Overall structure
- The core element k8s
- etcd saves the state of the entire cluster;
- apiserver provides the only entrance resources operations, and to provide authentication, authorization, access control, API registration and discovery mechanisms;
- controller manager responsible for maintaining the state of the cluster, such as fault detection, automatic extension, rollover, etc.;
- scheduler is responsible for scheduling resources according to a predetermined scheduling policy to schedule the Pod corresponding machine;
- kubelet responsible for maintaining the life cycle of the container, it is also responsible for managing Volume (CVI) and network (CNI) of;
- Container runtime is responsible for image management and Pod and containers actually run (CRI);
- kube-proxy is responsible for internal cluster for the Service of service discovery and load balancing;
under
- In a real operating system, the process is not "lonely" run alone, but by way of a process group, "principled" organization together
- For example rsyslogd program, which is responsible for the Linux operating system's log processing. syslogd main program main, and use it to log kernel module imklog, etc., belong to the same process group 1632. These processes collaborate together to accomplish duties rsyslogd program.
- When thinking whether to put the service into a pod, you need to carefully consider if they are located on different machines, is working properly
- For example, a wordpress and a mysql should not be placed in the same pod
- wordpress is stateless, it may be more appropriate load through expansion, but we do not want at this time will be extended simultaneously mysql
- And two network communication service need not necessarily be on the same machine
- For example, a wordpress and a mysql should not be placed in the same pod
- Pod containers within the current shared file system and network Pod
- 这些容器之所以能够共享,是因为Pod中有一个Pause的根容器,其余的业务容器都是共享这个根容器的IP和Volume。所以这些容器之间都可以通过localhost进行通信
- 为什么要引入根容器这个概念?
- 因为如果没有根容器的话,当一个Pod中引入了多个容器的时候,我们应该用哪一个容器的状态来判断Pod的状态呢?所以才要引入与业务无关且不容易挂掉的Pause容器作为根容器,用根容器的状态来代表整个容器的状态
- Kubernetes 采用的是基于扁平地址空间的网络模型
- 集群中的每个 Pod 都有自己的 IP 地址,Pod 之间不需要配置 NAT 就能直接通信
- 同一个 Pod 中的容器共享 Pod 的 IP,能够通过 localhost 通信
Service
- 一旦Service被创建,K8S会为其分配一个集群内唯一的IP,叫做ClusterIP
- 在Service的整个生命周期中,ClusterIP不会发生变更
- 这样一来,就可以建立一个ClusterIP到服务名的DNS域名映射即可
- ClusterIP是一个虚拟的IP地址,无法被Ping,仅仅只限于在K8S的集群内使用
- Service对客户端,屏蔽了底层Pod的寻址的过程。并且由kube-proxy进程将对Service的请求转发到具体的Pod上,具体到哪一个,由具体的调度算法决定。这样以来,就实现了负载均衡
- 外网访问service需要声明NodePort或者loadbalancer
Deployment
volume
- emptyDir
- 是host上的一个空目录
- 生存周期与pod一致
- 适合 Pod 中的容器需要临时共享存储空间的场景
- hostPath
- 挂载host上指定目录
- 生存周期与host一致
参考
