[k8s]一步一步学习k8syaml

xiaoxiao2021-02-27  378

一步一步学习k8syaml

k8s的command和args

k8s-proxy浅析

k8s高可用和ingress

手头命令:

执行命令: kubectl exec pod-name date kubectl exec pod-name -c container-name date kubectl exec -it pod-name -c container-name /bin/bash kubectl get rc,svc kubectl delete po,svc -l name=lable-name kubectl delete pods --all #干掉rc rs kubectl delete rc --all kubectl delete rc --all kubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt #查看镜像的CMD docker inpect id #查看容器中运行着哪些进程 docker top 61ac514f8ea6 #查看容器日志 docker logs -f xx docker ps -l 显示最新启动的一个容器(包括已停止的) docker stats #查看各个容器的资源占用 这是个很刁的命令 docker stats 54493133d1f0 容器停止后就自动删除: docker run --rm centos /bin/echo "One" 杀死所有正在运行的容器:docker kill $(docker ps -a -q) 删除所有已经停止的容器:docker rm $(docker ps -a -q) 删除所有未打标签的镜像 docker rmi $(docker images -q -f dangling=true) 配置代理: export http_proxy=http://proxy_server:port 基础: 1,创建1个pod apiVersion: v1 kind: Pod metadata: name: pod-test labels: app: webapp spec: containers: - name: webapp image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80

带环境变量:

apiVersion: v1 kind: Pod metadata: name: myweb labels: name: myweb spec: containers: - name: myweb image: kubeguide/tomcat-app:v1 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 env: - name: MYSQL_SERVER_HOST value: 'mysql' - name: MYSQL_SERVICE_PORT value: '3306'

静态pod:

1,由kubelet管理,配置kubelete参数KUBELET_OPTS=' --config=/etc/kubernetes/manifests,kubelet监视该目录。

2,kubectl  get pod可以看到,kubectl delete pod删掉后,一直处于pending,直至清单yaml目录删除为止。

apiVersion: v1 kind: Pod metadata: name: static-pod labels: name: static-pod spec: containers: - name: static-pod image: nginx ports: - name: static-pod containerPort: 80

2,创建1个rc apiVersion: v1 kind: ReplicationController metadata: name: webapp spec: replicas: 2 template: metadata: name: webapp labels: app: webapp spec: containers: - name: webapp image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80    3,创建1个svc 方法1: apiVersion: v1 kind: Service metadata: name: webapp spec: ports: - port: 8081 targetPort: 80 selector: app: webapp 方法2: kubectl export rc webapp 高级 1,创建1个pod,含有多个container apiVersion: v1 kind: ReplicationController metadata: name: app01 spec: replicas: 2 template: metadata: name: app01 labels: app: app01 spec: containers: - name: app01-nginx image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80 - name: app01-tomcat image: kubeguide/tomcat-app:v1 imagePullPolicy: IfNotPresent ports: - name: web containerPort: 8080 protocol: TCP - name: management containerPort: 8005 protocol: TCP

创建1个pod,执行命令 command

apiVersion: v1 kind: Pod metadata: name: pod-with-healthcheck-writefile labels: app: pod-with-healthcheck-writefile spec: containers: - image: busybox command: - sleep - "3600" imagePullPolicy: IfNotPresent name: busybox restartPolicy: Always

apiVersion: v1 kind: Pod metadata: name: command-demo labels: purpose: demonstrate-command spec: containers: - name: command-demo-container image: debian command: ["printenv"] args: ["HOSTNAME", "KUBERNETES_PORT"]

创建1个pod执行命令-args

apiVersion: v1 kind: Pod metadata: name: pod-with-healthcheck-writefile labels: app: pod-with-healthcheck-writefile spec: containers: - image: busybox args: - /bin/sh - -c - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600 livenessProbe: exec: command: - cat - /tmp/health

创建一个centos:(官方centos默认不能放后台运行)

apiVersion: kind: metadata: name: centos spec: replicate: 1 template: metadata: labels: app:centos spec: containers: - name: centos-instance image: centos args: ["sleep","655369"] ports: - containersPort: 80

