Kubernetes(K8s)(三)——kubectl命令
2023-09-11 14:17:21 时间
k8s中文社区文档:http://docs.kubernetes.org.cn/
k8s中文社区YAML:https://www.kubernetes.org.cn/1414.html
(1).kubectl概述
kubectl是Kubernetes集群的命令行工具,通过kubectl能够对集群本身进行管理,并能够在集群上进行容器化应用的安装部署。
(2).语法说明
语法:kubectl [操作命令] [资源类型] [资源名称] [可选参数]
操作命令:指对一个或多个资源执行的操作。
资源类型:资源类型不区分大小写,可指定单数、复数或缩写形式。
资源名称:资源名称区分大小写,如果省略则显示所有资源的详细信息。
在指定多个资源执行操作时,可以按资源类型和资源名称指定每个资源,或指定一个或多个模板文件。在按资源类型和资源名称指定资源时,可以对同一资源类型的资源进行分类(例如:kubectl get pod example-pod1 example-pod2),也可以分别指定多个资源类型。在指定一个或多个模板文件时,使用yaml格式而不是json格式,因为yaml格式更易于使用,特别是配置文件。
可选参数:指定的可选参数会覆盖默认值和相应的环境变量。
完整内容请看:https://kubernetes.io/zh/docs/reference/kubectl/overview/
(3).yaml语法规则
YAML特别适合用来表达或编辑数据结构、各种配置文件、倾印调试内容、文件大纲(例如:许多电子邮件标题格式和YAML非常接近),YAML 的配置文件后缀为.yml,例如:example.yml。
1)yaml配置文件常见单词
kind:类型;apiVersion:API版本;metadata:元数据;spec:规格,说明书(定义具体参数);replicas:副本;selector:选择器;template:模板;
2)基本语法规则
1、大小写敏感(区分大小写);
2、使用缩进表示层级;
3、缩进时不允许使用<Tab>键,只能使用空格;
4、缩进空格数目不重要,只要相同层级的元素左对齐即可;
5、#表示注释;
6、在yaml里,连续的项目(如:数组元素、集合元素)通过减号"-"来表示,map结构里的键值对(key/value)用冒号":"来分隔。
3)数据结构
YAML支持三种数据结构:对象、数组、纯量。
对象:键值对的集合,又称为映射(mapping)/ 哈希(hashes) / 字典(dictionary)
数组:一组按次序排列的值,又称为序列(sequence) / 列表(list)
纯量(scalars):单个的、不可再分的值
4)对象
对象的键值对使用冒号结构表示[key]: [value],冒号后存在一个空格。例如:
key: value
也可以将所有键值对写成行内对象,例如:
key: {child-key1: value1,child-key2: value2}
或
key:
child-key1: value1
child-key2: value2
较为复杂的对象格式,可以用问号加空格表示一个复杂的key开始,用冒号加空格表示一个复杂的value开始。例如:
?
- complexkey1
- complexkey2
:
- complexvalue1
- complexvalue2
该对象的属性是一个数组,该对象的值也是一个数组。
5)数组
一组以减号(连词线)"-"开头的行构成一个数组。例如:
- A - B - C
支持多维数组,可以使用行内表示:
key: [value1,value2,value3...]
如果不想有key,那么就如下:
-
- A
- B
- C
最后举一个对象与数组的复杂例子,如下:
OS:
-
id: 1
name: CentOS
version: 7.5
-
id: 2
name: Windows
version: 7
也可以写成流式,如下:
OS: [{id: 1,name: CentOS,version: 7.5},{id: 2,name: Windows,version: 7}]
6)复合结构
符合结构就是对象和数组的混合使用,数组中也有一个例子。这里再写一个例子,并与json格式进行对比
YAML格式:
languages: - Ruby - Perl - Python websites: YAML: yaml.org Ruby: ruby-lang.org Python: python.org Perl: use.perl.org
JSON格式:
{
languages: [ 'Ruby', 'Perl', 'Python'],
websites: {
YAML: 'yaml.org',
Ruby: 'ruby-lang.org',
Python: 'python.org',
Perl: 'use.perl.org'
}
}
7)纯量
纯量是指最基本的,不可再分的值。包括:字符串、布尔值、整数、浮点数、Null、时间和日期。
一个例子直接带过,如下:
boolean:
- TRUE #true,True都可以
- FALSE #false,False都可以
float:
- 3.14
- 6.8523015e+5 #可以使用科学计数法
int:
- 123
- 0b1010_0111_0100_1010_1110 #二进制表示
null:
nodeName: 'node'
parent: ~ #使用~表示null
string:
- 哈哈
- 'Hello world' #可以使用双引号或者单引号包裹字符串
- newline
newline2 #字符串可以拆成多行,换行符会被转化成一个空格
date:
- 2018-02-17 #日期必须使用ISO 8601格式,即yyyy-MM-dd
datetime:
- 2018-02-17T15:02:31+08:00 #时间使用ISO 8601格式,时间和日期之间使用T连接,最后使用+代表时区
8)引用
"& [别名]"建立引用内容,并设置别名;"<<"合并到当前数据;": [别名]"通过别名引用内容。
举一个较为复杂的例子:
defaults: &defaults adapter: postgres host: localhost development: database: myapp_development <<: *defaults test: database: myapp_test <<: *defaults
完全展开,相当于:
defaults: adapter: postgres host: localhost development: database: myapp_development adapter: postgres host: localhost test: database: myapp_test adapter: postgres host: localhost
觉得不好理解的,可以转换为流式进行理解。比如说:
defaults:
adapter: postgres
host: localhost
等同于:
defaults: {adapter: postgres,host: localhost}
那么
defaults: &defaults
adapter: postgres
host: localhost
就等同于:
defaults: &defaults {adapter: postgres,host: localhost}
是不是更好理解一点呢。
(4).常用命令
首先需要在两台node节点上配置docker加速器,然后下载一个centos镜像和一个k8s基础镜像(也可以从本地导入镜像)。说明:docker.io是指由Ubuntu维护的镜像。
# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://8mkqrctt.mirror.aliyuncs.com"]
}
EOF
# systemctl daemon-reload && systemctl restart docker
# docker search nginx
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/nginx Official build of Nginx. 12501 [OK]
docker.io docker.io/jwilder/nginx-proxy Automated Nginx reverse proxy for docker c... 1721 [OK]
docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable ... 753 [OK]
......
