目录
概述
Kubernetes支持YAML和JSON格式创建资源对象
- JSON格式用于接口之间消息的传递
- YAML格式用于配置和管理
YAML是一种简洁的非标记性语言
语法格式 - 缩进标识层级关系
- 不支持制表符缩进,使用空格缩进
- 通常开头缩进两个空格
- 字符后缩进一个空格,如冒号,逗号,短横杆等
- “—”表示YAML格式,一个文件的开始
- “#”表示注释
使用YAML文件创建资源
1、查看资源版本的标签
在写yaml文件中第一个就要先写版本标签,类似于dockerfile的FROM一样
[root@localhost ~]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
2、创建yaml文件测试
1)创建目录
mkdir demo
2)创建nginx-deploymet.yaml文件
[root@localhost ~]# cd demo/
[root@localhost demo]# vim nginx-deployment.yaml
apiVersion: apps/v1 #apiVersion:语法关键字,注意大小写。apps/v1:版本标签
kind: Deployment #资源类型:deployment控制器
metadata: #资源的元数据
name: nginx-deployment #定义资源的名称,在同一个namespace中必须唯一
labels: #定义资源的标签
app: nginx
spec: #定义容器属性
replicas: 3 # 定义副本数量
selector: #选择器
matchLabels: #匹配标签
app: nginx #匹配模板名称
template: #模板
metadata:
labels:
app: nginx
spec:
containers: #定义容器
- name: nginx # -:表示参数,容器名与标签名要相同
image: nginx:1.15.4 # 容器使用的镜像以及版本
ports:
- containerPort: 80 #定义容器对外的端口
3)使用yaml文件创建资源
[root@master01 demo]# kubectl create -f nginx-deployment.yaml
4)查看资源
[root@master01 demo]# kubectl get pods
5)发布
5-1、创建nginx-service.yaml文件
[root@localhost demo]# vim nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
app: nginx
拓展:
port
port是k8s集群内部访问service的端口,即通过clusterIP: port可以访问到某个service
nodePort
nodePort是外部访问k8s集群中service的端口,通过nodeIP: nodePort可以从外部访问到某个service。
targetPort
targetPort是pod的端口,从port和nodePort来的流量经过kube-proxy流入到后端pod的targetPort上,最后进入容器。
containerPort
containerPort是pod内部容器的端口,targetPort映射到containerPort。
5-2、使用nginx-service.yaml文件创建service资源(对外提供访问)
[root@localhost demo]# kubectl create -f nginx-service.yaml
service/nginx-service created
5-3、查看service资源
[root@localhost demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 13d
nginx-service NodePort 10.0.0.225 <none> 80:47722/TCP 23s
拓展:
自动测试命令的正确性,但是并不执行创建,个人理解就是检测命令是否正确
[root@localhost demo]# kubectl run nginx-deployment --image=nginx --port=80 --replicas=3 --dry-run
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx-deployment created (dry run)
查看生成yaml格式
[root@localhost demo]# kubectl run nginx-deployment --image=nginx --port=80 --replicas=3 --dry-run -o yaml
查看生成的yaml格式并导出
[root@localhost demo]# kubectl run nginx-deployment --image=nginx --port=80 --replicas=3 --dry-run -o yaml > my-deployment.yaml
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
查看生成json格式
[root@localhost demo]# kubectl run nginx-deployment --image=nginx --port=80 --replicas=3 --dry-run -o json
将现有的资源生成模板导出
[root@localhost demo]# kubectl get deploy/nginx --export -o yaml
保存到文件中
[root@localhost demo]# kubectl get deploy/nginx --export -o yaml > my-deploy.yaml
查看字段帮助信息
[root@localhost demo]# kubectl explain pods.spec.containers
Pod
1、特点
- 最小部署单元
- 一组容器的集合
- 一个Pod中的容器共享网络命名空间
- Pod是短暂的
2、pod容器分类
infrastructure container 基础容器
- 维护整个Pod网络空间
- node节点操作
- 查看容器的网络
- 每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
initcontainers 初始化容器 - 先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
container 业务容器 - 并行启动
3、镜像拉取策略
- IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
- Always:每次创建Pod都会重新拉取一次镜像
- Never:Pod永远不会主动拉取这个镜像
- 例1:
[root@localhost demo]# kubectl edit deployment/nginx #edit:配置控制器
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always #Always:每次创建Pod都会重新拉取一次镜像
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
- 例2:
[root@localhost ~]# cd demo/
[root@localhost demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
[root@localhost demo]# kubectl create -f pod1.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 CrashLoopBackOff 2 49s
失败的状态的原因是因为命令启动冲突
删除 command: [ "echo", "SUCCESS" ]
同时更改一下版本
image: nginx:1.14
删除原有的资源
[root@localhost demo]# kubectl delete -f pod1.yaml
pod "mypod" deleted
