kubernetes_Kubernetes手册

kubernetes

Kubernetes is an open-source container orchestration platform that automates the deployment, management, scaling, and networking of containers.

Kubernetes是一个开源容器编排平台，可自动执行容器的部署，管理，扩展和联网。

It was developed by Google using the Go Programming Language, and this amazing technology has been open-source since 2014.

它是由Google使用Go编程语言开发的 ，这项令人惊叹的技术自2014年以来一直是开源的。

According to the Stack Overflow Developer Survey - 2020, Kubernetes is the #3 most loved platform and #3 most wanted platform.

根据2020年Stack Overflow开发人员调查 ，Kubernetes是最受欢迎的平台 排名第3和最受欢迎的平台 排名第3 。

Apart from being very powerful, Kubernetes is known as quite hard to get started with. I won't say it's easy, but if you are equipped with the prerequisites and go through this guide attentively and with patience, you should be able to:

除了功能强大之外，Kubernetes还很难入门。 我不会说这很容易，但是如果您具备先决条件并且耐心地认真阅读本指南，那么您应该能够：

• Get a solid understanding of the fundamentals.
  对基础知识有深入的了解。
• Create and manage Kubernetes clusters.
  创建和管理Kubernetes集群
• Deploy (almost) any application to a Kubernetes cluster.
  将几乎所有应用程序部署到Kubernetes集群。

先决条件 (Prerequisites)

• Familiarity with JavaScript
  熟悉JavaScript
• Familiarity with the Linux Terminal
  熟悉Linux终端

• Familiarity with Docker (suggested read: The Docker Handbook)

  熟悉Docker(建议阅读： Docker手册 )

项目编号 (Project Code)

Code for the example projects can be found in the following repository:

示例项目的代码可以在以下存储库中找到：

You can find the complete code in the k8s branch.

您可以在k8s分支中找到完整的代码。

目录 (Table of Contents)

• Introduction to Container Orchestration and Kubernetes

  容器编排和Kubernetes简介

• Installing Kubernetes

  安装Kubernetes

• • Kubernetes Architecture

    Kubernetes体系结构

  • Control Plane Components

    控制平面组件

  • Node Components

    节点组件

  • Kubernetes Objects

    Kubernetes对象

  • Pods

    豆荚

  • Services

    服务

  • The Full Picture

    全貌

  • Getting Rid of Kubernetes Resources

    摆脱Kubernetes资源

  Hello World in Kubernetes

  Kubernetes中的Hello World

• • Writing Your First Set of Configurations

    编写第一套配置

  • The Kubernetes Dashboard

    Kubernetes仪表板

  Declarative Deployment Approach

  声明式部署方法

• • Deployment Plan

    部署计划

  • Replication Controllers, Replica Sets, and Deployments

    复制控制器，副本集和部署

  • Creating Your First Deployment

    创建您的第一个部署

  • Inspecting Kubernetes Resources

    检查Kubernetes资源

  • Getting Container Logs from Pods

    从Pod获取容器日志

  • Environment Variables

    环境变量

  • Creating The Database Deployment

    创建数据库部署

  • Persistent Volumes and Persistent Volume Claims

    永久卷和永久卷声明

  • Dynamic Provisioning of Persistent Volumes

    永久卷的动态配置

  • Connecting Volumes with Pods

    用Pod连接音量

  • Wiring Everything Up

    接线一切

  Working with Multi-Container Applications

  使用多容器应用程序

• • Setting-up NGINX Ingress Controller

    设置NGINX入口控制器

  • Secrets and Config Maps in Kubernetes

    Kubernetes中的秘密和配置映射

  • Performing Update Rollouts in Kubernetes

    在Kubernetes中执行更新部署

  • Combining Configurations

    组合配置

  Working with Ingress Controllers

  使用入口控制器

• Troubleshooting

  故障排除

• Conclusion

  结论

容器编排和Kubernetes简介 (Introduction to Container Orchestration and Kubernetes)

According to Red Hat —

根据红帽 —

"Container orchestration is the process of automating the deployment, management, scaling, and networking tasks of containers.

“容器编排是使容器的部署，管理，扩展和联网任务自动化的过程。

"Container orchestration is the process of automating the deployment, management, scaling, and networking tasks of containers.

“容器编排是使容器的部署，管理，扩展和联网任务自动化的过程。

Let me show you an example. Assume that you have developed an amazing application that suggests to people what they should eat depending on the time of day.

让我给你看一个例子。 假设您开发了一个了不起的应用程序，该程序可以根据人们的时间向人们建议他们应该吃什么。

Now assume that you've containerized the application using Docker and deployed it on AWS.

现在假设您已经使用Docker容器化了应用程序并将其部署在AWS上。

If the application goes down for any reason, the users lose access to your service immediately.

如果应用程序由于任何原因关闭，用户将立即失去对您服务的访问权限。

To solve this issue, you can make multiple copies or replicas of the same application and make it highly available.

要解决此问题，可以为同一应用程序制作多个副本或副本，并使其具有较高的可用性。

Even if one of the instances goes down, the other two will be available to the users.

即使其中一个实例发生故障，其他两个实例仍可供用户使用。

Now assume that your application has become wildly popular among the night owls and your servers are being flooded with requests at night, while you're sleeping.

现在假设您的应用程序在夜猫子中变得非常流行，并且您的服务器在晚上睡觉时正被大量请求所淹没。

What if all the instances go down due to overload? Who's going to do the scaling? Even if you scale up and make 50 replicas of your application, who's going to check on their health? How are going to set-up the networking so that requests hit the right endpoint? Load balancing is going to be a big concern as well, isn't it?

如果所有实例由于过载而关闭怎么办？ 谁来进行缩放？ 即使您扩大规模并制作了50个应用程序副本，谁来检查其运行状况？ 如何建立网络以使请求到达正确的端点？ 负载平衡也将是一个大问题，不是吗？

Kubernetes can make things much easier for these kinds of situations. It's a container orchestration platform that consists of several components and it works tirelessly to keep your servers in the state that you desire.

Kubernetes在这种情况下可以使事情变得容易得多。 这是一个由多个组件组成的容器编排平台，它可以不懈地工作，以使服务器保持在所需状态。

Assume that you want to have 50 replicas of your application running continuously. Even if there is a sudden rise in the user count, the server needs to be scaled up automatically.

假设您要连续运行50个应用程序副本。 即使用户数量突然增加，服务器也需要自动扩展。

You just tell your needs to Kubernetes and it will do the rest of the heavy lifting for you.

您只需将您的需求告诉Kubernetes，它将为您完成其余的繁重工作。

Kubernetes will not only implement the state, it'll also maintain it. It will make additional replicas if any of the old ones dies, manage the networking and storage, rollout or rollback updates, or even upscale the server if ever necessary.

Kubernetes不仅会实现状态，还将维护状态。 如果有旧的副本死亡，它将创建其他副本，管理网络和存储，推出或回滚更新，或者在必要时甚至升级服务器。

安装Kubernetes (Installing Kubernetes)

Running Kubernetes in your local machine is actually a lot different than running Kubernetes on the cloud. To get Kubernetes up and running, you need two programs.

实际上，在本地计算机上运行Kubernetes与在云上运行Kubernetes有很大不同。 为了启动和运行Kubernetes，您需要两个程序。

• minikube - it runs a single-node Kubernetes cluster inside a Virtual Machine (VM) on your local computer.

  minikube-它在本地计算机上的虚拟机(VM)内运行单节点Kubernetes集群。

• kubectl - The Kubernetes command-line tool, which allows you to run commands against Kubernetes clusters.

  kubectl -Kubernetes命令行工具，它使您可以对Kubernetes集群运行命令。

Apart from these two programs, you'll also need a hypervisor and a containerization platform. Docker is the obvious choice for the containerization platform. Recommended hypervisors are as follows:

除了这两个程序之外，您还需要管理程序和容器化平台。 Docker是容器化平台的明显选择。 推荐的管理程序如下：

• Hyper-V for Windows

  Windows的Hyper-V

• HyperKit for Mac

  适用于Mac的HyperKit

• Docker for Linux

  适用于Linux的Docker

Hyper-V comes built into Windows 10 (Pro, Enterprise, and Education) as an optional feature and can be turned on from the control panel.

Hyper-V作为可选功能内置于Windows 10(Pro，Enterprise和Education)中，可以从控制面板中打开。

HyperKit comes bundled with Docker Desktop for Mac as a core component.

HyperKit与Docker Desktop for Mac捆绑在一起作为核心组件。

And on Linux, you can bypass the entire hypervisor layer by using Docker directly. It's much faster than using any hypervisor and is the recommended way to run Kubernetes on Linux.

