Linux----K8s的pod资源中的调度约束与控制器详解

Kubernetes通过watch的机制进行每个组件的协作,每个组件之间的设计实现了解耦

创建pod资源的原理图详解

Linux----K8s的pod资源中的调度约束与控制器详解_第1张图片

原理图详解:

Write1:创建pod资源的元信息写入etcd数据库中,(pod名称,创建的时间,镜像名称...),

etcd具有自动发现功能,通过watch机制把创建pod资源的信息给scheduler(调度器)。

Write2:调度器绑定pod,通过评分机制分配给对应的node节点,并把pod的网络信息通过apiserver写入etcd数据库中。

Write3:apiserver通过watch机制将etcd存储要创建pod资源的基础信息给kubectl,该node节点的kubectl具有了该pod的基础信息,通过命令ducker run创建该容器,创建成功后反馈一条状态信息给apiserver,apiserver会把创建pod资源的状态信息写入etcd。

两种调度方式

nodeName:用于将Pod调度到指定的Node名称上(跳过调度器直接分配)

nodeSelector:用于将Pod调度到匹配Label的Node上

操作演示,nodeName调度方式

编辑yaml文件
[root@localhost demo]# vim pod5.yaml

apiVersion: v1
kind: Pod  
metadata:
  name: pod-example  
  labels:
    app: nginx  
spec:
  nodeName: 192.168.179.151
  containers:
  - name: nginx  
    image: nginx:1.15

创建pod资源
[root@localhost demo]# kubectl create -f pod5.yaml 
pod/pod-example created
[root@localhost demo]# kubectl get pods 
NAME          READY   STATUS              RESTARTS   AGE
pod-example   0/1     ContainerCreating   0          8s

查看该pod资源分配的节点
[root@localhost demo]# kubectl get pods -o wide
NAME          READY   STATUS              RESTARTS   AGE   IP       NODE              NOMINATED NODE
pod-example   0/1     ContainerCreating   0          37s      192.168.179.151   

查看创建过程的详细信息

[root@localhost demo]# kubectl describe pod pod-example

操作演示,nodeSelector调度方式

删除原有的资源
[root@localhost demo]# kubectl delete -f pod5.yaml 
pod "pod-example" deleted
[root@localhost demo]# kubectl get pods
No resources found.

需要获取node上的NAME名称
[root@localhost demo]# kubectl get nodes
NAME              STATUS   ROLES    AGE   VERSION
192.168.179.151   Ready       16d   v1.12.3
192.168.179.152   Ready       16d   v1.12.3

给对应的node设置标签分别为kgc=a和kgc=b
[root@localhost demo]# kubectl label nodes 192.168.179.151 kgc=a
node/192.168.179.151 labeled
[root@localhost demo]# kubectl label nodes 192.168.179.152 kgc=b
node/192.168.179.152 labeled

查看标签
[root@localhost demo]# kubectl get nodes --show-labels
NAME              STATUS   ROLES    AGE   VERSION   LABELS
192.168.179.151   Ready       16d   v1.12.3   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kgc=a,kubernetes.io/hostname=192.168.179.151
192.168.179.152   Ready       16d   v1.12.3   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kgc=b,kubernetes.io/hostname=192.168.179.152

创建pod资源的yaml文件
[root@localhost demo]# vim pod6.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-example
  labels:
    app: nginx
spec:
  nodeSelector: 
    kgc: b                #创建到该node节点上,192.168.179.152
  containers:
  - name: nginx
    image: nginx:1.15

创建pod
[root@localhost demo]# kubectl apply -f pod6.yaml
pod/pod-example created
[root@localhost demo]# kubectl get pods
NAME          READY   STATUS              RESTARTS   AGE
pod-example   0/1     ContainerCreating   0          4s
[root@localhost demo]# kubectl get pods
NAME          READY   STATUS    RESTARTS   AGE
pod-example   1/1     Running   0          48s

验证是否创建到192.168.179.152节点中 

查看创建pod资源时的详细信息

Linux----K8s的pod资源中的调度约束与控制器详解_第2张图片

 控制器:又称之为工作负载,分别包含以下类型控制器

控制器的5中类型

1:Deployment

2:StatefulSet

3:DaemonSet

4:Job

5:CronJob

Pod与控制器之间的关系

Linux----K8s的pod资源中的调度约束与控制器详解_第3张图片

controllers:在集群上管理和运行容器的对象通过label-selector相关联

Pod通过控制器实现应用的运维,如伸缩,升级等

Deployment控制类型

部署无状态应用

管理Pod和ReplicaSet

具有上线部署、副本设定、滚动升级、回滚等功能

提供声明式更新,例如只更新一个新的Image

应用场景:web服务

演示实例

[root@localhost demo]# vim nginx-deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.15.4
        ports:
        - containerPort: 80

