Day04-标签管理,livenessProbe探针,namespace名称空间,rc控制器及svc服务发现实战案例
0、上周内容回顾:
- Kubernetes集群部署
- kubeadm
- 二进制
---->:
kind
....
- k8S架构:
- Controller Plane
作用: 管理整套K8S集群的控制面板。
- api-server:
集群的统一访问入口。
- etcd:
存储集群数据。
- scheduler:
负责Pod的调度。
- Controller Manager:
维护集群的状态的。
- worker Node:
作用: 实际干活的节点。
- kubelet:
负责Pod的生命周期。
- kube-proxy:
负责对K8S集群外部提供访问路由。
- Pod的基础管理
- 什么是Pod:
是K8S集群部署的最小单元。实际运行业务的地方。
- 资源清单
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-linux85
spec:
imagePullSecrets:
- name:
nodeName:
hostNetwork:
volumes:
- name:
emptyDir:{}
- name:
hostPath:
- name:
nfs:
server:
path:
- name:
configMap:
- name:
secret:
restartPolicy:
containers:
- name:
image:
ports:
- containerPort:
name:
hostIP:
hostPort:
protocol:
stdin:
command:
args:
resources:
requests:
cpu:
memory:
limits:
env:
- name:
value:
- name:
valueFrom:
imagePullPolicy:
volumeMounts:
- name:
mountPath:
- name:
mountPath:
subPath:
status:
- configMap:
- 主要应用于存储程序的配置文件。
- secret:
- 存储敏感信息。比如说用户名密码,证书文件等。
- 资源的基础管理:
kubectl create
kubectk delete
kubectl apply
kubectl get
- 故障排查相关命令
kubectl describe
kubectl logs
kubectl cp
kubectl exec
- 查看帮助信息
kubectl explain
Q1: 请问harbor的secret创建是能否直接创建资源清单呢?
Q2: 请问Pod能否实现对容器的健康检查,如果服务有异常,直接重启?
Q3: 如何实现创建多个名为"oldboyedu-linux85"的Pod呢?
Q4: 如何实现当Pod的IP地址发生变化时,不影响这正常服务的使用呢?
Q5: 如何实现删除了Pod后,自动拉起的功能?“kubectl delete pods --all”
Q6: 能否实现不通过api-Server创建Pod呢?换句话说,不能使用"kubectl create|apply"创建Pod资源呢?
1、K8S的两类API
- 响应式:
可以理解直接基于命令行的方式创建资源。换句话说,不通过配置文件创建资源。 - 声明式:
可以理解为通过资源清单的方式创建资源。话句话说,通过配置文件创建资源。
1.1 举个例子,测试数据如下:
用户名: linux85
密 码: oldboyedu@linux85
邮 箱: linux85@oldboyedu.com
服务器: harbor.oldboyedu.com
1.1.1 通过响应式方式创建harbor的认证信息
kubectl create secret docker-registry linux85-harbor --docker-username=linux85 --docker-password=oldboyedu@linux85 --docker-email=linux85@oldboyedu.com --docker-server=harbor.oldboyedu.com
1.1.2 通过声明式方式创建harbor的认证信息
(1)原生JSON格式数据
{"auths":{"harbor.oldboyedu.com":{"username":"linux85","password":"oldboyedu@linux85","email":"linux85@oldboyedu.com","auth":"linux85:oldboyedu@linux85"}}}
(2)对于认证信息进行编码
{"auths":{"harbor.oldboyedu.com":{"username":"linux85","password":"oldboyedu@linux85","email":"linux85@oldboyedu.com","auth":"bGludXg4NTpvbGRib3llZHVAbGludXg4NQ=="}}}
(3)对全量信息进行编码。
eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODUiLCJwYXNzd29yZCI6Im9sZGJveWVkdUBsaW51eDg1IiwiZW1haWwiOiJsaW51eDg1QG9sZGJveWVkdS5jb20iLCJhdXRoIjoiYkdsdWRYZzROVHB2YkdSaWIzbGxaSFZBYkdsdWRYZzROUT09In19fQ==
(4)编写资源清单
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODUiLCJwYXNzd29yZCI6Im9sZGJveWVkdUBsaW51eDg1IiwiZW1haWwiOiJsaW51eDg1QG9sZGJveWVkdS5jb20iLCJhdXRoIjoiYkdsdWRYZzROVHB2YkdSaWIzbGxaSFZBYkdsdWRYZzROUT09In19fQ==
kind: Secret
metadata:
name: linux85-harbor
type: kubernetes.io/dockerconfigjson
(5)创建资源清单
kubectl apply -f xxx.yaml
1.2 举个例子,测试数据如下:
用户名: linux86
