Kubernetes(k8s)的Namespace、Pod、Label、Deployment、Service实战入门
目录1. Namespace1.1 Namespace介绍1. Namespace1.1 Namespace介绍Namespace是kubernetes系统中的一种资源,是用来实现多套系统的资源隔离。比如开发环境和测试环境的资源隔离不同Namespace的Pod不能相互访问,同一Namespace的Pod可以相互访问。通过Namespace进行统一的管理kubernetes的资源配额机制,限定不同
1. Namespace
1.1 Namespace介绍
- Namespace是kubernetes系统中的一种资源,是用来实现多套系统的资源隔离。比如开发环境和测试环境的资源隔离
- 不同Namespace的Pod不能相互访问,同一Namespace的Pod可以相互访问。通过Namespace进行统一的管理
- kubernetes的资源配额机制,限定不同Namespace能占用的CPU、内存资源使用量等。通过kubernetes的授权机制,将不同的Namespace交给不同租户进行管理
kubernetes默认创建的namespace
[root@k8s-master ~]# kubectl get namespace
NAME STATUS AGE
default Active 2d3h
kube-node-lease Active 2d3h
kube-public Active 2d3h
kube-system Active 2d3h
[root@k8s-master ~]#
- default:所有未指定Namespace的对象都会被分配在default命名空间
- kube-node-lease:用于集群节点之间的心跳维护
- kube-public:此命名空间的资源可以被所有人访问,包括未认证用户
- kube-system:所有由kubernetes系统创建的资源都处于这个命名空间
1.2 Namespace的Kubectl命令行操作
1.2.1 查看所有的命名空间
[root@k8s-master ~]# kubectl get ns
1.2.2 查看指定的命名空间
也可以指定以json或yaml格式查看结果
[root@k8s-master ~]# kubectl get namespace default -o wide
NAME STATUS AGE
default Active 2d5h
[root@k8s-master ~]#
1.2.3 查看命名空间的详情
其中resource quota是针对命名空间做的资源限制。LimitRange resource是针对命名空间中每个组件做的资源限制
[root@k8s-master ~]# kubectl describe namespace default
Name: default
Labels: kubernetes.io/metadata.name=default
Annotations: <none>
Status: Active
No resource quota.
No LimitRange resource.
[root@k8s-master ~]#
1.2.4 创建命名空间
[root@k8s-master ~]# kubectl create namespace dev
namespace/dev created
[root@k8s-master ~]#
1.2.5 删除命名空间
该namespace下的其它资源也会被删除
[root@k8s-master ~]# kubectl delete ns dev
namespace "dev" deleted
[root@k8s-master ~]#
1.3 Namespace的Kubectl配置文件操作
新建ns-dev.yaml,内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: dev
1.3.1 通过命令式对象配置进行创建和删除
[root@k8s-master ~]# kubectl create -f ns-dev.yaml
namespace/dev created
[root@k8s-master ~]# kubectl delete -f ns-dev.yaml
namespace "dev" deleted
[root@k8s-master ~]#
2. Pod
2.1 Pod的介绍
Pod是kubernetes集群进行管理的最小单元,程序要运行必须部署在容器中,而容器必须存在于Pod中,一个Pod中可以运行一个或多个容器。其中pause是根容器
查看K8s系统自己运行的Pod。pods资源加s不加s都一样
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-57d95cb479-5zppz 1/1 Running 1 (2d8h ago) 2d8h
calico-node-2m8xb 1/1 Running 1 (2d8h ago) 2d8h
calico-node-jnll4 1/1 Running 1 (2d8h ago) 2d8h
calico-node-v6zcv 1/1 Running 1 (2d8h ago) 2d8h
coredns-7f74c56694-snzmv 1/1 Running 1 (2d8h ago) 2d8h
coredns-7f74c56694-whh84 1/1 Running 1 (2d8h ago) 2d8h
etcd-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-apiserver-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-controller-manager-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-9gc7d 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-f9w7h 1/1 Running 1 (2d8h ago) 2d8h
kube-proxy-s8rwk 1/1 Running 1 (2d8h ago) 2d8h
kube-scheduler-k8s-master 1/1 Running 1 (2d8h ago) 2d8h
[root@k8s-master ~]#
2.2 Pod的Kubectl命令行操作
2.2.1 创建并运行Pod
[root@k8s-master ~]# kubectl create ns dev
namespace/dev created
[root@k8s-master ~]# kubectl run my-nginx --image=nginx:latest --port=80 --namespace=dev