# docker pull docker.io/nginx #下载演示用镜像
Using default tag: latest
Trying to pull repository docker.io/library/nginx ...
latest: Pulling from docker.io/library/nginx
8ec398bc0356: Pull complete
dfb2a46f8c2c: Pull complete
b65031b6a2a5: Pull complete
Digest: sha256:8aa7f6a9585d908a63e5e418dc5d14ae7467d2e36e1ab4f0d8f9d059a3d071ce
Status: Downloaded newer image for docker.io/nginx:latest
# docker search registry.access.redhat.com/rhel7/pod-infrastructure #k8s基础镜像,可以提前下载。也可让k8s自动下载
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
redhat.com registry.access.redhat.com/rhel7/pod-infrastructure OpenShift Container Platform Infrastructur... 0
# docker pull registry.access.redhat.com/rhel7/pod-infrastructure
注意:如果没有提前下载registry.access.redhat.com/rhel7/pod-infrastructure这个k8s的基础镜像,那么在创建容器副本时会优先下载该镜像,并且查看pods状态时会一直处在ContainerCreating(容器创建中),此时只需等待k8s下载完该镜像即可。
1)kubectl run运行镜像实例
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [flags]
说明:--replicas是为此容器创建的副本数量。
在master上使用kubectl创建镜像实例,在创建过程中会自动生成deployment和pod来管理容器。说明:deployment(Deployment controller,部署控制器)为Pods和ReplicaSets(副本集合)提供声明性更新,即在部署对象中描述所需的状态,部署控制器将会在可控范围内将实际状态变更为所需状态。通过部署控制器可以创建新的副本,或删除现有副本,或回收资源重新创建新的副本。
[root@kube-master ~]# kubectl run nginx --image=docker.io/nginx --port=9000 --replicas=1 deployment "nginx" created [root@kube-master ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx 1 1 1 1 5s [root@kube-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-2187705812-qhrr1 1/1 Running 0 16s
pods的状态一般有四种:1、ContainerCreating,容器创建中;2、ImagePullBackOff,从后端(docker镜像站)把镜像拉取到本地时断开,建议本地镜像或阿里云加速器;3、Running,正在运行中;4、Terminating,终止,删除pod时的状态。
如果一直处在ContainerCreating或Terminating时,请检查所有node节点是否存在registry.access.redhat.com/rhel7/pod-infrastructure这个k8s基础镜像,没有也不用担心,等待k8s下载,就是时间会比较长。
创建完成后可以到node节点上使用docker命令查看一下,可以发现只启动了一个nginx镜像实例
#node1节点上没有启动实例 [root@kube-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES #node2节点上启动了 [root@kube-node2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 385b564f1765 docker.io/nginx "nginx -g 'daemon ..." 38 minutes ago Up 38 minutes k8s_nginx.92d20176_nginx-2187705812-qhrr1_default_06a3ebf9-3a64-11ea-af25-000c29d2651b_b37ddfc8 ff7ef18731c5 registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" 38 minutes ago Up 38 minutes k8s_POD.17af0ba2_nginx-2187705812-qhrr1_default_06a3ebf9-3a64-11ea-af25-000c29d2651b_95f2d0df
2020.2.17补充:namespce、deployment、replicaset、pod四者之间的关系。看几个获取信息,应该就很好理解了。
#第一个,获取四者存在的名称
[root@kube-master ~]# kubectl get namespace
NAME STATUS AGE
default Active 33d
kube-system Active 33d
[root@kube-master ~]# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx 1 1 1 1 27d
[root@kube-master ~]# kubectl get replicaset
NAME DESIRED CURRENT READY AGE
nginx-2187705812 1 1 1 27d
[root@kube-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-2187705812-cbb2s 1/1 Running 1 27d
#第二个,获取四者的详细信息
[root@kube-master ~]# kubectl describe pod nginx-2187705812-cbb2s
Name: nginx-2187705812-cbb2s #pod的名称
Namespace: default #所属命名空间
Node: kube-node2/192.168.128.112
Start Time: Mon, 20 Jan 2020 13:14:29 +0800
Labels: pod-template-hash=2187705812
run=nginx
Status: Running
IP: 10.255.21.2
Controllers: ReplicaSet/nginx-2187705812 #所属的副本控制器(新版本中的名称,RC变为RS)
Containers:
nginx:
Container ID: docker://4a15ef334ee88704a182982ea5d7b241b0b76f5a5df293660828696c3c71eb75
Image: docker.io/nginx
Image ID: docker-pullable://docker.io/nginx@sha256:ad5552c786f128e389a0263104ae39f3d3c7895579d45ae716f528185b36bc6f
Port: 9000/TCP
State: Running
Started: Mon, 17 Feb 2020 09:50:44 +0800
Ready: True
Restart Count: 1
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
No events.
[root@kube-master ~]# kubectl describe replicaset nginx-2187705812
Name: nginx-2187705812 #副本控制器的名称
Namespace: default #所属命名空间
Image(s): docker.io/nginx
Selector: pod-template-hash=2187705812,run=nginx
Labels: pod-template-hash=2187705812
run=nginx
Replicas: 1 current / 1 desired
Pods Status: 1 Running / 0 Waiting / 0 Succeeded / 0 Failed
No volumes.
No events.
[root@kube-master ~]# kubectl describe deployment nginx
Name: nginx #deployment的名称
Namespace: default #所属的命名空间
CreationTimestamp: Mon, 20 Jan 2020 13:14:29 +0800
Labels: run=nginx
Selector: run=nginx
Replicas: 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 1 max unavailable, 1 max surge
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-2187705812 (1/1 replicas created) #副本控制器
No events.
[root@kube-master ~]# kubectl describe namespace default
Name: default #命名空间名称
Labels: <none>
Status: Active
No resource quota.