密 码: oldboyedu@linux86
邮 箱: linux86@oldboyedu.com
服务器: harbor.oldboyedu.com
1.2.1 通过声明式方式创建harbor的认证信息
(1)原生JSON格式数据
{"auths":{"harbor.oldboyedu.com":{"username":"linux86","password":"oldboyedu@linux86","email":"linux86@oldboyedu.com","auth":"linux86:oldboyedu@linux86"}}}
(2)对于认证信息("auth"资源)进行编码
[root@k8s231.oldboyedu.com secret]# echo -n linux86:oldboyedu@linux86 | base64
bGludXg4NjpvbGRib3llZHVAbGludXg4Ng==
[root@k8s231.oldboyedu.com secret]#
得到数据如下:
{"auths":{"harbor.oldboyedu.com":{"username":"linux86","password":"oldboyedu@linux86","email":"linux86@oldboyedu.com","auth":"bGludXg4NjpvbGRib3llZHVAbGludXg4Ng=="}}}
(3)对全量信息进行编码。(全量内容要使用单引号,否则就看不到文本的双引号啦~)
[root@k8s231.oldboyedu.com secret]# echo -n '{"auths":{"harbor.oldboyedu.com":{"username":"linux86","password":"oldboyedu@linux86","email":"linux86@oldboyedu.com","auth":"bGludXg4NjpvbGRib3llZHVAbGludXg4Ng=="}}}' | base64
eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODYiLCJwYXNzd29yZCI6Im9sZGJveWVkdUBsaW51eDg2IiwiZW1haWwiOiJsaW51eDg2QG9sZGJveWVkdS5jb20iLCJhdXRoIjoiYkdsdWRYZzROanB2YkdSaWIzbGxaSFZBYkdsdWRYZzROZz09In19fQ==
[root@k8s231.oldboyedu.com secret]#
(4)编写资源清单
cat > harbor-linux86.yaml <<EOF
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODYiLCJwYXNzd29yZCI6Im9sZGJveWVkdUBsaW51eDg2IiwiZW1haWwiOiJsaW51eDg2QG9sZGJveWVkdS5jb20iLCJhdXRoIjoiYkdsdWRYZzROanB2YkdSaWIzbGxaSFZBYkdsdWRYZzROZz09In19fQ==
kind: Secret
metadata:
name: linux86-harbor
type: kubernetes.io/dockerconfigjson
EOF
(5)创建资源清单
kubectl apply -f harbor-linux86.yaml
(6)查看资源清单
[root@k8s231.oldboyedu.com secret]# kubectl get secrets linux86-harbor
NAME TYPE DATA AGE
linux86-harbor kubernetes.io/dockerconfigjson 1 2m29s
2、Pod的标签管理
2.1 响应式进行标签管理
- 创建标签
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 37s <none>
[root@k8s231.oldboyedu.com pods]# kubectl label -f 13-web-labels.yaml school=oldboyedu
pod/linux85-web-labels-001 labeled
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 70s school=oldboyedu
[root@k8s231.oldboyedu.com pods]# kubectl label pod linux85-web-labels-001 class=linux85
pod/linux85-web-labels-001 labeled
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 95s class=linux85,school=oldboyedu
- 修改标签
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 3m44s class=linux85,school=oldboyedu
[root@k8s231.oldboyedu.com pods]# kubectl label --overwrite pod linux85-web-labels-001 school=www.oldboyedu.com
pod/linux85-web-labels-001 labeled
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 4m8s class=linux85,school=www.oldboyedu.com
- 查看标签
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 4m8s class=linux85,school=www.oldboyedu.com
- 删除标签
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 8m34s class=linux85,school=www.oldboyedu.com
[root@k8s231.oldboyedu.com pods]# kubectl label pod linux85-web-labels-001 school-
