K8S知识点及dashboard操作

1.什么是K8S?

K8S是一组服务器集群,可以在集群的各个节点上运行特定的容器。

K8S所管理的是:集群节点上的容器

特性:

自我修复,弹性伸缩(根据实时服务器的并打情况,增加或收缩容器数量),自动部署、回滚,服务发现和负载均衡,机密和配置共享管理

K8S集群分为两类节点:

        master node 主

        worker node 工作

master节点的组件:

        api server:接受客户端操作K8S指令

        scheduler:从多个worker node节点中选举一个启动服务

        controller manager:向worker node节点发送指令

worker节点组件

        kubelet:向docker发送指令,管理docker容器

        kubeproxy:管理docker容器的网络

etcd

        K8S的数据库

        用来注册几点、服务、纪录账户等

pod(容器组)

        最小部署单元

        一组容器集合

        pod是短暂的

controllers(控制器) 控制pod的启动、停止、删除

        ReplicaSet

        Deployment

        StatefulSet

        DamenSet

        Job

        Cronjob

Service:服务

        将一组pod关联起来,提供统一的入口,即使pod地址发生变化,这个统一入口也不会变化,保证用户访问不会出现问题。

lable:标签

        一组pod有统一的标签,service是通过标签与一组pod关联起来的

namespace:名称空间

        用来隔离pod的运行环境【默认情况下,pod之间是可以相互访问的】

        为不同公司提供隔离的pod运行环境

2、K8S集群部署

待补充...

K8Sdashboard常见操作

k8s--pod

K8S知识点及dashboard操作_第1张图片

日志

K8S知识点及dashboard操作_第2张图片

K8S知识点及dashboard操作_第3张图片

执行命令shell

K8S知识点及dashboard操作_第4张图片

Default values for utcook.
This is a YAML-formatted file.
Declare variables to be passed into your templates.
Global Docker image parameters
Please, note that this will override the image parameters, including dependencies, configured to use the global value
Current available global Docker image parameters: imageRegistry and imagePullSecrets
global:
imageRegistry: ""
imagePullSecrets: []

- myRegistryKeySecretName
statefulset:
enabled: false

String to partially override fullname template (will maintain the release name)
nameOverride: ""

String to fully override fullname template
fullnameOverride: ""

By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% .
You can change type to Recreate or can uncomment rollingUpdate specification and adjust them to your usage.
deploymentStrategy: {}

rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
副本个数
replicaCount: 1

容器image及tag
image:
registry: docker.io
repository: reg.utcook.com/pub/catering-push-service
#registry: "reg.utcook.com"
#repository: pub/user-service
tag: 1.0.14-SNAPSHOT
pullPolicy: Always # IfNotPresent: 有则不拉(减少流量和操作步骤),Always: 不管tag总拉(适合tag不变时更新)
pullSecrets: [] # 如果需要docker仓库验证

- private-registry-key
Istio named service ports
ref: https://istio.io/docs/setup/kubernetes/prepare/requirements/
service:
name: catering-push-service

支持ClusterIP修改为LoadBalancer,反之不允许。可手动修改svc,并将nodePort去掉
type: ClusterIP # 一般不用修改, 支持ClusterIP/LoadBalancer/NodePort

loadBalancerIP:
Enable client source IP preservation
ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster # 支持Cluster/Local
ingressPort: 17066
ports:
## 多端口暴露时,复制一段
http:
port: 17066 # Service port number for client-a port.
protocol: TCP # Service port protocol for client-a port.
## Use nodePorts to requets some specific ports when usin NodePort
# nodePort: #  默认会自动生成

env set
ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
env: []

- name: DEMO_GREETING
value: "Hello from the environment"
- name: DEMO_FAREWELL
value: "Such a sweet sorrow"
command set
startCommand: []

- "java -Xdebug -Xnoagent -Djava.compiler=NONE"
- "-Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n"
- "-Djava.security.egd=file:/dev/urandom"
- "-jar /test.jar"
- "-Duser.timezone=GMT+08"
Enable configmap and add data in configmap
config:
enabled: false
mountPath: /conf
subPath: ""
readOnly: true
data: {}

existConfig:
enabled: false
name: ""
mountPath: /exist/conf
subPath: ""
readOnly: true

To use an additional secret, set enable to true and add data
secret:
enabled: false
mountPath: /etc/secret-volume
subPath: ""
readOnly: true
data: {}

existSecret:
enabled: false
name: ""
mountPath: /exist/secret-volume
subPath: ""
readOnly: true

liveness and readiness
ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
healthCheck:
enabled: true
type: tcp # http/tcp
port: http # 上面的端口名或端口
httpPath: '/' # http时必须设置
livenessInitialDelaySeconds: 200 # 初始延迟秒数
livenessPeriodSeconds: 10 # 检测周期,默认值10,最小为1
readinessInitialDelaySeconds: 200 # 初始延迟秒数
readinessPeriodSeconds: 10 # 检测周期,默认值10,最小为1

resources: {}

容器资源设置
We usually recommend not to specify default resources and to leave this as a conscious
choice for the user. This also increases chances charts run on environments with little
resources, such as Minikube. If you do want to specify resources, uncomment the following
lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
Node labels and tolerations for pod assignment
ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
labels: {}
podAnnotations: {}

sidecar.istio.io/inject: "true"
nodeSelector: {}
tolerations: []
affinity: {}
annotations: {}