更新资源
[root@localhost demo]# kubectl apply -f pod1.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 34s
查看分配节点
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 118s 172.17.88.3 192.168.241.4 <none>
在任意node节点使用curl 查看头部信息
[root@localhost ~]# curl -I 172.17.88.3
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 12 Feb 2020 04:42:42 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
部署harbor
部署请参照hanbor私有仓库部署
node节点配置连接私有仓库(注意后面的逗号要添加)
[root@hzh ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://9it5um2j.mirror.aliyuncs.com"],
"insecure-registries":["192.168.241.8"]
}
1、登录harbor私有仓库
[root@localhost ~]# docker login 192.168.241.8
Username: admin
Password: //输入密码Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2、下载Tomcat镜像进行推送
[root@localhost ~]# docker pull tomcat
3、推送
3-1、打标签
[root@localhost ~]# docker tag tomcat 192.168.241.80/hzh/tomcat
3-2、推送
[root@localhost ~]# docker push 192.168.241.8/hzh/tomcat
3-3、node节点下载tomcat镜像
docker pull tomcat:8.0.52
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
containers:
- name: my-tomcat
image: docker.io/tomcat:8.0.52
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
[root@localhost demo]# kubectl get pods,deploy,svc
NAME READY STATUS RESTARTS AGE
pod/my-tomcat-57667b9d9-nklvj 1/1 Running 0 10m
pod/my-tomcat-57667b9d9-wllnp 1/1 Running 0 10m
pod/mypod 1/1 Running 1 12h
pod/nginx-7697996758-75shs 1/1 Running 1 2d10h
pod/nginx-7697996758-b7tjw 1/1 Running 1 2d10h
pod/nginx-7697996758-jddc5 1/1 Running 1 2d10h
pod/nginx-deployment-d55b94fd-4px2w 1/1 Running 1 36h
pod/nginx-deployment-d55b94fd-899hz 1/1 Running 1 36h
pod/nginx-deployment-d55b94fd-d7fqn 1/1 Running 1 36h
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/my-tomcat 2 2 2 2 10m
deployment.extensions/nginx 3 3 3 3 2d10h
deployment.extensions/nginx-deployment 3 3 3 3 36h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 15d
service/my-tomcat NodePort 10.0.0.167 <none> 8080:31111/TCP 10m
service/nginx-service NodePort 10.0.0.225 <none> 80:47722/TCP 36h
如果遇到处于Terminating状态的无法删除的资源如何处理
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-tomcat-57667b9d9-nklvj 1/1 Terminating 0 10h
my-tomcat-57667b9d9-wllnp 1/1 Terminating 0 10h
种情况下可以使用强制删除命令:
kubectl delete pod [pod name] --force --grace-period=0 -n [namespace]
[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-nklvj --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-nklvj" force deleted
[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-wllnp --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-wllnp" force deleted
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 1 23h
nginx-7697996758-75shs 1/1 Running 1 2d21h
nginx-7697996758-b7tjw 1/1 Running 1 2d21h
nginx-7697996758-jddc5 1/1 Running 1 2d21h
nginx-deployment-d55b94fd-4px2w 1/1 Running 1 47h
nginx-deployment-d55b94fd-899hz 1/1 Running 1 47h
nginx-deployment-d55b94fd-d7fqn 1/1 Running 1 47h
3-4、node01上操作(之前登陆过harbor仓库的节点)
#镜像打标签
[root@localhost ~]# docker tag tomcat:8.0.52 192.168.241.8/hzh/tomcat
#上传镜像到harbor
[root@localhost ~]# docker push 192.168.241.8/hzh/tomcat
#查看登陆凭据
[root@localhost ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
[root@localhost demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson
#创建secret资源
[root@localhost demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
#查看secret资源
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-zztl5 kubernetes.io/service-account-token 3 9d
registry-pull-secret kubernetes.io/dockerconfigjson 1 26s
3-5、创建资源从harbor中下载镜像
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.241.8/hzh/tomcat
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml
#私有仓库中的镜像被下载了2次