在Linux上，您可以直接使用Docker绕过整个管理程序层。 它比使用任何虚拟机管理程序要快得多，并且是在Linux上运行Kubernetes的推荐方法。

You may go ahead and install any of the above mentioned hypervisors. Or if you want to keep things simple, just get VirtualBox.

您可以继续安装上述任何虚拟机管理程序。 或者，如果您想保持简单，只需获取VirtualBox即可 。

For the rest of the article, I'll assume that you're using VirtualBox. Don't worry though, even if you're using something else, there shouldn't be that much of a difference.

对于本文的其余部分，我假设您正在使用VirtualBox。 不过请不要担心，即使您正在使用其他东西，也应该不会有太大的区别。

I'll be using minikube with the Docker driver on a Ubuntu machine throughout the entire article.

在整篇文章中，我将在Ubuntu计算机上使用minikube和Docker驱动程序。

Once you have installed the hypervisor and the containerization platform, it's time to install the minikube and kubectl programs.

一旦安装了虚拟机管理程序和容器化平台，就该安装minikube和kubectl程序了。

kubectl usually comes bundled with Docker Desktop on Mac and Windows. Installation instructions for Linux can be found here.

kubectl通常与Mac和Windows上的Docker Desktop捆绑在一起。 可以在这里找到Linux的安装说明。

minikube, on the other hand, has to be installed on all three of the systems. You can use Homebrew on Mac, and Chocolatey on Windows to install minikube. Installation instructions for Linux can be found here.

另一方面，必须在所有三个系统上安装minikube 。 您可以在Mac上使用Homebrew ，在Windows上使用Chocolatey来安装minikube 。 可以在这里找到Linux的安装说明。

Once you've installed them, you can test out both programs by executing the following commands:

安装它们后，可以通过执行以下命令来测试这两个程序：

minikube version

# minikube version: v1.12.1
# commit: 5664228288552de9f3a446ea4f51c6f29bbdd0e0

kubectl version

# Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-16T00:04:31Z", GoVersion:"go1.14.4", Compiler:"gc", Platform:"darwin/amd64"}
# Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

If you've downloaded the right versions for your operating system and have set up the paths properly, you should be ready to go.

如果您已经为您的操作系统下载了正确的版本并正确设置了路径，则应该准备就绪。

As I've already mentioned, minikube runs a single-node Kubernetes cluster inside a Virtual Machine (VM) on your local computer. I'll explain clusters and nodes in greater details in an upcoming section.

如前所述， minikube在本地计算机上的虚拟机(VM)内运行单节点Kubernetes集群。 我将在下一部分中更详细地解释集群和节点。

For now, understand that minikube creates a regular VM using your hypervisor of choice and treats that as a Kubernetes cluster.

现在，请了解minikube使用您选择的虚拟机管理程序创建常规VM，并将其视为Kubernetes集群。

If you face any problems in this section please have a look at the Troubleshooting section at the end of this article.

如果您在本节中遇到任何问题，请查看本文末尾的“ 故障排除”部分。

Before you start minikube, you have to set the correct hypervisor driver for it to use. To set VirtualBox as the default driver, execute the following command:

在启动minikube之前，必须设置正确的管理程序驱动程序以供使用。 要将VirtualBox设置为默认驱动程序，请执行以下命令：

minikube config set driver virtualbox

# ❗ These changes will take effect upon a minikube delete and then a minikube start

You can replace virtualbox with hyperv, hyperkit, or docker as per your preference. This command is necessary for the first time only.

您可以替换virtualbox与hyperv ， hyperkit ，或docker ，按您的喜好。 仅第一次需要此命令。

To start minikube, execute the following command:

要启动minikube ，执行以下命令：

minikube start

#  minikube v1.12.1 on Ubuntu 20.04
# ✨ Using the virtualbox driver based on existing profile
#  Starting control plane node minikube in cluster minikube
#  Updating the running virtualbox "minikube" VM ...
#  Preparing Kubernetes v1.18.3 on Docker 19.03.12 ...
#  Verifying Kubernetes components...
#  Enabled addons: default-storageclass, storage-provisioner
#  Done! kubectl is now configured to use "minikube"

You can stop minikube by executing the minikube stop command.

您可以通过执行minikube stop命令来停止minikube 。

Kubernetes中的Hello World (Hello World in Kubernetes)

Now that you have Kubernetes on your local system, it's time to get your hands dirty. In this example you'll be deploying a very simple application to your local cluster and getting familiar with the fundamentals.

