Article Directory
foreword
This article is a series of k8s learning articles. It is a complete course (study notes) in series. This article records the resource management method of k8s and the specific management commands of the five types of resources. After reading this article, you can basically realize the basic operations of k8s. You can Deploy small projects independently.
Previous article link:
Build a kubernetes cluster environment from scratch (virtual machine/kubeadm mode)
1. Resource management of kubernetes
Summary: The core of learning kubernetes is to learn how toPod, Pod controller, Label, Service, storageand other resources to operate.
System resource view
You can view all resources in the system through kubectl api-resourcesthe command, as shown in the figure below, pay attention to the resource type abbreviation list, some of the resources operated by the kubectl command in this article use the abbreviated name, which is the same as the full name.
2. Resource management method
- Imperative object management: directly use commands to operate kubernetes resources
kubectl命令的语法如下:kubectl [命令] [资源类型] [资源名称] [参数]
If kubectl run nginx-pod --image=nginx:1.17.1 --port=80
there are many commands, the old rules, check the help kubectl--help
- Imperative object configuration: use command configuration and configuration files to operate kubernetes resources.
kubectl create/patch -f nginx-pod.yaml
nginx-pod.yaml is a specified configuration file. The specific content will be in the actual combat part later, so don’t worry - Declarative object configuration: operate kubernetes resources through apply commands and configuration files
kubectl apply -f nginx-pod.yaml
Question: At first glance, it seems that the latter two methods are difficult to distinguish. It is also to create a k8s resource. What is the difference between using kubectl create and using kubectl apply?
There are two differences:
(1) The kubectl create command can create new resources. So if you run the command again, an error will be thrown because the resource name is unique within the namespace.
(2) The kubectl apply command applies the configuration to resources. If the resource is not there then it will be created. The kubectl apply command can be run for the second time, and if the resource exists, it will be updated, which is equivalent to the kubectl patch operation
Of the above three resource management methods, imperative object management directly operates resource objects, which is suitable for test environments and is easy to operate, but it can only operate active objects and is difficult to audit and track; imperative object configuration operations correspond to configuration files, which can be audited and tracked, but Configuration file management is troublesome when the project is large; declarative object configuration supports directory operations, but it is not easy to debug in unexpected situations.
(没关系,这里只是学习原理,生产环境还是界面管理工具的,比如我公司用的kuboard)
3. Resource management practice
3.1 Namespace
Namespace resources in the k8s system are used to implement resource isolation of multiple environments or resource isolation of multi-tenants . By default, all Pod resources in the k8s cluster are mutually accessible, but in practice, if you do not want two Pods to interfere with each other, you can divide the two Pods into different namespaces.
k8s allocates resources within the cluster to different namespaces to form logical "groups", so that resources of different groups can be used and managed in isolation. If different Namespaces are assigned to different tenants for management, multi-tenant resource isolation is achieved. At this time, the resource quota mechanism of kubernetes can also be combined to limit the resources that different tenants can occupy, such as CPU usage, memory usage, etc., to realize the management of tenants' available resources.
After the cluster is started, kubernetes will create several namespaces by default. View the command as shown in the figure below:
- Imperative object management, command examples are as follows:
kubectl get namespace #查看所有的命名空间,同kubectl get ns
kubectl get namespace default #查看指定的命名空间default
kubectl get ns default -o wide #指定命名空间的输出格式,还有-o json,-o yaml格式
kubectl describe namespace default #查看default命名空间的详情
kubectl create namespace dev #创建命名空间
kubectl delete ns dev #删除命名空间
- The imperative object configuration is as follows:
Create a new ns-dev.yaml configuration file with the following content:
apiVersion: v1
kind: Namespace
metadata:
name: dev
Creation and deletion via imperative object configuration
kubectl create -f ns-dev.yaml
kubectl delete -f ns-dev.yaml
3.2 Pod
Pod is the smallest unit for management of kubernetes cluster. It can be considered as the packaging of containers. One or more containers can exist in a Pod. After the kubernetes cluster is started, each component in the cluster also runs as a Pod, which can be viewed by the following command:
- Imperative object management, application examples are as follows:
kubectl run (Pod的名称) [参数] #创建并运行Pod,如kubectl run nginx --image=nginx:1.17.1 --port=80 --namespace=dev
# --image 指定Pod的镜像
# --port 指定端口
# --namespace 指定namespace
kubectl get pods -n dev #查询名称为dev的namespace下的所有Pod的基本信息
kubectl describe pod nginx -n dev #查看名称为dev的namespace下的Pod的名称为nginx的详细信息
kubectl get pods [-n dev] -o wide #可以查询到Pod的IP
curl 10.244.2.7:80 #访问Nginx的Pod,ip每次都先查询一下,可能发生变化
kubectl delete pod nginx -n dev #删除Nginx的Pod
- The imperative object configuration method is only different in the content of the configuration file, and the commands are the same, so they are not listed here (you can find them here, and they will be explained in detail in subsequent articles):
3.3 Label
The role of Label is to add identification to resources to distinguish and select them. Multi-dimensional grouping of resources can be realized through Label, so that resource allocation, scheduling, configuration and deployment can be managed flexibly and conveniently.
