Kubernetes 简介
Kubernetes (简称 K8s) 是一个开源的容器编排平台,用于自动化部署、扩展和管理容器化应用程序。
核心概念
1. 集群架构
bash
Master Node (控制平面)
├── API Server # 集群入口,处理REST请求
├── etcd # 分布式键值存储,保存集群状态
├── Scheduler # 调度器,决定Pod运行在哪个节点
└── Controller Manager # 控制器管理器,维护集群状态
Worker Node (工作节点)
├── kubelet # 节点代理,管理Pod生命周期
├── kube-proxy # 网络代理,处理服务发现和负载均衡
└── Container Runtime # 容器运行时 (Docker/containerd)2. 核心资源对象
Pod - 最小部署单元
yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"Deployment - 管理Pod副本
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80Service - 服务发现和负载均衡
yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP # ClusterIP/NodePort/LoadBalancerConfigMap - 配置管理
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
database_host: "mysql.example.com"
database_port: "3306"
config.yaml: |
server:
port: 8080
host: 0.0.0.0Secret - 敏感信息管理
yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
username: YWRtaW4= # base64编码的admin
password: MWYyZDFlMmU2N2Rm # base64编码的密码常用 kubectl 命令
1. 集群信息
bash
# 查看集群信息
kubectl cluster-info
# 查看节点状态
kubectl get nodes
# 查看节点详细信息
kubectl describe node <node-name>
# 查看集群版本
kubectl version2. 资源管理
bash
# 创建资源
kubectl create -f deployment.yaml
kubectl apply -f deployment.yaml # 推荐使用
# 查看资源
kubectl get pods
kubectl get deployments
kubectl get services
kubectl get all # 查看所有资源
# 查看详细信息
kubectl describe pod <pod-name>
kubectl describe deployment <deployment-name>
# 删除资源
kubectl delete pod <pod-name>
kubectl delete deployment <deployment-name>
kubectl delete -f deployment.yaml3. Pod 操作
bash
# 查看Pod日志
kubectl logs <pod-name>
kubectl logs -f <pod-name> # 实时查看
kubectl logs <pod-name> -c <container-name> # 多容器Pod
# 进入Pod执行命令
kubectl exec -it <pod-name> -- /bin/bash
kubectl exec <pod-name> -- ls -la
# 端口转发
kubectl port-forward <pod-name> 8080:80
# 查看Pod资源使用情况
kubectl top pods
kubectl top nodes4. 命名空间操作
bash
# 查看命名空间
kubectl get namespaces
# 创建命名空间
kubectl create namespace <namespace-name>
# 在指定命名空间操作
kubectl get pods -n <namespace-name>
kubectl apply -f deployment.yaml -n <namespace-name>
# 设置默认命名空间
kubectl config set-context --current --namespace=<namespace-name>完整应用部署示例
1. 创建一个完整的Web应用
yaml
# nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/conf.d
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
volumes:
- name: config-volume
configMap:
name: nginx-config
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
default.conf: |
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}2. 部署应用
bash
# 应用配置
kubectl apply -f nginx-deployment.yaml
# 查看部署状态
kubectl get deployments
kubectl get pods
kubectl get services
# 查看服务详情
kubectl describe service nginx-service高级特性
1. Ingress - 外部访问管理
yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 802. HorizontalPodAutoscaler - 自动扩缩容
yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 703. PersistentVolume - 持久化存储
yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /data/mysql
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard监控和日志
1. 资源监控
bash
# 安装metrics-server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
# 查看资源使用情况
kubectl top nodes
kubectl top pods
kubectl top pods --sort-by=cpu2. 日志收集
bash
# 查看Pod日志
kubectl logs <pod-name>
kubectl logs -f <pod-name>
kubectl logs --previous <pod-name> # 查看前一个容器的日志
# 查看多个Pod日志
kubectl logs -l app=nginx故障排查
1. 常用调试命令
bash
# 查看事件
kubectl get events
kubectl get events --sort-by=.metadata.creationTimestamp
# 检查Pod状态
kubectl get pods -o wide
kubectl describe pod <pod-name>
# 检查服务连通性
kubectl exec -it <pod-name> -- nslookup <service-name>
kubectl exec -it <pod-name> -- wget -qO- <service-name>2. 常见问题解决
bash
# Pod无法启动
kubectl describe pod <pod-name> # 查看事件和状态
kubectl logs <pod-name> # 查看容器日志
# 服务无法访问
kubectl get svc # 检查服务配置
kubectl get endpoints # 检查端点
# 资源不足
kubectl top nodes # 检查节点资源
kubectl describe node <node-name> # 查看节点详情最佳实践
1. 资源管理
- 为所有容器设置资源请求和限制
- 使用命名空间隔离环境
- 定期清理不需要的资源
2. 安全性
- 使用RBAC控制访问权限
- 不在容器中以root用户运行
- 定期更新镜像和K8s版本
3. 部署策略
- 使用滚动更新策略
- 配置健康检查
- 使用ConfigMap和Secret管理配置
4. 监控和日志
- 部署监控系统(Prometheus + Grafana)
- 集中化日志收集(ELK Stack)
- 设置告警规则
Kubernetes 是一个功能强大的容器编排平台,掌握这些基本概念和操作命令,就能够有效地管理和部署容器化应用程序。建议从简单的应用开始实践,逐步深入学习高级特性。
Similar code found with 1 license type