課程鏈接:http://video.jessetalk.cn/course/explore
良心課程,大家一起來學習哈!
目錄
- 01-介紹K8s是什么
- 02-為什么要學習k8s
- 03-如何學習k8s
- 04-K8S集群基本概念
- 05-安裝本地k8s單節點集群
- 06-K8S三大核心組件介紹
- 07-Service的三種類型及Dashboad部署
- 08-kubectl工具命令介紹
- 09-yaml部署文件格式介紹
- 10-部署netcore api到K8S
- 11-k8s高可用集群介紹
- 12-進階介紹
01-介紹K8s是什么
Docker VS VirtualMachine
- 敏捷地應用創建和部署
- 持續開發,集成和部署
- 開發和運行相分離
- 開發,測試和生產環境的持續
- 雲和操作系統版本的可移植性,可以運行在 Ubuntu, RHEL, CoreOS, on-prem, Google Container Engine,和任何其它的運行環境中。
- 松耦合,分布式,彈性,自由的微服務
- 資源隔離:可以預測的應用性能
- 資源使用:高效
Docker 容器集群
鏡像 => run => 容器(運行時)
- 同一個容器在同一台Host上能部署幾份?
- 如果實現在多台機器上快速部署?
- 不同容器在不同機器上如何交互?如何做負載均衡?
K8S 介紹
一個用於容器集群的自動化部署、擴容以及運維的開源平台
- 快速而有預期地部署你的應用
- 極速地擴展你的應用
- 無縫對接新的應用功能
- 節省資源,優化硬件資源的使用
02-為什么要學習k8s
通過 K8S 降低整個基礎設施在架構和運維上的難度
測試環境
- 將多個API打成鏡像部署到不同的節點上
- 通過 Node Port 本地可以直接連到 API 進行測試
- Mysql 與 API 可以通過 service 連接
- 一套腳本部署
生產環境
- Mysql, Redis, 消息隊列使用第三方服務(騰訊雲)
- 也可以通過 橋接 將內部 API 與外部服務連接
03-如何學習k8s
掌握學習的方法(刻意練習)
- 先了解全貌和整體
- 對整體結構進入拆分、梳理脈絡(思維導圖)
- 馬上開始行動(比如本地部署一個集群)
- 在動的過程中逐步加深,每一個階段有階段性目標
- 及時進行回顧與復盤,與理論相結合
- 輸出(學習金字塔)
學習K8S的路徑
- 了解基本概念及核心組件
- 使用本地單節點集群來學習k8s
- 用kubectl 與本地集群建立連接
- 部署服務到 k8s集群
- 對k8s服務進行擴容、更新
- 進一步學習k8s資源(pod, deployment, service, statefulset, ingress…)
- 設計微服務
- 搭建k8s集群或者使用雲服務商的k8s服務
- 添加持續集成、日志搜集、監控和指標度量、跟蹤
04-K8S集群基本概念
Agenda
- K8S集群基本概念
- 本地搭建k8s單節點集群
- POD & Service & Deployment
- Service 的三種類型
- Yaml 部署文件語法初體驗
- 初始化一個.NET Core API 並push到docker hub
- 把.Net Core API 部署到 K8s
- K8S集群高級概念
K8S集群基本概念
- 集群(多個機器拼在一起,共同處理)
- Node (Master:維護集群狀態 and Worker:處理)(高可用時架構不同)
- 資源(內部組件為一個資源,對外暴露 restful 的 WebApi)(例如 Yaml)
- Kubectl (本地客戶端,一個命令行工具,連接到 K8S 集群)
05-安裝本地k8s單節點集群
安裝教程
輸入國內鏡像地址(https://registry.docker-cn.com),才能更好的拿到谷歌開頭的鏡像
運行下列腳本可以從阿里雲鏡像服務下載Kubernetes安裝所需Docker鏡像,您也可以通過修改 images.properties 文件定義自己安裝所需的Docker鏡像
右鍵 git bash
git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop
cd k8s-for-docker-desktop
如果您安裝版本為18.09/18.06版本可以直接使用master分支;如果是18.03穩定版請使用對應的代碼分支 git checkout 18.03
Windows下加載鏡像(./load_images.sh)可能會報錯
使用 PowerShell 執行 load_images.ps1 循環拉取 images.properties 的鏡像
需要開啟VPN
在Docker for Mac中開啟 Kubernetes
勾選 Enable Kubernetes 安裝,等待消息 Kubernetes is running
配置信息路徑:C:\Users\MINGSON.kube
測試 kubectl 命令,在左下角 Windows 圖標右鍵啟動 Window PowerShell(管理員)
PS C:\WINDOWS\system32> kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-for-desktop Ready master 1d v1.10.3
PS C:\WINDOWS\system32> kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 1d
06-K8S三大核心組件介紹
POD & Service
POD: K8S 運行時最小單元邏輯(類似docker里面的容器)
與容器的區別:
docker里面每個容器只有一個主進程掛載,可以使用supervisord同時讓兩個進程運行起來,可是docker只有一個入口,所以只能把supervisord暴露成入口,這種情況API很難進入到里面每個進程
POD里面可以運行多個容器,同時容器之間的掛載可以共享
docker映射端口后可以直接訪問
POD必須掛載一個service(對外暴露POD),之后POD才可以在集群外部被訪問
學習資料
deployment
kind:聲明k8s資源固定的模板
replicas:POD實例,復本
containers:容器(數組形式,可以定義多個容器)
image:鏡像
一個deployment的POD里面可以運行多個容器
07-Service的三種類型及Dashboad部署
- ClusterIP
- NodePort
- LoadBalancer
學習資料
Kubernetes的三種外部訪問方式:NodePort、LoadBalancer 和 Ingress
ClusterIP 服務是 Kubernetes 的默認服務。它給你一個集群內的服務,集群內的其它應用都可以訪問該服務。集群外部無法訪問它。
ClusterIP 服務的 YAML 文件類中 type: ClusterIP(不填寫默認也是ClusterIP)
NodePort 服務是引導外部流量到你的服務的最原始方式。NodePort,正如這個名字所示,在所有節點(虛擬機)上開放一個特定端口,任何發送到該端口的流量都被轉發到對應服務。
NodePort 服務的 YAML 文件類中 type: NodePort,需要指定一個端口 nodePort: 30036
NodePort 是開發環境中最常用的類型
LoadBalancer 服務是暴露服務到 internet 的標准方式。在 GKE 上,這種方式會啟動一個 Network Load Balancer,它將給你一個單獨的 IP 地址,轉發所有流量到你的服務。