pod/my-nginx created
[root@k8s-master ~]#
2.2.2 查询所有Pod的基本信息
[root@k8s-master ~]# kubectl get pods -n dev -o wide -w
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx 1/1 Running 0 70s 10.244.169.134 k8s-node2 <none> <none>
2.2.3 查看Pod的详细信息
可以查看Pod的启动日志
[root@k8s-master ~]# kubectl describe pod my-nginx -n dev
Name: my-nginx
Namespace: dev
Priority: 0
Node: k8s-node2/192.168.23.162
Start Time: Sat, 14 May 2022 22:03:47 +0800
Labels: run=my-nginx
Annotations: cni.projectcalico.org/containerID: 516ad8c4489408f6de6cb0558e266da6eac0600a6fa1ea907818856d8e5e98d5
cni.projectcalico.org/podIP: 10.244.169.134/32
cni.projectcalico.org/podIPs: 10.244.169.134/32
Status: Running
IP: 10.244.169.134
IPs:
IP: 10.244.169.134
Containers:
my-nginx:
Container ID: containerd://fcf04016250a93e27a07b5380d88ce878dc56da4a47107378dbd5d3bb3244d4f
Image: nginx:latest
Image ID: docker.io/library/nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sat, 14 May 2022 22:04:03 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-srfct (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-srfct:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 99s default-scheduler Successfully assigned dev/my-nginx to k8s-node2
Normal Pulling 99s kubelet Pulling image "nginx:latest"
Normal Pulled 84s kubelet Successfully pulled image "nginx:latest" in 15.437873591s
Normal Created 84s kubelet Created container my-nginx
Normal Started 84s kubelet Started container my-nginx
[root@k8s-master ~]#
2.2.4 访问pod中容器提供的服务
[root@k8s-master ~]# curl 10.244.169.134:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@k8s-master ~]#
2.2.5 查看pod的日志
[root@k8s-master ~]# kubectl logs -f my-nginx -n dev
2.2.6 删除指定的Pod
[root@k8s-master ~]# kubectl delete pod my-nginx -n dev
pod "my-nginx" deleted
[root@k8s-master ~]#
2.3 Pod的Kubectl配置文件操作
新建pod-nginx.yaml,内容如下:
[root@k8s-master ~]# cat pod-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: dev
spec:
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: nginx-container
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
[root@k8s-master ~]#
2.3.1 通过命令式对象配置进行创建和删除
[root@k8s-master ~]# kubectl create -f pod-nginx.yaml
pod/nginx-pod created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f pod-nginx.yaml
pod "nginx-pod" deleted
[root@k8s-master ~]#
3. Label
3.1 Label的介绍
虽然Namespace可以起到隔离,但是不同Namespace的Pod不能相互访问。Label作用就是在资源上添加标识,用来对它们进行区分和选择。实现资源的多纬度分组,以便灵活、方便地进行资源分配、调度、配置和部署等管理工作
Label的特点:
- 一个Label会以key:value键值对的形式附加到各种资源对象上,如Node、Pod、Service等
- 一个资源对象可以定义任意数量的Label,同一个Label也可以被添加到任意数量的资源对象上
- Label可以在资源对象定义时添加,也可以在资源对象创建后动态的添加或删除
3.2 Label的定义和筛选
一些常用的Label标签示例如下:
- 版本标签:“version”:”release”, ”version”:”stable”
- 环境标签:“env”:”dev”, “env”:”test”, “env”:”pro
- 架构标签:“tier”:”frontend”, ”tier”:”backend”
Label的筛选需要用到Label Selector,共两种
-
基于等式的Label Selector
- env=test:选择所有Label中的key=“env”并且value=“test”的资源对象
- env!=test:选择所Label中的key=“env”并且value!=“test”的资源对象
-
基于集合的Label Selector
- env in (dev,test):选择所有Label中的key=“env”并且value=“dev”或value=“test”的资源对象
