本文會從資源基礎定義開始講起,在后面提供實驗操作步驟。
在本章結束后應該對k8s 資源有個大概的理解,且自己手動通過模板定義的方法創建一個包括兩個容器的 Pod 資源。
1 Kubernetes 中資源分類
詳見 https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#-strong-api-overview-strong-
Workload 類型
主要用於管理且運行集群中的容器,包括:
- Container
- Cronjob
- DaemonSet
- Deployment
- Job
- Pod
- ReplicaSet
- ReplicationController
- StatefulSet
Service
該種類服務主要用於對於 Workload 資源的補充,比如提供對外服務,負載均衡。
- Service Discovery
- Load-Balance
- Ingress
Config and Storage
該種類服務主要用於在應用中注入數據,以及對容器提供外部持久化數據。
- ConfigMap
- Secret
- PersistentVolumeClaim
- StorageClass
- Volume
- VolumeAttachment
- CSI
- ...
Metadata
元數據用於配置集群內部資源行為,如:HorizontalPodAutoscaler for scaling workloads.
- PodTemplate
- LimitRange
- Event
- HorizontalPodAutoscaler(HPA)
- ...
Cluster
該資源定義了集群是如何配置的,通常是管理員權限級別的操作
- Namespace
- Node
- Role
- ClusterRole
- Persisitentvolume
- RoleBinding
- ClusterRoleBinding
- ...
2. 提取Kubernetes 資源信息
展示運行的 Pod 資源
[root@k8smaster ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 3h nginx-79976cbb47-p247g 1/1 Running 0 3h nginx-79976cbb47-ppbqv 1/1 Running 0 3h
展示 Pod 如何配置的 (-o yaml 將輸出轉換為 yaml 格式):
[root@k8smaster ~]# kubectl get pod nginx-79976cbb47-ppbqv -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: "2019-01-03T13:34:16Z" generateName: nginx-79976cbb47- labels: pod-template-hash: "3553276603" run: nginx name: nginx-79976cbb47-ppbqv namespace: default ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: nginx-79976cbb47 uid: 43cecba5-0f5c-11e9-8668-000c297191df resourceVersion: "39591" selfLink: /api/v1/namespaces/default/pods/nginx-79976cbb47-ppbqv uid: 43d50008-0f5c-11e9-8668-000c297191df spec: containers: - image: nginx:1.14-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 80 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-rxs5t readOnly: true dnsPolicy: ClusterFirst nodeName: k8snode1 priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-rxs5t secret: defaultMode: 420 secretName: default-token-rxs5t status: conditions: - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:16Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:18Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: null status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:16Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://3d438e181572b2072cee7c7794914e94ee1df133d06cf32193d964c29f879525 image: nginx:1.14-alpine imageID: docker-pullable://nginx@sha256:e3f77f7f4a6bb5e7820e013fa60b96602b34f5704e796cfd94b561ae73adcf96 lastState: {} name: nginx ready: true restartCount: 0 state: running: startedAt: "2019-01-03T13:34:17Z" hostIP: 172.16.0.12 phase: Running podIP: 10.244.1.6 qosClass: BestEffort startTime: "2019-01-03T13:34:16Z"
3 資源對象
通常資源對象有三種組件:
- Resource ObjectMeta: 這種信息主要描述資源的元信息比如:名字,類型,api 版本,標注,標簽等。這些屬性可以使用戶自定義也可以是系統自動分配的
- ResourceSpec: 主要有用戶自定義,描述了對系統期望的狀態,且應用於創建或更新資源時
- ResourceStatus: 主要有系統自動填寫,用於顯示當前系統狀態等信息。通常用戶不需要自己手動更改
4 資源模板的格式
4.1 API 名稱
- apiVersion
- kind
- spec
- metadata
- etc.
4.2 組名稱
- core (by default, if it is not mentioned)
- apps
- batch
- extensions
- ...
4.3 版本號r
- v1 (stable version)
- v1beta
- ...
