container
Before understanding Kubernetes, let us first understand a container.
If you do not understand because the vessel would not be able to talk container arrangement.
A container is ... you stuffed all material containers.
"Material" refers to your application code, dependencies, and until the kernel dependencies.
The key concept is isolation , to isolate you from these materials, in order to better control them.
Container provides three types of isolation:
- Workspace isolation (process, network)
- Resource isolation (CPU, memory)
- File System Isolation
Container may be understood as a diet VM, it having barrier properties, but very streamlined container, small size, fast start.
VM operating system in turn is mounted on a plurality of operating systems, the VM naturally isolated.
The container is Linux through cgroupto achieve a kind of isolation VM, you do not need to install the operating system.
When to use Kubernetes?
Container is fine, why Kubernetes such containers coordinator do?
If you reached this figure status, you need him, there are too many to manage a container.
Q: I am in front of a container where is it? How many running?
A: hard to say, ah, it quickly using the container arrangement.
Q: How can I make the front-end and back-end communication container vessel newly created?
A: I can be hard-coded IP, or using a vessel arrangement.
Q: How do rolling upgrades?
A: You can manually control every step, or, to use a container arrangement.
Kubernetes architecture
Each Kubernetes cluster has two types of nodes: master and worker.
master control and monitor the work of the cluster worker.
- master's constitution
etcd: as a database, all kubernetes objects, current status, access to information, the cluster configuration information ......, there is this.
API Server: endpoint components on the master and worker exposure cluster operations require access api servrer, in order to complete their work.
Scheduler : 调度程序,负责决定哪个工作由哪个机器干。
Control Manager : 控制管理器,监视集群的状态(通过调用API服务器来获取此数据)并采取措施将其置于预期状态。
- worker 的构成
kubelet : worker 节点的核心,与 master 的 api server 沟通,运行调度到本节点的容器。
kube Proxy : 使用 IP表/ IPVS 处理Pod的网络需求。
Pod : kubernetes 运行容器的主力,提供了容器间联网的能力。
一个 pod 中可以有多个容器,这些容器中的应用互相间都视为本地。
pod 的网络接口提供了一个机制,使其可以与本节点或其他节点上的 pod 进行网络连接。
每个 pod 都会被指定一个 IP,kube-proxy将使用该IP地址来路由流量,而且此IP地址仅在群集中可见。
一个 pod 中挂载的数据卷可以被所有容器看到,例如,你的 APP 是一个图片上传应用,把图片保存在一个数据卷中,同一个 pod 中的其他容器可以监控这个数据卷,发现有新图片时,就开始处理,例如缩放多个尺寸的图片、上传到云存储。
Controller 控制器
kubernetes 中有很多控制器,例如 ReplicaSet, Replication Controllers, Deployments, StatefulSets, Service。
他们都是控制 pod 的对象,我们来看几个重点的控制器。
(1)ReplicaSet
主要职责是根据给定的 pod 创建副本。
如果一个 pod 挂了,这个控制器就会得到通知,立马创建一个新的。
(2)Deployment
使用 ReplicaSet 来管理副本。
提供了滚动升级的能力,扩展新的,缩减旧的。
(3)Service
像一个负载均衡器一样,像相应节点分派包。
可以跨 worker 节点构建一个 pod 组(通常是根据 pod 的标签)。
例如你的前端应用、后端应用,各自都有很多个实例在运行,前后端怎么沟通?
前端需要知道后端各个实例的访问地址,硬编码后端 IP 的方式显然不能用,那么就需要把后端实例组成一个 service,前端只需要访问这个 service,由 service 对其中的后端实例进行流量负载均衡转发。
(4)Ingress
Ingress(入口)控制器是和外部世界沟通的唯一入口。
外部世界通过 Ingress 与集群中的所有服务沟通。
就像是一个网关,方便我们在一个地方统一设置安全策略、监控、记录日志。
小结
翻译整理自:
https://medium.com/tarkalabs/know-kubernetes-pictorially-f6e6a0052dd0
推荐阅读:
