[k8s]一步一步学习k8syaml
程序员文章站
2022-03-07 11:12:30
...
手头命令:
执行命令:
kubectl exec pod-name date
kubectl exec pod-name -c container-name date
kubectl exec -it pod-name -c container-name /bin/bash
kubectl get rc,svc
kubectl delete po,svc -l name=lable-name
kubectl delete pods --all
#干掉rc rs
kubectl delete rc --all
kubectl delete rc --all
kubectl logs -f volume-pod -c busybox
kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs
kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt
#查看镜像的CMD
docker inpect id
#查看容器中运行着哪些进程
docker top 61ac514f8ea6
#查看容器日志
docker logs -f xx
docker ps -l 显示最新启动的一个容器(包括已停止的)
docker stats #查看各个容器的资源占用 这是个很刁的命令
docker stats 54493133d1f0
容器停止后就自动删除: docker run --rm centos /bin/echo "One"
杀死所有正在运行的容器:docker kill $(docker ps -a -q)
删除所有已经停止的容器:docker rm $(docker ps -a -q)
删除所有未打标签的镜像 docker rmi $(docker images -q -f dangling=true)
配置代理:
export http_proxy=http://proxy_server:port
基础:
1,创建1个pod
apiVersion: v1
kind: Pod
metadata:
name: pod-test
labels:
app: webapp
spec:
containers:
- name: webapp
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
带环境变量:
apiVersion: v1
kind: Pod
metadata:
name: myweb
labels:
name: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVER_HOST
value: 'mysql'
- name: MYSQL_SERVICE_PORT
value: '3306'
静态pod:
1,由kubelet管理,配置kubelete参数KUBELET_OPTS=' --config=/etc/kubernetes/manifests,kubelet监视该目录。
2,kubectl get pod可以看到,kubectl delete pod删掉后,一直处于pending,直至清单yaml目录删除为止。
apiVersion: v1
kind: Pod
metadata:
name: static-pod
labels:
name: static-pod
spec:
containers:
- name: static-pod
image: nginx
ports:
- name: static-pod
containerPort: 80
2,创建1个rc
apiVersion: v1
kind: ReplicationController
metadata:
name: webapp
spec:
replicas: 2
template:
metadata:
name: webapp
labels:
app: webapp
spec:
containers:
- name: webapp
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
3,创建1个svc
方法1:
apiVersion: v1
kind: Service
metadata:
name: webapp
spec:
ports:
- port: 8081
targetPort: 80
selector:
app: webapp
方法2:
kubectl export rc webapp
高级
1,创建1个pod,含有多个container
apiVersion: v1
kind: ReplicationController
metadata:
name: app01
spec:
replicas: 2
template:
metadata:
name: app01
labels:
app: app01
spec:
containers:
- name: app01-nginx
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
- name: app01-tomcat
image: kubeguide/tomcat-app:v1
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 8080
protocol: TCP
- name: management
containerPort: 8005
protocol: TCP
创建1个pod,执行命令 command
apiVersion: v1
kind: Pod
metadata:
name: pod-with-healthcheck-writefile
labels:
app: pod-with-healthcheck-writefile
spec:
containers:
- image: busybox
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
name: busybox
restartPolicy: Always
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: debian
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
apiVersion: v1
kind: Pod
metadata:
name: pod-with-healthcheck-writefile
labels:
app: pod-with-healthcheck-writefile
spec:
containers:
- image: busybox
args:
- /bin/sh
- -c
- echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/health
创建一个centos:(官方centos默认不能放后台运行)
apiVersion:
kind:
metadata:
name: centos
spec:
replicate: 1
template:
metadata:
labels:
app:centos
spec:
containers:
- name: centos-instance
image: centos
args: ["sleep","655369"]
ports:
- containersPort: 80
方法1:
kubectl export rc webapp
方法2:
[[email protected] yaml]# cat app01-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: app01
spec:
ports:
- name: nginx
port: 80
protocol: TCP
- name: tomcat-web
port: 8080
protocol: TCP
- name: tomcat-management
port: 8005
protocol: TCP
selector:
app: app01
注:rc只能为pod打1个labels。 如:
apiVersion: v1
kind: ReplicationController
metadata:
name: app01
spec:
replicas: 2
template:
metadata:
name: app01
labels:
app: app01
app: nginx
app: tomcat
...
