Kubernetes概念篇：基本概念和術語

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在開始使用之前，應當先了解一下關於","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"的相關概念術語，對後續的學習、使用將有很大的幫助。（","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"的概念比較多，建議加強理解，並清楚各種所處位置及關聯！）","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中的大部分概念，如：","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Node","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Replication Controller","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Service","attrs":{}}],"attrs":{}},{"type":"text","text":"等都可以看作是一種","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"資源對象","attrs":{}},{"type":"text","text":"，幾乎所有資源對象都可以通過","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"提供的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kubectl","attrs":{}}],"attrs":{}},{"type":"text","text":"工具（或者API接口）執行增、刪、改、查等操作並將其保存在","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"etcd","attrs":{}}],"attrs":{}},{"type":"text","text":"中持久化存儲。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從這個角度來看，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"其實是一個高度自動化的資源控制系統，它通過跟蹤對比","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"etcd","attrs":{}}],"attrs":{}},{"type":"text","text":"庫裏保存的“資源期望狀態”與當前環境中的“實際資源狀態”的差異來實現自動控制和自動糾錯的高級功能。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文將介紹","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"中重要的資源對象，即：","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"的基本概念和術語。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"1、Master","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Master","attrs":{}}],"attrs":{}},{"type":"text","text":"是指","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"集羣中的控制節點（Master Node），在每個","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes","attrs":{}}],"attrs":{}},{"type":"text","text":"集羣裏都需要有一個","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Master","attrs":{}}],"attrs":{}},{"type":"text","text":"來負責整個集羣的管理和控制，基本所有的控制命令都發給它，它負責具體的執行過程，後續執行的所有命令基本都是在","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Master","attrs":{}}],"attrs":{}},{"type":"text","text":"上運行。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Master","attrs":{}}],"attrs":{}},{"type":"text","text":"提供集羣的獨特視角，並且擁有一系列組件，比如","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes API Server","attrs":{}}],"attrs":{}},{"type":"text","text":"。","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"API Server","attrs":{}}],"attrs":{}},{"type":"text","text":"提供可以用來和集羣交互的REST端點。可以通過命令行或圖形化界面來維護Pod、副本和服務。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0e/0ea5db1a6e274e4773dd6cd39784ebad.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Master上包括以下組件：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"etcd：","attrs":{}},{"type":"text","text":" 分佈式key-value存儲，保存集羣的狀態數據、資源對象數據。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"API Server(","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kube-api-server","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":")：","attrs":{}},{"type":"text","text":" Kubernetes提供的HTTP Rest接口，是所有資源的增、刪、改、查等操作的唯一入口，也是集羣控制的入口進程。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Controllers(","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kube-controller-manager","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":")：","attrs":{}},{"type":"text","text":" Kubernetes裏所有資源對象的自動化控制中心。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"Scheduler(","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kube-scheduler","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":")：","attrs":{}},{"type":"text","text":" 負責資源調度（Pod調度）的進程，相當於公交公司的\"調度室\"。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"2、Node","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了Master，Kubernetes集羣中的其他集羣被稱爲","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Node","attrs":{}}],"attrs":{}},{"type":"text","text":"，即：Worker Node（工作節點）。與Master一樣，Node可以是一臺物理主機，也可以是一臺虛擬機。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Node","attrs":{}}],"attrs":{}},{"type":"text","text":"是Kubernetes集羣中的工作負載節點，每個Node都會被Master分配一些工作負載，當某個Node宕機時，其上的工作負載會被Master自動轉移到其他節點上。