LoadBalancer 主要是雲服務商使用
使用 kubectl 連接本地集群,部署 dashboard(腳本中通過 ClusterIP,需要使用代理的模式)
在左下角 Windows 圖標右鍵啟動 Window PowerShell(管理員)
PS C:\WINDOWS\system32> kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
腳本中的 namespace: kube-system 是一個資源,可以通過 kubectl 命令行獲取
PS C:\WINDOWS\system32> kubectl get namespace
NAME STATUS AGE
default Active 1d
docker Active 1d
kube-public Active 1d
kube-system Active 1d
PS C:\WINDOWS\system32> kubectl get deploy -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-dns 1 1 1 1 1d
kubernetes-dashboard 1 1 1 1 2m
PS C:\WINDOWS\system32> kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 1d
kubernetes-dashboard ClusterIP 10.106.79.145 <none> 443/TCP 2m
開啟API Server的本地監聽端口,之后就可以打開控制台
PS C:\WINDOWS\system32> kubectl proxy
Starting to serve on 127.0.0.1:8001
跳過
切換命名空間到 kube-system
容器組里運行的 dashboard
通過 NodePort 部署
在本地新建一個文件 kubernetes-dashboard.yaml,將腳本(https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml)內容保存到本地文件 kubernetes-dashboard.yaml
添加 type: NodePort,nodePort: 30065(端口必須在30000-32767)
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30065
selector:
k8s-app: kubernetes-dashboard
刪除上面部署的 deploy
PS C:\WINDOWS\system32> kubectl get deploy -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-dns 1 1 1 1 1d
kubernetes-dashboard 1 1 1 1 52m
PS C:\WINDOWS\system32> kubectl delete deploy kubernetes-dashboard -n kube-system
deployment.extensions "kubernetes-dashboard" deleted
刪除服務,使用縮寫svc
PS C:\WINDOWS\system32> kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 1d
kubernetes-dashboard ClusterIP 10.106.79.145 <none> 443/TCP 53m
PS C:\WINDOWS\system32> kubectl delete svc kubernetes-dashboard -n kube-system
service "kubernetes-dashboard" deleted
再次啟動代理
PS C:\WINDOWS\system32> kubectl proxy
Starting to serve on 127.0.0.1:8001
無法訪問
切換到文件所在目錄部署deploy
PS D:\jessetalk\k8s> kubectl create -f .\kubernetes-dashboard.yaml
service "kubernetes-dashboard" created
Error from server (AlreadyExists): error when creating ".\\kubernetes-dashboard.yaml": secrets "kubernetes-dashboard-certs" already exists
Error from server (AlreadyExists): error when creating ".\\kubernetes-dashboard.yaml": serviceaccounts "kubernetes-dashboard" already exists
Error from server (AlreadyExists): error when creating ".\\kubernetes-dashboard.yaml": roles.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" already exists
Error from server (AlreadyExists): error when creating ".\\kubernetes-dashboard.yaml": rolebindings.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" already exists
Error from server (AlreadyExists): error when creating ".\\kubernetes-dashboard.yaml": deployments.apps "kubernetes-dashboard" already exists
PS D:\jessetalk\k8s> kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 1d
kubernetes-dashboard NodePort 10.105.60.55 <none> 443:30065/TCP 33s
瀏覽器訪問:https://127.0.0.1:30065/
由於 dashboard 使用 https,所以假的證書無法訪問
08-kubectl工具命令介紹
Kubectl 命令詳解
不同 namespace 下的資源(pod, deployment, services)是隔離的
09-yaml部署文件格式介紹
下載 k8s-demo:https://github.com/MINGSON666/k8s-demo.git
Yaml 部署文件詳解
--查看解釋
PS C:\WINDOWS\system32> kubectl explain deployment.metadata
KIND: Deployment
VERSION: extensions/v1beta1
RESOURCE: metadata <Object>
DESCRIPTION:
Standard object metadata.
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