- env not in (dev,test):选择所有Label中的key=“env”并且value!=“dev”和value!=“test”的资源对象
-
标签的选择条件可以使用多个,此时将多个Label Selector进行组合,使用逗号
,
进行分隔即可。- env=test,version!=stable:选择所有Label中的key=“env”并且value=“test”,并且key=“version”并且value!=“stable”的资源对象
3.3 Lable的Kubectl命令行操作
3.3.1 为资源打标签
[root@k8s-master ~]# kubectl label pod my-nginx version=1.0 -n dev
pod/my-nginx labeled
[root@k8s-master ~]#
3.3.2 更新资源的标签
[root@k8s-master ~]# kubectl label pod my-nginx version=2.0 -n dev --overwrite
pod/my-nginx labeled
[root@k8s-master ~]#
3.3.3 查看Pod所有标签
[root@k8s-master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
my-nginx 1/1 Running 0 84s run=my-nginx,version=2.0
[root@k8s-master ~]#
3.3.4 筛选Pod标签
[root@k8s-master ~]# kubectl get pod -l version=2.0 -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
my-nginx 1/1 Running 0 117s run=my-nginx,version=2.0
[root@k8s-master ~]#
3.3.5 删除标签
[root@k8s-master ~]# kubectl label pod my-nginx version- -n dev
pod/my-nginx unlabeled
[root@k8s-master ~]#
3.4 Lable的Kubectl配置文件操作
新建pod-nginx.yaml,内容如下:
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: dev
labels:
version: "3.0"
env: "test"
spec:
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: nginx-container
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
3.4.1 通过命令式对象配置进行创建和删除
[root@k8s-master ~]# kubectl create -f pod-nginx.yaml
pod/nginx-pod created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx-pod 1/1 Running 0 10s env=test,version=3.0
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f pod-nginx.yaml
pod "nginx-pod" deleted
[root@k8s-master ~]#
4. Deployment
4.1 Deployment的介绍
- kubernetes很少直接控制Pod,一般通过Pod控制器来完成的
- Pod控制器用于Pod的管理,确保Pod资源符合预期的状态,当Pod的资源出现故障的时候,会尝试进行重启或重建Pod。比如预期启动3个nginx pod,挂了一个,又会重启一个
- 这里我们只介绍Deployment这一种Pod控制器。Pod上定义Label,Deployment通过Label Selector进行Pod的选择
4.2 Deployment的Kubectl命令行操作
4.2.1 创建指定名称的deployement
[root@k8s-master ~]# kubectl create ns dev
namespace/dev created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create deployment my-nginx --image=nginx -n dev
deployment.apps/my-nginx created
[root@k8s-master ~]#
4.2.2 将deploy的一个pod拓展到4个pod
[root@k8s-master ~]# kubectl scale deployment my-nginx --replicas=4 -n dev
deployment.apps/my-nginx scaled
[root@k8s-master ~]#
4.2.3 查看deployment的信息
[root@k8s-master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
my-nginx 4/4 4 4 4m2s
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
my-nginx-7cddc5685c-5mtfx 1/1 Running 0 104s
my-nginx-7cddc5685c-8wj5d 1/1 Running 0 4m11s
my-nginx-7cddc5685c-hz258 1/1 Running 0 104s
my-nginx-7cddc5685c-zxrnh 1/1 Running 0 104s
[root@k8s-master ~]#
4.2.4 查看deployment的详细信息
[root@k8s-master ~]# kubectl describe deployment my-nginx -n dev
Name: my-nginx
Namespace: dev
CreationTimestamp: Sun, 15 May 2022 10:05:03 +0800
Labels: app=my-nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=my-nginx
Replicas: 4 desired | 4 updated | 4 total | 4 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=my-nginx
Containers:
nginx:
Image: nginx
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets: <none>
