|
前文我們了解了k8s的架構(gòu)和基本的工作過(guò)程以及測(cè)試環(huán)境的k8s集群部署�����,回顧請(qǐng)參考https://www.cnblogs.com/qiuhom-1874/p/14126750.html�;今天我們主要來(lái)了解下k8s命令行工具kubectl的基礎(chǔ)操作�;
kubectl簡(jiǎn)介
kubectl是k8s官方提供的工具,它是一款命令行工具���,我們可以使用它來(lái)管理k8s集群�����,管理k8s集群上的資源�����;kubectl這個(gè)工具有很多子命令,每個(gè)子命令都有不同的功能���,比如創(chuàng)建資源我們可以使用create或apply子命令來(lái)實(shí)現(xiàn)��;不同的是在k8s上創(chuàng)建資源的方式有兩種����,一種是陳述式接口,一種是聲明式接口��;所謂聲明式接口就是把我們要?jiǎng)?chuàng)建的資源��,通過(guò)寫(xiě)成一個(gè)配置文件�����,然后使用apply子命令應(yīng)用指定的配置文件的方式���;陳述式接口是指我們要在命令行告訴k8s怎么去創(chuàng)建資源����,比如創(chuàng)建pod控制器��,使用什么鏡像��,副本數(shù)量等等��;通常我們使用create子命令來(lái)陳述創(chuàng)建一個(gè)資源;當(dāng)然create子命令也可以指定一個(gè)資源清單的方式來(lái)創(chuàng)建資源��;兩者不同的是apply可以多次執(zhí)行�,如果發(fā)現(xiàn)對(duì)應(yīng)清單有變化就應(yīng)用變化部分�,沒(méi)變化就不應(yīng)用;而create不能多次執(zhí)行����;
kubectl工具使用的語(yǔ)法
kubectl [flags] [options]
提示:flages是用來(lái)指定子命令����,options是對(duì)應(yīng)子命令的選項(xiàng)�;
查看kubectl工具的使用幫助
[root@master01 ~]# kubectl --help
kubectl controls the Kubernetes cluster manager.
Find more information at: https:///docs/reference/kubectl/overview/
Basic Commands (Beginner):
create Create a resource from a file or from stdin.
expose Take a replication controller, service, deployment or pod and expose it as a new
Kubernetes Service
run Run a particular image on the cluster
set Set specific features on objects
Basic Commands (Intermediate):
explain Documentation of resources
get Display one or many resources
edit Edit a resource on the server
delete Delete resources by filenames, stdin, resources and names, or by resources and label
selector
Deploy Commands:
rollout Manage the rollout of a resource
scale Set a new size for a Deployment, ReplicaSet or Replication Controller
autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController
Cluster Management Commands:
certificate Modify certificate resources.
cluster-info Display cluster info
top Display Resource (CPU/Memory/Storage) usage.
cordon Mark node as unschedulable
uncordon Mark node as schedulable
drain Drain node in preparation for maintenance
taint Update the taints on one or more nodes
Troubleshooting and Debugging Commands:
describe Show details of a specific resource or group of resources
logs Print the logs for a container in a pod
attach Attach to a running container
exec Execute a command in a container
port-forward Forward one or more local ports to a pod
proxy Run a proxy to the Kubernetes API server
cp Copy files and directories to and from containers.
auth Inspect authorization
debug Create debugging sessions for troubleshooting workloads and nodes
Advanced Commands:
diff Diff live version against would-be applied version
apply Apply a configuration to a resource by filename or stdin
patch Update field(s) of a resource
replace Replace a resource by filename or stdin
wait Experimental: Wait for a specific condition on one or many resources.
kustomize Build a kustomization target from a directory or a remote url.
