deployment文件部署
# cat nginx_deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
imagePullSecrets:
- name: default-secret
部署完成后,查看pod信息,可以看到兩個pod的ip,和所在的node。
# kubectl get pods -l app=nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-645ccd8dc9-fmrtb 1/1 Running 0 72m 10.244.1.9 192.168.18.5-hd1 <none> <none> nginx-645ccd8dc9-w75cd 1/1 Running 0 72m 10.244.1.8 192.168.18.5-hd1 <none> <none>
因為是副本部署,所以當一個pod被刪除,就會自動創建新的pod
可見,刪除一個pod的下一刻,新的pod已經被創建,但還沒准備好,也沒有分配ip
# kubectl delete pod nginx-645ccd8dc9-fmrtb pod "nginx-645ccd8dc9-fmrtb" deleted # kubectl get pods -l app=nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-645ccd8dc9-pr8l7 0/1 ContainerCreating 0 5s <none> kibanaprod-192.168.18.5-hd1 <none> <none> nginx-645ccd8dc9-w75cd 1/1 Running 0 4h28m 10.244.1.8 kibanaprod-192.168.18.5-hd1 <none> <none>
過幾秒鍾就已經分配好,這個新的pod ip和原來的是不一樣的。
# kubectl get pods -l app=nginx -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-645ccd8dc9-pr8l7 1/1 Running 0 112s 10.244.1.13 kibanaprod-192.168.18.5-hd1 <none> <none> nginx-645ccd8dc9-w75cd 1/1 Running 0 4h30m 10.244.1.8 kibanaprod-192.168.18.5-hd1 <none> <none>
curl pod ip可以直接訪問
從k8s master上traceroute發現是直接通過flannel網絡達到位於另一個node上的pod。
# curl 10.244.1.9 working. Further configuration is required.</p> [root@masterpub-10.0.0.80-hd1 18:03 /data/k8s/nginx] # traceroute 10.244.1.9 traceroute to 10.244.1.9 (10.244.1.9), 30 hops max, 60 byte packets 1 10.244.1.0 (10.244.1.0) 1.321 ms * 1.225 ms 2 10.244.1.9 (10.244.1.9) 1.290 ms 1.248 ms 1.212 ms
service expose
--port svc端口
--target-port 容器端口
--type 類型 ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'
一個svc,將一個deployment對接起來
10.99.188.113這個地址是動態生成的,它只有在集群內部才能訪問到。但master上無法訪問,在node上使用curl就能訪問。
# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE nginx 2/2 2 2 4h42m # kubectl expose deployment nginx --name nginx-svc --port=80 --target-port=80 service/nginx-svc exposed # kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d nginx-svc ClusterIP 10.99.188.113 <none> 80/TCP 92s
查看svc的詳細信息
可以看到它的名稱,名稱空間,標簽選擇器,類型,ip,endpoint
# kubectl describe svc nginx-svc Name: nginx-svc Namespace: default Labels: <none> Annotations: <none> Selector: app=nginx Type: ClusterIP IP: 10.99.188.113 Port: <unset> 80/TCP TargetPort: 80/TCP Endpoints: 10.244.1.15:80,10.244.1.16:80 Session Affinity: None Events: <none>
動態修改svc的type,改成NodePort,這樣外網就能訪問到
# kubectl edit svc nginx-svc
# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d nginx-svc NodePort 10.99.188.113 <none> 80:31621/TCP 59m
這時外網訪問k8s集群中任意一個node:port,都能連接到svc。
可以做一個外部的內網SLB,綁定一個外網,把所有node接入。
scale擴容
如果兩個副本不夠用,可以動態擴展
# kubectl scale --replicas=4 deployment nginx deployment.apps/nginx scaled # kubectl get pods -l app=nginx NAME READY STATUS RESTARTS AGE nginx-645ccd8dc9-9xkwd 1/1 Running 0 16m nginx-645ccd8dc9-nfthl 1/1 Running 0 16m nginx-645ccd8dc9-q6nlt 1/1 Running 0 82s nginx-645ccd8dc9-x4gbk 1/1 Running 0 82s
也可以縮容,指定副本數,又只剩下2個了
# kubectl scale --replicas=2 deployment nginx deployment.apps/nginx scaled [root@masterpub-10.0.0.80-hd1 22:14 ~] NAME READY STATUS RESTARTS AGE nginx-645ccd8dc9-9xkwd 1/1 Running 0 18m nginx-645ccd8dc9-nfthl 1/1 Running 0 18m
更新/回滾deployment
查看目前的deployment,image是nginx
# kubectl describe deployment nginx
Containers:
nginx:
Image: nginx
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
查看目前deployment相關的pods,都在運行
# kubectl get pods -l app=nginx NAME READY STATUS RESTARTS AGE nginx-645ccd8dc9-fj2kk 1/1 Running 0 3m25s nginx-645ccd8dc9-jfspl 1/1 Running 0 3m25s nginx-645ccd8dc9-l9686 1/1 Running 0 21m nginx-645ccd8dc9-nb8zl 1/1 Running 0 21m
更新image
# kubectl set image deployment/nginx nginx=nginx:1.9.1 deployment.apps/nginx image updated
# kubectl describe deployment nginx
Containers:
nginx:
Image: nginx:1.9.1
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
第一次查看時,pods正在滾動替換,創建新的pod,銷毀舊的。
第二次查看時,已全部替換
# kubectl get pods -l app=nginx NAME READY STATUS RESTARTS AGE nginx-544b8d8974-78k8d 0/1 ContainerCreating 0 5s nginx-544b8d8974-g28kz 1/1 Running 0 24s nginx-544b8d8974-tlx4h 0/1 ContainerCreating 0 24s nginx-645ccd8dc9-jfspl 1/1 Running 0 4m19s nginx-645ccd8dc9-l9686 0/1 Terminating 0 22m nginx-645ccd8dc9-nb8zl 1/1 Running 0 22m # kubectl get pods -l app=nginx NAME READY STATUS RESTARTS AGE nginx-544b8d8974-78k8d 1/1 Running 0 2m54s nginx-544b8d8974-g28kz 1/1 Running 0 3m13s nginx-544b8d8974-gnhqk 1/1 Running 0 2m33s nginx-544b8d8974-tlx4h 1/1 Running 0 3m13s
回滾剛才的更新
# kubectl rollout undo deployment/nginx deployment.apps/nginx rolled back # kubectl rollout status deployment/nginx Waiting for deployment "nginx" rollout to finish: 2 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 2 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 2 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 3 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 3 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 3 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 3 out of 4 new replicas have been updated... Waiting for deployment "nginx" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "nginx" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "nginx" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "nginx" rollout to finish: 3 of 4 updated replicas are available... deployment "nginx" successfully rolled out
coredns
service提供一個ip,但外界訪問需要一個域名,這個解析的工作就是coredns來完成
# kubectl get pods -o wide -n kube-system|grep dns coredns-7ff77c879f-6wkt6 1/1 Running 0 29d 10.244.0.2 masterpub-10.0.0.80-hd1 <none> <none> coredns-7ff77c879f-m2crn 1/1 Running 0 29d 10.244.0.3 masterpub-10.0.0.80-hd1 <none> <none>
# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 29d
部署一個交互式的busybox測試,查看它的dns解析,可見就是coredns的svc地址
# kubectl run client-test --image=busybox -it --restart=Never If you don't see a command prompt, try pressing enter. / # cat /etc/resolv.conf nameserver 10.96.0.10 search default.svc.cluster.local svc.cluster.local cluster.local options ndots:5
訪問svc的域名,可見,已經成功解析
/ # wget nginx-svc Connecting to nginx-svc (10.99.188.113:80)
嘗試刪除deployment里的兩個pod,然后再測試在pod客戶端里訪問域名
前面10s左右無法通信,后面就有了,說明deployment里的pod已經重新創建,svc不管后面怎么變化,都通信正常
/ # wget -O - -q http://nginx-svc wget: can't connect to remote host (10.99.188.113): Connection refused / # wget -O - -q http://nginx-svc wget: can't connect to remote host (10.99.188.113): Connection refused / # wget -O - -q http://nginx-svc <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title>
service文件部署
改成NodePort,就是映射到node的port上。這里沒有寫nodeport的值,就是隨機,范圍是30000多。
文件中使用標簽選擇器,就是將app:nginx的pod納入service。
# cat nginx_deployment_svc
apiVersion: v1
kind: Service
metadata:
name: nginxservice
spec:
type: NodePort
selector:
app: nginx
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
- name: https
protocol: TCP
port: 443
targetPort: 443
查看service的信息,看到type,集群ip,端口映射。
查看這個service的endpoint信息,可見將兩個pod已經納入
# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginxservice NodePort 10.96.65.135 <none> 80:30205/TCP,443:32418/TCP 64m # kubectl get ep nginxservice NAME ENDPOINTS AGE nginxservice 10.244.1.8:443,10.244.1.9:443,10.244.1.8:80 + 1 more... 66m
訪問順序
這時外網就從node ip訪問nginx service
先到node ip,再到cluster ip,再到pod ip
從倉庫中拉取鏡像部署
創建一個namespace
#cat namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: redis
kubectl apply -f namespace.yaml
kubectl get namespace
創建一個configmap
redis.conf
kubectl create configmap redis-conf --from-file=redis.conf -n redis
kubectl get configmap -n redis