现在您的本地系统上已经有Kubernetes了，是时候动手了。 在此示例中，您将向本地集群部署一个非常简单的应用程序，并熟悉基础知识。

There will be terminologies like pod, service, load balancer, and so on in this section. Don't stress if you don't understand them right away. I'll go into great details explaining each of them in The Full Picture sub-section.

本节中将有诸如pod ， service ， load balancer等术语。 如果您不立即理解它们，请不要强调。 我将在“全图”小节中详细介绍每个细节。

If you've started minikube in the previous section then you're ready to go. Otherwise you'll have to start it now. Once minikube has started, execute the following command in your terminal:

如果您已在上一节中启动了minikube ，那么您就可以开始了。 否则，您必须立即启动它。 minikube启动后，在终端中执行以下命令：

kubectl run hello-kube --image=fhsinchy/hello-kube --port=80

# pod/hello-kube created

You'll see the pod/hello-kube created message almost immediately. The run command runs the given container image inside a pod.

您几乎会立即看到pod/hello-kube created消息。 run命令在容器中运行给定的容器映像。

Pods are like a box that encapsulates a container. To make sure the pod has been created and is running, execute the following command:

豆荚就像一个包装容器的盒子。 要确保已创建容器并正在运行它，请执行以下命令：

kubectl get pod

# NAME         READY   STATUS    RESTARTS   AGE
# hello-kube   1/1     Running   0          3m3s

You should see Running in the STATUS column. If you see something like ContainerCreating, wait for a minute or two and check again.

您应该在“ STATUS列中看到“正在Running ”。 如果看到类似于ContainerCreating ，请等待一两分钟，然后再次检查。

Pods by default are inaccessible from outside the cluster. To make them accessible, you have to expose them using a service. So, once the pod is up and running, execute the following command to expose the pod:

默认情况下，从群集外部无法访问Pod。 为了使它们可访问，您必须使用服务来公开它们。 因此，一旦Pod启动并运行，执行以下命令以暴露Pod：

kubectl expose pod hello-kube --type=LoadBalancer --port=80

# service/hello-kube exposed

To make sure the load balancer service has been created successfully, execute the following command:

要确保已成功创建负载均衡器服务，请执行以下命令：

kubectl get service

# NAME         TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
# hello-kube   LoadBalancer   10.109.60.75        80:30848/TCP   119s
# kubernetes   ClusterIP      10.96.0.1              443/TCP        7h47m

Make sure you see the hello-kube service in the list. Now that you have a pod running that is exposed, you can go ahead and access that. Execute the following command to do so:

确保在列表中看到hello-kube服务。 现在，您已运行了一个暴露的Pod，可以继续进行访问。 执行以下命令：

minikube service hello-kube

# |-----------|------------|-------------|-----------------------------|
# | NAMESPACE |    NAME    | TARGET PORT |             URL             |
# |-----------|------------|-------------|-----------------------------|
# | default   | hello-kube |          80 | http://192.168.99.101:30848 |
# |-----------|------------|-------------|-----------------------------|
#  Opening service default/hello-kube in default browser...

Your default web browser should open automatically and you should see something like this:

您的默认网络浏览器应该会自动打开，并且您应该会看到类似以下内容：

This is a very simple JavaScript application that I've put together using vite and a little bit of CSS. To understand what you just did, you have to gain a good understanding of the Kubernetes architecture.

这是一个非常简单JavaScript应用程序，我已经使用vite和一些CSS将它们组合在一起。 要了解您刚刚做的事情，您必须对Kubernetes架构有一个很好的了解。

Kubernetes体系结构 (Kubernetes Architecture)

In the world of Kubernetes, a node can be either a physical or a virtual machine with a given role. A collection of such machines or servers using a shared network to communicate between each other is called a cluster.

在Kubernetes的世界中， 节点可以是具有给定角色的物理机或虚拟机。 使用共享网络相互通信的这类机器或服务器的集合称为群集 。

In your local setup, minikube is a single node Kubernetes cluster. So instead of having multiple servers like in the diagram above, minikube has only one that acts as both the main server and the node.

在本地设置中， minikube是单节点Kubernetes集群。 因此， minikube像上图中那样具有多个服务器， minikube只有一个既充当主服务器又充当节点的服务器。

Each server in a Kubernetes cluster gets a role. There are two possible roles:

Kubernetes集群中的每个服务器都有一个角色。 有两个可能的角色：

• control-plane — Makes most of the necessary decisions and acts as sort of the brains of the entire cluster. This can be a single server or a group of server in larger projects.

