k8s实践笔记

文章目录

      • 第二天 Kubernetes落地实践之旅
        • 纯容器模式的问题
        • 容器调度管理平台
        • 架构图
        • 核心组件
        • 工作流程
        • 架构设计的几点思考
        • 实践--集群安装
            • k8s集群主流安装方式对比分析
            • 核心组件
            • 理解集群资源
            • kubectl的使用
        • 实践--使用k8s管理业务应用
          • 最小调度单元 Pod
            • 为什么引入Pod
            • 使用yaml格式定义Pod
            • 创建和访问Pod
            • Infra容器
            • 查看pod详细信息
            • Troubleshooting and Debugging(调试及故障排除)
            • 更新服务版本
            • 删除Pod服务
            • Pod数据持久化
            • **标签的增删改查**
            • 服务健康检查
            • 重启策略
            • 镜像拉取策略
            • Pod资源限制
            • yaml优化
            • 如何编写资源yaml
            • pod状态与生命周期
            • 小结
          • Pod控制器
            • Workload (工作负载)
            • Deployment
            • 创建Deployment
            • 查看Deployment
            • 副本保障机制
            • Pod驱逐策略
            • 服务更新
            • 更新策略
            • 服务回滚
          • Kubernetes服务访问之Service
            • Service 负载均衡之Cluster IP
            • 服务发现
            • Service负载均衡之NodePort
            • kube-proxy
          • Kubernetes服务访问之Ingress
            • 示意图:
            • 实现逻辑
            • 安装
            • 访问
            • 多路径转发及重写的实现

第二天 Kubernetes落地实践之旅

纯容器模式的问题
  1. 业务容器数量庞大,哪些容器部署在哪些节点,使用了哪些端口,如何记录、管理,需要登录到每台机器去管理?
  2. 跨主机通信,多个机器中的容器之间相互调用如何做,iptables规则手动维护?
  3. 跨主机容器间互相调用,配置如何写?写死固定IP+端口?
  4. 如何实现业务高可用?多个容器对外提供服务如何实现负载均衡?
  5. 容器的业务中断了,如何可以感知到,感知到以后,如何自动启动新的容器?
  6. 如何实现滚动升级保证业务的连续性?
容器调度管理平台

Docker Swarm Mesos Google Kubernetes

2017年开始Kubernetes凭借强大的容器集群管理功能, 逐步占据市场,目前在容器编排领域一枝独秀

https://kubernetes.io/

架构图

如何设计一个容器管理平台?

  • 集群架构,管理节点分发容器到数据节点(kubelet)
  • 如何部署业务容器到各数据节点(yaml编排文件)
  • N个数据节点,业务容器如何选择部署在最合理的节点(调度器,kube-scheduler)
  • 容器如何实现多副本,如何满足每个机器部署一个容器的模型(控制管理器,controller-manager)
  • 多副本如何实现集群内负载均衡(kube-proxy)

分布式系统,两类角色:管理节点和工作节点

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第1张图片

核心组件
  • ETCD:分布式高性能键值数据库,存储整个集群的所有元数据

  • ApiServer: API服务器,集群资源访问控制入口,提供restAPI及安全访问控制

  • Scheduler:调度器,负责把业务容器调度到最合适的Node节点

  • Controller Manager:控制器管理,确保集群资源按照期望的方式运行

    • Replication Controller 副本控制器
    功能如下:
    确保pod数量:它会确保Kubernetes中有指定数量的Pod在运行。如果少于指定数量的pod,Replication Controller会创建新的,反之则会删除掉多余的以保证Pod数量不变。
    确保pod健康:当pod不健康,运行出错或者无法提供服务时,Replication Controller也会杀死不健康的pod,重新创建新的。
    弹性伸缩 :在业务高峰或者低峰期的时候,可以通过Replication Controller动态的调整pod的数量来提高资源的利用率。同时,配置相应的监控功能(Hroizontal Pod Autoscaler),会定时自动从监控平台获取Replication Controller关联pod的整体资源使用情况,做到自动伸缩。
    滚动升级:滚动升级为一种平滑的升级方式,通过逐步替换的策略,保证整体系统的稳定,在初始化升级的时候就可以及时发现和解决问题,避免问题不断扩大。
    
    • Node controller 节点控制器
    Node由master管理,node负责监控并汇报容器的状态,并根据master的要求管理容器的生命周期
    
    • ResourceQuota Controller 资源配额控制器
    定义每个命名空间(namespace)的资源配额,从而实现资源消耗总量的限制,以保证集群资源的有效利用以及稳定性
    
    • Namespace Controller 命名空间控制器
    Namespace在很多情况下用于实现多租户的资源隔离,不同的业务可以使用不同的namespace进行隔离。
    
    • ServiceAccount Controller 服务账号控制器
    Service Account Controller在namespaces里管理ServiceAccount,并确保每个有效的namespaces中都存在一个名为“default”的ServiceAccount
    
    • Token Controller 令牌控制器
    Token controller检测service account的创建,并为它们创建secret
    观察serviceAccount的删除,并删除所有相应的ServiceAccountToken Secret
    观察secret 添加,并确保关联的ServiceAccount存在,并在需要时向secret 中添加一个Token。
    观察secret 删除,并在需要时对应 ServiceAccount 的关联
    
    • Service Controller 服务控制器
    Service Account 用来访问 kubernetes API
    
    • Endpoints Controller 终端控制器
    负责生成和维护所有Endpoints对象的控制器.它负责监听Service和对应的Pod副本的变化,如果检测到Service被删除,则删除和该Service同名的Endpoints对象。如果检测到新的Service被创建或者修改则根据该Service信息获得相关的Pod列表,然后创建或者更新Service对应的Endpoints对象。
    

    kubelet:运行在每个节点上的主要的“节点代理”,脏活累活

    • pod 管理:kubelet 定期从所监听的数据源获取节点上 pod/container 的期望状态(运行什么容器、运行的副本数量、网络或者存储如何配置等等),并调用对应的容器平台接口达到这个状态。
    • 容器健康检查:kubelet 创建了容器之后还要查看容器是否正常运行,如果容器运行出错,就要根据 pod 设置的重启策略进行处理.
    • 容器监控:kubelet 会监控所在节点的资源使用情况,并定时向 master 报告,资源使用数据都是通过 cAdvisor 获取的。知道整个集群所有节点的资源情况,对于 pod 的调度和正常运行至关重要
  • kube-proxy:维护节点中的iptables或者ipvs规则

  • kubectl: 命令行接口,用于对 Kubernetes 集群运行命令 https://kubernetes.io/zh/docs/reference/kubectl/

工作流程

k8s实践笔记_第2张图片

  1. 用户准备一个资源文件(记录了业务应用的名称、镜像地址等信息),通过调用APIServer执行创建Pod
  2. APIServer收到用户的Pod创建请求,将Pod信息写入到etcd中
  3. 调度器通过list-watch的方式,发现有新的pod数据,但是这个pod还没有绑定到某一个节点中
  4. 调度器通过调度算法,计算出最适合该pod运行的节点,并调用APIServer,把信息更新到etcd中
  5. kubelet同样通过list-watch方式,发现有新的pod调度到本机的节点了,因此调用容器运行时,去根据pod的描述信息,拉取镜像,启动容器,同时生成事件信息
  6. 同时,把容器的信息、事件及状态也通过APIServer写入到etcd中
架构设计的几点思考
  1. 系统各个组件分工明确(APIServer是所有请求入口,CM是控制中枢,Scheduler主管调度,而Kubelet负责运行),配合流畅,整个运行机制一气呵成。
  2. 除了配置管理和持久化组件ETCD,其他组件并不保存数据。意味除ETCD外其他组件都是无状态的。因此从架构设计上对kubernetes系统高可用部署提供了支撑。
  3. 同时因为组件无状态,组件的升级,重启,故障等并不影响集群最终状态,只要组件恢复后就可以从中断处继续运行。
  4. 各个组件和kube-apiserver之间的数据推送都是通过list-watch机制来实现。
实践–集群安装
k8s集群主流安装方式对比分析
  • minikube
  • 二进制安装
  • kubeadm等安装工具

kubeadm https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm/

《Kubernetes安装手册(非高可用版)》

核心组件

静态Pod的方式:

## etcd、apiserver、controller-manager、kube-scheduler
$ kubectl -n kube-system get po

systemd服务方式:

$ systemctl status kubelet

kubectl:二进制命令行工具

注:其他组件配置文件位置

[root@k8s-master week2]# ll /etc/kubernetes/manifests/
total 16
-rw------- 1 root root 2104 Jul  9 22:55 etcd.yaml
-rw------- 1 root root 3161 Jul  9 22:55 kube-apiserver.yaml
-rw------- 1 root root 2858 Jul  9 22:55 kube-controller-manager.yaml
-rw------- 1 root root 1413 Jul  9 22:55 kube-scheduler.yaml

可以通过删除pod,让他自动重建的方式重启,kube-proxy
[root@k8s-master week2]# kubectl  -n kube-system  get po |grep kube-proxy
kube-proxy-4qbsc                     1/1     Running   0          15h
kube-proxy-hpkd4                     1/1     Running   0          15h
kube-proxy-rk2fw                     1/1     Running   0          15h

[root@k8s-master week2]# kubectl  -n kube-system  get po -owide|grep kube-proxy
kube-proxy-4qbsc                     1/1     Running   0          15h   10.0.1.6     k8s-slave1   <none>           <none>
kube-proxy-hpkd4                     1/1     Running   0          15h   10.0.1.5     k8s-master   <none>           <none>
kube-proxy-rk2fw                     1/1     Running   0          15h   10.0.1.8     k8s-slave2   <none>           <none>
理解集群资源

组件是为了支撑k8s平台的运行,安装好的软件。

资源是如何去使用k8s的能力的定义。比如,k8s可以使用Pod来管理业务应用,那么Pod就是k8s集群中的一类资源,集群中的所有资源可以提供如下方式查看:

# namespace 这一列下面为true的资源都需要指定namespace,不指定默认为default
$ kubectl api-resources

如何理解namespace:

命名空间,集群内一个虚拟的概念,类似于资源池的概念,一个池子里可以有各种资源类型,绝大多数的资源都必须属于某一个namespace。集群初始化安装好之后,会默认有如下几个namespace:

$ kubectl get namespaces
NAME                   STATUS   AGE
default                Active   84m
kube-node-lease        Active   84m
kube-public            Active   84m
kube-system            Active   84m
kubernetes-dashboard   Active   71m
# 注意与docker中资源 namespace区分,k8s中是一个虚拟的概念,类似于资源池的概念
  • 所有NAMESPACED的资源,在创建的时候都需要指定namespace,若不指定,默认会在default命名空间下
  • 相同namespace下的同类资源不可以重名,不同类型的资源可以重名
  • 不同namespace下的同类资源可以重名
  • 通常在项目使用的时候,我们会创建带有业务含义的namespace来做逻辑上的整合
kubectl的使用

类似于docker,kubectl是命令行工具,用于与APIServer交互,内置了丰富的子命令,功能极其强大。 https://kubernetes.io/docs/reference/kubectl/overview/

注:忘记命令就可使用kubectl -h查看命令帮助,如kubectl get pod -h
$ kubectl -h
$ kubectl get -h
$ kubectl create -h
$ kubectl create namespace -h
实践–使用k8s管理业务应用
最小调度单元 Pod

docker调度的是容器,在k8s集群中,最小的调度单元是Pod(豆荚)

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第3张图片

为什么引入Pod
  • 与容器引擎解耦

    Docker、Rkt。平台设计与引擎的具体的实现解耦

  • 多容器共享网络|存储|进程 空间, 支持的业务场景更加灵活

注:pod里面的容器都直接可以通过localhost访问
使用yaml格式定义Pod

myblog/one-pod/pod.yaml

apiVersion: v1 #版本
kind: Pod   # 类型/角色
metadata:   # 元数据属性
  name: myblog # pod名称
  namespace: luffy  # 在哪个namespace下
  labels:  # pod标签
    component: myblog  # 相当于component=myblog的标签
spec:     #详细说明
  containers:  # 容器
  - name: myblog  # 容器名称
    image: 10.0.1.5:5000/myblog:v1  # 容器镜像地址
    env:   #环境变量
    - name: MYSQL_HOST   #  指定root用户的用户名
      value: "127.0.0.1"  # 上行name的值
    - name: MYSQL_PASSWD  # 密码
      value: "123456"
    ports:  #需要暴露的端口号列表,象征的显示此业务跑在8002端口,可以省略不写,没有影响
    - containerPort: 8002
  - name: mysql  # 容器名称
    image: mysql:5.7   # 容器使用的镜像
# command  
    args:    # 启动容器运行的命令参数
    - --character-set-server=utf8mb4
    - --collation-server=utf8mb4_unicode_ci
    ports:   # 需要暴露的端口号列表
    - containerPort: 3306
    env:   # 容器运行前需要设置的环境变量列表
    - name: MYSQL_ROOT_PASSWORD
      value: "123456"
    - name: MYSQL_DATABASE
      value: "myblog"
{
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "myblog",
        "namespace": "luffy",
        "labels": {
            "component": "myblog"
        }
    },
    "spec": {
        "containers": [
            {
                "name": "myblog",
                "image": "10.0.1.5:5000/myblog:v1",
                "env": [
                    {
                        "name": "MYSQL_HOST",
                        "value": "127.0.0.1"
                    }
                ]
            },
            {
                ...
            }
        ]
    }
}
apiVersion 含义
alpha 进入K8s功能的早期候选版本,可能包含Bug,最终不一定进入K8s
beta 已经过测试的版本,最终会进入K8s,但功能、对象定义可能会发生变更。
stable 可安全使用的稳定版本
v1 stable 版本之后的首个版本,包含了更多的核心对象
apps/v1 使用最广泛的版本,像Deployment、ReplicaSets都已进入该版本

资源类型与apiVersion对照表

Kind apiVersion
ClusterRoleBinding rbac.authorization.k8s.io/v1
ClusterRole rbac.authorization.k8s.io/v1
ConfigMap v1
CronJob batch/v1beta1
DaemonSet extensions/v1beta1
Node v1
Namespace v1
Secret v1
PersistentVolume v1
PersistentVolumeClaim v1
Pod v1
Deployment v1、apps/v1、apps/v1beta1、apps/v1beta2
Service v1
Ingress extensions/v1beta1
ReplicaSet apps/v1、apps/v1beta2
Job batch/v1
StatefulSet apps/v1、apps/v1beta1、apps/v1beta2

快速获得资源和版本

# 查看所有api-versions信息
$ kubectl  api-versions

# 查看具体资源详细信息如
$ kubectl explain pod
$ kubectl explain Pod.apiVersion
$ kubectl  explain Pod.apiVersion
$ kubectl  explain Deployment.apiVersion
$ kubectl  explain Service.apiVersion
创建和访问Pod

前提:

# This my first django Dockerfile
# Version 1.0

# Base images 基础镜像
FROM centos:centos7.5.1804

#MAINTAINER 维护者信息
LABEL maintainer="[email protected]"

#ENV 设置环境变量
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8

#RUN 执行以下命令
RUN curl -so /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo && rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
RUN yum install -y python36 python3-devel gcc pcre-devel zlib-devel make net-tools nginx

#工作目录
WORKDIR /opt/myblog

#拷贝文件至工作目录
COPY  .  .

#拷贝nginx配置文件
COPY myblog.conf  /etc/nginx

# 安装依赖的插件
RUN pip3 install -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com -r requirements.txt

RUN chmod +x run.sh && rm -rf ~/.cache/pip

# EXPOSE 映射端口
EXPOSE  8002

# 容器启动时执行命令
CMD ["./run.sh"]

详情见上一节Django项目

mkdir luffy && cd luffy
git clone https://gitee.com/agagin/python-demo.git
cd python-demo/
vim Dockerfile
docker build . -t myblog:v1 -f Dockerfile

# 准备镜像文件
[root@k8s-master 2021]# pwd
/root/2021

[root@k8s-master 2021]# ls
registry  registry.tar.gz

# 使用docker镜像启动仓库服务
docker run -d -p 5000:5000 --restart always -v /root/2021/registry:/var/lib/registry --name registry registry:2
#创建MySQL配置文件
[root@k8s-master luffy]#  mkdir mysql-images/ && cd mysql-images/

[root@k8s-master mysql-images]# cat my.cnf 
[mysqld]
user=root
character-set-server=utf8
lower_case_table_names=1

[client]
default-character-set=utf8
[mysql]
default-character-set=utf8

!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/

# 创建dockerfile、
[root@k8s-master mysql-images]# cat Dockerfile 
FROM mysql:5.7
COPY my.cnf  /etc/mysql/my.cnf
## CMD 或者ENTRYPOINT默认继承

# 构建本地镜像
[root@k8s-master mysql-images]# docker build . -t 10.0.1.5:5000/mysql:5.7-utf8
[root@k8s-master mysql-images]# docker tag myblog:v1 10.0.1.5:5000/myblog:v1

#配置加速   docker私有仓库服务器,默认是基于https传输的,所以我们需要在客户端127.0.0.1做相关设置,不使用https传输【此操作主从都需配置】
[root@k8s-master opt]#  vi /etc/docker/daemon.json
[root@k8s-master opt]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": [
    "https://8xpk5wnt.mirror.aliyuncs.com"
  ],
  "insecure-registries": [
     "10.0.1.5:5000"
  ]
}



# 重启docker
systemctl daemon-reload
systemctl restart docker

# 推镜像
[root@k8s-master mysql-images]# docker push  10.0.1.5:5000/myblog:v1
[root@k8s-master mysql-images]# docker push 10.0.1.5:5000/mysql:5.7-utf8 

# 拷贝yaml文件
[root@k8s-master week2]# pwd
/root/2021/week2
[root@k8s-master week2]# vim pod.yaml 
## 创建namespace, namespace是逻辑上的资源池
$ kubectl create namespace luffy

## 使用指定文件创建Pod
$ kubectl create -f pod.yaml

## 查看pod,可以简写po
## 所有的操作都需要指定namespace,如果是在default命名空间下,则可以省略
$ kubectl -n luffy get pods -o wide
NAME     READY   STATUS    RESTARTS   AGE    IP             NODE
myblog   2/2     Running   0          3m     10.244.1.4   k8s-slave1

## 回顾流程

## 使用Pod Ip访问服务,3306和8002
$ curl 10.244.1.4:8002/blog/index/

## 进入容器,执行初始化, 不必到对应的主机执行docker exec
$ kubectl -n luffy exec -ti myblog -c myblog bash
/ # env
/ # python3 manage.py migrate
$ kubectl -n luffy exec -ti myblog -c mysql bash
/ # mysql -p123456

## 再次访问服务,3306和8002
$ curl 10.244.1.2:8002/blog/index/
Infra容器

登录k8s-slave1节点

$ docker ps -a |grep myblog  ## 发现有三个容器
## 其中包含mysql和myblog程序以及Infra容器
## 为了实现Pod内部的容器可以通过localhost通信,每个Pod都会启动Infra容器,然后Pod内部的其他容器的网络空间会共享该Infra容器的网络空间(Docker网络的container模式),Infra容器只需要hang住网络空间,不需要额外的功能,因此资源消耗极低。

## 登录master节点,查看pod内部的容器ip均相同,为pod ip
$ kubectl -n luffy exec -ti myblog -c myblog bash
/ # ifconfig
$ kubectl -n luffy exec -ti myblog -c mysql bash
/ # ifconfig

pod容器命名: k8s____

查看pod详细信息
## 查看pod调度节点及pod_ip
$ kubectl -n luffy get pods -o wide
## 查看完整的yaml
$ kubectl -n luffy get po myblog -o yaml
## 查看pod的明细信息及事件
$ kubectl -n luffy describe pod myblog

Troubleshooting and Debugging(调试及故障排除)
#进入Pod内的容器
$ kubectl -n  exec  -c  -ti /bin/sh
# 参数解释
# -n 指定命名空间
# exec -ti 进入交互式终端
# -c  容器的名字

#查看Pod内容器日志,显示标准或者错误输出日志
$ kubectl -n  logs -f  -c 
$ kubectl -n  logs -f --tail=100  -c 
# 参数解释
# logs  查看日志
# -f  实时刷新
# --tail=100  指定行数
更新服务版本
$ kubectl apply -f myblog-pod.yaml
# 注:对于pod来讲,如果你的yaml文件资源定义的是pod,没法直接使用apply,除非是修改镜像版本,否则失败,如修改环境变量等apply会检验不通过
删除Pod服务
#根据文件删除
$ kubectl delete -f myblog-pod.yaml

#根据pod_name删除
$ kubectl -n  delete pod 
Pod数据持久化

若删除了Pod,由于mysql的数据都在容器内部,会造成数据丢失,因此需要数据进行持久化。

  • 定点使用hostpath挂载,nodeSelector定点

    myblog/one-pod/pod-with-volume.yaml

    apiVersion: v1
    kind: Pod
    metadata:
      name: myblog
      namespace: luffy
      labels:
        component: myblog #相当于调度到有labels是component=myblog的机器上
    spec:
      volumes: # 定义卷,和container同级,所以所有container都能引用
      - name: mysql-data
        hostPath: 
          path: /opt/mysql/data
      nodeSelector:   # 使用节点选择器将Pod调度到指定label的节点
        component: mysql
      containers:
      - name: myblog
        image: 10.0.1.5:5000/myblog:v1
        env:
        - name: MYSQL_HOST   #  指定root用户的用户名
          value: "127.0.0.1"
        - name: MYSQL_PASSWD
          value: "123456"
        ports:
        - containerPort: 8002
      - name: mysql
        image: mysql:5.7
        args:
        - --character-set-server=utf8mb4
        - --collation-server=utf8mb4_unicode_ci
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"
        - name: MYSQL_DATABASE
          value: "myblog"
        volumeMounts:  # 挂载卷,属于container下的一个key,
        - name: mysql-data # 名字必须和上面定义的相对应
          mountPath: /var/lib/mysql
    

    保存文件为pod-with-volume.yaml,执行创建

    ## 若存在旧的同名服务,先删除掉,后创建
    $ kubectl -n luffy delete pod myblog
    ## 创建
    $ kubectl create -f pod-with-volume.yaml
    
    ## 此时pod状态Pending
    $ kubectl -n luffy get po
    NAME     READY   STATUS    RESTARTS   AGE
    myblog   0/2     Pending   0          32s
    
    ## 查看原因,提示调度失败,因为节点不满足node selector
    $ kubectl -n luffy describe po myblog
    Events:
      Type     Reason            Age                From               Message
      ----     ------            ----               ----               -------
      Warning  FailedScheduling  12s (x2 over 12s)  default-scheduler  0/3 nodes are available: 3 node(s) didn't match node selector.
      
    ## 为节点打标签
    $ kubectl label node k8s-slave1 component=mysql
    
    ## 再次查看,已经运行成功
    $ kubectl -n luffy get po
    NAME     READY   STATUS    RESTARTS   AGE     IP             NODE
    myblog   2/2     Running   0          3m54s   10.244.1.150   k8s-slave1
    
    ## 到k8s-slave1节点,查看/opt/mysql/data
    $ ll /opt/mysql/data/
    total 188484
    -rw-r----- 1 polkitd input       56 Mar 29 09:20 auto.cnf
    -rw------- 1 polkitd input     1676 Mar 29 09:20 ca-key.pem
    -rw-r--r-- 1 polkitd input     1112 Mar 29 09:20 ca.pem
    drwxr-x--- 2 polkitd input     8192 Mar 29 09:20 sys
    ...
    
    ## 执行migrate,创建数据库表,然后删掉pod,再次创建后验证数据是否存在
    $ kubectl -n luffy exec -ti myblog python3 manage.py migrate
    
    ## 访问服务,正常
    $ curl 10.244.1.150:8002/blog/index/ 
    
    ## 删除pod
    $ kubectl delete -f pod-with-volume.yaml
    
    ## 再次创建Pod
    $ kubectl create -f pod-with-volume.yaml
    
    ## 查看pod ip并访问服务
    $ kubectl -n luffy get po -o wide
    NAME     READY   STATUS    RESTARTS   AGE   IP             NODE  
    myblog   2/2     Running   0          7s    10.244.1.151   k8s-slave1
    
    ## 未重新做migrate,服务正常
    $ curl 10.244.1.151:8002/blog/index/
    
  • 使用PV+PVC连接分布式存储解决方案

    • ceph
    • glusterfs
    • nfs
标签的增删改查
# 添加
$ kubectl label nodes kube-node label_key=label_value

# 查询
$ kubectl  get node --show-labels
# 过滤标签
$ kubectl -n ns_name  get po -o wide -l label_key=label_value

# 删除一个label,只需在命令行最后指定的label的可以名并与一个减号相连即可:
$ kubectl label nodes k8s-slave1 label_key-

# 修改一个label的值,需要加上--overwrite参数
$ kubectl label nodes  k8s-slave1 label_key=apache --overwrite

# 或者你可以直接kubectl edit就可编辑这个node的配置,保存退出就可以了
服务健康检查

检测容器服务是否健康的手段,若不健康,会根据设置的重启策略(restartPolicy)进行操作,两种检测机制可以分别单独设置,若不设置,默认认为Pod是健康的。

两种机制:

  • LivenessProbe探针
    存活性探测:用于判断容器是否存活,即Pod是否为running状态,如果LivenessProbe探针探测到容器不健康,则kubelet将kill掉容器,并根据容器的重启策略是否重启,如果一个容器不包含LivenessProbe探针,则Kubelet认为容器的LivenessProbe探针的返回值永远成功。

    ...
      containers:
      - name: myblog
        image: 10.0.1.5:5000/myblog:v1
        livenessProbe:
          httpGet:
            path: /blog/index/
            port: 8002
            scheme: HTTP
          initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
          periodSeconds: 10 	# 执行探测的频率
          timeoutSeconds: 2		# 探测超时时间
    ...
    

