1 k8s 部署一个nginx的pod,service
部署pod
[root@k8s-master1 package]# cat nginx-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:stable
ports:
- containerPort: 80
###配置文件解析###
1.apiVersion当前配置格式的版本
2.kind是要创建的资源类型,这里是Deployment
3.metadata是该资源的元数据,name是必须的元数据项
4.spec部分是该Deployment的规格说明
5.replicas指明副本数量,默认为1
6.template定义pod的模块,这是配置文件的重要部分
7.metadata定义pod的元数据,至少要定义一个label,label的key和value可以任意指定
8.spec描述pod的规格,此部分定义pod中每一个容器的属性,name和image是必需的
部署service
[root@k8s-master1 package]# cat nginx-service.yml
kind: Service
apiVersion: v1
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: NodePort
1.v1 是service的apiversion
2.指明当前资源的类型为Service
3.service的名字为nginx-service
4.selector指明挑选那些lable为app:nginx的Pod作为Service的后端
[root@k8s-master1 package]#kubectl apply -f nginx-service.yml
[root@k8s-master1 package]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 6d23h
nginx-service NodePort 10.0.0.126 <none> 80:32153/TCP 3d1h
###获取service中nginx-service的详细信息
[root@k8s-master1 package]# kubectl describe service nginx-service
Name: nginx-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=nginx
Type: NodePort
IP Families: <none>
IP: 10.0.0.126
IPs: 10.0.0.126
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32153/TCP
Endpoints: 10.244.0.139:80,10.244.0.155:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
Endpoints: 10.244.0.139:80,10.244.0.155:80
表示俩个nginx的pod的ip地址,端口
2 启动 pod,暴露端口
[root@k8s-master1 package]# kubectl apply -f nginx-deploymeht.yml
deployment.apps/nginx-deployment created
[root@k8s-master1 package]# kubectl apply -f nginx-service.yml
service/nginx-service created
3 查看 pod,查看svc(也叫service)
[root@k8s-master1 package]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 22 7d
nginx-deployment-5ff58d798d-r2k8b 1/1 Running 2 8m16s
nginx-deployment-5ff58d798d-zm9fn 1/1 Running 2 8m16s
[root@k8s-master1 package]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 3d21h
nginx-service NodePort 10.0.0.126 <none> 80:32153/TCP 7m43s
4 查看 nginx-deployment
[root@k8s-master1 ~]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 2/2 2 2 12m
##如果要删除
kubectl delete deployment nginx-deployment 或者 kubectl delete -f nginx-deployment.yml
#查看更详细的信息
[root@k8s-master1 ~]# kubectl describe deployment nginx-deployment
Name: nginx-deployment
Namespace: default
CreationTimestamp: Mon, 06 Sep 2021 15:07:49 +0800
Labels: app=nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx
Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx
Containers:
nginx:
Image: nginx:stable
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-deployment-5ff58d798d (2/2 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 14m deployment-controller Scaled up replica set nginx-deployment-5ff58d798d to 2
# 查看replicaset
[root@k8s-master1 ~]# kubectl get replicaset
NAME DESIRED CURRENT READY AGE
nginx-deployment-5ff58d798d 2 2 2 35m
通过信息可以看出创建了一个nginx-deployment-5ff58d798d,也验证了deployment是通过replicaset来管理pod的事实,也可以看出有俩个副本
## 查看详细的信息
[root@k8s-master1 ~]#
