pod容器类型
bash
复制代码
- Pod容器类型之初始化容器案例
1.Pod的容器类型概述
基础架构容器:
为容器提供网络名称空间,pause为容器提供基础网络,该容器由K8S集群内部维护。
使用基础架构容器的启动有kubelet组件来完成,运维人员无需关系。
root@ubuntu1:~# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6"
初始化容器:
初始化容器是优先于业务容器启动,但比基础架构后启动,初始化容器可以定义多个,当所有的初始化容器运行完成后,业务容器才会启动。
一般情况下,初始化容器为业务容器做一些初始化的相关工作。当然,也可以不定义。
业务(应用)容器:
实际运行的业务容器,里面运行的都是业务相关的容器,是我们运维人员关心的容器类型。
cat 10-pods-xiuxian-initContainer.yaml
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-xiuxian-initcontainers
spec:
# 定义初始化容器
initContainers:
- name: init01
image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
command:
- sleep
- "10"
- name: init02
image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
args:
- sleep
- "30"
# 定义业务容器
containers:
- stdin: true
name: c1
image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
imagePullPolicy: IfNotPresent
rc控制器
bash
复制代码
列出资源支持的字段
root@ubuntu0:~# kubectl explain --help
root@ubuntu0:~# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
查看pod下metadata字段的参数和用法
root@ubuntu0:~# kubectl explain pod.metadata
文档的类型说明:
<string>
表示值是一个字符串类型,一般情况下双引号可以省略,特殊字符触发。
<integer>
表示值必须是一个整型,说白了就是整数。
<Object>
表示一个对象,说明有多个下级字段,这些字段都是同一个对象。
<map[string]string>
表示一个map类型,对应的是"KEY: VALUE"的格式,其中KEY的类型是字符串,且VALUE的类型是字符串。
<[]Object>
表示一个数组对象,说明下级字段可以定义多个并列的关系,代表的是多个对象。
<[]string>
表示数组字符串,可以定义多个字符串,使用"-"来区分。
也可以使用中括号("[]")来定义,命令和参数使用双引号引起来,参数使用逗号分割。
-required-
关键字,表示该字段必须定义。
- rc副本控制器
1.rc控制器概述
可以指定控制Pod副本数量始终存活。
2.编写资源清单
root@ubuntu0:~/manifests/ReplicationController# cat 01-rc-xiuxian.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-rc-xiuxian
spec:
#指定多少个pod存货
replicas: 3
#标签选择器,一般用于关联pod的标签,rc控制器是基于标签关联pod的,他和下面定义的labels, labels要包含标签选择器 的标签,要不然会报错
selector:
apps: v1
school: oldboy
#定义pod的模板
template:
spec:
containers:
- name: c1
image: mysqlsb:v1
command:
- tail
- -f
- /etc/hosts
metadata:
labels:
apps: v1
school: oldboy
class: linux94
root@ubuntu0:~/manifests/ReplicationController# kubectl apply -f 01-rc-xiuxian.yaml
replicationcontroller/oldboyedu-rc-xiuxian created
root@ubuntu0:~/manifests/ReplicationController# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-k8rws 1/1 Running 0 3m7s 10.100.1.10 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-lnfzn 1/1 Running 0 3m7s 10.100.1.11 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-xpcp2 1/1 Running 0 3m7s 10.100.2.4 ubuntu2 <none> <none>
3.测试删除Pod观察是否会重新创建3个新的pod
3.1已经开始创建三个新的pod了
root@ubuntu0:~/manifests/ReplicationController# kubectl delete pods --all
pod "oldboyedu-rc-xiuxian-k8rws" deleted
pod "oldboyedu-rc-xiuxian-lnfzn" deleted
pod "oldboyedu-rc-xiuxian-xpcp2" deleted
^C
root@ubuntu0:~/manifests/ReplicationController# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-ghclj 1/1 Running 0 3s 10.100.2.5 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-k8rws 1/1 Terminating 0 4m 10.100.1.10 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-kkrv2 1/1 Running 0 3s 10.100.1.12 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-lnfzn 1/1 Terminating 0 4m 10.100.1.11 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-szt7l 1/1 Running 0 3s 10.100.2.6 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-xpcp2 1/1 Terminating 0 4m 10.100.2.4 ubuntu2 <none> <none>
查看rc列表
root@ubuntu0:~/manifests/ReplicationController# kubectl get rc
NAME DESIRED CURRENT READY AGE
oldboyedu-rc-xiuxian 3 3 3 5m27s
那如何删除rc的资源
root@ubuntu0:~/manifests/ReplicationController# kubectl delete rc --all
replicationcontroller "oldboyedu-rc-xiuxian" deleted
root@ubuntu0:~/manifests/ReplicationController# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-ghclj 1/1 Terminating 0 2m59s 10.100.2.5 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-kkrv2 1/1 Terminating 0 2m59s 10.100.1.12 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-szt7l 1/1 Terminating 0 2m59s 10.100.2.6 ubuntu2 <none> <none>
