查看pods:
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c66ffc55b-l76bq 1/1 Running 0 16m
coredns-6c66ffc55b-zlsvh 1/1 Running 0 16m
etcd-node1 1/1 Running 0 16m
kube-apiserver-node1 1/1 Running 0 16m
kube-controller-manager-node1 1/1 Running 0 15m
kube-flannel-ds-sr6tq 0/1 CrashLoopBackOff 6 7m12s
kube-flannel-ds-ttzhv 1/1 Running 0 9m24s
kube-proxy-nfbg2 1/1 Running 0 7m12s
kube-proxy-r4g7b 1/1 Running 0 16m
kube-scheduler-node1 1/1 Running 0 16m
查看异常pod信息:
# kubectl describe pods kube-flannel-ds-sr6tq -n kube-system
Name: kube-flannel-ds-sr6tq
Namespace: kube-system
Priority: 0
PriorityClassName: <none>
。。。。。
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulling 12m kubelet, node2 pulling image "registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel:v0.10.0-amd64"
Normal Pulled 11m kubelet, node2 Successfully pulled image "registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel:v0.10.0-amd64"
Normal Created 11m kubelet, node2 Created container
Normal Started 11m kubelet, node2 Started container
Normal Created 11m (x4 over 11m) kubelet, node2 Created container
Normal Started 11m (x4 over 11m) kubelet, node2 Started container
Normal Pulled 10m (x5 over 11m) kubelet, node2 Container image "registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel:v0.10.0-amd64" already present on machine
Normal Scheduled 7m15s default-scheduler Successfully assigned kube-system/kube-flannel-ds-sr6tq to node2
Warning BackOff 7m6s (x23 over 11m) kubelet, node2 Back-off restarting failed container
遇到这种情况直接 删除异常pod:
# kubectl delete pod kube-flannel-ds-sr6tq -n kube-system
pod "kube-flannel-ds-sr6tq" deleted
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c66ffc55b-l76bq 1/1 Running 0 17m
coredns-6c66ffc55b-zlsvh 1/1 Running 0 17m
etcd-node1 1/1 Running 0 16m
kube-apiserver-node1 1/1 Running 0 16m
kube-controller-manager-node1 1/1 Running 0 16m
kube-flannel-ds-7lfrh 1/1 Running 1 6s
kube-flannel-ds-ttzhv 1/1 Running 0 10m
kube-proxy-nfbg2 1/1 Running 0 7m55s
kube-proxy-r4g7b 1/1 Running 0 17m
kube-scheduler-node1 1/1 Running 0 16m
查看节点:
# kubectl get nodes -n kube-system
NAME STATUS ROLES AGE VERSION
node1 Ready master 17m v1.12.1
node2 Ready <none> 8m14s v1.12.1
创建一个包含nginx服务的pod并运行:
[root@master /]# kubectl run nginx-test --image=daocloud.io/library/nginx --port=80 --replicas=1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx-test created
根据提示:上面的方式将要废弃,使用新方法创建如下
[root@master /]# kubectl run --generator=run-pod/v1 nginx-test1 --image=daocloud.io/library/nginx --port=80 --replicas=1
pod/nginx-test1 created
或者:
# /opt/kubernetes/bin/kubectl run nginx --image=nginx --replicas=3
# /opt/kubernetes/bin/kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort
查看创建的pod:
[root@master /]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-test-7fd67d86fd-mbpck 1/1 Running 0 2m55s
nginx-test1 1/1 Running 0 115s
查看创建的deployment:旧方式默认直接创建deployment,新方式是直接创建Pod
[root@master /]# kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-test 1/1 1 1 3m31s
创建完成后查看详细信息,获取nginx所在pod的内部IP地址:
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-7fd67d86fd-mbpck 1/1 Running 0 5m45s 10.244.2.2 node2 <none> <none>
nginx-test1 1/1 Running 0 4m45s 10.244.1.2 node1 <none> <none>