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第4张图片

  • ReadinessProbe探针
    可用性探测:用于判断容器是否正常提供服务,即容器的Ready是否为True,是否可以接收请求,如果ReadinessProbe探测失败,则容器的Ready将为False, Endpoint Controller 控制器将此Pod的Endpoint从对应的service的Endpoint列表中移除,不再将任何请求调度此Pod上,直到下次探测成功。(剔除此pod不参与接收请求不会将流量转发给此Pod)。

    ...
      containers:
      - name: myblog
        image: 10.0.1.5:5000/myblog:v1
        readinessProbe: 
          httpGet: 
            path: /blog/index/
            port: 8002
            scheme: HTTP
          initialDelaySeconds: 10 
          timeoutSeconds: 2
          periodSeconds: 10
    ...
    

    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第5张图片

三种类型:

  • exec:通过执行命令来检查服务是否正常,返回值为0则表示容器健康
  • httpGet方式:通过发送http请求检查服务是否正常,返回200-399状态码则表明容器健康
  • tcpSocket:通过容器的IP和Port执行TCP检查,如果能够建立TCP连接,则表明容器健康

示例:

完整文件路径 myblog/one-pod/pod-with-healthcheck.yaml

  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    env:
    - name: MYSQL_HOST   #  指定root用户的用户名
      value: "127.0.0.1"
    - name: MYSQL_PASSWD
      value: "123456"
    ports:
    - containerPort: 8002
    livenessProbe:    # 注意添加位置
      httpGet:
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
      periodSeconds: 10 	# 执行探测的频率
      timeoutSeconds: 2		# 探测超时时间
    readinessProbe: 
      httpGet: 
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10 
      timeoutSeconds: 2
      periodSeconds: 10
[root@k8s-master week2]# kubectl delete -f pod-with-volume.yaml 
pod "myblog" deleted

[root@k8s-master week2]# vim pod-with-volume.yaml 

[root@k8s-master week2]# kubectl create  -f pod-with-volume.yaml 
pod/myblog created
[root@k8s-master week2]# kubectl  -n luffy  get po -owide
NAME     READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   
myblog   1/2     Running   0          29s   10.244.1.15   k8s-slave1          

# 进入容器
$ kubectl  -n luffy  exec -ti myblog -c myblog bash
[root@myblog myblog]# python3 manage.py  migrate
$ kubectl  -n luffy  get po

[root@k8s-master week2]# kubectl  -n luffy  get po 
NAME     READY   STATUS    RESTARTS   AGE
myblog   2/2     Running   3          6m6s
  • initialDelaySeconds:容器启动后第一次执行探测是需要等待多少秒。
  • periodSeconds:执行探测的频率。默认是10秒,最小1秒。
  • timeoutSeconds:探测超时时间。默认1秒,最小1秒。
  • successThreshold:探测失败后,最少连续探测成功多少次才被认定为成功。默认是1。
  • failureThreshold:探测成功后,最少连续探测失败多少次
    才被认定为失败。默认是3,最小值是1。

K8S将在Pod开始启动10s(initialDelaySeconds)后利用HTTP访问8002端口的/blog/index/,如果超过2s或者返回码不在200~399内,则健康检查失败

重启策略

Pod的重启策略(RestartPolicy)应用于Pod内的所有容器,并且仅在Pod所处的Node上由kubelet进行判断和重启操作。当某个容器异常退出或者健康检查失败时,kubelet将根据RestartPolicy的设置来进行相应的操作。
Pod的重启策略包括Always、OnFailure和Never,默认值为Always。

  • Always:当容器进程退出后,由kubelet自动重启该容器;
  • OnFailure:当容器终止运行且退出码不为0时,由kubelet自动重启该容器;
  • Never:不论容器运行状态如何,kubelet都不会重启该容器。

演示重启策略:

apiVersion: v1
kind: Pod
metadata:
  name: test-restart-policy
spec:
  restartPolicy: Always
  containers:
  - name: busybox
    image: busybox
    args:
    - /bin/sh
    - -c
    - sleep 10

执行结果

$ kubectl apply -f test-restartpolicy.yaml

# 会出现如下几种状态
$ kubectl get po -owide -w
test-restart-policy   0/1     Completed           0          98s   10.244.2.4   k8s-slave2 
test-restart-policy   1/1     Running             1          118s   10.244.2.4   k8s-slave2 
test-restart-policy   0/1     Completed           1          2m8s   10.244.2.4   k8s-slave2 
test-restart-policy   0/1     CrashLoopBackOff    1          2m18s   10.244.2.4   k8s-
  1. 使用默认的重启策略,即 restartPolicy: Always ,无论容器是否是正常退出,都会自动重启容器
  2. 使用OnFailure的策略时
    • 如果把exit 1,去掉,即让容器的进程正常退出的话,则不会重启
    • 只有非正常退出状态才会重启
  3. 使用Never时,退出了就不再重启

可以看出,若容器正常退出,Pod的状态会是Completed,非正常退出,状态为CrashLoopBackOff

镜像拉取策略
spec:
  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    imagePullPolicy: IfNotPresent

设置镜像的拉取策略,默认为IfNotPresent

  • Always,总是拉取镜像,即使本地有镜像也从仓库拉取
  • IfNotPresent ,本地有则使用本地镜像,本地没有则去仓库拉取
  • Never,只使用本地镜像,本地没有则报错
Pod资源限制

为了保证充分利用集群资源,且确保重要容器在运行周期内能够分配到足够的资源稳定运行,因此平台需要具备

Pod的资源限制的能力。 对于一个pod来说,资源最基础的2个的指标就是:CPU和内存。

Kubernetes提供了个采用requests和limits 两种类型参数对资源进行预分配和使用限制。

完整文件路径:myblog/one-pod/pod-with-resourcelimits.yaml

...
  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    env:
    - name: MYSQL_HOST   #  指定root用户的用户名
      value: "127.0.0.1"
    - name: MYSQL_PASSWD
      value: "123456"
    ports:
    - containerPort: 8002
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
...

node节点的资源限制查看

$ kubectl  describe no  k8s-slave1

requests:

  • 容器使用的最小资源需求,作用于schedule阶段,作为容器调度时资源分配的判断依赖
  • 只有当前节点上可分配的资源量 >= request 时才允许将容器调度到该节点
  • request参数不限制容器的最大可使用资源
  • requests.cpu被转成docker的–cpu-shares参数,与cgroup cpu.shares功能相同 (无论宿主机有多少个cpu或者内核,–cpu-shares选项都会按照比例分配cpu资源)
  • requests.memory没有对应的docker参数,仅作为k8s调度依据

limits:

  • 容器能使用资源的最大值
  • 设置为0表示对使用的资源不做限制, 可无限的使用
  • 当pod 内存超过limit时,会被oom
  • 当cpu超过limit时,不会被kill,但是会限制不超过limit值
  • limits.cpu会被转换成docker的–cpu-quota参数。与cgroup cpu.cfs_quota_us功能相同
  • limits.memory会被转换成docker的–memory参数。用来限制容器使用的最大内存

对于 CPU,我们知道计算机里 CPU 的资源是按“时间片”的方式来进行分配的,系统里的每一个操作都需要 CPU 的处理,所以,哪个任务要是申请的 CPU 时间片越多,那么它得到的 CPU 资源就越多。

然后还需要了解下 CGroup 里面对于 CPU 资源的单位换算:

1 CPU =  1000 millicpu(1 Core = 1000m)

这里的 m 就是毫、毫核的意思,Kubernetes 集群中的每一个节点可以通过操作系统的命令来确认本节点的 CPU 内核数量,然后将这个数量乘以1000,得到的就是节点总 CPU 总毫数。比如一个节点有四核,那么该节点的 CPU 总毫量为 4000m。

docker run命令和 CPU 限制相关的所有选项如下:

选项 描述
--cpuset-cpus="" 允许使用的 CPU 集,值可以为 0-3,0,1
-c,--cpu-shares=0 CPU 共享权值(相对权重)
cpu-period=0 限制 CPU CFS 的周期,范围从 100ms~1s,即[1000, 1000000]
--cpu-quota=0 限制 CPU CFS 配额,必须不小于1ms,即 >= 1000,绝对限制
docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:16.04 /bin/bash

将 CFS 调度的周期设为 50000,将容器在每个周期内的 CPU 配额设置为 25000,表示该容器每 50ms 可以得到 50% 的 CPU 运行时间。

注意:若内存使用超出限制,会引发系统的OOM机制,因CPU是可压缩资源,不会引发Pod退出或重建

yaml优化

目前完善后的yaml,myblog/one-pod/pod-completed.yaml

apiVersion: v1
kind: Pod
metadata:
  name: myblog
  namespace: luffy
  labels:
    component: myblog
spec:
  volumes: 
  - name: mysql-data
    hostPath: 
      path: /opt/mysql/data
  nodeSelector:   # 使用节点选择器将Pod调度到指定label的节点
    component: mysql
  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    env:
    - name: MYSQL_HOST   #  指定root用户的用户名
      value: "127.0.0.1"
    - name: MYSQL_PASSWD
      value: "123456"
    ports:
    - containerPort: 8002
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
    livenessProbe:
      httpGet:
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
      periodSeconds: 15         # 执行探测的频率
      timeoutSeconds: 2         # 探测超时时间
    readinessProbe: 
      httpGet: 
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10 
      timeoutSeconds: 2
      periodSeconds: 15
  - name: mysql
    image: mysql:5.7
    args:
    - --character-set-server=utf8mb4
    - --collation-server=utf8mb4_unicode_ci
    ports:
    - containerPort: 3306
    env:
    - name: MYSQL_ROOT_PASSWORD
      value: "123456"
    - name: MYSQL_DATABASE
      value: "myblog"
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
    readinessProbe:
      tcpSocket:
        port: 3306
      initialDelaySeconds: 5
      periodSeconds: 10
    livenessProbe:
      tcpSocket:
        port: 3306
      initialDelaySeconds: 15
      periodSeconds: 20
    volumeMounts:
    - name: mysql-data
      mountPath: /var/lib/mysql

为什么要优化

  • 考虑真实的使用场景,像数据库这类中间件,是作为公共资源,为多个项目提供服务,不适合和业务容器绑定在同一个Pod中,因为业务容器是经常变更的,而数据库不需要频繁迭代
  • yaml的环境变量中存在敏感信息(账号、密码),存在安全隐患

解决问题一,需要拆分yaml

myblog/two-pod/mysql.yaml

apiVersion: v1
kind: Pod
metadata:
  name: mysql
  namespace: luffy
  labels:
    component: mysql
spec:
  hostNetwork: true     # 声明pod的网络模式为host模式,效果同docker run --net=host
  volumes: 
  - name: mysql-data
    hostPath: 
      path: /opt/mysql/data
  nodeSelector:   # 使用节点选择器将Pod调度到指定label的节点
    component: mysql
  containers:
  - name: mysql
    image: mysql:5.7
    args:
    - --character-set-server=utf8mb4
    - --collation-server=utf8mb4_unicode_ci
    ports:
    - containerPort: 3306
    env:
    - name: MYSQL_ROOT_PASSWORD
      value: "123456"
    - name: MYSQL_DATABASE
      value: "myblog"
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
    readinessProbe:
      tcpSocket:
        port: 3306
      initialDelaySeconds: 5
      periodSeconds: 10
    livenessProbe:
      tcpSocket:
        port: 3306
      initialDelaySeconds: 15
      periodSeconds: 20
    volumeMounts:
    - name: mysql-data
      mountPath: /var/lib/mysql

myblog.yaml

apiVersion: v1
kind: Pod
metadata:
  name: myblog
  namespace: luffy
  labels:
    component: myblog
spec:
  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    imagePullPolicy: IfNotPresent
    env:
    - name: MYSQL_HOST   #  指定root用户的用户名
      value: "10.0.1.6"  # mysql的地址
    - name: MYSQL_PASSWD
      value: "123456"
    ports:
    - containerPort: 8002
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
    livenessProbe:
      httpGet:
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
      periodSeconds: 15         # 执行探测的频率
      timeoutSeconds: 2         # 探测超时时间
    readinessProbe: 
      httpGet: 
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10 
      timeoutSeconds: 2
      periodSeconds: 15

创建测试

## 先删除旧pod
$ kubectl -n luffy delete po myblog

## 分别创建mysql和myblog
$ kubectl create -f mysql.yaml
$ kubectl create -f myblog.yaml

## 查看pod,注意mysqlIP为宿主机IP,因为网络模式为host
$ kubectl -n luffy get po -o wide 
NAME     READY   STATUS    RESTARTS   AGE   IP                NODE
myblog   1/1     Running   0          41s   10.244.1.152      k8s-slave1
mysql    1/1     Running   0          52s   172.21.51.67   k8s-slave1

## 访问myblog服务正常
$ curl 10.244.1.152:8002/blog/index/

解决问题二,环境变量中敏感信息带来的安全隐患

为什么要统一管理环境变量

  • 环境变量中有很多敏感的信息,比如账号密码,直接暴漏在yaml文件中存在安全性问题
  • 团队内部一般存在多个项目,这些项目直接存在配置相同环境变量的情况,因此可以统一维护管理
  • 对于开发、测试、生产环境,由于配置均不同,每套环境部署的时候都要修改yaml,带来额外的开销

k8s提供两类资源,configMap和Secret,可以用来实现业务配置的统一管理, 允许将配置文件与镜像文件分离,以使容器化的应用程序具有可移植性 。

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第6张图片

  • configMap,通常用来管理应用的配置文件或者环境变量,myblog/two-pod/configmap.yaml

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: myblog
      namespace: luffy # 指定namespace,直接引用此命名空间下的,而不能去读取别的命名空间的configMap
    data:
      MYSQL_HOST: "10.0.1.6"
      MYSQL_PORT: "3306"
    

    创建并查看configMap:

    $ kubectl create -f configmap.yaml
    $ kubectl -n luffy get cm myblog -oyaml
    

    或者可以使用命令的方式,从文件中创建,比如:

    configmap.txt

    $ cat configmap.txt
    MYSQL_HOST=10.0.1.6
    MYSQL_PORT=3306
    $ kubectl -n luffy create configmap myblog --from-env-file=configmap.txt
    

    环境变量和非环境变量配置文件的创建区别

    [root@k8s-master week2]# cat configmap.txt 
    MYSQL_HOST=10.0.1.6
    MYSQL_PORT=3306
    
       kubectl create configmap my-config --from-env-file=path/to/bar.env
       kubectl create configmap my-config --from-file=path/to/bar
    
    # 环境变量形式
    [root@k8s-master week2]# kubectl -n luffy  create configmap myblog --from-env-file=configmap.txt 
    
    # 非环境变量形式
    [root@k8s-master week2]# cat config.ini 
    [mysql]
    aaa=bbb
    ccc=xxx
    
    [root@k8s-master week2]# kubectl -n luffy create configmap demo --from-file=config.ini 
    
    kubectl  -n luffy get configmap
    kubectl -n luffy get configmap myblog -oyaml
    kubectl -n luffy get configmap  demo -oyaml
    
    # 对比
    [root@k8s-master week2]# kubectl -n luffy get configmap myblog -oyaml
    apiVersion: v1
    data:
      MYSQL_HOST: 10.0.1.5
      MYSQL_PORT: "3306"
    kind: ConfigMap
    metadata:
      creationTimestamp: "2021-06-13T23:12:58Z"
      managedFields:
      - apiVersion: v1
        fieldsType: FieldsV1
        fieldsV1:
          f:data:
            .: {}
            f:MYSQL_HOST: {}
            f:MYSQL_PORT: {}
        manager: kubectl-create
        operation: Update
        time: "2021-06-13T23:12:58Z"
      name: myblog
      namespace: luffy
      resourceVersion: "479878"
      selfLink: /api/v1/namespaces/luffy/configmaps/myblog
      uid: 4c9045fd-0cb3-4cb5-8562-7b808363c249
    
    [root@k8s-master week2]# kubectl -n luffy get configmap  demo -oyaml
    apiVersion: v1
    data:
      config.ini: |
        [mysql]
        aaa=bbb
        ccc=xxx
    kind: ConfigMap
    metadata:
      creationTimestamp: "2021-06-13T23:13:14Z"
      managedFields:
      - apiVersion: v1
        fieldsType: FieldsV1
        fieldsV1:
          f:data:
            .: {}
            f:config.ini: {}
        manager: kubectl-create
        operation: Update
        time: "2021-06-13T23:13:14Z"
      name: demo
      namespace: luffy
      resourceVersion: "479916"
      selfLink: /api/v1/namespaces/luffy/configmaps/demo
      uid: a5ac2b59-ae22-4645-af1b-500b501fd15f
    

    命令查看帮助

[root@k8s-master week2]# kubectl -n luffy  get configmap myblog -oyaml
# 翻译结果
Examples:
  # Create a new configmap named my-config based on folder bar
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new configmap named my-config with specified keys instead of file basenames on disk
  kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt
--from-file=key2=/path/to/bar/file2.txt
  
  # Create a new configmap named my-config with key1=config1 and key2=config2
  kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
  
  # Create a new configmap named my-config from the key=value pairs in the file
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new configmap named my-config from an env file
  kubectl create configmap my-config --from-env-file=path/to/bar.env

列子:
   # 根据文件夹栏创建一个名为my-config的新配置映射
   # 使用指定的键而不是磁盘上的文件基名创建一个名为 my-config 的新配置映射
   # 创建一个名为 my-config 的新配置映射,key1=config1 和 key2=config2
   # 从文件中的 key=value 对创建一个名为 my-config 的新配置映射
   # 从 env 文件创建一个名为 my-config 的新配置映射 
  • Secret,管理敏感类的信息,默认会base64编码存储,有三种类型
[root@k8s-master week2]# kubectl create secret -h
Create a secret using specified subcommand.

Available Commands:
  docker-registry Create a secret for use with a Docker registry
  generic         Create a secret from a local file, directory or literal value
  tls             Create a TLS secret

Usage:
  kubectl create secret [flags] [options]

Use "kubectl  --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).

使用指定的子命令创建一个秘密。

可用命令:
   docker-registry 创建一个用于 Docker 注册表的密钥
   generic 从本地文件、目录或文字值创建一个秘密
   tls 创建一个 TLS 秘密

用法:
   kubectl 创建秘密 [标志] [选项]

使用“kubectl  --help”获取有关给定命令的更多信息。
使用“kubectl options”获取全局命令行选项列表(适用于所有命令)。
  • Service Account :用来访问Kubernetes API,由Kubernetes自动创建,并且会自动挂载到Pod的/run/secrets/kubernetes.io/serviceaccount目录中;创建ServiceAccount后,Pod中指定serviceAccount后,自动创建该ServiceAccount对应的secret;
  • Opaque : base64编码格式的Secret,用来存储密码、密钥等;
  • kubernetes.io/dockerconfigjson :用来存储私有docker registry的认证信息。

myblog/two-pod/secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: myblog
  namespace: luffy
type: Opaque
data:
  MYSQL_USER: cm9vdA==          #注意加-n参数, echo -n root|base64
  MYSQL_PASSWD: MTIzNDU2
  
  
不加-n 多一个换行符
[root@k8s-master week2]# echo -n root|base64
cm9vdA==
[root@k8s-master week2]# echo -n 123456|base64
MTIzNDU2

# 反解
[root@k8s-master week2]# echo cm9vdA==|base64 -d
root

创建并查看:

$ kubectl create -f secret.yaml
$ kubectl -n luffy get secret

如果不习惯这种方式,可以通过如下方式:

$ cat secret.txt
MYSQL_USER=root
MYSQL_PASSWD=123456
$ kubectl -n luffy create secret generic myblog --from-env-file=secret.txt 

[root@k8s-master week2]# kubectl -n luffy  get secret
NAME                  TYPE                                  DATA   AGE
default-token-thqxq   kubernetes.io/service-account-token   3      87m
myblog                Opaque                                2      24m

[root@k8s-master week2]# kubectl -n luffy  get secret myblog -oyaml
apiVersion: v1
data:
  MYSQL_PASSWD: MTIzNDU2
  MYSQL_USER: cm9vdA==
kind: Secret
metadata:
  creationTimestamp: "2021-07-11T03:10:18Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:MYSQL_PASSWD: {}
        f:MYSQL_USER: {}
      f:type: {}
    manager: kubectl-create
    operation: Update
    time: "2021-07-11T03:10:18Z"
  name: myblog
  namespace: luffy
  resourceVersion: "15853"
  selfLink: /api/v1/namespaces/luffy/secrets/myblog
  uid: 6da85352-0000-4127-9604-18484a8787b3
type: Opaque

修改后的mysql的yaml,资源路径:myblog/two-pod/mysql-with-config.yaml

...
spec:
  containers:
  - name: mysql
    args:
    - --character-set-server=utf8mb4
    - --collation-server=utf8mb4_unicode_ci
    env: #环境变量
    - name: MYSQL_USER
      valueFrom:
        secretKeyRef:
          name: myblog
          key: MYSQL_USER
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: myblog
          key: MYSQL_PASSWD
    - name: MYSQL_DATABASE
      value: "myblog"
...

整体修改后的myblog的yaml,资源路径:myblog/two-pod/myblog-with-config.yaml

apiVersion: v1
kind: Pod
metadata:
  name: myblog
  namespace: luffy
  labels:
    component: myblog
spec:
  containers:
  - name: myblog
    image: 10.0.1.5:5000/myblog:v1
    imagePullPolicy: IfNotPresent
    env:
    - name: MYSQL_HOST
      valueFrom:
        configMapKeyRef:
          name: myblog
          key: MYSQL_HOST
    - name: MYSQL_PORT
      valueFrom:
        configMapKeyRef:
          name: myblog
          key: MYSQL_PORT
    - name: MYSQL_USER
      valueFrom:
        secretKeyRef:
          name: myblog
          key: MYSQL_USER
    - name: MYSQL_PASSWD
      valueFrom:
        secretKeyRef:
          name: myblog
          key: MYSQL_PASSWD
    ports:
    - containerPort: 8002
    resources:
      requests:
        memory: 100Mi
        cpu: 50m
      limits:
        memory: 500Mi
        cpu: 100m
    livenessProbe:
      httpGet:
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
      periodSeconds: 15         # 执行探测的频率
      timeoutSeconds: 2         # 探测超时时间
    readinessProbe: 
      httpGet: 
        path: /blog/index/
        port: 8002
        scheme: HTTP
      initialDelaySeconds: 10 
      timeoutSeconds: 2
      periodSeconds: 15

在部署不同的环境时,pod的yaml无须再变化,只需要在每套环境中维护一套ConfigMap和Secret即可。但是注意configmap和secret不能跨namespace使用,且更新后,pod内的env不会自动更新,重建后方可更新。

[root@k8s-master week2]# vim mysql.yaml
[root@k8s-master week2]# vim myblog.yaml
[root@k8s-master week2]# kubectl -n luffy delete -f myblog.yaml 
pod "myblog" deleted

[root@k8s-master week2]# kubectl -n luffy delete -f mysql.yaml 
pod "mysql" deleted

[root@k8s-master week2]# kubectl -n luffy create  -f myblog.yaml
[root@k8s-master week2]# kubectl -n luffy create  -f mysql.yaml

[root@k8s-master week2]# kubectl -n luffy get po -owide
NAME     READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
myblog   1/1     Running   0          31m   10.244.1.9   k8s-slave1              
mysql    1/1     Running   0          74m   10.0.1.6     k8s-slave1              

[root@k8s-master week2]# curl 10.244.1.9:8002/blog/index/

我的博客列表:</h3>

如何编写资源yaml
  1. 拿来主义,从机器中已有的资源中拿

    $ kubectl -n kube-system get po,deployment,ds
    
  2. 学会在官网查找, https://kubernetes.io/docs/home/

  3. 从kubernetes-api文档中查找, https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#pod-v1-core

  4. kubectl explain 查看具体字段含义

pod状态与生命周期

Pod的状态如下表所示:

状态值 描述
Pending API Server已经创建该Pod,等待调度器调度
ContainerCreating 拉取镜像启动容器中
Running Pod内容器均已创建,且至少有一个容器处于运行状态、正在启动状态或正在重启状态
Succeeded|Completed Pod内所有容器均已成功执行退出,且不再重启
Failed|Error Pod内所有容器均已退出,但至少有一个容器退出为失败状态
CrashLoopBackOff Pod内有容器启动失败,比如配置文件丢失导致主进程启动失败
Unknown 由于某种原因无法获取该Pod的状态,可能由于网络通信不畅导致

生命周期示意图:

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第7张图片

启动和关闭示意:

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第8张图片

初始化容器:

  • 验证业务应用依赖的组件是否均已启动
  • 修改目录的权限
  • 调整系统参数
...
      initContainers:
      - command:
        - /sbin/sysctl
        - -w
        - vm.max_map_count=262144
        image: alpine:3.6
        imagePullPolicy: IfNotPresent
        name: elasticsearch-logging-init
        resources: {}
        securityContext:
          privileged: true
      - name: fix-permissions
        image: alpine:3.6
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: elasticsearch-logging
          mountPath: /usr/share/elasticsearch/data
...

