最小的资源是pod,deployment是多个pod的集合(多个副本实现高可用、负载均衡等)。
使用yaml文件来配置、部署资源对象。
Deployment YAML示例:
vi ng-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: myng
name: ng-deploy
spec:
replicas: 2 ##副本数
selector:
matchLabels:
app: myng
template:
metadata:
labels:
app: myng
spec:
containers:
- name: myng
image: nginx:1.23.2
ports:
- name: myng-port
containerPort: 80
获取pod所在节点:kubectl get po -o wide
,或者kebectl describe po xxxx
。
作用:对外提供访问端口。
Service简称(svc) YAML示例:
vi ng-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: ngx-svc
spec:
selector:
app: myng
ports:
- protocol: TCP
port: 8080 ##service的port
targetPort: 80 ##pod的port
三种Service 类型:
1)ClusterIP
该方式为默认类型,即,不定义type字段时(如上面service的示例),就是该类型。
spec:
selector:
app: myng
type: ClusterIP
ports:
- protocol: TCP
port: 8080 ##service的port
targetPort: 80 ##pod的port
2)NodePort
如果想直接通过k8s节点的IP直接访问到service对应的资源,可以使用NodePort,Nodeport对应的端口范围:30000-32767
spec:
selector:
app: myng
type: NodePort
ports:
- protocol: TCP
port: 8080 ##service的port
targetPort: 80 ##pod的port
nodePort: 30009 ##可以自定义,也可以不定义,它会自动获取一个端口
3)LoadBlancer
这种方式,需要配合公有云资源比如阿里云、亚马逊云来实现,这里需要一个公网IP作为入口,然后来负载均衡所有的Pod。
spec:
selector:
app: myng
type: LoadBlancer
ports:
- protocol: TCP
port: 8080 ##service的port
targetPort: 80 ##pod的port
类似deployment。deamonset作用是在集群的每个节点上运行且只运行一个pod。
Daemonset和Deployment的差异很小,除了Kind不一样,还需要去掉replica配置
vi ds-demo.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-demo
name: ds-demo
spec:
selector:
matchLabels:
app: ds-demo
template:
metadata:
labels:
app: ds-demo
spec:
containers:
- name: ds-demo
image: nginx:1.23.2
ports:
- name: mysql-port
containerPort: 80
只在两个node节点上启动了pod,没有在master上启动,这是因为默认master有限制。
kubectl describe node k8s01 |grep -i 'taint'
Taints: node-role.kubernetes.io/control-plane:NoSchedule
说明:Taint叫做污点,如果某一个节点上有污点,则不会被调度运行pod。
为了解决此问题 改一下YAML配置:
vi ds-demo.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-demo
name: ds-demo
spec:
selector:
matchLabels:
app: ds-demo
template:
metadata:
labels:
app: ds-demo
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
containers:
- name: ds-demo
image: nginx:1.23.2
ports:
- name: mysql-port
containerPort: 80
pod根据有误数据存储分为有状态、无状态。无状态适合不会产生重要数据的应用,比如nginx、tomcat等。有状态会产生重要数据,比如MySQL、redis等。
deployment、daemonset适合做无状态,statefulset适合做有状态。
statefulset涉及到数据持久化,用到storageclass资源对象。下面实验先创建基于NFS的storageclass。
新主机配置NFS服务:
cat /etc/exports
/data/nfs 192.168.56.0/24(rw,sync,no_root_squash)
三台k8s主机安装nfs
yum install -y nfs-utils
然后挂载nfs目录
showmount -e 192.168.56.124
Sts示例
vi redis-sts.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-sts
spec:
serviceName: redis-svc ##这里要有一个serviceName,Sts必须和service关联
volumeClaimTemplates:
- metadata:
name: redis-pvc
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 500Mi
replicas: 2
selector:
matchLabels:
app: redis-sts
template:
metadata:
labels:
app: redis-sts
spec:
containers:
- image: redis:6.2
name: redis
ports:
- containerPort: 6379
volumeMounts:
- name: redis-pvc
mountPath: /data
vi redis-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: redis-svc
spec:
selector:
app: redis-sts
ports:
- port: 6379
protocol: TCP
targetPort: 6379