创建资源
[root@localhost demo]# kubectl create -f nginx-deployment.yaml
deployment.apps/nginx-deployment created
[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
nginx-deployment-d55b94fd-hvglq   1/1     Running   0          3s
nginx-deployment-d55b94fd-nnv9j   1/1     Running   0          3s
nginx-deployment-d55b94fd-zfwm7   1/1     Running   0          3s

Replicaset 是控制版本,副本数,回滚就是通过此来实现

查看三种资源,pod,副本集,控制器
[root@localhost demo]# kubectl get pods,rs,deploy
NAME                                  READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-d55b94fd-hvglq   1/1     Running   0          93s
pod/nginx-deployment-d55b94fd-nnv9j   1/1     Running   0          93s
pod/nginx-deployment-d55b94fd-zfwm7   1/1     Running   0          93s
pod/pod-example                       1/1     Running   0          29m

NAME                                              DESIRED   CURRENT   READY   AGE
replicaset.extensions/nginx-deployment-d55b94fd   3         3         3       93s

NAME                                     DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/nginx-deployment   3         3         3            3           94s

查看控制器详细信息

[root@localhost demo]# kubectl edit deployment/nginx-deployment
Linux----K8s的pod资源中的调度约束与控制器详解_第4张图片

SatefulSet控制类型

部署有状态应用

解决Pod独立生命周期,保持Pod启动顺序和唯一性

稳定,唯一的网络标识符,持久存储(例如:etcd配置文件,节点地址发生变化,将无法使用)

有序,优雅的部署和扩展、删除和终止(例如:mysql主从关系,先启动主,再启动从)

有序,滚动更新

应用场景:数据库

无状态:

  1. deployment 认为所有的pod都是一样的
  2. 不用考虑顺序的要求
  3. 不用考虑在哪个node节点上运行
  4. 可以随意扩容和缩容

有状态

  1. 实例之间有差别,每个实例都有自己的独特性,元数据不同,例如etcd,zookeeper
  2. 实例之间不对等的关系,以及依靠外部存储的应用。

常规service和无头服务区别

service:一组Pod访问策略,提供cluster-IP群集之间通讯,还提供负载均衡和服务发现。

Headless service  无头服务,不需要cluster-IP,直接绑定具体的Pod的IP

演示操作service

根据已经创建的pod资源,将服务发布出去
[root@localhost demo]# vim nginx-service.yaml 

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  labels:
    app: nginx
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx

[root@localhost demo]# kubectl create -f nginx-service.yaml 
service/nginx-service created
[root@localhost demo]# kubectl get svc
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.0.0.1             443/TCP        17d
nginx-service   NodePort    10.0.0.17            80:33778/TCP   6s
                                                    80端口作为内部通讯,对外访问端口为33778


访问IP地址
[root@localhost demo]# curl 10.0.0.17
curl: (7) Failed connect to 10.0.0.17:80; 拒绝连接

需要重启节点中的flanneld和docker服务
[root@localhost ~]# systemctl restart flanneld.service 
[root@localhost ~]# systemctl restart docker

在两台node节点访问IP
[root@localhost ~]# curl 10.0.0.17



Welcome to nginx!



Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

演示操作Headless service

创建yaml文件
[root@localhost demo]# vim headless.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None        #无clusterIP
  selector:
    app: nginx

部署该服务
[root@localhost demo]# kubectl apply -f headless.yaml 
service/nginx created
[root@localhost demo]# kubectl get svc
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.0.0.1             443/TCP        17d
nginx           ClusterIP   None                 80/TCP         5s
nginx-service   NodePort    10.0.0.17            80:33778/TCP   10m

使用dns绑定IP地址访问

创建文件
[root@localhost demo]# vim coredns.yaml 

# Warning: This is a file generated from the base underscore template file: coredns.yaml.base

apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:

加载该文件服务
[root@localhost demo]# kubectl create -f coredns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.extensions/coredns created
service/kube-dns created

查看服务状态
[root@localhost demo]# kubectl get pods -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
coredns-56684f94d6-9kqv6                1/1     Running   0          39s

创建pod资源的yaml文件
[root@localhost demo]# vim pod3.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx


查看运行的状态
[root@localhost demo]# kubectl get pods -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
coredns-56684f94d6-9kqv6                1/1     Running   0          47m
kubernetes-dashboard-65f974f565-hqdbg   1/1     Running   3          9d

创建pod资源
[root@localhost demo]# kubectl create -f pod3.yaml 
pod/dns-test created
[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
dns-test                          1/1     Running   0          12s

验证dns解析

解析kubernetes和nginx-service名称

进入测试容器
[root@localhost demo]# kubectl exec -it dns-test sh


解析kubernetes验证
/ # nslookup kubernetes
Server:    10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local

解析nginx-service验证
/ # nslookup nginx-service
Server:    10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local

Name:      nginx-service
Address 1: 10.0.0.17 nginx-service.default.svc.cluster.local

创建一个完整的yaml文件,创建资源,验证解析

[root@localhost demo]# vim sts.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx
---
apiVersion: apps/v1beta1  
kind: StatefulSet  
metadata:
  name: nginx-statefulset  
  namespace: default
spec:
  serviceName: nginx  
  replicas: 3  
  selector:
    matchLabels:  
       app: nginx
  template:  
    metadata:
      labels:
        app: nginx  
    spec:
      containers:
      - name: nginx
        image: nginx:latest  
        ports:
        - containerPort: 80

清空原有的资源
[root@localhost demo]# kubectl delete -f .
[root@localhost demo]# kubectl get pods
No resources found.