验证Pod生命周期:

apiVersion: v1
kind: Pod
metadata:
  name: pod-lifecycle
  namespace: luffy
  labels:
    component: pod-lifecycless
spec:
  initContainers:
  - name: init
    image: busybox
    command: ['sh', '-c', 'echo $(date +%s): INIT >> /loap/timing']
    volumeMounts:
    - mountPath: /loap
      name: timing
  containers:
  - name: main
    image: busybox
    command: ['sh', '-c', 'echo $(date +%s): START >> /loap/timing;
sleep 10; echo $(date +%s): END >> /loap/timing;']
    volumeMounts:
    - mountPath: /loap 
      name: timing
    livenessProbe:
      exec:
        command: ['sh', '-c', 'echo $(date +%s): LIVENESS >> /loap/timing']
    readinessProbe:
      exec:
        command: ['sh', '-c', 'echo $(date +%s): READINESS >> /loap/timing']
    lifecycle:
      postStart:
        exec:
          command: ['sh', '-c', 'echo $(date +%s): POST-START >> /loap/timing']
      preStop:
        exec:
          command: ['sh', '-c', 'echo $(date +%s): PRE-STOP >> /loap/timing']
  volumes:
  - name: timing
    hostPath:
      path: /tmp/loap

创建pod测试:

$ kubectl create -f pod-lifecycle.yaml

## 查看demo状态
$ kubectl -n luffy get po -o wide -w

## 查看调度节点的/tmp/loap/timing
$ cat /tmp/loap/timing
1585424708: INIT
1585424746: START
1585424746: POST-START
1585424754: READINESS
1585424756: LIVENESS
1585424756: END

须主动杀掉 Pod 才会触发 pre-stop hook,如果是 Pod 自己 Down 掉,则不会执行 pre-stop hook ,且杀掉Pod进程前,进程必须是正常运行状态,否则不会执行pre-stop钩子

小结
  1. 实现k8s平台与特定的容器运行时解耦,提供更加灵活的业务部署方式,引入了Pod概念
  2. k8s使用yaml格式定义资源文件,yaml中Map与List的语法,与json做类比
  3. 通过kubectl apply| get | exec | logs | delete 等操作k8s资源,必须指定namespace
  4. 每启动一个Pod,为了实现网络空间共享,会先创建Infra容器,并把其他容器网络加入该容器
  5. 通过livenessProbe和readinessProbe实现Pod的存活性和就绪健康检查
  6. 通过requests和limit分别限定容器初始资源申请与最高上限资源申请
  7. Pod通过initContainer和lifecycle分别来执行初始化、pod启动和删除时候的操作,使得功能更加全面和灵活
  8. 编写yaml讲究方法,学习k8s,养成从官方网站查询知识的习惯

做了哪些工作:

  1. 定义Pod.yaml,将myblog和mysql打包在同一个Pod中,使用myblog使用localhost访问mysql
  2. mysql数据持久化,为myblog业务应用添加了健康检查和资源限制
  3. 将myblog与mysql拆分,使用独立的Pod管理
  4. yaml文件中的环境变量存在账号密码明文等敏感信息,使用configMap和Secret来统一配置,优化部署

只使用Pod, 面临的问题:

  1. 业务应用启动多个副本
  2. Pod重建后IP会变化,外部如何访问Pod服务
  3. 运行业务Pod的某个节点挂了,可以自动帮我把Pod转移到集群中的可用节点启动起来
  4. 我的业务应用功能是收集节点监控数据,需要把Pod运行在k8集群的各个节点上
Pod控制器
Workload (工作负载)

控制器又称工作负载是用于实现管理pod的中间层,确保pod资源符合预期的状态,pod的资源出现故障时,会尝试 进行重启,当根据重启策略无效,则会重新新建pod的资源。

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第9张图片

  • ReplicaSet: 用户创建指定数量的pod副本数量,确保pod副本数量符合预期状态,并且支持滚动式自动扩容和缩容功能
  • Deployment:工作在ReplicaSet之上,用于管理无状态应用,目前来说最好的控制器。支持滚动更新和回滚功能,提供声明式配置
  • DaemonSet:用于确保集群中的每一个节点只运行特定的pod副本,通常用于实现系统级后台任务。比如EFK服务
  • Job:只要完成就立即退出,不需要重启或重建
  • Cronjob:周期性任务控制,不需要持续后台运行
  • StatefulSet:管理有状态应用
Deployment

myblog/deployment/deploy-mysql.yaml

apiVersion: apps/v1  # 版本
kind: Deployment  # 类型
metadata:  # 元数据
  name: mysql # deployment的名称
  namespace: luffy
spec:       # 详细说明
  replicas: 1   #指定Pod副本数
  selector:             # 【指定Pod的选择器】,
    matchLabels:  # 匹配标签,
      app: mysql  # 与上面selector相对应,选择器会选择 pod里面带有 app=mysql这样label的pod
  template:  # 定义下面的一个标签模板
    metadata: # 元数据
      labels: #给Pod打label,与matchLabels是一起使用的,意思就是给pod定义一个matchLabel相匹配的标签
        app: mysql # 定义一个app=mysql的标签
    spec:
      hostNetwork: true
      volumes: 
      - name: mysql-data
        hostPath: 
          path: /opt/mysql/data
      nodeSelector:   # 使用节点选择器将Pod调度到指定label的节点
        component: mysql
      containers:
      - name: mysql
        image: mysql:5.7
        args:
        - --character-set-server=utf8mb4
        - --collation-server=utf8mb4_unicode_ci
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: myblog
              key: MYSQL_USER
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: myblog
              key: MYSQL_PASSWD
        - name: MYSQL_DATABASE
          value: "myblog"
        resources:
          requests:
            memory: 100Mi
            cpu: 50m
          limits:
            memory: 500Mi
            cpu: 100m
        readinessProbe:
          tcpSocket:
            port: 3306
          initialDelaySeconds: 5
          periodSeconds: 10
        livenessProbe:
          tcpSocket:
            port: 3306
          initialDelaySeconds: 15
          periodSeconds: 20
        volumeMounts:
        - name: mysql-data
          mountPath: /var/lib/mysql

deploy-myblog.yaml:

apiVersion: apps/v1 # 版本
kind: Deployment  # 类型
metadata:  #元数据
  name: myblog  # deployment的名称
  namespace: luffy
spec:    # 详细说明
  replicas: 1   #指定Pod副本数
  selector:             #指定Pod的选择器
    matchLabels:  # 匹配标签,
      app: myblog # 与下面选择器相对应,选择器选择 pod里面带有 app=myblog这样label的pod
  template: # 模板
    metadata:
      labels:   #给Pod打label,与matchLabels是一起使用的,意思就是给pod定义一个matchLabel相匹配的标签
        app: myblog
    spec:            # 到这以后基本都是pod的写法,注意这两个spec的位置,空格。
      containers:
      - name: myblog
        image: 10.0.1.5:5000/myblog:v1
        imagePullPolicy: IfNotPresent
        env:
        - name: MYSQL_HOST
          valueFrom:
            configMapKeyRef:
              name: myblog
              key: MYSQL_HOST
        - name: MYSQL_PORT
          valueFrom:
            configMapKeyRef:
              name: myblog
              key: MYSQL_PORT
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: myblog
              key: MYSQL_USER
        - name: MYSQL_PASSWD
          valueFrom:
            secretKeyRef:
              name: myblog
              key: MYSQL_PASSWD
        ports:
        - containerPort: 8002
        resources:
          requests:
            memory: 100Mi
            cpu: 50m
          limits:
            memory: 500Mi
            cpu: 100m
        livenessProbe:
          httpGet:
            path: /blog/index/
            port: 8002
            scheme: HTTP
          initialDelaySeconds: 10  # 容器启动后第一次执行探测是需要等待多少秒
          periodSeconds: 15     # 执行探测的频率
          timeoutSeconds: 2             # 探测超时时间
        readinessProbe: 
          httpGet: 
            path: /blog/index/
            port: 8002
            scheme: HTTP
          initialDelaySeconds: 10 
          timeoutSeconds: 2
          periodSeconds: 15
注:
[root@k8s-master week2]# vim mysql-deploy.yaml
[root@k8s-master week2]# vim myblog-deploy.yaml
[root@k8s-master week2]# kubectl delete -f mysql.yaml
[root@k8s-master week2]# kubectl delete  -f myblog.yaml 
创建Deployment
$ kubectl create -f deploy-mysql.yaml
$ kubectl create -f deploy-myblog.yaml
查看Deployment
# kubectl api-resources
$ kubectl -n luffy get deploy
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
myblog   1/1     1            1           2m22s
mysql    1/1     1            1           2d11h

  * `NAME` 列出了集群中 Deployments 的名称。
  * `READY`显示当前正在运行的副本数/期望的副本数。
  * `UP-TO-DATE`显示已更新以实现期望状态的副本数。
  * `AVAILABLE`显示应用程序可供用户使用的副本数。
  * `AGE` 显示应用程序运行的时间量。

# 查看pod
$ kubectl -n luffy get po
NAME                      READY   STATUS    RESTARTS   AGE
myblog-7c96c9f76b-qbbg7   1/1     Running   0          109s
mysql-85f4f65f99-w6jkj    1/1     Running   0          2m28s

# 查看replicaSet
$ kubectl -n luffy get rs
# 删除pod发现deployment会自动重新创建、
[root@k8s-master week2]# kubectl  -n luffy  get po
NAME                      READY   STATUS    RESTARTS   AGE
myblog-5d9b76df88-bxbfh   1/1     Running   0          5m12s
mysql-7446f4dc7b-jp2ps    1/1     Running   0          67m

[root@k8s-master week2]# kubectl  delete po myblog-5d9b76df88-tbzj4 -n luffy 
pod "myblog-5d9b76df88-tbzj4" deleted

[root@k8s-master week2]# kubectl  -n luffy  get po
NAME                      READY   STATUS    RESTARTS   AGE
myblog-5d9b76df88-bxbfh   1/1     Running   0          8m20s
mysql-7446f4dc7b-jp2ps    1/1     Running   0          70m

假如deployment在,却没有拉起pod怎么办?

# 查看kube-controller-manager-k8s-master日志,正常他会生成pod元数据,去查看为什么没有生成
$ kubectl -n kube-system  logs  -f kube-controller-manager-k8s-master

面试题

# kube-controller-manager和scheduler谁在前,谁在后?
kube-controller-manager在前,因为它负载是生成pod元数据,写到etcd中,schedule才能去调度
schedule是负责调度pod,如果没有pod没法调度
副本保障机制

controller实时检测pod状态,并保障副本数一直处于期望的值。

## 删除pod,观察pod状态变化
$ kubectl -n luffy delete pod myblog-7c96c9f76b-qbbg7

# 观察pod
$ kubectl get pods -o wide

## 设置两个副本, 或者通过kubectl -n luffy edit deploy myblog的方式,最好通过修改文件,然后apply的方式,这样yaml文件可以保持同步
$ kubectl -n luffy scale deploy myblog --replicas=2
deployment.extensions/myblog scaled

# 观察pod
$ kubectl get pods -o wide
NAME                      READY   STATUS    RESTARTS   AGE
myblog-7c96c9f76b-qbbg7   1/1     Running   0          11m
myblog-7c96c9f76b-s6brm   1/1     Running   0          55s
mysql-85f4f65f99-w6jkj    1/1     Running   0          11m
Pod驱逐策略

K8S 有个特色功能叫 pod eviction,它在某些场景下如节点 NotReady,或者资源不足时,把 pod 驱逐至其它节点,这也是出于业务保护的角度去考虑的。

  1. Kube-controller-manager: 周期性检查所有节点状态,当节点处于 NotReady 状态超过一段时间后,驱逐该节点上所有 pod。

    • pod-eviction-timeout:NotReady 状态节点超过该时间后,执行驱逐,默认 5 min,适用于k8s 1.13版本之前
    • 1.13版本后,集群开启TaintBasedEvictions 与TaintNodesByCondition 功能,即taint-based-evictions,即节点若失联或者出现各种异常情况,k8s会自动为node打上污点,同时为pod默认添加如下容忍设置:
    [root@k8s-master week2]# kubectl  -n luffy  get po myblog-5d9b76df88-7b4qh -oyaml|grep -A 8 "tolerations"
      tolerations:
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 300
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 300
    
      tolerations:
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 300
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 300
    

    即各pod可以独立设置驱逐容忍时间。

  2. Kubelet: 周期性检查本节点资源,当资源不足时,按照优先级驱逐部分 pod

    • memory.available:节点可用内存
    • nodefs.available:节点根盘可用存储空间
    • nodefs.inodesFree:节点inodes可用数量
    • imagefs.available:镜像存储盘的可用空间
    • imagefs.inodesFree:镜像存储盘的inodes可用数量
$ df -TH
存储盘满了,会去检查/var/lib/docker,或者docker所在目录,在没有设置的情况下使用率超过百分之80会出发kubelet的一些操作,比如清理image,检查到快满了会操作一些docker相关的操作,一旦去清理会全部把本地的镜像删除。还会有一个操作,假如镜像删除不了,会去驱逐你的pod,将pod赶到别的机器上去,也是处于保护业务的一种考虑。本质上说就是为了业务的稳定运行。
服务更新

修改服务,重新打tag模拟服务更新。

更新方式:

  1. 修改yaml文件,使用kubectl -n luffy apply -f deploy-myblog.yaml来应用更新

  2. kubectl -n luffy edit deploy myblog在线更新

  3. kubectl -n luffy set image deploy myblog myblog=10.0.1.5:5000/myblog:v2 --record

注
kubectl -n luffy set image deploy myblog myblog=10.0.1.5:5000/myblog:v2 --record
# 参数解释
# set image 设置镜像
# 给名字叫myblog的deploy,设置镜像
# myblog=10.0.1.5:5000/myblog:v2,myblog为容器名称=镜像地址,指定替换哪个容器的镜像
# --record 记录 不写也可以更改

可以 kubectl -n luffy set image -h 查看

修改文件测试:

注
修改内容测试,v2
[root@k8s-master ~]# vim /root/2021/python-demo/blog/templates/index.html 


[root@k8s-master python-demo]# pwd
/root/2021/python-demo
[root@k8s-master python-demo]# docker build . -t 10.0.1.5:5000/myblog:v2 -f Dockerfile 

[root@k8s-master python-demo]# docker push 10.0.1.5:5000/myblog:v2
[root@k8s-master python-demo]# kubectl -n luffy edit deploy myblog 
deployment.apps/myblog edited
改成v2
       image: 10.0.1.5:5000/myblog:v2
注意查看pod的变化
[root@k8s-master python-demo]# kubectl  -n luffy  get po -owide -w
NAME                      READY   STATUS    RESTARTS   AGE   IP            NODE         
myblog-5d9b76df88-7b4qh   1/1     Running   0          29m   10.244.0.7    k8s-master   
myblog-5d9b76df88-bxbfh   1/1     Running   0          36m   10.244.1.16   k8s-slave1   
mysql-7446f4dc7b-jp2ps    1/1     Running   0          98m   10.0.1.6      k8s-slave1

# 可以通过查看yaml文件看更新策略
$ kubectl  -n luffy  get deploy -oyaml |more 
更新策略
...
spec:
  replicas: 2	#指定Pod副本数
  selector:		#指定Pod的选择器
    matchLabels:
      app: myblog
  strategy:
    rollingUpdate:
      maxSurge: 25%  # 最大允许3个pod出现,replicas指定pod副本数是2,所以2+2*0.25=2.5,向上取整是2
      maxUnavailable: 25% # 最多允许2+2*0.5(向下取整是0):所以是2+0=2
    type: RollingUpdate		#指定更新方式为滚动更新,默认策略,通过get deploy yaml查看
    ...

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传k8s实践笔记_第10张图片

策略控制:

  • maxSurge:最大激增数, 指更新过程中, 最多可以比replicas预先设定值多出的pod数量, 可以为固定值或百分比,默认为desired Pods数的25%。计算时向上取整(比如3.4,取4),更新过程中最多会有replicas + maxSurge个pod
  • maxUnavailable: 指更新过程中, 最多有几个pod处于无法服务状态 , 可以为固定值或百分比,默认为desired Pods数的25%。计算时向下取整(比如3.6,取3)

在Deployment rollout时,需要保证Available(Ready) Pods数不低于 desired pods number - maxUnavailable; 保证所有的非异常状态Pods数不多于 desired pods number + maxSurge

以myblog为例,使用默认的策略,更新过程:

  1. maxSurge 25%,2个实例,向上取整,则maxSurge为1,意味着最多可以有2+1=3个Pod,那么此时会新创建1个ReplicaSet,RS-new,把副本数置为1,此时呢,副本控制器就去创建这个新的Pod
  2. 同时,maxUnavailable是25%,副本数2*25%,向下取整,则为0,意味着,滚动更新的过程中,不能有少于2个可用的Pod,因此,旧的Replica(RS-old)会先保持不动,等RS-new管理的Pod状态Ready后,此时已经有3个Ready状态的Pod了,那么由于只要保证有2个可用的Pod即可,因此,RS-old的副本数会有2个变成1个,此时,会删掉一个旧的Pod
  3. 删掉旧的Pod的时候,由于总的Pod数量又变成2个了,因此,距离最大的3个还有1个Pod可以创建,所以,RS-new把管理的副本数由1改成2,此时又会创建1个新的Pod,等RS-new管理了2个Pod都ready后,那么就可以把RS-old的副本数由1置为0了,这样就完成了滚动更新
#查看滚动更新事件
$ kubectl -n luffy describe deploy myblog
...
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  11s   deployment-controller  Scaled up replica set myblog-6cf56fc848 to 1
  Normal  ScalingReplicaSet  11s   deployment-controller  Scaled down replica set myblog-6fdcf98f9 to 1
  Normal  ScalingReplicaSet  11s   deployment-controller  Scaled up replica set myblog-6cf56fc848 to 2
  Normal  ScalingReplicaSet  6s    deployment-controller  Scaled down replica set myblog-6fdcf98f9 to 0
$ kubectl get rs
NAME                     DESIRED   CURRENT   READY   AGE
myblog-6cf56fc848   2         2         2       16h
myblog-6fdcf98f9    0         0         0       16h

除了滚动更新以外,还有一种策略是Recreate,直接在当前的pod基础上先删后建:

...
  strategy:
    type: Recreate
...

我们课程中的mysql服务应该使用Recreate来管理:

$ kubectl -n luffy edit deploy mysql
...
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: mysql
...
服务回滚

通过滚动升级的策略可以平滑的升级Deployment,若升级出现问题,需要最快且最好的方式回退到上一次能够提供正常工作的版本。为此K8S提供了回滚机制。

revision:更新应用时,K8S都会记录当前的版本号,即为revision,当升级出现问题时,可通过回滚到某个特定的revision,默认配置下,K8S只会保留最近的几个revision,可以通过Deployment配置文件中的spec.revisionHistoryLimit属性增加revision数量,默认是10。

查看当前:

$ kubectl -n luffy rollout history deploy myblog ##CHANGE-CAUSE为空
$ kubectl delete -f deploy-myblog.yaml    ## 方便演示到具体效果,删掉已有deployment

记录回滚:

$ kubectl apply -f deploy-myblog.yaml --record

$ kubectl -n luffy set image deploy myblog myblog=172.21.51.143:5000/myblog:v2 --record=true

查看deployment更新历史:

$ kubectl -n luffy rollout history deploy myblog
deployment.extensions/myblog
REVISION  CHANGE-CAUSE
1         kubectl create --filename=deploy-myblog.yaml --record=true
2         kubectl set image deploy myblog myblog=172.21.51.143:5000/demo/myblog:v1 --record=true

回滚到具体的REVISION:

$ kubectl -n luffy rollout undo deploy myblog --to-revision=1
deployment.extensions/myblog rolled back

# 访问应用测试
Kubernetes服务访问之Service

通过以前的学习,我们已经能够通过Deployment来创建一组Pod来提供具有高可用性的服务。虽然每个Pod都会分配一个单独的Pod IP,然而却存在如下两个问题:

  • Pod IP仅仅是集群内可见的虚拟IP,外部无法访问。
  • Pod IP会随着Pod的销毁而消失,当ReplicaSet对Pod进行动态伸缩时,Pod IP可能随时随地都会变化,这样对于我们访问这个服务带来了难度。
Service 负载均衡之Cluster IP

service是一组pod的服务抽象,相当于一组pod的LB,负责将请求分发给对应的pod。service会为这个LB提供一个IP,一般称为cluster IP 。使用Service对象,通过selector进行标签选择,找到对应的Pod:

myblog/deployment/svc-myblog.yaml

apiVersion: v1
kind: Service
metadata:
  name: myblog
  namespace: luffy
spec:
  ports:
  - port: 80 # 这是映射到这个ClusterIP上的端,可以自定义
    protocol: TCP # 协议是tcp
    targetPort: 8002 # 容器内的端口是8002
  selector:  # 节点选择器
    app: myblog # 选择app=myblog的pod
  type: ClusterIP # k8s中svc有三种类型,分别ClusterIP、NodePort、LoadBanlancer
# 查看labes
[root@k8s-master ~]# kubectl -n luffy get po --show-labels 
NAME                      READY   STATUS    RESTARTS   AGE    LABELS
myblog-5d9b76df88-k9cqs   1/1     Running   0          110s   app=myblog,pod-template-hash=5d9b76df88
myblog-5d9b76df88-wthjt   1/1     Running   0          12h    app=myblog,pod-template-hash=5d9b76df88
mysql-7446f4dc7b-5t9db    1/1     Running   0          16h    app=mysql,pod-template-hash=7446f4dc7b

# 可以看出selector选择器可以管理如下的pod
[root@k8s-master ~]# kubectl -n luffy  get po -l app=myblog
NAME                      READY   STATUS    RESTARTS   AGE
myblog-5d9b76df88-k9cqs   1/1     Running   0          3m19s
myblog-5d9b76df88-wthjt   1/1     Running   0          12h

操作演示:

## 别名
$ alias kd='kubectl -n luffy'

## 创建服务
$ kd create -f svc-myblog.yaml
$ kd get po --show-labels
NAME                      READY   STATUS    RESTARTS   AGE    LABELS
myblog-5c97d79cdb-jn7km   1/1     Running   0          6m5s   app=myblog
mysql-85f4f65f99-w6jkj    1/1     Running   0          176m   app=mysql

$ kd get svc
NAME     TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
myblog   ClusterIP   10.99.174.93           80/TCP    7m50s

$ kd describe svc myblog
Name:              myblog
Namespace:         demo
Labels:            
Annotations:       
Selector:          app=myblog
Type:              ClusterIP #这是一个虚拟ip,可以通过80端口访问他
IP:                10.99.174.93
Port:                80/TCP
TargetPort:        8002/TCP
Endpoints:         10.244.0.68:8002
Session Affinity:  None
Events:            

## 扩容myblog服务
$ kd scale deploy myblog --replicas=2
deployment.extensions/myblog scaled

## 再次查看
$ kd describe svc myblog
Name:              myblog
Namespace:         demo
Labels:            
Annotations:       
Selector:          app=myblog
Type:              ClusterIP
IP:                10.99.174.93
Port:                80/TCP
TargetPort:        8002/TCP
Endpoints:         10.244.0.68:8002,10.244.1.158:8002
Session Affinity:  None
Events:            
注释:
# 创建服务
[root@k8s-master week2]# kubectl -n luffy create  -f svc-myblog.yaml 

