Docker的流行激活了一直不温不火的PaaS,随着而来的是各类Micro-PaaS的出现,Kubernetes是其中最具代表性的一员,它是Google多年大规模容器管理技术的开源版本。本系列文章将逐一分析Kubernetes,本文通过一个例子进行入门,介绍Kubernetes的基本概念和功能。
Kubernets属于主从的分布式集群架构,包含Master和Node:
Master作为控制节点,调度管理整个系统,包含以下组件:
Node是运行节点,运行业务容器,包含以下组件:
Kubernets使用Etcd作为存储和通信中间件,实现Master和Node的一致性,这是目前比较常见的做法,典型的SOA架构,解耦Master和Node。
Guestbook示例将会展示如何运行一个应用到Kubernetes上,应用包含
- Web前端
- Redis集群(一个master,2个slave)
如果你熟悉Bosh/Bosh Lite的话,可以使用kubernetes-release.本文使用Kubernetes环境:
- master:192.168.3.146
- node1:192.168.3.147
- node2:192.168.3.148
- node3:192.168.3.149
需要准备配置文件redis-master-controller.yaml,用于描述pod如何运行服务容器:
apiVersion: v1
kind: ReplicationController
metadata:
name: redis-master
labels:
name: redis-master
spec:
replicas: 1
selector:
name: redis-master
template:
metadata:
labels:
name: redis-master
spec:
containers:
- name: master
image: redis
ports:
- containerPort: 6379
即使只有一个Redis Master Pod实例,这里也使用ReplicationController保证Pod持续运行,否则Node挂掉的话,Pod将停止运行。
创建Pod:
$ kubectl create -f redis-master-controller.yaml
查看ReplicationController:
$ kubectl get rc
CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS
redis-master master redis name=redis-master 1
查看Pod:
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE NODE
redis-master-u3fup 1/1 Running 0 2m node1
可以看到Pod运行在Node1节点,在Node1查看docker容器:
$ docker ps
CONTAINER ID IMAGE ...
feb393fbe42b redis:latestminute ago ...
d9e934ee55ae gcr.io/google_containers/pause:0.8.0 ...
总共有2个容器正在运行,其中一个Redis Master,另外一个是google_containers/pause,它是Netowrk Container, 每启动一个Pod都会附加启动这样一个容器,它的作用就只是简单的等待,设置Pod的网络。
如果docker rm -f feb393fbe42b,删掉Redis Master Container,过一会儿就会有新的容器启动,这说明Kubernetes会保证Pod的容器运行。
$ docker ps
CONTAINER ID IMAGE ...
fc3b458d333a redis:latestminute ago ...
d9e934ee55ae gcr.io/google_containers/pause:0.8.0 ...
如果把Node1关掉,Pod会迁移到其他Node上,这是ReplicationController保证Pod运行。
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE NODE
redis-master-x5kjp 0/1 Running 0 7s node3
上一步已经运行起了一个Redis Master Pod, 即使只有一个Pod,也是有必要使用Service。Kubernetes中Service中起到了负载均衡器的作用,通过Proxy和Selector决定服务请求传递给后端提供服务的Pod,对外提供固定的IP,这样的话Redis Master Pod迁移变化也不会影响。
需要redis-master-service.yaml来描述redis master service:
apiVersion: v1
kind: Service
metadata:
name: redis-master
labels:
name: redis-master
spec:
ports:
# the port that this service should serve on
- port: 6379
targetPort: 6379
selector:
name: redis-master #和redis-master的Label对应
创建Service:
$ kubectl create -f redis-master-service.yaml
查看Service:
$ kubectl get service
NAME LABELS SELECTOR IP(S) PORT(S)
redis-master name=redis-master name=redis-master 10.254.189.63 6379/TCP
Kubernetes会分配IP(10.254.189.63)给Redis Master Service,这个就是Redis Master Service对外暴露的IP,可以通过redis-cli访问:
$ redis-cli -h 10.254.189.63 info
Kubernetes同时提供2种了发现Service的方法:
- 环境变量
当Pod运行的时候,Kubernetes会将之前存在的Service的信息通过环境变量写到Pod里面,以Redis Master Service为例,它的信息会被写到新的Pod里面:
"REDIS_MASTER_PORT_6379_TCP=tcp://10.254.189.63:6379",
"REDIS_MASTER_PORT_6379_TCP_PROTO=tcp",
"REDIS_MASTER_PORT_6379_TCP_ADDR=10.254.189.63",
"REDIS_MASTER_SERVICE_PORT=6379",
"REDIS_MASTER_SERVICE_HOST=10.254.189.63",
"REDIS_MASTER_PORT=tcp://10.254.189.63:6379",
"REDIS_MASTER_PORT_6379_TCP_PORT=6379",
这种方法有个比较明显的缺陷,Pod必须在Service之后启动,之前启动的Pod将没有这些环境变量。那么下一种方法就没有这个限制。
- DNS
