第一章、k8s中的资源
1.什么叫资源?
k8s中所有的内容都抽象为资源, 资源实例化之后,叫做对象
2.在k8s中有哪些资源?
工作负载型资源(workload): Pod ReplicaSet Deployment StatefulSet DaemonSet Job CronJob (ReplicationController在v1.11版本被废弃)
服务发现及负载均衡型资源(ServiceDiscovery LoadBalance): Service Ingress, ...
配置与存储型资源: Volume(存储卷) CSI(容器存储接口,可以扩展各种各样的第三方存储卷)
特殊类型的存储卷:ConfigMap(当配置中心来使用的资源类型)Secret(保存敏感数据) DownwardAPI(把外部环境中的信息输出给容器)
以上这些资源都是配置在名称空间级别
集群级资源:Namespace Node Role ClusterRole RoleBinding(角色绑定) ClusterRoleBinding(集群角色绑定)
元数据型资源:HPA(Pod水平扩展) PodTemplate(Pod模板,用于让控制器创建Pod时使用的模板) LimitRange(用来定义硬件资源限制的)
第二章、资源清单
1.什么是资源清单
在k8s中,一般使用yaml格式的文件来创建符合我们预期期望的pod,这样的yaml文件我们一般称为资源清单
2.资源清单的格式
apiVersion: group/apiversion # 如果没有给定group名称,那么默认为croe,可以使用kubectl api-versions 获取当前k8s版本上所有的apiVersion版本信息(每个版本可能不同) kind: #资源类别 metadata: #资源元数据 name namespace #k8s自身的namespace lables annotations #主要目的是方便用户阅读查找 spec:期望的状态(disired state) status:当前状态,本字段有kubernetes自身维护,用户不能去定义
#配置清单主要有五个一级字段,其中status用户不能定义,有k8s自身维护
3.获取资源的apiVersion版本及资源配置的帮助
1)获取apiVersion版本信息
[root@k8s-master01 ~]# kubectl api-versions admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 apps/v1beta1 apps/v1beta2 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 batch/v1 ......(以下省略)
2)获取资源的apiVersion版本信息
[root@k8s-master01 ~]# kubectl explain pod KIND: Pod VERSION: v1 .....(以下省略) [root@k8s-master01 ~]# kubectl explain Ingress KIND: Ingress VERSION: extensions/v1beta1
#可以看到出来,不同的资源可能属于不同的apiVersion版本
3)获取资源配置清单中字段设置帮助文档(以pod为例)
获取pod资源的配置清单一级字段
[root@k8s-master01 ~]# kubectl explain pod KIND: Pod VERSION: v1 DESCRIPTION: Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. FIELDS: apiVersion <string> APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources kind <string> Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
........
........
获取pod资源的配置清单二级级其他级别的字段
[root@k8s-master01 ~]# kubectl explain pod.metadata #查看一级字段中有哪些二级字段,字段的上下级以 "." 定义 KIND: Pod VERSION: v1 RESOURCE: metadata <Object> DESCRIPTION: Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. ........
-------------
[root@k8s-master01 ~]# kubectl explain pod.metadata.labels #查看二级字段中有哪些三级字段 KIND: Pod VERSION: v1 FIELD: labels <map[string]string> DESCRIPTION: Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
字段配置的格式
帮助信息中常见格式如下: apiVersion <string> #表示字符串类型 metadata <Object> #表示需要嵌套多层字段 labels <map[string]string> #表示由k:v组成的映射 finalizers <[]string> #表示字串列表 ownerReferences <[]Object> #表示对象列表
hostPID <boolean> #布尔类型
priority <integer> #整型
name <string> -required- #如果类型后面接 -required-,表示为必填字段
第四章、创建一个配置清单实例
1.以pod为例,创建一个简单的yaml文件
[root@k8s-master01 ~]# mkdir manifests [root@k8s-master01 ~]# cd manifests/ [root@k8s-master01 manifests]# cat pod-demo.yaml apiVersion: v1 kind: Pod metadata: name: pod-demo labels: app: myapp #给自己打上标签 tier: frontend spec: containers: #创建了两个容器 - name: nginx image: ikubernetes/myapp:v1 - name: tomcat image: tomcat:7-alpine [root@k8s-master01 manifests]# kubectl create -f pod-demo.yaml #使用create 子命令以yaml文件的方式启动pod [root@k8s-master01 manifests]# kubectl get pod #主要查看pod的状态是否支持,因为有一个以上的pod,READY段需要注意pod中的容器是否全部就绪 NAME READY STATUS RESTARTS AGE ...... pod-demo 2/2 Running 0 2h
为了便于访问,我们再创建一个service便于外部访问测试
[root@k8s-master01 manifests]# cat svc-demo.yaml apiVersion: v1 kind: Service #主要类型 metadata: name: test-service labels: app1: nginx app2: tomcat spec: ports: #暴露的端口设置 - name: nginx port: 80 #service的端口 targetPort: 80 #pod上暴露的端口 nodePort: 32080 #Node上暴露的端口,需要注意的是,Node只能暴露30000-32767之间的端口 - name: tomcat port: 8080 targetPort: 8080 nodePort: 32088 selector: app: myapp type: NodePort #service 端口暴露的类型,默认是ClusterIP [root@k8s-master01 manifests]# kubectl create -f svc-demo.yaml
[root@k8s-master01 manifests]# kubectl get svc -o wide #查看svc的状态
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
.......