Enable persistence using Persistent Volume Claims
ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
persistentVolume: # 是否存储持久化
enabled: false

If defined, storageClassName: 
If set to "-", storageClassName: "", which disables dynamic provisioning
If undefined (the default) or set to null, no storageClassName spec is
set, choosing the default provisioner. (gp2 on AWS, azure-disk on
Azure, standard on GKE, AWS & OpenStack)
storageClass: "-"
accessMode: ReadWriteOnce
annotations: {}

helm.sh/resource-policy: keep
size: 1Gi # 大小
existingClaim: {} # 使用已存在的pvc
mountPaths: []

- name: data-storage
mountPath: /config
subPath: config
- name: data-storage
mountPath: /data
subPath: data
ingress: # 是否使用nginx暴露域名或端口
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- ws-dev.utcook.com
tls:
- secretName: all-utcook
hosts:
- ws-dev.utcook.com

istio configure
istio:
enabled: false

ref: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/
canary默认一条路由规则
virtualService:
## http/tcp
type: http

default subset, 非canary
default:
weight: 50
## HTTPRouteDestination
destination: {}
## HTTPRoute
route: {}

canary subset
canary:
- name: v1
replicaCount: 1
weight: 50
image:
repository: bitnami/nginx
tag: latest
pullPolicy: IfNotPresent
## 是否单独一条route
routeAlone: false
## HTTPRouteDestination
destination:
## headers
# request:
# add:
# version: canary
# response:
# add:
# version: canary

  ## HTTPRoute
  route:
    ## HTTPMatchRequest
    # match: 
    #   - headers:
    #       end-user:
    #         exact: jason
    #   - uri:
    #       exact: /v1/getProductRatings
    # 
    #   - sourceLabels:
    #       canary: "true"

    ## corsPolicy
    # corsPolicy:
    #   allowOrigin:
    #   - example.com
    #   allowMethods:
    #   - POST
    #   - GET
    #   allowCredentials: false
    #   allowHeaders:
    #   - X-Foo-Bar
    #   maxAge: "24h"

    ## TCPRoute, when type is tcp
    # tcp: 
    #   route:
    #   - destination:
    #       host: mongo.backup.svc.cluster.local
    #       port:
    #         number: 27017

    ## 注意请求的重试和超时还可以针对每个请求分别设置
    ## 超时设置,默认15s
    # timeout: ""
    ## 重试次数
    # retries: 
    #   attempts: 3
    #   perTryTimeout: 2s    

    ## 故障注入
    # fault: 
    #   delay:
    #     percentage:
    #       value: 10
    #     fixedDelay: 5s
    #   abort:
    #     percentage: 
    #       value: 10
    #     httpStatus: 400
    
    ## HTTPRedirect
    # redirect: 
    #   uri: /v1/bookRatings
    #   authority: newratings.default.svc.cluster.local

    ## HTTPRewrite
    ## 重写原语只能与HTTPRouteDesttion一起使用。
    # rewrite: 
    #   uri: /v1/bookRatings

    ## mirror
    # mirror: 
    #   host: httpbin
    #   subset: v2
serviceEntry:
enabled: false
spec: {}
# hosts:
# - *.foo.com
# location: MESH_EXTERNAL
# ports:
# - number: 80
# name: http
# protocol: HTTP
# - number: 443
# name: https
# protocol: HTTPS
# resolution: DNS

gateway:
enabled: false
servers:
- port:
number: 80
name: http
protocol: HTTP
## 多域名时,vs涉及去重
hosts:
- uk.bookinfo.com
# tls:
# httpsRedirect: true # 用 301 重定向指令响应 http 协议的请求。
# - port:
# number: 443
# name: https
# protocol: HTTPS
# hosts:
# - en.bookinfo.com
# tls:
# mode: SIMPLE # 在这一端口开放 https 服务。
# serverCertificate: /etc/certs/servercert.pem
# privateKey: /etc/certs/privatekey.pem

Prometheus Exporter / Metrics
metrics:
enabled: false
image:
registry: docker.io
repository: nginx/nginx-prometheus-exporter
tag: 0.1.0
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
pullSecrets: []
# - myRegistrKeySecretName

Metrics exporter pod Annotation and Labels
podAnnotations:
# prometheus.io/scrape: "true"
# prometheus.io/port: "9113"
## Metrics exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}

Uncomment and modify this to run a command after starting the core container.
ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
lifecycle: {}

preStop:
exec:
command: ["/bin/bash","/pre-stop.sh"]
postStart:
exec:
command: ["/bin/bash","/post-start.sh"]
deployment:
additionalVolumes: []

Container Security Context
securityContext: {}

fsGroup: 1001
runAsUser: 1001
init containers
ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Add init containers. e.g. to be used to give specific permissions for data
Add your own init container or uncomment and modify the given example.
initContainers: {}

- name: fmp-volume-permission
image: busybox
imagePullPolicy: IfNotPresent
command: ['chown','-R', '200', '/extra-data']
volumeMounts:
- name: extra-data
mountPath: /extra-data
Additional containers to be added to the core pod.
additionalContainers: {}

- name: my-sidecar
image: nginx:latest
- name: lemonldap-ng-controller
image: lemonldapng/lemonldap-ng-controller:0.2.0
args:
- /lemonldap-ng-controller
- --alsologtostderr
- --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: copy-portal-skins
mountPath: /srv/var/lib/lemonldap-ng/portal/skins

        

你可能感兴趣的:(kubernetes,docker,容器)