FIELDS:
annotations <map[string]string>
Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
clusterName <string>
The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
creationTimestamp <string>
CreationTimestamp is a timestamp representing the server time when this
object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is
represented in RFC3339 form and is in UTC. Populated by the system.
Read-only. Null for lists. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
deletionGracePeriodSeconds <integer>
Number of seconds allowed for this object to gracefully terminate before it
will be removed from the system. Only set when deletionTimestamp is also
set. May only be shortened. Read-only.
deletionTimestamp <string>
DeletionTimestamp is RFC 3339 date and time at which this resource will be
deleted. This field is set by the server when a graceful deletion is
requested by the user, and is not directly settable by a client. The
resource is expected to be deleted (no longer visible from resource lists,
and not reachable by name) after the time in this field, once the
finalizers list is empty. As long as the finalizers list contains items,
deletion is blocked. Once the deletionTimestamp is set, this value may not
be unset or be set further into the future, although it may be shortened or
the resource may be deleted prior to this time. For example, a user may
request that a pod is deleted in 30 seconds. The Kubelet will react by
sending a graceful termination signal to the containers in the pod. After
that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)
to the container and after cleanup, remove the pod from the API. In the
presence of network partitions, this object may still exist after this
timestamp, until an administrator or automated process can determine the
resource is fully terminated. If not set, graceful deletion of the object
has not been requested. Populated by the system when a graceful deletion is
requested. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
finalizers <[]string>
Must be empty before the object is deleted from the registry. Each entry is
an identifier for the responsible component that will remove the entry from
the list. If the deletionTimestamp of the object is non-nil, entries in
this list can only be removed.
generateName <string>
GenerateName is an optional prefix, used by the server, to generate a
unique name ONLY IF the Name field has not been provided. If this field is
used, the name returned to the client will be different than the name
passed. This value will also be combined with a unique suffix. The provided
value has the same validation rules as the Name field, and may be truncated
by the length of the suffix required to make the value unique on the
server. If this field is specified and the generated name exists, the
server will NOT return a 409 - instead, it will either return 201 Created
or 500 with Reason ServerTimeout indicating a unique name could not be
found in the time allotted, and the client should retry (optionally after
the time indicated in the Retry-After header). Applied only if Name is not
specified. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency
generation <integer>
A sequence number representing a specific generation of the desired state.
