deployment介紹和使用

什么是deployment

deployment是對pods和ReplicaSet的定義，定義了pods和ReplicaSet的定義和實現方式等。
如下為deployment的定義

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.12.2
        ports:
        - containerPort: 80

metadata 指明了服務名為nginx-deployment, 標簽為nginx, 

spec指定了pod的副本為3個，每個pod容器鏡像為ngix:1.12.2, 容器端暴漏的端口為80
接下來我們啟動deployment

kubectl create -f deployment_nginx.yml

會顯示：”nginx-deployment deployment has been created” 

我們執行

kubectl get deployment

查看deployment狀態 

NAME               DESIRED   CURRENT   UP-TO-DATE   AVAILABLE  AGE  
nginx-deployment      3          3        3            3        9s

可以看到deployment啟動了三個pod，並且三個pod都是可用的。 

kubectl get rs

可以看到ReplicaSet的狀態為啟動了3個pod，都是就緒狀態 

接下來可以查看下pod

kubectl get pods

顯示deployment詳細信息 

kubectl get deployment -o wide

我們也可以更新deployment的image 

kubectl set image deployment nginx-deployment nginx=nginx:1.1.13

我們可以回滾deployment版本 

kubectl rollout undo deployment nginx-deployment

查看deployment的歷史信息 

kubectl rollout history deployment nginx-deployment

將deployment服務暴露出去 

kubectl expose deployment nginx-deployment --type=NodePort

終端會提示服務已經暴露出去 

service nginx-deployment  exposed

我們接下來查看下service信息 

kubectl get svc

會顯示服務映射的端口和地址 

安裝kubeadm

基於ubuntu配置k8s環境

hostnamectl set-hostname k8s-master

設置好后可以查看下我們的配置 

tail /etc/hosts

查看防火牆狀態 

sudo apt-get install ufw

關閉臨時分區 

swapoff -a

更新https 

apt-get update && apt-get install -y apt-transport-https

獲取gpg 

curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -

新增源 

add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"

更新apt

apt-get update

查看1.15最新版本

apt-cache madison kubelet kubectl kubeadm |grep '1.15.4-00'         //查看1.15的最新版本

安裝指定版本的工具 

apt install -y kubelet=1.15.4-00 kubectl=1.15.4-00 kubeadm=1.15.4-00        //安裝指定的版本

kubelet禁用swap 

tee /etc/default/kubelet <<-'EOF'
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF

systemctl daemon-reload && systemctl restart kubelet

 初始化k8s

kubeadm init \
  --kubernetes-version=v1.15.4 \
  --image-repository registry.aliyuncs.com/google_containers \
  --pod-network-cidr=10.24.0.0/16 \
  --ignore-preflight-errors=Swap

在當前賬戶下執行，kubectl配置調用

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

使用fannel的overlay網絡實現多節點pod通信 

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看pods信息 

kubectl get pods -A

配置dashboard 

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml

配置后查看pod信息

get pods -A

查看namespaces信息

kubectl get namespaces

可以查看所有的namespaces信息 

設置好網絡模式后，接下來查看下apiserver暴露的地址

kubectl cluster-info

顯示如下

Kubernetes master is running at https://172.17.0.9:6443
Heapster is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
monitoring-grafana is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
monitoring-influxdb is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy

如果外網訪問，換成外網地址就行了。 

我自己dashboard的訪問地址:

https://81.68.86.146:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

因為訪問dashboard需要權限 

1.創建服務賬號
首先創建一個叫admin-user的服務賬號，並放在kube-system名稱空間下：

# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

執行kubectl create命令： 

kubectl create -f admin-user.yaml

2.綁定角色 

默認情況下，kubeadm創建集群時已經創建了admin角色，我們直接綁定即可：

# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

執行kubectl create命令： 

kubectl create -f  admin-user-role-binding.yaml

3.獲取Token 

現在我們需要找到新創建的用戶的Token，以便用來登錄dashboard：

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $
1}')

4 制作證書 

k8s默認啟動了證書驗證，我們創建證書

# 生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
# 生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
# 生成p12
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

然后我們將kubecfg.p12 copy到windows雙擊安裝證書即可。 

然后chrome 打開地址：

https://81.68.86.146:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

單節點k8s,默認pod不被調度在master節點,需要設置去污點

kubectl taint nodes --all node-role.kubernetes.io/master-     //去污點，master節點可以被調度

輸出如下

node/k8s-master untainted

感謝關注我的公眾號