zoukankan      html  css  js  c++  java
  • Kubernetes进阶实战读书笔记:资源管理基础(一)

    一、资源对象及API群组

    1、表征状态转移

    基本元素为资源:resource

    资源即对象、一个资源通常意味着一个附带类型和关联数据、支持的操作方法以及与其他对象的关系的对象、他们是有状态的事物、即rest中的S(state)

    表征:representation

    REST组件通过使用表征来捕获资源的当前逾期状态并在组件之间传输改表征从而对资源执行操作、表征是一个字节序列、由数据、描述数据的元数据以及偶尔描述元数据组成、表征的数据格式为媒体类型
    常用的有JSON或XML.API客户端不能直接访问资源、他们需要执行动作来改变资源的状态

    行为:action

    2、资源分类

    kubernetes将一切事物都抽象为API资源、资源可以分组为集合,每个集合只包含单一类型的资源、集合、资源、子集及资源间的关系如下图所示

    二、Kubernetes资源对象

    1、常用资源对象

    2、工作负载型资源

     daemonset

    3、发现和负责均衡

    4、配置存储:volume

    5、集群级资源

    6、元数据型资源

    三、资源在API中的组织形式

    1、资源在API中的组织形式

    2、资源类型

    3、种类(kind)

    4、集合(collecton)

    5、资源或对象

    四、访问Kubernetes REST API

    接助命令在本地主机上为API Server启动一个代理网关、由它支持使用HTTP进行通讯、其工作逻辑如下图所示

    例如、本地127.0.0.1的8080端口上启动API Server的一个代理网关

    [root@master ~]# kubectl proxy --port=8080
    Starting to serve on 127.0.0.1:8080
    

    1、列出集群上所有的Namespaces对象

    [root@master ~]# curl localhost:8080/api/v1/namespaces
    {
      "kind": "NamespaceList",
      "apiVersion": "v1",
      "metadata": {
        "selfLink": "/api/v1/namespaces",
        "resourceVersion": "329417"
        ......

    2、安装JSON的命令行处理器jq命令

    安装EPEL源:
    yum install epel-release -y
    
    安装jq:
    yum install jq -y

    3、仅显示相关的NamespacesList对象中的各成员对象

    [root@master ~]# curl -s localhost:8080/api/v1/namespaces/ | jq .items[].metadata.name
    "default"
    "ingress-nginx"
    "kube-node-lease"
    "kube-public"
    "kube-system"
    "weave"

    4、给出特定的Namespaces资源对象的名称则能够直接获取相应的资源信息以kube-system名称空间为例

    [root@master ~]# curl -s localhost:8080/api/v1/namespaces/kube-system
    {
      "kind": "Namespace",
      "apiVersion": "v1",
      "metadata": {
        "name": "kube-system",
        "selfLink": "/api/v1/namespaces/kube-system",
        "uid": "1e69045d-bfea-4292-b4e8-1fbaaefaae22",
        "resourceVersion": "14",
        "creationTimestamp": "2020-08-03T15:20:46Z",
        "managedFields": [
          {
            "manager": "kube-apiserver",
            "operation": "Update",
            "apiVersion": "v1",
            "time": "2020-08-03T15:20:46Z",
            "fieldsType": "FieldsV1",
            "fieldsV1": {"f:status":{"f:phase":{}}}
          }
        ]
      },
      "spec": {
        "finalizers": [
          "kubernetes"
        ]
      },
      "status": {
        "phase": "Active"
      }
    

    五、资源配置清单

     1、资源配置清单:namespaces kube-system

    [root@master ~]# kubectl get namespaces kube-system -o yaml
    apiVersion: v1
    kind: Namespace
    metadata:
      creationTimestamp: "2020-08-03T15:20:46Z"
      managedFields:
      - apiVersion: v1
        fieldsType: FieldsV1
        fieldsV1:
          f:status:
            f:phase: {}
        manager: kube-apiserver
        operation: Update
        time: "2020-08-03T15:20:46Z"
      name: kube-system
      resourceVersion: "14"
      selfLink: /api/v1/namespaces/kube-system
      uid: 1e69045d-bfea-4292-b4e8-1fbaaefaae22
    spec:
      finalizers:
      - kubernetes
    status:
      phase: Active
    