Settings Commands:
label Update the labels on a resource
annotate Update the annotations on a resource
completion Output shell completion code for the specified shell (bash or zsh)
Other Commands:
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of "group/version"
config Modify kubeconfig files
plugin Provides utilities for interacting with plugins.
version Print the client and server version information
Usage:
kubectl [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]#
查看子命令幫助
[root@master01 ~]# kubectl create --help
Create a resource from a file or from stdin.
JSON and YAML formats are accepted.
Examples:
# Create a pod using the data in pod.json.
kubectl create -f ./pod.json
# Create a pod based on the JSON passed into stdin.
cat pod.json | kubectl create -f -
# Edit the data in docker-registry.yaml in JSON then create the resource using the edited data.
kubectl create -f docker-registry.yaml --edit -o json
Available Commands:
clusterrole Create a ClusterRole.
clusterrolebinding Create a ClusterRoleBinding for a particular ClusterRole
configmap Create a configmap from a local file, directory or literal value
cronjob Create a cronjob with the specified name.
deployment Create a deployment with the specified name.
ingress Create an ingress with the specified name.
job Create a job with the specified name.
namespace Create a namespace with the specified name
poddisruptionbudget Create a pod disruption budget with the specified name.
priorityclass Create a priorityclass with the specified name.
quota Create a quota with the specified name.
role Create a role with single rule.
rolebinding Create a RoleBinding for a particular Role or ClusterRole
secret Create a secret using specified subcommand
service Create a service using specified subcommand.
serviceaccount Create a service account with the specified name
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
--edit=false: Edit the API resource before creating
--field-manager='kubectl-create': Name of the manager used to track field ownership.
-f, --filename=[]: Filename, directory, or URL to files to use to create the resource
-k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f
or -R.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
--raw='': Raw URI to POST to the server. Uses the transport specified by the kubeconfig file.
--record=false: Record current kubectl command in the resource annotation. If set to false, do
not record the command. If set to true, record the command. If not set, default to updating the
existing annotation value only if one already exists.
-R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you
want to manage related manifests organized within the same directory.
--save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
-l, --selector='': Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l
key1=value1,key2=value2)
--template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http:///pkg/text/template/#pkg-overview].
--validate=true: If true, use a schema to validate the input before sending it
--windows-line-endings=false: Only relevant if --edit=true. Defaults to the line ending native
to your platform.
Usage:
kubectl create -f FILENAME [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]#
提示:create是用來(lái)創(chuàng)建一個(gè)資源,在k8s上資源有很多類(lèi)型���,使用不同的子命令表示創(chuàng)建不同類(lèi)型的資源�,當(dāng)然創(chuàng)建不同類(lèi)型的資源對(duì)應(yīng)的選項(xiàng)也有所不同��;
查看創(chuàng)建控制器deploy的幫助
[root@master01 ~]# kubectl create deploy --help
Create a deployment with the specified name.
Aliases:
deployment, deploy
Examples:
# Create a deployment named my-dep that runs the busybox image.
kubectl create deployment my-dep --image=busybox
# Create a deployment with command
kubectl create deployment my-dep --image=busybox -- date
# Create a deployment named my-dep that runs the nginx image with 3 replicas.
kubectl create deployment my-dep --image=nginx --replicas=3
# Create a deployment named my-dep that runs the busybox image and expose port 5701.
kubectl create deployment my-dep --image=busybox --port=5701
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
--field-manager='kubectl-create': Name of the manager used to track field ownership.
--image=[]: Image names to run.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
--port=-1: The port that this container exposes.
-r, --replicas=1: Number of replicas to create. Default is 1.
--save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
--template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http:///pkg/text/template/#pkg-overview].
