[k8s]一步一步学习k8syaml

来源：互联网发布：永恒之塔魔族捏脸数据编辑：程序博客网时间：2024/04/29 23:32

一步一步学习k8syaml

k8s的command和args

k8s-proxy浅析

k8s高可用和ingress

手头命令：

执行命令：kubectl exec pod-name datekubectl exec pod-name -c container-name datekubectl exec -it pod-name -c container-name /bin/bashkubectl get rc,svckubectl delete po,svc -l name=lable-namekubectl delete pods --all#干掉rc rskubectl delete rc --allkubectl delete rc --allkubectl logs -f volume-pod -c busyboxkubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logskubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt

#查看镜像的CMDdocker inpect id#查看容器中运行着哪些进程docker top 61ac514f8ea6#查看容器日志docker logs -f xxdocker ps -l 显示最新启动的一个容器（包括已停止的）

docker stats #查看各个容器的资源占用 这是个很刁的命令

docker stats 54493133d1f0 容器停止后就自动删除： docker run --rm centos /bin/echo "One"杀死所有正在运行的容器：docker kill $(docker ps -a -q)删除所有已经停止的容器：docker rm $(docker ps -a -q)删除所有未打标签的镜像 docker rmi $(docker images -q -f dangling=true)配置代理：export http_proxy=http://proxy_server:port

基础：
1，创建1个pod

apiVersion: v1kind: Podmetadata:  name: pod-test  labels:    app: webappspec:  containers:  - name: webapp    image: nginx:1.11.4-alpine    imagePullPolicy: IfNotPresent    ports:    - containerPort: 80

带环境变量：

apiVersion: v1kind: Podmetadata:  name: myweb  labels:    name: mywebspec:  containers:  - name: myweb    image: kubeguide/tomcat-app:v1    imagePullPolicy: IfNotPresent    ports:    - containerPort: 8080    env:    - name: MYSQL_SERVER_HOST      value: 'mysql'    - name: MYSQL_SERVICE_PORT      value: '3306'

静态pod：

1，由kubelet管理，配置kubelete参数KUBELET_OPTS=' --config=/etc/kubernetes/manifests，kubelet监视该目录。

2，kubectl get pod可以看到，kubectl delete pod删掉后，一直处于pending，直至清单yaml目录删除为止。

apiVersion: v1kind: Podmetadata:  name: static-pod  labels:    name: static-podspec:  containers:  - name: static-pod    image: nginx    ports:    - name: static-pod      containerPort: 80

2，创建1个rc

apiVersion: v1kind: ReplicationControllermetadata:  name: webappspec:  replicas: 2  template:    metadata:      name: webapp      labels:        app: webapp    spec:      containers:      - name: webapp        image: nginx:1.11.4-alpine        imagePullPolicy: IfNotPresent        ports:        - containerPort: 80

3，创建1个svc
方法1：

apiVersion: v1kind: Servicemetadata:  name: webappspec:  ports:  - port: 8081    targetPort: 80  selector:   app: webapp

方法2：

kubectl export rc webapp

高级
1，创建1个pod，含有多个container

apiVersion: v1kind: ReplicationControllermetadata:  name: app01spec:  replicas: 2  template:    metadata:      name: app01      labels:        app: app01    spec:      containers:      - name: app01-nginx        image: nginx:1.11.4-alpine        imagePullPolicy: IfNotPresent        ports:        - containerPort: 80      - name: app01-tomcat        image: kubeguide/tomcat-app:v1        imagePullPolicy: IfNotPresent        ports:        - name: web          containerPort: 8080          protocol: TCP        - name: management          containerPort: 8005          protocol: TCP

创建1个pod,执行命令 command

apiVersion: v1kind: Podmetadata:  name: pod-with-healthcheck-writefile  labels:    app: pod-with-healthcheck-writefilespec:  containers:  - image: busybox    command:      - sleep      - "3600"    imagePullPolicy: IfNotPresent    name: busybox  restartPolicy: Always

apiVersion: v1kind: Podmetadata:  name: command-demo  labels:    purpose: demonstrate-commandspec:  containers:  - name: command-demo-container    image: debian    command: ["printenv"]    args: ["HOSTNAME", "KUBERNETES_PORT"]

创建1个pod执行命令-args

apiVersion: v1kind: Podmetadata:  name: pod-with-healthcheck-writefile  labels:    app: pod-with-healthcheck-writefilespec:  containers:  - image: busybox    args:    - /bin/sh    - -c    - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600    livenessProbe:      exec:        command:          - cat          - /tmp/health