pod/linux85-web-labels-001 unlabeled
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 9m27s class=linux85
2.2 基于声明式进行标签管理
[root@k8s231.oldboyedu.com pods]# cat 13-web-labels.yaml
apiVersion: v1
kind: Pod
metadata:
name: linux85-web-labels-001
labels:
school: www.oldboyedu.com
class: linux85
spec:
containers:
- name: nginx
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 22s class=linux85,school=oldboyedu
[root@k8s231.oldboyedu.com pods]# kubectl apply -f 13-web-labels.yaml
pod/linux85-web-labels-001 configured
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 35s class=linux85,school=www.oldboyedu.com
对比标签管理,响应式和声明式的区别:
- 响应式:
创建标签立即生效,但资源被重新创建时,标签可能会丢失哟~需要重新创建。 - 声明式:
需要将标签写入到资源清单,每次修改后需要重新应用资源的配置文件,否则不会生效。
2.3 基于标签删除Pod资源案例
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web 1/1 Running 0 45s class=linux86
linux85-web-labels-001 1/1 Running 0 4m17s class=linux85,school=www.oldboyedu.com
[root@k8s231.oldboyedu.com pods]# kubectl delete pods -l class=linux86
pod "linux85-web" deleted
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web-labels-001 1/1 Running 0 5m55s class=linux85,school=www.oldboyedu.com
2.4 基于标签查看Pod
[root@k8s231.oldboyedu.com pods]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
linux85-web 1/1 Running 0 32s class=linux86
linux85-web-labels-001 1/1 Running 0 11m class=linux85,school=www.oldboyedu.com
[root@k8s231.oldboyedu.com pods]# kubectl get pods -l class=linux85
NAME READY STATUS RESTARTS AGE
linux85-web-labels-001 1/1 Running 0 12m
2.5 基于标签管理cm资源
[root@k8s231.oldboyedu.com pods]# kubectl get cm --show-labels
NAME DATA AGE LABELS
kube-root-ca.crt 1 4d21h <none>
linux85-config 4 2d23h <none>
oldboyedu-linux85-games 1 2d22h <none>
[root@k8s231.oldboyedu.com pods]# kubectl label cm oldboyedu-linux85-games school=oldboyedu
configmap/oldboyedu-linux85-games labeled
[root@k8s231.oldboyedu.com pods]# kubectl label cm linux85-config class=linux85
configmap/linux85-config labeled
[root@k8s231.oldboyedu.com pods]# kubectl get cm --show-labels
NAME DATA AGE LABELS
kube-root-ca.crt 1 4d21h <none>
linux85-config 4 2d23h class=linux85
oldboyedu-linux85-games 1 2d22h school=oldboyedu
[root@k8s231.oldboyedu.com pods]# kubectl label cm oldboyedu-linux85-games class=linux86
configmap/oldboyedu-linux85-games labeled
[root@k8s231.oldboyedu.com pods]# kubectl get cm -l class --show-labels
NAME DATA AGE LABELS
linux85-config 4 2d23h class=linux85
oldboyedu-linux85-games 1 2d22h class=linux86,school=oldboyedu
[root@k8s231.oldboyedu.com pods]# kubectl get cm -l class=linux85 --show-labels
NAME DATA AGE LABELS
linux85-config 4 2d23h class=linux85
2.6 查看nodes节点的标签
[root@k8s231.oldboyedu.com pods]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