No resource limits.
可以看到默认pod的名称是在replicaset名称的基础上创建,而replicaset名称又是在deployment名称基础上创建。
2)kubectl delete删除镜像实例
理论上来说,pod作为可以被操作的最小单元,删除镜像实例时应该删除pod。但是在实际操作过程中,想要删除镜像实例应该对deployment(部署控制器)镜像进行删除。因为deployment(部署控制器)其中一个功能就是声明副本数量和状态,当deployment内的pod被删除时,为了确保副本数量和状态不变,会自动生成行的副本。
演示如下:
#首先尝试删除pod [root@kube-master ~]# kubectl delete pod nginx-2187705812-qhrr1 pod "nginx-2187705812-qhrr1" deleted #立即查看pod,可以看到pod名称发生了变化,但还是存在的 [root@kube-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-2187705812-llnn1 0/1 ContainerCreating 0 6s #稍等一会儿,可以看下node节点上的docker实例 #node2节点上的镜像实例已经没有了 [root@kube-node2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES #在node1节点上生成了新的镜像实例 [root@kube-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5dab3629cd31 docker.io/nginx "nginx -g 'daemon ..." 29 seconds ago Up 28 seconds k8s_nginx.92d20176_nginx-2187705812-llnn1_default_bca68cc3-3a6b-11ea-af25-000c29d2651b_7ea84e24 bd8804d961e3 registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" 37 seconds ago Up 35 seconds k8s_POD.17af0ba2_nginx-2187705812-llnn1_default_bca68cc3-3a6b-11ea-af25-000c29d2651b_b885408b #然后删除deployment [root@kube-master ~]# kubectl delete deployment nginx deployment "nginx" deleted [root@kube-master ~]# kubectl get deployment No resources found. [root@kube-master ~]# kubectl get pods No resources found. #稍等一会儿到node节点上查看docker实例 #节点node1上的镜像实例已经没有了 [root@kube-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES #节点node2上也没有生成新的镜像实例 [root@kube-node2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3)kubectl create加载YAML文件生成deployment或pod
使用kubectl run在设定一个复杂需求时,需要使用非常长的语句,容易出错且无法保存。所以在这种情况下,一般会使用YAML或JSON文件。
制作deployment文件,用于创建或删除mysql资源。
[root@kube-master ~]# vim mysql-deployment.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata: #当前资源元数据(属性)(Deployment)
name: mysql #Deployment名称
spec: #当前资源内容详细定义(Deployment)
replicas: 1 #Pod副本期待数量
template: #Pod模板
metadata: #当前资源元数据(属性)(Pod)
labels: #标签
name: mysql
spec: #当前资源内容详细定义(Pod)
containers: #Pod中容器列表定义
- name: mysql #docker容器实例名称的一部分
image: docker.io/mysql/mysql-server #对应的Docker镜像
imagePullPolicy: IfNotPresent #镜像拉取策略,如果本地没有则下载
ports: #容器对外开放端口号
- containerPort: 3306 #容器对外开放端口号
protocol: TCP #协议类型
env: #环境变量
- name: MYSQL_ROOR_PASSWORD #这里设置的是mysql的root密码
value: "hello123"
根据YAML文件创建Deployment资源
#在节点上下载镜像或加载镜像 [root@kube-node1 ~]# docker pull docker.io/mysql/mysql-server Using default tag: latest Trying to pull repository docker.io/mysql/mysql-server ... latest: Pulling from docker.io/mysql/mysql-server c7127dfa6d78: Pull complete 530b30ab10d9: Pull complete 59c6388c2493: Pull complete cca3f8362bb0: Pull complete Digest: sha256:7cd104d6ff11f7e6a16087f88b1ce538bcb0126c048a60cd28632e7cf3dbe1b7 Status: Downloaded newer image for docker.io/mysql/mysql-server:latest [root@kube-node2 ~]# docker pull docker.io/mysql/mysql-server Using default tag: latest Trying to pull repository docker.io/mysql/mysql-server ... latest: Pulling from docker.io/mysql/mysql-server c7127dfa6d78: Pull complete 530b30ab10d9: Pull complete 59c6388c2493: Pull complete cca3f8362bb0: Pull complete Digest: sha256:7cd104d6ff11f7e6a16087f88b1ce538bcb0126c048a60cd28632e7cf3dbe1b7 Status: Downloaded newer image for docker.io/mysql/mysql-server:latest #使用YAML文件创建Deployment [root@kube-master ~]# kubectl create -f mysql-deployment.yaml deployment "mysql" created [root@kube-master ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE mysql 1 1 1 1 19s nginx 1 1 1 1 29d [root@kube-master ~]# kubectl get replicaset NAME DESIRED CURRENT READY AGE mysql-2118902952 1 1 1 32s nginx-2187705812 1 1 1 29d [root@kube-master ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-2118902952-q93x0 1/1 Running 0 38s nginx-2187705812-cbb2s 1/1 Running 2 29d
根据YAML文件删除Deployment资源
[root@kube-master ~]# kubectl delete -f mysql-deployment.yaml deployment "mysql" deleted [root@kube-master ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx 1 1 1 1 29d [root@kube-master ~]# kubectl get replicaset NAME DESIRED CURRENT READY AGE nginx-2187705812 1 1 1 29d [root@kube-master ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-2187705812-cbb2s 1/1 Running 2 29d
举例:当docker查看时的容器实例名称为k8s_mysql-1.694e284a_mysql-1683940614-fm6pf_default_57c24466-5222-11ea-90a6-000c29d2651b_ca0ad9f0,其中mysql-1是YAML中设置的容器实例的部分名称,mysql-1683940614-fm6pf为pod名称,default为所属命名空间。
4)kubectl get获取信息
kubectl get用的比较多,常用来获取当前k8s的一些基本信息,可以获取内容如下
[root@kube-master ~]# kubectl get certificatesigningrequest persistentvolumeclaim cluster pod clusterrole poddisruptionbudget clusterrolebinding podsecuritypolicy componentstatus podtemplate configmap replicaset cronjob replicationcontroller daemonset resourcequota deployment role endpoints rolebinding event secret horizontalpodautoscaler securitycontextconstraints ingress service job serviceaccount limitrange statefulset namespace status networkpolicy storageclass node thirdpartyresource persistentvolume thirdpartyresourcedata
5)kubectl describe获取详细信息
kubectl describe可以用于获取一个或多个对象的详细信息,如果没有指定对象,将返回该类型的所有对象详细信息。可以操作类型如下:
[root@kube-master ~]# kubectl describe certificatesigningrequest persistentvolume configmap persistentvolumeclaim cronjob pod daemonset poddisruptionbudget deployment replicaset endpoints replicationcontroller horizontalpodautoscaler resourcequota ingress secret job securitycontextconstraints limitrange service namespace serviceaccount networkpolicy statefulset node storageclass
6)kubectl logs查看pod中镜像日志
kubectl logs是排除故障时的重要信息来源(端口号10250)
