K8s資源清單定義入門

一、K8S中常見的資源

Kubernetes中把資源實例化以後稱之爲對象，這裏先介紹K8S中常見的核心資源有哪些：

• 工作負載型資源（workload）：Pod、ReplicaSet、Deployment、StatefulSet、DaemonSet、Job、CronJob。（ReplicationController在v1.11版本被廢棄）
• 服務發現及負載均衡型資源（ServiceDiscovery、LoadBalance） : Service 、Ingress， ...
• 配置與存儲型資源： Volume（存儲卷）、CSI（容器存儲接口，可以擴展各種各樣的第三方存儲卷）
  • 特殊類型的存儲卷：ConfigMap（當配置中心來使用的資源類型）、Secret（保存敏感數據）、DownwardAPI（把外部環境中的信息輸出給容器）

以上這些資源都是配置在名稱空間級別。

• 集羣級資源（都是配置在名）： Namespace、Node、Role、ClusterRole、RoleBinding（角色綁定）、ClusterRoleBinding（集羣角色綁定）、
• 元數據型資源：HPA、PodTemplate（Pod模板，用於讓控制器創建Pod時使用的模板。）、LimitRange（用來定義硬件資源限制的）

下面是利用資源清單創建一個Pod的資源清單內容：

[root@s1 ~]# kubectl get pod myapp-7c468db58f-5nghn -o yaml
apiVersion: v1     # K8S API版本，應該由兩部分組成：group/version，group省略表示默認爲core
kind: Pod          # 資源類別： Pod、Deployment、Service等等 
metadata:          # 資源元數據
  creationTimestamp: "2019-12-16T07:45:17Z"
  generateName: myapp-7c468db58f-
  labels:
    pod-template-hash: 7c468db58f
    run: myapp
  name: myapp-7c468db58f-5nghn
  namespace: default
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: myapp-7c468db58f
    uid: 7463ad31-bbfa-46a7-b301-5a70daba188b
  resourceVersion: "40423"
  selfLink: /api/v1/namespaces/default/pods/myapp-7c468db58f-5nghn
  uid: a0f310d7-24f6-441e-a139-8cbe11e9a2ff
spec:           # specifications, 資源規格。（定義資源對象期望的狀態），這個是最重要的字段，用於規定接下來要創建的資源對象應該擁有的特性。然後依靠控制器確保這些特性能夠被滿足。
  containers:
  - image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    name: myapp
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-6hhk2
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: n1
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:    # 容忍度，能夠容忍哪些污點
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-6hhk2
    secret:
      defaultMode: 420
      secretName: default-token-6hhk2
status:     # 用於顯示這個資源對象當前的狀態，這個字段是隻讀的。
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-12-16T07:45:17Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-12-16T07:45:18Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-12-16T07:45:18Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-12-16T07:45:17Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://a5135c4064fc86edf913d5d053688ff188dc22a4723049d80089ca9a39c538b2
    image: ikubernetes/myapp:v1
    imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    lastState: {}
    name: myapp
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2019-12-16T07:45:18Z"
  hostIP: 192.168.100.50
  phase: Running
  podIP: 10.244.1.15
  podIPs:
  - ip: 10.244.1.15
  qosClass: BestEffort
  startTime: "2019-12-16T07:45:17Z"

命令：kubectl api-versions可以查看所有API 羣組/版本

[root@s1 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

二、創建資源清單

2.1 創建資源的方法：

apiserver僅接收JSON格式的資源定義，利用yaml格式提供配置清單，apiserver可自動將其轉爲json格式，而後再提交併執行。

2.2 常用資源的配置清單

apiVersion: group/version
    $ kubectl api-versions

kind: 資源類別

metadata: 元數據
    name: 資源名稱
    namespace: 名稱空間
    labels: 標籤，鍵值數據。數據大小有限制。
    annotations: 註解，也是鍵值數據，但是它的數據沒有大小限制。

spec: 期望的狀態，disired state，由用戶定義，最重要。每種資源支持的字段不一樣。

status: 當前狀態，current state, 本字段由K8S集羣維護。

每個資源的引用PATH:
/api/GROUP/VERSION/namespace/NAMESPACE/TYPE/NAME （大寫單詞替換爲具體名稱），可以通過這個PATH獲取資源的信息。

查看某個資源類型支持的字段：
命令： kubectl explain <resource_type>.<fieldName>[.<fieldName>]

[root@s1 ~]# kubectl explain Pod
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.

FIELDS:
   apiVersion   <string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

   kind <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

   metadata     <Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   spec <Object>
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

   status       <Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

每個字段的值都標記有對應的類型：
字段標記有-required-表示必選字段。

值類型	簡述
<string>	字符串
<[]string>	字符串列表，所有的列表數據都可以放在[]中。
<integer>	整數
<Object>	對象，也就是可以嵌套二級或三級字段。。。
<[]Object>	對象列表，
<map[string]string>	映射，多個k=v類型的json數組，也就是鍵值對，key=value，所有映射數據都可以直接放在{}中。
<boolean>	布爾值，true或false

2.3 利用資源清單創建Pod

先創建一個資源清單：

[root@s1 ~]# cat pod-demo.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
  - name: busybox
    image: busybox:latest
    command:
    - "/bin/sh"
    - "-c"
    - "sleep 3600"

執行命令以創建Pod：

[root@s1 ~]# kubectl create -f pod-demo.yaml 
pod/pod-demo created
[root@s1 ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP            NODE   NOMINATED NODE   READINESS GATES
client                   0/1     Error     0          161m   10.244.2.6    n2     <none>           <none>
myapp-7c468db58f-5nghn   1/1     Running   0          52m    10.244.1.15   n1     <none>           <none>
myapp-7c468db58f-k2rgk   1/1     Running   0          52m    10.244.2.13   n2     <none>           <none>
pod-demo                 2/2     Running   0          17s    10.244.2.14   n2     <none>           <none>

訪問pod-demo pod中的myapp容器並查看其日誌：

[root@s1 ~]# curl 10.244.2.14 
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@s1 ~]# kubectl logs pod-demo myapp
10.244.0.0 - - [16/Dec/2019:08:38:11 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"

刪除資源清單裏面的資源：

[root@s1 ~]# kubectl delete -f pod-demo.yaml 
pod "pod-demo" deleted

事實上使用kubectl命令管理資源有三種用法：

• 命令式用法， K8S應用快速入門中講的。
• 命令式資源清單用法，就是本章；
• 聲明式資源清單。使用聲明式資源清單，可以確保資源儘可能的向我們聲明的狀態改變，這樣我們就可以隨時改變聲明，並隨時應用。