一个pod包含一个或多个容器(通常是docker),多个容器间共享IPC、Network和UTC namespace
详细的介绍可以参考官方文档:https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
最简单的运行一个pod
在master节点发起命令
[kubeadm@server5 ~]$ kubectl run nginx --image=nginx #运行nginx容器
pod/nginx created
[kubeadm@server5 ~]$ kubectl get pod -o wide #查看运行的pod信息,
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 11s 10.244.2.2 server7 <none> <none>
通过查看到的nginx这个pod的ip地址,可以在集群内主机上访问到,集群外的主机是无法访问的
[root@server6 ~]# curl 10.244.2.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
---
[kubeadm@server5 ~]$ kubectl delete pod nginx
pod "nginx" deleted
[kubeadm@server5 ~]$ kubectl get pod -o wide
No resources found in default namespace.
创建一个Deploment来开启镜像,这样做就会保证镜像一直存在运行,就算手动删除pod也会自动去再创建一个信息pod运行
[kubeadm@server5 ~]$ kubectl create deployment myapp --image=nginx
#创建的pod在server7主机上
[kubeadm@server5 ~]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-687598b8b4-swzcb 1/1 Running 0 3s 10.244.2.5 server7 <none> <none>
#删除pod
[kubeadm@server5 ~]$ kubectl delete pod myapp-687598b8b4-swzcb
pod "myapp-687598b8b4-swzcb" deleted
#又在server6上建立了一个pod继续运行
[kubeadm@server5 ~]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-687598b8b4-b2xmh 1/1 Running 0 24s 10.244.1.6 server6 <none> <none>
需要删除的话就直接去删除建立的deploment
[kubeadm@server5 ~]$ kubectl delete deployment myapp
deployment.apps "myapp" deleted
还可以对pod进行拉伸扩容
#建立deploment建立一个pod
[kubeadm@server5 ~]$ kubectl create deployment myapp --image=nginx
deployment.apps/myapp created
#通过扩容为5个pod
[kubeadm@server5 ~]$ kubectl scale deployment myapp --replicas=5
deployment.apps/myapp scaled
[kubeadm@server5 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-687598b8b4-9vq6w 1/1 Running 0 67s
myapp-687598b8b4-ldrnt 1/1 Running 0 8s
myapp-687598b8b4-mxcgg 1/1 Running 0 8s
myapp-687598b8b4-p9cdj 1/1 Running 0 8s
myapp-687598b8b4-wb69x 1/1 Running 0 8s
如果不想要这么多,可以在改为一个
#给为只保留一个pod
[kubeadm@server5 ~]$ kubectl scale deployment myapp --replicas=1
deployment.apps/myapp scaled
#其他的pod都会被回收,现在只剩一个pod运行
[kubeadm@server5 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-687598b8b4-ldrnt 1/1 Running 0 2m50s
service是一个抽象概念,定义了一个服务的多个pod逻辑合集和访问pod的策略,可以将容器的ip给外部去访问使用
使用deployment建立两个pod运行
[kubeadm@server5 ~]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-687598b8b4-tzwbc 1/1 Running 0 115s 10.244.1.10 server6 <none> <none>
myapp-687598b8b4-v8rjw 1/1 Running 0 20s 10.244.2.11 server7 <none> <none>
[kubeadm@server5 ~]$
建立service进行端口映射,将本机的80端口对应到容器集群的80
[kubeadm@server5 ~]$ kubectl expose deployment myapp --port=80 --target-port=80
service/myapp exposed
[kubeadm@server5 ~]$ kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp ClusterIP 10.96.223.49 <none> 80/TCP 107s app=myapp
[kubeadm@server5 ~]$ kubectl describe svc myapp
Name: myapp
Namespace: default
Labels: app=myapp
Annotations: <none>
Selector: app=myapp
Type: ClusterIP
IP: 10.96.223.49 #可以进行访问的vip,自动进行负载均衡
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.11:80,10.244.2.12:80 #服务里pod的ip
Session Affinity: None
Events: <none>
就算给deploment进行扩容,扩容的pod也会自动添加到service里
然后使用busyboxplus镜像去运行一个容器,因为这个镜像带有curl命令,多次访问都是可以的
[kubeadm@server5 ~]$ kubectl run demo --image=busyboxplus -it --restart=Never
/ # curl 10.96.223.49
<title>Welcome to nginx!</title>
但是目前为之都是只能在集群内部访问,如何让外部访问到呢?
使用NodePort类型暴露端口,让外部客户端访问Pod
[kubeadm@server5 ~]$ kubectl edit svc myapp
49 type: NodePort #修改类型为NodePort
或者在创建service时直接指定类型
[kubeadm@server5 ~]$ kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort
更改之后可以查看到svc的端口里多了一个30371,在其他的子节点都会自动去创建这个端口
[kubeadm@server5 ~]$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myapp NodePort 10.96.223.49 <none> 80:30371/TCP 45m
[root@server6 ~]# netstat -ntlp | grep 30371
tcp 0 0 0.0.0.0:30371 0.0.0.0:* LISTEN 8030/kube-proxy
[root@server7 ~]# netstat -ntlp | grep 30371
tcp 0 0 0.0.0.0:30371 0.0.0.0:* LISTEN 8105/kube-proxy
然后就可以去访问了,这里会出现一个问题就是,因为pod是开在两台主机上的,访问时结果有的很快,有时半天出不来。是因为集群网络的原因,快是访问在本地pod上,慢是访问到了其他主机的pod上
[kiosk@foundation80 Desktop]$ curl 172.25.254.7:30371
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
版本更新
就是使用新的版本镜像替代目前的镜像版本,这里我使用一个nginx:1.16.0去代替之前的nginx
[kubeadm@server5 ~]$ kubectl set image deployment myapp nginx=nginx:1.16.0 --record
deployment.apps/myapp image updated
[kubeadm@server5 ~]$ kubectl get deployments.apps myapp -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp 2/2 2 2 62m nginx nginx:1.16.0 app=myapp
更新后查看在最下面的rs会出现一个新的,并且pod都是运行在新的上面,旧的也不会删除,保留下来防止需要版本回退
[kubeadm@server5 ~]$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/demo 0/1 Completed 0 41m
pod/myapp-84dd785c64-cgh6t 1/1 Running 0 2m28s
pod/myapp-84dd785c64-qjjsr 1/1 Running 0 2m26s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7d3h
service/myapp NodePort 10.96.223.49 <none> 80:30371/TCP 58m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/myapp 2/2 2 2 59m
NAME DESIRED CURRENT READY AGE
replicaset.apps/myapp-687598b8b4 0 0 0 59m
replicaset.apps/myapp-84dd785c64 2 2 2 2m28s
版本回退
可以先查看版本历史选择需要回退的版本
[kubeadm@server5 ~]$ kubectl rollout history deployment myapp
deployment.apps/myapp
REVISION CHANGE-CAUSE
1 <none>
2 kubectl set image deployment myapp nginx=nginx:1.16.0 --record=true
选择回到版本1
[kubeadm@server5 ~]$ kubectl rollout undo deployment myapp --to-revision=1
deployment.apps/myapp rolled back
[kubeadm@server5 ~]$ kubectl get deployments.apps myapp -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp 2/2 2 2 64m nginx nginx app=myapp