--validate=true: If true, use a schema to validate the input before sending it
Usage:
kubectl create deployment NAME --image=image -- [COMMAND] [args...] [options]
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@master01 ~]#
提示:deploy是pod控制器����,創(chuàng)建pod控制器需要指定對(duì)應(yīng)控制器要使用那個(gè)鏡像來(lái)運(yùn)行pod,其次要指定pod里運(yùn)行容器的副本數(shù)量�����,默認(rèn)不指定就表示默認(rèn)副本為1�����;
示例:創(chuàng)建一個(gè)nginx pod控制器�����,指定使用nginx:1.14-alpine鏡像來(lái)運(yùn)行pod
[root@master01 ~]# kubectl create deploy ngx-dep --image=nginx:1.14-alpine
deployment.apps/ngx-dep created
[root@master01 ~]#
查看pod創(chuàng)建情況
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-dep-8967df55d-j8zp7 1/1 Running 0 71m
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 33s
[root@master01 ~]#
提示:在k8s上資源有兩種級(jí)別�����,第一種是集群級(jí)別�����,第二種是名稱(chēng)空間級(jí)別���;所謂名稱(chēng)空間就是把資源用邏輯的方式隔離的機(jī)制����;在同一名稱(chēng)空間資源的名稱(chēng)不能相同�����;默認(rèn)不指定名稱(chēng)空間,都是default名稱(chēng)空間���;
查看長(zhǎng)格式pod信息
[root@master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dep-8967df55d-j8zp7 1/1 Running 0 74m 10.244.2.2 node02.k8s.org <none> <none>
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 3m47s 10.244.1.2 node01.k8s.org <none> <none>
[root@master01 ~]#
提示:-o用于指定輸出格式�����,常用的有3個(gè)值���,wide表示顯示長(zhǎng)格式信息,這種現(xiàn)實(shí)方式能夠列出對(duì)應(yīng)資源運(yùn)行在那個(gè)node上�����,ip地址是多少等等信息�;yaml表示輸出yaml格式的,json表示輸出為json配置文件的方式�;
創(chuàng)建名稱(chēng)空間
[root@master01 ~]# kubectl create namespace testing
namespace/testing created
[root@master01 ~]# kubectl create namespace prod
namespace/prod created
[root@master01 ~]# kubectl create namespace develop
namespace/develop created
[root@master01 ~]#
查看名稱(chēng)空間
[root@master01 ~]# kubectl get namespaces
NAME STATUS AGE
default Active 132m
develop Active 31s
kube-node-lease Active 132m
kube-public Active 132m
kube-system Active 132m
prod Active 41s
testing Active 57s
[root@master01 ~]#
提示:在k8s中資源類(lèi)型是有簡(jiǎn)寫(xiě)格式,比如namespace可以簡(jiǎn)寫(xiě)為ns���,service可以簡(jiǎn)寫(xiě)為svc;
刪除名稱(chēng)空間
[root@master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 134m
develop Active 2m1s
kube-node-lease Active 134m
kube-public Active 134m
kube-system Active 134m
prod Active 2m11s
testing Active 2m27s
[root@master01 ~]# kubectl delete ns testing
namespace "testing" deleted
[root@master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 134m
develop Active 2m26s
kube-node-lease Active 134m
kube-public Active 134m
kube-system Active 134m
prod Active 2m36s
[root@master01 ~]#
提示:除了以上方式刪除資源���,我們也可以使用資源類(lèi)型/資源名稱(chēng)的方式來(lái)指定資源���;用空白字符隔開(kāi)資源類(lèi)型和名稱(chēng)的方式只能一次刪除一個(gè)資源,而用斜線隔開(kāi)的可以一次刪除多個(gè)資源�;
刪除develop�����、prod名稱(chēng)空間
[root@master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 136m
develop Active 4m20s
kube-node-lease Active 136m
kube-public Active 136m
kube-system Active 136m
prod Active 4m30s
[root@master01 ~]# kubectl delete ns/develop ns/prod
namespace "develop" deleted
namespace "prod" deleted
[root@master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 137m
kube-node-lease Active 137m
kube-public Active 137m
kube-system Active 137m
[root@master01 ~]#
刪除pod
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-dep-8967df55d-j8zp7 1/1 Running 0 85m