创建一个centos:(官方centos默认不能放后台运行)

apiVersion:kind:metadata:  name: centosspec:  replicate: 1  template:    metadata:      labels:        app:centos    spec:      containers:      - name: centos-instance        image: centos        args: ["sleep","655369"]        ports:        - containersPort: 80

2，创建svc
方法1：

kubectl export rc webapp

方法2：

[root@node151 yaml]# cat app01-svc.yaml apiVersion: v1kind: Servicemetadata:  name: app01spec:  ports:  - name: nginx    port: 80    protocol: TCP  - name: tomcat-web    port: 8080    protocol: TCP  - name: tomcat-management    port: 8005    protocol: TCP  selector:   app: app01

注：rc只能为pod打1个labels。如：

apiVersion: v1kind: ReplicationControllermetadata:  name: app01spec:  replicas: 2  template:    metadata:      name: app01      labels:        app: app01        app: nginx        app: tomcat...

只能打到 app: tomcat tag。

1个pod，2个container，共享存储--tomcat日志搜集案例

apiVersion: v1kind: Podmetadata:  name: volume-podspec:  containers:  - name: tomcat    image: tomcat    imagePullPolicy: IfNotPresent    ports:    - containerPort: 8080    volumeMounts:    - name: app-logs      mountPath: /usr/local/tomcat/logs  - name: busybox    image: busybox    imagePullPolicy: IfNotPresent    command: ["sh","-c","tail -f /logs/localhost_access_log*.txt"]    volumeMounts:      - name: app-logs        mountPath: /logs  volumes:  - name: app-logs    emptyDir: {}

kubectl logs -f volume-pod -c busyboxkubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logskubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt

小结：
从这里可以看到 command指令用法。

configMap：--为pod提供配置

1，提供env

2，提供配置文件

pod使用方法：

1，通过env获取cm种内容

2，通过volume挂载cm种文件

举个栗子：

变量

[root@node151 yaml]# cat cm-appvars.yaml apiVersion: v1kind: ConfigMapmetadata:  name: cm-appvarsdata:  apploglevel: info  appdatadir: /var/data

[root@node151 yaml]# cat cm-test-pod.yaml apiVersion: v1kind: Podmetadata:  name: cm-test-podspec:  containers:  - name: cm-test    image: busybox    command: [ "/bin/sh", "-c", "env | grep APP" ]    env:    - name: APPLOGLEVEL      valueFrom:        configMapKeyRef:          name: cm-appvars          key: apploglevel    - name: APPDATADIR      valueFrom:        configMapKeyRef:[root@node151 yaml]# cat cm-test-pod.yaml apiVersion: v1kind: Podmetadata:  name: cm-test-podspec:  containers:  - name: cm-test    image: busybox    command: [ "/bin/sh", "-c", "env | grep APP" ]    env:    - name: APPLOGLEVEL      valueFrom:        configMapKeyRef:          name: cm-appvars          key: apploglevel    - name: APPDATADIR      valueFrom:        configMapKeyRef:          name: cm-appvars          key: appdatadir          name: cm-appvars          key: appdatadir

验证：

kubectl get po --show-all  ---这里运行后会变成complete状态kubectl logs cm-test-pod #可以看到环境变量

用法2：文件挂载

[root@node151 yaml]# cat cm-appconfigfiles.yaml apiVersion: v1kind: ConfigMapmetadata:  name: cm-appconfigfilesdata:  key-admin-key.pem: -----BEGIN RSA PRIVATE KEY-----    MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWR    UkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNb    pmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oe    pdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLL    fPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzy    mi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/    hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4    KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7Rjpl    PjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2    PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf    +GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1    Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh    9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiR    aXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzL    cbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzi    x0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6h    Lq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X    3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb    +EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dO    tp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhn    UMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3    dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtD    eUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOx    zMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMr    rxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl    -----END RSA PRIVATE KEY-----  key-admin.pem: -----BEGIN CERTIFICATE-----    MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQEL    BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl    aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr    dWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkG    A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV    BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT    BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti    38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+    GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKx    r4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4cc    JMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFX    uaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh    /UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB    BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB    8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0G    CSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgH    JaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywp    bip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOF    dLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKy    E79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTN    Q1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M    -----END CERTIFICATE-----  key-ca.pem: -----BEGIN CERTIFICATE-----    MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQEL    BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl    aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr    dWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkG    A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK    BgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNz    EtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfH    munkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqH    QWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUk    SWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNp    M+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHM    ZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAd    BgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuA    dwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjc    JnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDl    GVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEist    jC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcV    EqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kk    g7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6T    Zqs=    -----END CERTIFICATE-----