[root@kube-master ~]# kubectl logs mysql-1683940614-fm6pf [Entrypoint] MySQL Docker Image 8.0.19-1.1.15 [Entrypoint] No password option specified for new database. [Entrypoint] A random onetime password will be generated. [Entrypoint] Initializing database 2020-02-18T07:43:25.144854Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.19) initializing of server in progress as process 22 2020-02-18T07:43:29.167752Z 5 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. [Entrypoint] Database initialized 2020-02-18T07:43:33.495646Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 70 2020-02-18T07:43:34.341561Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2020-02-18T07:43:34.395848Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/lib/mysql/mysql.sock' port: 0 MySQL Community Server - GPL. 2020-02-18T07:43:34.652186Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it. [Entrypoint] GENERATED ROOT PASSWORD: m0Nam=OGyDYD3hQowgibazQeRim [Entrypoint] ignoring /docker-entrypoint-initdb.d/* 2020-02-18T07:43:39.876989Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.19). 2020-02-18T07:43:41.794714Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.19) MySQL Community Server - GPL. [Entrypoint] Server shut down [Entrypoint] Setting root user as expired. Password will need to be changed before database can be used. [Entrypoint] MySQL init process done. Ready for start up. [Entrypoint] Starting MySQL 8.0.19-1.1.15 2020-02-18T07:43:42.235423Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 1 2020-02-18T07:43:42.988688Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2020-02-18T07:43:43.047254Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL. 2020-02-18T07:43:43.175377Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060
7)kubectl exec容器内执行命令
有两种使用方式,第一种方式直接跟随pod容器和命令,如下:
[root@kube-master ~]# kubectl exec mysql-1683940614-fm6pf cat /etc/my.cnf # For advice on how to change settings please see # http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html [mysqld] # # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin # # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. # join_buffer_size = 128M # sort_buffer_size = 2M # read_rnd_buffer_size = 2M # Remove leading # to revert to previous value for default_authentication_plugin, # this will increase compatibility with older clients. For background, see: # https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_default_authentication_plugin # default-authentication-plugin=mysql_native_password skip-host-cache skip-name-resolve datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock secure-file-priv=/var/lib/mysql-files user=mysql pid-file=/var/run/mysqld/mysqld.pid
第二种方式,使用-it选项进入到容器内部,再进行操作
[root@kube-master ~]# kubectl exec mysql-1683940614-fm6pf -it bash bash-4.2# ls bin etc lib64 proc sys boot healthcheck.cnf media root tmp dev healthcheck.sh mnt run usr docker-entrypoint-initdb.d home mysql-init-complete sbin var entrypoint.sh lib opt srv bash-4.2# exit exit
8)kubectl cp物理机与容器间拷贝
kubectl cp [Pod名称]:[容器内的绝对目录] [物理机的绝对目录],这是将容器内文件拷贝到物理机上。
kubectl cp [物理机的绝对目录] [Pod名称]:[容器内的绝对目录],这是将物理机上文件拷贝到容器内。
注意:在使用kubectl cp命令时,需要保证容器内存在tar工具
[root@kube-master ~]# kubectl exec mysql-1683940614-fm6pf -it bash bash-4.2# yum -y install tar ...... bash-4.2# exit exit #从物理机拷贝到容器中 [root@kube-master ~]# kubectl cp mysql-deployment.yaml mysql-1683940614-fm6pf:/ [root@kube-master ~]# kubectl exec mysql-1683940614-fm6pf -it bash bash-4.2# ls bin etc lib64 opt srv boot healthcheck.cnf media proc sys dev healthcheck.sh mnt root tmp docker-entrypoint-initdb.d home mysql-deployment.yaml run usr entrypoint.sh lib mysql-init-complete sbin var bash-4.2# ls /var/log/ mysqld.log tallylog yum.log bash-4.2# exit exit #从容器中拷贝到物理机上 [root@kube-master ~]# kubectl cp mysql-1683940614-fm6pf:/var/log/mysqld.log /root/ tar: Removing leading `/' from member names error: open /root: is a directory #需要指定文件名 [root@kube-master ~]# kubectl cp mysql-1683940614-fm6pf:/var/log/mysqld.log /root/mysqld.log tar: Removing leading `/' from member names [root@kube-master ~]# ls anaconda-ks.cfg example.yaml mysql-deployment.yaml mysqld.log
9)kubectl attach实时监测Pod容器
kubectl attach有些类似于tail -f [文件],实时查看文件的变化,当然这里查看的是日志文件。
[root@kube-master ~]# kubectl attach mysql-1683940614-fm6pf If you don't see a command prompt, try pressing enter. [Entrypoint] MySQL Docker Image 8.0.19-1.1.15 [Entrypoint] No password option specified for new database. [Entrypoint] A random onetime password will be generated. 2020-02-19T02:38:03.354513Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.19) initializing of server in progress as process 22 2020-02-19T02:38:09.595816Z 5 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. [Entrypoint] Initializing database 2020-02-19T02:38:15.425724Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 70 2020-02-19T02:38:17.312841Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2020-02-19T02:38:17.404453Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/lib/mysql/mysql.sock' port: 0 MySQL Community Server - GPL. [Entrypoint] Database initialized 2020-02-19T02:38:17.505308Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it. Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it. [Entrypoint] GENERATED ROOT PASSWORD: BUnMen@NIqjoSb@s^0cH@KD3GAK 2020-02-19T02:38:23.591510Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.19). [Entrypoint] ignoring /docker-entrypoint-initdb.d/* 2020-02-19T02:38:25.338584Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.19) MySQL Community Server - GPL. [Entrypoint] Server shut down [Entrypoint] Setting root user as expired. Password will need to be changed before database can be used. [Entrypoint] MySQL init process done. Ready for start up. [Entrypoint] Starting MySQL 8.0.19-1.1.15 2020-02-19T02:38:26.005956Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 1 2020-02-19T02:38:26.917802Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2020-02-19T02:38:26.978916Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL. 2020-02-19T02:38:27.019494Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock' bind-address: '::' port: 33060