[root@k8s-master week2]# kubectl -n luffy  get po --show-labels 
NAME                      READY   STATUS    RESTARTS   AGE   LABELS
myblog-5d9b76df88-txhbn   1/1     Running   1          99m   app=myblog,pod-template-hash=5d9b76df88
myblog-5d9b76df88-wthjt   1/1     Running   1          14h   app=myblog,pod-template-hash=5d9b76df88
mysql-58d95d459c-xtcjl    1/1     Running   0          66m   app=mysql,pod-template-hash=58d95d459c

[root@k8s-master week2]# kubectl -n luffy  get svc
NAME        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
myblog      ClusterIP   10.104.72.57             80/TCP         102m

[root@k8s-master week2]# kubectl -n luffy get  pod -owide
NAME                      READY   STATUS    RESTARTS   AGE    IP            NODE         NOMINATED NODE   READINESS GATES
myblog-5d9b76df88-txhbn   1/1     Running   1          100m   10.244.0.11   k8s-master              
myblog-5d9b76df88-wthjt   1/1     Running   1          14h    10.244.1.20   k8s-slave1              
mysql-58d95d459c-xtcjl    1/1     Running   0          66m    10.244.1.21   k8s-slave1              

[root@k8s-master week2]# kubectl -n luffy  describe svc myblog
Name:              myblog
Namespace:         luffy
Labels:            
Annotations:       
Selector:          app=myblog
Type:              ClusterIP
IP:                10.104.72.57  # 访问这个地址的80 端口,会请求转发到下面的Endpoints对应的两个地址+端口上
Port:                80/TCP
TargetPort:        8002/TCP
Endpoints:         10.244.0.11:8002,10.244.1.20:8002
Session Affinity:  None
Events:            

# 可以看到访问 clusterIP的80 端口会转发到下面的Endpoints地址上,也就是myblog——pod上去
[root@k8s-master week2]# curl 10.104.72.57/blog/index/
<!DOCTYPE html>
"en">

    "UTF-8">
    首页<<span class="token operator">/</span>title>
<<span class="token operator">/</span>head>
<body>
<h3>我的博客列表:<<span class="token operator">/</span>h3>
    

    <<span class="token operator">/</span>br>
    <<span class="token operator">/</span>br>
    <a href=<span class="token string">" /blog/article/edit/0 "</span>>写博客<<span class="token operator">/</span>a>

<<span class="token operator">/</span>body>

<span class="token comment"># 删除一个pod,自动重建ip地址会发现改变</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  get po -owide</span>
NAME                      READY   STATUS    RESTARTS   AGE    IP            NODE         NOMINATED NODE   READINESS GATES
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>txhbn   1<span class="token operator">/</span>1     Running   1          104m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>11   k8s<span class="token operator">-</span>master   <none>           <none>
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>wthjt   1<span class="token operator">/</span>1     Running   1          14h    10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>20   k8s<span class="token operator">-</span>slave1   <none>           <none>
mysql<span class="token operator">-</span>58d95d459c<span class="token operator">-</span>xtcjl    1<span class="token operator">/</span>1     Running   0          70m    10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>21   k8s<span class="token operator">-</span>slave1   <none>           <none>

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  delete  po myblog-5d9b76df88-txhbn </span>
pod <span class="token string">"myblog-5d9b76df88-txhbn"</span> deleted

<span class="token comment"># ip已经从原来的11变成了12</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  get po -owide</span>
NAME                      READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>l69gj   1<span class="token operator">/</span>1     Running   0          45s   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>12   k8s<span class="token operator">-</span>master   <none>           <none>
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>wthjt   1<span class="token operator">/</span>1     Running   1          14h   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>20   k8s<span class="token operator">-</span>slave1   <none>           <none>
mysql<span class="token operator">-</span>58d95d459c<span class="token operator">-</span>xtcjl    1<span class="token operator">/</span>1     Running   0          72m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>21   k8s<span class="token operator">-</span>slave1   <none>           <none>

<span class="token comment"># 再次查看,svc后端的地址也会更新成12</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  describe  svc myblog</span>
Name:              myblog
Namespace:         luffy
Labels:            <none>
Annotations:       <none>
Selector:          app=myblog
<span class="token function">Type</span>:              ClusterIP
IP:                10<span class="token punctuation">.</span>104<span class="token punctuation">.</span>72<span class="token punctuation">.</span>57
Port:              <unset>  80<span class="token operator">/</span>TCP
TargetPort:        8002<span class="token operator">/</span>TCP
Endpoints:         10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>12:8002<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>20:8002
Session Affinity:  None
Events:            <none>

<span class="token comment"># 会与endpoints绑定,创建svc是默认创建一个同名endpoints</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  get endpoints myblog</span>
NAME     ENDPOINTS                           AGE
myblog   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>12:8002<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>20:8002   113m
</code></pre> 
  <p>Service与Pod如何关联:</p> 
  <p>service对象创建的同时,会创建同名的endpoints对象,若服务设置了readinessProbe, 当readinessProbe检测失败时,endpoints列表中会剔除掉对应的pod_ip,这样流量就不会分发到健康检测失败的Pod中</p> 
  <pre><code class="prism language-powershell">$ kd get endpoints myblog
NAME     ENDPOINTS                            AGE
myblog   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>68:8002<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>158:8002   7m
</code></pre> 
  <p>Service Cluster-IP如何访问:</p> 
  <pre><code class="prism language-powershell">$ kd get svc myblog
NAME   <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>   AGE
myblog   ClusterIP   10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93   <none>        80<span class="token operator">/</span>TCP    13m
$ curl 10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93<span class="token operator">/</span>blog<span class="token operator">/</span>index<span class="token operator">/</span>
</code></pre> 
  <p>为mysql服务创建service:</p> 
  <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Service
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> mysql
  <span class="token key atrule">namespace</span><span class="token punctuation">:</span> luffy
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
  <span class="token key atrule">ports</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">port</span><span class="token punctuation">:</span> <span class="token number">3306</span>
    <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP
    <span class="token key atrule">targetPort</span><span class="token punctuation">:</span> <span class="token number">3306</span>
  <span class="token key atrule">selector</span><span class="token punctuation">:</span>
    <span class="token key atrule">app</span><span class="token punctuation">:</span> mysql
  <span class="token key atrule">type</span><span class="token punctuation">:</span> ClusterIP
</code></pre> 
  <p>访问mysql:</p> 
  <pre><code class="prism language-powershell">$ kubectl  apply <span class="token operator">-</span>f svc<span class="token operator">-</span>mysql<span class="token punctuation">.</span>yaml
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl  -n luffy  get svc mysql</span>
NAME    <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>    AGE
mysql   ClusterIP   10<span class="token punctuation">.</span>106<span class="token punctuation">.</span>120<span class="token punctuation">.</span>127   <none>        3306<span class="token operator">/</span>TCP   102m
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># curl 10.106.120.127:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>34m<span class="token punctuation">]</span> 
4>ÿÿaRSFqx
kMmysql_native_password<span class="token operator">!</span>ÿ<span class="token comment">#08S01Got packets out of order</span>
</code></pre> 
  <p>目前使用hostNetwork部署,通过宿主机ip+port访问,弊端:</p> 
  <ul> 
   <li>服务使用hostNetwork,使得宿主机的端口大量暴漏,存在安全隐患</li> 
   <li>容易引发端口冲突</li> 
  </ul> 
  <p>服务均属于k8s集群,尽可能使用k8s的网络访问,因此可以对目前myblog访问mysql的方式做改造:</p> 
  <ul> 
   <li>为mysql创建一个固定clusterIp的Service,把clusterIp配置在myblog的环境变量中</li> 
   <li>利用集群服务发现的能力,组件之间通过service name来访问</li> 
  </ul> 
  <h6>服务发现</h6> 
  <p>在k8s集群中,组件之间可以通过定义的Service名称实现通信。</p> 
  <p>演示服务发现:</p> 
  <pre><code class="prism language-powershell"><span class="token comment">## 演示思路:在myblog的容器中直接通过service名称访问服务,观察是否可以访问通</span>

<span class="token comment"># 先查看服务</span>
$ kd get svc
NAME     <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP      EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>    AGE
myblog   ClusterIP   10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93    <none>        80<span class="token operator">/</span>TCP     59m
mysql    ClusterIP   10<span class="token punctuation">.</span>108<span class="token punctuation">.</span>214<span class="token punctuation">.</span>84   <none>        3306<span class="token operator">/</span>TCP   35m

<span class="token comment"># 进入myblog容器</span>
$ kd exec <span class="token operator">-</span>ti myblog<span class="token operator">-</span>5c97d79cdb<span class="token operator">-</span>j485f bash
<span class="token namespace">[root@myblog-5c97d79cdb-j485f myblog]</span><span class="token comment"># curl mysql:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>29 <span class="token punctuation">)</span>→  <span class="token punctuation">(</span>mysql_native_password ot packets out of order
<span class="token namespace">[root@myblog-5c97d79cdb-j485f myblog]</span><span class="token comment"># curl myblog/blog/index/</span>
我的博客列表
</code></pre> 
  <p>虽然podip和clusterip都不固定,但是service name是固定的,而且具有完全的跨集群可移植性,因此组件之间调用的同时,完全可以通过service name去通信,这样避免了大量的ip维护成本,使得服务的yaml模板更加简单。因此可以对mysql和myblog的部署进行优化改造:</p> 
  <ol> 
   <li>mysql可以去掉hostNetwork部署,使得服务只暴漏在k8s集群内部网络</li> 
   <li>configMap中数据库地址可以换成Service名称,这样跨环境的时候,配置内容基本上可以保持不用变化</li> 
  </ol> 
  <pre><code class="prism language-powershell">注:为什么在myblog容器内 curl mysql:3306 也能通?
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl  -n luffy  get svc</span>
NAME        <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>        AGE
myblog      ClusterIP   10<span class="token punctuation">.</span>104<span class="token punctuation">.</span>72<span class="token punctuation">.</span>57     <none>        80<span class="token operator">/</span>TCP         116m
mysql       ClusterIP   10<span class="token punctuation">.</span>106<span class="token punctuation">.</span>120<span class="token punctuation">.</span>127   <none>        3306<span class="token operator">/</span>TCP       104m

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  get po</span>
NAME                      READY   STATUS    RESTARTS   AGE
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>l69gj   1<span class="token operator">/</span>1     Running   0          7m43s
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>wthjt   1<span class="token operator">/</span>1     Running   1          14h

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti myblog-5d9b76df88-l69gj -- bash</span>
<span class="token namespace">[root@myblog-5d9b76df88-l69gj myblog]</span><span class="token comment"># curl 10.106.120.127:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>34ͱxn<span class="token punctuation">)</span>	ÿÿ~Y<span class="token punctuation">[</span><span class="token comment">#Nj8%|9mysql_native_password!ÿ#08S01Got packets out of order</span>

依次回去如下解析
<span class="token namespace">[root@myblog-5d9b76df88-l69gj myblog]</span><span class="token comment"># cat /etc/resolv.conf </span>
nameserver 10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10 <span class="token comment"># 所有的pod这一行都是一样的,下面的则是同一个namespace下是相同的内容</span>
search luffy<span class="token punctuation">.</span>svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local cluster<span class="token punctuation">.</span>local
options ndots:5

<span class="token comment"># 定义一个search,会一次去做解析,如果不同就继续下挨个匹配</span>
luffy<span class="token punctuation">.</span>svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local
svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local
cluster<span class="token punctuation">.</span>local

<span class="token namespace">[root@myblog-5d9b76df88-l69gj myblog]</span><span class="token comment"># curl mysql.luffy.svc.cluster.local:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>34K8Op	RWÿÿxJQ6B?v:A42mysql_native_password<span class="token operator">!</span>ÿ<span class="token comment">#08S01Got packets out of order</span>

【为什么会通,还要看namespace,一般namespace的端口是53】
<span class="token namespace">[root@myblog-5d9b76df88-l69gj myblog]</span><span class="token comment"># curl 10.96.0.10:53</span>
curl: <span class="token punctuation">(</span>52<span class="token punctuation">)</span> Empty reply <span class="token keyword">from</span> server

<span class="token comment"># 既然能通,那么10.96.0.10是从哪来的</span>
<span class="token comment"># 参数解释 </span>
<span class="token operator">-</span>A 跨整个namespace查询,等于 <span class="token operator">--</span>all<span class="token operator">-</span>namespace
<span class="token namespace">[root@k8s-master ~]</span><span class="token comment"># kubectl get service -A|grep "10.96.0.10"</span>
kube<span class="token operator">-</span>system            kube<span class="token operator">-</span>dns                    ClusterIP   10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10       <none>        53<span class="token operator">/</span>UDP<span class="token punctuation">,</span>53<span class="token operator">/</span>TCP<span class="token punctuation">,</span>9153<span class="token operator">/</span>TCP   2d12

<span class="token comment"># 怎么查看这个svc是哪个pod</span>
<span class="token namespace">[root@k8s-master ~]</span><span class="token comment"># kubectl -n kube-system describe svc kube-dns</span>
Name:              kube<span class="token operator">-</span>dns
Namespace:         kube<span class="token operator">-</span>system
Labels:            k8s<span class="token operator">-</span>app=kube<span class="token operator">-</span>dns
                   kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>cluster<span class="token operator">-</span>service=true
                   kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>name=KubeDNS
Annotations:       prometheus<span class="token punctuation">.</span>io<span class="token operator">/</span>port: 9153
                   prometheus<span class="token punctuation">.</span>io<span class="token operator">/</span>scrape: true
Selector:          k8s<span class="token operator">-</span>app=kube<span class="token operator">-</span>dns  <span class="token comment"># 用它搜索查找pod</span>
<span class="token function">Type</span>:              ClusterIP
IP:                10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10
Port:              dns  53<span class="token operator">/</span>UDP
TargetPort:        53<span class="token operator">/</span>UDP
Endpoints:         10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>4:53<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>5:53
Port:              dns<span class="token operator">-</span>tcp  53<span class="token operator">/</span>TCP
TargetPort:        53<span class="token operator">/</span>TCP
Endpoints:         10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>4:53<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>5:53
Port:              metrics  9153<span class="token operator">/</span>TCP
TargetPort:        9153<span class="token operator">/</span>TCP
Endpoints:         10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>4:9153<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>5:9153
Session Affinity:  None
Events:            <none>

<span class="token namespace">[root@k8s-master ~]</span><span class="token comment"># kubectl -n kube-system get po -l k8s-app=kube-dns -owide</span>
NAME                       READY   STATUS    RESTARTS   AGE     IP           NODE         NOMINATED NODE   READINESS GATES
coredns<span class="token operator">-</span>6d56c8448f<span class="token operator">-</span>csr4b   1<span class="token operator">/</span>1     Running   1          2d12h   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>4   k8s<span class="token operator">-</span>master   <none>           <none>
coredns<span class="token operator">-</span>6d56c8448f<span class="token operator">-</span>jh2gm   1<span class="token operator">/</span>1     Running   1          2d12h   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>5   k8s<span class="token operator">-</span>master   <none>           <none>

<span class="token comment"># 所有的pod这一行的namespace都是一样的,下面的则是同一个namespace下是相同的内容</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy get pod</span>
NAME                      READY   STATUS    RESTARTS   AGE
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>85k24   1<span class="token operator">/</span>1     Running   0          7m41s
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>t26t4   1<span class="token operator">/</span>1     Running   0          8m48s
mysql<span class="token operator">-</span>7446f4dc7b<span class="token operator">-</span>7kpj8    1<span class="token operator">/</span>1     Running   0          8m43s

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti myblog-5d9b76df88-85k24 -- cat /etc/resolv.conf </span>
nameserver 10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10
search luffy<span class="token punctuation">.</span>svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local cluster<span class="token punctuation">.</span>local
options ndots:5

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti myblog-5d9b76df88-t26t4 -- cat /etc/resolv.conf </span>
nameserver 10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10
search luffy<span class="token punctuation">.</span>svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local cluster<span class="token punctuation">.</span>local
options ndots:5

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti mysql-7446f4dc7b-7kpj8 -- cat /etc/resolv.conf </span>
nameserver 1<span class="token punctuation">.</span>2<span class="token punctuation">.</span>4<span class="token punctuation">.</span>8 <span class="token comment"># host模式启动的和宿主机是一样的</span>

意味着在容器内可以通过curl mysql:3306 去访问
</code></pre> 
  <p>修改deploy-mysql.yaml</p> 
  <pre><code class="prism language-yaml">    <span class="token key atrule">spec</span><span class="token punctuation">:</span>
      <span class="token key atrule">hostNetwork</span><span class="token punctuation">:</span> <span class="token boolean important">true</span>	<span class="token comment"># 去掉此行</span>
      <span class="token key atrule">volumes</span><span class="token punctuation">:</span> 
      <span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> mysql<span class="token punctuation">-</span>data
        <span class="token key atrule">hostPath</span><span class="token punctuation">:</span> 
          <span class="token key atrule">path</span><span class="token punctuation">:</span> /opt/mysql/data


        <span class="token key atrule">ports</span><span class="token punctuation">:</span>
        <span class="token punctuation">-</span> <span class="token key atrule">containerPort</span><span class="token punctuation">:</span> <span class="token number">3306</span>
          <span class="token key atrule">hostPort</span><span class="token punctuation">:</span> <span class="token number">3306</span> 	<span class="token comment"># 去掉此行</span>
          <span class="token key atrule">protocol</span><span class="token punctuation">:</span> TCP
</code></pre> 
  <p>修改configmap.yaml</p> 
  <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ConfigMap
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
  <span class="token key atrule">namespace</span><span class="token punctuation">:</span> luffy
<span class="token key atrule">data</span><span class="token punctuation">:</span>
  <span class="token key atrule">MYSQL_HOST</span><span class="token punctuation">:</span> <span class="token string">"mysql"</span>	<span class="token comment"># 此处替换为mysql</span>
  <span class="token key atrule">MYSQL_PORT</span><span class="token punctuation">:</span> <span class="token string">"3306"</span>
  
注:若是yaml文件,直接修改重建,若是txt文件操作如下  
<span class="token punctuation">[</span>root@k8s<span class="token punctuation">-</span>master week2<span class="token punctuation">]</span><span class="token comment"># vim configmap.txt</span>
<span class="token punctuation">[</span>root@k8s<span class="token punctuation">-</span>master week2<span class="token punctuation">]</span><span class="token comment"># cat  configmap.txt</span>
MYSQL_HOST=mysql
MYSQL_PORT=3306

<span class="token punctuation">[</span>root@k8s<span class="token punctuation">-</span>master week2<span class="token punctuation">]</span><span class="token comment"># kubectl  delete cm myblog -n luffy </span>
configmap "myblog" deleted
<span class="token punctuation">[</span>root@k8s<span class="token punctuation">-</span>master week2<span class="token punctuation">]</span><span class="token comment"># kubectl create cm -h</span>
<span class="token comment"># 找到如下行</span>
kubectl create configmap my<span class="token punctuation">-</span>config <span class="token punctuation">-</span><span class="token punctuation">-</span>from<span class="token punctuation">-</span>env<span class="token punctuation">-</span>file=path/to/bar.env
执行如下:
kubectl <span class="token punctuation">-</span>n luffy create configmap myblog <span class="token punctuation">-</span><span class="token punctuation">-</span>from<span class="token punctuation">-</span>env<span class="token punctuation">-</span>file=configmap.txt 

</code></pre> 
  <p>应用修改:</p> 
  <pre><code class="prism language-powershell">$ kubectl delete <span class="token operator">-</span>f deployment<span class="token operator">-</span>mysql<span class="token punctuation">.</span>yaml

<span class="token comment">## myblog不用动,会自动因健康检测不过而重启</span>

<span class="token comment"># 删除如上两行,重新构建,发现mysql的ip由原来的宿主机ip变成了pod_ip</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl  get po -n luffy -owide</span>
NAME                      READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>85k24   1<span class="token operator">/</span>1     Running   0          18m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>7   k8s<span class="token operator">-</span>master   <none>           <none>
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>t26t4   1<span class="token operator">/</span>1     Running   0          19m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6   k8s<span class="token operator">-</span>slave1   <none>           <none>
mysql<span class="token operator">-</span>7446f4dc7b<span class="token operator">-</span>7kpj8    1<span class="token operator">/</span>1     Running   0          19m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>7     k8s<span class="token operator">-</span>slave1   <none>  

<span class="token comment"># 对别这步骤之前的mysql_pod地址</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl  get po -n luffy -owide</span>
NAME                      READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>85k24   1<span class="token operator">/</span>1     Running   0          18m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>7   k8s<span class="token operator">-</span>master   <none>           <none>
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>t26t4   1<span class="token operator">/</span>1     Running   0          19m   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6   k8s<span class="token operator">-</span>slave1   <none>           <none>
mysql<span class="token operator">-</span>7446f4dc7b<span class="token operator">-</span>7kpj8    1<span class="token operator">/</span>1     Running   0          19m   10<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6     k8s<span class="token operator">-</span>slave1   <none>  

<span class="token comment"># 再次进入容器发现curl 10.0.1.6:3306发现已经不通了,curl pod_id:3306却是通的,说明此时已经变成k8s内部的网络</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti myblog-5d9b76df88-85k24 -- curl 10.0.1.6:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>34zruLd<span class="token operator">-</span>Wÿÿ<span class="token operator">%</span><span class="token operator">*</span>Vxkmysql_native_password<span class="token operator">!</span>ÿ<span class="token comment">#08S01Got packets out of order</span>

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  exec -ti myblog-5d9b76df88-85k24 -- curl 10.0.1.7:3306</span>
5<span class="token punctuation">.</span>7<span class="token punctuation">.</span>34zruLd<span class="token operator">-</span>Wÿÿ<span class="token operator">%</span><span class="token operator">*</span>Vxkmysql_native_password<span class="token operator">!</span>ÿ<span class="token comment">#08S01Got packets out of order</span>

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl  describe svc mysql -n luffy </span>
Name:              mysql
Namespace:         luffy
Labels:            <none>
Annotations:       <none>
Selector:          app=mysql
<span class="token function">Type</span>:              ClusterIP
IP:                10<span class="token punctuation">.</span>107<span class="token punctuation">.</span>191<span class="token punctuation">.</span>182
Port:              <unset>  3306<span class="token operator">/</span>TCP
TargetPort:        3306<span class="token operator">/</span>TCP
Endpoints:         10<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6:3306
Session Affinity:  None
Events:            <none>

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy exec -ti myblog-5d9b76df88-t26t4 -- env | grep -i mysql</span>
MYSQL_HOST=10<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6
MYSQL_PORT=3306
MYSQL_USER=root
MYSQL_PASSWD=123456

<span class="token comment"># 回顾这么做的原因:</span>
<span class="token comment"># 目前使用hostNetwork部署,通过宿主机ip+port访问,弊端:</span>
<span class="token comment">#- 服务使用hostNetwork,使得宿主机的端口大量暴漏,存在安全隐患</span>
<span class="token comment">#- 容易引发端口冲突</span>

<span class="token comment">#服务均属于k8s集群,尽可能使用k8s的网络访问,因此可以对目前myblog访问mysql的方式做改造:</span>

<span class="token comment">#- 为mysql创建一个固定clusterIp的Service,把clusterIp配置在myblog的环境变量中</span>
<span class="token comment">#- 利用集群服务发现的能力,组件之间通过service name来访问</span>
</code></pre> 
  <pre><code class="prism language-powershell">总结:这样做既不用担心pod来回变的问题,还能以一个固定的方式 mysql:3306 的方式访问,这个mysql名称是可以固定的,这样一来,两套一模一样的对象,configmap也无需变动,可以在多套环境中来回移植。
</code></pre> 
  <p>服务发现实现:</p> 
  <p><code>CoreDNS</code>是一个<code>Go</code>语言实现的链式插件<code>DNS服务端</code>,是CNCF成员,是一个高性能、易扩展的<code>DNS服务端</code>。</p> 
  <pre><code class="prism language-powershell">$ kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system get po <span class="token operator">-</span>o wide<span class="token punctuation">|</span>grep dns
coredns<span class="token operator">-</span>d4475785<span class="token operator">-</span>2w4hk             1<span class="token operator">/</span>1     Running   0          4d22h   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>64       
coredns<span class="token operator">-</span>d4475785<span class="token operator">-</span>s49hq             1<span class="token operator">/</span>1     Running   0          4d22h   10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>65