    除了极少数资源之外、Kubernetes系统上的绝大多数资源都是由其使用者所创建的、创建时、需要以上述输出结果中类似的方式以YAML或JSON序列化方案定义资源的相关配置数据

    即用户期望的目标状态、而后再由Kubernetes的底层组件确保活动对象的运行时状态与用户提供的配置清单中定义的状态无限接近

     2、资源配置清单:deployments.apps myapp-deploy

    [root@master chapter5]# kubectl get deployments.apps myapp-deploy -o yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      annotations:
      ......
       name: myapp-deploy
      namespace: default
      resourceVersion: "361135"
      selfLink: /apis/apps/v1/namespaces/default/deployments/myapp-deploy
      uid: 74ac89a8-0f06-43a4-81bc-c39fddbde74d
    spec:
      progressDeadlineSeconds: 600
      replicas: 3
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          app: myapp
    .......
    status:
      availableReplicas: 3
      conditions:
    .......

    事实上、对几乎所有的资源来说apiVersion、kind、metadata字段的功能基本上都是相同的、但spec则用于资源的期望状态、而status字段则用于记录活动对象的当前状态

    六、对象资源格式

    1、所有一级字段

    2、metadata嵌套字段

    必选字段

    可选字段

    3、spec字段

    七、资源配置清单格式文档

    1、了解一级字段

    [root@master ~]# kubectl explain pods
    KIND:     Pod
    VERSION:  v1
    
    DESCRIPTION:
         Pod is a collection of containers that can run on a host. This resource is
         created by clients and scheduled onto hosts.
    
    FIELDS:
       apiVersion	<string>
         APIVersion defines the versioned schema of this representation of an
         object. Servers should convert recognized schemas to the latest internal
         value, and may reject unrecognized values. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
    
       kind	<string>
         Kind is a string value representing the REST resource this object
         represents. Servers may infer this from the endpoint the client submits
         requests to. Cannot be updated. In CamelCase. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    
       metadata	<Object>
         Standard object's metadata. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
    
       spec	<Object>
         Specification of the desired behavior of the pod. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
    
       status	<Object>
         Most recently observed status of the pod. This data may not be up to date.
         Populated by the system. Read-only. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

    2、了解二级字段

    kubectl explain pods.spec

    [root@master ~]# kubectl explain pods.spec
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: spec <Object>
    
    DESCRIPTION:
         Specification of the desired behavior of the pod. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
    
         PodSpec is a description of a pod.
    
    FIELDS:
       activeDeadlineSeconds	<integer>
         Optional duration in seconds the pod may be active on the node relative to
         StartTime before the system will actively try to mark it failed and kill
         associated containers. Value must be a positive integer.
    
       affinity	<Object>
         If specified, the pod's scheduling constraints
    
       automountServiceAccountToken	<boolean>
         AutomountServiceAccountToken indicates whether a service account token
         should be automatically mounted.
    
       containers	<[]Object> -required-
         List of containers belonging to the pod. Containers cannot currently be
         added or removed. There must be at least one container in a Pod. Cannot be
         updated.
    
       dnsConfig	<Object>
         Specifies the DNS parameters of a pod. Parameters specified here will be
         merged to the generated DNS configuration based on DNSPolicy.
    
       dnsPolicy	<string>
         Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
         'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
         parameters given in DNSConfig will be merged with the policy selected with
         DNSPolicy. To have DNS options set along with hostNetwork, you have to
         specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
    
       enableServiceLinks	<boolean>
         EnableServiceLinks indicates whether information about services should be
         injected into pod's environment variables, matching the syntax of Docker
         links. Optional: Defaults to true.
    
       ephemeralContainers	<[]Object>
         List of ephemeral containers run in this pod. Ephemeral containers may be
         run in an existing pod to perform user-initiated actions such as debugging.
         This list cannot be specified when creating a pod, and it cannot be
         modified by updating the pod spec. In order to add an ephemeral container
         to an existing pod, use the pod's ephemeralcontainers subresource. This
         field is alpha-level and is only honored by servers that enable the
         EphemeralContainers feature.
    
       hostAliases	<[]Object>
         HostAliases is an optional list of hosts and IPs that will be injected into
         the pod's hosts file if specified. This is only valid for non-hostNetwork
         pods.
    