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 14m
[root@master01 ~]# kubectl delete pod nginx-dep-8967df55d-j8zp7
pod "nginx-dep-8967df55d-j8zp7" deleted
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-dep-8967df55d-8fl27 1/1 Running 0 50s
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 15m
[root@master01 ~]#
提示:可以看到我們刪除pod以后����,再次查看,pod又重新創(chuàng)建起來(lái)了���;其原因是我們使用pod控制器創(chuàng)建的pod它有自愈功能�;我們知道在k8s上控制器的作用就是負(fù)責(zé)創(chuàng)建和監(jiān)控對(duì)應(yīng)資源狀態(tài)是否符合我們定義的狀態(tài)��,如果不符合它就會(huì)試著重啟或重建的方式讓其對(duì)應(yīng)資源和我們定義的資源狀態(tài)保持一致���;上述命令我們刪除了pod�,但對(duì)應(yīng)控制器發(fā)現(xiàn)對(duì)應(yīng)pod被刪除了�,它就會(huì)試著重新新建一個(gè)pod,讓其始終保持和我們期望的狀態(tài)保持一致�;
查看deploy控制器
[root@master01 ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dep 1/1 1 1 94m
ngx-dep 1/1 1 1 23m
[root@master01 ~]# kubectl get deploy -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-dep 1/1 1 1 94m nginx nginx:1.14-alpine app=nginx-dep
ngx-dep 1/1 1 1 23m nginx nginx:1.14-alpine app=ngx-dep
[root@master01 ~]#
刪除控制器
[root@master01 ~]# kubectl get deploy -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-dep 1/1 1 1 95m nginx nginx:1.14-alpine app=nginx-dep
ngx-dep 1/1 1 1 24m nginx nginx:1.14-alpine app=ngx-dep
[root@master01 ~]# kubectl delete deploy nginx-dep
deployment.apps "nginx-dep" deleted
[root@master01 ~]# kubectl get deploy -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
ngx-dep 1/1 1 1 24m nginx nginx:1.14-alpine app=ngx-dep
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 24m
[root@master01 ~]#
提示:刪除控制器它會(huì)連同控制器所創(chuàng)建的資源一并刪除�;
創(chuàng)建service
在k8s中����,service資源是用來(lái)訪問(wèn)pod資源而存在的;我們知道刪除一個(gè)pod資源后��,由于控制的原因����,它會(huì)重新創(chuàng)建一個(gè)pod,那么新建的pod怎么讓外部訪問(wèn)到呢��?如果直接訪問(wèn)podip��,那么每次訪問(wèn)我們都需要查看對(duì)應(yīng)的podip才會(huì)訪問(wèn)到對(duì)應(yīng)的pod���,很顯然這種不是我們想要的方式����;對(duì)于service資源來(lái)說(shuō)����,它可以幫助我們自動(dòng)的關(guān)聯(lián)對(duì)應(yīng)的pod,從而實(shí)現(xiàn)我們只需要訪問(wèn)對(duì)應(yīng)service就可以訪問(wèn)到pod�;通常service的ip地址不會(huì)怎么改變�����,或者變更沒(méi)有pod變更的快���,service的作用就是幫助我們關(guān)聯(lián)對(duì)應(yīng)名稱(chēng)的pod,從而實(shí)現(xiàn)我們?cè)L問(wèn)serviceip就可以反代到對(duì)應(yīng)的pod上�����;對(duì)于創(chuàng)建service來(lái)說(shuō)���,它有幾種類(lèi)型;第一種clusterip����,這種service能夠?qū)崿F(xiàn)訪問(wèn)service的ip地址+pod監(jiān)聽(tīng)端口就能訪問(wèn)到對(duì)應(yīng)pod,可以在k8s集群任意節(jié)點(diǎn)訪問(wèn)serviceip+podport從而訪問(wèn)到對(duì)應(yīng)pod;第二種是nodeport類(lèi)型��,這種service可以實(shí)現(xiàn)把外部任何主機(jī)訪問(wèn)節(jié)點(diǎn)k8s任何一個(gè)節(jié)點(diǎn)的ip地址+一個(gè)固定端口就能訪問(wèn)到pod�����;
示例:創(chuàng)建clusterip類(lèi)型的service�����,并關(guān)聯(lián)ngx-dep控制器
[root@master01 ~]# kubectl create service clusterip ngx-dep --tcp=80
service/ngx-dep created
[root@master01 ~]#
提示:關(guān)聯(lián)pod只需要將service的名稱(chēng)和對(duì)應(yīng)控制器的名稱(chēng)寫(xiě)成一樣即可;
查看ngx-dep service詳細(xì)信息
[root@master01 ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: ClusterIP
IP Families: <none>
IP: 10.101.104.228
IPs: 10.101.104.228
Port: 80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.2:80
Session Affinity: None
Events: <none>
[root@master01 ~]#
提示:可以看到ngx-dep service的ip地址為10.101.104.228�����;對(duì)應(yīng)關(guān)聯(lián)的后端pod的地址為10.244.1.2:80
訪問(wèn)servcieip看看是否能夠訪問(wèn)到對(duì)應(yīng)pod?