<span class="token comment"># 查看myblog的pod解析配置</span>
$ kubectl <span class="token operator">-</span>n luffy exec <span class="token operator">-</span>ti myblog<span class="token operator">-</span>5c97d79cdb<span class="token operator">-</span>j485f bash
<span class="token namespace">[root@myblog-5c97d79cdb-j485f myblog]</span><span class="token comment"># cat /etc/resolv.conf</span>
nameserver 10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10
search luffy<span class="token punctuation">.</span>svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local svc<span class="token punctuation">.</span>cluster<span class="token punctuation">.</span>local cluster<span class="token punctuation">.</span>local
options ndots:5

<span class="token comment">## 10.96.0.10 从哪来</span>
$ kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system get svc
NAME       <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP   EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>         AGE
kube<span class="token operator">-</span>dns   ClusterIP   10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>10   <none>        53<span class="token operator">/</span>UDP<span class="token punctuation">,</span>53<span class="token operator">/</span>TCP   51d

<span class="token comment">## 启动pod的时候,会把kube-dns服务的cluster-ip地址注入到pod的resolve解析配置中,同时添加对应的namespace的search域。 因此跨namespace通过service name访问的话,需要添加对应的namespace名称,</span>
service_name<span class="token punctuation">.</span>namespace
$ kubectl get svc
NAME         <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP   EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>   AGE
kubernetes   ClusterIP   10<span class="token punctuation">.</span>96<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1    <none>        443<span class="token operator">/</span>TCP   26h
</code></pre> 
  <h6>Service负载均衡之NodePort</h6> 
  <p>cluster-ip为虚拟地址,只能在k8s集群内部进行访问,集群外部如果访问内部服务,实现方式之一为使用NodePort方式。NodePort会默认在 30000-32767 ,不指定的会随机使用其中一个。</p> 
  <p><code>myblog/deployment/svc-myblog-nodeport.yaml</code></p> 
  <pre><code class="prism language-powershell">apiVersion: v1
kind: Service
metadata:
  name: myblog<span class="token operator">-</span>np
  namespace: luffy
spec:
  ports:
  <span class="token operator">-</span> port: 80
    protocol: TCP
    targetPort: 8002
  selector:
    app: myblog
  <span class="token function">type</span>: NodePort
</code></pre> 
  <p>查看并访问服务:</p> 
  <pre><code class="prism language-powershell">$ kd create <span class="token operator">-</span>f svc<span class="token operator">-</span>myblog<span class="token operator">-</span>nodeport<span class="token punctuation">.</span>yaml
service<span class="token operator">/</span>myblog<span class="token operator">-</span>np created
$ kd get svc
NAME        <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>        AGE
myblog      ClusterIP   10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93     <none>        80<span class="token operator">/</span>TCP         102m
myblog<span class="token operator">-</span>np   NodePort    10<span class="token punctuation">.</span>105<span class="token punctuation">.</span>228<span class="token punctuation">.</span>101   <none>        80:30647<span class="token operator">/</span>TCP   4s
mysql       ClusterIP   10<span class="token punctuation">.</span>108<span class="token punctuation">.</span>214<span class="token punctuation">.</span>84    <none>        3306<span class="token operator">/</span>TCP       77m

<span class="token comment">#集群内每个节点的NodePort端口都会进行监听</span>
$ curl 172<span class="token punctuation">.</span>21<span class="token punctuation">.</span>51<span class="token punctuation">.</span>143:30647<span class="token operator">/</span>blog<span class="token operator">/</span>index<span class="token operator">/</span>
我的博客列表
$ curl 172<span class="token punctuation">.</span>21<span class="token punctuation">.</span>51<span class="token punctuation">.</span>143:30647<span class="token operator">/</span>blog<span class="token operator">/</span>index<span class="token operator">/</span>
我的博客列表
<span class="token comment">## 浏览器访问</span>
</code></pre> 
  <p>思考:</p> 
  <ol> 
   <li> <p>NodePort的端口监听如何转发到对应的Pod服务?</p> </li> 
   <li> <p>CLUSTER-IP为虚拟IP,集群内如何通过虚拟IP访问到具体的Pod服务?</p> </li> 
  </ol> 
  <h6>kube-proxy</h6> 
  <p>运行在每个节点上,监听 API Server 中服务对象的变化,再通过创建流量路由规则来实现网络的转发。参照</p> 
  <p>有三种模式:</p> 
  <ul> 
   <li>User space, 让 Kube-Proxy 在用户空间监听一个端口,所有的 Service 都转发到这个端口,然后 Kube-Proxy 在内部应用层对其进行转发 , 所有报文都走一遍用户态,性能不高,k8s v1.2版本后废弃。</li> 
   <li>Iptables, 当前默认模式,完全由 IPtables 来实现, 通过各个node节点上的iptables规则来实现service的负载均衡,但是随着service数量的增大,iptables模式由于线性查找匹配、全量更新等特点,其性能会显著下降。</li> 
   <li>IPVS, 与iptables同样基于Netfilter,但是采用的hash表,因此当service数量达到一定规模时,hash查表的速度优势就会显现出来,从而提高service的服务性能。 k8s 1.8版本开始引入,1.11版本开始稳定,需要开启宿主机的ipvs模块。</li> 
  </ul> 
  <p>IPtables模式示意图:</p> 
  <p><a href="http://img.e-com-net.com/image/info8/2c3f379391e444a39cb94574977878e7.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/2c3f379391e444a39cb94574977878e7.jpg" alt="k8s实践笔记_第11张图片" width="202" height="150" style="border:1px solid black;"></a></p> 
  <pre><code class="prism language-powershell">$ iptables<span class="token operator">-</span>save <span class="token punctuation">|</span>grep <span class="token operator">-</span>v myblog<span class="token operator">-</span>np<span class="token punctuation">|</span>grep  <span class="token string">"luffy/myblog"</span>
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SERVICES <span class="token operator">!</span> <span class="token operator">-</span>s 10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token operator">/</span>16 <span class="token operator">-</span>d 10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93<span class="token operator">/</span>32 <span class="token operator">-</span>p tcp <span class="token operator">-</span>m comment <span class="token operator">--</span>comment <span class="token string">"demo/myblog: cluster IP"</span> <span class="token operator">-</span>m tcp <span class="token operator">--</span>dport 80 <span class="token operator">-</span>j KUBE<span class="token operator">-</span>MARK<span class="token operator">-</span>MASQ
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SERVICES <span class="token operator">-</span>d 10<span class="token punctuation">.</span>99<span class="token punctuation">.</span>174<span class="token punctuation">.</span>93<span class="token operator">/</span>32 <span class="token operator">-</span>p tcp <span class="token operator">-</span>m comment <span class="token operator">--</span>comment <span class="token string">"demo/myblog: cluster IP"</span> <span class="token operator">-</span>m tcp <span class="token operator">--</span>dport 80 <span class="token operator">-</span>j KUBE<span class="token operator">-</span>SVC<span class="token operator">-</span>WQNGJ7YFZKCTKPZK

$ iptables<span class="token operator">-</span>save <span class="token punctuation">|</span>grep KUBE<span class="token operator">-</span>SVC<span class="token operator">-</span>WQNGJ7YFZKCTKPZK
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SVC<span class="token operator">-</span>WQNGJ7YFZKCTKPZK <span class="token operator">-</span>m statistic <span class="token operator">--</span>mode random <span class="token operator">--</span>probability 0<span class="token punctuation">.</span>50000000000 <span class="token operator">-</span>j KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>GB5GNOM5CZH7ICXZ
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SVC<span class="token operator">-</span>WQNGJ7YFZKCTKPZK <span class="token operator">-</span>j KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>7GWC3FN2JI5KLE47

$  iptables<span class="token operator">-</span>save <span class="token punctuation">|</span>grep KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>GB5GNOM5CZH7ICXZ
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>GB5GNOM5CZH7ICXZ <span class="token operator">-</span>p tcp <span class="token operator">-</span>m tcp <span class="token operator">-</span>j DNAT <span class="token operator">--</span>to<span class="token operator">-</span>destination 10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>158:8002

$ iptables<span class="token operator">-</span>save <span class="token punctuation">|</span>grep KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>7GWC3FN2JI5KLE47
<span class="token operator">-</span>A KUBE<span class="token operator">-</span>SEP<span class="token operator">-</span>7GWC3FN2JI5KLE47 <span class="token operator">-</span>p tcp <span class="token operator">-</span>m tcp <span class="token operator">-</span>j DNAT <span class="token operator">--</span>to<span class="token operator">-</span>destination 10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>159:8002
</code></pre> 
  <blockquote> 
   <p>面试题: k8s的Service Cluster-IP能不能ping通</p> 
   <p>在kube-proxy的iptables模式是不能ping通,此ip没有网卡,是一个虚拟ip,只是通过iptables规则来做转发的,没有规则去处理ICMP协议,在IPVS模式下可以ping通,所有的clusterIp会被设置在node上的kube-ipvs0的虚拟网卡上,这个时候去ping是可以通的。</p> 
   <p>简单来说:在kube-proxy的iptables模式下,这个ip是一个虚拟ip,没绑定网卡,只是通过iptables规则来做转发的,没有对ICMP的包做处理。在IPVS模式下可以平台,所有的clusterip会被绑定在node上的kube-ipvs0的虚拟网卡上,所以它可以ping通。</p> 
  </blockquote> 
  <p><strong>iptables转换ipvs模式</strong></p> 
  <pre><code class="prism language-powershell"><span class="token comment"># 内核开启ipvs模块,集群各节点都执行</span>
<span class="token function">cat</span> > <span class="token operator">/</span>etc<span class="token operator">/</span>sysconfig<span class="token operator">/</span>modules<span class="token operator">/</span>ipvs<span class="token punctuation">.</span>modules <<EOF
<span class="token comment">#!/bin/bash</span>
ipvs_modules=<span class="token string">"ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"</span>
<span class="token keyword">for</span> kernel_module in \$<span class="token punctuation">{</span>ipvs_modules<span class="token punctuation">}</span><span class="token punctuation">;</span> <span class="token keyword">do</span>
    <span class="token operator">/</span>sbin<span class="token operator">/</span>modinfo <span class="token operator">-</span>F filename \$<span class="token punctuation">{</span>kernel_module<span class="token punctuation">}</span> > <span class="token operator">/</span>dev<span class="token operator">/</span>null 2>&1
    <span class="token keyword">if</span> <span class="token punctuation">[</span> $? <span class="token operator">-eq</span> 0 <span class="token punctuation">]</span><span class="token punctuation">;</span> then
        <span class="token operator">/</span>sbin<span class="token operator">/</span>modprobe \$<span class="token punctuation">{</span>kernel_module<span class="token punctuation">}</span>
    fi
done
EOF
chmod 755 <span class="token operator">/</span>etc<span class="token operator">/</span>sysconfig<span class="token operator">/</span>modules<span class="token operator">/</span>ipvs<span class="token punctuation">.</span>modules && bash <span class="token operator">/</span>etc<span class="token operator">/</span>sysconfig<span class="token operator">/</span>modules<span class="token operator">/</span>ipvs<span class="token punctuation">.</span>modules && lsmod <span class="token punctuation">|</span> grep ip_vs

<span class="token comment"># 安装ipvsadm工具</span>
$ yum install ipset ipvsadm <span class="token operator">-</span>y

<span class="token comment"># 修改kube-proxy 模式</span>
$ kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system edit cm kube<span class="token operator">-</span>proxy
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
    kind: KubeProxyConfiguration
    metricsBindAddress: <span class="token string">""</span>
    mode: <span class="token string">"ipvs"</span>
    nodePortAddresses: null
    oomScoreAdj: null
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>

<span class="token comment"># 重建kube-proxy</span>
$ kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system get po <span class="token punctuation">|</span>grep kube<span class="token operator">-</span>proxy<span class="token punctuation">|</span>awk <span class="token string">'{print $1}'</span><span class="token punctuation">|</span>xargs kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system delete po

<span class="token comment"># 查看日志,确认使用了ipvs模式</span>
$ kubectl <span class="token operator">-</span>n kube<span class="token operator">-</span>system logs <span class="token operator">-</span>f kube<span class="token operator">-</span>proxy<span class="token operator">-</span>ft6n6
I0605 08:47:52<span class="token punctuation">.</span>334298       1 node<span class="token punctuation">.</span>go:136<span class="token punctuation">]</span> Successfully retrieved node IP: 172<span class="token punctuation">.</span>21<span class="token punctuation">.</span>51<span class="token punctuation">.</span>143
I0605 08:47:52<span class="token punctuation">.</span>334430       1 server_others<span class="token punctuation">.</span>go:142<span class="token punctuation">]</span> kube<span class="token operator">-</span>proxy node IP is an IPv4 address <span class="token punctuation">(</span>172<span class="token punctuation">.</span>21<span class="token punctuation">.</span>51<span class="token punctuation">.</span>143<span class="token punctuation">)</span><span class="token punctuation">,</span> assume IPv4 operation
I0605 08:47:52<span class="token punctuation">.</span>766314       1 server_others<span class="token punctuation">.</span>go:258<span class="token punctuation">]</span> <span class="token keyword">Using</span> ipvs Proxier<span class="token punctuation">.</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>

<span class="token comment"># 清理iptables规则</span>
$ iptables <span class="token operator">-</span>F <span class="token operator">-</span>t nat
$ iptables <span class="token operator">-</span>F

<span class="token comment"># 查看规则生效</span>
$ ipvsadm <span class="token operator">-</span>ln
</code></pre> 
  <h6>Kubernetes服务访问之Ingress</h6> 
  <p>对于Kubernetes的Service,无论是Cluster-Ip和NodePort均是四层的负载,集群内的服务如何实现七层的负载均衡,这就需要借助于Ingress,Ingress控制器的实现方式有很多,比如nginx, Contour, Haproxy, trafik, Istio。几种常用的ingress功能对比和选型可以参考这里</p> 
  <p>Ingress-nginx是7层的负载均衡器 ,负责统一管理外部对k8s cluster中Service的请求。主要包含:</p> 
  <ul> 
   <li> <p>ingress-nginx-controller:根据用户编写的ingress规则(创建的ingress的yaml文件),动态的去更改nginx服务的配置文件,并且reload重载使其生效(是自动化的,通过lua脚本来实现);</p> </li> 
   <li> <p>Ingress资源对象:将Nginx的配置抽象成一个Ingress对象</p> <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> ingress<span class="token punctuation">-</span>wildcard<span class="token punctuation">-</span>host
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
  <span class="token key atrule">rules</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> <span class="token string">"foo.bar.com"</span>
    <span class="token key atrule">http</span><span class="token punctuation">:</span>
      <span class="token key atrule">paths</span><span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">path</span><span class="token punctuation">:</span> <span class="token string">"/bar"</span>
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span>
            <span class="token key atrule">name</span><span class="token punctuation">:</span> service1
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
            <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
  <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> <span class="token string">"bar.foo.com"</span>
    <span class="token key atrule">http</span><span class="token punctuation">:</span>
      <span class="token key atrule">paths</span><span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">path</span><span class="token punctuation">:</span> <span class="token string">"/foo"</span>
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span>
            <span class="token key atrule">name</span><span class="token punctuation">:</span> service2
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
</code></pre> </li> 
  </ul> 
  <h6>示意图:</h6> 
  <p>[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传<a href="http://img.e-com-net.com/image/info8/438571c404e249ab8f33274b5adf2a7e.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/438571c404e249ab8f33274b5adf2a7e.jpg" alt="k8s实践笔记_第12张图片" width="650" height="401" style="border:1px solid black;"></a></p> 
  <h6>实现逻辑</h6> 
  <p>1)ingress controller通过和kubernetes api交互,动态的去感知集群中ingress规则变化<br> 2)然后读取ingress规则(规则就是写明了哪个域名对应哪个service),按照自定义的规则,生成一段nginx配置<br> 3)再写到nginx-ingress-controller的pod里,这个Ingress controller的pod里运行着一个Nginx服务,控制器把生成的nginx配置写入/etc/nginx/nginx.conf文件中<br> 4)然后reload一下使配置生效。以此达到域名分别配置和动态更新的问题。</p> 
  <h6>安装</h6> 
  <p>官方文档</p> 
  <pre><code class="prism language-powershell">$ wget https:<span class="token operator">/</span><span class="token operator">/</span>raw<span class="token punctuation">.</span>githubusercontent<span class="token punctuation">.</span>com<span class="token operator">/</span>kubernetes<span class="token operator">/</span>ingress<span class="token operator">-</span>nginx<span class="token operator">/</span>nginx<span class="token operator">-</span>0<span class="token punctuation">.</span>30<span class="token punctuation">.</span>0<span class="token operator">/</span>deploy<span class="token operator">/</span>static<span class="token operator">/</span>mandatory<span class="token punctuation">.</span>yaml
<span class="token comment">## 或者使用myblog/deployment/ingress/mandatory.yaml</span>
<span class="token comment">## 修改部署节点</span>
$ grep <span class="token operator">-</span>n5 nodeSelector mandatory<span class="token punctuation">.</span>yaml
212<span class="token operator">-</span>    spec:
213<span class="token operator">-</span>      hostNetwork: true <span class="token comment">#添加为host模式</span>
214<span class="token operator">-</span>      <span class="token comment"># wait up to five minutes for the drain of connections</span>
215<span class="token operator">-</span>      terminationGracePeriodSeconds: 300
216<span class="token operator">-</span>      serviceAccountName: nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>serviceaccount
217:      nodeSelector:
218<span class="token operator">-</span>        ingress: <span class="token string">"true"</span>		<span class="token comment">#替换此处,来决定将ingress部署在哪些机器</span>
219<span class="token operator">-</span>      containers:
220<span class="token operator">-</span>        <span class="token operator">-</span> name: nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller
221<span class="token operator">-</span>          image: quay<span class="token punctuation">.</span>io<span class="token operator">/</span>kubernetes<span class="token operator">-</span>ingress<span class="token operator">-</span>controller<span class="token operator">/</span>nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller:0<span class="token punctuation">.</span>30<span class="token punctuation">.</span>0
222<span class="token operator">-</span>          args:
</code></pre> 
  <p>创建ingress</p> 
  <pre><code class="prism language-powershell"><span class="token comment"># 为k8s-master节点添加label</span>
$ kubectl label node k8s<span class="token operator">-</span>master ingress=true

$ kubectl apply <span class="token operator">-</span>f mandatory<span class="token punctuation">.</span>yaml
</code></pre> 
  <p>使用示例:<code>myblog/deployment/ingress.yaml</code></p> 
  <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
  <span class="token key atrule">namespace</span><span class="token punctuation">:</span> luffy
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
  <span class="token key atrule">rules</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> myblog.luffy.com
    <span class="token key atrule">http</span><span class="token punctuation">:</span>
      <span class="token key atrule">paths</span><span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /
        <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span> 
            <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
</code></pre> 
  <p>ingress-nginx动态生成upstream配置:</p> 
  <pre><code class="prism language-yaml">$ kubectl <span class="token punctuation">-</span>n ingress<span class="token punctuation">-</span>nginx exec <span class="token punctuation">-</span>ti nginx<span class="token punctuation">-</span>ingress<span class="token punctuation">-</span>xxxxxxx bash
<span class="token comment"># ps aux</span>
<span class="token comment"># cat /etc/nginx/nginx.conf|grep myblog -A10 -B1</span>
<span class="token punctuation">...</span>
        <span class="token comment">## start server myblog.luffy.com</span>
        server <span class="token punctuation">{</span>
                server_name myblog.luffy.com ;

                listen 80  ;
                listen <span class="token punctuation">[</span><span class="token punctuation">:</span><span class="token punctuation">:</span><span class="token punctuation">]</span><span class="token punctuation">:</span>80  ;
                listen 443  ssl http2 ;
                listen <span class="token punctuation">[</span><span class="token punctuation">:</span><span class="token punctuation">:</span><span class="token punctuation">]</span><span class="token punctuation">:</span>443  ssl http2 ;

                set $proxy_upstream_name "<span class="token punctuation">-</span>";

                ssl_certificate_by_lua_block <span class="token punctuation">{</span>
                        certificate.call()
                <span class="token punctuation">}</span>

                location / <span class="token punctuation">{</span>

                        set $namespace      "luffy";
                        set $ingress_name   "myblog";
                        set $service_name   "myblog";
                        set $service_port   "80";
                        set $location_path  "/";

                        rewrite_by_lua_block <span class="token punctuation">{</span>
                                lua_ingress.rewrite(<span class="token punctuation">{</span>
                                        force_ssl_redirect = false<span class="token punctuation">,</span>
                                        ssl_redirect = true<span class="token punctuation">,</span>
                                        force_no_ssl_redirect = false<span class="token punctuation">,</span>
                                        use_port_in_redirects = false<span class="token punctuation">,</span>
                                <span class="token punctuation">}</span>)
<span class="token punctuation">-</span><span class="token punctuation">-</span>
                                balancer.log()

                                monitor.call()

                                plugins.run()
                        <span class="token punctuation">}</span>

                        port_in_redirect off;

                        set $balancer_ewma_score <span class="token punctuation">-</span>1;
                        set $proxy_upstream_name "luffy<span class="token punctuation">-</span>myblog<span class="token punctuation">-</span>80";
                        set $proxy_host          $proxy_upstream_name;
                        set $pass_access_scheme  $scheme;

                        set $pass_server_port    $server_port;

                        set $best_http_host      $http_host;
                        set $pass_port           $pass_server_port;

                        set $proxy_alternative_upstream_name "";

<span class="token punctuation">-</span><span class="token punctuation">-</span>
                        proxy_next_upstream_timeout             0;
                        proxy_next_upstream_tries               3;

                        proxy_pass http<span class="token punctuation">:</span>//upstream_balancer;

                        proxy_redirect                          off;

                <span class="token punctuation">}</span>

        <span class="token punctuation">}</span>
        <span class="token comment">## end server myblog.luffy.com</span>
 <span class="token punctuation">...</span>
</code></pre> 
  <pre><code class="prism language-powershell">注
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n ingress-nginx get po</span>
NAME                                        READY   STATUS    RESTARTS   AGE
nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller<span class="token operator">-</span>66bff489bb<span class="token operator">-</span>tktqc   1<span class="token operator">/</span>1     Running   0          178m

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n ingress-nginx exec -ti  nginx-ingress-controller-66bff489bb-tktqc -- bash</span>

bash<span class="token operator">-</span>5<span class="token punctuation">.</span>0$ <span class="token function">ps</span> aux
PID   USER     TIME  COMMAND
    1 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 <span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dumb<span class="token operator">-</span>init <span class="token operator">--</span> <span class="token operator">/</span>nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller <span class="token operator">--</span>configmap=ingress<span class="token operator">-</span>nginx<span class="token operator">/</span>nginx<span class="token operator">-</span>configura
    7 www<span class="token operator">-</span><span class="token keyword">data</span>  1:34 <span class="token operator">/</span>nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller <span class="token operator">--</span>configmap=ingress<span class="token operator">-</span>nginx<span class="token operator">/</span>nginx<span class="token operator">-</span>configuration <span class="token operator">--</span>tcp<span class="token operator">-</span>services<span class="token operator">-</span>co
   39 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 nginx: master <span class="token keyword">process</span> <span class="token operator">/</span>usr<span class="token operator">/</span>local<span class="token operator">/</span>nginx<span class="token operator">/</span>sbin<span class="token operator">/</span>nginx <span class="token operator">-</span>c <span class="token operator">/</span>etc<span class="token operator">/</span>nginx<span class="token operator">/</span>nginx<span class="token punctuation">.</span>conf
 1154 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 nginx: worker <span class="token keyword">process</span>
 1155 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 nginx: worker <span class="token keyword">process</span>
 1156 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 nginx: worker <span class="token keyword">process</span>
 1298 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 nginx: cache manager <span class="token keyword">process</span>
 1689 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 bash
 1696 www<span class="token operator">-</span><span class="token keyword">data</span>  0:00 <span class="token function">ps</span> aux

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy describe ing myblog </span>
Warning: extensions<span class="token operator">/</span>v1beta1 Ingress is deprecated in v1<span class="token punctuation">.</span>14<span class="token operator">+</span><span class="token punctuation">,</span> unavailable in v1<span class="token punctuation">.</span>22<span class="token operator">+</span><span class="token punctuation">;</span> use networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>v1 Ingress
Name:             myblog
Namespace:        luffy
Address:          
Default backend:  default<span class="token operator">-</span>http<span class="token operator">-</span>backend:80 <span class="token punctuation">(</span><error: endpoints <span class="token string">"default-http-backend"</span> not found><span class="token punctuation">)</span>
Rules:
  Host              Path  Backends
  <span class="token operator">--</span>-<span class="token operator">-</span>              <span class="token operator">--</span>-<span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">--</span>-<span class="token operator">--</span>
  myblog<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com  
                    <span class="token operator">/</span>   myblog:80 <span class="token punctuation">(</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>7:8002<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6:8002<span class="token punctuation">)</span>
Annotations:        <none>
Events:             <none>