10)kubectl管理集群中deployment资源和service服务
涉及到以下命令:
kubectl edit 使用默认编辑器编辑服务器上定义的资源
kubectl replace 使用配置文件或标准输入替换资源
kubectl patch 使用patch补丁修改、更新资源的字段
kubectl apply 使用配置文件或标准输入更改资源
kubectl scale 扩容或缩容 Deployment、ReplicaSet、Replication Controller或 Job 中Pod数量。scale也可以指定多个前提条件,如:当前副本数量或 --resource-version ,进行伸缩比例设置前,系统会先验证前提条件是否成立。
kubectl autoscale 使用autoscaler自动设置在k8s集群中运行的pod数量(水平自动伸缩)。指定Deployment、ReplicaSet或ReplicationController,并创建已经定义好资源的自动伸缩器。使用自动伸缩器可以根据需要自动增加或减少系统中部署的pod数量。
kubectl cordon 将节点标记为不可调度
kubectl uncordon 将节点标记为可以调度
kubectl drain 将节点标记为维护状态
清理一下存在的pod
[root@kube-master ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-1683940614-fm6pf 1/1 Running 1 23h nginx-2187705812-cbb2s 1/1 Running 3 30d [root@kube-master ~]# kubectl delete -f mysql-deployment.yaml deployment "mysql" deleted [root@kube-master ~]# kubectl delete deployment nginx deployment "nginx" deleted [root@kube-master ~]# kubectl get pod No resources found.
制作nginx-deployment.yaml资源文件和nginx-service.yaml服务配置文件
[root@kube-master ~]# vim nginx-deployment.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: nginx
spec:
replicas: 1
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: docker.io/nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
[root@kube-master ~]# vim nginx-service.yaml
kind: Service
apiVersion: v1
metadata:
name: nginx
spec:
type: NodePort
ports: #通过端口映射允许外部访问
- protocol: TCP #协议
port: 8081 #集群内部访问端口
nodePort: 31001 #节点(物理机)上的端口
targetPort: 80 #(容器)目标端口
selector:
name: nginx
通过这两个文件创建deployment和service,并查看
[root@kube-master ~]# kubectl create -f nginx-deployment.yaml deployment "nginx" created [root@kube-master ~]# kubectl create -f nginx-service.yaml service "nginx" created [root@kube-master ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx 1 1 1 1 14m [root@kube-master ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-1011335894-g18mm 1/1 Running 0 14m [root@kube-master ~]# kubectl get service NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.254.0.1 <none> 443/TCP 35d nginx 10.254.33.167 <nodes> 8081:31001/TCP 50s
注意:需要确保节点服务器开启转发功能
[root@kube-node1 ~]# vim /etc/sysctl.conf //这是永久开启转发功能 //添加或修改如下行 net.ipv4.ip_forward = 1 [root@kube-node1 ~]# sysctl -p //刷新使参数生效 net.ipv4.ip_forward = 1
接着就可以使用外网访问该服务了。
也测试一下Pod间访问
[root@kube-master ~]# kubectl create -f mysql-deployment.yaml
deployment "mysql" created
[root@kube-master ~]# kubectl exec mysql-1683940614-p700p -it bash
bash-4.2# curl 10.254.33.167:8081 #8081可以访问
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
bash-4.2# curl 10.254.33.167:80 #80不可以访问
curl: (7) Failed connect to 10.254.33.167:80; Connection timed out
bash-4.2# exit
exit
A.kubectl edit编辑器修改
[root@kube-master ~]# kubectl edit service nginx
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this f
ile will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2020-02-20T03:08:14Z
name: nginx
namespace: default
resourceVersion: "178017"
selfLink: /api/v1/namespaces/default/services/nginx
uid: 3bda3bd7-538e-11ea-b10c-000c29d2651b
spec:
clusterIP: 10.254.33.167
ports:
- nodePort: 31002 #修改外网端口
port: 8081
protocol: TCP
targetPort: 80
selector:
name: nginx
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
[root@kube-master ~]# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 36d
nginx 10.254.33.167 <nodes> 8081:31002/TCP 43m
外网查看
B.kubectl replace
[root@kube-master ~]# kubectl get service nginx -o yaml > nginx_replace.yaml
[root@kube-master ~]# vim nginx_replace.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2020-02-20T03:08:14Z
name: nginx
namespace: default
resourceVersion: "181141"
selfLink: /api/v1/namespaces/default/services/nginx
uid: 3bda3bd7-538e-11ea-b10c-000c29d2651b
spec:
clusterIP: 10.254.33.167
ports:
- nodePort: 31001 #注意,部分老版本是不能改回原来的IP地址的,否则会报错
port: 8081
protocol: TCP
targetPort: 80
selector:
name: nginx
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
[root@kube-master ~]# kubectl replace -f nginx_replace.yaml
service "nginx" replaced
[root@kube-master ~]# kubectl get service nginx
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx 10.254.33.167 <nodes> 8081:31001/TCP 3h
外网查看
C.kubectl patch
#更换镜像
[root@kube-master ~]# kubectl patch pod nginx-1011335894-g18mm -p '{"spec":{"containers":[{"name":"nginx","image":"docker.io/richarvey/nginx-php-fpm:latest"}]}}'
"nginx-1011335894-g18mm" patched
[root@kube-master ~]# kubectl describe pod nginx-1011335894-g18mm
Name: nginx-1011335894-g18mm
Namespace: default
Node: kube-node1/192.168.128.111
Start Time: Wed, 19 Feb 2020 16:30:06 +0800
Labels: name=nginx
pod-template-hash=1011335894
Status: Running
IP: 10.255.30.2
Controllers: ReplicaSet/nginx-1011335894
Containers:
nginx:
Container ID: docker://4b75f63c4235535c3ee2209cff5e0733d2a0a933f0fec0154599a05d8a496b2f
Image: docker.io/richarvey/nginx-php-fpm:latest
Image ID: docker-pullable://docker.io/richarvey/nginx-php-fpm@sha256:a312a923fe36bfb630621480a03a799285936cb90a143fbb76e9da29815c05dc
Port: 80/TCP
State: Running
Started: Thu, 20 Feb 2020 15:18:57 +0800
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 20 Feb 2020 09:02:18 +0800
Finished: Thu, 20 Feb 2020 15:16:22 +0800
Ready: True
Restart Count: 2
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
6m 6m 1 {kubelet kube-node1} spec.containers{nginx} Normal Killing Killing container with docker id 60052f3ed6fc: pod "nginx-1011335894-g18mm_default(08986775-52f2-11ea-a0eb-000c29d2651b)" container "nginx" hash changed (549914156 vs 3468627213), it will be killed and re-created.