  控制平面 -做出大多数必要的决策，并充当整个集群的大脑。 在较大的项目中，它可以是单个服务器或一组服务器。

• node — Responsible for running workloads. These servers are usually micro managed by the control plane and carries out various tasks following supplied instructions.

  节点 -负责运行的工作负载。 这些服务器通常由控制平面进行微管理，并按照提供的说明执行各种任务。

Every server in you cluster will have a selected set of components. The number and type of those components can vary depending on the role a server has in your cluster. That means the nodes do not have all the components that the control plane has.

群集中的每个服务器将具有一组选定的组件。 这些组件的数量和类型可以根据服务器在群集中的角色而有所不同。 这意味着节点不具有控制平面所具有的所有组件。

In the upcoming subsections, you'll have a more detailed look into the individual components that make up a Kubernetes cluster.

在接下来的小节中，您将更详细地了解组成Kubernetes集群的各个组件。

控制平面组件 (Control Plane Components)

The control plane in a Kubernetes cluster consists of five components. These are as follows:

Kubernetes集群中的控制平面由五个组件组成。 这些如下：

1. kube-api-server: This acts as the entrance to the Kubernetes control plane, responsible for validating and processing requests delivered using client libraries like the kubectl program.

   kube-api-server：这是Kubernetes控制平面的入口，负责验证和处理使用客户端库(如kubectl程序)传递的请求。

2. etcd: This is a distributed key-value store which acts as the single source of truth about your cluster. It holds configuration data and information about the state of the cluster. etcd is an open-source project and is developed by the folks behind Red Hat. The source code of the project is hosted on the etcd-io/etcd GitHub repo.

   etcd：这是一个分布式键值存储，它充当有关集群的单一事实来源。 它保存配置数据和有关群集状态的信息。 etcd是一个开源项目，由Red Hat背后的人们开发。 该项目的源代码托管在etcd-io / etcd GitHub存储库中。

3. kube-controller-manager: The controllers in Kubernetes are responsible for controlling the state of the cluster. When you let Kubernetes know what you want in your cluster, the controllers make sure that your request is fulfilled. The kube-controller-manager is all the controller processes grouped into a single process.

   kube-controller-manager： Kubernetes中的控制器负责控制集群的状态。 当您让Kubernetes知道集群中想要什么时，控制器将确保满足您的请求。 kube-controller-manager是将所有控制器进程分组为一个进程。

4. kube-scheduler: Assigning task to a certain node considering its available resources and the requirements of the task is known as scheduling. The kube-scheduler component does the task of scheduling in Kubernetes making sure none of the servers in the cluster is overloaded.

   kube-scheduler：考虑到任务的可用资源和任务要求，将任务分配给某个节点称为调度。 kube-scheduler组件在Kubernetes中执行调度任务，以确保集群中的所有服务器都不过载。

5. cloud-controller-manager: In a real world cloud environment, this component lets you wire-up your cluster with your cloud provider's (GKE/EKS) API. This way, the components that interact with that cloud platform stays isolated from components that just interact with your cluster. In a local cluster like minikube, this component doesn't exist.

   cloud-controller-manager：在现实世界的云环境中，该组件使您可以使用云提供商的( GKE / EKS )API连接集群。 这样，与该云平台进行交互的组件与仅与您的集群进行交互的组件保持隔离。 在像minikube这样的本地集群中，该组件不存在。

节点组件 (Node Components)

Compared to the control plane, nodes have a very small number of components. These components are as follows:

与控制平面相比，节点的组件数量非常少。 这些组件如下：

1. kubelet: This service acts as the gateway between the control plain and each of the nodes in a cluster. Every instructions from the control plain towards the nodes, passes through this service. It also interacts with the etcd store to keep the state information updated.

   kubelet：此服务充当控制平原和集群中每个节点之间的网关。 从控件到节点的每条指令都通过此服务。 它还与etcd存储进行交互以保持状态信息的更新。

2. kube-proxy: This small service runs on each node server and maintains network rules on them. Any network request that reaches a service inside your cluster, passes through this service.

   kube-proxy：此小型服务在每个节点服务器上运行，并维护它们上的网络规则。 到达群集内部服务的任何网络请求都将通过此服务。

3. Container Runtime: Kubernetes is a container orchestration tool hence it runs applications in containers. This means that every node needs to have a container runtime like Docker or rkt or cri-o.