</code></pre> 
  <h6>访问</h6> 
  <p>域名解析服务,将 <code>myblog.luffy.com</code>解析到ingress的地址上。ingress是支持多副本的,高可用的情况下,生产的配置是使用lb服务(内网F5设备,公网elb、slb、clb,解析到各ingress的机器,如何域名指向lb地址)</p> 
  <p>本机,添加如下hosts记录来演示效果。</p> 
  <pre><code class="prism language-json"><span class="token number">10.0</span><span class="token number">.1</span><span class="token number">.5</span> myblog<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com
</code></pre> 
  <p>然后,访问 http://myblog.luffy.com/blog/index/</p> 
  <p>HTTPS访问:</p> 
  <pre><code class="prism language-powershell"><span class="token comment">#自签名证书</span>
$ openssl req <span class="token operator">-</span>x509 <span class="token operator">-</span>nodes <span class="token operator">-</span>days 2920 <span class="token operator">-</span>newkey rsa:2048 <span class="token operator">-</span>keyout tls<span class="token punctuation">.</span>key <span class="token operator">-</span>out tls<span class="token punctuation">.</span>crt <span class="token operator">-</span>subj <span class="token string">"/CN=*.luffy.com/O=ingress-nginx"</span>

<span class="token comment"># 证书信息保存到secret对象中,ingress-nginx会读取secret对象解析出证书加载到nginx配置中</span>
$ kubectl <span class="token operator">-</span>n luffy create secret tls tls<span class="token operator">-</span>myblog <span class="token operator">--</span>key tls<span class="token punctuation">.</span>key <span class="token operator">--</span>cert tls<span class="token punctuation">.</span>crt

注
<span class="token namespace">[root@k8s-master 2021]</span><span class="token comment"># mkdir cert && cd cert</span>
<span class="token namespace">[root@k8s-master cert]</span><span class="token comment">#  openssl req -x509 -nodes -days 2920 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*.luffy.com/O=ingress-nginx"</span>
Generating a 2048 bit RSA private key
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token operator">++</span><span class="token operator">+</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token operator">++</span><span class="token operator">+</span>
writing new private key to <span class="token string">'tls.key'</span>
<span class="token operator">--</span>-<span class="token operator">--</span>

<span class="token namespace">[root@k8s-master cert]</span><span class="token comment"># kubectl -n luffy create secret tls tls-myblog --key tls.key --cert tls.crt</span>
secret<span class="token operator">/</span>tls<span class="token operator">-</span>myblog created

<span class="token comment"># 若是购买的整数,可以直接执行第二步</span>

<span class="token namespace">[root@k8s-master 2021]</span><span class="token comment"># kubectl  -n luffy  get secrets </span>
NAME                  <span class="token function">TYPE</span>                                  <span class="token keyword">DATA</span>   AGE
default<span class="token operator">-</span>token<span class="token operator">-</span>h9fbc   kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>service<span class="token operator">-</span>account<span class="token operator">-</span>token   3      5h22m
myblog                Opaque                                2      5h2m
tls<span class="token operator">-</span>myblog            kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>tls                     2      4m44s
</code></pre> 
  <p>修改yaml</p> 
  <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
  <span class="token key atrule">namespace</span><span class="token punctuation">:</span> luffy
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
  <span class="token key atrule">rules</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> myblog.luffy.com
    <span class="token key atrule">http</span><span class="token punctuation">:</span>
      <span class="token key atrule">paths</span><span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /
        <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span> 
            <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
  <span class="token key atrule">tls</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">hosts</span><span class="token punctuation">:</span>
    <span class="token punctuation">-</span> myblog.luffy.com
    <span class="token key atrule">secretName</span><span class="token punctuation">:</span> tls<span class="token punctuation">-</span>myblog
</code></pre> 
  <pre><code class="prism language-powershell">注:
复制上面的yaml文件
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># vim ingress.yaml </span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl create -f ingress.yaml </span>
ingress<span class="token punctuation">.</span>networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>myblog created
</code></pre> 
  <p>然后,访问 https://myblog.luffy.com/blog/index/</p> 
  <h6>多路径转发及重写的实现</h6> 
  <ol> 
   <li> <p>多path转发示例:</p> <p>目标:</p> </li> 
  </ol> 
  <pre><code class="prism language-none">myblog.luffy.com -> 172.21.51.143 -> /foo/aaa   service1:4200/foo/aaa
                                      /bar   service2:8080
                                      /		 myblog:80/
</code></pre> 
  <p>​ 实现:</p> 
  <pre><code class="prism language-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> networking.k8s.io/v1
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Ingress
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
  <span class="token key atrule">name</span><span class="token punctuation">:</span> simple<span class="token punctuation">-</span>fanout<span class="token punctuation">-</span>example
  <span class="token key atrule">namespace</span><span class="token punctuation">:</span> luffy
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
  <span class="token key atrule">rules</span><span class="token punctuation">:</span>
  <span class="token punctuation">-</span> <span class="token key atrule">host</span><span class="token punctuation">:</span> myblog.luffy.com
    <span class="token key atrule">http</span><span class="token punctuation">:</span>
      <span class="token key atrule">paths</span><span class="token punctuation">:</span>
      <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /foo
        <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span> 
            <span class="token key atrule">name</span><span class="token punctuation">:</span> service1
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">4200</span>
      <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /bar
        <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span> 
            <span class="token key atrule">name</span><span class="token punctuation">:</span> service2
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">8080</span>
      <span class="token punctuation">-</span> <span class="token key atrule">path</span><span class="token punctuation">:</span> /   <span class="token comment"># 相当于默认,逐条匹配</span>
        <span class="token key atrule">pathType</span><span class="token punctuation">:</span> Prefix
        <span class="token key atrule">backend</span><span class="token punctuation">:</span>
          <span class="token key atrule">service</span><span class="token punctuation">:</span> 
            <span class="token key atrule">name</span><span class="token punctuation">:</span> myblog
            <span class="token key atrule">port</span><span class="token punctuation">:</span>
              <span class="token key atrule">number</span><span class="token punctuation">:</span> <span class="token number">80</span>
</code></pre> 
  <pre><code class="prism language-powershell">注: 演示多路径转发效果
<span class="token comment"># 复制上面内容,创建</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># vim ingress-2.yaml</span>

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl create  -f ingress-2.yaml </span>
ingress<span class="token punctuation">.</span>networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>simple<span class="token operator">-</span>fanout<span class="token operator">-</span>example created

<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy  get ing</span>
Warning: extensions<span class="token operator">/</span>v1beta1 Ingress is deprecated in v1<span class="token punctuation">.</span>14<span class="token operator">+</span><span class="token punctuation">,</span> unavailable in v1<span class="token punctuation">.</span>22<span class="token operator">+</span><span class="token punctuation">;</span> use networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>v1 Ingress
NAME                    <span class="token keyword">CLASS</span>    HOSTS              ADDRESS   PORTS   AGE
myblog                  <none>   myblog<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com             80      3h6m
simple<span class="token operator">-</span>fanout<span class="token operator">-</span>example   <none>   myblog<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com             80      10s

<span class="token comment"># 查看describe</span>
<span class="token namespace">[root@k8s-master week2]</span><span class="token comment"># kubectl -n luffy describe  ing simple-fanout-example </span>
Warning: extensions<span class="token operator">/</span>v1beta1 Ingress is deprecated in v1<span class="token punctuation">.</span>14<span class="token operator">+</span><span class="token punctuation">,</span> unavailable in v1<span class="token punctuation">.</span>22<span class="token operator">+</span><span class="token punctuation">;</span> use networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>v1 Ingress
Name:             simple<span class="token operator">-</span>fanout<span class="token operator">-</span>example
Namespace:        luffy
Address:          
Default backend:  default<span class="token operator">-</span>http<span class="token operator">-</span>backend:80 <span class="token punctuation">(</span><error: endpoints <span class="token string">"default-http-backend"</span> not found><span class="token punctuation">)</span>
Rules:
  Host              Path  Backends
  <span class="token operator">--</span>-<span class="token operator">-</span>              <span class="token operator">--</span>-<span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">--</span>-<span class="token operator">--</span>
  myblog<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com  
                    <span class="token operator">/</span>foo   service1:4200 <span class="token punctuation">(</span><error: endpoints <span class="token string">"service1"</span> not found><span class="token punctuation">)</span>
                    <span class="token operator">/</span>bar   service2:8080 <span class="token punctuation">(</span><error: endpoints <span class="token string">"service2"</span> not found><span class="token punctuation">)</span> <span class="token comment"># 没有这个服务所有提示not found</span>
                    <span class="token operator">/</span>      myblog:80 <span class="token punctuation">(</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>0<span class="token punctuation">.</span>7:8002<span class="token punctuation">,</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>6:8002<span class="token punctuation">)</span>
Annotations:        <none>
Events:
  <span class="token function">Type</span>    Reason  Age   <span class="token keyword">From</span>                      Message
  <span class="token operator">--</span>-<span class="token operator">-</span>    <span class="token operator">--</span>-<span class="token operator">--</span><span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">-</span>                      <span class="token operator">--</span>-<span class="token operator">--</span>-<span class="token operator">-</span>
  Normal  CREATE  87s   nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller  Ingress luffy<span class="token operator">/</span>simple<span class="token operator">-</span>fanout<span class="token operator">-</span>example
</code></pre> 
  <ol start="2"> 
   <li> <p>nginx的URL重写</p> <p>目标:</p> <pre><code>nginx.luffy.com -> 172.21.51.143 -> /api/v1   -> nginx-v1 service
                                    /api/v2   -> nginx-v2 service
</code></pre> <p>实现:</p> <pre><code class="prism language-powershell">$ <span class="token function">cat</span> nginx<span class="token operator">-</span>v1<span class="token operator">-</span>dpl<span class="token punctuation">.</span>yaml
apiVersion: apps<span class="token operator">/</span>v1
kind: Deployment
metadata:
  name: nginx<span class="token operator">-</span>v1
  namespace: luffy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx<span class="token operator">-</span>v1
  template:
    metadata:
      labels:
        app: nginx<span class="token operator">-</span>v1
    spec:
      containers:
      <span class="token operator">-</span> image: nginx:alpine
        name: nginx<span class="token operator">-</span>v1
        command: <span class="token punctuation">[</span><span class="token string">"/bin/sh"</span><span class="token punctuation">,</span> <span class="token string">"-c"</span><span class="token punctuation">,</span> <span class="token string">"echo 'this is nginx-v1'>/usr/share/nginx/html/index.html;nginx -g 'daemon off;'"</span><span class="token punctuation">]</span>

$ <span class="token function">cat</span> nginx<span class="token operator">-</span>v1<span class="token operator">-</span>svc<span class="token punctuation">.</span>yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx<span class="token operator">-</span>v1
  namespace: luffy
spec:
  ports:
  <span class="token operator">-</span> port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx<span class="token operator">-</span>v1
  <span class="token function">type</span>: ClusterIP

<span class="token comment"># 创建nginx-v2</span>

$ kubectl apply <span class="token operator">-</span>f <span class="token punctuation">.</span>


$ <span class="token function">cat</span> ingress<span class="token operator">-</span>rewrite<span class="token punctuation">.</span>yaml
apiVersion: networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>v1
kind: Ingress
metadata:
  name: nginx<span class="token operator">-</span>rewrite
  namespace: luffy
  annotations: <span class="token comment"># 声明nginx的URL重写规则</span>
    nginx<span class="token punctuation">.</span>ingress<span class="token punctuation">.</span>kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>rewrite<span class="token operator">-</span>target: <span class="token operator">/</span><span class="token variable">$1</span>
spec:
  rules:
  <span class="token operator">-</span> host: nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com
    http:
      paths:
      <span class="token operator">-</span> path: <span class="token operator">/</span>api<span class="token operator">/</span>v1<span class="token operator">/</span><span class="token punctuation">(</span><span class="token punctuation">.</span><span class="token operator">*</span><span class="token punctuation">)</span>
        pathType: Prefix
        backend:
          service:
            name: nginx<span class="token operator">-</span>v1
            port:
              number: 80
      <span class="token operator">-</span> path: <span class="token operator">/</span>api<span class="token operator">/</span>v2<span class="token operator">/</span><span class="token punctuation">(</span><span class="token punctuation">.</span><span class="token operator">*</span><span class="token punctuation">)</span>
        pathType: Prefix
        backend:
          service:
            name: nginx<span class="token operator">-</span>v2
            port:
              number: 80
              
              
              
<span class="token comment"># 访问测试</span>
$ http:<span class="token operator">/</span><span class="token operator">/</span>nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com<span class="token operator">/</span>api<span class="token operator">/</span>v1<span class="token operator">/</span>
$ http:<span class="token operator">/</span><span class="token operator">/</span>nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com<span class="token operator">/</span>api<span class="token operator">/</span>v2<span class="token operator">/</span>
</code></pre> <p>操作如下:</p> <pre><code class="prism language-powershell">v1:
<span class="token namespace">[root@k8s-master 2021]</span><span class="token comment"># mkdir rewrite</span>
<span class="token namespace">[root@k8s-master 2021]</span><span class="token comment"># cd rewrite/</span>
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># vim nginx-v1-dpl.yaml</span>
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl create -f nginx-v1-dpl.yaml </span>
deployment<span class="token punctuation">.</span>apps<span class="token operator">/</span>nginx<span class="token operator">-</span>v1 created

<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># vim nginx-v1-svc.yaml </span>
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl create -f nginx-v1-svc.yaml </span>
service<span class="token operator">/</span>nginx<span class="token operator">-</span>v1 created
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl -n luffy get po</span>
NAME                        READY   STATUS    RESTARTS   AGE
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>85k24     1<span class="token operator">/</span>1     Running   0          5h15m
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>t26t4     1<span class="token operator">/</span>1     Running   0          5h16m
mysql<span class="token operator">-</span>7446f4dc7b<span class="token operator">-</span>7kpj8      1<span class="token operator">/</span>1     Running   0          5h16m
nginx<span class="token operator">-</span>v1<span class="token operator">-</span>56df8b47c4<span class="token operator">-</span>9mw2t   1<span class="token operator">/</span>1     Running   0          82s
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl -n luffy get svc</span>
NAME       <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>    AGE
myblog     ClusterIP   10<span class="token punctuation">.</span>108<span class="token punctuation">.</span>7<span class="token punctuation">.</span>69      <none>        80<span class="token operator">/</span>TCP     140m
mysql      ClusterIP   10<span class="token punctuation">.</span>107<span class="token punctuation">.</span>191<span class="token punctuation">.</span>182   <none>        3306<span class="token operator">/</span>TCP   5h11m
nginx<span class="token operator">-</span>v1   ClusterIP   10<span class="token punctuation">.</span>102<span class="token punctuation">.</span>163<span class="token punctuation">.</span>132   <none>        80<span class="token operator">/</span>TCP     43s
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># curl 10.102.163.132:80</span>
this is nginx<span class="token operator">-</span>v1


v2:
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># ls</span>
nginx<span class="token operator">-</span>v1<span class="token operator">-</span>dpl<span class="token punctuation">.</span>yaml  nginx<span class="token operator">-</span>v1<span class="token operator">-</span>svc<span class="token punctuation">.</span>yaml
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># sed -i 's/nginx-v1/nginx-v2/g' *</span>
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl apply -f .</span>
deployment<span class="token punctuation">.</span>apps<span class="token operator">/</span>nginx<span class="token operator">-</span>v2 created
service<span class="token operator">/</span>nginx<span class="token operator">-</span>v2 created
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl  -n luffy  get po</span>
NAME                        READY   STATUS    RESTARTS   AGE
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>85k24     1<span class="token operator">/</span>1     Running   0          5h18m
myblog<span class="token operator">-</span>5d9b76df88<span class="token operator">-</span>t26t4     1<span class="token operator">/</span>1     Running   0          5h19m
mysql<span class="token operator">-</span>7446f4dc7b<span class="token operator">-</span>7kpj8      1<span class="token operator">/</span>1     Running   0          5h19m
nginx<span class="token operator">-</span>v1<span class="token operator">-</span>56df8b47c4<span class="token operator">-</span>9mw2t   1<span class="token operator">/</span>1     Running   0          4m23s
nginx<span class="token operator">-</span>v2<span class="token operator">-</span>6f967c65cf<span class="token operator">-</span>xslj5   1<span class="token operator">/</span>1     Running   0          33s
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl -n luffy  get svc</span>
NAME       <span class="token function">TYPE</span>        CLUSTER<span class="token operator">-</span>IP       EXTERNAL<span class="token operator">-</span>IP   PORT<span class="token punctuation">(</span>S<span class="token punctuation">)</span>    AGE
myblog     ClusterIP   10<span class="token punctuation">.</span>108<span class="token punctuation">.</span>7<span class="token punctuation">.</span>69      <none>        80<span class="token operator">/</span>TCP     143m
mysql      ClusterIP   10<span class="token punctuation">.</span>107<span class="token punctuation">.</span>191<span class="token punctuation">.</span>182   <none>        3306<span class="token operator">/</span>TCP   5h13m
nginx<span class="token operator">-</span>v1   ClusterIP   10<span class="token punctuation">.</span>102<span class="token punctuation">.</span>163<span class="token punctuation">.</span>132   <none>        80<span class="token operator">/</span>TCP     3m26s
nginx<span class="token operator">-</span>v2   ClusterIP   10<span class="token punctuation">.</span>103<span class="token punctuation">.</span>90<span class="token punctuation">.</span>95     <none>        80<span class="token operator">/</span>TCP     43s

<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># curl 10.103.90.95:80</span>
this is nginx<span class="token operator">-</span>v2

<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># vim ingress-rewrite.yaml</span>
<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl create -f ingress-rewrite.yaml </span>
ingress<span class="token punctuation">.</span>networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>nginx<span class="token operator">-</span>rewrite created

<span class="token namespace">[root@k8s-master rewrite]</span><span class="token comment"># kubectl  -n luffy  describe ing nginx-rewrite </span>
Warning: extensions<span class="token operator">/</span>v1beta1 Ingress is deprecated in v1<span class="token punctuation">.</span>14<span class="token operator">+</span><span class="token punctuation">,</span> unavailable in v1<span class="token punctuation">.</span>22<span class="token operator">+</span><span class="token punctuation">;</span> use networking<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>v1 Ingress
Name:             nginx<span class="token operator">-</span>rewrite
Namespace:        luffy
Address:          
Default backend:  default<span class="token operator">-</span>http<span class="token operator">-</span>backend:80 <span class="token punctuation">(</span><error: endpoints <span class="token string">"default-http-backend"</span> not found><span class="token punctuation">)</span>
Rules:
  Host             Path  Backends
  <span class="token operator">--</span>-<span class="token operator">-</span>             <span class="token operator">--</span>-<span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">--</span>-<span class="token operator">--</span>
  nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com  
                   <span class="token operator">/</span>api<span class="token operator">/</span>v1<span class="token operator">/</span><span class="token punctuation">(</span><span class="token punctuation">.</span><span class="token operator">*</span><span class="token punctuation">)</span>   nginx<span class="token operator">-</span>v1:80 <span class="token punctuation">(</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>2<span class="token punctuation">.</span>6:80<span class="token punctuation">)</span>
                   <span class="token operator">/</span>api<span class="token operator">/</span>v2<span class="token operator">/</span><span class="token punctuation">(</span><span class="token punctuation">.</span><span class="token operator">*</span><span class="token punctuation">)</span>   nginx<span class="token operator">-</span>v2:80 <span class="token punctuation">(</span>10<span class="token punctuation">.</span>244<span class="token punctuation">.</span>1<span class="token punctuation">.</span>7:80<span class="token punctuation">)</span>
Annotations:       nginx<span class="token punctuation">.</span>ingress<span class="token punctuation">.</span>kubernetes<span class="token punctuation">.</span>io<span class="token operator">/</span>rewrite<span class="token operator">-</span>target: <span class="token operator">/</span><span class="token variable">$1</span>
Events:
  <span class="token function">Type</span>    Reason  Age   <span class="token keyword">From</span>                      Message
  <span class="token operator">--</span>-<span class="token operator">-</span>    <span class="token operator">--</span>-<span class="token operator">--</span><span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">-</span>  <span class="token operator">--</span>-<span class="token operator">-</span>                      <span class="token operator">--</span>-<span class="token operator">--</span>-<span class="token operator">-</span>
  Normal  CREATE  33s   nginx<span class="token operator">-</span>ingress<span class="token operator">-</span>controller  Ingress luffy<span class="token operator">/</span>nginx<span class="token operator">-</span>rewrite

<span class="token comment"># 添加hosts文件解析 10.0.1.5 nginx.luffy.com</span>
<span class="token comment"># 访问:</span>
http:<span class="token operator">/</span><span class="token operator">/</span>nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com<span class="token operator">/</span>api<span class="token operator">/</span>v1<span class="token operator">/</span>
http:<span class="token operator">/</span><span class="token operator">/</span>nginx<span class="token punctuation">.</span>luffy<span class="token punctuation">.</span>com<span class="token operator">/</span>api<span class="token operator">/</span>v2<span class="token operator">/</span>
</code></pre> <p><a href="http://img.e-com-net.com/image/info8/777eeacbc314457aae2e5d5870e0d874.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/777eeacbc314457aae2e5d5870e0d874.jpg" alt="k8s实践笔记_第13张图片" width="650" height="200" style="border:1px solid black;"></a></p> </li> 
  </ol> 
 </div> 
</div>����������������������������������������
                            </div>
                        </div>
                    </div>
                    <!--PC和WAP自适应版-->
                    <div id="SOHUCS" sid="1724293592652001280"></div>
                    <script type="text/javascript" src="/views/front/js/chanyan.js"></script>
                    <!-- 文章页-底部 动态广告位 -->
                    <div class="youdao-fixed-ad" id="detail_ad_bottom"></div>
                </div>
                <div class="col-md-3">
                    <div class="row" id="ad">
                        <!-- 文章页-右侧1 动态广告位 -->
                        <div id="right-1" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_1"> </div>
                        </div>
                        <!-- 文章页-右侧2 动态广告位 -->
                        <div id="right-2" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_2"></div>
                        </div>
                        <!-- 文章页-右侧3 动态广告位 -->
                        <div id="right-3" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
                            <div class="youdao-fixed-ad" id="detail_ad_3"></div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <div class="container">
        <h4 class="pt20 mb15 mt0 border-top">你可能感兴趣的:(笔记,kubernetes,容器,docker)</h4>
        <div id="paradigm-article-related">
            <div class="recommend-post mb30">
                <ul class="widget-links">
                    <li><a href="/article/1835512809883004928.htm"
                           title="10月|愿你的青春不负梦想-读书笔记-01" target="_blank">10月|愿你的青春不负梦想-读书笔记-01</a>
                        <span class="text-muted">Tracy的小书斋</span>

                        <div>本书的作者是俞敏洪,大家都很熟悉他了吧。俞敏洪老师是我行业的领头羊吧,也是我事业上的偶像。本日摘录他书中第一章中的金句:『一个人如果什么目标都没有,就会浑浑噩噩,感觉生命中缺少能量。能给我们能量的,是对未来的期待。第一件事,我始终为了进步而努力。与其追寻全世界的骏马,不如种植丰美的草原,到时骏马自然会来。第二件事,我始终有阶段性的目标。什么东西能给我能量?答案是对未来的期待。』读到这里的时候,我便</div>
                    </li>
                    <li><a href="/article/1835510025561403392.htm"
                           title="《投行人生》读书笔记" target="_blank">《投行人生》读书笔记</a>
                        <span class="text-muted">小蘑菇的树洞</span>