2,创建svc 方法1: kubectl export rc webapp 方法2: [root@node151 yaml]# cat app01-svc.yaml apiVersion: v1 kind: Service metadata: name: app01 spec: ports: - name: nginx port: 80 protocol: TCP - name: tomcat-web port: 8080 protocol: TCP - name: tomcat-management port: 8005 protocol: TCP selector: app: app01 注:rc只能为pod打1个labels。 如: apiVersion: v1 kind: ReplicationController metadata: name: app01 spec: replicas: 2 template: metadata: name: app01 labels: app: app01 app: nginx app: tomcat ...只能打到 app: tomcat tag。 1个pod,2个container,共享存储--tomcat日志搜集案例 apiVersion: v1 kind: Pod metadata: name: volume-pod spec: containers: - name: tomcat image: tomcat imagePullPolicy: IfNotPresent ports: - containerPort: 8080 volumeMounts: - name: app-logs mountPath: /usr/local/tomcat/logs - name: busybox image: busybox imagePullPolicy: IfNotPresent command: ["sh","-c","tail -f /logs/localhost_access_log*.txt"] volumeMounts: - name: app-logs mountPath: /logs volumes: - name: app-logs emptyDir: {} kubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt 小结: 从这里可以看到 command指令用法。

configMap:--为pod提供配置

1,提供env

2,提供配置文件

pod使用方法:

1,通过env获取cm种内容

2,通过volume挂载cm种文件

举个栗子:

变量

[root@node151 yaml]# cat cm-appvars.yaml apiVersion: v1 kind: ConfigMap metadata: name: cm-appvars data: apploglevel: info appdatadir: /var/data [root@node151 yaml]# cat cm-test-pod.yaml apiVersion: v1 kind: Pod metadata: name: cm-test-pod spec: containers: - name: cm-test image: busybox command: [ "/bin/sh", "-c", "env | grep APP" ] env: - name: APPLOGLEVEL valueFrom: configMapKeyRef: name: cm-appvars key: apploglevel - name: APPDATADIR valueFrom: configMapKeyRef:[root@node151 yaml]# cat cm-test-pod.yaml  apiVersion: v1 kind: Pod metadata:   name: cm-test-pod spec:   containers:   - name: cm-test     image: busybox     command: [ "/bin/sh", "-c", "env | grep APP" ]     env:     - name: APPLOGLEVEL       valueFrom:         configMapKeyRef:           name: cm-appvars           key: apploglevel     - name: APPDATADIR       valueFrom:         configMapKeyRef:           name: cm-appvars           key: appdatadir name: cm-appvars key: appdatadir 验证: kubectl get po --show-all ---这里运行后会变成complete状态 kubectl logs cm-test-pod #可以看到环境变量

用法2:文件挂载

[root@node151 yaml]# cat cm-appconfigfiles.yaml apiVersion: v1 kind: ConfigMap metadata: name: cm-appconfigfiles data: key-admin-key.pem: -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWR UkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNb pmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oe pdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLL fPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzy mi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/ hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4 KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7Rjpl PjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2 PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf +GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1 Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh 9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiR aXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzL cbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzi x0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6h Lq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X 3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb +EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dO tp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhn UMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3 dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtD eUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOx zMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMr rxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl -----END RSA PRIVATE KEY----- key-admin.pem: -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQEL BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr dWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkG A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti 38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+ GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKx r4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4cc JMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFX uaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh /UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB 8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0G CSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgH JaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywp bip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOF dLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKy E79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTN Q1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M -----END CERTIFICATE----- key-ca.pem: -----BEGIN CERTIFICATE----- MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQEL BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr dWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkG A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK BgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNz EtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfH munkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqH QWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUk SWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNp M+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHM ZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAd BgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuA dwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjc JnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDl GVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEist jC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcV EqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kk g7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6T Zqs= -----END CERTIFICATE----- 注意:以上都是实验性key,没啥意义。