   容器运行时： Kubernetes是一个容器编排工具，因此它在容器中运行应用程序。 这意味着每个节点都需要有一个容器运行时，例如Docker或rkt或cri-o 。

Kubernetes对象 (Kubernetes Objects)

According to the Kubernetes documentation —

根据Kubernetes 文档 -

"Objects are persistent entities in the Kubernetes system. Kubernetes uses these entities to represent the state of your cluster.  Specifically, they can describe what containerized applications are running, the resources available to them, and the policies around their behaviour."

“对象是Kubernetes系统中的持久性实体。Kubernetes使用这些实体来表示集群的状态。具体地说，它们可以描述正在运行的容器化应用程序，对它们可用的资源以及有关其行为的策略。”

When you create a Kubernetes object, you're effectively telling the Kubernetes system that you want this object to exist no matter what and the Kubernetes system will constantly work to keep the object running.

创建Kubernetes对象时，实际上是在告诉Kubernetes系统无论该对象是否存在，Kubernetes系统都将不断工作以保持该对象的运行。

豆荚 (Pods)

According to the Kubernetes documentation —

根据Kubernetes 文档 -

"Pods are the smallest deployable units of computing that you can create and manage in Kubernetes".

“ Pod是您可以在Kubernetes中创建和管理的最小的可部署计算单元”。

A pod usually encapsulates one or more containers that are closely related sharing a life cycle and consumable resources.

吊舱通常封装一个或多个紧密相关的容器，共享一个生命周期和消耗性资源。

Although a pod can house more than one container, you shouldn't just put containers in a pod willy nilly. Containers in a pod must be so closely related, that they can be treated as a single application.

尽管一个Pod可以容纳多个容器，但是您不应该只是随意地将容器放在Pod中。 容器中的容器必须紧密相关，以至于可以将它们视为单个应用程序。

As an example, your back-end API may depend on the database but that doesn't mean you'll put both of them in the same pod. Throughout this entire article, you won't see any pod that has more than one container running.

例如，您的后端API可能取决于数据库，但这并不意味着您会将它们都放在同一个容器中。 在整篇文章中，您不会看到运行了多个容器的任何容器。

Usually, you should not manage a pod directly. Instead, you should work with higher level objects that can provide you much better manageability. You'll learn about these higher level objects in later sections.

通常，您不应该直接管理吊舱。 相反，您应该使用可以提供更好的可管理性的高级对象。 您将在后面的部分中了解这些更高级别的对象。

服务 (Services)

According to the Kubernetes documentation —

根据Kubernetes 文档 -

"A service in Kubernetes is an abstract way to expose an application running on a set of pods as a network service".

“ Kubernetes中的服务是一种将运行在一组Pod上的应用程序公开为网络服务的抽象方法”。

Kubernetes pods are ephemeral in nature. They get created and after some time when they get destroyed, they do not get recycled.

Kubernetes豆荚本质上是短暂的。 它们被创造出来，经过一段时间销毁后，它们不会被回收。

Instead new identical pods take the places of the old ones. Some higher level Kubernetes objects are even capable of creating and destroying pods dynamically.

相反，新的相同豆荚取代了旧的豆荚。 一些更高级别的Kubernetes对象甚至能够动态创建和销毁Pod。

A new IP address is assigned to each pod at the time of their creation. But in case of a high level object that can create, destroy, and group together a number of pods, the set of pods running in one moment in time could be different from the set of pods running that application a moment later.

在创建每个吊舱时，会为其分配一个新的IP地址。 但是，对于可以创建，销毁和组合多个Pod的高级对象而言，在同一时刻运行的Pod集合可能与在稍后运行该应用程序的Pod集合不同。

This leads to a problem: if some set of pods in your cluster depends on another set of pods within your cluster, how do they find out and keep track of each other's IP addresses?

这就导致了一个问题：如果集群中的某些Pod集依赖于集群中的另一组Pod，它们如何找出并跟踪彼此的IP地址？

The Kubernetes documentation says —

Kubernetes 文档说—

"a Service is an abstraction which defines a logical set of Pods and a policy by which to access them".

“服务是一种抽象，定义了Pod的逻辑集和访问Pod的策略”。

Which essentially means that a Service groups together a number of pods that perform the same function and presents them as a single entity.

从本质上讲，这意味着服务将执行相同功能的多个Pod组合在一起，并将它们显示为单个实体。

This way, the confusion of keeping track of multiple pods goes out of the window as that single Service now acts as a sort of communicator for all of them.