NewReplicaSet: my-nginx-7cddc5685c (4/4 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 4m32s deployment-controller Scaled up replica set my-nginx-7cddc5685c to 1
Normal ScalingReplicaSet 2m5s deployment-controller Scaled up replica set my-nginx-7cddc5685c to 4
[root@k8s-master ~]#
4.2.5 删除deployment
deployment控制器删除,deployment下的pod也会被删除
[root@k8s-master ~]# kubectl delete deployment my-nginx -n dev
deployment.apps "my-nginx" deleted
[root@k8s-master ~]#
4.3 Deployment的Kubectl配置文件操作
新建nginx-deploy.yaml,内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
run: nginx-pod
template:
metadata:
labels:
run: nginx-pod
spec:
containers:
- image: nginx
name: nginx-container
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
name: nginx-port
4.3.1 通过命令式对象配置进行创建和删除
[root@k8s-master ~]# kubectl create -f nginx-deploy.yaml
deployment.apps/nginx-deploy created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f nginx-deploy.yaml
deployment.apps "nginx-deploy" deleted
[root@k8s-master ~]#
5. Service
5.1 Service的介绍
利用Deployment创建一组Pod提供高可用性的服务,每个Pod都会分配一个单独的IP地址,但却存在如下问题:
- Pod的IP会随着Pod的重建而变化
- Pod的IP仅在K8s集群所在服务器能访问,其它服务器不能访问
Service可以解决这个问题。Service可以看做是一组同类的Pod对外的访问接口,应用可以方便的实现服务发现和负载均衡
5.2 Service的Kubectl命令行操作
5.2.1 暴露Service
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl create deployment nginx-deploy --image=nginx --replicas=3 -n dev
deployment.apps/nginx-deploy created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl expose deployment nginx-deploy --name=nginx-svc --type=ClusterIP --port=80 --target-port=80 -n dev
service/nginx-svc exposed
[root@k8s-master ~]#
说明如下:
- 默认是ClusterIP模式。会产生一个Service的IP,在Service的生命周期内,这个IP是不会变化的。该IP只能K8s集群所在服务器访问
- Service创建的时候通过Deployment进行创建。提供服务的时候Service直接通过Label Selector选择Pod提供服务
--port
参数是Service的端口,--target-port
是Pod中服务的端口
--type=NodePort
参数说明:
能够K8s集群外部所在服务器访问,查看Service的信息如下:
[root@k8s-master ~]# kubectl get service -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx-svc NodePort 10.96.74.31 <none> 80:30182/TCP 6s app=nginx-deploy
[root@k8s-master ~]#
访问http://k8s集群任意节点IP:30182,都可以访问
5.2.2 查看Service
[root@k8s-master ~]# kubectl get service -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nginx-svc ClusterIP 10.96.149.66 <none> 80/TCP 3m55s app=nginx-deploy
[root@k8s-master ~]#
5.2.3 访问Service暴露的服务
[root@k8s-master ~]# curl 10.96.149.66:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@k8s-master ~]#
5.2.4 删除服务
[root@k8s-master ~]# kubectl delete service nginx-svc -n dev
service "nginx-svc" deleted
[root@k8s-master ~]#
5.3 Service的Kubectl配置文件操作
新建nginx-svc.yaml,内容如下。clusterIP不写会随机创建一个
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: dev
spec:
clusterIP: 10.96.68.58
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-deploy
type: ClusterIP
4.3.1 通过命令式对象配置进行创建和删除
[root@k8s-master ~]# kubectl create -f nginx-svc.yaml
service/nginx-svc created
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl delete -f nginx-svc.yaml
service "nginx-svc" deleted
[root@k8s-master ~]#
更多推荐
所有评论(0)