Populated by the system. Read-only.
initializers <Object>
An initializer is a controller which enforces some system invariant at
object creation time. This field is a list of initializers that have not
yet acted on this object. If nil or empty, this object has been completely
initialized. Otherwise, the object is considered uninitialized and is
hidden (in list/watch and get calls) from clients that haven't explicitly
asked to observe uninitialized objects. When an object is created, the
system will populate this list with the current set of initializers. Only
privileged users may set or modify this list. Once it is empty, it may not
be modified further by any user.
labels <map[string]string>
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
name <string>
Name must be unique within a namespace. Is required when creating
resources, although some resources may allow a client to request the
generation of an appropriate name automatically. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: http://kubernetes.io/docs/user-guide/identifiers#names
namespace <string>
Namespace defines the space within each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty. Must
be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
ownerReferences <[]Object>
List of objects depended by this object. If ALL objects in the list have
been deleted, this object will be garbage collected. If this object is
managed by a controller, then an entry in this list will point to this
controller, with the controller field set to true. There cannot be more
than one managing controller.
resourceVersion <string>
An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. Clients must treat these values as opaque and
passed unmodified back to the server. They may only be valid for a
particular resource or set of resources. Populated by the system.
Read-only. Value must be treated as opaque by clients and . More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency
selfLink <string>
SelfLink is a URL representing this object. Populated by the system.
Read-only.
uid <string>
UID is the unique in time and space value for this object. It is typically
generated by the server on successful creation of a resource and is not
allowed to change on PUT operations. Populated by the system. Read-only.
More info: http://kubernetes.io/docs/user-guide/identifiers#uids
學習資料
使用YAML創建一個 Kubernetes Depolyment
#deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-demo
namespace: netcore
labels:
name: k8s-demo
spec:
replicas: 2
selector:
matchLabels:
name: k8s-demo
template:
metadata:
labels:
name: k8s-demo
spec:
containers:
- name: k8s-demo
image: jessetalk/k8s-demo
ports:
- containerPort: 80
imagePullPolicy: Always
---
kind: Service
apiVersion: v1
metadata:
name: k8s-demo
namespace: netcore
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
name: k8s-demo
- 通過 name 使 Deployment 和 Service 對應
- imagePullPolicy(策略:總是下載最新的鏡像)
#通過 yaml 文件創建服務實例
PS D:\jessetalk\k8s\k8s-demo> kubectl create namespace netcore
namespace "netcore" created
PS D:\jessetalk\k8s\k8s-demo> kubectl get namespace
NAME STATUS AGE
default Active 1d
docker Active 1d
kube-public Active 1d
kube-system Active 1d
netcore Active 3m
PS D:\jessetalk\k8s\k8s-demo> kubectl create -f deploy.yaml
deployment.apps "k8s-demo" created
service "k8s-demo" created
PS D:\jessetalk\k8s\k8s-demo> kubectl get deploy -n netcore
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
k8s-demo 2 2 2 2 36s
PS D:\jessetalk\k8s\k8s-demo> kubectl get svc -n netcore
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
k8s-demo NodePort 10.104.253.169 <none> 80:30022/TCP 4m
學習資料
10-部署netcore api到K8S
下載 k8s-demo:https://github.com/MINGSON666/k8s-demo.git
PS D:\jessetalk\k8s> dotnet new webapi --name k8s-demo
歡迎使用 .NET Core!
---------------------
若要詳細了解 NET Core: https://aka.ms/dotnet-docs
請使用 “dotnet --help”查看可用的命令或訪問: https://aka.ms/dotnet-cli-docs
遙測
---------
.NET Core 工具收集用法數據,以便幫助改善用戶體驗。數據是匿名的,且不包括命令行參數。數據由 Microsoft 收集並與社區共享。可使用喜歡的 shell 將環境變量 DOTNET_CLI_TELEMETRY_OPTOUT 設置為 “1” 或 “true”,從而選擇推出遙測。
若要深入了解 .NET Core CLI 工具遙測,請訪問 https://aka.ms/dotnet-cli-telemetry
ASP.NET Core
------------
已成功安裝 ASP.NET Core HTTPS 開發證書。
要信任證書,請運行 "dotnet dev-certs https --trust"(僅限 Windows 和 macOS)。要在其他平台上建立信任,請參閱特定於平台的文檔。
有關配置 HTTPS 的詳細信息,請參閱 https://go.microsoft.com/fwlink/?linkid=848054。
正在准備...
