Linux----K8s的pod资源中的调度约束与控制器详解
Kubernetes通过watch的机制进行每个组件的协作,每个组件之间的设计实现了解耦
创建pod资源的原理图详解
原理图详解:
Write1:创建pod资源的元信息写入etcd数据库中,(pod名称,创建的时间,镜像名称...),
etcd具有自动发现功能,通过watch机制把创建pod资源的信息给scheduler(调度器)。
Write2:调度器绑定pod,通过评分机制分配给对应的node节点,并把pod的网络信息通过apiserver写入etcd数据库中。
Write3:apiserver通过watch机制将etcd存储要创建pod资源的基础信息给kubectl,该node节点的kubectl具有了该pod的基础信息,通过命令ducker run创建该容器,创建成功后反馈一条状态信息给apiserver,apiserver会把创建pod资源的状态信息写入etcd。
两种调度方式
nodeName:用于将Pod调度到指定的Node名称上(跳过调度器直接分配)
nodeSelector:用于将Pod调度到匹配Label的Node上
操作演示,nodeName调度方式
编辑yaml文件
[root@localhost demo]# vim pod5.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-example
labels:
app: nginx
spec:
nodeName: 192.168.179.151
containers:
- name: nginx
image: nginx:1.15
创建pod资源
[root@localhost demo]# kubectl create -f pod5.yaml
pod/pod-example created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-example 0/1 ContainerCreating 0 8s
查看该pod资源分配的节点
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod-example 0/1 ContainerCreating 0 37s 192.168.179.151
查看创建过程的详细信息
[root@localhost demo]# kubectl describe pod pod-example
操作演示,nodeSelector调度方式
删除原有的资源
[root@localhost demo]# kubectl delete -f pod5.yaml
pod "pod-example" deleted
[root@localhost demo]# kubectl get pods
No resources found.
需要获取node上的NAME名称
[root@localhost demo]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.179.151 Ready 16d v1.12.3
192.168.179.152 Ready 16d v1.12.3
给对应的node设置标签分别为kgc=a和kgc=b
[root@localhost demo]# kubectl label nodes 192.168.179.151 kgc=a
node/192.168.179.151 labeled
[root@localhost demo]# kubectl label nodes 192.168.179.152 kgc=b
node/192.168.179.152 labeled
查看标签
[root@localhost demo]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
192.168.179.151 Ready 16d v1.12.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kgc=a,kubernetes.io/hostname=192.168.179.151
192.168.179.152 Ready 16d v1.12.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kgc=b,kubernetes.io/hostname=192.168.179.152
创建pod资源的yaml文件
[root@localhost demo]# vim pod6.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-example
labels:
app: nginx
spec:
nodeSelector:
kgc: b #创建到该node节点上,192.168.179.152
containers:
- name: nginx
image: nginx:1.15
创建pod
[root@localhost demo]# kubectl apply -f pod6.yaml
pod/pod-example created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-example 0/1 ContainerCreating 0 4s
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-example 1/1 Running 0 48s
验证是否创建到192.168.179.152节点中
查看创建pod资源时的详细信息
控制器:又称之为工作负载,分别包含以下类型控制器
控制器的5中类型
1:Deployment
2:StatefulSet
3:DaemonSet
4:Job
5:CronJob
Pod与控制器之间的关系
controllers:在集群上管理和运行容器的对象通过label-selector相关联
Pod通过控制器实现应用的运维,如伸缩,升级等
Deployment控制类型
部署无状态应用
管理Pod和ReplicaSet
具有上线部署、副本设定、滚动升级、回滚等功能
提供声明式更新,例如只更新一个新的Image
应用场景:web服务
演示实例
[root@localhost demo]# vim nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.15.4
ports:
- containerPort: 80
创建资源
[root@localhost demo]# kubectl create -f nginx-deployment.yaml
deployment.apps/nginx-deployment created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-d55b94fd-hvglq 1/1 Running 0 3s
nginx-deployment-d55b94fd-nnv9j 1/1 Running 0 3s
nginx-deployment-d55b94fd-zfwm7 1/1 Running 0 3s
Replicaset 是控制版本,副本数,回滚就是通过此来实现
查看三种资源,pod,副本集,控制器
[root@localhost demo]# kubectl get pods,rs,deploy
NAME READY STATUS RESTARTS AGE
pod/nginx-deployment-d55b94fd-hvglq 1/1 Running 0 93s