6m 6m 1 {kubelet kube-node1} spec.containers{nginx} Normal Pulling pulling image "docker.io/richarvey/nginx-php-fpm:latest"
6h 4m 3 {kubelet kube-node1} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
4m 4m 1 {kubelet kube-node1} spec.containers{nginx} Normal Pulled Successfully pulled image "docker.io/richarvey/nginx-php-fpm:latest"
4m 4m 1 {kubelet kube-node1} spec.containers{nginx} Normal Created Created container with docker id 4b75f63c4235; Security:[seccomp=unconfined]
4m 4m 1 {kubelet kube-node1} spec.containers{nginx} Normal Started Started container with docker id 4b75f63c4235
#可以看到新的镜像可以使用php
[root@kube-master ~]# kubectl exec nginx-1011335894-g18mm -it bash
bash-5.0# php -v
PHP 7.4.2 (cli) (built: Jan 24 2020 07:18:03) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.2, Copyright (c), by Zend Technologies
外网查看一下
D.kubectl apply
[root@kube-master ~]# vim nginx-service.yaml
kind: Service
apiVersion: v1
metadata:
name: nginx
spec:
type: NodePort
ports:
- protocol: TCP
port: 8081
nodePort: 31003
targetPort: 80
selector:
name: nginx
[root@kube-master ~]# kubectl apply -f nginx-service.yaml
service "nginx" configured
[root@kube-master ~]# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 36d
nginx 10.254.33.167 <nodes> 8081:31003/TCP 4h
外网查看
E.kubectl scale
scale横向扩展是k8s这类编辑器平台的重要功能之一。
[root@kube-master ~]# kubectl get pod -o wide | grep nginx NAME READY STATUS RESTARTS AGE IP NODE nginx-1011335894-g18mm 1/1 Running 2 23h 10.255.30.2 kube-node1 [root@kube-master ~]# kubectl scale --current-replicas=1 --replicas=3 deployment/nginx deployment "nginx" scaled [root@kube-master ~]# kubectl get deployment nginx NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE nginx 3 3 3 3 23h [root@kube-master ~]# kubectl get pod -o wide | grep nginx nginx-1011335894-g18mm 1/1 Running 2 23h 10.255.30.2 kube-node1 nginx-1011335894-sdjg7 1/1 Running 0 2m 10.255.87.3 kube-node2 nginx-1011335894-tktff 1/1 Running 0 2m 10.255.30.3 kube-node1
F.kubectl autoscale
autoscale通过设置最大值和最小值,自动根据负载进行调整。
[root@kube-master ~]# kubectl autoscale deployment nginx --min=2 --max=5 deployment "nginx" autoscaled
注意:最大值不能小于当前存在的数量
H.kubectl cordon或uncordon
当节点服务器发生故障时,需要对服务器进行封锁。完成修复时,再进行解封。
[root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready 35d <none> kube-node2 Ready 35d <none> [root@kube-master ~]# kubectl get pod -o wide | grep nginx nginx-1011335894-g18mm 1/1 Running 2 23h 10.255.30.2 kube-node1 nginx-1011335894-sdjg7 1/1 Running 0 17m 10.255.87.3 kube-node2 nginx-1011335894-tktff 1/1 Running 0 17m 10.255.30.3 kube-node1 [root@kube-master ~]# kubectl cordon kube-node2 node "kube-node2" cordoned [root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready 35d <none> kube-node2 Ready,SchedulingDisabled 35d <none> [root@kube-master ~]# kubectl get pod -o wide | grep nginx #原有的并不会立即消失 nginx-1011335894-g18mm 1/1 Running 2 1d 10.255.30.2 kube-node1 nginx-1011335894-sdjg7 1/1 Running 0 41m 10.255.87.3 kube-node2 nginx-1011335894-tktff 1/1 Running 0 41m 10.255.30.3 kube-node1 [root@kube-master ~]# kubectl scale --replicas=4 deployment nginx deployment "nginx" scaled [root@kube-master ~]# kubectl get pod -o wide | grep nginx #但不会再往node2节点添加新的Pod nginx-1011335894-g18mm 1/1 Running 2 1d 10.255.30.2 kube-node1 nginx-1011335894-hb9rz 1/1 Running 0 11s 10.255.30.4 kube-node1 nginx-1011335894-sdjg7 1/1 Running 0 42m 10.255.87.3 kube-node2 nginx-1011335894-tktff 1/1 Running 0 42m 10.255.30.3 kube-node1
解封
[root@kube-master ~]# kubectl uncordon kube-node2 node "kube-node2" uncordoned [root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready 35d <none> kube-node2 Ready 35d <none>
I.kubectl drain
drain比cordon多了一个驱逐节点上的Pod,用的相对较多。解封一样使用的是uncordon
