Kubernetes Quick Start
By studying this section, you can fully understand its role required a certificate of kubernetes https clusters, and resource types api territory kubernetes language, finally, I also added a couple of basic GET command, then you can Log on to the previous chapter we used cluster kubeadm created some of the query.
- Certificate Management
- API resource model
- API resource types
- Supplementary command
- Remark
Certificate Management
k8s running in a production environment, I strongly suggest that you run under https secure environment, its certificate can be divided into the following three categories:
root CA:
- apiserver: apiserver own certificate
- apiserver-kubelet-client: kubelet client connection client certificate when apiserver
etc.Her CA:
- etcd-server: etcd server certificate
- etcd-peer: etcd peer certificates, https for communication between the cluster ETCD
- Client Certificate etcd health check: etcd-healthcheck-client
- apiserver-etcd-client: apiserver connecting the client certificate ETCD
front-proxy CA:
- front-proxyserver-client: apiserver (Aggregator The Aggregator) to the front end of the client certificate
You need to note that:
1) K8S cluster certificate default validity period is 90 days, you have two ways to adjust (modify go source file or a certificate signing request is generated statement, how do I edit my later chapters would say)
2) certificate expired time, you can go to the / etc / under kubernetes / pki directory, use the following command to view:
openssl x509 -in front-proxy-client.crt -noout -text |grep Not
Not Before: Nov 28 09:07:02 2018 GMT
Not After : Nov 25 09:07:03 2028 GMT
openssl x509 -in apiserver.crt -noout -text |grep Not
Not Before: Nov 28 09:07:04 2018 GMT
Not After : Nov 25 09:07:04 2028 GMTAPI resource model
RESTfulAPI的核心组件是“资源(resource)”,不同类别的事物会被抽象会不同“类型(type)”的资源。
k8s中的资源也类似于对象式编程语言中的“类"(class),但它仅支持有限的方法,而且通常是标准的HTTP方法,例如:GET、PUT、POST和DELETE;此时,你应该可以联想到常用的基础命令kubelet:
kubectl get pod
kubectl delete node
...- 为了便于独立进行版本演进,Kubernetes将API划分为了称为“API群组”的逻辑集合,每个群组的REST路径为“/apis/$GROUP_NAME/$VERSION”,例如/apis/apps/v1;
- 核心群组core使用简化的REST路径/api/v1;
- 同时,每个群组可同时存在多个不同级别的版本,主要包括alpha、beta和stable三个,使用的级别标识如v1alpha1、v1beta2和v1等。
你可以通过api-versions命令查询当前所支持的API版本:
[root@k8s-etcd-mater01 cds-filesystem]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1API资源类型
如图所示,Kubernetes系统把管理的绝大多数事物都抽象成了资源,它们分别代表着不同的事物类型,例如:Node、Service、Pod、Controller等等
- 每种类型均可通过“属性赋值”进行实例化,从而构建出“对象(object);
- 对象主要用于描述要在集群中运行的“应用程序(Pod)”,以及应用程序相关的控制(controllers)、配置(ConfigMap和Secret)、服务暴露(Service和Ingress)、存储(Volume)等;
- 用户使用这些对象来规划、部署、配置、维护和监控应用程序并记录运行日志;
- 每种类型的资源对象都支持相应的一组方法(管理操作),它们可用标准的HTTP Verb进行表示,例如:GET、PUT、DELETE和POST等。
命令补充
获取集群资源列表:
kubectl api-resources
获取命名空间:
kubectl get ns
创建deployment:
kubectl create deployment ngx-new --image=nginx
查看service信息:
kubectl describe svc ngx-new
...备注
This article site is located in my Github , I will continue to update all topics come, including docker, k8s, ceph, istio and prometheus, designed to share in the large and native cloud technology knowledge and practical operation of the process, if useful to you Please follow, star my github, this is my updated power sharing go, thank you ~