当有新的Service创建,就会自动生成一条DNS记录,比如在Kubernetes的Namespace “my-ns”中有个Service叫”my-service”,那么就有条DNS记录”my-service.my-ns”对应Service的IP。以Redis Master Service为例, 就有条DNS记录:
redis-master => 10.254.189.63
redis-slave-controller.yaml:
apiVersion: v1
kind: ReplicationController
metadata:
name: redis-slave
labels:
name: redis-slave
spec:
replicas: 2
selector:
name: redis-slave
template:
metadata:
labels:
name: redis-slave
spec:
containers:
- name: worker
image: kubernetes/redis-slave:v2
ports:
- containerPort: 6379
创建Pod:
$ kubectl create -f redis-slave-controller.yaml
$ kubectl get rc
CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS
redis-master master redis name=redis-master 1
redis-slave worker kubernetes/redis-slave:v2 name=redis-slave 2
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE NODE
redis-master-x5kjp 1/1 Running 0 1h node3
redis-slave-04o8g 1/1 Running 0 5m node1
redis-slave-llxpk 1/1 Running 0 5m node1
redis-slave-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: redis-slave
labels:
name: redis-slave
spec:
ports:
# the port that this service should serve on
- port: 6379
selector:
name: redis-slave
创建Service:
$ kubectl create -f redis-slave-service.yaml
$ kubectl get service
NAME LABELS SELECTOR IP(S) PORT(S)
redis-master name=redis-master name=redis-master 10.254.189.63 6379/TCP
redis-slave name=redis-slave name=redis-slave 10.254.70.184 6379/TCP
frontend-controller.yaml:
apiVersion: v1
kind: ReplicationController
metadata:
name: frontend
labels:
name: frontend
spec:
replicas: 3
selector:
name: frontend
template:
metadata:
labels:
name: frontend
spec:
containers:
- name: php-redis
image: kubernetes/example-guestbook-php-redis:v2
ports:
- containerPort: 80
创建Pod:
$ kubectl create -f frontend-controller.yaml
$ kubectl get rc
CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS
frontend php-redis kubernetes/example-guestbook-php-redis:v2 name=frontend 3
redis-master master redis name=redis-master 1
redis-slave worker kubernetes/redis-slave:v2 name=redis-slave 2
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-7ukb6 1/1 Running 0 45s
frontend-8ch4l 1/1 Running 0 45s
frontend-n8l7w 1/1 Running 0 45s
redis-master-x5kjp 1/1 Running 0 3h
redis-slave-04o8g 1/1 Running 0 2h
redis-slave-llxpk 1/1 Running 0 2h
frontend-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
ports:
# the port that this service should serve on
- port: 80
selector:
name: frontend
创建Service:
$ kubectl create -f frontend-service.yaml
$ kubectl get service
NAME LABELS SELECTOR IP(S) PORT(S)
frontend name=frontend name=frontend 10.254.58.118 80/TCP
redis-master name=redis-master name=redis-master 10.254.189.63 6379/TCP
redis-slave name=redis-slave name=redis-slave 10.254.70.184 6379/TCP
Web Frontend是需要对外暴露的,这样外部网络才能真正访问该应用,Kubernetes提供了2种方式暴露Service到外部网络:
- NodePort
Kubernetes将会在每个Node上设置一个Port,访问该Port会被转发到对应的Service。这支持开发者设置自己的LoadBalancer。
- LoadBalancer
Kubernetes会设置LoadBalancer给Service。
本文采用NodePort方式, 更改frontend-service.yaml:
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
type: NodePort
ports:
# the port that this service should serve on
- port: 80
nodePort: 30061
selector:
name: frontend
吴龙辉,现任网宿科技高级运营工程师,致力于云计算PaaS的研究和实践,活跃于CloudFoundry,Docker,Kubernetes等开源社区,贡献代码和撰写技术文档。
邮箱:[email protected]/[email protected]