但是这个有一个弊端,指定pod去删除的话,他虽然会重启,但是ip地址会改变,那如何解决呢,k8s内置了一般svc的参数
root@ubuntu0:~/manifests/ReplicationController# kubectl api-resources |grep -w services
services svc v1 true Service
使用svc提供用户的请求代理
bash
复制代码
root@ubuntu0:~/manifests/ReplicationController# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-7hwgd 1/1 Running 0 14s 10.100.2.8 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-ff8lk 1/1 Running 0 14s 10.100.1.13 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-fxdhv 1/1 Running 0 14s 10.100.2.7 ubuntu2 <none> <none>
root@ubuntu0:~/manifests/services# cat 01-svc-xiuxian.yaml
apiVersion: v1
kind: Service
metadata:
name: svc-name
spec:
#定义标签选择器关联后端pod
selector:
apps: v1
class: linux94
#定义端口映射
ports:
# 定义Service对外暴露的端口
- port: 88
# 定义后端关联Pod的端口,相当于负载均衡器,访问88端口跳转到后端的80端口上
targetPort: 80
root@ubuntu0:~/manifests/ReplicationController# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 3d7h <none>
svc-name ClusterIP 192.168.51.94 <none> 88/TCP 110s apps=v1,class=linux94
root@ubuntu0:~/manifests/ReplicationController# kubectl describe svc svc-name
Name: svc-name
Namespace: default
Labels: <none>
Annotations: <none>
Selector: apps=v1,class=linux94
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 192.168.51.94
IPs: 192.168.51.94
Port: <unset> 88/TCP
TargetPort: 80/TCP
Endpoints: 10.100.1.13:80,10.100.2.7:80,10.100.2.8:80 #访问88端口他就会自动的转到这三台机器的80端口
Session Affinity: None
Events: <none>
root@ubuntu0:~/manifests/ReplicationController#kubectl exec -it oldboyedu-rc-xiuxian-fpqf9 -- sh
/ # echo AAAAAAAAAAAAAAAAAAA > /usr/share/nginx/html/index.html
/ #
root@ubuntu0:~/manifests/ReplicationController#
root@ubuntu0:~/manifests/ReplicationController# kubectl exec -it oldboyedu-rc-xiuxian-m9bn4 -- sh
/ # echo BBBBBBBBBBBBBBBBBBBB > /usr/share/nginx/html/index.html
/ #
root@ubuntu0:~/manifests/ReplicationController#
root@ubuntu0:~/manifests/ReplicationController# kubectl exec -it oldboyedu-rc-xiuxian-sfwss -- sh
/ # echo CCCCCCCCCCCCCCCCCCC > /usr/share/nginx/html/index.html
/ #
root@ubuntu0:~/manifests/ReplicationController#
root@ubuntu0:~/manifests/ReplicationController# for i in `seq 10`; do curl 10.200.161.32:88;done # 访问10次,发现每次请求的服务器随机。
AAAAAAAAAAAAAAAAAAA
BBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBB
AAAAAAAAAAAAAAAAAAA
BBBBBBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBBBBBB
CCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
AAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
[root@master231 services]#
此时就算ip地址发生改变了,ip地址也会跟着变,他是基于标签关联的,只要标签不变,ip就不会变
svc的服务发现功能
root@ubuntu0:~/manifests/ReplicationController# kubectl describe svc svc-xiuxain-v1 | grep Endpoints
Endpoints: 10.100.1.11:80,10.100.2.25:80,10.100.2.26:80
root@ubuntu0:~/manifests/ReplicationController# kubectl delete pods --all
pod "oldboyedu-rc-xiuxian-qc258" deleted
pod "oldboyedu-rc-xiuxian-xdt4c" deleted
pod "oldboyedu-rc-xiuxian-xsnbg" deleted
root@ubuntu0:~/manifests/ReplicationController#kubectl get pods -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
oldboyedu-rc-xiuxian-9m9bp 1/1 Running 0 4s 10.100.2.28 worker233 <none> <none> apps=v1,class=linux94,school=oldboyedu
oldboyedu-rc-xiuxian-tq7k7 1/1 Running 0 4s 10.100.1.12 worker232 <none> <none> apps=v1,class=linux94,school=oldboyedu
oldboyedu-rc-xiuxian-v7mcp 1/1 Running 0 4s 10.100.2.27 worker233 <none> <none> apps=v1,class=linux94,school=oldboyedu
root@ubuntu0:~/manifests/ReplicationController# kubectl describe svc svc-xiuxain-v1 | grep Endpoints
Endpoints: 10.100.1.12:80,10.100.2.27:80,10.100.2.28:80
可以在 这里面手动的更改负载均衡器的数量
root@ubuntu0:~/manifests/services# kubectl edit rc oldboyedu-rc-xiuxian # 此步骤修改svc对应的replicas副本数量。观察svc后端是否自动发现。
Edit cancelled, no changes made.