[root@localhost demo]# kubectl create -f sts.yaml 
service/nginx created
statefulset.apps/nginx-statefulset created

查看pod资源
[root@localhost demo]# kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
nginx-statefulset-0   1/1     Running   0          90s
nginx-statefulset-1   1/1     Running   0          70s
nginx-statefulset-2   1/1     Running   0          20s
[root@localhost demo]# 

查看service资源
[root@localhost demo]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.0.0.1             443/TCP   17d
nginx        ClusterIP   None                 80/TCP    115s

创建dns资源(内容写在pod3.yaml中)
[root@localhost demo]# kubectl create -f pod3.yaml 
pod/dns-test created
[root@localhost demo]# kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
dns-test              1/1     Running   0          26s

创建coredns资源
[root@localhost demo]# kubectl create -f coredns.yaml 

进入dns-test容器验证解析

Linux----K8s的pod资源中的调度约束与控制器详解_第5张图片

 查看podIP是否对应

[root@localhost demo]# kubectl get ep
NAME         ENDPOINTS                                      AGE
kubernetes   192.168.179.150:6443,192.168.179.153:6443      17d
nginx        172.17.40.2:80,172.17.40.3:80,172.17.77.2:80   15m

总结

StatefulSet与Deployment区别:有身份的!  

身份三要素: 

域名  nginx-statefulset-0.nginx

主机名 nginx-statefulset-0

存储(PVC)

DaemonSet控制类型

在每一个Node上运行一个Pod

新加入的Node也同样会自动运行一个Pod

应用场景:Agent(代理)

演示实例

编辑资源文件
[root@localhost demo]# vim ds.yaml 

apiVersion: apps/v1
kind: DaemonSet 
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.15.4
        ports:
        - containerPort: 80

清空原有资源
[root@localhost demo]# kubectl delete -f .
[root@localhost demo]# kubectl get pods
No resources found.

创建新资源
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-deployment-hhrrl   1/1     Running   0          5s
nginx-deployment-mb8v5   1/1     Running   0          5s

两个node节点都会创建该资源
[root@localhost demo]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE              NOMINATED NODE
nginx-deployment-hhrrl   1/1     Running   0          46s   172.17.77.2   192.168.179.151   
nginx-deployment-mb8v5   1/1     Running   0          46s   172.17.40.2   192.168.179.152   

总结:就算没有指定创建的(replicas)副本集数量,但是使用 DaemonSet控制器还是会根据node节点的数量创建pod资源

Job控制器类型

Job分为普通任务(Job)和定时任务(CronJob)

一次性执行

应用场景:离线数据处理,视频解码等业务

演示实例

[root@localhost demo]# vim job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
      restartPolicy: Never
  backoffLimit: 4        #重试的上限次数(重试计算的命令,如果4次没有计算出结果则停止操作)

建议先在node节点下载该镜像(perl)
docker pull perl

创建资源
[root@localhost demo]# kubectl apply -f job.yaml

查看状态
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
pi-vgm5z                 1/1     Running   0          20s

计算完成后的状态
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS      RESTARTS   AGE
pi-vgm5z                 0/1     Completed   0          28s

查看计算结果

Linux----K8s的pod资源中的调度约束与控制器详解_第6张图片

清除job资源
[root@localhost demo]# kubectl delete -f job.yaml 
job.batch "pi" deleted
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-deployment-hhrrl   1/1     Running   0          13m
nginx-deployment-mb8v5   1/1     Running   0          13m
[root@localhost demo]# 

CronJob控制器类型

周期性任务,类似Linux的Crontab一样。

周期性任务

应用场景:通知,备份

演示实例

[root@localhost demo]# vim cronjob.yaml

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure    

创建资源
[root@localhost demo]# kubectl create -f cronjob.yaml 
cronjob.batch/hello created

查看状态
[root@localhost demo]# kubectl get cronjob
NAME    SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
hello   */1 * * * *   False     0                  20s

输出一次内容后的状态
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS      RESTARTS   AGE
hello-1589643000-z9xgp   0/1     Completed   0          18s

每隔一分钟输出一次
[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS              RESTARTS   AGE
hello-1589643000-z9xgp   0/1     Completed           0          67s
hello-1589643060-rd6cp   0/1     ContainerCreating   0          6s

[root@localhost demo]# kubectl get pods
NAME                     READY   STATUS      RESTARTS   AGE
hello-1589643000-z9xgp   0/1     Completed   0          80s
hello-1589643060-rd6cp   0/1     Completed   0          19s

 

你可能感兴趣的:(K8s)