[k8s]一步一步学习k8syaml
生活随笔
收集整理的這篇文章主要介紹了
[k8s]一步一步学习k8syaml
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
一步一步學(xué)習(xí)k8syaml
k8s的command和args
k8s-proxy淺析
k8s高可用和ingress
手頭命令:
執(zhí)行命令: kubectl exec pod-name date kubectl exec pod-name -c container-name date kubectl exec -it pod-name -c container-name /bin/bashkubectl get rc,svc kubectl delete po,svc -l name=lable-name kubectl delete pods --all #干掉rc rs kubectl delete rc --all kubectl delete rc --allkubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt #查看鏡像的CMD docker inpect id #查看容器中運行著哪些進程 docker top 61ac514f8ea6#查看容器日志 docker logs -f xx docker ps -l 顯示最新啟動的一個容器(包括已停止的) docker stats #查看各個容器的資源占用 這是個很刁的命令 docker stats 54493133d1f0 容器停止后就自動刪除: docker run --rm centos /bin/echo "One" 殺死所有正在運行的容器:docker kill $(docker ps -a -q) 刪除所有已經(jīng)停止的容器:docker rm $(docker ps -a -q) 刪除所有未打標(biāo)簽的鏡像 docker rmi $(docker images -q -f dangling=true)配置代理: export http_proxy=http://proxy_server:port
基礎(chǔ):
1,創(chuàng)建1個pod
apiVersion: v1 kind: Pod metadata:name: pod-testlabels:app: webapp spec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80
帶環(huán)境變量:
apiVersion: v1 kind: Pod metadata:name: myweblabels:name: myweb spec:containers:- name: mywebimage: kubeguide/tomcat-app:v1imagePullPolicy: IfNotPresentports:- containerPort: 8080env:- name: MYSQL_SERVER_HOSTvalue: 'mysql'- name: MYSQL_SERVICE_PORTvalue: '3306'靜態(tài)pod:
1,由kubelet管理,配置kubelete參數(shù)KUBELET_OPTS=' --config=/etc/kubernetes/manifests,kubelet監(jiān)視該目錄。
2,kubectl ?get pod可以看到,kubectl delete pod刪掉后,一直處于pending,直至清單yaml目錄刪除為止。
apiVersion: v1 kind: Pod metadata:name: static-podlabels:name: static-pod spec:containers:- name: static-podimage: nginxports:- name: static-podcontainerPort: 802,創(chuàng)建1個rc
apiVersion: v1 kind: ReplicationController metadata:name: webapp spec:replicas: 2template:metadata:name: webapplabels:app: webappspec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80
??
3,創(chuàng)建1個svc
方法1:
apiVersion: v1 kind: Service metadata:name: webapp spec:ports:- port: 8081targetPort: 80selector:app: webapp
方法2:
kubectl export rc webapp
高級
1,創(chuàng)建1個pod,含有多個container
apiVersion: v1 kind: ReplicationController metadata:name: app01 spec:replicas: 2template:metadata:name: app01labels:app: app01spec:containers:- name: app01-nginximage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80- name: app01-tomcatimage: kubeguide/tomcat-app:v1imagePullPolicy: IfNotPresentports:- name: webcontainerPort: 8080protocol: TCP- name: managementcontainerPort: 8005protocol: TCP
創(chuàng)建1個pod,執(zhí)行命令 command
apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-writefilelabels:app: pod-with-healthcheck-writefile spec:containers:- image: busyboxcommand:- sleep- "3600"imagePullPolicy: IfNotPresentname: busyboxrestartPolicy: Always
創(chuàng)建一個centos:(官方centos默認(rèn)不能放后臺運行)
apiVersion: kind: metadata:name: centos spec:replicate: 1template:metadata:labels:app:centosspec:containers:- name: centos-instanceimage: centosargs: ["sleep","655369"]ports:- containersPort: 80
方法1:
kubectl export rc webapp
方法2:
[root@node151 yaml]# cat app01-svc.yaml apiVersion: v1 kind: Service metadata:name: app01 spec:ports:- name: nginxport: 80protocol: TCP- name: tomcat-webport: 8080protocol: TCP- name: tomcat-managementport: 8005protocol: TCPselector:app: app01
注:rc只能為pod打1個labels。 如:
apiVersion: v1 kind: ReplicationController metadata:name: app01 spec:replicas: 2template:metadata:name: app01labels:app: app01app: nginxapp: tomcat ...只能打到 app: tomcat tag。
1個pod,2個container,共享存儲--tomcat日志搜集案例
apiVersion: v1 kind: Pod metadata:name: volume-pod spec:containers:- name: tomcatimage: tomcatimagePullPolicy: IfNotPresentports:- containerPort: 8080volumeMounts:- name: app-logsmountPath: /usr/local/tomcat/logs- name: busyboximage: busyboximagePullPolicy: IfNotPresentcommand: ["sh","-c","tail -f /logs/localhost_access_log*.txt"]volumeMounts:- name: app-logsmountPath: /logsvolumes:- name: app-logsemptyDir: {}
kubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt
小結(jié):
從這里可以看到 command指令用法。
configMap:--為pod提供配置
1,提供env
2,提供配置文件
pod使用方法:
1,通過env獲取cm種內(nèi)容
2,通過volume掛載cm種文件
舉個栗子:
變量
[root@node151 yaml]# cat cm-appvars.yaml apiVersion: v1 kind: ConfigMap metadata:name: cm-appvars data:apploglevel: infoappdatadir: /var/data [root@node151 yaml]# cat cm-test-pod.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-pod spec:containers:- name: cm-testimage: busyboxcommand: [ "/bin/sh", "-c", "env | grep APP" ]env:- name: APPLOGLEVELvalueFrom:configMapKeyRef:name: cm-appvarskey: apploglevel- name: APPDATADIRvalueFrom:configMapKeyRef:[root@node151 yaml]# cat cm-test-pod.yaml? apiVersion: v1 kind: Pod metadata:name: cm-test-pod spec:containers:- name: cm-testimage: busyboxcommand: [ "/bin/sh", "-c", "env | grep APP" ]env:- name: APPLOGLEVELvalueFrom:configMapKeyRef:name: cm-appvarskey: apploglevel- name: APPDATADIRvalueFrom:configMapKeyRef:name: cm-appvarskey: appdatadirname: cm-appvarskey: appdatadir 驗證:kubectl get po --show-all ---這里運行后會變成complete狀態(tài) kubectl logs cm-test-pod #可以看到環(huán)境變量
用法2:文件掛載