bash
复制代码
- 将WordPress和MySQL镜像推送到harbor仓库项目名称为:
- oldboyedu-db
- oldboyedu-wp
- 使用rc资源部署MySQL镜像,要求如下:
- 用户名: linux94
- 密码: oldboyedu
- 数据库: wordpress
- 管理员密码为空
- 使用svc关联MySQL数据库
- 最后新建pod连接MySQL进行测试
root@ubuntu0:~/manifests/ReplicationController# cat 02-rc-mysql.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql-test
spec:
replicas: 1
selector:
apps: mysql80
template:
metadata:
labels:
apps: mysql80
spec:
nodeName: worker233
hostNetwork: true
containers:
- name: db
image: mysqlsb:v1
env:
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MYSQL_USER
value: linux94
- name: MYSQL_PASSWORD
value: oldboyedu
- name: MYSQL_DATABASE
value: wordpress
root@ubuntu0:~/manifests/ReplicationController# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-test-fvlcz 1/1 Running 0 5s 192.168.23.98 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/ReplicationController# kubectl get rc -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
mysql-test 1 1 1 40s db mysqlsb:v1 apps=mysql80
使用svc关联MySQL数据库 ,此时就关联上数据库了
root@ubuntu0:~/manifests/services# cat 02-mysql.yaml
apiVersion: v1
kind: Service
metadata:
name: svc-name
spec:
selector:
apps: mysql80
ports:
- port: 3306
targetPort: 3306
root@ubuntu0:~/manifests/services# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 7d6h
svc-name ClusterIP 192.168.212.112 <none> 3306/TCP 3d23h
root@ubuntu0:~/manifests/services# kubectl describe svc
kubernetes svc-name
root@ubuntu0:~/manifests/services# kubectl describe svc svc-name
Name: svc-name
Namespace: default
Labels: <none>
Annotations: <none>
Selector: apps=mysql80
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 192.168.212.112
IPs: 192.168.212.112
Port: <unset> 3306/TCP
TargetPort: 3306/TCP
Endpoints: 192.168.23.98:3306
Session Affinity: None
Events: <none>
最后新建pod连接MySQL进行测试(临时测试)
root@ubuntu0:~/manifests/services# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-test-fvlcz 1/1 Running 0 43m 192.168.23.98 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/services# kubectl run -it mysql-test --image=harbor.oldboyedu.com/linux94/mysql:8.0.36-oracle -- mysql -h 192.168.23.98 -u root
If you don't see a command prompt, try pressing enter.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
5 rows in set (0.00 sec)
测试完删掉即可
root@ubuntu0:~/manifests/services# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-test 1/1 Running 1 (8s ago) 60s 10.100.1.17 ubuntu1 <none> <none>
mysql-test-fvlcz 1/1 Running 0 45m 192.168.23.98 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/services# kubectl de
debug delete describe
root@ubuntu0:~/manifests/services# kubectl delete pods mysql-test
pod "mysql-test" deleted
root@ubuntu0:~/manifests/services#
svc的作用
bash
复制代码
svc的作用:
- 1.为访问Pod提供统一的访问入口;
- 2.为后端Pod提供负载均衡的能力;
- 3.为后端Pod提供服务发现的能力;
- svc的类型
- ClusterIP
若不定义,则默认为ClusterIP,其作用就是为K8S集群内部提供服务代理。
- NodePort
在ClusterIP基础上,多了一个端口映射,即将k8s集群所有worker节点添加端口转发规则。
- LoadBalancer
在云环境使用。其作用和NodePort类似。
- ExternalName
相当于做CNAME,可以映射K8S集群外部的一个服务到K8S集群内部。
原理是根据标签来选择的
- nodePort类型案例
1.编写资源清单
root@ubuntu0:~/manifests/services# cat 03-xiuxian-Nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian-nodeport
spec:
type: NodePort
hostNetwork: true