这样一来，跟踪多个Pod的困惑就消失了，因为单个Service现在充当了所有Pod的一种沟通器。

In the hello-kube example, you created a LoadBalancer type of service which allows requests from outside the cluster connect to pods running inside the cluster.

在hello-kube示例中，您创建了LoadBalancer类型的服务，该服务允许来自集群外部的请求连接到集群内部运行的Pod。

Any time you need to give access to one or more pods to another application or to something outside of the cluster, you should create a service.

任何时候需要授予对另一个应用程序或集群外部某个对象的一个​​或多个Pod的访问权限时，都应创建服务。

For instance, if you have a set of pods running web servers that should be accessible from the internet, a service will provide the necessary abstraction.

例如，如果您有一组运行Web服务器的Pod，应该可以从Internet进行访问，则服务将提供必要的抽象。

全貌 (The Full Picture)

Now that you have a proper understanding of the individual Kubernetes components, here is a visual representation of how they work together behind the scenes:

现在您已经对Kubernetes的各个组件有了适当的了解，以下是它们在后台如何协同工作的直观表示：

Before I get into explaining the individual details, have a look at what the Kubernetes documentation has to say —

在开始解释各个细节之前，请看一下Kubernetes 文档必须说的内容-

"To work with Kubernetes objects – whether to create, modify, or delete them – you'll need to use the Kubernetes API. When you use the kubectl command-line interface, the CLI makes the necessary Kubernetes API calls for you."

“要使用Kubernetes对象(无论是创建，修改还是删除对象)，您将需要使用Kubernetes API 。当使用kubectl命令行界面时，CLI会为您进行必要的Kubernetes API调用。”

The first command that you ran was the run command. It was as follows:

您运行的第一个命令是run命令。 内容如下：

kubectl run hello-kube --image=fhsinchy/hello-kube --port=80

The run command is responsible for creating a new pod that runs the given image. Once you've issued this command, following sets of events occur inside the Kubernetes cluster:

run命令负责创建一个运行给定映像的新容器。 发出此命令后，Kubernetes集群内将发生以下几组事件：

• The kube-api-server component receives the request, validates it and processes it.

  kube-api-server组件接收请求，对其进行验证并进行处理。

• The kube-api-server then communicates with the kubelet component on the node and provides the instructions necessary for creating the pod.

  然后， kube-api-server与节点上的kubelet组件进行通信，并提供创建pod所需的指令。

• The kubelet component then starts working on making the pod up and running and also keeps the state information updated in the etcd store.

  然后， kubelet组件开始致力于使Pod启动并运行，并且还将状态信息保持在etcd存储中。

Generic syntax for the run command is as follows:

run命令的通用语法如下：

kubectl run  --image= --port=

You can run any valid container image inside a pod. The fhsinchy/hello-kube Docker image contains a very simple JavaScript application that runs on port 80 inside the container. The --port=80 option allows the pod to expose port 80 from inside the container.

您可以在Pod内运行任何有效的容器映像。 fhsinchy / hello-kube Docker映像包含一个非常简单JavaScript应用程序，该应用程序在容器内部的端口80上运行。 --port=80选项允许吊舱从容器内部暴露端口80。

The newly created pod runs inside the minikube cluster and is inaccessible from the outside. To expose the pod and make it accessible, the second command that you issued was as follows:

新创建的Pod在minikube集群内部运行，无法从外部访问。 要公开容器并使其可用，您发出的第二个命令如下：

kubectl expose pod hello-kube --type=LoadBalancer --port=80

The expose command is responsible for creating a Kubernetes service of type LoadBalancer that allows users to access the application running inside the pod.

该expose命令负责创建类型为LoadBalancer的Kubernetes服务，该服务允许用户访问Pod中运行的应用程序。

Just like the run command, the expose command execution goes through same sort of steps inside the cluster. But instead of a pod, the kube-api-server provides instructions necessary for creating a service in this case to the kubelet component.

就像run命令一样， expose命令的执行需要在集群内部执行相同的步骤。 但是，而不是一个吊舱，该kube-api-server提供了一些必要在这种情况下，到创建一个服务的指导kubelet组件。

Generic syntax for the expose command is as follows:

对于通用语法expose命令如下：

kubectl expose   --type= --port=

The object type can be any valid Kubernetes object type. The name has to match up with the object name you're trying to expose.