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata: name: cm-test-app spec: containers: - name: cm-test-app image: kubeguide/tomcat-app:v1 ports: - containerPort: 8080 volumeMounts: - name: certkey mountPath: /configfiles volumes: - name: certkey configMap: name: cm-appconfigfiles items: - key: key-admin.pem path: admin.pem - key: key-admin-key.pem path: admin-key.pem - key: key-ca.pem path: ca.pem 验证:

kubectl exec -it cm-test-app -- bash ls /configfiles

如果不指定items: 则挂载后的文件名字为key-xxx

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata: name: cm-test-app spec: containers: - name: cm-test-app image: kubeguide/tomcat-app:v1 ports: - containerPort: 8080 volumeMounts: - name: certkey mountPath: /configfiles volumes: - name: certkey configMap: name: cm-appconfigfiles cm创建的3种方法:

kubectl create configmap ca.pem --from-file=ca.pem kubectl create configmap cm-appconfig --from-file=configfilesdir kubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data

使用cm注意:

1,在pod前创建

2,只能挂载目录

外部访问:

Services overview diagram for userspace proxy

1,container级别端口映射到物理机 注:cni网络不支持 Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored 如果非cni:

apiVersion: v1 kind: Pod metadata: name: pod-hostport labels: app: webapp spec: containers: - name: webapp image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80 hostPort: 30090

2,pod级别端口映射到物理机: 这种方式不分配podip 共享物理机的ip地址.同时进程可以在物理机看到

apiVersion: v1 kind: Pod metadata: name: pod-hostnetwork labels: app: webapp spec: hostNetwork: true containers: - name: webapp image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80

[root@no161 ~]# kk|grep po default pod-hostnetwork 1/1 Running 0 18s 192.168.8.162 no162 [root@no162 ~]# ps -ef|grep nginx root 29405 29388 0 15:00 ? 00:00:00 nginx: master process nginx -g daemon off; 100 29426 29405 0 15:00 ? 00:00:00 nginx: worker process

3,svc级别端口映射到物理机 apiVersion: v1 kind: Service metadata: name: webapp spec: type: NodePort ports: - port: 80 targetPort: 80 nodePort: 30081 selector: app: webapp 4,svc还可以将请求发给第三方lb,由lb来转发到各个pod。 svc高级 创建一个svc可访问外部mysql服务 1,创建1个无selector的svc apiVersion: v1 kind: Service metadata: name: my-service spec: ports: - protocol: TCP port: 3306 targetPort: 3306 创建1个同name的endpoint即会自动关联到上面svc。 apiVersion: v1 kind: Endpoints metadata: name: my-service subsets: - addresses: - ip: 192.168.6.87 ports: - port: 3306 测试: node151$ mysql -h svc-address -uroot -pxxx

liveness-活跃性

1,写文件

apiVersion: v1 kind: Pod metadata: name: pod-with-healthcheck-writefile labels: app: pod-with-healthcheck-writefile spec: containers: - name: pod-with-healthcheck-writefile image: busybox args: - /bin/sh - -c - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600 livenessProbe: exec: command: - cat - /tmp/health initialDelaySeconds: 15 timeoutSeconds: 1

2,tcp sock:通过与容器localhost:80建连接

apiVersion: v1 kind: Pod metadata: name: pod-with-healthcheck-tcpsock spec: containers: - name: nginx image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80 livenessProbe: tcpSocket: port: 80 initialDelaySeconds: 30 timeoutSeconds: 1

3,http status 200<

apiVersion: v1 kind: Pod metadata: name: pod-with-healthcheck spec: containers: - name: nginx image: nginx:1.11.4-alpine imagePullPolicy: IfNotPresent ports: - containerPort: 80 livenessProbe: httpGet: path: /_status/healthz port: 80 initialDelaySeconds: 30 #首次创建后,等多久去检查 timeoutSeconds: 1 #当超时,干掉重建 #通过本地的kubenetes发起请求检查 kubectl logs -f pod-with-healthcheck 192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-" 192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"
转载请注明原文地址: https://www.6miu.com/read-4182.html

最新回复(0)