在kubernetes集群内任意节点访问该nginx服务:
[root@master ~]# curl 10.244.1.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
创建与管理service:
将pod创建完成后,访问该pod内的服务只能在集群内部通过pod的的地址去访问该服务;当该pod出现故障后,该pod的控制器会重新创建一个包括该服务的pod,此时访问该服务须要获取该服务所在的新的pod的地址去访问。对此,可以创建一个service,当新的pod的创建完成后,service会通过pod的label连接到该服务,只需通过service即可访问该服务。
#删除当前的pod:
[root@master ~]# kubectl delete pod nginx-test-7fd67d86fd-mbpck
pod "nginx-test-7fd67d86fd-mbpck" deleted
# 删除pod后,查看pod信息时发现有创建了一个新的pod
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-7fd67d86fd-lq282 1/1 Running 0 10s 10.244.1.3 node1 <none> <none>
nginx-test1 1/1 Running 0 13m 10.244.1.2 node1 <none> <none>
# 创建service,并将包含nginx-test的标签加入进来
service的创建是通过”kubectl expose”命令来创建。该命令的具体用法可以通过” kubectl expose --help”查看。Service创建完成后,通过service地址访问pod中的服务依然只能通过集群内部的地址去访问。
~]# kubectl expose deployment nginx-test --name=nginx --port=80 --target-port=80 --protocol=TCP
service/nginx exposed
查看创建的service
~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 13h
nginx ClusterIP 10.110.225.133 <none> 80/TCP 2m49s
此时就可以直接通过service地址访问nginx,pod被删除重新创建后,依然可以通过service访问pod中的服务。
~]# curl 10.110.225.133
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
通过service的名称去访问该service下的pod中的服务Service被创建后,通过service的名称去访问该service下的pod中的服务,但前提是,需要配置dns地址为core dns服务的地址;新建的pod中的DNS的地址为都为core DNS的地址;可以新建一个pod客户端完成测试。
查看coredns的地址
~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 14h
新建一个pod客户端
[root@master /]# kubectl run --generator=run-pod/v1 dig --rm -it --image=docker.io/azukiapp/dig /bin/sh
查看pod中容器的dns地址
/ # cat /etc/resolv.conf
nameserver 10.96.0.10
不同的service选择不同的pod是通过pod标签来管理的,pod标签是在创建pod时指定的,service管理的标签也是在创建service时指定的。一个service管理的标签及pod的标签都可以通过命令查看。
查看名称为nginx的service管理的标签以及其他信息
~]# kubectl describe svc nginx
Name: nginx
Namespace: default
Labels: run=nginx-test
Annotations: <none>#
Selector: run=nginx-test
Type: ClusterIP
IP: 10.110.225.133
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.2.3:80
Session Affinity: None
Events: <none>
查看pod的标签
~]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
client 1/1 Running 0 21m run=client
nginx-test-5bbfddf46b-w56l5 1/1 Running 0 41m pod-template-hash=5bbfddf46b,run=nginx-test
coredns服务对service名称的解析是实时的,在service被重新创建后或者修改service的ip地址后,依然可以通过service名称访问pod中的服务。
删除并重新创建一个名称为nginx的service
~]# kubectl delete svc nginx
service "nginx" deleted
~]# kubectl expose deployment nginx-test --name=nginx
service/nginx exposed
获取新创建的service的IP地址
~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
nginx ClusterIP 10.98.192.150 <none> 80/TCP 9s
pod的扩展与缩减
Pod创建完成后,当服务的访问量过大时,可以对pod的进行扩展让pod中的服务处理更多的请求;当访问量减小时,可以缩减pod数量,以节约资源。 这些操作都可以在线完成,并不会影响现有的服务。
扩展pod数量
~]# kubectl scale --replicas=5 deployment nginx-test
deployment.extensions/nginx-test scaled
查看扩展后的pod
~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
client 1/1 Running 0 59m
nginx-test-5bbfddf46b-6kw49 1/1 Running 0 44s
nginx-test-5bbfddf46b-k6jh7 1/1 Running 0 44s
nginx-test-5bbfddf46b-pswmp 1/1 Running 1 9m19s
nginx-test-5bbfddf46b-w56l5 1/1 Running 1 79m
nginx-test-5bbfddf46b-wwtwz 1/1 Running 0 44s
缩减pod的数量为2个
~]# kubectl scale --replicas=2 deployment nginx-test
deployment.extensions/nginx-test scaled
服务的在线升级与回滚