[root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready 35d <none> kube-node2 Ready 35d <none> [root@kube-master ~]# kubectl get pod -o wide | grep nginx nginx-1011335894-g18mm 1/1 Running 2 1d 10.255.30.2 kube-node1 nginx-1011335894-hb9rz 1/1 Running 0 4m 10.255.30.4 kube-node1 nginx-1011335894-sdjg7 1/1 Running 0 47m 10.255.87.3 kube-node2 nginx-1011335894-tktff 1/1 Running 0 47m 10.255.30.3 kube-node1 [root@kube-master ~]# kubectl drain kube-node1 node "kube-node1" cordoned pod "nginx-1011335894-g18mm" evicted pod "nginx-1011335894-tktff" evicted pod "nginx-1011335894-hb9rz" evicted node "kube-node1" drained [root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready,SchedulingDisabled 35d <none> kube-node2 Ready 35d <none> [root@kube-master ~]# kubectl get pod -o wide | grep nginx nginx-1011335894-d0mxj 1/1 Running 0 29s 10.255.87.5 kube-node2 nginx-1011335894-hhz1f 1/1 Running 0 29s 10.255.87.4 kube-node2 nginx-1011335894-sdjg7 1/1 Running 0 48m 10.255.87.3 kube-node2 nginx-1011335894-zh2zw 1/1 Running 0 29s 10.255.87.6 kube-node2
解封
[root@kube-master ~]# kubectl uncordon kube-node1 node "kube-node1" uncordoned [root@kube-master ~]# kubectl get node -o wide NAME STATUS AGE EXTERNAL-IP kube-node1 Ready 35d <none> kube-node2 Ready 35d <none> [root@kube-master ~]# kubectl get pod -o wide | grep nginx nginx-1011335894-d0mxj 1/1 Running 0 1m 10.255.87.5 kube-node2 nginx-1011335894-hhz1f 1/1 Running 0 1m 10.255.87.4 kube-node2 nginx-1011335894-sdjg7 1/1 Running 0 49m 10.255.87.3 kube-node2 nginx-1011335894-zh2zw 1/1 Running 0 1m 10.255.87.6 kube-node2
(5).模板文件
众所周知的槽点:k8s没有提供对apiVersion的任何指导,目前可以先对照https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-apiversion-definition-guide.html这个网址来选择,后期我会单独写一篇。
Pod模板文件大致如下:
apiVersion: v1 #必选,指定api版本,
kind: Pod #必选,指定创建角色的资源类型
metadata: #必选,指定资源的元数据(属性)
name: [String] #必选,资源的名称,在同一个命名空间内必须唯一
namespace: [String] #可选,资源所处的命名空间,默认default
labels: #可选,自定义标签列表
- [name]: [String] #数组整体复数可选,自定义标签内容
annotations: #可选,自定义注释列表
- [name]: [String] #数组整体复数可选,自定义注释内容
spec: #必选,指定资源内容的详细定义
containers: #必选,指定Pod中容器列表
- name: [String] #指定容器名称(docker容器实例名称的一部分)
images: [String] #必选,指定容器镜像
imagesPullPolicy: [Always | Never | IfNotPresent] #可选,指定镜像拉取策略,Always表示总是下载镜像,Never表示只使用本地镜像,IfNotPresent表示如果本地没有镜像再下载。默认IfNotPresent
command: [String] #可选,指定容器的启动命令,如果没有指定使用打包时使用的启动命令
args: [String] #可选,指定容器启动时的命令参数
workingDir: [String] #可选,指定容器的工作目录,没有指定使用Docker的默认
ports: #可选,指定容器对外开放端口列表
- name: [String] #数组整体复数可选,端口名称
containerPort: [int] #容器对外开放端口
hostPort: [number] #映射到主机端口号,一般设置为与containerPort相同
protocol: [String] #端口协议
env: #可选,指定容器运行的环境变量列表
- name: [String] #数组整体复数可选,环境变量名称
value: [String] #环境变量的值
resources: #可选,指定容器运行的资源限制
limits: #容器运行资源上限
cpu: [String] #CPU资源,1(核)=1000m,m表示千分之一个内核,故有两种书写方式
memory: [String] #内存资源,单位Mi/Gi/M/G...。在k8s中单位没有i,表示以1000作为进制单位;单位有i,表示1024作为进制单位
requests: #容器运行资源下限
cpu: [String]
memory: [String]
volumeMounts: #可选,指定挂载到容器内部的存储卷配置
- name: [String] #数组整体复数可选,引用Pod中定义的共享存储卷(volume)的名称
mountPath: [String] #存储卷挂载到容器内部的绝对地址,应少于512字符
readOnly: [String] #存储卷是否为只读模式
livenessProbe: #指定对Pod内容器进行健康检查的设置。当探测无响应几次时,将会自动重启该容器,exec、httpGet和tcpSocket三选一进行设置
exec: #三选一设置,执行检测
command: [String] #设置执行命令或脚本
httpGet: #三选一设置,http获取检测
path: [String] #URI地址
port: [number] #端口号
host: [String] #主机地址
scheme: [String] #跳转协议
HttpHeaders: #http头信息
- name: [String] #信息名称
value: [String] #对应的值
tcpSocket: #三选一设置,tcp套字节检测
port: [number] #端口号
initialDelaySeconds: [number] #容器启动后首次探测时间,单位秒
timeoutSeconds: [number] #检测超时时间,单位秒
periodSeconds: [number] #检测间隔时间,单位秒
successThreshold: [number] #成功阈值,检测成功多少次算健康
failureThreshold: [number] #失败阈值,检测失败多少次需要重启
securityContext: #安全环境
privileged: [Boolean] #是否允许特权,一般都是不允许false