                        <div>《投行人生》----作者詹姆斯-A-朗德摩根斯坦利副主席40年的职业洞见-很短小精悍的篇幅,比较适合初入职场的新人。第一部分成功的职业生涯需要规划1.情商归为适应能力分享与协作同理心适应能力,更多的是自我意识,你有能力识别自己的情并分辨这些情绪如何影响你的思想和行为。2.对于初入职场的人的建议,细节,截止日期和数据很重要截止日期,一种有效的方法是请老板为你所有的任务进行优先级排序。和老板喝咖啡的好</div>
                    </li>
                    <li><a href="/article/1835507248395284480.htm"
                           title="【一起学Rust | 设计模式】习惯语法——使用借用类型作为参数、格式化拼接字符串、构造函数" target="_blank">【一起学Rust | 设计模式】习惯语法——使用借用类型作为参数、格式化拼接字符串、构造函数</a>
                        <span class="text-muted">广龙宇</span>
<a class="tag" taget="_blank" href="/search/%E4%B8%80%E8%B5%B7%E5%AD%A6Rust/1.htm">一起学Rust</a><a class="tag" taget="_blank" href="/search/%23/1.htm">#</a><a class="tag" taget="_blank" href="/search/Rust%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/1.htm">Rust设计模式</a><a class="tag" taget="_blank" href="/search/rust/1.htm">rust</a><a class="tag" taget="_blank" href="/search/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/1.htm">设计模式</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a>
                        <div>提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档文章目录前言一、使用借用类型作为参数二、格式化拼接字符串三、使用构造函数总结前言Rust不是传统的面向对象编程语言,它的所有特性,使其独一无二。因此,学习特定于Rust的设计模式是必要的。本系列文章为作者学习《Rust设计模式》的学习笔记以及自己的见解。因此,本系列文章的结构也与此书的结构相同(后续可能会调成结构),基本上分为三个部分</div>
                    </li>
                    <li><a href="/article/1835505858444881920.htm"
                           title="git常用命令笔记" target="_blank">git常用命令笔记</a>
                        <span class="text-muted">咩酱-小羊</span>
<a class="tag" taget="_blank" href="/search/git/1.htm">git</a><a class="tag" taget="_blank" href="/search/%E7%AC%94%E8%AE%B0/1.htm">笔记</a>
                        <div>###用习惯了idea总是不记得git的一些常见命令,需要用到的时候总是担心旁边站了人~~~记个笔记@_@,告诉自己看笔记不丢人初始化初始化一个新的Git仓库gitinit配置配置用户信息gitconfig--globaluser.name"YourName"gitconfig--globaluser.email"youremail@example.com"基本操作克隆远程仓库gitclone查看</div>
                    </li>
                    <li><a href="/article/1835502578050363392.htm"
                           title="PHP环境搭建详细教程" target="_blank">PHP环境搭建详细教程</a>
                        <span class="text-muted">好看资源平台</span>
<a class="tag" taget="_blank" href="/search/%E5%89%8D%E7%AB%AF/1.htm">前端</a><a class="tag" taget="_blank" href="/search/php/1.htm">php</a>
                        <div>PHP是一个流行的服务器端脚本语言,广泛用于Web开发。为了使PHP能够在本地或服务器上运行,我们需要搭建一个合适的PHP环境。本教程将结合最新资料,介绍在不同操作系统上搭建PHP开发环境的多种方法,包括Windows、macOS和Linux系统的安装步骤,以及本地和Docker环境的配置。1.PHP环境搭建概述PHP环境的搭建主要分为以下几类:集成开发环境:例如XAMPP、WAMP、MAMP,这</div>
                    </li>
                    <li><a href="/article/1835502282603589632.htm"
                           title="509. 斐波那契数(每日一题)" target="_blank">509. 斐波那契数(每日一题)</a>
                        <span class="text-muted">lzyprime</span>

                        <div>lzyprime博客(github)创建时间:2021.01.04qq及邮箱:2383518170leetcode笔记题目描述斐波那契数,通常用F(n)表示,形成的序列称为斐波那契数列。该数列由0和1开始,后面的每一项数字都是前面两项数字的和。也就是:F(0)=0,F(1)=1F(n)=F(n-1)+F(n-2),其中n>1给你n,请计算F(n)。示例1:输入:2输出:1解释:F(2)=F(1)+</div>
                    </li>
                    <li><a href="/article/1835500750684385280.htm"
                           title="拥有断舍离的心态,过精简生活--《断舍离》读书笔记" target="_blank">拥有断舍离的心态,过精简生活--《断舍离》读书笔记</a>
                        <span class="text-muted">爱吃丸子的小樱桃</span>

                        <div>不知不觉间房间里的东西越来越多,虽然摆放整齐,但也时常会觉得空间逼仄,令人心生烦闷。抱着断舍离的态度,我开始阅读《断舍离》这本书,希望从书中能找到一些有效的方法,帮助我实现空间、物品上的断舍离。《断舍离》是日本作家山下英子通过自己的经历、思考和实践总结而成的,整体内涵也从刚开始的私人生活哲学的“断舍离”升华成了“人生实践哲学”,接着又成为每个人都能实行的“改变人生的断舍离”,从“哲学”逐渐升华成“</div>
                    </li>
                    <li><a href="/article/1835499615491813376.htm"
                           title="四章-32-点要素的聚合" target="_blank">四章-32-点要素的聚合</a>
                        <span class="text-muted">彩云飘过</span>

                        <div>本文基于腾讯课堂老胡的课《跟我学Openlayers--基础实例详解》做的学习笔记,使用的openlayers5.3.xapi。源码见1032.html,对应的官网示例https://openlayers.org/en/latest/examples/cluster.htmlhttps://openlayers.org/en/latest/examples/earthquake-clusters.</div>
                    </li>
                    <li><a href="/article/1835498219489030144.htm"
                           title="高端密码学院笔记285" target="_blank">高端密码学院笔记285</a>
                        <span class="text-muted">柚子_b4b4</span>

                        <div>高端幸福密码学院(高级班)幸福使者:李华第(598)期《幸福》之回归内在深层生命原动力基础篇——揭秘“激励”成长的喜悦心理案例分析主讲:刘莉一,知识扩充:成功=艰苦劳动+正确方法+少说空话。贪图省力的船夫,目标永远下游。智者的梦再美,也不如愚人实干的脚印。幸福早课堂2020.10.16星期五一笔记:1,重视和珍惜的前提是知道它的价值非常重要,当你珍惜了,你就真正定下来,真正的学到身上。2,大家需要</div>
                    </li>
                    <li><a href="/article/1835495770502033408.htm"
                           title="Day17笔记-高阶函数" target="_blank">Day17笔记-高阶函数</a>
                        <span class="text-muted">~在杰难逃~</span>
<a class="tag" taget="_blank" href="/search/Python/1.htm">Python</a><a class="tag" taget="_blank" href="/search/%E7%AC%94%E8%AE%B0/1.htm">笔记</a><a class="tag" taget="_blank" href="/search/python/1.htm">python</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a><a class="tag" taget="_blank" href="/search/pycharm/1.htm">pycharm</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%88%86%E6%9E%90/1.htm">数据分析</a>
                        <div>高阶函数【重点掌握】函数的本质:函数是一个变量,函数名是一个变量名,一个函数可以作为另一个函数的参数或返回值使用如果A函数作为B函数的参数,B函数调用完成之后,会得到一个结果,则B函数被称为高阶函数常用的高阶函数:map(),reduce(),filter(),sorted()1.map()map(func,iterable),返回值是一个iterator【容器,迭代器】func:函数iterab</div>
                    </li>
                    <li><a href="/article/1835495644123459584.htm"
                           title="Day1笔记-Python简介&标识符和关键字&输入输出" target="_blank">Day1笔记-Python简介&标识符和关键字&输入输出</a>
                        <span class="text-muted">~在杰难逃~</span>
<a class="tag" taget="_blank" href="/search/Python/1.htm">Python</a><a class="tag" taget="_blank" href="/search/python/1.htm">python</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%88%86%E6%9E%90/1.htm">数据分析</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E6%8C%96%E6%8E%98/1.htm">数据挖掘</a>
                        <div>大家好,从今天开始呢,杰哥开展一个新的专栏,当然,数据分析部分也会不定时更新的,这个新的专栏主要是讲解一些Python的基础语法和知识,帮助0基础的小伙伴入门和学习Python,感兴趣的小伙伴可以开始认真学习啦!一、Python简介【了解】1.计算机工作原理编程语言就是用来定义计算机程序的形式语言。我们通过编程语言来编写程序代码,再通过语言处理程序执行向计算机发送指令,让计算机完成对应的工作,编程</div>
                    </li>
                    <li><a href="/article/1835492740536823808.htm"
                           title="node.js学习" target="_blank">node.js学习</a>
                        <span class="text-muted">小猿L</span>
<a class="tag" taget="_blank" href="/search/node.js/1.htm">node.js</a><a class="tag" taget="_blank" href="/search/node.js/1.htm">node.js</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a><a class="tag" taget="_blank" href="/search/vim/1.htm">vim</a>
                        <div>node.js学习实操及笔记温故node.js,node.js学习实操过程及笔记~node.js学习视频node.js官网node.js中文网实操笔记githubcsdn笔记为什么学node.js可以让别人访问我们编写的网页为后续的框架学习打下基础,三大框架vuereactangular离不开node.jsnode.js是什么官网:node.js是一个开源的、跨平台的运行JavaScript的运行</div>
                    </li>
                    <li><a href="/article/1835491101276991488.htm"
                           title="数据仓库——维度表一致性" target="_blank">数据仓库——维度表一致性</a>
                        <span class="text-muted">墨染丶eye</span>
<a class="tag" taget="_blank" href="/search/%E8%83%8C%E8%AF%B5/1.htm">背诵</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E4%BB%93%E5%BA%93/1.htm">数据仓库</a>
                        <div>数据仓库基础笔记思维导图已经整理完毕,完整连接为:数据仓库基础知识笔记思维导图维度一致性问题从逻辑层面来看,当一系列星型模型共享一组公共维度时,所涉及的维度称为一致性维度。当维度表存在不一致时,短期的成功难以弥补长期的错误。维度时确保不同过程中信息集成起来实现横向钻取货活动的关键。造成横向钻取失败的原因维度结构的差别,因为维度的差别,分析工作涉及的领域从简单到复杂,但是都是通过复杂的报表来弥补设计</div>
                    </li>
                    <li><a href="/article/1835485429059645440.htm"
                           title="docker" target="_blank">docker</a>
                        <span class="text-muted">igotyback</span>
<a class="tag" taget="_blank" href="/search/eureka/1.htm">eureka</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
                        <div>Docker容器的文件系统是隔离的,但是可以通过挂载卷(Volumes)或绑定挂载(BindMounts)将宿主机的文件系统目录映射到容器内部。要查看Docker容器的映射路径,可以使用以下方法:查看容器配置:使用dockerinspect命令可以查看容器的详细配置信息,包括挂载的卷。例如:bashdockerinspect在输出的JSON格式中,查找"Mounts"部分,这里会列出所有的挂载信息</div>
                    </li>
                    <li><a href="/article/1835484293607026688.htm"
                           title="【Git】常见命令(仅笔记)" target="_blank">【Git】常见命令(仅笔记)</a>
                        <span class="text-muted">好想有猫猫</span>
<a class="tag" taget="_blank" href="/search/Git/1.htm">Git</a><a class="tag" taget="_blank" href="/search/Linux%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/1.htm">Linux学习笔记</a><a class="tag" taget="_blank" href="/search/git/1.htm">git</a><a class="tag" taget="_blank" href="/search/%E7%AC%94%E8%AE%B0/1.htm">笔记</a><a class="tag" taget="_blank" href="/search/elasticsearch/1.htm">elasticsearch</a><a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/c%2B%2B/1.htm">c++</a>
                        <div>文章目录创建/初始化本地仓库添加本地仓库配置项提交文件查看仓库状态回退仓库查看日志分支删除文件暂存工作区代码远程仓库使用`.gitigore`文件让git不追踪一些文件标签创建/初始化本地仓库gitinit添加本地仓库配置项gitconfig-l#以列表形式显示配置项gitconfiguser.name"ljh"#配置user.namegitconfiguser.email"123123@qq.c</div>
                    </li>
                    <li><a href="/article/1835469862235893760.htm"
                           title="为什么你总是对下属不满意?" target="_blank">为什么你总是对下属不满意?</a>
                        <span class="text-muted">ZhaoWu1050</span>

                        <div>【ZhaoWu的听课笔记】大多数公司,都存在两种问题。我创业四年,更是体会深切。这两种问题就是:老板经常不满意下属的表现;下属总是不知道老板想要什么;虽然这两种问题普遍存在,其实解决方法并不复杂。这节课,我们再聊聊第一个问题:为什么老板经常不满意下属表现?其实,这背后也是一条管理常识。管理学家德鲁克先生早就说过:管理者的任务,不是去改变人。*来自《卓有成效的管理者》只是大多数老板和我一样,都是一边</div>
                    </li>
                    <li><a href="/article/1835469859710922752.htm"
                           title="母亲节如何做小红书营销" target="_blank">母亲节如何做小红书营销</a>
                        <span class="text-muted">美橙传媒</span>

                        <div>小红书的一举一动引起了外界的高度关注。通过爆款笔记和流行话题,我们可以看到“干货”类型的内容在小红书中偏向实用的生活经验共享和生活指南非常受欢迎。根据运营社的分析,这种现象是由小红书用户心智和内容社区背后机制共同决定的。首先,小红书将使用“强搜索”逻辑为用户提供特定的“搜索场景”。在“我必须这样生活”中,大量使用了满足小红书站用户喜好和需求的内容。内容社区自制的高质量内容也吸引了寻找营销新途径的品</div>
                    </li>
                    <li><a href="/article/1835466664725016576.htm"
                           title="读书笔记|《遇见孩子,遇见更好的自己》5" target="_blank">读书笔记|《遇见孩子,遇见更好的自己》5</a>
                        <span class="text-muted">抹茶社长</span>

                        <div>为人父母意味着放弃自己的过去,不要对以往没有实现的心愿耿耿于怀,只有这样,孩子们才能做回自己。985909803.jpg孩子在与父母保持亲密的同时更需要独立,唯有这样,孩子才会成为孩子,父母才会成其为父母。有耐心的人生往往更幸福,给孩子留点余地。认识到养儿育女是对耐心的考验。为失败做好心理准备,教会孩子控制情绪。了解自己的底线,说到底线,有一点很重要,父母之所以发脾气,真正的原因往往在于他们自己,</div>
                    </li>
                    <li><a href="/article/1835463622344667136.htm"
                           title="基于Python给出的PDF文档转Markdown文档的方法" target="_blank">基于Python给出的PDF文档转Markdown文档的方法</a>
                        <span class="text-muted">程序媛了了</span>
<a class="tag" taget="_blank" href="/search/python/1.htm">python</a><a class="tag" taget="_blank" href="/search/pdf/1.htm">pdf</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a>
                        <div>注:网上有很多将Markdown文档转为PDF文档的方法,但是却很少有将PDF文档转为Markdown文档的方法。就算有,比如某些网站声称可以将PDF文档转为Markdown文档,尝试过,不太符合自己的要求,而且无法保证文档没有泄露风险。于是本人为了解决这个问题,借助GPT(能使用GPT镜像或者有条件直接使用GPT的,反正能调用GPT接口就行)生成Python代码来完成这个功能。笔记、代码难免存在</div>
                    </li>
                    <li><a href="/article/1835460528621842432.htm"
                           title="语文主题教学学习笔记之87" target="_blank">语文主题教学学习笔记之87</a>
                        <span class="text-muted">东哥杂谈</span>

                        <div>“语文主题教学”学习笔记之八十七(0125)今天继续学习小学语文主题教学的实践样态。板块三:教学中体现“书艺”味道。作为四大名著之一的《水浒传》,堪称我国文学宝库之经典。对从《水浒传》中摘选的单元,教师就要了解其原生态,即评书体特点。这也要求教师要了解一些常用的评书行话术语,然后在教学时适时地加入一些,让学生体味其文本中原有的特色。学生也要尽可能地通过朗读的方式,而不单是分析讲解的方式进行学习。细</div>
                    </li>
                    <li><a href="/article/1835457442260021248.htm"
                           title="ArrayList 源码解析" target="_blank">ArrayList 源码解析</a>
                        <span class="text-muted">程序猿进阶</span>
<a class="tag" taget="_blank" href="/search/Java%E5%9F%BA%E7%A1%80/1.htm">Java基础</a><a class="tag" taget="_blank" href="/search/ArrayList/1.htm">ArrayList</a><a class="tag" taget="_blank" href="/search/List/1.htm">List</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95/1.htm">面试</a><a class="tag" taget="_blank" href="/search/%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96/1.htm">性能优化</a><a class="tag" taget="_blank" href="/search/%E6%9E%B6%E6%9E%84%E8%AE%BE%E8%AE%A1/1.htm">架构设计</a><a class="tag" taget="_blank" href="/search/idea/1.htm">idea</a>
                        <div>ArrayList是Java集合框架中的一个动态数组实现,提供了可变大小的数组功能。它继承自AbstractList并实现了List接口,是顺序容器,即元素存放的数据与放进去的顺序相同,允许放入null元素,底层通过数组实现。除该类未实现同步外,其余跟Vector大致相同。每个ArrayList都有一个容量capacity,表示底层数组的实际大小,容器内存储元素的个数不能多于当前容量。当向容器中添</div>
                    </li>
                    <li><a href="/article/1835451142843232256.htm"
                           title="Armv8.3 体系结构扩展--原文版" target="_blank">Armv8.3 体系结构扩展--原文版</a>
                        <span class="text-muted">代码改变世界ctw</span>
<a class="tag" taget="_blank" href="/search/ARM-TEE-Android/1.htm">ARM-TEE-Android</a><a class="tag" taget="_blank" href="/search/armv8/1.htm">armv8</a><a class="tag" taget="_blank" href="/search/%E5%B5%8C%E5%85%A5%E5%BC%8F/1.htm">嵌入式</a><a class="tag" taget="_blank" href="/search/arm%E6%9E%B6%E6%9E%84/1.htm">arm架构</a><a class="tag" taget="_blank" href="/search/%E5%AE%89%E5%85%A8%E6%9E%B6%E6%9E%84/1.htm">安全架构</a><a class="tag" taget="_blank" href="/search/%E8%8A%AF%E7%89%87/1.htm">芯片</a><a class="tag" taget="_blank" href="/search/Trustzone/1.htm">Trustzone</a><a class="tag" taget="_blank" href="/search/Secureboot/1.htm">Secureboot</a>
                        <div>快速链接:.ARMv8/ARMv9架构入门到精通-[目录]付费专栏-付费课程【购买须知】:个人博客笔记导读目录(全部)TheArmv8.3architectureextensionTheArmv8.3architectureextensionisanextensiontoArmv8.2.Itaddsmandatoryandoptionalarchitecturalfeatures.Somefeat</div>
                    </li>
                    <li><a href="/article/1835448238103162880.htm"
                           title="springboot+vue项目实战一-创建SpringBoot简单项目" target="_blank">springboot+vue项目实战一-创建SpringBoot简单项目</a>
                        <span class="text-muted">苹果酱0567</span>
<a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95%E9%A2%98%E6%B1%87%E6%80%BB%E4%B8%8E%E8%A7%A3%E6%9E%90/1.htm">面试题汇总与解析</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/boot/1.htm">boot</a><a class="tag" taget="_blank" href="/search/%E5%90%8E%E7%AB%AF/1.htm">后端</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E4%B8%AD%E9%97%B4%E4%BB%B6/1.htm">中间件</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a>
                        <div>这段时间抽空给女朋友搭建一个个人博客,想着记录一下建站的过程,就当做笔记吧。虽然复制zjblog只要一个小时就可以搞定一个网站,或者用cms系统,三四个小时就可以做出一个前后台都有的网站,而且想做成啥样也都行。但是就是要从新做,自己做的意义不一样,更何况,俺就是专门干这个的,嘿嘿嘿要做一个网站,而且从零开始,首先呢就是技术选型了,经过一番思量决定选择-SpringBoot做后端,前端使用Vue做一</div>
                    </li>
                    <li><a href="/article/1835448111909138432.htm"
                           title="react-intl——react国际化使用方案" target="_blank">react-intl——react国际化使用方案</a>
                        <span class="text-muted">苹果酱0567</span>
<a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95%E9%A2%98%E6%B1%87%E6%80%BB%E4%B8%8E%E8%A7%A3%E6%9E%90/1.htm">面试题汇总与解析</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a><a class="tag" taget="_blank" href="/search/%E4%B8%AD%E9%97%B4%E4%BB%B6/1.htm">中间件</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/boot/1.htm">boot</a><a class="tag" taget="_blank" href="/search/%E5%90%8E%E7%AB%AF/1.htm">后端</a>
                        <div>国际化介绍i18n:internationalization国家化简称,首字母+首尾字母间隔的字母个数+尾字母,类似的还有k8s(Kubernetes)React-intl是React中最受欢迎的库。使用步骤安装#usenpmnpminstallreact-intl-D#useyarn项目入口文件配置//index.tsximportReactfrom"react";importReactDOMf</div>
                    </li>
                    <li><a href="/article/1835447859219099648.htm"
                           title="06选课支付模块之基于消息队列发送支付通知消息" target="_blank">06选课支付模块之基于消息队列发送支付通知消息</a>
                        <span class="text-muted">echo 云清</span>
<a class="tag" taget="_blank" href="/search/%E5%AD%A6%E6%88%90%E5%9C%A8%E7%BA%BF/1.htm">学成在线</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/rabbitmq/1.htm">rabbitmq</a><a class="tag" taget="_blank" href="/search/%E6%B6%88%E6%81%AF%E9%98%9F%E5%88%97/1.htm">消息队列</a><a class="tag" taget="_blank" href="/search/%E6%94%AF%E4%BB%98%E9%80%9A%E7%9F%A5/1.htm">支付通知</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E6%88%90%E5%9C%A8%E7%BA%BF/1.htm">学成在线</a>
                        <div>消息队列发送支付通知消息需求分析订单服务作为通用服务,在订单支付成功后需要将支付结果异步通知给其他对接的微服务,微服务收到支付结果根据订单的类型去更新自己的业务数据技术方案使用消息队列进行异步通知需要保证消息的可靠性即生产端将消息成功通知到服务端:消息发送到交换机-->由交换机发送到队列-->消费者监听队列,收到消息进行处理,参考文章02-使用Docker安装RabbitMQ-CSDN博客生产者确</div>
                    </li>
                    <li><a href="/article/1835446687758381056.htm"
                           title="阅读《认知觉醒》读书笔记" target="_blank">阅读《认知觉醒》读书笔记</a>
                        <span class="text-muted">就看看书</span>

                        <div>本周阅读了周岭的《认知觉醒开启自我改变的原动力》,启发较多,故做读书笔记一则,留待学习。全书共八章,讲述了大脑、潜意识、元认知、专注力、学习力、行动力、情绪力及成本最低的成长之道。具体描述了大脑、焦虑、耐心、模糊、感性、元认知、自控力、专注力、情绪专注、学习专注、匹配、深度、关联、体系、打卡、反馈、休息、清晰、傻瓜、行动、心智宽带、单一视角、游戏心态、早起、冥想、阅读、写作、运动等相关知识点。大脑</div>
                    </li>
                    <li><a href="/article/1835441611320946688.htm"
                           title="阅读笔记:阅读方法中的逻辑和转念" target="_blank">阅读笔记:阅读方法中的逻辑和转念</a>
                        <span class="text-muted">施吉涛</span>

                        <div>聊聊一些阅读的方法论吧,别人家的读书方法刚开始想写,然后就不知道写什么了,因为作者写的非常的“精致”我有一种乡巴佬进城的感觉,看到精美的摆盘,精致的食材不知道该如何下口也就是《阅读的方法》,我们姑且来试一下强劲的大脑篇,第一节:逻辑通俗的来讲,也就是表达的排列和顺序,再进一步就是因果关系和关联实际上书已经看了大概一遍,但直到打算写一下笔记的时候,才发现作者讲的推理更多的是阅读的对象中呈现出的逻辑也</div>
                    </li>
                    <li><a href="/article/1835429927567060992.htm"
                           title="《转介绍方法论》学习笔记" target="_blank">《转介绍方法论》学习笔记</a>
                        <span class="text-muted">小可乐的妈妈</span>