Label features:
- A Label will be attached to various objects in the form of key/value pairs, such as Node, Pod, Service, etc.
- A resource object can define any number of Labels, and the same Label can also be added to any number of resource objects.
- Label is usually determined when the resource object is defined, and can also be dynamically added or deleted after the object is created.
Examples of commonly used Label tags are as follows:
● Version label: "version":"release","version":"stable". . .
● Environment label: "environment":"dev", "environment":"test", "environment":"pro"
● Architecture label: "tier":"frontend", "tier":"backend". . .
After the label is defined, it is necessary to consider how to select the required resources through the label. This requires the use of the Label Selector. There are currently two screening methods:
- Label Selector based on equality, such as name=slave or env!=production.
- Set-based Label Selector, such as name in (master,slave) or name not in (master,slave)
Notice:
标签等号后面的值加不加引号都行; 标签的选择条件可以使用多个,此时将多个Label Selector进行组合,使用逗号(,)进行分隔即可
Grammar and application examples
kubectl label pod nginx version=1.0 -n dev #为名称Nginx的Pod资源打上标签version=1.0
kubectl label pod xxx key=value [-n 命名空间] --overwrite #如果标签key已经存在,加--overwrite参数更新资源的标签
kubectl get pod nginx -n dev --show-labels #显示Nginx的Pod的标签
kubectl get pod -l version=2.0 -n dev --show-labels #筛选版本号是2.0的在名称为dev的namespace下的Pod
kubectl label pod xxx key- [-n 命名空间] #删除标签 key减号
3.4 Deployment
In kubernetes, pod is the smallest control unit, but kubernetes seldom directly controls pods, usually through the pod controller. Deployment is a Pod controller, which is used for Pod management to ensure that Pod resources meet the expected state. When Pod resources fail, it will try to restart or rebuild Pod.
There are many types of Pod controllers in kubernetes, and this chapter only introduces one: Deployment.
Grammar and application examples
kubectl create deployment nginx --image=nginx:1.17.1 -n dev #为e名称Nginx的Pod资源打上标签version=1.0
kubectl scale deployment nginx --replicas=4 -n dev #在名称为test的命名空间下根据名为nginx的deployment创建3个Pod
kubectl get deployment -n dev #查看名称为dev的namespace下的deployment信息
kubectl describe deployment nginx -n dev #查看deployment的详细信息
kubectl delete deployment nginx -n dev #删除名为nginx的deployment
Little knowledge 1: kubectl run nginx --image=nginx --replicas=2 --port=80, create a deployment named nginx, the new version may feedback Flag --replicas has been deprecated, has no effect and will be removed in the future, and only one Nginx container instance will be created.
Tip 2: kubectl run nginx --image=nginx --replicas=2 --port=80Create a deployment named nginx. The deployment generates the corresponding pod resource by default. If you delete the Pod, the deployment will try to create a new Pod. This feature is also deleted in the new version, delete it directly Pod can be deleted successfully.
3.5 Service
Kubernetes designed Service to solve the problem of external environment accessing container resources. Pod resources can provide high-availability services. Although each Pod will be assigned a separate IP address, the Pod's IP will change as the Pod is rebuilt, and the Pod's IP is only a virtual IP visible inside the cluster. Inaccessible.
Service can be regarded as the external access interface of a group of Pods of the same type. With the help of Service, applications can easily realize service discovery and load balancing.
3.5.1 Create a Service accessible within the cluster
grammar:
kubectl expose deployment xxx --name=service name --type=ClusterIP --port=exposed port --target-port=port pointing to the Pod in the cluster [-n namespace] #–type=ClusterIP
will generate a CLUSTER -IP, this is the IP of the service, this address will not change during the life cycle of the Service
#暴露名为dev的namespace下的名为nginx的deployment,并设置服务名为svc-nginx
kubectl expose deployment nginx --name=svc-nginx --type=ClusterIP --port=80 --target-port=80 -n dev
#访问service的80端口,转发到Pod的80端口
kubectl get service -n dev #查看名为dev的命名空间的所有Service
curl ip:80 #在集群内通过master节点ip可以访问部署的nginx服务
3.5.2 Create a Service accessible from outside the cluster
grammar:
kubectl expose deployment xxx --name=service name --type=NodePort --port=exposed port --target-port=port pointing to the Pod in the cluster [-n namespace] #–type=NodePort parameter will generate
a Service that can also be accessed externally,
#例:暴露名为test的namespace下的名为nginx的deployment,并设置服务名为svc-nginx-1
kubectl expose deploy nginx --name=svc-nginx-1 --type=NodePort --port=80 --target-port=80 -n dev
At this point, the external environment can be accessed through the IP of the master node. The port query method is as follows:
Summary: The above are the basic operations of Namespace/Pod/Deployment/Service resources of kubernetes. After learning these operations, you can implement simple deployment and access of a service in the cluster. But if you want to use k8s better, you need to study the details and principles of these resources in depth.