       hostIPC	<boolean>
         Use the host's ipc namespace. Optional: Default to false.
    
       hostNetwork	<boolean>
         Host networking requested for this pod. Use the host's network namespace.
         If this option is set, the ports that will be used must be specified.
         Default to false.
    
       hostPID	<boolean>
         Use the host's pid namespace. Optional: Default to false.
    
       hostname	<string>
         Specifies the hostname of the Pod If not specified, the pod's hostname will
         be set to a system-defined value.
    
       imagePullSecrets	<[]Object>
         ImagePullSecrets is an optional list of references to secrets in the same
         namespace to use for pulling any of the images used by this PodSpec. If
         specified, these secrets will be passed to individual puller
         implementations for them to use. For example, in the case of docker, only
         DockerConfig type secrets are honored. More info:
         https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
    
       initContainers	<[]Object>
         List of initialization containers belonging to the pod. Init containers are
         executed in order prior to containers being started. If any init container
         fails, the pod is considered to have failed and is handled according to its
         restartPolicy. The name for an init container or normal container must be
         unique among all containers. Init containers may not have Lifecycle
         actions, Readiness probes, Liveness probes, or Startup probes. The
         resourceRequirements of an init container are taken into account during
         scheduling by finding the highest request/limit for each resource type, and
         then using the max of of that value or the sum of the normal containers.
         Limits are applied to init containers in a similar fashion. Init containers
         cannot currently be added or removed. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
    
       nodeName	<string>
         NodeName is a request to schedule this pod onto a specific node. If it is
         non-empty, the scheduler simply schedules this pod onto that node, assuming
         that it fits resource requirements.
    
       nodeSelector	<map[string]string>
         NodeSelector is a selector which must be true for the pod to fit on a node.
         Selector which must match a node's labels for the pod to be scheduled on
         that node. More info:
         https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
    
       overhead	<map[string]string>
         Overhead represents the resource overhead associated with running a pod for
         a given RuntimeClass. This field will be autopopulated at admission time by
         the RuntimeClass admission controller. If the RuntimeClass admission
         controller is enabled, overhead must not be set in Pod create requests. The
         RuntimeClass admission controller will reject Pod create requests which
         have the overhead already set. If RuntimeClass is configured and selected
         in the PodSpec, Overhead will be set to the value defined in the
         corresponding RuntimeClass, otherwise it will remain unset and treated as
         zero. More info:
         https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This
         field is alpha-level as of Kubernetes v1.16, and is only honored by servers
         that enable the PodOverhead feature.
    
       preemptionPolicy	<string>
         PreemptionPolicy is the Policy for preempting pods with lower priority. One
         of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
         This field is alpha-level and is only honored by servers that enable the
         NonPreemptingPriority feature.
    
       priority	<integer>
         The priority value. Various system components use this field to find the
         priority of the pod. When Priority Admission Controller is enabled, it
         prevents users from setting this field. The admission controller populates
         this field from PriorityClassName. The higher the value, the higher the
         priority.
    
       priorityClassName	<string>
         If specified, indicates the pod's priority. "system-node-critical" and
         "system-cluster-critical" are two special keywords which indicate the
         highest priorities with the former being the highest priority. Any other
         name must be defined by creating a PriorityClass object with that name. If
         not specified, the pod priority will be default or zero if there is no
         default.
    
       readinessGates	<[]Object>
         If specified, all readiness gates will be evaluated for pod readiness. A
         pod is ready when all its containers are ready AND all conditions specified
         in the readiness gates have status equal to "True" More info:
         https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
    
       restartPolicy	<string>
         Restart policy for all containers within the pod. One of Always, OnFailure,
         Never. Default to Always. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
    
       runtimeClassName	<string>
         RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
         which should be used to run this pod. If no RuntimeClass resource matches
         the named class, the pod will not be run. If unset or empty, the "legacy"
         RuntimeClass will be used, which is an implicit class with an empty
         definition that uses the default runtime handler. More info:
         https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a
         beta feature as of Kubernetes v1.14.
    
       schedulerName	<string>
         If specified, the pod will be dispatched by specified scheduler. If not
         specified, the pod will be dispatched by default scheduler.
    