selector:
apps: v1
ports:
- port: 80
targetPort: 80
# 指定工作节点需要转发的端口,早期K8S会在所有的worker节点监听端口。现在只是做了一个DNAT映射。
# 默认的有效范围是: 30000~32767,若不指定,则默认随时在该范围内生成一个端口
nodePort: 30080
部署rc,添加负载均衡节点
root@ubuntu0:~/manifests/ReplicationController# cat 01-rc-xiuxian.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-rc-xiuxian
spec:
#指定多少个pod存货
replicas: 3
#标签选择器,一般用于关联pod的标签,rc控制器是基于标签关联pod的,他和下面定义的labels, labels要包含标签选择器 的标签,要不然会报错
selector:
apps: v1
school: oldboy
#定义pod的模板
template:
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
metadata:
labels:
apps: v1
school: oldboy
class: linux94
root@ubuntu0:~/manifests/services# kubectl apply -f 03-xiuxian-Nodeport.yaml
service/svc-xiuxian-nodeport created
root@ubuntu0:~/manifests/services# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 5m26s 10.100.2.15 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-cd9mj 1/1 Running 0 5m26s 10.100.1.19 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 5m26s 10.100.2.14 ubuntu2 <none> <none>
root@ubuntu0:~/manifests/services# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 8d
svc-name ClusterIP 192.168.212.112 <none> 3306/TCP 5d9h
svc-xiuxian-nodeport NodePort 192.168.46.219 <none> 80:30080/TCP 24s
root@ubuntu0:~/manifests/services# kubectl describe service svc-xiuxian-nodeport
Name: svc-xiuxian-nodeport
Namespace: default
Labels: <none>
Annotations: <none>
Selector: apps=v1
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 192.168.46.219
IPs: 192.168.46.219
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30080/TCP
Endpoints: 10.100.1.19:80,10.100.2.14:80,10.100.2.15:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
root@ubuntu0:~/manifests/services# kubectl get pods -o wide -l apps=v1
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 12m 10.100.2.15 ubuntu2 <none> <none>
oldboyedu-rc-xiuxian-cd9mj 1/1 Running 0 12m 10.100.1.19 ubuntu1 <none> <none>
oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 12m 10.100.2.14 ubuntu2 <none> <none>
root@ubuntu0:~/manifests/services# kubectl get pods -o wide --show-labels -l apps=v1
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 13m 10.100.2.15 ubuntu2 <none> <none> apps=v1,class=linux94,school=oldboy
oldboyedu-rc-xiuxian-cd9mj 1/1 Running 0 13m 10.100.1.19 ubuntu1 <none> <none> apps=v1,class=linux94,school=oldboy
oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 13m 10.100.2.14 ubuntu2 <none> <none> apps=v1,class=linux94,school=oldboy
课堂练习:
基于rc部署修仙业务,其中30082访问的是v2业务(Pod副本数量为3个),30083访问的是v3业务(Pod副本数量为5个)。
[root@master231 case-demo]# cat 03-rc-svc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-rc-xiuxian-v2
spec:
replicas: 3
selector:
apps: v2
template:
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2
metadata:
labels:
apps: v2
---
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-rc-xiuxian-v3
spec:
replicas: 5
selector:
apps: v3
template:
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3
metadata:
labels:
apps: v3
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxain-v2
spec:
type: NodePort
selector:
apps: v2
ports:
- port: 80
targetPort: 80
nodePort: 30082
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxain-v3
spec:
type: NodePort