test-service NodePort 10.108.230.27 <none> 80:32080/TCP,8080:32088/TCP 22m app=myapp #根据暴露的端口,加上任意集群的IP地址进行访问
2.pod资源清单示例
[root@k8s-master01 ~]# kubectl get pod #查看集群中pod的状态,选取一个之前使用命令行状态下创建的pod NAME READY STATUS RESTARTS AGE client 0/1 Completed 0 19h myapp-6d6f569fd5-rtgt9 1/1 Running 0 19h myapp-6d6f569fd5-tjpfn 1/1 Running 0 19h myapp-6d6f569fd5-tqq5z 1/1 Running 0 19h nginx 1/1 Running 0 16h nginx-deploy-7db697dfbd-2qh7v 1/1 Running 0 20h nginx-deploy-7db697dfbd-gskcv 1/1 Running 0 20h nginx-deploy-7db697dfbd-ssws8 1/1 Running 0 20h [root@k8s-master01 ~]# kubectl get pod nginx-deploy-7db697dfbd-2qh7v -o yaml #使用 -o 参数 加yaml,可以将资源的配置以 yaml的格式输出出来,也可以使用json,输出为json格式 apiVersion: v1 kind: Pod metadata: creationTimestamp: 2018-10-30T05:40:55Z generateName: nginx-deploy-7db697dfbd- labels: pod-template-hash: "3862538968" run: nginx-deploy name: nginx-deploy-7db697dfbd-2qh7v namespace: default ownerReferences: - apiVersion: extensions/v1beta1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: nginx-deploy-7db697dfbd uid: 0eef9e1c-dbf0-11e8-8969-5254001b07db resourceVersion: "15622" selfLink: /api/v1/namespaces/default/pods/nginx-deploy-7db697dfbd-2qh7v uid: 5ee94f2a-dc06-11e8-8969-5254001b07db spec: containers: - image: nginx:1.14-alpine imagePullPolicy: IfNotPresent name: nginx-deploy ports: - containerPort: 80 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-tcwjz readOnly: true dnsPolicy: ClusterFirst nodeName: k8s-node02 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-tcwjz secret: defaultMode: 420 secretName: default-token-tcwjz status: conditions: - lastProbeTime: null lastTransitionTime: 2018-10-30T05:40:55Z status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: 2018-10-30T05:41:06Z status: "True" type: Ready - lastProbeTime: null lastTransitionTime: 2018-10-30T05:40:55Z status: "True" type: PodScheduled containerStatuses: - containerID: docker://b75740e5919bd975755b256c83e03b63ea95cf2307ffc606abd03b59fea6634a image: docker.io/nginx:1.14-alpine imageID: docker-pullable://docker.io/nginx@sha256:8976218be775f4244df2a60a169d44606b6978bac4375192074cefc0c7824ddf lastState: {} name: nginx-deploy ready: true restartCount: 0 state: running: startedAt: 2018-10-30T05:41:06Z hostIP: 172.16.150.214 phase: Running podIP: 10.244.2.7 qosClass: BestEffort startTime: 2018-10-30T05:40:55Z