[root@node151 yaml]# cat cm-appconfigfiles.yaml apiVersion: v1 kind: ConfigMap metadata:name: cm-appconfigfiles data:key-admin-key.pem: -----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7RjplPjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf+GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiRaXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzLcbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzix0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6hLq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb+EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dOtp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhnUMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtDeUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOxzMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMrrxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl-----END RSA PRIVATE KEY-----key-admin.pem: -----BEGIN CERTIFICATE-----MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMTBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0GCSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgHJaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywpbip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOFdLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKyE79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTNQ1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M-----END CERTIFICATE-----key-ca.pem: -----BEGIN CERTIFICATE-----MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNzEtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfHmunkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqHQWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUkSWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNpM+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHMZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuAdwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjcJnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDlGVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEistjC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcVEqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kkg7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6TZqs=-----END CERTIFICATE-----注意:以上都是實驗性key,沒啥意義。 [root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-app spec:containers:- name: cm-test-appimage: kubeguide/tomcat-app:v1ports:- containerPort: 8080volumeMounts:- name: certkeymountPath: /configfilesvolumes:- name: certkeyconfigMap:name: cm-appconfigfilesitems:- key: key-admin.pempath: admin.pem- key: key-admin-key.pempath: admin-key.pem- key: key-ca.pempath: ca.pem 驗證: kubectl exec -it cm-test-app -- bash ls /configfiles
如果不指定items: 則掛載后的文件名字為key-xxx
[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-app spec:containers:- name: cm-test-appimage: kubeguide/tomcat-app:v1ports:- containerPort: 8080volumeMounts:- name: certkeymountPath: /configfilesvolumes:- name: certkeyconfigMap:name: cm-appconfigfilescm創(chuàng)建的3種方法: kubectl create configmap ca.pem --from-file=ca.pem kubectl create configmap cm-appconfig --from-file=configfilesdir kubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data
使用cm注意:
1,在pod前創(chuàng)建
2,只能掛載目錄
外部訪問:
Services overview diagram for userspace proxy
1,container級別端口映射到物理機
注:cni網(wǎng)絡(luò)不支持
Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored
如果非cni:
apiVersion: v1 kind: Pod metadata:name: pod-hostportlabels:app: webapp spec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80hostPort: 30090
2,pod級別端口映射到物理機: 這種方式不分配podip 共享物理機的ip地址.同時進程可以在物理機看到
apiVersion: v1 kind: Pod metadata:name: pod-hostnetworklabels:app: webapp spec:hostNetwork: truecontainers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80
[root@no162 ~]# ps -ef|grep nginx root 29405 29388 0 15:00 ? 00:00:00 nginx: master process nginx -g daemon off; 100 29426 29405 0 15:00 ? 00:00:00 nginx: worker process
apiVersion: v1 kind: Service metadata:name: webapp spec:type: NodePortports:- port: 80targetPort: 80nodePort: 30081selector:app: webapp
4,svc還可以將請求發(fā)給第三方lb,由lb來轉(zhuǎn)發(fā)到各個pod。
svc高級
創(chuàng)建一個svc可訪問外部mysql服務(wù)
1,創(chuàng)建1個無selector的svc
apiVersion: v1 kind: Service metadata:name: my-service spec:ports:- protocol: TCPport: 3306targetPort: 3306
創(chuàng)建1個同name的endpoint即會自動關(guān)聯(lián)到上面svc。
apiVersion: v1 kind: Endpoints metadata:name: my-service subsets:- addresses:- ip: 192.168.6.87ports:- port: 3306
測試:
node151$ mysql -h svc-address -uroot -pxxx
liveness-活躍性
1,寫文件
apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-writefilelabels:app: pod-with-healthcheck-writefile spec:containers:- name: pod-with-healthcheck-writefileimage: busyboxargs:- /bin/sh- -c- echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600livenessProbe:exec:command:- cat- /tmp/healthinitialDelaySeconds: 15timeoutSeconds: 1
2,tcp sock:通過與容器localhost:80建連接
3,http status 200<
apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck spec:containers:- name: nginximage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80livenessProbe:httpGet:path: /_status/healthzport: 80initialDelaySeconds: 30 #首次創(chuàng)建后,等多久去檢查timeoutSeconds: 1 #當(dāng)超時,干掉重建 #通過本地的kubenetes發(fā)起請求檢查 kubectl logs -f pod-with-healthcheck192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-" 192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"總結(jié)
以上是生活随笔為你收集整理的[k8s]一步一步学习k8syaml的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: python的ogr模块_GDAL py
- 下一篇: usb接口驱动_UART串行总线舵机转接