       securityContext	<Object>
         SecurityContext holds pod-level security attributes and common container
         settings. Optional: Defaults to empty. See type description for default
         values of each field.
    
       serviceAccount	<string>
         DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
         Deprecated: Use serviceAccountName instead.
    
       serviceAccountName	<string>
         ServiceAccountName is the name of the ServiceAccount to use to run this
         pod. More info:
         https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
    
       shareProcessNamespace	<boolean>
         Share a single process namespace between all of the containers in a pod.
         When this is set containers will be able to view and signal processes from
         other containers in the same pod, and the first process in each container
         will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both
         be set. Optional: Default to false.
    
       subdomain	<string>
         If specified, the fully qualified Pod hostname will be
         "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not
         specified, the pod will not have a domainname at all.
    
       terminationGracePeriodSeconds	<integer>
         Optional duration in seconds the pod needs to terminate gracefully. May be
         decreased in delete request. Value must be non-negative integer. The value
         zero indicates delete immediately. If this value is nil, the default grace
         period will be used instead. The grace period is the duration in seconds
         after the processes running in the pod are sent a termination signal and
         the time when the processes are forcibly halted with a kill signal. Set
         this value longer than the expected cleanup time for your process. Defaults
         to 30 seconds.
    
       tolerations	<[]Object>
         If specified, the pod's tolerations.
    
       topologySpreadConstraints	<[]Object>
         TopologySpreadConstraints describes how a group of pods ought to spread
         across topology domains. Scheduler will schedule pods in a way which abides
         by the constraints. This field is only honored by clusters that enable the
         EvenPodsSpread feature. All topologySpreadConstraints are ANDed.
    
       volumes	<[]Object>
         List of volumes that can be mounted by containers belonging to the pod.
         More info: https://kubernetes.io/docs/concepts/storage/volumes

    3、了解三级以上字段

    kubectl explain pods.spec.containers

    [root@master ~]# kubectl explain pods.spec.containers
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: containers <[]Object>
    
    DESCRIPTION:
         List of containers belonging to the pod. Containers cannot currently be
         added or removed. There must be at least one container in a Pod. Cannot be
         updated.
    
         A single application container that you want to run within a pod.
    
    FIELDS:
       args	<[]string>
         Arguments to the entrypoint. The docker image's CMD is used if this is not
         provided. Variable references $(VAR_NAME) are expanded using the
         container's environment. If a variable cannot be resolved, the reference in
         the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
         with a double $$, ie: $$(VAR_NAME). Escaped references will never be
         expanded, regardless of whether the variable exists or not. Cannot be
         updated. More info:
         https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
    
       command	<[]string>
         Entrypoint array. Not executed within a shell. The docker image's
         ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
         are expanded using the container's environment. If a variable cannot be
         resolved, the reference in the input string will be unchanged. The
         $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
         Escaped references will never be expanded, regardless of whether the
         variable exists or not. Cannot be updated. More info:
         https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
    
       env	<[]Object>
         List of environment variables to set in the container. Cannot be updated.
    
       envFrom	<[]Object>
         List of sources to populate environment variables in the container. The
         keys defined within a source must be a C_IDENTIFIER. All invalid keys will
         be reported as an event when the container is starting. When a key exists
         in multiple sources, the value associated with the last source will take
         precedence. Values defined by an Env with a duplicate key will take
         precedence. Cannot be updated.
    
       image	<string>
         Docker image name. More info:
         https://kubernetes.io/docs/concepts/containers/images This field is
         optional to allow higher level config management to default or override
         container images in workload controllers like Deployments and StatefulSets.
    
       imagePullPolicy	<string>
         Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
         if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
         More info:
         https://kubernetes.io/docs/concepts/containers/images#updating-images
    
       lifecycle	<Object>
         Actions that the management system should take in response to container
         lifecycle events. Cannot be updated.
    
       livenessProbe	<Object>
         Periodic probe of container liveness. Container will be restarted if the
         probe fails. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
       name	<string> -required-
         Name of the container specified as a DNS_LABEL. Each container in a pod
         must have a unique name (DNS_LABEL). Cannot be updated.
    
       ports	<[]Object>
         List of ports to expose from the container. Exposing a port here gives the
         system additional information about the network connections a container
         uses, but is primarily informational. Not specifying a port here DOES NOT
         prevent that port from being exposed. Any port which is listening on the
         default "0.0.0.0" address inside a container will be accessible from the
         network. Cannot be updated.
    