[root@master01 ~]# curl 10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]#
在node01上訪問(wèn)serviceip看看是否能夠訪問(wèn)到對(duì)應(yīng)pod呢����?
[root@node01 ~]# curl 10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@node01 ~]#
提示:這個(gè)service地址只能在k8s集群節(jié)點(diǎn)上訪問(wèn),外部其他主機(jī)不能夠正常訪問(wèn)到���;
測(cè)試:刪除pod����,看看對(duì)應(yīng)service中endpoint關(guān)聯(lián)的地址是否會(huì)變成對(duì)應(yīng)pod的地址呢��?
[root@master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ngx-dep-5c8d96d457-62qd6 1/1 Running 0 57m 10.244.1.2 node01.k8s.org <none> <none>
[root@master01 ~]# kubectl delete pod ngx-dep-5c8d96d457-62qd6
pod "ngx-dep-5c8d96d457-62qd6" deleted
[root@master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ngx-dep-5c8d96d457-w6nss 1/1 Running 0 19s 10.244.2.3 node02.k8s.org <none> <none>
[root@master01 ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: ClusterIP
IP Families: <none>
IP: 10.101.104.228
IPs: 10.101.104.228
Port: 80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.2.3:80
Session Affinity: None
Events: <none>
[root@master01 ~]#
提示:可以看到刪除了pod以后��,新建的pod地址變?yōu)榱?0.244.2.3�,對(duì)應(yīng)service中endpoint關(guān)聯(lián)的地址也變?yōu)榱藢?duì)應(yīng)pod的ip地址;
訪問(wèn)service看看是否能夠訪問(wèn)到pod呢?