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/05/05485620c9f56f8d765571fe770a0dd6.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每個Node上都運行着以下關鍵組件：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"kubelet","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","text":"： 負責Pod對應的容器創建、啓停等任務，同時與Master密切協作，實現集羣管理的基本功能。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"kube-proxy","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","text":"： 實現Kubernetes Service的通信與負載均衡機制的重要組件。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Container Runtime","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","text":"： 下載鏡像、運行容器。如Docker引擎，負責本機的容器創建和管理工作。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Node","attrs":{}}],"attrs":{}},{"type":"text","text":"可以再運行期間動態增加調整到Kubernetes集羣中，默認情況下kubelet會向Master註冊自己。一旦Node被納入集羣管理範圍，kubelet進程就會定時向Master上報自己的信息，如操作系統、Docker版本、機器CPU和內存、以及當前有哪些Pod在運行等，這樣Master就可以獲知每個Node的資源使用情況，並實現高效均衡的資源調度策略。而某個Node在超過指定時間不上報信息時，會被Master判定爲“失聯”狀態，標記爲不可用（Not Ready）,隨後Master會觸發“工作負載大轉移”的自動流程。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"執行命令","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kubectl get nodes","attrs":{}}],"attrs":{}},{"type":"text","text":"可以查看在集羣中有多少個Node：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"[xcbeyond@localhost ~]$ kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nminikube Ready master 17d v1.19.0","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然後通過","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kubectl describe node ","attrs":{}}],"attrs":{}},{"type":"text","text":"查看某個Node的詳細信息：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"[xcbeyond@localhost ~]$ kubectl describe node minikube\nName: minikube\nRoles: master\nLabels: beta.kubernetes.io/arch=amd64\n beta.kubernetes.io/os=linux\n kubernetes.io/arch=amd64\n kubernetes.io/hostname=minikube\n kubernetes.io/os=linux\n ……","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"3、Pod","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"是Kubernetes中的原子對象，是基本構建單元。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"表示集羣上一組正在運行的容器。通常創建Pod是爲了運行單個主容器。Pod 還可以運行可選的sidecar容器，以實現諸如日誌記錄之類的補充特性。（如：在Service Mesh中，和應用一起存在的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"istio-proxy","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"istio-init","attrs":{}}],"attrs":{}},{"type":"text","text":"容器）","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"通常用Deployment來管理Pod。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一個","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"中可以包含多個容器（其他容器作爲功能補充），負責處理容器的數據卷、祕鑰、配置。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如下圖所示是","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"的組成示意圖，我們可以看到每個","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Pod","attrs":{}}],"attrs":{}},{"type":"text","text":"都有一個特殊的被稱爲“根容器”的Pause容器。Pause容器對應的鏡像屬於Kubernetes平臺的一部分，除了Pause容器，每個Pod還包含一個或多個緊密相關的用戶業務容器。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/bc/bca1bcd5a50ca440b12f0159a4a0c148.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"爲什麼Kubernetes會設計出一個全新的Pod概念，並且Pod要有這樣特殊的組成結構？","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在一組容器作爲一個單元整體的情況下，我們難以對“整體”簡單地進行判斷及有效地進行控制。比如，一個容器死亡了，此時算是整體死亡麼？引入業務無關並且不易死亡的Pause容器作爲Pod的根容器，以它的狀態代表整體容器組的狀態，就簡單、巧妙地解決了這個難題。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod裏的多個業務容器共享Pause容器的IP，共享Pause容器掛接的Volume，這樣既簡化了密切關聯的業務容器之間的通信問題，也很好地解決了它們之間的文件共享問題。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes爲每個Pod都分配了唯一的IP地址，稱之爲Pod IP，一個Pod裏的多個容器共享Pod IP地址。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes要求底層網絡支持集羣內任意兩個Pod之間的TCP/IP直接通信，這通常採用虛擬二層網絡技術來實現，例如Flannel、Open vSwitch等，因此我們需要牢記一點：","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在Kubernetes裏，一個Pod裏的容器與另外主機上的Pod容器能夠直接通信。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod有兩種類型：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"普通的Pod","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"靜態Pod（Static Pod）","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"後者比較特殊，它並不存放在Kubernetes的etcd存儲裏，而是存放在某個Node上的一個有個文件中，並且只在此Node上啓動運行。