       readinessProbe	<Object>
         Periodic probe of container service readiness. Container will be removed
         from service endpoints if the probe fails. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
       resources	<Object>
         Compute Resources required by this container. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
    
       securityContext	<Object>
         Security options the pod should run with. More info:
         https://kubernetes.io/docs/concepts/policy/security-context/ More info:
         https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    
       startupProbe	<Object>
         StartupProbe indicates that the Pod has successfully initialized. If
         specified, no other probes are executed until this completes successfully.
         If this probe fails, the Pod will be restarted, just as if the
         livenessProbe failed. This can be used to provide different probe
         parameters at the beginning of a Pod's lifecycle, when it might take a long
         time to load data or warm a cache, than during steady-state operation. This
         cannot be updated. This is a beta feature enabled by the StartupProbe
         feature flag. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
       stdin	<boolean>
         Whether this container should allocate a buffer for stdin in the container
         runtime. If this is not set, reads from stdin in the container will always
         result in EOF. Default is false.
    
       stdinOnce	<boolean>
         Whether the container runtime should close the stdin channel after it has
         been opened by a single attach. When stdin is true the stdin stream will
         remain open across multiple attach sessions. If stdinOnce is set to true,
         stdin is opened on container start, is empty until the first client
         attaches to stdin, and then remains open and accepts data until the client
         disconnects, at which time stdin is closed and remains closed until the
         container is restarted. If this flag is false, a container processes that
         reads from stdin will never receive an EOF. Default is false
    
       terminationMessagePath	<string>
         Optional: Path at which the file to which the container's termination
         message will be written is mounted into the container's filesystem. Message
         written is intended to be brief final status, such as an assertion failure
         message. Will be truncated by the node if greater than 4096 bytes. The
         total message length across all containers will be limited to 12kb.
         Defaults to /dev/termination-log. Cannot be updated.
    
       terminationMessagePolicy	<string>
         Indicate how the termination message should be populated. File will use the
         contents of terminationMessagePath to populate the container status message
         on both success and failure. FallbackToLogsOnError will use the last chunk
         of container log output if the termination message file is empty and the
         container exited with an error. The log output is limited to 2048 bytes or
         80 lines, whichever is smaller. Defaults to File. Cannot be updated.
    
       tty	<boolean>
         Whether this container should allocate a TTY for itself, also requires
         'stdin' to be true. Default is false.
    
       volumeDevices	<[]Object>
         volumeDevices is the list of block devices to be used by the container.
    
       volumeMounts	<[]Object>
         Pod volumes to mount into the container's filesystem. Cannot be updated.
    
       workingDir	<string>
         Container's working directory. If not specified, the container runtime's
         default will be used, which might be configured in the container image.
         Cannot be updated.

    4、优势

    kubectl get deployments.apps myapp-deploy  -o yamal --export > deploy-demo.yaml

    命令行只支持部分资源对象的部分属性、而资源清单支持配置资源的所有属性字段而且使用配置清单文件还能够进行版本追踪、复审等高级功能的操作

    八、资源对象管理方式

    1、声明式编程

    2、陈述式编程

    3、命令分类

  • 相关阅读:
    未能加载文件或程序集“System.EnterpriseServices, Version=4.0.0.0或2.0.0.0
    解决本地调用office组件成功,但是发布到IIS中出现的错误(检索COM类工厂中CLSID为{00024500-0000-0000-C000-000000000046}的组件时失败)
    未能找到类型或命名空间名称“Coco”(是否缺少 using 指令或程序集引用)
    SQL截取字段字符串的方法
    C# 128位AES 加密解密 (转)
    检索 COM 类工厂中 CLSID 为 {13C28AD0-F195-4319-B7D7-A1BDAA329FB8} 的组件时失败,原因是出现以下错误: 80040154
    js 获取时间比较全,留备用(zhuan)
    windows之如何把iso文件转换为VHD文件
    python之三行代码发送邮件
    RobotFramework第二篇之web自动化
  • 原文地址:https://www.cnblogs.com/luoahong/p/13439280.html
Copyright © 2011-2022 走看看