注意：以上都是实验性key，没啥意义。

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1kind: Podmetadata:  name: cm-test-appspec:  containers:  - name: cm-test-app    image: kubeguide/tomcat-app:v1    ports:    - containerPort: 8080    volumeMounts:    - name: certkey      mountPath: /configfiles  volumes:  - name: certkey    configMap:      name: cm-appconfigfiles      items:      - key: key-admin.pem        path: admin.pem      - key: key-admin-key.pem        path: admin-key.pem      - key: key-ca.pem        path: ca.pem

验证：

kubectl exec -it cm-test-app -- bashls /configfiles

如果不指定items：则挂载后的文件名字为key-xxx

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1kind: Podmetadata:  name: cm-test-appspec:  containers:  - name: cm-test-app    image: kubeguide/tomcat-app:v1    ports:    - containerPort: 8080    volumeMounts:    - name: certkey      mountPath: /configfiles  volumes:  - name: certkey    configMap:      name: cm-appconfigfiles

cm创建的3种方法：

kubectl create configmap ca.pem --from-file=ca.pemkubectl create configmap cm-appconfig --from-file=configfilesdirkubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data

使用cm注意：

1，在pod前创建

2，只能挂载目录

外部访问：

Services overview diagram for userspace proxy

1，container级别端口映射到物理机
注：cni网络不支持
Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored

如果非cni：

apiVersion: v1kind: Podmetadata:  name: pod-hostport  labels:    app: webappspec:  containers:  - name: webapp    image: nginx:1.11.4-alpine    imagePullPolicy: IfNotPresent    ports:    - containerPort: 80      hostPort: 30090

2，pod级别端口映射到物理机: 这种方式不分配podip 共享物理机的ip地址.同时进程可以在物理机看到

apiVersion: v1kind: Podmetadata:  name: pod-hostnetwork  labels:    app: webappspec:  hostNetwork: true  containers:  - name: webapp    image: nginx:1.11.4-alpine    imagePullPolicy: IfNotPresent    ports:      - containerPort: 80

[root@no161 ~]# kk|grep podefault       pod-hostnetwork                               1/1       Running    0          18s       192.168.8.162    no162

[root@no162 ~]# ps -ef|grep nginxroot     29405 29388  0 15:00 ?        00:00:00 nginx: master process nginx -g daemon off;100      29426 29405  0 15:00 ?        00:00:00 nginx: worker process

3，svc级别端口映射到物理机

apiVersion: v1kind: Servicemetadata:  name: webappspec:  type: NodePort  ports:  - port: 80    targetPort: 80    nodePort: 30081  selector:    app: webapp

4，svc还可以将请求发给第三方lb，由lb来转发到各个pod。

svc高级
创建一个svc可访问外部mysql服务
1，创建1个无selector的svc

apiVersion: v1kind: Servicemetadata:  name: my-servicespec:  ports:  - protocol: TCP    port: 3306    targetPort: 3306

创建1个同name的endpoint即会自动关联到上面svc。

apiVersion: v1kind: Endpointsmetadata:  name: my-servicesubsets: - addresses:     - ip: 192.168.6.87   ports:     - port: 3306

测试：

node151$  mysql -h svc-address -uroot -pxxx

liveness-活跃性

1,写文件

apiVersion: v1kind: Podmetadata:  name: pod-with-healthcheck-writefile  labels:    app: pod-with-healthcheck-writefilespec:  containers:  - name: pod-with-healthcheck-writefile    image: busybox    args:    - /bin/sh    - -c    - echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600    livenessProbe:      exec:        command:        - cat        - /tmp/health      initialDelaySeconds: 15      timeoutSeconds: 1

2,tcp sock:通过与容器localhost:80建连接

apiVersion: v1kind: Podmetadata:  name: pod-with-healthcheck-tcpsockspec:  containers:  - name: nginx    image: nginx:1.11.4-alpine    imagePullPolicy: IfNotPresent    ports:      - containerPort: 80    livenessProbe:      tcpSocket:        port: 80      initialDelaySeconds: 30      timeoutSeconds: 1

3,http status 200<

apiVersion: v1kind: Podmetadata:  name: pod-with-healthcheckspec:  containers:  - name: nginx    image: nginx:1.11.4-alpine    imagePullPolicy: IfNotPresent    ports:      - containerPort: 80    livenessProbe:      httpGet:        path: /_status/healthz        port: 80      initialDelaySeconds: 30 #首次创建后,等多久去检查      timeoutSeconds: 1  #当超时,干掉重建#通过本地的kubenetes发起请求检查kubectl logs -f pod-with-healthcheck192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"

0 0