創建此模板將對現有文件進行更改:
覆蓋 appsettings.Development.json
覆蓋 appsettings.json
覆蓋 k8s-demo.csproj
覆蓋 Controllers/ValuesController.cs
覆蓋 Program.cs
覆蓋 Properties/launchSettings.json
覆蓋 Startup.cs
覆蓋 wwwroot
重新運行命令並傳遞 --force 以接受並創建。
PS D:\jessetalk\k8s> dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
A valid HTTPS certificate is already present.
PS D:\jessetalk\k8s> dotnet new webapi --name k8s-demo --force
已成功創建模板“ASP.NET Core Web API”。
正在處理創建后操作...
正在 k8s-demo\k8s-demo.csproj 上運行 "dotnet restore"...
正在還原 D:\jessetalk\k8s\k8s-demo\k8s-demo.csproj 的包...
正在生成 MSBuild 文件 D:\jessetalk\k8s\k8s-demo\obj\k8s-demo.csproj.nuget.g.props。
D:\jessetalk\k8s\k8s-demo\k8s-demo.csproj 的還原在 2.72 sec 內完成。
還原成功。
PS D:\jessetalk\k8s> cd k8s-demo
#用 vscode 打開文件
PS D:\jessetalk\k8s\k8s-demo> code .
修改 ValuesController
// GET api/values/5
[HttpGet("{id}")]
public ActionResult<string> Get(int id)
{
return id.ToString();
}
在 VSCode 中 View =》Terminal 輸入 dotnet run 本地跑起來
PS D:\jessetalk\k8s\k8s-demo> dotnet run
瀏覽器地址欄輸入:https://localhost:5001/api/values/1 看到結果為1
新建一個 Dockerfile
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY . .
RUN dotnet restore
RUN dotnet build -c Release -o /app
FROM build AS publish
RUN dotnet publish -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "k8s-demo.dll"]
在 VSCode 終端 build
PS D:\jessetalk\k8s\k8s-demo> docker build -t jessetalk/k8s-demo .
build 成功
Successfully built e143b4e67d1e
Successfully tagged jessetalk/k8s-demo:latest
查看一下鏡像,有一個 jessetalk/k8s-demo
PS D:\jessetalk\k8s\k8s-demo> docker images
REPOSITORY TAG IMAGE ID
CREATED SIZE
<none> <none> ff94f468e577
2 minutes ago 1.73GB
jessetalk/k8s-demo latest e143b4e67d1e
24 hours ago 253MB
run ,端口8085映射到80
PS D:\jessetalk\k8s\k8s-demo> docker run -d -p 8085:80 --name k8s-demo jessetalk/k8s-demoa441b03ac073fab5139b3a679b35a6e6260fc595916978137acb6a555ed462b5
查看結果
PS D:\jessetalk\k8s\k8s-demo> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESa441b03ac073 jessetalk/k8s-demo "dotnet k8s-demo.dll" 2 minutes ago Up 2 minutes 0.0.0.0:8085->80/tcp k8s-demof8af1ff029a4 jessetalk/k8s-demo "dotnet k8s-demo.dll" 2 hours ago Up 2 hours k8s_k8s-demo_k8s-demo-7d9787fcb9-lnnrp_netcore_0e765fb2-f70c-11e8-8043-00155d0b9215_4c9fffde727a3 jessetalk/k8s-demo "dotnet k8s-demo.dll" 2 hours ago Up 2 hours k8s_k8s-demo_k8s-demo-7d9787fcb9-jz2hs_default_73dadea3-f70b-11e8-8043-00155d0b9215_4518f280971f9 jessetalk/k8s-demo "dotnet k8s-demo.dll" 2 hours ago Up 2 hours k8s_k8s-demo_k8s-demo-7d9787fcb9-m8slt_default_73e5e434-f70b-11e8-8043-00155d0b9215_4c28b5b43b967 jessetalk/k8s-demo "dotnet k8s-demo.dll" 2 hours ago Up 2 hours k8s_k8s-demo_k8s-demo-7d9787fcb9-2j8hx_netcore_0e6fbfca-f70c-11e8-8043-00155d0b9215_4