pod/nginx-deployment-d55b94fd-nnv9j 1/1 Running 0 93s
pod/nginx-deployment-d55b94fd-zfwm7 1/1 Running 0 93s
pod/pod-example 1/1 Running 0 29m
NAME DESIRED CURRENT READY AGE
replicaset.extensions/nginx-deployment-d55b94fd 3 3 3 93s
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/nginx-deployment 3 3 3 3 94s
查看控制器详细信息
[root@localhost demo]# kubectl edit deployment/nginx-deployment
SatefulSet控制类型
部署有状态应用
解决Pod独立生命周期,保持Pod启动顺序和唯一性
稳定,唯一的网络标识符,持久存储(例如:etcd配置文件,节点地址发生变化,将无法使用)
有序,优雅的部署和扩展、删除和终止(例如:mysql主从关系,先启动主,再启动从)
有序,滚动更新
应用场景:数据库
无状态:
- deployment 认为所有的pod都是一样的
- 不用考虑顺序的要求
- 不用考虑在哪个node节点上运行
- 可以随意扩容和缩容
有状态
- 实例之间有差别,每个实例都有自己的独特性,元数据不同,例如etcd,zookeeper
- 实例之间不对等的关系,以及依靠外部存储的应用。
常规service和无头服务区别
service:一组Pod访问策略,提供cluster-IP群集之间通讯,还提供负载均衡和服务发现。
Headless service 无头服务,不需要cluster-IP,直接绑定具体的Pod的IP
演示操作service
根据已经创建的pod资源,将服务发布出去
[root@localhost demo]# vim nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
app: nginx
[root@localhost demo]# kubectl create -f nginx-service.yaml
service/nginx-service created
[root@localhost demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 443/TCP 17d
nginx-service NodePort 10.0.0.17 80:33778/TCP 6s
80端口作为内部通讯,对外访问端口为33778
访问IP地址
[root@localhost demo]# curl 10.0.0.17
curl: (7) Failed connect to 10.0.0.17:80; 拒绝连接
需要重启节点中的flanneld和docker服务
[root@localhost ~]# systemctl restart flanneld.service
[root@localhost ~]# systemctl restart docker
在两台node节点访问IP
[root@localhost ~]# curl 10.0.0.17
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
演示操作Headless service
创建yaml文件
[root@localhost demo]# vim headless.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None #无clusterIP
selector:
app: nginx
部署该服务
[root@localhost demo]# kubectl apply -f headless.yaml
service/nginx created
[root@localhost demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 443/TCP 17d
nginx ClusterIP None 80/TCP 5s
nginx-service NodePort 10.0.0.17 80:33778/TCP 10m 使用dns绑定IP地址访问
创建文件
[root@localhost demo]# vim coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
加载该文件服务
[root@localhost demo]# kubectl create -f coredns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.extensions/coredns created
service/kube-dns created
查看服务状态
[root@localhost demo]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-56684f94d6-9kqv6 1/1 Running 0 39s
创建pod资源的yaml文件
[root@localhost demo]# vim pod3.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
查看运行的状态
[root@localhost demo]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-56684f94d6-9kqv6 1/1 Running 0 47m
kubernetes-dashboard-65f974f565-hqdbg 1/1 Running 3 9d
创建pod资源
[root@localhost demo]# kubectl create -f pod3.yaml
pod/dns-test created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 0 12s
验证dns解析
解析kubernetes和nginx-service名称
进入测试容器
[root@localhost demo]# kubectl exec -it dns-test sh
解析kubernetes验证
/ # nslookup kubernetes
Server: 10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
解析nginx-service验证
/ # nslookup nginx-service
Server: 10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local
Name: nginx-service
Address 1: 10.0.0.17 nginx-service.default.svc.cluster.local
创建一个完整的yaml文件,创建资源,验证解析
[root@localhost demo]# vim sts.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: nginx-statefulset
namespace: default
spec:
serviceName: nginx
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
清空原有的资源
[root@localhost demo]# kubectl delete -f .