[root@master01 ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: ClusterIP
IP Families: <none>
IP: 10.101.104.228
IPs: 10.101.104.228
Port: 80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.2.3:80
Session Affinity: None
Events: <none>
[root@master01 ~]#
[root@master01 ~]# curl 10.101.104.228
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]#
提示:之所以我們?cè)趉8s節(jié)點(diǎn)上訪問(wèn)serviceip能夠訪問(wèn)到對(duì)應(yīng)pod��,原因是我們?cè)趧?chuàng)建service時(shí),其實(shí)就是在k8s所有節(jié)點(diǎn)上生成iptables規(guī)則或ipvs規(guī)則����;
刪除service
[root@master01 ~]# kubectl delete svc/ngx-dep
service "ngx-dep" deleted
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3h24m
[root@master01 ~]#
創(chuàng)建nodeport類(lèi)型的service
[root@master01 ~]# kubectl create svc nodeport ngx-dep --tcp=80
service/ngx-dep created
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3h24m
ngx-dep NodePort 10.107.14.221 <none> 80:30492/TCP 11s
[root@master01 ~]# kubectl describe svc/ngx-dep
Name: ngx-dep
Namespace: default
Labels: app=ngx-dep
Annotations: <none>
Selector: app=ngx-dep
Type: NodePort
IP Families: <none>
IP: 10.107.14.221
IPs: 10.107.14.221
Port: 80 80/TCP
TargetPort: 80/TCP
NodePort: 80 30492/TCP
Endpoints: 10.244.2.3:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
[root@master01 ~]#
提示:可以看到現(xiàn)在創(chuàng)建nodeport類(lèi)型的service后,對(duì)應(yīng)port不再是80:80而變成了80:30492����,后面的30492這個(gè)端口不是pod端口,它是k8s集群節(jié)點(diǎn)所監(jiān)聽(tīng)的一個(gè)固定端口����;現(xiàn)在我們直接訪問(wèn)k8s集群任意一個(gè)節(jié)點(diǎn)的30492端口,就能訪問(wèn)到對(duì)應(yīng)的pod��;
[root@docker_registry ~]# curl 192.168.0.41:30492
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker_registry ~]# curl 192.168.0.44:30492
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@docker_registry ~]#
提示:可以看到我們用其他主機(jī)訪問(wèn)對(duì)應(yīng)k8s任意節(jié)點(diǎn)的30492端口都能訪問(wèn)到對(duì)應(yīng)的pod�����;
使用名稱(chēng)訪問(wèn)service
我知道當(dāng)k8s中的pod刪除以后�����,重新被創(chuàng)建以后可以使用訪問(wèn)serviceip地址來(lái)實(shí)現(xiàn)訪問(wèn)對(duì)應(yīng)pod���,那么問(wèn)題來(lái)了,假如service被刪除又重建以后,我們?cè)趺磥?lái)訪問(wèn)對(duì)應(yīng)pod呢���?使用serviceip我們要先查看serviceip地址�,很顯然這個(gè)問(wèn)題又回到了pod刪除怎么訪問(wèn)對(duì)應(yīng)pod�;在k8s上除了運(yùn)行的有幾個(gè)核心的pod以外,還有一個(gè)dns��,名叫kube-dns����,這個(gè)pod主要用來(lái)解析對(duì)應(yīng)的名稱(chēng)到對(duì)應(yīng)服務(wù)ip,它可以實(shí)現(xiàn)服務(wù)的動(dòng)態(tài)注冊(cè)�����;所謂服務(wù)動(dòng)態(tài)注冊(cè)是指在對(duì)應(yīng)的服務(wù)發(fā)生以后�,它能夠及時(shí)的將變化結(jié)果反映到對(duì)應(yīng)的解析記錄上,使得我們?cè)L問(wèn)對(duì)應(yīng)服務(wù)不被服務(wù)變得而受影響���;
查看kube-dns的地址
[root@master01 ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 3h45m
[root@master01 ~]#
修改maser端節(jié)點(diǎn)dns服務(wù)器為kube-dns的地址
[root@master01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search k8s.org
nameserver 10.96.0.10
[root@master01 ~]#
訪問(wèn)服務(wù)名稱(chēng)看看是否能夠訪問(wèn)到對(duì)應(yīng)服務(wù)呢��?
[root@master01 ~]# curl ngx-dep
curl: (6) Could not resolve host: ngx-dep; Unknown error
[root@master01 ~]#
提示:這里顯示不能解析ngx-dep�,原因是本機(jī)的搜索域?yàn)閗8s.org�;我們?cè)诔跏蓟痬aster時(shí)沒(méi)有指定--service-dns-domain的值為k8s.org����,所以默認(rèn)搜索域?yàn)閏luster.local����;所以我們?cè)L問(wèn)時(shí)需要指定絕對(duì)名稱(chēng)
使用完全絕對(duì)名稱(chēng)訪問(wèn)服務(wù)
[root@master01 ~]# curl ngx-dep.default.svc.cluster.local.