瀏覽器訪問:http://localhost:8085/api/values
得到返回值:["value1","value2"]
登陸 docker
PS D:\jessetalk\k8s\k8s-demo> docker login --username mingsonzheng
Password:
Login Succeeded
推送鏡像(推送前先修改為自己的用戶名)
PS D:\jessetalk\k8s\k8s-demo> docker tag jessetalk/k8s-demo mingsonzheng/k8s-demo
PS D:\jessetalk\k8s\k8s-demo> docker push mingsonzheng/k8s-demo
The push refers to repository [docker.io/mingsonzheng/k8s-demo]
3629f42d7187: Pushed
0bb37faafa32: Pushed
b29986f25fdb: Pushed
b116468880ac: Pushed
57bda236ae67: Pushed
ef68f6734aa4: Pushed
latest: digest: sha256:b3dab95b049d2308e2cd94af35dbfeb9c955011a63c1f1caf49faab6ae9d36ff size: 1579
推送完成后可以看到自動創建的倉庫 k8s-demo
快速部署 k8s-demo
PS D:\jessetalk\k8s\k8s-demo> kubectl create -f deploy.yaml
service "k8s-demo" created
PS D:\jessetalk\k8s\k8s-demo> kubectl get svc -n netcore
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
k8s-demo NodePort 10.101.30.110 <none> 80:30585/TCP 1m
根據端口號訪問本地 k8s 服務:
http://127.0.0.1:30585/api/values
http://127.0.0.1:30585/api/values/1
http://127.0.0.1:30585/api/values/2
通過 dashboard 查看
PS D:\jessetalk\k8s\k8s-demo> kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy
/recommended/kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
啟動代理
PS D:\jessetalk\k8s\k8s-demo> kubectl proxy
Starting to serve on 127.0.0.1:8001
切換命名空間 netcore,可以看到部署的 k8s-demo
點擊容器組,選擇一個容器組,點擊日志按鈕查看日志
點擊運行命令進入 docker 的命令行
11-k8s高可用集群介紹
- 一個集群分為多個 Node (worker節點),左側為 master 節點
- 每個節點上安裝一個 kubelet ,與 docker 交互,負責每個 Pod 的創建、刪除等
- 外部 service 訪問通過 Proxy
- k8s 所有資源,數據存儲在分布式數據庫 etcd
- Scheduler 負責資源調度,根據 Node 負載情況選擇 Node 分配任務
k8s 核心組件
- etcd 保存了整個集群的狀態;
- api server 提供了資源操作的唯一入口,並提供認證、授權、訪問控制、API注冊和發現等機制;
- controller manager 負責維護集群的狀態,比如故障檢測、自動擴展、滾動更新等;
- scheduler 負責資源的調度,按照預定的調度策略將Pod調度到相應的機器上;
- kubelet 負責維護容器的生命周期,同時也負責Volume(CVI)和網絡(CNI)的管理;
- container runtime 負責鏡像管理以及Pod和容器的真正運行(CRI);
- kube-proxy 負責為Service提供cluster內部的服務發現和負載均衡;
k8s 調度過程
- API Server 異步請求
- ReplicaSets 副本管理
- 所有數據保存在 etcd
- 如果 MasterNode 出現問題,整個集群會掛掉
k8s 高可用集群
- 一般需要3台 MasterNode,Node 最多25台(與 IP 地址限制有關)
- etcd 數據庫會進行數據同步,通過選舉算法選舉 leader
12-進階介紹
本作品采用知識共享署名-非商業性使用-相同方式共享 4.0 國際許可協議進行許可。
歡迎轉載、使用、重新發布,但務必保留文章署名 鄭子銘 (包含鏈接: http://www.cnblogs.com/MingsonZheng/ ),不得用於商業目的,基於本文修改后的作品務必以相同的許可發布。
如有任何疑問,請與我聯系 (MingsonZheng@outlook.com) 。