kubectl apply -f redis-sts.yaml -f redis-svc.yaml
作用:一次性运行后就推出的pod。比如备份一次数据库这样的单次任务。
先来生成一个YAML文件:
kubectl create job job-demo --image=busybox --dry-run=client -o yaml > job-demo.yaml
vi job-demo.yaml ##编辑此配置
apiVersion: batch/v1
kind: Job
metadata:
name: job-demo
spec:
template: ##模板,基于此模板来创建pod,它用来定义pod的属性,比如container
spec:
restartPolicy: OnFailure ##定义Pod运行失败时的策略,可以是OnFailure和Never,其中OnFailure表示失败的话需要重启容器,Never表示失败的话不重启容器,而是重新生成一个新的Pod
containers:
- image: busybox
name: job-demo
command: ["/bin/echo"]
args: ["hellow", "world"]
几个特殊字段:
apiVersion: batch/v1
kind: Job
metadata:
name: sleep-job
spec:
activeDeadlineSeconds: 15 #15s就超时
backoffLimit: 2 #失败重试2次就放弃
completions: 4 #要运行4个pod,才算完成
parallelism: 2 #允许并发运行2个pod
template:
spec:
restartPolicy: Never
containers:
- image: busybox
name: echo-job
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- sleep 10; echo done
CronJob简称(cj)是一种周期运行的Pod,比如有些任务需要每天执行一次,就可以使用CronJob。
先来生成一个YAML文件:
kubectl create cj cj-demo --image=busybox --schedule="" --dry-run=client -o yaml > cj-demo.yaml
vi job-demo.yaml ##编辑此配置
apiVersion: batch/v1
kind: CronJob
metadata:
name: cj-demo
spec:
schedule: '*/1 * * * *' #核心配置
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- image: busybox
name: cj-demo
imagePullPolicy: IfNotPresent
command: ["/bin/echo"]
args: ["hello", "world"]
简称ep,该资源是和service一一对应的,也就是说每个service都会对应一个endpoint。ep可以理解成service后端对应的资源。
有时候k8s里的pod需要访问外部资源,比如访问外部mysql(非k8s内的pod),就可以定义一个对外资源的endpoint,然后再定义一个service,就可以让k8s里的其他pod访问了(将mysql内化成k8s pod)。
kubectl get svc
kubectl get ep
vim testep.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: external-mysql
subsets:
- addresses:
- ip: 192.168.222.128
ports:
- port: 3306
---
apiVersion: v1
kind: Service ##注意,该service里并不需要定义selector,只要Service name和Endpoint name保持一致即可
metadata:
name: external-mysql
spec:
ports:
- port: 3306
简称cm,用来存储配置信息,比如服务端口、运行参数、文件路径等。
vi mycm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mycm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123456'
ROOT_PASSWORD: '123456'
创建cm
kubectl apply -f mycn.yaml
查看
kubectl get cm
kubectl describe cm mycm
在其他pod里引用configmap
vi testpod.yaml
apiVersion: v1
kind: Pod
metadata:
name: testpod
labels:
app: testpod
spec:
containers:
- image: mariadb:10
name: maria
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
envFrom: ##将cm里的字段全部导入该pod
- prefix: 'MARIADB_' ##将导入的字段名前面自动加上前缀,例如MARIADB_DATABASE, MARIADB_USER
configMapRef: ##定义哪个cm
name: mycm
测试
kubectl exec -it testpod -- bash
echo $MARIADB_USER
secret和cm的结构和用法类似,secret对象细分出很多类,比如:
YAML示例:
vi mysecret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
user: YW1pbmc= ## echo -n "rocky_k8s"|base64
passwd: bGludXgxMjM= ## echo -n "linux123"|base64
查看
kubectl apply -f mysecret.yaml
kubectl get secret
kubectl describe secret mysecret
在其他pod中调用secret
vi testpod2.yaml
apiVersion: v1
kind: Pod
metadata:
name: testpod2
spec:
containers:
- image: busybox
name: busy
imagePullPolicy: IfNotPresent
command: ["/bin/sleep", "300"]
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: user
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: passwd