例如 apiVersion: v1 表示: apiVersion API 名稱; group 為 core (by default); version 為 v1
5 第一級別 Attributes for K8s模板
這里是 5 種常見模板attributes, 前四個應該由用戶自定義:
- apiVersion: group/version
- kind: 資源類型-如:pod, service, deployment 等.
- metadata: 元信息如:name, namespace, labels, annotations (optional)
- spec (期望狀態;disired state)
- status (由 kubernetes 自動維護)
用戶可使用 "kubectl explain {resource type}" 展示詳細信息
例如展示 Pod 定義信息:
[root@k8smaster ~]# kubectl explain pod KIND: Pod VERSION: v1 DESCRIPTION: Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. FIELDS: apiVersion <string> APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources kind <string> Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds metadata <Object> Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata spec <Object> Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status status <Object> Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
如果用戶需要關於 metadata 更多信息 可以使用 kubectl explain resourcename.objectname.objectname...
如:
[root@k8smaster ~]# kubectl explain pod.metadata KIND: Pod VERSION: v1 RESOURCE: metadata <Object> DESCRIPTION: Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. FIELDS: annotations <map[string]string> Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations clusterName <string> The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. generation <integer> A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. labels <map[string]string> Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels name <string> Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names namespace <string> Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/
selfLink <string> SelfLink is a URL representing this object. Populated by the system. Read-only. uid <string> UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
...
6 編寫第一個 YAML 模板資源
創建一個新文件名為 pod-demo.yaml
touch pod-demo.yaml vi pod-demo.yaml
添加內如容下,該腳本會生成一個 Pod 其中包括兩個容器
apiVersion: v1 kind: Pod metadata: name: pod-demo namespace: default labels: app: myapp tier: frontend spec: containers: - name: myapp image: ikubernetes/myapp:v1 - name: busybox image: busybox:latest command: - "/bin/sh" - "-c" - "echo date >> /usr/share/nginx/html/index.html; sleep 5"
現在用以下操作創建 Pod:
[root@k8smaster ~]# kubectl create -f pod-demo.yaml pod/pod-demo created
[root@k8smaster ~]# kubectl get pods -w NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 5h13m nginx-79976cbb47-p247g 1/1 Running 0 5h13m nginx-79976cbb47-ppbqv 1/1 Running 0 5h13m pod-demo 0/2 ContainerCreating 0 15s pod-demo 2/2 Running 0 15s pod-demo 1/2 Running 0 20s pod-demo 2/2 Running 1 24s pod-demo 1/2 Running 1 29s
^C[root@k8smaster ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 5h nginx-79976cbb47-p247g 1/1 Running 0 5h nginx-79976cbb47-ppbqv 1/1 Running 0 5h pod-demo 1/2 Running 1 38s [root@k8smaster ~]# kubectl describe pod pod-demo Name: pod-demo Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Thu, 03 Jan 2019 19:46:35 +0100 Labels: app=myapp tier=frontend Annotations: <none> Status: Running IP: 10.244.1.10 Containers: myapp: Container ID: docker://b9cb870577649ea76da415c19b9b72276ee8803698c5a3178f7fa9955e3cf983 Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: <none> Host Port: <none> State: Running Started: Thu, 03 Jan 2019 19:46:44 +0100 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) busybox: Container ID: docker://b5a91b353122a176b80a0c2f487093337576de190b72fff6d7e0adaf00a389bc Image: busybox:latest Image ID: docker-pullable://busybox@sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0 Port: <none> Host Port: <none> Command: /bin/sh -c echo date >> /usr/share/nginx/html/index.html; sleep 5 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:47:20 +0100 Finished: Thu, 03 Jan 2019 19:47:25 +0100 Last State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:46:58 +0100 Finished: Thu, 03 Jan 2019 19:47:03 +0100 Ready: False Restart Count: 2 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulling 80s kubelet, k8snode1 pulling image "ikubernetes/myapp:v1" Normal Pulled 72s kubelet, k8snode1 Successfully pulled image "ikubernetes/myapp:v1" Normal Created 72s kubelet, k8snode1 Created container Normal Started 72s kubelet, k8snode1 Started container Normal Scheduled 53s default-scheduler Successfully assigned default/pod-demo to k8snode1 Normal Pulling 38s (x3 over 72s) kubelet, k8snode1 pulling image "busybox:latest" Normal Pulled 36s (x3 over 68s) kubelet, k8snode1 Successfully pulled image "busybox:latest" Normal Created 36s (x3 over 68s) kubelet, k8snode1 Created container Normal Started 36s (x3 over 68s) kubelet, k8snode1 Started container Warning BackOff 29s (x2 over 52s) kubelet, k8snode1 Back-off restarting failed container
[root@k8smaster ~]# kubectl describe pod pod-demo Name: pod-demo Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Thu, 03 Jan 2019 19:46:35 +0100 Labels: app=myapp tier=frontend Annotations: <none> Status: Running IP: 10.244.1.10 Containers: myapp: Container ID: docker://b9cb870577649ea76da415c19b9b72276ee8803698c5a3178f7fa9955e3cf983 Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: <none> Host Port: <none> State: Running Started: Thu, 03 Jan 2019 19:46:44 +0100 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) busybox: Container ID: docker://b5a91b353122a176b80a0c2f487093337576de190b72fff6d7e0adaf00a389bc Image: busybox:latest Image ID: docker-pullable://busybox@sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0 Port: <none> Host Port: <none> Command: /bin/sh -c echo date >> /usr/share/nginx/html/index.html; sleep 5 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:47:20 +0100 Finished: Thu, 03 Jan 2019 19:47:25 +0100 Last State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:46:58 +0100 Finished: Thu, 03 Jan 2019 19:47:03 +0100 Ready: False Restart Count: 2 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulling 92s kubelet, k8snode1 pulling image "ikubernetes/myapp:v1" Normal Pulled 84s kubelet, k8snode1 Successfully pulled image "ikubernetes/myapp:v1" Normal Created 84s kubelet, k8snode1 Created container Normal Started 84s kubelet, k8snode1 Started container Normal Scheduled 65s default-scheduler Successfully assigned default/pod-demo to k8snode1 Normal Pulling 50s (x3 over 84s) kubelet, k8snode1 pulling image "busybox:latest" Normal Pulled 48s (x3 over 80s) kubelet, k8snode1 Successfully pulled image "busybox:latest" Normal Created 48s (x3 over 80s) kubelet, k8snode1 Created container Normal Started 48s (x3 over 80s) kubelet, k8snode1 Started container Warning BackOff 41s (x2 over 64s) kubelet, k8snode1 Back-off restarting failed container
檢查日志可以使用該命令: "kubectl logs pod-demo myapp"
[root@k8smaster ~]# curl 10.244.1.10 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@k8smaster ~]# kubectl logs pod-demo myapp 10.244.0.0 - - [03/Jan/2019:18:52:20 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"
[root@k8smaster ~]# kubectl logs pod-demo busybox /bin/sh: can't create /usr/share/nginx/html/index.html: nonexistent directory [root@k8smaster ~]#
* curl 10.244.1.10 該命令只用於生成一行日志(http get)
通過實驗可見 busybox 容器尚未工作
通過下面命令進入運行的myapp 容器中"kubectl exec POD [-c CONTAINER] -- COMMAND [args...] [options]"
[root@k8smaster ~]# kubectl exec -it pod-demo -c myapp -- /bin/sh / # whoami root / # cd /usr/share/nginx/html/ /usr/share/nginx/html # ll /bin/sh: ll: not found /usr/share/nginx/html # ls 50x.html index.html /usr/share/nginx/html # cat index.html Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
* 該操作不會成功,因為該Pod下有兩個容器,但由於沒有配置共同存儲 busybox 不會共享它的容器存儲系統。作為Workaround可以使用"echo date >> /usr/share/nginx/html/index.html; sleep 5" won't write anything in index.html (index.html 已經存在於myapp 容器中)
修改模板文件的最后一行為:
- "echo date >> /usr/share/nginx/html/index.html; sleep 5" to - "sleep 5000"
busybox container會睡眠 5000 秒然后結束...
附加一篇文章僅供參考: https://www.cnblogs.com/MyLifeMyWay/p/8493542.html
Done :-)