而普通的Pod一旦被創建，就會被放入到etcd中存儲，隨後會被Kubernetes Master調度到某個具體的Node上並進行綁定（Binding），隨後該Pod被對應的Node上的kubelet進程實例化成一組相關的Docker容器並且啓動起來。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在默認情況下，當Pod裏的某個容器停止時，Kubernetes會自動檢測到這個問題並且重新啓動這個Pod（重啓Pod裏的所有容器），如果Pod所在的Node宕機，則會將這個Node上的所有Pod重新調度到其他節點上。Pod、容器與Node的關係圖如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/41/4173499904969ed18c98884907ef9e90.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod 的生命週期是不確定的，可能非常短暫，但 Pod 具有很強的再生能力，在死後可以自動重新啓動（重啓機制）。Pod生命週期整個過程中，通常可能處於以下五個階段之一：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Pending","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"：","attrs":{}},{"type":"text","text":" Pod定義正確，提交到Master，但其所包含的容器鏡像還未完全創建。通常，Master對Pod進行調度需要一些時間，Node進行容器鏡像的下載也需要一些時間，啓動容器也需要一定時間。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Running","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"：","attrs":{}},{"type":"text","text":" Pod已經被分配到某個Node上，並且所有的容器都被創建完畢，至少有一個容器正在運行中，或者有容器正在啓動或重啓中。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Succeeded","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"：","attrs":{}},{"type":"text","text":" Pod中所有的容器都成功運行結束，並且不會被重啓。這是Pod的一種最終狀態。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Failed","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"：","attrs":{}},{"type":"text","text":" Pod中所有的容器都運行結束了，其中至少有一個容器是非正常結束的（exit code不是0）。這也是Pod的一種最終狀態。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Unknown","attrs":{}}],"marks":[{"type":"strong"}],"attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"：","attrs":{}},{"type":"text","text":" 無法獲得Pod的狀態，通常是由於無法和Pod所在的Node進行通信。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"4、Label","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Label","attrs":{}}],"attrs":{}},{"type":"text","text":"（標籤）是Kubernetes中另外一個核心概念。一個Label是一個key=value的鍵值對，其中key與value由用戶自己指定。Label可以被附加到各種資源對象上，例如Node、Pod、Service、RC等，一個資源對象可以定義任意數量的Label，同一個Label也可以被添加到任意數量的資源對象上。Label通常在資源對象定義時確定，也可以在對象創建後動態添加或刪除。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一般來說，我們會給指定的資源對象定義多個label，來實現多維度的資源分組管理，以便靈活、方便地進行資源分配、調度、配置、部署等管理工作。例如：部署不同版本的應用到不同的環境中，或者監控和分析應用（日誌記錄，監控，報警等）。一些常用的Label示例如下：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"版本標籤：","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"release：stable","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"release: canary","attrs":{}}],"attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"環境標籤：","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"environment: dev","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"environemnt: qa","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"environment: production","attrs":{}}],"attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"架構標籤：","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tier: frontend","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tier: backend","attrs":{}}],"attrs":{}},{"type":"text","text":"、","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"tier: middleware","attrs":{}}],"attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"……","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"某個資源對象定義了Label後，可以通過Label Selector（標籤選擇器）查詢和篩選Label的資源對象，Kubernetes通過這種方式實現了類似SQL的對象查詢機制。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常我們通過描述文件中的","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"spec.selector","attrs":{}}],"attrs":{}},{"type":"text","text":"字段來指定Label，從而Kubernetes尋找到所有包含你指定Label的對象，進行管理。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes目前支持兩種類型的Label Selector：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於等式的Selector（Equality-based）：等式雷表達式匹配標籤。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於集合的Selector（Set-based）：集合操作類表達式匹配標籤。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Label","attrs":{}}],"attrs":{}},{"type":"text","text":"可以給對象創建一組或多組標籤，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Label","attrs":{}}],"attrs":{}},{"type":"text","text":"和","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Label Selector","attrs":{}}],"attrs":{}},{"type":"text","text":"共同構成了Kubernetes系統中最核心的應用模型，使得對象能夠精細分組、管理，同時實現了集羣的高可用性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/8f/8f127a82b1c8e985553a1b6a72cbaa9f.