[k8s]一步一步学习k8syaml

一步一步学习k8syaml


k8s的command和args



k8s-proxy浅析



k8s高可用和ingress



手头命令:


执行命令:
kubectl exec pod-name date
kubectl exec pod-name -c container-name date
kubectl exec -it pod-name -c container-name /bin/bash

kubectl get rc,svc
kubectl delete po,svc -l name=lable-name
kubectl delete pods --all
#干掉rc rs
kubectl delete rc --all
kubectl delete rc --all


kubectl logs -f volume-pod -c busybox
kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs
kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt
#查看镜像的CMD
docker inpect id
#查看容器中运行着哪些进程
docker top 61ac514f8ea6

#查看容器日志
docker logs -f xx
docker ps -l 显示最新启动的一个容器(包括已停止的)
docker stats #查看各个容器的资源占用 这是个很刁的命令
docker stats 54493133d1f0 

容器停止后就自动删除: docker run --rm centos /bin/echo "One"
杀死所有正在运行的容器:docker kill $(docker ps -a -q)
删除所有已经停止的容器:docker rm $(docker ps -a -q)
删除所有未打标签的镜像 docker rmi $(docker images -q -f dangling=true)

配置代理:
export http_proxy=http://proxy_server:port



基础:
1,创建1个pod

apiVersion: v1
kind: Pod
metadata:
  name: pod-test
  labels:
    app: webapp
spec:
  containers:
  - name: webapp
    image: nginx:1.11.4-alpine
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 80

带环境变量:

apiVersion: v1
kind: Pod
metadata:
  name: myweb
  labels:
    name: myweb
spec:
  containers:
  - name: myweb
    image: kubeguide/tomcat-app:v1
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 8080
    env:
    - name: MYSQL_SERVER_HOST
      value: 'mysql'
    - name: MYSQL_SERVICE_PORT
      value: '3306'

静态pod:

1,由kubelet管理,配置kubelete参数KUBELET_OPTS=' --config=/etc/kubernetes/manifests,kubelet监视该目录。

2,kubectl  get pod可以看到,kubectl delete pod删掉后,一直处于pending,直至清单yaml目录删除为止。

apiVersion: v1
kind: Pod
metadata:
  name: static-pod
  labels:
    name: static-pod
spec:
  containers:
  - name: static-pod
    image: nginx
    ports:
    - name: static-pod
      containerPort: 80
      
      


2,创建1个rc

apiVersion: v1
kind: ReplicationController
metadata:
  name: webapp
spec:
  replicas: 2
  template:
    metadata:
      name: webapp
      labels:
        app: webapp
    spec:
      containers:
      - name: webapp
        image: nginx:1.11.4-alpine
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
      

  
3,创建1个svc
方法1:

apiVersion: v1
kind: Service
metadata:
  name: webapp
spec:
  ports:
  - port: 8081
    targetPort: 80
  selector:
   app: webapp

方法2:

kubectl export rc webapp


高级
1,创建1个pod,含有多个container

apiVersion: v1
kind: ReplicationController
metadata:
  name: app01
spec:
  replicas: 2
  template:
    metadata:
      name: app01
      labels:
        app: app01
    spec:
      containers:
      - name: app01-nginx
        image: nginx:1.11.4-alpine
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80


      - name: app01-tomcat
        image: kubeguide/tomcat-app:v1
        imagePullPolicy: IfNotPresent
        ports:
        - name: web
          containerPort: 8080
          protocol: TCP
        - name: management
          containerPort: 8005
          protocol: TCP

创建1个pod,执行命令 command

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-healthcheck-writefile
  labels:
    app: pod-with-healthcheck-writefile
spec:
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    name: busybox
  restartPolicy: Always


apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
  - name: command-demo-container
    image: debian
    command: ["printenv"]
    args: ["HOSTNAME", "KUBERNETES_PORT"]




创建1个pod执行命令-args

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-healthcheck-writefile
  labels:
    app: pod-with-healthcheck-writefile
spec:
  containers:
  - image: busybox
    args:
    - /bin/sh
    - -c
    - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600
    livenessProbe:
      exec:
        command:
          - cat
          - /tmp/health

创建一个centos:(官方centos默认不能放后台运行)

apiVersion:
kind:
metadata:
  name: centos
spec:
  replicate: 1
  template:
    metadata:
      labels:
        app:centos
    spec:
      containers:
      - name: centos-instance
        image: centos
        args: ["sleep","655369"]
        ports:
        - containersPort: 80




