|
[root@master manifests] # kubectl exec -it liveness-httpget-pod -- /bin/sh / # rm -f /usr/share/nginx/html/index.html |
(3)容器会检测失败,重启pod;使用describe可以查看详细信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@master manifests] # kubectl describe pods liveness-httpget-pod ... ... Port: 80 /TCP Host Port: 0 /TCP State: Running Started: Wed, 23 Jan 2019 17:10:03 +0800 Last State: Terminated #上次状态为终止 Reason: Completed Exit Code: 0 Started: Wed, 23 Jan 2019 17:08:22 +0800 Finished: Wed, 23 Jan 2019 17:10:03 +0800 Ready: True Restart Count: 1 #重启次数1次 Liveness: http-get http: // :http /index .html delay=1s timeout=1s period=3s #success=1 #failure=3 ... ... |
3.5 演示:exec方式实现就绪性探测
(1)编写yaml文件,创建启动容器
当探测到/tmp/healthy文件不存在时,就认为服务就绪不成功;pod启动失败;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@master manifests] # vim readiness-exec.yaml apiVersion: v1 kind: Pod metadata: name: readiness- exec -pod namespace: default spec: containers: - name: readiness- exec -container image: busybox:latest imagePullPolicy: IfNotPresent #command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 3600"] command : [ "sleep 3600" ] readinessProbe: exec : command : [ "test" , "-e" , "/tmp/healthy" ] periodSeconds: 3 restartPolicy: Always [root@master manifests] # kubectl create -f readiness-exec.yaml pod /readiness-exec-pod created |
(2)查看,pod启动就绪失败
1
2
3
|
[root@master ~] # kubectl get pods NAME READY STATUS RESTARTS AGE readiness- exec -pod 0 /1 RunContainerError 1 12s |
4、Pod启动前/后钩子
4.1 介绍
- pod在启动前后都可以设置钩子hook;在spec.containers.lifecycle字段下设置;
- postStart:创建容器后立即调用PostStart操作;如果失败,根据重启策略终止;
- preStop:在容器终止之前立即调用PreStop操作,该容器在处理程序完成后终止
4.2 语法
$ kubectl explain pod.spec.containers.lifecycle
- postStart
- exec:指定了要采取的命令;
- httpGet:指定要执行的http请求;
- tcpSocket:指定涉及TCP端口的操作
- preStop (和postStart命令一样)
4.3 演示:使用exec设置pod启动前钩子
(1)编写yaml文件,创建启动容器
启动容器前,先创建准备一个httpd服务的主页面文件/tmp/index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@master manifests] # vim poststart-pod.yaml apiVersion: v1 kind: Pod metadata: name: poststart-pod namespace: default spec: containers: - name: poststart-container image: busybox:latest imagePullPolicy: IfNotPresent lifecycle: postStart: exec : command : [ '/bin/sh' , '-c' , 'echo hello > /tmp/index.html' ] command : [ '/bin/sh' , '-c' , '/bin/httpd -f -h /tmp' ] [root@master manifests] # kubectl create -f poststart-pod.yaml pod /poststart-pod created |
(2)验证,访问服务
1
2
3
4
5
|
[root@master ~] # kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE poststart-pod 1 /1 Running 0 26s 10.244.2.69 node2 [root@master ~] # curl 10.244.2.69 hello |