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/43/436ebecf618c12d26c3094e7d27301e5.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"5、Replication Controller","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Replication Controller","attrs":{}}],"attrs":{}},{"type":"text","text":"，簡稱RC，是Kubernetes中核心概念之一，定義了一個期望的場景，即：聲明某種Pod的副本數量在任意時刻都符合某個預期值。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"RC的定義包括以下幾個部分：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Pod預期的副本數量。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用於篩選目標Pod的Label Selector。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當Pod的副本數量小於預期數量時，用於創建新Pod的Pod模板。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下面以有3個Node的集羣爲例進行，說明Kubernetes如何通過RC來實現Pod副本數量自動控制的機制。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假如在我們的RC裏定義redis-slave這個Pod需要保持2個副本，系統將可能在其中的兩個Node創建Pod，如下圖所示：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/14/14c2022cfb282d8580016560d70a1e0a.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假如Node 2上的Pod意外終止，則根據RC定義的replicas數量2，Kubernetes將自動創建並啓動一個新的Pod，以保證整個集羣中始終有兩個redis-slave運行。如下圖所示，Kubernetes可能選擇Node 3或者Node 1來創建一個新的Pod。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/33/331d3cad52f7b62fe16415cfe255869c.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外，在運行時，我們可以通過修改RC的副本數量，來實現Pod的動態縮放（Scaling），可通過執行","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kubectl scale rc redis-slave --replicas=3","attrs":{}}],"attrs":{}},{"type":"text","text":"命令一鍵完成。執行結果示意如下圖所示：","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/95/95cea20d6063f63203f965b5b54e3fea.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"注意：刪除RC並不會影響通過該RC創建好的Pod。","attrs":{}},{"type":"text","text":" 刪除所有Pod，可以設置replicas的值爲0，然後更新該RC。另外，kubectl也提供了stop和delete命令來一次性刪除RC和RC控制的全部Pod。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後，總結一下RC的特性和作用：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大多數情況下，通過自定義一個RC實現Pod的創建過程及副本數量的自動控制。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"RC裏包含完整的pod定義模板。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"RC通過label selector機制實現對pod副本的自動控制。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過改變RC裏的Pod副本數量，實現對Pod的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"擴容和縮容功能","attrs":{}},{"type":"text","text":"。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過改變RC裏Pod模板中的鏡像版本，可以實現Pod的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"滾動升級功能","attrs":{}},{"type":"text","text":"。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"6、Deployment","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Deployment","attrs":{}}],"attrs":{}},{"type":"text","text":"是Kubernetes在1.2版本中引入的新概念，用於更好地解決Pod的編排問題。爲此，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Deployment","attrs":{}}],"attrs":{}},{"type":"text","text":"在內部使用了Replica Set來實現，無論從Deployment的作用、YAML定義，還是從它的具體命令行操作來看，我們都可以把它看作是RC的一次升級。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Deployment","attrs":{}}],"attrs":{}},{"type":"text","text":"相對於RC的一個最大升級是我們可以隨時知道當前Pod部署的進度。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"典型使用場景：","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建Deployment對象來生成對應的Replica set並完成Pod副本的創建。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"檢查Deployment的狀態來看部署動作是否完成（Pod副本數是否達到預期值）。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"更新Deployment來創建新的Pod。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果當前Deployment不穩定，則回滾到一個先前的Deployment版本。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"暫停Deployment以便於一次性修改多個PodTemplateSpec的配置項，之後再恢復Deployment，進行新的發佈。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"擴展Deployment以應對高負載。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"查看Deployment狀態，以此作爲發佈是否成功的指標。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"7、StatefulSet","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Kubernetes中，Pod的管理對象RC、Deployment、DaemonSet和Job都是面向無狀態的服務。