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]#
提示:有了這個(gè)絕對(duì)的名稱(chēng)以后,我們?cè)趧h除有重建service就可以直接使用名稱(chēng)訪問(wèn)服務(wù)即可�����;
驗(yàn)證:刪除ngx-dep服務(wù)���,再重新建ngx-dep服務(wù)����,看看使用名稱(chēng)能夠訪問(wèn)到對(duì)應(yīng)的服務(wù)�?
[root@master01 ~]# kubectl get svc/ngx-dep
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ngx-dep NodePort 10.107.14.221 <none> 80:30492/TCP 33m
[root@master01 ~]# kubectl delete svc/ngx-dep
service "ngx-dep" deleted
[root@master01 ~]# kubectl create svc clusterip ngx-dep --tcp=80:80
service/ngx-dep created
[root@master01 ~]# kubectl get svc/ngx-dep
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ngx-dep ClusterIP 10.106.196.39 <none> 80/TCP 6s
[root@master01 ~]# curl ngx-dep.default.svc.cluster.local
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http:///"></a>.<br/>
Commercial support is available at
<a href="http:///"></a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 ~]#
提示:可以看到新建的ngx-dep和以前的服務(wù)ip地址不一樣�,但我們可以通過(guò)訪問(wèn)同一名稱(chēng)訪問(wèn)到對(duì)應(yīng)的pod;
pod動(dòng)態(tài)擴(kuò)展
新建pod控制器
[root@master01 ~]# kubectl create deploy myapp-dep --image=ikubernetes/myapp:v1
deployment.apps/myapp-dep created
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-dep-5bc4d8cc74-zcrwz 1/1 Running 0 10s
ngx-dep-5c8d96d457-w6nss 1/1 Running 0 60m
[root@master01 ~]#
新建myapp-dep服務(wù)
[root@master01 ~]# kubectl create svc clusterip myapp-dep --tcp=80:80
service/myapp-dep created
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h3m
myapp-dep ClusterIP 10.96.196.189 <none> 80/TCP 7s
ngx-dep ClusterIP 10.106.196.39 <none> 80/TCP 5m16s
[root@master01 ~]# kubectl describe svc/myapp-dep
Name: myapp-dep
Namespace: default
Labels: app=myapp-dep
Annotations: <none>
Selector: app=myapp-dep
Type: ClusterIP
IP Families: <none>
IP: 10.96.196.189
IPs: 10.96.196.189
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.3:80
Session Affinity: None
Events: <none>
[root@master01 ~]#
擴(kuò)展pod
[root@master01 ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
myapp-dep 1/1 1 1 4m16s
ngx-dep 1/1 1 1 122m
[root@master01 ~]# kubectl scale --replicas=5 deploy/myapp-dep
deployment.apps/myapp-dep scaled
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-dep-5bc4d8cc74-fpfvj 1/1 Running 0 7s
myapp-dep-5bc4d8cc74-gqhh5 0/1 ContainerCreating 0 7s
myapp-dep-5bc4d8cc74-j827z 0/1 ContainerCreating 0 7s
myapp-dep-5bc4d8cc74-s5ftj 0/1 ContainerCreating 0 7s
myapp-dep-5bc4d8cc74-zcrwz 1/1 Running 0 5m17s
ngx-dep-5c8d96d457-w6nss 1/1 Running 0 65m
[root@master01 ~]#
提示:可以看到現(xiàn)在myapp-dep運(yùn)行的pod變成了5個(gè)��;
縮減pod
[root@master01 ~]# kubectl scale --replicas=3 deploy/myapp-dep
deployment.apps/myapp-dep scaled
[root@master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-dep-5bc4d8cc74-cvkbc 1/1 Running 0 76s 10.244.1.5 node01.k8s.org <none> <none>
myapp-dep-5bc4d8cc74-gmt7w 1/1 Running 0 76s 10.244.3.5 node03.k8s.org <none> <none>
myapp-dep-5bc4d8cc74-gqhh5 1/1 Running 0 6m54s 10.244.2.4 node02.k8s.org <none> <none>
ngx-dep-5c8d96d457-w6nss 1/1 Running 0 72m 10.244.2.3 node02.k8s.org <none> <none>
[root@master01 ~]#
提示:動(dòng)態(tài)擴(kuò)縮減pod數(shù)量只需要把對(duì)應(yīng)的replicas數(shù)量進(jìn)行修改即可�;默認(rèn)不指定就是為1;
現(xiàn)在再次查看service對(duì)應(yīng)的endpoint地址是否是上述三個(gè)地址呢�?