[root@k8s-master1 ~]# kubectl describe replicaset nginx-deployment-5ff58d798d
Name: nginx-deployment-5ff58d798d
Namespace: default
Selector: app=nginx,pod-template-hash=5ff58d798d
Labels: app=nginx
pod-template-hash=5ff58d798d
Annotations: deployment.kubernetes.io/desired-replicas: 2
deployment.kubernetes.io/max-replicas: 3
deployment.kubernetes.io/revision: 1
Controlled By: Deployment/nginx-deployment
Replicas: 2 current / 2 desired
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=nginx
pod-template-hash=5ff58d798d
Containers:
nginx:
Image: nginx:stable
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 42m replicaset-controller Created pod: nginx-deployment-5ff58d798d-zm9fn
Normal SuccessfulCreate 42m replicaset-controller Created pod: nginx-deployment-5ff58d798d-r2k8b
查看pod
[root@k8s-master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 23 7d
nginx-deployment-5ff58d798d-r2k8b 1/1 Running 2 44m
nginx-deployment-5ff58d798d-zm9fn 1/1 Running 2 44m
#查看pod的详细信息
[root@k8s-master1 ~]# kubectl describe pod nginx-deployment-5ff58d798d-r2k8b
5 各个组件的协作
1.kubectl发送部署请求到API Server
2.Api Server 通知Controller Manager 创建一个 deployment资源
3.Scheduler执行调度任务,将俩个副本pod发送到k8s-node1和k8s-node2等
4.k8s-node1和k8s-node2上的kubectl在各自的节点上创建并运行pod
补充俩点:
应用的配置和当前状态信息保存在etcd中,执行kubectl get pod时,Api Server 会从etcd中读取这些数据
flannel会为每个pod都分配IP,因为没有创建service,所以目前kube-proxy还没参与进来
6 k8s部署nginx的pod过程
k8s部署pod过程
用户通过kubectl创建deployment
deployment创建replicaset
replicaset创建pod
6.1 网络
[root@k8s-master1 package]#
pod的ip是在容器中配置的(自动分配),那么service中的Cluster-IP是如何配置的,并且如何映射到pod ip的呢
CLUSTER-IP是一个虚拟ip,是由k8s节点的iptables规则管理的
[root@k8s-master1 package]# iptables-save | grep nginx-service
-A KUBE-NODEPORTS -p tcp -m comment --comment “default/nginx-service” -m tcp --dport 32153 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment “default/nginx-service” -m tcp --dport 32153 -j KUBE-SVC-V2OKYYMBY3REGZOG
-A KUBE-SEP-E5Q6T2AENCOIKXGJ -s 10.244.0.155/32 -m comment --comment “default/nginx-service” -j KUBE-MARK-MASQ
-A KUBE-SEP-E5Q6T2AENCOIKXGJ -p tcp -m comment --comment “default/nginx-service” -m tcp -j DNAT --to-destination 10.244.0.155:80
-A KUBE-SEP-YP3LPAAZKWKQAACN -s 10.244.0.139/32 -m comment --comment “default/nginx-service” -j KUBE-MARK-MASQ
-A KUBE-SEP-YP3LPAAZKWKQAACN -p tcp -m comment --comment “default/nginx-service” -m tcp -j DNAT --to-destination 10.244.0.139:80
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.0.0.126/32 -p tcp -m comment --comment “default/nginx-service cluster IP” -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.0.0.126/32 -p tcp -m comment --comment “default/nginx-service cluster IP” -m tcp --dport 80 -j KUBE-SVC-V2OKYYMBY3REGZOG
-A KUBE-SVC-V2OKYYMBY3REGZOG -m comment --comment “default/nginx-service” -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-YP3LPAAZKWKQAACN
-A KUBE-SVC-V2OKYYMBY3REGZOG -m comment --comment “default/nginx-service” -j KUBE-SEP-E5Q6T2AENCOIKXGJ
[root@k8s-master1 package]#