但現實中有很多服務是有狀態的，特別是一些複雜的中間件集羣，例如MySQL集羣、MongoDB集羣、Kafka集羣、Zookeeper集羣等，這些應用集羣有以下一些共同點。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每個節點都有固定的身份ID，通過這個ID，集羣中的成員可以相互發現並且通信。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"集羣的規模是比較固定的，集羣規模不能隨意變動。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"集羣裏的每個節點都是有狀態的，通常會持久化數據到永久存儲中。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果磁盤損壞，則集羣裏的某個節點無法正常運行，集羣功能受損。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果用RC或Deployment控制Pod副本數的方式來實現上述有狀態的集羣，則我們會發現第一點是無法滿足的，因爲Pod的名字是隨機產生的，Pod的IP地址也是在運行期才確定且可能有變動的，我們事先無法爲每個Pod確定唯一不變的ID，爲了能夠在其他節點上恢復某個失敗的節點，這種集羣中的Pod需要掛接某種共享存儲，爲了解決這個問題，Kubernetes從v1.4版本開始引入了PetSet這個新的資源對象，並且在v1.5版本時更名爲","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"StatefulSet","attrs":{}}],"attrs":{}},{"type":"text","text":"，","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"StatefulSet","attrs":{}}],"attrs":{}},{"type":"text","text":"從本質上來說，可以看作Deployment/RC的一個特殊變種，它有如下一些特性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"StatefulSet裏的每個Pod都有穩定、唯一的網絡標識，可以用來發現集羣內的其他成員。假設StatefulSet的名字叫kafka，那麼第一個Pod叫kafak-0，第二個Pod叫kafak-1，以此類推。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"StatefulSet控制的Pod副本的啓停順序是受控的，操作第n個Pod時，前n-1個Pod已經時運行且準備好的狀態。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"StatefulSet裏的Pod採用穩定的持久化存儲卷，通過PV/PVC來實現，刪除Pod時默認不會刪除與StatefulSet相關的存儲卷（爲了保證數據的安全）。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"StatefulSet","attrs":{}}],"attrs":{}},{"type":"text","text":"除了要與PV卷捆綁使用以存儲Pod的狀態數據，還要與Headless Service配合使用，即在每個","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"StatefulSet","attrs":{}}],"attrs":{}},{"type":"text","text":"的定義中要聲明它屬於哪個Headless Service。Headless Service與普通Service的關鍵區別在於，它沒有Cluster IP，如果解析Headless Service的DNS域名，則返回的是該Service對應的全部Pod的Endpoint列表。StatefulSet在Headless Service的基礎上又爲StatefulSet控制的每個Pod實例創建了一個DNS域名，這個域名的格式爲：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"$(podname).$(headless service name)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"比如一個3節點的Kafka的StatefulSet集羣，對應的Headless Service的名字爲kafka，StatefulSet的名字爲kafka，則StatefulSet裏面的3個Pod的DNS名稱分別爲kafka-0.kafka、kafka-1.kafka、kafka-3.kafka，這些DNS名稱可以直接在集羣的配置文件中固定下來。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"8、Service","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Service","attrs":{}}],"attrs":{}},{"type":"text","text":"也是Kubernetes裏的最核心的資源對象之一，Kubernetes裏的每個Service其實就是我們經常提起的微服務架構中的一個“微服務”，上面我們所說的Pod、RC等資源對象其實都是爲講解Kubernetes Service做鋪墊的。下圖顯示了Pod、RC與Service的邏輯關係。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6e/6ee4b8b04c326d4599a0b42d98af733f.webp","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從圖中我們看到，Kubernetes的Service定義了一個服務的訪問入口地址，前端的應用（Pod）通過這個入口地址訪問其背後的一組由Pod副本組成的集羣實例，Service與其後端Pod副本集羣之間則是通過Label Selector來實現“無縫對接”的。而RC的作用實際上是保證Service的服務能力和服務質量始終處於預期的標準。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"9、Job","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Job","attrs":{}}],"attrs":{}},{"type":"text","text":"（批處理任務）通過並行或串行啓動多個進程去處理一批工作，在處理完成後，整個批處理任務結束。從Kubernetes 1.2版本開始，支持批處理類型的應用，可以通過Kubernetes Job這種新的資源對象定義並啓動一個批處理任務Job。與RC、Deployment、ReplicaSet類似，Job也是用來控制一組Pod容器。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Job","attrs":{}}],"attrs":{}},{"type":"text","text":"負責批量處理短暫的一次性任務 ，即僅執行一次的任務，它保證批處理任務的一個或多個Pod成功結束。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"10、Volume","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Volume","attrs":{}}],"attrs":{}},{"type":"text","text":"（存儲卷）是Pod中能夠被多個容器訪問的共享目錄。Kubernetes的Volume概念、用途和目的與Docker的Volume比較類似，但兩者不能等價。首先，Kubernetes中的Volume定義在Pod上，然後被一個Pod裏的多個容器掛載到具體的文件目錄下；其次，Kubernetes中的Volume中的數據也不會丟失。最後，Kubernetes支持多種類型的Volume，例如Gluster、Ceph等先進的分佈式文件系統。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"11、Namespace","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Namespace","attrs":{}}],"attrs":{}},{"type":"text","text":"（命名空間）是Kubernetes系統中的另一個非常重要的概念，Namespace在很多情況下用於實現多租戶的資源隔離。Nameaspace通過將集羣內部的資源對象“分配”到不同的Namespce中，形成邏輯上分組的不同項目、小組或用戶組，便於不同的分組在共享使用整個集羣的資源的同時還能被分別管理。