对象类型可以是任何有效的Kubernetes对象类型。 该名称必须与您要公开的对象名称匹配。

--type indicates the type of service you want. There are four different types of services available for internal or external networking.

--type表示所需的服务类型。 内部或外部网络有四种不同类型的服务。

Lastly, the --port is the port number you want to expose from the running container.

最后，-- --port是您要从正在运行的容器中公开的端口号。

Once the service has been created, the last piece of the puzzle was to access the application running inside the pod. To do that, the command you executed was as follows:

创建服务后，最后一个难题是访问在pod内运行的应用程序。 为此，您执行的命令如下：

minikube service hello-kube

Unlike the previous ones, this last command doesn't go to the kube-api-server. Rather it communicates with the local cluster using the minikube program. The service command for minikube returns a full URL for a given service.

与前一个命令不同，此最后一个命令不会转到kube-api-server 。 而是使用minikube程序与本地群集通信。 minikube的service命令返回给定服务的完整URL。

When you created the hello-kube pod with the --port=80 option, you instructed Kubernetes to let the pod expose port 80 from inside the container but it wasn't accessible from outside the cluster.

使用--port=80选项创建hello-kube容器时，您指示Kubernetes允许容器从容器内部公开端口80，但无法从集群外部访问该端口。

Then when you created the LoadBalancer service with the --port=80 option, it mapped port 80 from that container to an arbitrary port in the local system making it accessible from outside the cluster.

然后，当使用--port=80选项创建LoadBalancer服务时，它将端口80从该容器映射到本地系统中的任意端口，从而可以从群集外部访问它。

On my system, the service command returns 192.168.99.101:30848 URL for the pod. The IP in this URL is actually the IP of the minikube virtual machine. You can verify this by executing the following command:

在我的系统上， service命令返回Pod的192.168.99.101:30848 URL。 该URL中的IP实际上是minikube虚拟机的IP。 您可以通过执行以下命令来验证这一点：

minikube ip

# 192.168.99.101

To verify that the 30848 port points to port 80 inside the pod, you can execute the following command:

要验证30848端口是否指向Pod内部的端口80，可以执行以下命令：

kubectl get service hello-kube

# NAME         TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
# hello-kube   LoadBalancer   10.109.60.75        80:30848/TCP   119s

On the PORT(S) column, you can see that port 80 indeed maps to port 30484 on the local system. So instead of running the service command you can just inspect the IP and port and then put it into your browser manually to access the hello-kube application.

在“ PORT(S)列上，您可以看到端口80确实映射到本地系统上的端口30484 。 因此，无需运行service命令，您只需检查IP和端口，然后将其手动放入浏览器即可访问hello-kube应用程序。

Now, the final state of the cluster can be visualized as follows:

现在，集群的最终状态可以如下所示：

If you're coming from Docker, then the significance of using a service in order to expose a pod may seem a bit too verbose to you at the moment.

如果您来自Docker，那么对于您来说，使用服务来公开Pod的重要性似乎有点太冗长。

But as you go into the examples that deal with more than one pod, you'll start to appreciate everything that Kubernetes has to offer.

但是，当您处理涉及多个Pod的示例时，您将开始欣赏Kubernetes必须提供的一切。

摆脱Kubernetes资源 (Getting Rid of Kubernetes Resources)

Now that you know how to create Kubernetes resources like pods and Services, you need to know how to get rid of them. The only way to get rid of a Kubernetes resource is to delete it.

既然您已经知道如何创建Pod和Services之类的Kubernetes资源，那么您需要知道如何摆脱它们。 摆脱Kubernetes资源的唯一方法是删除它。

You can do that by using the delete command for kubectl. Generic syntax of the command is as follows:

您可以通过对kubectl使用delete命令来做到这kubectl 。 该命令的通用语法如下：

kubectl delete  

To delete a pod named hello-kube the command will be as follows:

要删除名为hello-kube ，命令如下：

kubectl delete pod hello-kube

# pod "hello-kube" deleted

And to delete a service named hello-kube the command will be as follows:

并删除名为hello-kube的服务，命令如下：

kubectl delete service hello-kube

# service "hello-kube" deleted

Or if you're in a destructive mood, you can delete all objects of a kind in one go using the --all option for the delete command. Generic syntax for the option is as follows:

或者，如果您处于破坏性状态，则可以使用delete命令的--all选项一次性删除所有此类对象。 该选项的通用语法如下：

kubectl delete