一、K8S中常見的資源
Kubernetes中把資源實例化以後稱之爲對象,這裏先介紹K8S中常見的核心資源有哪些:
- 工作負載型資源(workload):Pod、ReplicaSet、Deployment、StatefulSet、DaemonSet、Job、CronJob。(ReplicationController在v1.11版本被廢棄)
- 服務發現及負載均衡型資源(ServiceDiscovery、LoadBalance) : Service 、Ingress, ...
- 配置與存儲型資源: Volume(存儲卷)、CSI(容器存儲接口,可以擴展各種各樣的第三方存儲卷)
- 特殊類型的存儲卷:ConfigMap(當配置中心來使用的資源類型)、Secret(保存敏感數據)、DownwardAPI(把外部環境中的信息輸出給容器)
以上這些資源都是配置在名稱空間級別。
- 集羣級資源(都是配置在名): Namespace、Node、Role、ClusterRole、RoleBinding(角色綁定)、ClusterRoleBinding(集羣角色綁定)、
- 元數據型資源:HPA、PodTemplate(Pod模板,用於讓控制器創建Pod時使用的模板。)、LimitRange(用來定義硬件資源限制的)
下面是利用資源清單創建一個Pod的資源清單內容:
[root@s1 ~]# kubectl get pod myapp-7c468db58f-5nghn -o yaml
apiVersion: v1 # K8S API版本,應該由兩部分組成:group/version,group省略表示默認爲core
kind: Pod # 資源類別: Pod、Deployment、Service等等
metadata: # 資源元數據
creationTimestamp: "2019-12-16T07:45:17Z"
generateName: myapp-7c468db58f-
labels:
pod-template-hash: 7c468db58f
run: myapp
name: myapp-7c468db58f-5nghn
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: myapp-7c468db58f
uid: 7463ad31-bbfa-46a7-b301-5a70daba188b
resourceVersion: "40423"
selfLink: /api/v1/namespaces/default/pods/myapp-7c468db58f-5nghn
uid: a0f310d7-24f6-441e-a139-8cbe11e9a2ff
spec: # specifications, 資源規格。(定義資源對象期望的狀態),這個是最重要的字段,用於規定接下來要創建的資源對象應該擁有的特性。然後依靠控制器確保這些特性能夠被滿足。
containers:
- image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
name: myapp
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-6hhk2
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: n1
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations: # 容忍度,能夠容忍哪些污點
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-6hhk2
secret:
defaultMode: 420
secretName: default-token-6hhk2
status: # 用於顯示這個資源對象當前的狀態,這個字段是隻讀的。
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-16T07:45:17Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-16T07:45:18Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-16T07:45:18Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-16T07:45:17Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://a5135c4064fc86edf913d5d053688ff188dc22a4723049d80089ca9a39c538b2
image: ikubernetes/myapp:v1
imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
lastState: {}
name: myapp
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2019-12-16T07:45:18Z"
hostIP: 192.168.100.50
phase: Running
podIP: 10.244.1.15
podIPs:
- ip: 10.244.1.15
qosClass: BestEffort
startTime: "2019-12-16T07:45:17Z"
命令:kubectl api-versions
可以查看所有API 羣組/版本
[root@s1 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
二、創建資源清單
2.1 創建資源的方法:
apiserver僅接收JSON格式的資源定義,利用yaml格式提供配置清單,apiserver可自動將其轉爲json格式,而後再提交併執行。
2.2 常用資源的配置清單
apiVersion: group/version
$ kubectl api-versions
kind: 資源類別
metadata: 元數據
name: 資源名稱
namespace: 名稱空間
labels: 標籤,鍵值數據。數據大小有限制。
annotations: 註解,也是鍵值數據,但是它的數據沒有大小限制。
spec: 期望的狀態,disired state,由用戶定義,最重要。每種資源支持的字段不一樣。
status: 當前狀態,current state, 本字段由K8S集羣維護。
每個資源的引用PATH:
/api/GROUP/VERSION/namespace/NAMESPACE/TYPE/NAME
(大寫單詞替換爲具體名稱),可以通過這個PATH獲取資源的信息。查看某個資源類型支持的字段:
命令:kubectl explain <resource_type>.<fieldName>[.<fieldName>]
[root@s1 ~]# kubectl explain Pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
每個字段的值都標記有對應的類型:
字段標記有-required-
表示必選字段。
值類型 | 簡述 |
---|---|
<string> |
字符串 |
<[]string> |
字符串列表,所有的列表數據都可以放在[]中。 |
<integer> |
整數 |
<Object> |
對象,也就是可以嵌套二級或三級字段。。。 |
<[]Object> |
對象列表, |
<map[string]string> |
映射,多個k=v類型的json數組,也就是鍵值對,key=value,所有映射數據都可以直接放在{}中。 |
<boolean> |
布爾值,true或false |
2.3 利用資源清單創建Pod
先創建一個資源清單:
[root@s1 ~]# cat pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
- name: busybox
image: busybox:latest
command:
- "/bin/sh"
- "-c"
- "sleep 3600"
執行命令以創建Pod:
[root@s1 ~]# kubectl create -f pod-demo.yaml
pod/pod-demo created
[root@s1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
client 0/1 Error 0 161m 10.244.2.6 n2 <none> <none>
myapp-7c468db58f-5nghn 1/1 Running 0 52m 10.244.1.15 n1 <none> <none>
myapp-7c468db58f-k2rgk 1/1 Running 0 52m 10.244.2.13 n2 <none> <none>
pod-demo 2/2 Running 0 17s 10.244.2.14 n2 <none> <none>
訪問pod-demo pod中的myapp容器並查看其日誌:
[root@s1 ~]# curl 10.244.2.14
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@s1 ~]# kubectl logs pod-demo myapp
10.244.0.0 - - [16/Dec/2019:08:38:11 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"
刪除資源清單裏面的資源:
[root@s1 ~]# kubectl delete -f pod-demo.yaml
pod "pod-demo" deleted
事實上使用kubectl
命令管理資源有三種用法:
- 命令式用法, K8S應用快速入門中講的。
- 命令式資源清單用法,就是本章;
- 聲明式資源清單。使用聲明式資源清單,可以確保資源儘可能的向我們聲明的狀態改變,這樣我們就可以隨時改變聲明,並隨時應用。