只能打到 app: tomcat tag。1个pod,2个container,共享存储--tomcat日志搜集案例
apiVersion: v1
kind: Pod
metadata:
name: volume-pod
spec:
containers:
- name: tomcat
image: tomcat
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
volumeMounts:
- name: app-logs
mountPath: /usr/local/tomcat/logs
- name: busybox
image: busybox
imagePullPolicy: IfNotPresent
command: ["sh","-c","tail -f /logs/localhost_access_log*.txt"]
volumeMounts:
- name: app-logs
mountPath: /logs
volumes:
- name: app-logs
emptyDir: {}
kubectl logs -f volume-pod -c busybox
kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs
kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt
小结:
从这里可以看到 command指令用法。
configMap:--为pod提供配置
1,提供env
2,提供配置文件
pod使用方法:
1,通过env获取cm种内容
2,通过volume挂载cm种文件
举个栗子:
变量
[[email protected] yaml]# cat cm-appvars.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-appvars
data:
apploglevel: info
appdatadir: /var/data
[[email protected] yaml]# cat cm-test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: cm-test-pod
spec:
containers:
- name: cm-test
image: busybox
command: [ "/bin/sh", "-c", "env | grep APP" ]
env:
- name: APPLOGLEVEL
valueFrom:
configMapKeyRef:
name: cm-appvars
key: apploglevel
- name: APPDATADIR
valueFrom:
configMapKeyRef:[[email protected] yaml]# cat cm-test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: cm-test-pod
spec:
containers:
- name: cm-test
image: busybox
command: [ "/bin/sh", "-c", "env | grep APP" ]
env:
- name: APPLOGLEVEL
valueFrom:
configMapKeyRef:
name: cm-appvars
key: apploglevel
- name: APPDATADIR
valueFrom:
configMapKeyRef:
name: cm-appvars
key: appdatadir
name: cm-appvars
key: appdatadir
验证:kubectl get po --show-all ---这里运行后会变成complete状态
kubectl logs cm-test-pod #可以看到环境变量
用法2:文件挂载
[[email protected] yaml]# cat cm-appconfigfiles.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-appconfigfiles
data:
key-admin-key.pem: -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWR
UkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNb
pmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oe
pdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLL
fPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzy
mi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/
hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4
KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7Rjpl
PjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2
PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf
+GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1
Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh
9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiR
aXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzL
cbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzi
x0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6h
Lq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X
3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb
+EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dO
tp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhn
UMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3
dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtD
eUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOx
zMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMr
rxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl
-----END RSA PRIVATE KEY-----
key-admin.pem: -----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQEL
BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr
dWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkG
A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV
BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT
BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti
38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+
GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKx
r4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4cc
JMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFX
uaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh
/UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB
8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0G
CSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgH
JaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywp
bip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOF
dLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKy
E79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTN
Q1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M
-----END CERTIFICATE-----
key-ca.pem: -----BEGIN CERTIFICATE-----
MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQEL
BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
aUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr
dWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkG
A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK
BgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNz
EtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfH
munkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqH
QWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUk
SWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNp
M+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHM
ZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAd
BgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuA
dwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjc
JnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDl
GVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEist
jC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcV
EqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kk
g7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6T
Zqs=
-----END CERTIFICATE-----
注意:以上都是实验性key,没啥意义。
[[email protected] yaml]# cat cm-test-app.yaml
apiVersion: v1
kind: Pod
metadata:
name: cm-test-app
spec:
containers:
- name: cm-test-app
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
volumeMounts:
- name: certkey
mountPath: /configfiles
volumes:
- name: certkey
configMap:
name: cm-appconfigfiles
items:
- key: key-admin.pem
path: admin.pem
- key: key-admin-key.pem
path: admin-key.pem
- key: key-ca.pem
path: ca.pem
验证:
kubectl exec -it cm-test-app -- bash
ls /configfiles
如果不指定items: 则挂载后的文件名字为key-xxx
[[email protected] yaml]# cat cm-test-app.yaml
apiVersion: v1
kind: Pod
metadata:
name: cm-test-app
spec:
containers:
- name: cm-test-app
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
volumeMounts:
- name: certkey
mountPath: /configfiles
volumes:
- name: certkey
configMap:
name: cm-appconfigfiles
cm创建的3种方法:
kubectl create configmap ca.pem --from-file=ca.pem
kubectl create configmap cm-appconfig --from-file=configfilesdir
kubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data
使用cm注意:
1,在pod前创建
2,只能挂载目录
外部访问:
Services overview diagram for userspace proxy
1,container级别端口映射到物理机
注:cni网络不支持
Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored
如果非cni:
apiVersion: v1
kind: Pod
metadata:
name: pod-hostport
labels:
app: webapp
spec:
containers:
- name: webapp
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
hostPort: 30090
2,pod级别端口映射到物理机: 这种方式不分配podip 共享物理机的ip地址.同时进程可以在物理机看到
apiVersion: v1
kind: Pod
metadata:
name: pod-hostnetwork
labels:
app: webapp
spec:
hostNetwork: true
containers:
- name: webapp
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
[[email protected] ~]# kk|grep po
default pod-hostnetwork 1/1 Running 0 18s 192.168.8.162 no162
[[email protected] ~]# ps -ef|grep nginx
root 29405 29388 0 15:00 ? 00:00:00 nginx: master process nginx -g daemon off;
100 29426 29405 0 15:00 ? 00:00:00 nginx: worker process
apiVersion: v1
kind: Service
metadata:
name: webapp
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30081
selector:
app: webapp
4,svc还可以将请求发给第三方lb,由lb来转发到各个pod。
svc高级
创建一个svc可访问外部mysql服务
1,创建1个无selector的svc
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
ports:
- protocol: TCP
port: 3306
targetPort: 3306
创建1个同name的endpoint即会自动关联到上面svc。
apiVersion: v1
kind: Endpoints
metadata:
name: my-service
subsets:
- addresses:
- ip: 192.168.6.87
ports:
- port: 3306
测试:
node151$ mysql -h svc-address -uroot -pxxx
liveness-活跃性
1,写文件
apiVersion: v1
kind: Pod
metadata:
name: pod-with-healthcheck-writefile
labels:
app: pod-with-healthcheck-writefile
spec:
containers:
- name: pod-with-healthcheck-writefile
image: busybox
args:
- /bin/sh
- -c
- echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/health
initialDelaySeconds: 15
timeoutSeconds: 1
2,tcp sock:通过与容器localhost:80建连接
apiVersion: v1
kind: Pod
metadata:
name: pod-with-healthcheck-tcpsock
spec:
containers:
- name: nginx
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 30
timeoutSeconds: 1
3,http status 200<
apiVersion: v1
kind: Pod
metadata:
name: pod-with-healthcheck
spec:
containers:
- name: nginx
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /_status/healthz
port: 80
initialDelaySeconds: 30 #首次创建后,等多久去检查
timeoutSeconds: 1 #当超时,干掉重建
#通过本地的kubenetes发起请求检查
kubectl logs -f pod-with-healthcheck
192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"
192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"