[root@localhost demo]# kubectl get pods
No resources found.
[root@localhost demo]# kubectl create -f sts.yaml
service/nginx created
statefulset.apps/nginx-statefulset created
查看pod资源
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-statefulset-0 1/1 Running 0 90s
nginx-statefulset-1 1/1 Running 0 70s
nginx-statefulset-2 1/1 Running 0 20s
[root@localhost demo]#
查看service资源
[root@localhost demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 443/TCP 17d
nginx ClusterIP None 80/TCP 115s
创建dns资源(内容写在pod3.yaml中)
[root@localhost demo]# kubectl create -f pod3.yaml
pod/dns-test created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 0 26s
创建coredns资源
[root@localhost demo]# kubectl create -f coredns.yaml
进入dns-test容器验证解析
查看podIP是否对应
[root@localhost demo]# kubectl get ep
NAME ENDPOINTS AGE
kubernetes 192.168.179.150:6443,192.168.179.153:6443 17d
nginx 172.17.40.2:80,172.17.40.3:80,172.17.77.2:80 15m
总结
StatefulSet与Deployment区别:有身份的!
身份三要素:
域名 nginx-statefulset-0.nginx
主机名 nginx-statefulset-0
存储(PVC)
DaemonSet控制类型
在每一个Node上运行一个Pod
新加入的Node也同样会自动运行一个Pod
应用场景:Agent(代理)
演示实例
编辑资源文件
[root@localhost demo]# vim ds.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.15.4
ports:
- containerPort: 80
清空原有资源
[root@localhost demo]# kubectl delete -f .
[root@localhost demo]# kubectl get pods
No resources found.
创建新资源
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-hhrrl 1/1 Running 0 5s
nginx-deployment-mb8v5 1/1 Running 0 5s
两个node节点都会创建该资源
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-deployment-hhrrl 1/1 Running 0 46s 172.17.77.2 192.168.179.151
nginx-deployment-mb8v5 1/1 Running 0 46s 172.17.40.2 192.168.179.152 总结:就算没有指定创建的(replicas)副本集数量,但是使用 DaemonSet控制器还是会根据node节点的数量创建pod资源
Job控制器类型
Job分为普通任务(Job)和定时任务(CronJob)
一次性执行
应用场景:离线数据处理,视频解码等业务
演示实例
[root@localhost demo]# vim job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4 #重试的上限次数(重试计算的命令,如果4次没有计算出结果则停止操作)
建议先在node节点下载该镜像(perl)
docker pull perl
创建资源
[root@localhost demo]# kubectl apply -f job.yaml
查看状态
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pi-vgm5z 1/1 Running 0 20s
计算完成后的状态
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pi-vgm5z 0/1 Completed 0 28s查看计算结果
清除job资源
[root@localhost demo]# kubectl delete -f job.yaml
job.batch "pi" deleted
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-hhrrl 1/1 Running 0 13m
nginx-deployment-mb8v5 1/1 Running 0 13m
[root@localhost demo]#
CronJob控制器类型
周期性任务,类似Linux的Crontab一样。
周期性任务
应用场景:通知,备份
演示实例
[root@localhost demo]# vim cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure
创建资源
[root@localhost demo]# kubectl create -f cronjob.yaml
cronjob.batch/hello created
查看状态
[root@localhost demo]# kubectl get cronjob
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
hello */1 * * * * False 0 20s
输出一次内容后的状态
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
hello-1589643000-z9xgp 0/1 Completed 0 18s
每隔一分钟输出一次
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
hello-1589643000-z9xgp 0/1 Completed 0 67s
hello-1589643060-rd6cp 0/1 ContainerCreating 0 6s
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
hello-1589643000-z9xgp 0/1 Completed 0 80s
hello-1589643060-rd6cp 0/1 Completed 0 19s