k8s231.oldboyedu.com Ready control-plane,master 4d21h v1.23.17 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s231.oldboyedu.com,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s232.oldboyedu.com Ready <none> 4d21h v1.23.17 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s232.oldboyedu.com,kubernetes.io/os=linux
k8s233.oldboyedu.com Ready <none> 4d21h v1.23.17 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s233.oldboyedu.com,kubernetes.io/os=linux
3、探针(probe)常用的方式
3.1 常用的探针(Probe):
- livenessProbe:
健康状态检查,周期性检查服务是否存活,检查结果失败,将"重启"容器(删除源容器并重新创建新容器)。
如果容器没有提供健康状态检查,则默认状态为Success。 - readinessProbe:
可用性检查,周期性检查服务是否可用,从而判断容器是否就绪。
若检测Pod服务不可用,则会将Pod从svc的ep列表中移除。
若检测Pod服务可用,则会将Pod重新添加到svc的ep列表中。
如果容器没有提供可用性检查,则默认状态为Success。 - startupProbe: (1.16+之后的版本才支持)
如果提供了启动探针,则所有其他探针都会被禁用,直到此探针成功为止。
如果启动探测失败,kubelet将杀死容器,而容器依其重启策略进行重启。
如果容器没有提供启动探测,则默认状态为 Success。
3.2 探针(Probe)检测Pod服务方法
exec:
执行一段命令,根据返回值判断执行结果。返回值为0或非0,有点类似于"echo $?"。
httpGet:
发起HTTP请求,根据返回的状态码来判断服务是否正常。
200: 返回状态码成功
301: 永久跳转
302: 临时跳转
401: 验证失败
403: 权限被拒绝
404: 文件找不到
413: 文件上传过大
500: 服务器内部错误
502: 无效的请求
504: 后端应用网关响应超时
…
tcpSocket:
测试某个TCP端口是否能够链接,类似于telnet,nc等测试工具。
参考链接:
https://kubernetes.io/zh/docs/concepts/workloads/pods/pod-lifecycle/#types-of-probe
3.3 健康检查(livenessProbe)-exec检测方法
cat > 14-livenessProbe-exec.yaml <<EOF
kind: Pod
apiVersion: v1
metadata:
name: oldboyedu-linux85-exec-001
labels:
apps: myweb
spec:
containers:
- name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
command:
- /bin/sh
- -c
- touch /tmp/oldboyedu-linux85-healthy; sleep 5; rm -f /tmp/oldboyedu-linux85-healthy; sleep 600
# 健康状态检查,周期性检查服务是否存活,检查结果失败,将重启容器。
livenessProbe:
# 使用exec的方式去做健康检查
exec:
# 自定义检查的命令
command:
- cat
- /tmp/oldboyedu-linux85-healthy
# 检测服务失败次数的累加值,默认值是3次,最小值是1。当检测服务成功后,该值会被重置!
failureThreshold: 3
# 指定多久之后进行健康状态检查,即此时间段内检测服务失败并不会对failureThreshold进行计数。
initialDelaySeconds: 15
# 指定探针检测的频率,默认是10s,最小值为1.
periodSeconds: 1
# 检测服务成功次数的累加值,默认值为1次,最小值1.
successThreshold: 1
# 一次检测周期超时的秒数,默认值是1秒,最小值为1.
timeoutSeconds: 1
EOF
温馨提示:
在验证探针是否检查失败时,可以使用describe命令查看时间关于Reason内容包含"Unhealthy"所在的行,如下所示:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6m5s default-scheduler Successfully assigned default/oldboyedu-linux81-exec-001 to k8s153.oldboyedu.com
......
Warning Unhealthy 3m23s (x10 over 5m47s) kubelet, k8s153.oldboyedu.com Liveness probe failed: cat: /tmp/oldboyedu-linux81-healthy: No such file or directory
注意观察:
“(x10 over 5m47s)”的内容,表示第10次检查失败,其中距离第一次检查失败已经经过了"5m47s"秒,而开始调度成功的时间是"6m5s"之前,两者时间差详见,得出第一次检测失败的时间是"18s".
- httpGet检测方法
cat > 15-livenessProbe-httpGet.yaml <<EOF
kind: Pod
apiVersion: v1
metadata:
name: oldboyedu-linux85-httpget-001
labels:
apps: myweb
spec:
volumes:
- name: data
emptyDir: {}
containers:
- name: linux85-httpget
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html
# 健康状态检查,周期性检查服务是否存活,检查结果失败,将重启容器。
livenessProbe:
# 使用httpGet的方式去做健康检查
httpGet:
# 指定访问的端口号
port: 80
# 检测指定的访问路径
path: /index.html
# 检测服务失败次数的累加值,默认值是3次,最小值是1。当检测服务成功后,该值会被重置!
failureThreshold: 3
# 指定多久之后进行健康状态检查,即此时间段内检测服务失败并不会对failureThreshold进行计数。
initialDelaySeconds: 65
# 指定探针检测的频率,默认是10s,最小值为1.
periodSeconds: 1
# 检测服务成功次数的累加值,默认值为1次,最小值1.
successThreshold: 1
# 一次检测周期超时的秒数,默认值是1秒,最小值为1.
timeoutSeconds: 1
EOF
- tcpSocket检测方法
cat > 16-livenessProbe-tcpSocket.yaml <<EOF
kind: Pod
apiVersion: v1
metadata:
name: oldboyedu-linux85-tcpsocket-001
labels:
apps: myweb
spec:
containers:
- name: linux85-tcpsocket
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
command:
- /bin/sh
- -c
- nginx ; sleep 10; nginx -s stop ; sleep 600
# 健康状态检查,周期性检查服务是否存活,检查结果失败,将重启容器。
livenessProbe:
# 使用tcpSocket的方式去做健康检查
tcpSocket:
port: 80
# 检测服务失败次数的累加值,默认值是3次,最小值是1。当检测服务成功后,该值会被重置!
failureThreshold: 3
# 指定多久之后进行健康状态检查,即此时间段内检测服务失败并不会对failureThreshold进行计数。
initialDelaySeconds: 15
# 指定探针检测的频率,默认是10s,最小值为1.
periodSeconds: 1
# 检测服务成功次数的累加值,默认值为1次,最小值1.
successThreshold: 1
# 一次检测周期超时的秒数,默认值是1秒,最小值为1.
timeoutSeconds: 1
EOF
在同一个名称空间下,同一种资源类型,是无法同时创建多个名称相同的资源。
yumeng: oldboyedu-linux85
liwenxuan: oldboyedu-linux85
名称空间是用来隔离K8S集群的资源。我们通常使用名称空间对企业业务进行逻辑上划分。
K8S集群一切皆资源,有的资源是不支持名称空间的,我们将其称为全局资源,而支持名称空间的资源我们称之为局部资源。
我们可以通过"kubectl api-resources"命令来判断一个资源是否支持名称空间。
温馨提示:
(1)在同一个名称空间下,同一个资源类型是不能出现重名的;
(2)在不同的名称空间下,相同的资源类型是能出现同名的;
4、名称空间的基本管理
4.1 名称空间的资源查看详解
1.查看现象有的名称空间
[root@k8s231.oldboyedu.com pods]# kubectl get namespaces
2.查看默认名称空间的Pod资源
kubectl get pods -n default
kubectl get pods
3.查看指定的名称空间Pod资源
kubectl get pods -n kube-system
kubectl get pods --namespace kube-system
4.查看所有名称空间的Pod资源
kubectl get pods --all-namespaces
kubectl get pods -A
5.查看所有名称空间的cm资源
kubectl get cm -A
6.查看指定名称空间的cm资源
kubectl get cm -n kube-system
4.2 创建名称空间
1.响应式创建名称空间
kubectl create namespace oldboyedu-linux85
2.声明式创建名称空间
[root@k8s231.oldboyedu.com namespaces]# cat 01-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: oldboyedu-linux86
labels:
school: oldboyedu
class: linux86
[root@k8s231.oldboyedu.com namespaces]#
4.3 修改名称空间
名称空间一旦创建将无法修改!
4.4 使用名称空间
[root@k8s231.oldboyedu.com namespaces]# cat 02-pods-ns.yaml
apiVersion: v1
kind: Pod
metadata:
name: linux85-web
# 指定资源所在的名称空间
namespace: oldboyedu-linux85
spec:
containers:
- name: nginx
image: nginx:1.14.2
[root@k8s231.oldboyedu.com namespaces]#
[root@k8s231.oldboyedu.com namespaces]# cat 03-cm-ns.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: linux85-config
namespace: oldboyedu-linux85
data:
school: oldboyedu
class: linux85
my.cfg: |
datadir: "/var/lib/mysql"
basedir: "/usr/share/mysql"
socket: "/tmp/mysql.sock"
student.info: |
pengbing: "大长腿,熬夜,六味地黄丸"
wumingkun: "彭斌,Linux"
qinhongbin: "欧美,日韩,国产"
liwenxuan: "拍小电影,小皮鞭"
wanglei: "演小电影,大皮鞭"
[root@k8s231.oldboyedu.com namespaces]#
[root@k8s231.oldboyedu.com namespaces]#
[root@k8s231.oldboyedu.com namespaces]# cat 04-secret-ns.yaml
apiVersion: v1
kind: Secret
metadata:
name: es-https
namespace: oldboyedu-linux85
data:
username: ZWxhc3RpYwo=
password: b2xkYm95ZWR1Cg==
hostip: MTAuMC4wLjI1MAo=
[root@k8s231.oldboyedu.com namespaces]#
4.5 删除名称空间注意事项,一旦删除名称空间,该名称空间下的所有资源都会被随之删除哟!