[root@master01 ~]# kubectl describe svc/myapp-dep
Name: myapp-dep
Namespace: default
Labels: app=myapp-dep
Annotations: <none>
Selector: app=myapp-dep
Type: ClusterIP
IP Families: <none>
IP: 10.96.196.189
IPs: 10.96.196.189
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.5:80,10.244.2.4:80,10.244.3.5:80
Session Affinity: None
Events: <none>
[root@master01 ~]#
提示:可以看到對(duì)應(yīng)service后端endpoint地址已經(jīng)關(guān)聯(lián)到以上3個(gè)pod地址;這也意味著我們?cè)L問(wèn)service,它會(huì)把我們的請(qǐng)求調(diào)度到對(duì)應(yīng)的pod上進(jìn)行響應(yīng),具體會(huì)這么調(diào)度呢�����?
訪問(wèn)myapp-dep服務(wù)
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-cvkbc
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gmt7w
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-cvkbc
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]# curl myapp-dep.default.svc.cluster.local/hostname.html
myapp-dep-5bc4d8cc74-gqhh5
[root@master01 ~]#
提示:的確service能夠調(diào)度請(qǐng)求��,從上面訪問(wèn)結(jié)果看���,service調(diào)度是隨機(jī)調(diào)度����,沒(méi)有什么規(guī)律���;
以上就是k8s集群環(huán)境中使用kubectl命令行工具來(lái)操作k8s上的名稱(chēng)空間�����,控制器�����,服務(wù)相關(guān)演示和說(shuō)明��;從上面的演示可以知道�����,在k8s上所有的操作都在master端進(jìn)行����,因?yàn)閙aster端有證書(shū),默認(rèn)情況k8s的aipserver會(huì)雙向認(rèn)證�,所謂雙向認(rèn)證是指,不僅客戶端要驗(yàn)證服務(wù)端證書(shū)�����,同時(shí)服務(wù)端也要驗(yàn)證客戶端證書(shū)��;在k8s上的所有操作都要先和apiserver打交道����;其次創(chuàng)建pod控制器,只要控制器不被刪除��,里面定義的pod它就會(huì)一直處于我們期望的數(shù)量和狀態(tài)存在�,即便我們手動(dòng)刪除pod它也會(huì)自動(dòng)重建�����;對(duì)于service來(lái)說(shuō),在k8s上創(chuàng)建service�����,從本質(zhì)上講就是創(chuàng)建iptables或ipvs規(guī)則�;不同類(lèi)型的service訪問(wèn)途徑略有不同,clusterip類(lèi)型的service只能在k8s節(jié)點(diǎn)上實(shí)現(xiàn)訪問(wèn)�����,nodeport類(lèi)型的service可以實(shí)現(xiàn)從外部主機(jī)訪問(wèn)k8s節(jié)點(diǎn)ip+對(duì)應(yīng)創(chuàng)建service自動(dòng)生成的固定端口就可以訪問(wèn)到對(duì)應(yīng)服務(wù)�;除此之外,在k8s上我們可以通過(guò)kubectl scale來(lái)對(duì)pod控制器做動(dòng)態(tài)擴(kuò)縮減pod數(shù)量����;如果一個(gè)service后端對(duì)應(yīng)多個(gè)pod時(shí),service還能起到調(diào)度的作用�;
|