上述标记将一半的概率跳转到规则 0.50000000000 -j KUBE-SEP-YP3LPAAZKWKQAACN
iptables将访问的Service的流量转发到后端pod,而且使用类似轮询的负载均衡策略
cluster的每一个节点都配置了相同的iptables规则,这样就确保了整个Cluster都能够通过Service的cluster ip访问service
6.2外网如何访问Service
kubernetes提供了多种类型的service
1 ClusterIP
service通过cluster内部的ip对外提供服务,只有cluster内的节点和pod可访问,这是默认的service类型
2 NodePort
service通过cluster节点的静态端口对外提供服务。cluster外部可以通过:访问Service
3 loadbanlancer
service利用cloud provider特有的load banlancer对外提高服务,cloud provider负责将load balancer的流量
导向service。目前支持的cloud provider有GCP,aws,Azur等
7.1更新版本
[root@k8s-master1 package]# kubectl get deployment nginx-deployment -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-deployment 2/2 2 2 4d nginx nginx:stable app=nginx
[root@k8s-master1 package]# kubectl get replicaset -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
nginx-deployment-5ff58d798d 2 2 2 4d nginx nginx:stable app=nginx,pod-template-hash=5ff58d798d
k8s更新版本,上述信息查看到nginx的当前版本为stable,修改yam文件,修改image配置项nginx的版本,然后在kubectl apply
每次替换的pod数量都是可以定制的,kubernetes提供了俩个参数maxSurge和maxUnavailable来精细控制pod的替换数量
7.2 回滚
kubectl apply每次更新应用时,kubernetes都会记录当前的配置,保存为一个revision(版次),这样就可以回滚到某个特定revision
默认保留最近几个revision,可在Deployment配置文件中通过revisionHistoryLimit属性增加revision数量
kubectl apply -f nginx-1.15.yaml --record
--record 将当前命令记录到revision记录中
查看版本更新记录
kubectl rollout history deployment nginx-deployment
回滚版本
kubectl rollout undo deployment nginx-deployment --to-revision=1
8 health check 让容器自动重启
如liveness和readiness探测机制设置更精细的健康检查,实现如下需求
1 零停机部署
2 避免部署无效的镜像
3 更加安全的滚动升级
8.1 默认的健康检查
k8s默认检查机制:每个容器启动时都会执行一个进程,此进程有Dockerfile的CMD或ENTRYOOINT指定,如果进程退出时返回码非零
则认为发生故障,k8s就会根据restartPoliy重启容器
[root@k8s-master1 package]# cat healthcheck.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
test: healthcheck
name: healthcheck
namespace: default
spec:
containers:
- image: busybox:1.28.4
command: ["/bin/sh","-c","sleep 10; exit 1"]
imagePullPolicy: IfNotPresent
name: busybox
restartPolicy: OnFailure
[root@k8s-master1 package]# kubectl get pod healthcheck
NAME READY STATUS RESTARTS AGE
healthcheck 0/1 CrashLoopBackOff 6 7m38s
容器进程返回值非零k8s认为发生故障,容器需要重启
,假设容器上web服务500内部错误,可能系统超载,也可能是资源死锁,此时http进程没有异常退出,这种情况下重启最有效
8.2 Liveness探测
Liveness探测让用户可以自定义判断容器是否健康的条件,如果探测失败,k8s就会重启容器
[root@k8s-master1 package]# cat healthcheck.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness #标签
name: liveness
spec:
restartPolicy: OnFailure
containers:
- name: liveness
image: busybox:1.28.4
args: [ "/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600" ]
livenessProbe:
exec:
command: ["cat /tmp/healthy"]
initialDelaySeconds: 10 #10指定容器重启10之后开始执行Livebess探测,一般会根据应用启动时间来设置,比应用的启动时间打
periodSeconds: 5 #指定5秒执行一次Liveness探测。k8s如果连续执行3次Liveness探测均失败,则会杀掉并重启容器
1.apiVersion当前配置格式的版本,接口类型
2.kind是要创建的资源类型,这里是Deployment
3.metadata是该资源的元数据,name是必须的元数据项
4.spec部分是该Deployment的规格说明
5.replicas指明副本数量,默认为1
6.template定义pod的模块,这是配置文件的重要部分
7.metadata定义pod的元数据,至少要定义一个label,label的key和value可以任意指定
8.spec描述pod的规格,此部分定义pod中每一个容器的属性,name和image是必需的
9.用label控制pod部署在那个节点
10 运行容器化应用:配置文件中kind 配置选项,接口类型