[root@k8s231.oldboyedu.com namespaces]# kubectl get po,cm,secret -n oldboyedu-linux85
NAME READY STATUS RESTARTS AGE
pod/linux85-web 1/1 Running 0 6m9s
NAME DATA AGE
configmap/kube-root-ca.crt 1 13m
configmap/linux85-config 4 5m10s
NAME TYPE DATA AGE
secret/default-token-mgnq5 kubernetes.io/service-account-token 3 13m
secret/es-https Opaque 3 4m5s
[root@k8s231.oldboyedu.com namespaces]# kubectl delete namespace oldboyedu-linux85
namespace "oldboyedu-linux85" deleted
[root@k8s231.oldboyedu.com namespaces]# kubectl get po,cm,secret -n oldboyedu-linux85
No resources found in oldboyedu-linux85 namespace.
5、rc控制器实战案例
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 01-rc-nginx.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
# 指定Pod的副本数量,默认值为1
replicas: 5
# 指定标签选择器
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
# 指定创建Pod的模板
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- name: nginx
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
[root@k8s231 replicationcontrollers]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-linux85-web-rc-bpk5t 1/1 Running 0 12s 10.100.2.22 k8s233.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-kn6vq 1/1 Running 0 12s 10.100.2.21 k8s233.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-vkvm8 1/1 Running 0 12s 10.100.2.23 k8s233.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-vmpgl 1/1 Running 0 12s 10.100.1.36 k8s232.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-vsvr5 1/1 Running 0 12s 10.100.1.37 k8s232.oldboyedu.com <none> <none>
[root@k8s231 replicationcontrollers]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
oldboyedu-linux85-web-rc-bpk5t 1/1 Running 0 74s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-kn6vq 1/1 Running 0 74s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-vkvm8 1/1 Running 0 74s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-vmpgl 1/1 Running 0 74s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-vsvr5 1/1 Running 0 74s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
[root@k8s231 replicationcontrollers]# kubectl delete pods --all
pod "oldboyedu-linux85-web-rc-bpk5t" deleted
pod "oldboyedu-linux85-web-rc-kn6vq" deleted
pod "oldboyedu-linux85-web-rc-vkvm8" deleted
pod "oldboyedu-linux85-web-rc-vmpgl" deleted
pod "oldboyedu-linux85-web-rc-vsvr5" deleted
[root@k8s231 replicationcontrollers]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
oldboyedu-linux85-web-rc-dpp9w 1/1 Running 0 4s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-jwcsq 1/1 Running 0 4s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-lpzbs 1/1 Running 0 4s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-rrr5r 1/1 Running 0 4s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-tb99x 1/1 Running 0 4s address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
[root@k8s231 replicationcontrollers]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-linux85-web-rc-dpp9w 1/1 Running 0 11s 10.100.1.40 k8s232.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-jwcsq 1/1 Running 0 11s 10.100.1.38 k8s232.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-lpzbs 1/1 Running 0 11s 10.100.2.25 k8s233.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-rrr5r 1/1 Running 0 11s 10.100.2.24 k8s233.oldboyedu.com <none> <none>
oldboyedu-linux85-web-rc-tb99x 1/1 Running 0 11s 10.100.1.39 k8s232.oldboyedu.com <none> <none>
[root@k8s231 replicationcontrollers]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/oldboyedu-linux85-web-rc-dpp9w 1/1 Running 0 68s
pod/oldboyedu-linux85-web-rc-jwcsq 1/1 Running 0 68s
pod/oldboyedu-linux85-web-rc-lpzbs 1/1 Running 0 68s
pod/oldboyedu-linux85-web-rc-rrr5r 1/1 Running 0 68s
pod/oldboyedu-linux85-web-rc-tb99x 1/1 Running 0 68s
NAME DESIRED CURRENT READY AGE
replicationcontroller/oldboyedu-linux85-web-rc 5 5 5 3m17s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 8d
[root@k8s231 replicationcontrollers]# kubectl delete replicationcontroller/oldboyedu-linux85-web-rc
replicationcontroller "oldboyedu-linux85-web-rc" deleted
[root@k8s231 replicationcontrollers]# kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 8d
自定义Pod实战案例:
[root@k8s231.oldboyedu.com replicationcontrollers]# cat /tmp/pods.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
address: oldboyedu-shahe
auther: jasonyin
classroom: jiaoshi05
hobby: k8s
apps: web01
name: oldboyedu-linux85-jiaoshi07
namespace: default
spec:
containers:
- image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
name: nginx
[root@k8s231.oldboyedu.com replicationcontrollers]#
6、SVC的ClusterIP类型
[root@k8s231.oldboyedu.com services]# cat 01-svc-ClusterIP.yaml
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
# 关联后端的Pod
selector:
hobby: k8s
auther: jasonyin
# 指定svc的类型,有效值为: ExternalName, ClusterIP, NodePort, and LoadBalancer
# ExternalName:
# 可以将K8S集群外部的服务映射为一个svc服务。类似于一种CNAME技术.
# ClusterIP:
# 仅用于K8S集群内部使用。提供统一的VIP地址。默认值!
# NodePort:
# 基于ClusterIP基础之上,会监听所有的Worker工作节点的端口,K8S外部可以基于监听端口访问K8S内部服务。
# LoadBalancer:
# 主要用于云平台的LB等产品。
type: ClusterIP
# 指定端口映射相关信息
ports:
# 指定svc的端口号
- port: 88
# 指定Pod端口号
targetPort: 80
# 指定协议
protocol: TCP
# 指定ClusterIP的地址
clusterIP: 10.200.100.100
[root@k8s231 service]# kubectl apply -f 01-svc-ClusterIP.yaml
service/oldboyedu-linux85-web created
[root@k8s231 service]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
bernetes ClusterIP 10.200.0.1 <none> 443/TCP 8d
oldboyedu-linux85-web ClusterIP 10.200.93.185 <none> 88/TCP 9s
[root@k8s231 service]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 8d <none>
oldboyedu-linux85-web ClusterIP 10.200.93.185 <none> 88/TCP 18s auther=jasonyin,hobby=k8s
[root@k8s231 service]# kubectl describe svc oldboyedu-linux85-web
Name: oldboyedu-linux85-web
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.93.185
IPs: 10.200.93.185
Port: <unset> 88/TCP
TargetPort: 80/TCP
Endpoints: 10.100.1.44:80,10.100.2.30:80
Session Affinity: None
Events: <none>
[root@k8s231 service]# kubectl get po -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
oldboyedu-linux85-web-rc-68x5g 1/1 Running 0 65s 10.100.2.30 k8s233.oldboyedu.com <none> <none> address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
oldboyedu-linux85-web-rc-m27f5 1/1 Running 0 65s 10.100.1.44 k8s232.oldboyedu.com <none> <none> address=oldboyedu-shahe,auther=jasonyin,classroom=jiaoshi05,hobby=k8s
[root@k8s231 service]# curl 10.200.93.185:88
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@k8s231 service]# kubectl exec -it oldboyedu-linux85-web-rc-68x5g -- sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # echo "web01 10.100.2.30" > index.html
/usr/share/nginx/html #
[root@k8s231 service]# kubectl exec -it oldboyedu-linux85-web-rc-m27f5 -- sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ll
sh: ll: not found
/usr/share/nginx/html # ls
50x.html index.html
/usr/share/nginx/html # echo "web02 10.100.1.44" > index.html
/usr/share/nginx/html #
[root@k8s231 service]# curl 10.200.93.185:88
web02 10.100.1.44
[root@k8s231 service]# curl 10.200.93.185:88
web01 10.100.2.30
[root@k8s231 service]# curl 10.200.93.185:88
web02 10.100.1.44
[root@k8s231 service]# curl 10.200.93.185:88
web02 10.100.1.44
[root@k8s231 service]#
SVC的两大特性:
- 对外提供负载均衡能力
- 对内提供服务发现功能
今日作业:
(1)完成课堂的所有练习并整理思维导图;
(2)将上周作业使用rc资源实现,并通过svc访问,要求将这些资源都放在"oldboyedu-homework"名称空间下;
扩展作业:
使用各组部署的K8S组件实现将作业迁移到你部署的集群即可.