在kubernetes服务中部署完服务后,对服务的升级可以在线完成,升级出问题后,也可以在线完成回滚。
查看pod的名称及pod详细信息
~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-test-5bbfddf46b-6kw49 1/1 Running 0 32m
……
查看pod详细信息
~]# kubectl describe pods nginx-test-5bbfddf46b-6kw49
Name: nginx-test-5bbfddf46b-6kw49
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: node02.dayi123.com/192.168.16.172~]# kubectl describe pods nginx-test-5bbfddf46b-6kw49
Name: nginx-test-5bbfddf46b-6kw49
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: node02.dayi123.com/192.168.16.172
Start Time: Tue, 25 Dec 2018 15:59:35 +0800
Labels: pod-template-hash=5bbfddf46b
run=nginx-test
Annotations: <none>
Status: Running
IP: 10.244.2.8
Controlled By: ReplicaSet/nginx-test-5bbfddf46b
Containers:
nginx-test:
Container ID: docker://5537c32a16b1dea8104b32379f1174585e~]# kubectl describe pods nginx-test-5bbfddf46b-6kw49
Name: nginx-test-5bbfddf46b-6kw49
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: node02.dayi123.com/192.168.16.172~]# kubectl describe pods nginx-test-5bbfddf46b-6kw49
Name: nginx-test-5bbfddf46b-6kw49
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: node02.dayi123.com/192.168.16.172
Start Time: Tue, 25 Dec 2018 15:59:35 +0800
Labels: pod-template-hash=5bbfddf46b
run=nginx-test
Annotations: <none>
Status: Running
IP: 10.244.2.8
Controlled By: ReplicaSet/nginx-test-5bbfddf46b
Containers:
nginx-test:
Container ID: docker://5537c32a16b1dea8104b32379f1174585e
……
为了验证更加明显,更新时将nginx替换为httpd服务
~]# kubectl set image deployment nginx-test nginx-test=httpd:2.4-alpine
deployment.extensions/nginx-test image updated
实时查看更新过程
~]# kubectl get deployment -w
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-test 4/5 5 4 5h36m
nginx-test 3/5 5 3 5h37m
nginx-test 4/5 5 4 5h38m
nginx-test 5/5 5 5 5h38m
nginx-test 5/5 5 5 5h38m
nginx-test 4/5 5 4 5h38m
nginx-test 5/5 5 5 5h38m
更新完成后在客户端验证
/ # wget -O - -q nginx
<html><body><h1>It works!</h1></body></html>
通过kubernetes节点验证
~]# curl 10.98.192.150
<html><body><h1>It works!</h1></body></html>
更新后回滚为原来的nginx
~]# kubectl rollout undo deployment nginx-test
deployment.extensions/nginx-test rolled back
实时查看回滚的进度
~]# kubectl get deployment -w
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-test 4/5 5 4 5h48m
nginx-test 5/5 5 5 5h48m
nginx-test 5/5 5 5 5h48m
nginx-test 4/5 5 4 5h48m
回滚完成后验证
~]# curl 10.98.192.150
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
让节点外部客户能够通过service访问pod中服务,创建好pod及service后,无论是通过pod地址及service地址在集群外部都无法访问pod中的服务;如果想要在集群外部访问pod中的服务,需要修改service的类型为NodePort,修改后会自动在ipvs中添加nat规则,此时就可以通过node节点地址访问pod中的服务。
编辑配置文件
~]# kubectl edit svc nginx
. . . . . .
spec:
clusterIP: 10.98.192.150
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: nginx-test
sessionAffinity: None
type: NodePort
配置完成后查看node节点监听的端口
~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 1703/kubelet
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 100485/kube-proxy
tcp 0 0 127.0.0.1:41101 0.0.0.0:* LISTEN 1703/kubelet
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 849/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 937/master
tcp6 0 0 :::10250 :::* LISTEN 1703/kubelet
tcp6 0 0 :::31438 :::* LISTEN 100485/kube-proxy
修改完配置后,查看node节点监听的端口发现多了31438端口,在外部可以通过node节点的地址及该端口访问pod内的服务。