k8s集群中apiserver是无状态的,可以有多台同时工作
Controller-Manager、scheduler是有状态的,会选举出一个master节点工作
#查看主节点
kubectl get leases -n kube-system
CoreDNS:Service路由解析
#显示和操作IP路由表
route -n
kubectl run mynginx --image=nginx
kubectl exec -it mynginx -- sh
#nameserver指向dns的IP
cat /etc/resolv.conf
exit
kubectl get svc -A | grep dns
kubectl delete pod mynginx
每个Pod包含一个Pause容器
Pause容器是Pod的父容器,负责僵尸进程的回收管理,通过Pause容器使同一个Pod里的容器共享存储、网络、PID、IPC等
#查看k8s.io命名空间内的静态容器
ctr -n k8s.io container ls
ctr -n k8s.io task ls
https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/
Pod官方文档
#输出Pod的yaml文件,不会自动创建Pod
kubectl run nginx --image=nginx:1.15.12 -oyaml --dry-run=client > pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx:1.15.12
name: nginx
kubectl apply -f pod.yaml
kubectl api-resources | grep pod
kubectl api-resources | grep deployment
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx:1.15.12
name: nginx
command: ["sleep", "10"] #entrypoint
#查看帮忙文档
kubectl explain Pod.spec.containers
#command覆盖镜像中entrypoint
#args覆盖镜像中CMD中的参数
Pod镜像拉取策略
imagePullPolicy: IfNotPresent # 可选,镜像拉取策略,IfNotPresent、Never、IfNotPresent
Pod重启策略
#默认Always
#OnFailure:容器执行entrypoint命令后,以不为0的状态码终止,则自动重启该容器
restartPolicy: Always #Always、OnFailure、Never
startupProbe:判断容器内的应用程序是否已经启动
livenessProbe:探测容器是否在运行;如果不满足健康条件,根据Pod中设置的restartPolicy(重启策略)来判断,Pod是否要进行重启操作
readinessProbe:探测容器内的程序是否健康,即判断容器是否为就绪(Ready)状态;不可用将从Service的Endpoints中移除
kubectl get svc -n kube-system
kubectl describe svc metrics-server -n kube-system
kubectl get pods -n kube-system -owide | grep metrics
kubectl get endpoints metrics-server -n kube-system
程序如果启动比较慢,需要使用startupProbe探针
只有等startupProbe检测通过了之后,才会开始检测livenessProbe、readinessProbe
应用启动时间大于30秒,就需要配置startupProbe,这样livenessProbe、readinessProbe的间隔检查时间就可以配置小一些了
vi nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.15.12
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- sleep 30; nginx -g "daemon off;"
startupProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为2次表示就绪
failureThreshold: 5 # 检测失败1次表示未就绪
readinessProbe:
httpGet:
path: /index.html
port: 80
scheme: HTTP
initialDelaySeconds: 10 # 初始化时间, 健康检查延迟执行时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为2次表示就绪
failureThreshold: 2 # 检测失败1次表示未就绪
livenessProbe: # 可选,健康检查
exec: # 端口检测方式
command:
- sh
- -c
- pgrep nginx
initialDelaySeconds: 10 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功为 2 次表示就绪
failureThreshold: 2 # 检测失败 1 次表示未就绪
ports:
- containerPort: 80
restartPolicy: Never
kubectl apply -f nginx-pod.xml
kubectl delete -f nginx-pod.xml
vi pod-preStop.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.15.12
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- sh
- -c
- sleep 10
ports:
- containerPort: 80
restartPolicy: Never
kubectl apply -f pod-preStop.yaml
kubectl delete -f pod-preStop.yaml
Replication Controller可确保Pod副本数达到期望值,即确保一个Pod或一组同类Pod总是可用
ReplicaSet是支持基于集合的标签选择器的下一代Replication Controller
它主要用作Deployment协调创建、删除和更新Pod,和Replication Controller唯一的区别是,ReplicaSet支持标签选择器
#生成deployment模板
kubectl create deploy nginx --image=nginx:1.15.12-alpine --replicas=3 -oyaml --dry-run=client > nginx-deploy.yaml
kubectl apply -f nginx-deploy.yaml
kubectl get deploy
kubectl get rs
kubectl get pod
kubectl delete pod nginx-b7599c689-qchww
kubectl get pod
查看整个Deployment创建的状态
kubectl rollout status deployment/nginx
kubectl get deploy
kubectl get rs -l app=nginx
kubectl get pods --show-label
更新Deployment
kubectl set image deployment nginx nginx=nginx:1.13 --record
kubectl rollout status deployment/nginx
kubectl describe deploy nginx
回滚Deployment
#查看历史版本
kubectl rollout history deployment nginx
#查看某一个版本的信息
kubectl rollout history deployment nginx --revision=3
#回滚到上一个版本
kubectl rollout undo deployment nginx
#回滚到指定版本
kubectl rollout undo deployment nginx --to-revision=3
扩容
kubectl scala deployment nginx --replicas=5
暂停和恢复Deployment更新
kubectl rollout pause deployment nginx
#更新配置信息,但不重启pod
kubectl set image deployment nginx nginx=1.15.12-alpine --record
kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
#恢复pod,自动更新
kubectl rollout resume deployment nginx
kubectl get rs
Deployment更新策略
.spec.strategy.type==RollingUpdate,默认滚动更新
.spec.strategy.rollingUpdate.maxUnavailable,指定在回滚更新时最大不可用的Pod数量,默认为25%
.spec.strategy.rollingUpdate.maxSurge可以超过期望值的最大Pod数,默认为25%(一次启动多个副本,最大限制数量)
#StatefulSet服务域名格式:StatefulSetName-0.ServiceName.Namepace.svc.cluster.local
web-0.nginx.default.svc.cluster.local
StatefulSet需要创建一个Service对外提供服务
vi statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
selector:
matchLabels:
app: nginx # has to match .spec.template.metadata.labels
serviceName: "nginx"
replicas: 3 # by default is 1
minReadySeconds: 10 # by default is 0
template:
metadata:
labels:
app: nginx # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: nginx:1.15.12-alpine
ports:
- containerPort: 80
name: web
创建
kubectl apply -f statefulset.yaml
kubectl rollout status sts web
kubectl get pods
kubectl get sts
Pod创建时按顺序一个一个单独创建,缩容时按倒序一个一个接着关闭
kubectl exec -it web-2 --sh
curl web-0.nginx.default.svc.cluster.local
nslookup web-0.nginx.default.svc.cluster.local
扩容
kubectl scale sts web --replicas=5
kubectl get pods
RollingUpdate默认滚动更新
分段更新partition
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
partition默认值为0,表示更新后缀大于等于0的Pod;如果配置为3,则表示只更新后缀大于等于3的Pod,而小于3的Pod不会更新;可以用于灰度测试
删除sts
kubectl delete sts web
kubectl get sts
kubectl get pod
#删除default命名空间中的所有pod
kubectl delete pod --all
每个节点上可以有一个守护进程集
kubectl get ds -n kube-system
#DaemonSet的yaml与Deployment类似,只是少了副本这一个参数
#删除replicas: 3,修改kind: DaemonSet
cp nginx-deploy.yaml nginx-ds.yaml
kubectl apply -f nginx-ds.yaml
kubectl get ds
kubectl get pods
查看node节点上的label
kubectl get node --show-labels
#node节点上增加label
kubectl label node k8s-node2 k8s-node3 disktype=ssd
kubectl get node --show-labels
指定节点部署Pod:.spec.template.spec.nodeSelector
#节点选择器
nodeSelector:
disktype: ssd
kubectl apply -f nginx-ds.yaml
kubectl get pods -owide
kubectl get ds -oyaml
kubectl get ds
kubectl rollout status ds/nginx
kubectl rollout history daemonset nginx
kubectl rollout undo daemonset nginx
kubectl get controllerrevision
kubectl delete -f nginx-ds.yaml
kubectl get apiservices | grep autoscaling
kbuectl create deployment hpa-nginx --image=nginx:1.15.12-alpine --dry-run=client -oyaml > hpa-nginx.yaml
1颗CPU是1000m
创建一个deploy,限制CPU资源为10m
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: hpa-nginx
name: hpa-nginx
spec:
replicas: 1
selector:
matchLabels:
app: hpa-nginx
template:
metadata:
labels:
app: hpa-nginx
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
resources:
requests:
cpu: 10m
创建
kubectl apply -f hpa-nginx.yaml
kubectl get deploy
#创建Service
kubectl expose deploy hpa-nginx --port=80
kubectl get svc
curl http://10.96.226.0
kubectl top pods
创建hpa
#CPU使用率超过10%时开始扩容
kubectl autoscale deploy hpa-nginx --cpu-percent=10 --min=1 --max=10
kubectl get hpa
kubectl get hpa -oyaml
压测
kubectl get svc
#增大访问压力
while true; do wget -q -O - http://10.96.226.0 > /dev/null; done
kubectl top pods
kubectl logs -f hpa-nginx-54c8954b44-j5spv
kubectl top pods
kubectl get hpa
kubectl delete -f hpa-nginx.yaml
Label可以对k8s的一些对象进行分组,用于区分同样的资源不同的分组
Selector可以根据资源的标签查询出精确的对象信息
一般不修改Pod的标签,常修改Node的标签
kubectl get pods --show-labels
kubectl get pods -l app=nginx
kubectl get nodes --show-labels
kubectl get nodes -l disktype=ssd
kubectl get svc -n kube-system --show-labels
给节点打标签
kubectl label node k8s-node2 region=sz
kubectl get node -l region=sz
#yaml使用nodeSelector选择部署在指定的节点上
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
region: sz
获取label中disktype为nginx或者ssd的数据
kubectl get nodes -l 'disktype in (nginx, ssd)' --show-labels
#匹配多个条件
kubectl get nodes -l 'region!=sz, disktype in (nginx, ssd)' --show-labels
#匹配是否存在标签
kubectl get nodes -l region
修改标签
kubectl label node k8s-node2 region=sh --overwrite
#批量修改标签
kubectl label node -l region region=wh --overwrite
删除标签
kubectl label node k8s-node2 region-