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes集羣默認會創建一個名爲default的Namespace，通過","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"kubectl","attrs":{}}],"attrs":{}},{"type":"text","text":"可以查看：","attrs":{}}]},{"type":"codeblock","attrs":{"lang":null},"content":[{"type":"text","text":"[xcbeyond@bogon ~]$ kubectl get namespaces\nNAME STATUS AGE\ndefault Active 23d\nistio-system Active 22d\nkube-node-lease Active 23d\nkube-public Active 23d\nkube-system Active 23d\nkubernetes-dashboard Active 23d","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果不特別指定Namespace，則用戶創建的Pod、RC、Service等都將創建到默認的default的Namespace中。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"12、Annotation","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"codeinline","content":[{"type":"text","text":"Annotation","attrs":{}}],"attrs":{}},{"type":"text","text":"（註解）與Label類似，也使用key/value鍵值對的形式進行定義。不同的是Label具有嚴格的命名規則，它定義的是Kubernetes對象的元數據（Metadata），並且用於Label Selector。而","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Annotation","attrs":{}}],"attrs":{}},{"type":"text","text":"則是用戶任意定義的“附加”信息，以便於外部工具進行查找，很多時候，Kubernetes的模塊自身會通過Annotation的方式標記資源對象的特殊信息。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通常來說，用","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Annotation","attrs":{}}],"attrs":{}},{"type":"text","text":"來記錄的信息如下：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"build信息、release信息、Docker鏡像信息等，例如時間戳、release id號、PR號、鏡像hash值、docker registry地址等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"日誌庫、監控庫、分析庫等資源庫的地址信息。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"程序調試工具信息，例如工具、版本號等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"團隊等聯繫信息，例如電話號碼、負責人名稱、網址等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"13、ConfigMap","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了能夠準確、深刻理解","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"Kubernetes ConfigMap","attrs":{}}],"attrs":{}},{"type":"text","text":"的功能和價值，可以先從Docker說起。我們都知道，Docker通過將程序、依賴庫、數據及配置文件等“打包固化”到一個不變的鏡像文件，以解決因應用部署差異的難題，但這同時帶來了另一個棘手的問題，即：配置文件中的參數在運行期間如何修改的問題。爲了解決這個問題，Docker提供了以下兩種方式：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過環境變量來傳遞參數。","attrs":{}}]}],"attrs":{}},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過Docker Volume將容器外的配置文件映射到容器內。","attrs":{}}]}],"attrs":{}}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在大多數情況下，我們更傾向於後一種方式，應該大多數應用通常擁有多個參數，配置文件映射的方式簡潔。但這種方式也有明顯的缺陷：必須事先在宿主機上創建好配置文件，然後容器啓動時才能夠映射到容器裏。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果在分佈式系統中，就會變得更加糟糕，多臺宿主機上創建相同的配置文件，並且要確保這些配置文件的一致性，是很難實現的。爲此，Kubernetes引入了","attrs":{}},{"type":"codeinline","content":[{"type":"text","text":"ConfigMap","attrs":{}}],"attrs":{}},{"type":"text","text":"，巧妙的解決了這種問題。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"把所有的配置項都當作key-value字符串，如：配置項host=192.168.1.1、user=root、password=123456用於表示連接FTP服務器的配置參數。這些配置項作爲Map表中的一項，整個Map的數據被持久化存儲在Kubernetes的etcd中，並提供API方便Kubernetes相關組件或應用CRUD操作，這裏用來保存配置參數的Map就是Kubernetes ConfigMap資源對象。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"ConfigMap機制：","attrs":{}},{"type":"text","text":" 將存儲在etcd中的ConfigMap通過Volume映射方式變爲目標Pod內的配置文件，不管目標Pod被調度到哪臺服務器上，都會自歐東完成映射。如果ConfigMap中的key-value數據被修改，則映射到Pod中的“配置文件”也會隨之自動更新。於是，ConfigMap就形成了分佈式系統中最爲簡單且對應用無侵入的配置中心。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"14、總結","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上述的這些概念術語也是Kubernetes的核心組件，它們共同構成了Kubernetes的框架和計算模型。通過對它們進行靈活組合，用戶就可以快速、方便地對容器集羣進行配置、創建和管理。除了本文介紹的概念外，Kubernetes中還有許多其他的概念，用於輔助配置資源對象，如：LimitRange、ResourceQuota等，更多概念術語可參照官方術語表：","attrs":{}},{"type":"text","marks":[{"type":"underline","attrs":{}}],"text":"https://kubernetes.io/zh/docs/reference/glossary/?fundamental=true","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":9}}],"text":"參考文章：","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":9}}],"text":"1.https://phoenixnap.com/kb/understanding-kubernetes-architecture-diagrams","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"size","attrs":{"size":9}}],"text":"2.https://k21academy.com/docker-kubernetes/kubernetes-architecture-components-overview-for-beginners/","attrs":{}}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}