restartPolicy: [Always | Never |OnFailure] #可选,Pod重启策略,Always表示只要Pod停止就重启,Never表示Pod停止后不重启,OnFailure表示正常退出不重启。默认Always
nodeSelector: [object] #可选,节点选择器
imagePullSecrets: #可选,镜像拉取密钥。k8s可以创建secret(机密)注册表,其内主要保存docker连接的服务器、用户名和密码等信息。
- name: [String] #数组整体复数可选,通过secret(机密)注册表名称,选择连接不同的docker仓库
hostNetwork: [Boolean] #是否使用主机网络,默认为false
volumes: #可选,在该Pod上定义共享存储卷列表
- name: [String] #数组整体复数可选,存储卷名称。类型多选一,并不止以下四种
emptyDir: {} #类型为emptyDir的存储卷,与Pod同生命周期的临时目录,保证容器意外死亡时数据存留,为空值。
hostPath: #类型为hostPath的存储卷,将主机文件系统上的文件或目录挂载到Pod中
path: [String] #主机文件系统上的文件或目录,与容器中vloumeMounts设置里的mountPath相呼应
secret: #类型为secret(机密)的存储卷,将主机文件系统上的文件或目录挂载到Pod中
scretname: [String] #secret名称
items: #项目
- key: [String] #关键词
path: [String] #扩展地址,相对路径。容器中实际路径为vloumeMounts设置里的mountPath+扩展地址
configMap: #类型为configMap的存储卷
name: [String] #configMap名称
items: #项目
- key: [String] #关键词
path: [String] #扩展地址,相对路径。容器中实际路径为vloumeMounts设置里的mountPath+扩展地址
当然,有些容器可以设置的属性:name、image、command、args、workingDir、ports、env、resources、volumeMounts、livenessProbe、readinessProbe、livecycle、terminationMessagePath、imagePullPolicy、securityContext、stdin、stdinOnce、tty。
service配置文件模板如下:
apiVersion: v1 #必选,指定api版本
kind: Service #必选,指定创建角色的资源类型
matadata: #必选,指定资源的元数据(属性)
name: [String] #必选,资源名称,在同一命名空间内必选唯一
namespace: [String] #可选,资源所处的命名空间,默认default
labels: #可选,自定义标签列表
- [name]: [String] #数组整体复数可选,自定义标签内容
annotations: #可选,自定义注释列表
- [name]: [String] #数组整体复数可选,自定义注释内容
spec: #必选,指定资源内容的详细定义
selector: #必选,选择具有指定标签的Pod作为管理范围
- [name]: [String] #管理范围定义
type: [ClusterIP | NodePort | LoadBalancer] #可选,指定服务的访问方式,默认为ClusterIP。
#ClusterIP表示集群IP(虚拟IP)模式,用于k8s集群内部Pod的互相访问,在节点上kube-proxy通过设置iptables规则进行转发;
#NodePort表示节点端口模式,用于外部访问k8s集群内部的Pod,在外部客户端上通过节点的IP和端口访问服务;
#LoadBalancer表示负载均衡器模式,使用外接的负载均衡完成服务的负载分发,需要在spec.status.loadBalancer指定外部负载均衡器的IP地址,并同时定义ClusterIP和NodePort用于公有云。
clusterIP: [String] #指定当前服务在集群内部的IP地址。服务访问方式为ClusterIP时可选,如果不指定系统自动分配;服务访问方式为LoadBalancer时,必须手动设置。
sessionAffinity: [ClientIP | None] #可选,是否支持Session,默认为空(None)。Session表示同一个源IP地址的客户端请求都发给同一个后端Pod
ports: #可选,服务对外开放端口列表
- name: [String] #数组整体复数可选,端口自定义名称
protocol: [TCP | UDP] #端口协议,默认TCP
port: [int] #提供给内部Pod访问使用的端口
targetPort: [int] #Pod内部服务的端口
nodePort: [int] #提供给外部访问的节点上的端口
status:
loadBalancer:
ingress:
ip: [String] #外接负载均衡器的IP地址
hostname: [String] #外接负载均衡器的主机名
注意:使用端口映射时需要保证节点上的iptables开启转发功能(iptables -P FORWARD ACCEPT(临时转发))
参考:https://kubernetes.io/zh/docs/reference/kubectl/overview/
https://www.runoob.com/w3cnote/yaml-intro.html
https://blog.csdn.net/luanpeng825485697/article/details/83753260
https://blog.csdn.net/phantom_111/article/details/79427144
https://blog.csdn.net/u011230692/article/details/84490874
https://blog.csdn.net/watermelonbig/article/details/79693962
相关文章
- Kubernetes详解(四)——基于kubeadm的Kubernetes部署
- Kubernetes详解(五十五)——ClusterRole与RoleBinding
- Kubernetes statefulset有状态应用
- Kubernetes 在滚动更新中使用 Health Check
- 【云原生 | Kubernetes 系列】--K8s环境rdb,cefs的使用
- [K8s] Kubernetes 集群部署管理方式对比, kops, kubeadm, kubespray
- 如何在Kubernetes里创建一个Nginx service
- k3.第二章 基于二进制包安装kubernetes v1.20 -- 集群部署(一)
- y46.第三章 Kubernetes从入门到精通 -- ceph 在k8s中的使用案例(十九)
- 在kubernetes中部署kubesphere
- GitlabCICD技术----部署Kubernetes(k8s)类型的gitlab-runner
- Kubernetes(k8s)部署Promehteus(kube-prometheus&kube-prometheus-stack)监控
- Kubernetes(k8s)——本地存储卷介绍与简单使用(emptyDir,hostPath,local volume)
- 【云原生】Kubernetes(k8s)Istio Gateway 介绍与实战操作
- Kubernetes(k8s)架构设计
- 理解Labels、Selectors、Annotations,以及Kubernetes的核心——控制器模式
- Kubernetes 环境高可用测试
- Kubernetes 准入控制器: Admission Webhook
- Kubernetes 网络模型来龙去脉
- Kubernetes Service ClusterIp为集群内部提供服务
- 【云原生 | Kubernetes 系列】---Skywalking部署和监控
- a32.ansible 生产实战案例 -- 基于kubeadm安装kubernetes v1.22 -- 集群部署(一)
- Kubernetes_03_ConfigMap和Secret