2,创建svc
方法1:
kubectl export rc webapp

方法2:
[root@node151 yaml]# cat app01-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: app01
spec:
  ports:
  - name: nginx
    port: 80
    protocol: TCP
  - name: tomcat-web
    port: 8080
    protocol: TCP
  - name: tomcat-management
    port: 8005
    protocol: TCP
  selector:
   app: app01



注:rc只能为pod打1个labels。 如:
apiVersion: v1
kind: ReplicationController
metadata:
  name: app01
spec:
  replicas: 2
  template:
    metadata:
      name: app01
      labels:
        app: app01
        app: nginx
        app: tomcat
...
只能打到 app: tomcat tag。


1个pod,2个container,共享存储--tomcat日志搜集案例

apiVersion: v1
kind: Pod
metadata:
  name: volume-pod
spec:
  containers:
  - name: tomcat
    image: tomcat
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 8080
    volumeMounts:
    - name: app-logs
      mountPath: /usr/local/tomcat/logs


  - name: busybox
    image: busybox
    imagePullPolicy: IfNotPresent
    command: ["sh","-c","tail -f /logs/localhost_access_log*.txt"]
    volumeMounts:
      - name: app-logs
        mountPath: /logs
  volumes:
  - name: app-logs
    emptyDir: {}

kubectl logs -f volume-pod -c busybox
kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs
kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt

小结:
从这里可以看到 command指令用法。


configMap:--为pod提供配置

1,提供env

2,提供配置文件

pod使用方法:

1,通过env获取cm种内容

2,通过volume挂载cm种文件

举个栗子:

变量

[root@node151 yaml]# cat cm-appvars.yaml 

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-appvars
data:
  apploglevel: info
  appdatadir: /var/data
[root@node151 yaml]# cat cm-test-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm-test-pod
spec:
  containers:
  - name: cm-test
    image: busybox
    command: [ "/bin/sh", "-c", "env | grep APP" ]
    env:
    - name: APPLOGLEVEL
      valueFrom:
        configMapKeyRef:
          name: cm-appvars
          key: apploglevel
    - name: APPDATADIR
      valueFrom:
        configMapKeyRef:[root@node151 yaml]# cat cm-test-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm-test-pod
spec:
  containers:
  - name: cm-test
    image: busybox
    command: [ "/bin/sh", "-c", "env | grep APP" ]
    env:
    - name: APPLOGLEVEL
      valueFrom:
        configMapKeyRef:
          name: cm-appvars
          key: apploglevel
    - name: APPDATADIR
      valueFrom:
        configMapKeyRef:
          name: cm-appvars
          key: appdatadir
          name: cm-appvars
          key: appdatadir
验证:
kubectl get po --show-all  ---这里运行后会变成complete状态
kubectl logs cm-test-pod #可以看到环境变量

用法2:文件挂载

[root@node151 yaml]# cat cm-appconfigfiles.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-appconfigfiles
data:
  key-admin-key.pem: -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWR
    UkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNb
    pmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oe
    pdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLL
    fPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzy
    mi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/
    hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4
    KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7Rjpl
    PjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2
    PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf
    +GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1
    Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh
    9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiR
    aXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzL
    cbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzi
    x0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6h
    Lq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X
    3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb
    +EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dO
    tp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhn
    UMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3
    dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtD
    eUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOx
    zMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMr
    rxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl
    -----END RSA PRIVATE KEY-----
  key-admin.pem: -----BEGIN CERTIFICATE-----
    MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQEL
    BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
    aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr
    dWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkG
    A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV
    BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT
    BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti
    38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+
    GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKx
    r4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4cc
    JMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFX
    uaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh
    /UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
    BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB
    8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0G
    CSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgH
    JaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywp
    bip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOF
    dLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKy
    E79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTN
    Q1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M
    -----END CERTIFICATE-----
  key-ca.pem: -----BEGIN CERTIFICATE-----
    MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQEL
    BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
    aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr
    dWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkG
    A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK
    BgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNz
    EtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfH
    munkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqH
    QWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUk
    SWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNp
    M+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHM
    ZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAd
    BgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuA
    dwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjc
    JnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDl
    GVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEist
    jC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcV
    EqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kk
    g7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6T
    Zqs=
    -----END CERTIFICATE-----

注意:以上都是实验性key,没啥意义。

[root@node151 yaml]# cat cm-test-app.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm-test-app
spec:
  containers:
  - name: cm-test-app
    image: kubeguide/tomcat-app:v1
    ports:
    - containerPort: 8080
    volumeMounts:
    - name: certkey
      mountPath: /configfiles
  volumes:
  - name: certkey
    configMap:
      name: cm-appconfigfiles
      items:
      - key: key-admin.pem
        path: admin.pem
      - key: key-admin-key.pem
        path: admin-key.pem
      - key: key-ca.pem
        path: ca.pem
验证:

kubectl exec -it cm-test-app -- bash
ls /configfiles



如果不指定items: 则挂载后的文件名字为key-xxx

[root@node151 yaml]# cat cm-test-app.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm-test-app
spec:
  containers:
  - name: cm-test-app
    image: kubeguide/tomcat-app:v1
    ports:
    - containerPort: 8080
    volumeMounts:
    - name: certkey
      mountPath: /configfiles
  volumes:
  - name: certkey
    configMap:
      name: cm-appconfigfiles

cm创建的3种方法:

kubectl create configmap ca.pem --from-file=ca.pem
kubectl create configmap cm-appconfig --from-file=configfilesdir
kubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data


使用cm注意:

1,在pod前创建

2,只能挂载目录





外部访问:

Services overview diagram for userspace proxy


1,container级别端口映射到物理机
注:cni网络不支持
Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored

如果非cni:

apiVersion: v1
kind: Pod
metadata:
  name: pod-hostport
  labels:
    app: webapp
spec:
  containers:
  - name: webapp
    image: nginx:1.11.4-alpine
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 80
      hostPort: 30090

2,pod级别端口映射到物理机: 这种方式不分配podip 共享物理机的ip地址.同时进程可以在物理机看到

apiVersion: v1
kind: Pod
metadata:
  name: pod-hostnetwork
  labels:
    app: webapp
spec:
  hostNetwork: true
  containers:
  - name: webapp
    image: nginx:1.11.4-alpine
    imagePullPolicy: IfNotPresent
    ports:
      - containerPort: 80


[root@no161 ~]# kk|grep po
default       pod-hostnetwork                               1/1       Running    0          18s       192.168.8.162    no162

[root@no162 ~]# ps -ef|grep nginx
root     29405 29388  0 15:00 ?        00:00:00 nginx: master process nginx -g daemon off;
100      29426 29405  0 15:00 ?        00:00:00 nginx: worker process





3,svc级别端口映射到物理机

apiVersion: v1
kind: Service
metadata:
  name: webapp
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30081
  selector:
    app: webapp

4,svc还可以将请求发给第三方lb,由lb来转发到各个pod。

svc高级
创建一个svc可访问外部mysql服务
1,创建1个无selector的svc
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  ports:
  - protocol: TCP
    port: 3306
    targetPort: 3306

创建1个同name的endpoint即会自动关联到上面svc。

apiVersion: v1
kind: Endpoints
metadata:
  name: my-service
subsets:
 - addresses:
     - ip: 192.168.6.87
   ports:
     - port: 3306

测试:
node151$  mysql -h svc-address -uroot -pxxx




liveness-活跃性

1,写文件

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-healthcheck-writefile
  labels:
    app: pod-with-healthcheck-writefile
spec:
  containers:
  - name: pod-with-healthcheck-writefile
    image: busybox
    args:
    - /bin/sh
    - -c
    - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600
    livenessProbe:
      exec:
        command:
        - cat
        - /tmp/health
      initialDelaySeconds: 15
      timeoutSeconds: 1





2,tcp sock:通过与容器localhost:80建连接

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-healthcheck-tcpsock
spec:
  containers:
  - name: nginx
    image: nginx:1.11.4-alpine
    imagePullPolicy: IfNotPresent
    ports:
      - containerPort: 80
    livenessProbe:
      tcpSocket:
        port: 80
      initialDelaySeconds: 30
      timeoutSeconds: 1


3,http status 200<

apiVersion: v1
kind: Pod
metadata:
  name: pod-with-healthcheck
spec:
  containers:
  - name: nginx
    image: nginx:1.11.4-alpine
    imagePullPolicy: IfNotPresent
    ports:
      - containerPort: 80
    livenessProbe:
      httpGet:
        path: /_status/healthz
        port: 80
      initialDelaySeconds: 30 #首次创建后,等多久去检查
      timeoutSeconds: 1  #当超时,干掉重建
#通过本地的kubenetes发起请求检查
kubectl logs -f pod-with-healthcheck

192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"
192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"




你可能感兴趣的:([k8s]一步一步学习k8syaml)