selector:
apps: v3
ports:
- port: 80
targetPort: 80
nodePort: 30083
名称空间
bash
复制代码
1.什么是名称空间
所谓的名称空间,是用来隔离K8S集群资源的。
2.响应式管理名称空间
2.1 查看现有的名称空间
root@ubuntu0:~# kubectl get ns
NAME STATUS AGE
default Active 11d
kube-flannel Active 11d
kube-node-lease Active 11d
kube-public Active 11d
kube-system Active 11d
root@ubuntu0:~# kubectl get namespaces
NAME STATUS AGE
default Active 11d
kube-flannel Active 11d
kube-node-lease Active 11d
kube-public Active 11d
kube-system Active 11d
3.创建名称空间
root@ubuntu0:~# kubectl create namespace th
namespace/th created
root@ubuntu0:~# kubectl get namespaces
NAME STATUS AGE
default Active 11d
kube-flannel Active 11d
kube-node-lease Active 11d
kube-public Active 11d
kube-system Active 11d
th Active 4s
4.删除名称空间
root@ubuntu0:~# kubectl delete namespaces th
namespace "th" deleted
root@ubuntu0:~# kubectl get namespaces
NAME STATUS AGE
default Active 11d
kube-flannel Active 11d
kube-node-lease Active 11d
kube-public Active 11d
kube-system Active 11d
温馨提示:
- 1.名称空间可以简单理解为Linux根下的不同目录,有默认的名称空间
default : 系统默认的名称空间。
kube-flannel :非系统默认,是安装flannel组件时,自动创建的名称空间。
kube-node-lease : 系统默认 ,里面没有资源。
kube-public : 系统默认,里面没有资源。
kube-system : 系统默认,里面会存放一些系统的资源。比如kube-proxy等。
- 2.删除名称空间意味着该名称空间下的所有资源都被删除。
5 查看指定名称空间下的资源
root@ubuntu0:~# kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 2d13h
oldboyedu-rc-xiuxian-cd9mj 1/1 Running 1 (20m ago) 2d13h
oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 2d13h
root@ubuntu0:~# kubectl get pods # 若不指定名称空间,则默认查看的就是default名称空间。
NAME READY STATUS RESTARTS AGE
oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 2d13h
oldboyedu-rc-xiuxian-cd9mj 1/1 Running 1 (21m ago) 2d13h
oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 2d13h
root@ubuntu0:~# kubectl get pods -n kube-system # 查看系统的名称空间
NAME READY STATUS RESTARTS AGE
coredns-6d8c4cb4d-d94jk 1/1 Running 3 (21m ago) 11d
coredns-6d8c4cb4d-fs6c8 1/1 Running 3 (21m ago) 11d
etcd-ubuntu0 1/1 Running 85 (21m ago) 11d
kube-apiserver-ubuntu0 1/1 Running 84 (21m ago) 11d
kube-controller-manager-ubuntu0 1/1 Running 24 (21m ago) 11d
kube-proxy-55wb7 1/1 Running 2 (7d22h ago) 11d
kube-proxy-cs2s8 1/1 Running 3 (21m ago) 11d
kube-proxy-tldxj 1/1 Running 3 (21m ago) 11d
kube-scheduler-ubuntu0 1/1 Running 25 (21m ago) 11d
root@ubuntu0:~# kubectl get pods --namespace kube-system # 也可以使用全称的方式
NAME READY STATUS RESTARTS AGE
coredns-6d8c4cb4d-d94jk 1/1 Running 3 (21m ago) 11d
coredns-6d8c4cb4d-fs6c8 1/1 Running 3 (21m ago) 11d
etcd-ubuntu0 1/1 Running 85 (21m ago) 11d
kube-apiserver-ubuntu0 1/1 Running 84 (21m ago) 11d
kube-controller-manager-ubuntu0 1/1 Running 24 (21m ago) 11d
kube-proxy-55wb7 1/1 Running 2 (7d22h ago) 11d
kube-proxy-cs2s8 1/1 Running 3 (21m ago) 11d
kube-proxy-tldxj 1/1 Running 3 (21m ago) 11d
kube-scheduler-ubuntu0 1/1 Running 25 (21m ago) 11d
6 查看所有名称空间的资源
root@ubuntu0:~# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 2d13h
default oldboyedu-rc-xiuxian-cd9mj 1/1 Running 1 (22m ago) 2d13h
default oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 2d13h
kube-flannel kube-flannel-ds-2vpbq 1/1 Running 4 (22m ago) 11d
kube-flannel kube-flannel-ds-82b54 1/1 Running 3 (22m ago) 11d
kube-flannel kube-flannel-ds-dhcw8 1/1 Running 2 (4d11h ago) 11d
kube-system coredns-6d8c4cb4d-d94jk 1/1 Running 3 (22m ago) 11d
kube-system coredns-6d8c4cb4d-fs6c8 1/1 Running 3 (22m ago) 11d
kube-system etcd-ubuntu0 1/1 Running 85 (22m ago) 11d
kube-system kube-apiserver-ubuntu0 1/1 Running 84 (22m ago) 11d
kube-system kube-controller-manager-ubuntu0 1/1 Running 24 (22m ago) 11d
kube-system kube-proxy-55wb7 1/1 Running 2 (7d22h ago) 11d
kube-system kube-proxy-cs2s8 1/1 Running 3 (22m ago) 11d
kube-system kube-proxy-tldxj 1/1 Running 3 (22m ago) 11d
kube-system kube-scheduler-ubuntu0 1/1 Running 25 (22m ago) 11d
root@ubuntu0:~# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default oldboyedu-rc-xiuxian-8zwvq 1/1 Running 0 2d13h
default oldboyedu-rc-xiuxian-cd9mj 1/1 Running 1 (22m ago) 2d13h
default oldboyedu-rc-xiuxian-lzsml 1/1 Running 0 2d13h
kube-flannel kube-flannel-ds-2vpbq 1/1 Running 4 (22m ago) 11d
kube-flannel kube-flannel-ds-82b54 1/1 Running 3 (22m ago) 11d
kube-flannel kube-flannel-ds-dhcw8 1/1 Running 2 (4d11h ago) 11d
kube-system coredns-6d8c4cb4d-d94jk 1/1 Running 3 (22m ago) 11d
kube-system coredns-6d8c4cb4d-fs6c8 1/1 Running 3 (22m ago) 11d
kube-system etcd-ubuntu0 1/1 Running 85 (22m ago) 11d
kube-system kube-apiserver-ubuntu0 1/1 Running 84 (22m ago) 11d
kube-system kube-controller-manager-ubuntu0 1/1 Running 24 (22m ago) 11d
kube-system kube-proxy-55wb7 1/1 Running 2 (7d22h ago) 11d
kube-system kube-proxy-cs2s8 1/1 Running 3 (22m ago) 11d
kube-system kube-proxy-tldxj 1/1 Running 3 (22m ago) 11d
kube-system kube-scheduler-ubuntu0 1/1 Running 25 (22m ago) 11d
root@ubuntu0:~# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 11d
default svc-name ClusterIP 192.168.212.112 <none> 3306/TCP 7d22h
default svc-xiuxian-nodeport NodePort 192.168.46.219 <none> 80:30080/TCP 2d13h
kube-system kube-dns ClusterIP 192.168.0.10 <none> 53/UDP,53/TCP,9153/TCP 11d
2.声明式管理名称空间
2.1 创建名称空间
root@ubuntu0:~/manifests/namespaces# kubectl get namespaces default -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2025-03-15T06:27:43Z"
labels:
kubernetes.io/metadata.name: default
name: default
resourceVersion: "201"
uid: e40ea56f-01ae-455a-ab85-f73b97f23bdb
spec:
finalizers:
- kubernetes
status:
phase: Active
root@ubuntu0:~/manifests/namespaces# kubectl get namespaces default -o yaml> namespace.yaml
不需要指定镜像,名称空间是用来隔离资源的
root@ubuntu0:~/manifests/namespaces# cat namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: xpxp
root@ubuntu0:~
root@ubuntu0:~/manifests/namespaces# kubectl apply -f namespace.yaml
namespace/xpxp created
指定名称空间创建资源
root@ubuntu0:~/manifests/ReplicationController# cat 01-rc-xiuxian.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: namspace-rc-xiuxian
# 指定资源隶属于哪个名称空间,若不指定则默认在default名称空间下
namespace: xpxp
spec:
replicas: 3
selector:
apps: v1
school: oldboy
template:
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
metadata:
labels:
apps: v1
school: oldboy
class: linux94
xpxp Active 2m37s
root@ubuntu0:~/manifests/ReplicationController# kubectl apply -f 01-rc-xiuxian.yaml
replicationcontroller/namspace-rc-xiuxian created
root@ubuntu0:~/manifests/ReplicationController# kubectl get rc -n xpxp
NAME DESIRED CURRENT READY AGE
namspace-rc-xiuxian 3 3 3 90s
温馨提示:
一个资源是否支持名称空间,可以查看内置的API,"kubectl api-resources"输出中NAMESPACED为true时表示支持名称空间,输出中NAMESPACED为false时表示不支持名称空间。
coreDNS附加组件
bash
复制代码
1 coreDNS概述
coreDNS的作用就是将svc的名称解析为ClusterIP。
早期使用的skyDNS组件,需要单独部署,在k8s 1.9版本中,我们就可以直接使用kubeadm方式安装CoreDNS组件。
从k8s 1.12开始,CoreDNS就成为kubernetes默认的DNS服务器,但是kubeadm支持coreDNS的时间会更早。
二进制需要手动部署
推荐阅读:
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
coreDNS的IP地址
root@ubuntu0:~/manifests/ReplicationController# grep -A3 clusterDNS /var/lib/kubelet/config.yaml
clusterDNS:
- 192.168.0.10
clusterDomain: xp.com
cpuManagerReconcilePeriod: 0s
3 coreDNS的A记录
k8s的A记录格式:
<service name>[.<namespace name>.svc.cluster.local]
root@ubuntu0:~/manifests/services# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 14d
default svc-name ClusterIP 192.168.212.112 <none> 3306/TCP 11d
default svc-xiuxian-nodeport NodePort 192.168.46.219 <none> 80:30080/TCP 6d4h
kube-system kube-dns ClusterIP 192.168.0.10 <none> 53/UDP,53/TCP,9153/TCP 14d
参考案例:
kube-dns.kube-system.svc.oldboyedu.com
svc-mysql80.default.svc.oldboyedu.com
参考案例:
kube-dns.kube-system.svc.oldboyedu.com
svc-mysql80.default.svc.oldboyedu.com
温馨提示:
(1)如果部署时直接写svc的名称,不写名称空间,则默认的名称空间为其引用资源的名称空间;
(2)kubeadm部署时,无需手动配置CoreDNS组件(默认在kube-system已创建),二进制部署时,需要手动安装该组件;
4 测试coreDNS组件
方式一
直接使用alpine取ping您想测试的SVC名称即可,观察能否解析成对应的VIP即可。
root@ubuntu0:~/manifests/services# kubectl run test-dns-01 --rm -it --image=harbor.oldboyedu.com/oldboyedu-linux/alpine:latest -- sh
If you don't see a command prompt, try pressing enter.
/ # ping svc-mysql80
PING svc-mysql80 (10.200.78.98): 56 data bytes
^C
--- svc-mysql80 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
/ #
/ #
/ # ping kubernetes
PING kubernetes (10.200.0.1): 56 data bytes #只要能解析成地址就行
方式二
[root@master231 case-demo]# apt -y install bind9-utils
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 2d23h
default svc-mysql80 ClusterIP 10.200.78.98 <none> 3306/TCP 4h18m
kube-system kube-dns ClusterIP 10.200.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d23h
[root@master231 case-demo]#
[root@master231 case-demo]# dig @10.200.0.10 svc-mysql80.default.svc.oldboyedu.com +short
10.200.78.98
[root@master231 case-demo]#
[root@master231 case-demo]# dig @10.200.0.10 kube-dns.kube-system.svc.oldboyedu.com +short
10.200.0.10
[root@master231 case-demo]#
[root@master231 case-demo]# dig @10.200.0.10 kubernetes.default.svc.oldboyedu.com +short
10.200.0.1
[root@master231 case-demo]#
.查看coreDNS的svc后端关联的Pod
root@ubuntu0:~/manifests/services# kubectl -n kube-system describe service kube-dns
Name: kube-dns
Namespace: kube-system
Labels: k8s-app=kube-dns
kubernetes.io/cluster-service=true
kubernetes.io/name=CoreDNS
Annotations: prometheus.io/port: 9153
prometheus.io/scrape: true
Selector: k8s-app=kube-dns
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 192.168.0.10
IPs: 192.168.0.10
Port: dns 53/UDP
TargetPort: 53/UDP
Endpoints: 10.100.0.8:53,10.100.0.9:53
Port: dns-tcp 53/TCP
TargetPort: 53/TCP
Endpoints: 10.100.0.8:53,10.100.0.9:53
Port: metrics 9153/TCP
TargetPort: 9153/TCP
Endpoints: 10.100.0.8:9153,10.100.0.9:9153
Session Affinity: None
Events: <none>
root@ubuntu0:~/manifests/services# kubectl -n kube-system get pods -o wide -l k8s-app=kube-dns
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-6d8c4cb4d-d94jk 1/1 Running 3 (3d15h ago) 14d 10.100.0.8 ubuntu0 <none> <none>
coredns-6d8c4cb4d-fs6c8 1/1 Running 3 (3d15h ago) 14d 10.100.0.9 ubuntu0 <none> <none>
wordpress和MySQL基于rc和svc部署案例
bash
复制代码
root@ubuntu0:~/manifests/services# cat 04-wp.yaml
apiVersion: v1
kind: Namespace
metadata:
name: oldboyedu
---
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-db
namespace: oldboyedu
spec:
replicas: 1
selector:
apps: db
template:
spec:
containers:
- name: c1
image: harbor.oldboyedu.com/oldboyedu-db/mysql:8.0.36-oracle
env:
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MYSQL_USER
value: linux94
- name: MYSQL_PASSWORD
value: oldboyedu
- name: MYSQL_DATABASE
value: yinzhengjie
metadata:
labels:
apps: db
---
apiVersion: v1
kind: Service
metadata:
name: svc-db
namespace: oldboyedu
spec:
type: ClusterIP
selector:
apps: db
ports:
- port: 3306
targetPort: 3306
---
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-wp
spec:
replicas: 1
selector:
apps: wp
template:
spec:
containers:
- name: c1
image: harbor.oldboyedu.com/oldboyedu-wp/wordpress:latest
env:
- name: WORDPRESS_DB_HOST
value: svc-db.oldboyedu #指定数据库的名字,以及名称空间
#value: svc-db.oldboyedu.svc.oldboyedu.com
- name: WORDPRESS_DB_USER
value: linux94
- name: WORDPRESS_DB_PASSWORD
value: oldboyedu
- name: WORDPRESS_DB_NAME
value: yinzhengjie
metadata:
labels:
apps: wp
---
apiVersion: v1
kind: Service
metadata:
name: svc-wp
spec:
type: NodePort
selector:
apps: wp
ports:
- port: 80
targetPort: 80
nodePort: 30090
部署gitlab
bash
复制代码
2.编写资源清单
[root@master231 case-demo]# cat 06-devops-gitlab.yaml
apiVersion: v1
kind: Namespace
metadata:
name: devops
---
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-gitlab
namespace: devops
spec:
replicas: 1
selector:
apps: gitlab
template:
spec:
nodeName: worker233
containers:
- name: c1
# image: gitlab/gitlab-ce:17.5.2-ce.0
image: harbor.oldboyedu.com/oldboyedu-devops/gitlab-ce:17.5.2-ce.0
# 配置宿主机的端口映射
ports:
# 定义容器的端口
- containerPort: 80
# 绑定到宿主机的端口
hostPort: 8080
metadata:
labels:
apps: gitlab
3.创建资源
[root@master231 case-demo]# kubectl apply -f 06-devops-gitlab.yaml
namespace/devops created
replicationcontroller/oldboyedu-gitlab created
[root@master231 case-demo]#
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl get pods -o wide -n devops
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-gitlab-sw2n6 1/1 Running 0 6m1s 10.100.2.60 worker233 <none> <none>
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl -n devops exec -it oldboyedu-gitlab-sw2n6 -- bash
root@oldboyedu-gitlab-sw2n6:/# netstat -untal | egrep ":80"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
..
root@oldboyedu-gitlab-sw2n6:/#
4.查看默认的root密码
[root@master231 case-demo]# kubectl -n devops exec oldboyedu-gitlab-sw2n6 -- cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: Pm9uyDtMdoR1FEw4rGcKsjl55VQQ3iOGxrNFuz/Dj9o=
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
[root@master231 case-demo]#
5.windows修改root密码
http://10.0.0.233:8080/
推荐阅读:
https://docs.gitlab.com/ee/install/docker/installation.html#install-gitlab-by-using-docker-compose