11. to build a complete cluster Kubernetes
1. kubectl follow the principle of command classification (focus)
Syntax 1:
kubectl
动作类具体的对象E.g:
""" kubectl describe node master describe 描述,相当于语法中的动作 node node资源,相当于语法中的类,对某一类资源的统称 master node资源中的一个叫master资源,相当于语法中的具体对象 """Syntax 2:
kubectl
动作类大范围参数细化参数...E.g:
""" kubectl get pods -n kube-system -o wide -n 表示 namespace(命名空间) kube-system 表示 多个命名空间中的一个命名空间 -o wide 更加全面的展示信息 """
2. Master node through what techniques to limit the user does not allow users to run their own pod of?
By default, the Master node is not allowed to run the user's Pod. And Kubernetes do this, rely on Kubernetes of Taint / Toleration mechanism .
Its principle is very simple: Once a node is added a Taint (stain), namely "marked stain", all Pod will not run on this node, since Kubernetes the Pod has "over the top" .
Unless, there are individual Pod statement that he can "tolerate" the "stain" that declares Toleration, it can run on this node.
Among them, the node marked "tainted" (Taint) command is:
kubectl taint nodes node1 foo=bar:NoScheduleAt this time, a key-value will increase Taint format of the node node1, namely: foo = bar: NoSchedule. Where the value inside NoSchedule, means that the Taint will only have an effect when scheduling a new Pod, without affecting the already running on node1 the Pod, even if they do not Toleration.
So how Pod statement Toleration it?
As long as we are part of the spec file .yaml in the Pod, adding tolerations field to:
apiVersion: v1 kind: Pod ... spec: tolerations: - key: "foo" operator: "Equal" value: "bar" effect: "NoSchedule"Toleration meaning of this is that this Pod can "tolerate" All key-value pair foo = bar the Taint (operator: "Equal", "equal" operation).
Now back to the cluster that we have built up. Then, if you check through kubectl describe what Master node Taint field, it will be found that:
$ kubectl describe node master Name: master Roles: master Taints: node-role.kubernetes.io/master:NoScheduleYou see, Master node is added by default
node-role.kubernetes.io/master:NoSchedulesuch a "stain", where "bond"node-role.kubernetes.io/master, but does not provide a "value"At this point, you need to like this with "Exists" operator (operator: "Exists", "existence" can) to illustrate the Pod able to tolerate all the foo is key Taint, to make this run in the Pod Master node:
apiVersion: v1 kind: Pod ... spec: tolerations: - key: "foo" operator: "Exists" effect: "NoSchedule"Of course, if you just want Kubernetes a single node, delete the Taint is the right choice :
$ kubectl taint nodes --all node-role.kubernetes.io/master-As shown above, we are in the "
node-role.kubernetes.io/master" key behind this added a dash "-" , this format means that in order to remove all "node-role.kubernetes.io/master" Taint is key