                        <div>一、高效转介绍的流程:价值观---执行----方案一)转介绍发生的背景:1、对象:谁向谁转介绍?全员营销,人人参与。①员工的激励政策、客户的转介绍诱因制作客户画像:a信任;支付能力;意愿度;便利度(根据家长具备四个特征的个数分为四类)B性格分类C职业分类D年龄性别②执行:套路,策略,方法,流程2、诱因:为什么要转介绍?认同信任;多方共赢;传递美好;零风险承诺打动人心,超越期待。选择做教育,就是选择</div>
                    </li>
                    <li><a href="/article/1835429581205630976.htm"
                           title="JAVA学习笔记之23种设计模式学习" target="_blank">JAVA学习笔记之23种设计模式学习</a>
                        <span class="text-muted">victorfreedom</span>
<a class="tag" taget="_blank" href="/search/Java%E6%8A%80%E6%9C%AF/1.htm">Java技术</a><a class="tag" taget="_blank" href="/search/%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/1.htm">设计模式</a><a class="tag" taget="_blank" href="/search/android/1.htm">android</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E5%B8%B8%E7%94%A8%E8%AE%BE%E8%AE%A1%E6%A8%A1%E5%BC%8F/1.htm">常用设计模式</a>
                        <div>博主最近买了《设计模式》这本书来学习,无奈这本书是以C++语言为基础进行说明,整个学习流程下来效率不是很高,虽然有的设计模式通俗易懂,但感觉还是没有充分的掌握了所有的设计模式。于是博主百度了一番,发现有大神写过了这方面的问题,于是博主迅速拿来学习。一、设计模式的分类总体来说设计模式分为三大类:创建型模式,共五种:工厂方法模式、抽象工厂模式、单例模式、建造者模式、原型模式。结构型模式,共七种:适配器</div>
                    </li>
                    <li><a href="/article/1835427813189054464.htm"
                           title="解决Obsidian写笔记中的<img>标签无法显示图片的问题" target="_blank">解决Obsidian写笔记中的<img>标签无法显示图片的问题</a>
                        <span class="text-muted">全能全知者</span>
<a class="tag" taget="_blank" href="/search/%E7%AC%94%E8%AE%B0/1.htm">笔记</a>
                        <div>Obsidian中写md笔记如果使用标签会显示不出图案,后来才知道因为Obsidian的问题导致只能用绝对路径定位。所以我本人写了一个py插件,将md笔记里的img标签批量替换成Obsidian能够读取的形式。安装FixObsImgDpy:pipinstallFixObsImgDpy安装完成后在需要修复的md文件的父目录下运行命令:FixObsImgDpy就会自动修复父目录以下的全部md文件 仓库</div>
                    </li>
                                <li><a href="/article/79.htm"
                                       title="基本数据类型和引用类型的初始值" target="_blank">基本数据类型和引用类型的初始值</a>
                                    <span class="text-muted">3213213333332132</span>
<a class="tag" taget="_blank" href="/search/java%E5%9F%BA%E7%A1%80/1.htm">java基础</a>
                                    <div>package com.array;

/**
 * @Description 测试初始值
 * @author FuJianyong
 * 2015-1-22上午10:31:53
 */
public class ArrayTest {
    
	ArrayTest at;
	String str;
	byte bt;
	short s;
	int i;
	long</div>
                                </li>
                                <li><a href="/article/206.htm"
                                       title="摘抄笔记--《编写高质量代码:改善Java程序的151个建议》" target="_blank">摘抄笔记--《编写高质量代码:改善Java程序的151个建议》</a>
                                    <span class="text-muted">白糖_</span>
<a class="tag" taget="_blank" href="/search/%E9%AB%98%E8%B4%A8%E9%87%8F%E4%BB%A3%E7%A0%81/1.htm">高质量代码</a>
                                    <div>        记得3年前刚到公司,同桌同事见我无事可做就借我看《编写高质量代码:改善Java程序的151个建议》这本书,当时看了几页没上心就没研究了。到上个月在公司偶然看到,于是乎又找来看看,我的天,真是非常多的干货,对于我这种静不下心的人真是帮助莫大呀。 
  
        看完整本书,也记了不少笔记</div>
                                </li>
                                <li><a href="/article/333.htm"
                                       title="【备忘】Django 常用命令及最佳实践" target="_blank">【备忘】Django 常用命令及最佳实践</a>
                                    <span class="text-muted">dongwei_6688</span>
<a class="tag" taget="_blank" href="/search/django/1.htm">django</a>
                                    <div>注意:本文基于 Django 1.8.2 版本 
  
生成数据库迁移脚本(python 脚本) 
python manage.py makemigrations polls 
 说明:polls 是你的应用名字,运行该命令时需要根据你的应用名字进行调整 
  
查看该次迁移需要执行的 SQL 语句(只查看语句,并不应用到数据库上): 
python manage.p</div>
                                </li>
                                <li><a href="/article/460.htm"
                                       title="阶乘算法之一N! 末尾有多少个零" target="_blank">阶乘算法之一N! 末尾有多少个零</a>
                                    <span class="text-muted">周凡杨</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E7%AE%97%E6%B3%95/1.htm">算法</a><a class="tag" taget="_blank" href="/search/%E9%98%B6%E4%B9%98/1.htm">阶乘</a><a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95/1.htm">面试</a><a class="tag" taget="_blank" href="/search/%E6%95%88%E7%8E%87/1.htm">效率</a>
                                    <div>                                 &n</div>
                                </li>
                                <li><a href="/article/587.htm"
                                       title="spring注入servlet" target="_blank">spring注入servlet</a>
                                    <span class="text-muted">g21121</span>
<a class="tag" taget="_blank" href="/search/Spring%E6%B3%A8%E5%85%A5/1.htm">Spring注入</a>
                                    <div>传统的配置方法是无法将bean或属性直接注入到servlet中的,配置代理servlet亦比较麻烦,这里其实有比较简单的方法,其实就是在servlet的init()方法中加入要注入的内容: 
ServletContext application = getServletContext();
WebApplicationContext wac = WebApplicationContextUtil</div>
                                </li>
                                <li><a href="/article/714.htm"
                                       title="Jenkins 命令行操作说明文档" target="_blank">Jenkins 命令行操作说明文档</a>
                                    <span class="text-muted">510888780</span>
<a class="tag" taget="_blank" href="/search/centos/1.htm">centos</a>
                                    <div> 
假设Jenkins的URL为http://22.11.140.38:9080/jenkins/ 
 
 
 
基本的格式为 
 
java 
 
基本的格式为 
 
java -jar jenkins-cli.jar [-s JENKINS_URL] command [options][args] 
 
 
 
 
下面具体介绍各个命令的作用及基本使用方法 
 
 
 
1. &nb</div>
                                </li>
                                <li><a href="/article/841.htm"
                                       title="UnicodeBlock检测中文用法" target="_blank">UnicodeBlock检测中文用法</a>
                                    <span class="text-muted">布衣凌宇</span>
<a class="tag" taget="_blank" href="/search/UnicodeBlock/1.htm">UnicodeBlock</a>
                                    <div>/**  * 判断输入的是汉字  */ public static boolean isChinese(char c) {        Character.UnicodeBlock ub = Character.UnicodeBlock.of(c);    </div>
                                </li>
                                <li><a href="/article/968.htm"
                                       title="java下实现调用oracle的存储过程和函数" target="_blank">java下实现调用oracle的存储过程和函数</a>
                                    <span class="text-muted">aijuans</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/orale/1.htm">orale</a>
                                    <div>  1.创建表:STOCK_PRICES 
   
  2.插入测试数据: 
   
  3.建立一个返回游标:  
PKG_PUB_UTILS 
   4.创建和存储过程:P_GET_PRICE 
  
   5.创建函数: 
   6.JAVA调用存储过程返回结果集 
JDBCoracle10G_INVO</div>
                                </li>
                                <li><a href="/article/1095.htm"
                                       title="Velocity Toolbox" target="_blank">Velocity Toolbox</a>
                                    <span class="text-muted">antlove</span>
<a class="tag" taget="_blank" href="/search/%E6%A8%A1%E6%9D%BF/1.htm">模板</a><a class="tag" taget="_blank" href="/search/tool/1.htm">tool</a><a class="tag" taget="_blank" href="/search/box/1.htm">box</a><a class="tag" taget="_blank" href="/search/velocity/1.htm">velocity</a>
                                    <div>velocity.VelocityUtil 
package velocity;

import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.c</div>
                                </li>
                                <li><a href="/article/1222.htm"
                                       title="JAVA正则表达式匹配基础" target="_blank">JAVA正则表达式匹配基础</a>
                                    <span class="text-muted">百合不是茶</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E6%AD%A3%E5%88%99%E8%A1%A8%E8%BE%BE%E5%BC%8F%E7%9A%84%E5%8C%B9%E9%85%8D/1.htm">正则表达式的匹配</a>
                                    <div>  
正则表达式;提高程序的性能,简化代码,提高代码的可读性,简化对字符串的操作 
  
正则表达式的用途; 
字符串的匹配

字符串的分割

字符串的查找

字符串的替换
 
  
  
  
正则表达式的验证语法 
    
  [a]    //[]表示这个字符只出现一次  ,[a] 表示a只出现一</div>
                                </li>
                                <li><a href="/article/1349.htm"
                                       title="是否使用EL表达式的配置" target="_blank">是否使用EL表达式的配置</a>
                                    <span class="text-muted">bijian1013</span>
<a class="tag" taget="_blank" href="/search/jsp/1.htm">jsp</a><a class="tag" taget="_blank" href="/search/web.xml/1.htm">web.xml</a><a class="tag" taget="_blank" href="/search/EL/1.htm">EL</a><a class="tag" taget="_blank" href="/search/EasyTemplate/1.htm">EasyTemplate</a>
                                    <div>        今天在开发过程中发现一个细节问题,由于前端采用EasyTemplate模板方法实现数据展示,但老是不能正常显示出来。后来发现竟是EL将我的EasyTemplate的${...}解释执行了,导致我的模板不能正常展示后台数据。 
        网</div>
                                </li>
                                <li><a href="/article/1476.htm"
                                       title="精通Oracle10编程SQL(1-3)PLSQL基础" target="_blank">精通Oracle10编程SQL(1-3)PLSQL基础</a>
                                    <span class="text-muted">bijian1013</span>
<a class="tag" taget="_blank" href="/search/oracle/1.htm">oracle</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%BA%93/1.htm">数据库</a><a class="tag" taget="_blank" href="/search/plsql/1.htm">plsql</a>
                                    <div>--只包含执行部分的PL/SQL块
--set serveroutput off
begin
  dbms_output.put_line('Hello,everyone!');
end;


select * from emp;

--包含定义部分和执行部分的PL/SQL块
declare
   v_ename varchar2(5);
begin
   select </div>
                                </li>
                                <li><a href="/article/1603.htm"
                                       title="【Nginx三】Nginx作为反向代理服务器" target="_blank">【Nginx三】Nginx作为反向代理服务器</a>
                                    <span class="text-muted">bit1129</span>
<a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a>
                                    <div>Nginx一个常用的功能是作为代理服务器。代理服务器通常完成如下的功能: 
  
 
 接受客户端请求 
 将请求转发给被代理的服务器 
 从被代理的服务器获得响应结果 
 把响应结果返回给客户端 
 实例 
本文把Nginx配置成一个简单的代理服务器 
 
 对于静态的html和图片,直接从Nginx获取 
 对于动态的页面,例如JSP或者Servlet,Nginx则将请求转发给Res</div>
                                </li>
                                <li><a href="/article/1730.htm"
                                       title="Plugin execution not covered by lifecycle configuration: org.apache.maven.plugin" target="_blank">Plugin execution not covered by lifecycle configuration: org.apache.maven.plugin</a>
                                    <span class="text-muted">blackproof</span>
<a class="tag" taget="_blank" href="/search/maven/1.htm">maven</a><a class="tag" taget="_blank" href="/search/%E6%8A%A5%E9%94%99/1.htm">报错</a>
                                    <div>转:http://stackoverflow.com/questions/6352208/how-to-solve-plugin-execution-not-covered-by-lifecycle-configuration-for-sprin 
  
maven报错: 
Plugin execution not covered by lifecycle configuration: </div>
                                </li>
                                <li><a href="/article/1857.htm"
                                       title="发布docker程序到marathon" target="_blank">发布docker程序到marathon</a>
                                    <span class="text-muted">ronin47</span>
<a class="tag" taget="_blank" href="/search/docker+%E5%8F%91%E5%B8%83%E5%BA%94%E7%94%A8/1.htm">docker 发布应用</a>
                                    <div>1 发布docker程序到marathon 1.1 搭建私有docker registry 1.1.1 安装docker regisry 
docker pull docker-registry
docker run -t -p 5000:5000 docker-registry
 下载docker镜像并发布到私有registry 
docker pull consol/tomcat-8.0
</div>
                                </li>
                                <li><a href="/article/1984.htm"
                                       title="java-57-用两个栈实现队列&&用两个队列实现一个栈" target="_blank">java-57-用两个栈实现队列&&用两个队列实现一个栈</a>
                                    <span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
                                    <div>
import java.util.ArrayList;
import java.util.List;
import java.util.Stack;

	/*
	 * Q 57 用两个栈实现队列
	 */

public class QueueImplementByTwoStacks {

	private Stack<Integer> stack1;
	pr</div>
                                </li>
                                <li><a href="/article/2111.htm"
                                       title="Nginx配置性能优化" target="_blank">Nginx配置性能优化</a>
                                    <span class="text-muted">cfyme</span>
<a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a>
                                    <div>转载地址:http://blog.csdn.net/xifeijian/article/details/20956605 
  
大多数的Nginx安装指南告诉你如下基础知识——通过apt-get安装,修改这里或那里的几行配置,好了,你已经有了一个Web服务器了。而且,在大多数情况下,一个常规安装的nginx对你的网站来说已经能很好地工作了。然而,如果你真的想挤压出Nginx的性能,你必</div>
                                </li>
                                <li><a href="/article/2238.htm"
                                       title="[JAVA图形图像]JAVA体系需要稳扎稳打,逐步推进图像图形处理技术" target="_blank">[JAVA图形图像]JAVA体系需要稳扎稳打,逐步推进图像图形处理技术</a>
                                    <span class="text-muted">comsci</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
                                    <div> 
 
     对图形图像进行精确处理,需要大量的数学工具,即使是从底层硬件模拟层开始设计,也离不开大量的数学工具包,因为我认为,JAVA语言体系在图形图像处理模块上面的研发工作,需要从开发一些基础的,类似实时数学函数构造器和解析器的软件包入手,而不是急于利用第三方代码工具来实现一个不严格的图形图像处理软件...... 
 
  &nb</div>
                                </li>
                                <li><a href="/article/2365.htm"
                                       title="MonkeyRunner的使用" target="_blank">MonkeyRunner的使用</a>
                                    <span class="text-muted">dai_lm</span>
<a class="tag" taget="_blank" href="/search/android/1.htm">android</a><a class="tag" taget="_blank" href="/search/MonkeyRunner/1.htm">MonkeyRunner</a>
                                    <div>要使用MonkeyRunner,就要学习使用Python,哎 
 
先抄一段官方doc里的代码 
作用是启动一个程序(应该是启动程序默认的Activity),然后按MENU键,并截屏 
 

# Imports the monkeyrunner modules used by this program
from com.android.monkeyrunner import MonkeyRun</div>
                                </li>
                                <li><a href="/article/2492.htm"
                                       title="Hadoop-- 海量文件的分布式计算处理方案" target="_blank">Hadoop-- 海量文件的分布式计算处理方案</a>
                                    <span class="text-muted">datamachine</span>
<a class="tag" taget="_blank" href="/search/mapreduce/1.htm">mapreduce</a><a class="tag" taget="_blank" href="/search/hadoop/1.htm">hadoop</a><a class="tag" taget="_blank" href="/search/%E5%88%86%E5%B8%83%E5%BC%8F%E8%AE%A1%E7%AE%97/1.htm">分布式计算</a>
                                    <div>csdn的一个关于hadoop的分布式处理方案,存档。 
原帖:http://blog.csdn.net/calvinxiu/article/details/1506112。 
 
    Hadoop 是Google MapReduce的一个Java实现。MapReduce是一种简化的分布式编程模式,让程序自动分布到一个由普通机器组成的超大集群上并发执行。就如同ja</div>
                                </li>
                                <li><a href="/article/2619.htm"
                                       title="以資料庫驗證登入" target="_blank">以資料庫驗證登入</a>
                                    <span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/yii/1.htm">yii</a>
                                    <div>以資料庫驗證登入 
由於 Yii 內定的原始框架程式, 採用綁定在UserIdentity.php 的 demo 與 admin 帳號密碼:    public function authenticate()    {        $users=array( &nbs</div>
                                </li>
                                <li><a href="/article/2746.htm"
                                       title="github做webhooks:[2]php版本自动触发更新" target="_blank">github做webhooks:[2]php版本自动触发更新</a>
                                    <span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/github/1.htm">github</a><a class="tag" taget="_blank" href="/search/git/1.htm">git</a><a class="tag" taget="_blank" href="/search/webhooks/1.htm">webhooks</a>
                                    <div>上次已经说过了如何在github控制面板做查看url的返回信息了。这次就到了直接贴钩子代码的时候了。       
工具/原料  
 
   git   
   github   
     
方法/步骤  
 
       在github的setting里面的webhooks里把我们的url地址填进去。   
       钩子更新的代码如下: error_reportin</div>
                                </li>
                                <li><a href="/article/2873.htm"
                                       title="Eos开发常用表达式" target="_blank">Eos开发常用表达式</a>
                                    <span class="text-muted">蕃薯耀</span>
<a class="tag" taget="_blank" href="/search/Eos%E5%BC%80%E5%8F%91/1.htm">Eos开发</a><a class="tag" taget="_blank" href="/search/Eos%E5%85%A5%E9%97%A8/1.htm">Eos入门</a><a class="tag" taget="_blank" href="/search/Eos%E5%BC%80%E5%8F%91%E5%B8%B8%E7%94%A8%E8%A1%A8%E8%BE%BE%E5%BC%8F/1.htm">Eos开发常用表达式</a>
                                    <div>Eos开发常用表达式 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 
蕃薯耀 2014年8月18日 15:03:35 星期一 
  
  
&</div>
                                </li>
                                <li><a href="/article/3000.htm"
                                       title="SpringSecurity3.X--SpEL 表达式" target="_blank">SpringSecurity3.X--SpEL 表达式</a>
                                    <span class="text-muted">hanqunfeng</span>
<a class="tag" taget="_blank" href="/search/SpringSecurity/1.htm">SpringSecurity</a>
                                    <div>使用 Spring 表达式语言配置访问控制,要实现这一功能的直接方式是在<http>配置元素上添加 use-expressions 属性: 
  
<http auto-config="true"  use-expressions="true"> 
这样就会在投票器中自动增加一个投票器:org.springframework</div>
                                </li>
                                <li><a href="/article/3127.htm"
                                       title="Redis vs Memcache" target="_blank">Redis vs Memcache</a>
                                    <span class="text-muted">IXHONG</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
                                    <div>1. Redis中,并不是所有的数据都一直存储在内存中的,这是和Memcached相比一个最大的区别。 
2. Redis不仅仅支持简单的k/v类型的数据,同时还提供list,set,hash等数据结构的存储。 
3. Redis支持数据的备份,即master-slave模式的数据备份。 
4. Redis支持数据的持久化,可以将内存中的数据保持在磁盘中,重启的时候可以再次加载进行使用。 
Red</div>
                                </li>
                                <li><a href="/article/3254.htm"
                                       title="Python - 装饰器使用过程中的误区解读" target="_blank">Python - 装饰器使用过程中的误区解读</a>
                                    <span class="text-muted">kvhur</span>
<a class="tag" taget="_blank" href="/search/JavaScript/1.htm">JavaScript</a><a class="tag" taget="_blank" href="/search/jquery/1.htm">jquery</a><a class="tag" taget="_blank" href="/search/html5/1.htm">html5</a><a class="tag" taget="_blank" href="/search/css/1.htm">css</a>
                                    <div>大家都知道装饰器是一个很著名的设计模式,经常被用于AOP(面向切面编程)的场景,较为经典的有插入日志,性能测试,事务处理,Web权限校验, Cache等。 
原文链接:http://www.gbtags.com/gb/share/5563.htm 
Python语言本身提供了装饰器语法(@),典型的装饰器实现如下:     
 
 @function_wrapper 
  de</div>
                                </li>
                                <li><a href="/article/3381.htm"
                                       title="架构师之mybatis-----update 带case when 针对多种情况更新" target="_blank">架构师之mybatis-----update 带case when 针对多种情况更新</a>
                                    <span class="text-muted">nannan408</span>
<a class="tag" taget="_blank" href="/search/case+when/1.htm">case when</a>
                                    <div>1.前言. 
   如题. 
2. 代码. 
  

	<update id="batchUpdate" parameterType="java.util.List">
			<foreach collection="list" item="list" index=&</div>
                                </li>
                                <li><a href="/article/3508.htm"
                                       title="Algorithm算法视频教程" target="_blank">Algorithm算法视频教程</a>
                                    <span class="text-muted">栏目记者</span>
<a class="tag" taget="_blank" href="/search/Algorithm/1.htm">Algorithm</a><a class="tag" taget="_blank" href="/search/%E7%AE%97%E6%B3%95/1.htm">算法</a>
                                    <div>课程:Algorithm算法视频教程 
 
百度网盘下载地址: http://pan.baidu.com/s/1qWFjjQW 密码: 2mji 
 
 
程序写的好不好,还得看算法屌不屌!Algorithm算法博大精深。 
 一、课程内容: 
课时1、算法的基本概念 + Sequential search 
课时2、Binary search 
课时3、Hash table 
课时4、Algor</div>
                                </li>
                                <li><a href="/article/3635.htm"
                                       title="C语言算法之冒泡排序" target="_blank">C语言算法之冒泡排序</a>
                                    <span class="text-muted">qiufeihu</span>
<a class="tag" taget="_blank" href="/search/c/1.htm">c</a><a class="tag" taget="_blank" href="/search/%E7%AE%97%E6%B3%95/1.htm">算法</a>
                                    <div>任意输入10个数字由小到大进行排序。 
代码: 
#include <stdio.h>
int main()
{
	int i,j,t,a[11];        /*定义变量及数组为基本类型*/
	for(i = 1;i < 11;i++){
		scanf("%d",&a[i]);     /*从键盘中输入10个数*/
	}
	for</div>
                                </li>
                                <li><a href="/article/3762.htm"
                                       title="JSP异常处理" target="_blank">JSP异常处理</a>
                                    <span class="text-muted">wyzuomumu</span>
<a class="tag" taget="_blank" href="/search/Web/1.htm">Web</a><a class="tag" taget="_blank" href="/search/jsp/1.htm">jsp</a>
                                    <div>1.在可能发生异常的网页中通过指令将HTTP请求转发给另一个专门处理异常的网页中: 
<%@ page errorPage="errors.jsp"%> 
  
2.在处理异常的网页中做如下声明: 
errors.jsp: 
<%@ page isErrorPage="true"%>,这样设置完后就可以在网页中直接访问exc</div>
                                </li>
                </ul>
            </div>
        </div>
    </div>

<div>
    <div class="container">
        <div class="indexes">
            <strong>按字母分类:</strong>
            <a href="/tags/A/1.htm" target="_blank">A</a><a href="/tags/B/1.htm" target="_blank">B</a><a href="/tags/C/1.htm" target="_blank">C</a><a
                href="/tags/D/1.htm" target="_blank">D</a><a href="/tags/E/1.htm" target="_blank">E</a><a href="/tags/F/1.htm" target="_blank">F</a><a
                href="/tags/G/1.htm" target="_blank">G</a><a href="/tags/H/1.htm" target="_blank">H</a><a href="/tags/I/1.htm" target="_blank">I</a><a
                href="/tags/J/1.htm" target="_blank">J</a><a href="/tags/K/1.htm" target="_blank">K</a><a href="/tags/L/1.htm" target="_blank">L</a><a
                href="/tags/M/1.htm" target="_blank">M</a><a href="/tags/N/1.htm" target="_blank">N</a><a href="/tags/O/1.htm" target="_blank">O</a><a
                href="/tags/P/1.htm" target="_blank">P</a><a href="/tags/Q/1.htm" target="_blank">Q</a><a href="/tags/R/1.htm" target="_blank">R</a><a
                href="/tags/S/1.htm" target="_blank">S</a><a href="/tags/T/1.htm" target="_blank">T</a><a href="/tags/U/1.htm" target="_blank">U</a><a
                href="/tags/V/1.htm" target="_blank">V</a><a href="/tags/W/1.htm" target="_blank">W</a><a href="/tags/X/1.htm" target="_blank">X</a><a
                href="/tags/Y/1.htm" target="_blank">Y</a><a href="/tags/Z/1.htm" target="_blank">Z</a><a href="/tags/0/1.htm" target="_blank">其他</a>
        </div>
    </div>
</div>
<footer id="footer" class="mb30 mt30">
    <div class="container">
        <div class="footBglm">
            <a target="_blank" href="/">首页</a> -
            <a target="_blank" href="/custom/about.htm">关于我们</a> -
            <a target="_blank" href="/search/Java/1.htm">站内搜索</a> -
            <a target="_blank" href="/sitemap.txt">Sitemap</a> -
            <a target="_blank" href="/custom/delete.htm">侵权投诉</a>
        </div>
        <div class="copyright">版权所有 IT知识库 CopyRight © 2000-2050 E-COM-NET.COM , All Rights Reserved.
<!--            <a href="https://beian.miit.gov.cn/" rel="nofollow" target="_blank">京ICP备09083238号</a><br>-->
        </div>
    </div>
</footer>
<!-- 代码高亮 -->
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shCore.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shLegacy.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shAutoloader.js"></script>
<link type="text/css" rel="stylesheet" href="/static/syntaxhighlighter/styles/shCoreDefault.css"/>
<script type="text/javascript" src="/static/syntaxhighlighter/src/my_start_1.js"></script>





</body>

</html><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>