Overview
- kubernetes(k8s),高效解决(kube-scheduler资源调度)容器化应用程序pod-containers在部署、伸缩、高可用(kube-controller)等方面的DevOps问题。
architecture diagram
data flow
dig into node (not master)
Version
v1.16.1
组件component
主节点master
- kube-apiserver把相关的pod和service配置存储到etcd中
- kubectl
- restful API client
- kube-scheduler
- 从
kube-apiserver获取到相关pod的配置,并将其分配到相关node上
- 从
- kube-controller-manager
- 从
kube-apiserver获取到相关pod和service的配置,定期检查pod的状态,保证有用户配置的足够数量的pod副本在运行,生成service到pod的规则关系
- 从
- etcd
- 存储所有状态的数据库
工作节点node
- kubelet
- to communication between the Kubernetes Master and the Node
- to manage the Pods and the containers running on a machine
- 每个工作节点都会有一个kubelet agent,负责保证相关容器都是运行在pod上
- 从
kube-apiserver获取分配到本节点的相关pod配置,在本地启动容器并定期检查返回容器状态
- Container Runtime
- pulling the container image from a registry, unpacking the container, and running the application
- kube-proxy
- 从
kube-apiserver获取service到pod的规则,在本节点维护iptable或者ipvs相关路由规则
- 从
工作单元
- pod
- 最小单位
- 运行在node上面
- 一个node可能包含若干pods
- 一个pod可能包含若干containers,并且这些containers都会共享同一个pod里面的数据
- to host your application instance
- label
- 给pod打标签,便于select
资源分配器scheduler
将pod下发到符合要求的node里
- predicate,硬约束
- mem, cpu, disk requirement
- node selector(label)
- priority,软约束
- spreading(希望更分散)
- sick(希望分配到更健康的机器)
任务调度controller
- Deployment,通过YAML文件创建一个Deployment对象来运行一个应用
- ReplicaSet, 维护扩缩容,independent
- StatefulSet, 维护扩缩容, dependent, chain
服务service
- service, 暴露pod的接口到外部
- ingress, 将若干services绑在一块对外服务
卷volume
持久化image数据
- ephemeral, 与pod的生命周期一致
- persistent,外置的磁盘or云盘
配置configuration
- configMap:配置中心
- secret:带加密的配置中心
工作流程
- 搭建k8s集群
- 创建deployment.yaml描述文件,通过kebectl发送给apiserver
- apiserver接收到接收到请求之后,parse并存入etcd
- RS/SS通过apiserver监听etcd变化,创建期望数量的pod实例
- scheduler通过apiserver监听etcd资源变化。如果发现有未分配pod,则为其分配适合的node,并将记录写到etcd
- 分配到pod的node的kubelet通过apiserver监听到一个新的pod要过来(或者要stop一个pod),kubelet就将pod的相关数据传递到后面的container runtime(如docker),让docker去运行这个pod里面锁包含的若干images
- kubelet通过container runtime获取pod的实时状态,然后通过apiserver更新到etcd中
实例搭建
安装k8s集群
# check k8s集群状态
kubectl cluster-info
kubectl get nodes
# check命名空间
kubectl get namespaces
# check特性命名空间下的pods
kubectl get pods --all-namespaces
kubectl get pods --namespace kube-system
kubectl get all --all-namespaces -o wide
安装Web UI
# 安装
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl delete deployment kubernetes-dashboard --namespace=kube-system
kubectl delete pod kubernetes-dashboard --namespace=kube-system
# 运行
kubectl proxy
# choose skip
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
# if skip disappear, then using token
kubectl -n kube-system get secret | grep kubernetes-dashboard-token | cut -f1 -d ' ' | xargs kubectl -n kube-system describe secret
安装nginx
# 创建pod(replicas=n, 副本是n-1),
kubectl create deployment --image nginx hello-nginx # 创建
kubectl scale deployment --replicas 3 hello-nginx # 扩容
kubectl run hello-nginx --image=nginx --replicas=3 --port=80 # DEPRECATED
# 把deployment暴露成一个服务
kubectl expose deployment hello-nginx --port=80 --type=LoadBalancer --name=hello-nginx-service-external # 直接连80 port
kubectl expose deployment hello-nginx --type=NodePort --name=hello-nginx-service-internal # 需要getservice来看port
deploy nginx-RC-3之后的snapshot
常用CMD
# show deployment
kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
spring-hello 1 1 1 1 22h
spring-world 1 1 1 1 22h
vfe-hello-wrold 1 1 1 1 14m
# delete deployment
kubectl delete deployments vfe-hello-wrold # 如果删除deployment,pod也会自动被移除
deployment.extensions "vfe-hello-wrold" deleted
----
# show services
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d
spring-hello NodePort 10.103.27.226 <none> 8081:30812/TCP 23h
spring-world NodePort 10.102.21.165 <none> 8082:31557/TCP 23h
vfe-hello-wrold NodePort 10.101.23.36 <none> 8083:31532/TCP 14m
# delete services
kubectl delete service vfe-hello-wrold
service "vfe-hello-wrold" deleted
Object
k8s里面大部分都可以用对象这个概念,即new一系列的对象来完成整个构建流程,
- deploy obj
- pod obj
- config obj
- secret obj, etc
k8s 101
- master
- spof(single-point-of-failure)
- apiserver,通信总线
- etcd,状态存储
- scheduler,资源分配(pod->node)
- controller,任务调度(pod-replica)
- node
- kubelet,agent,与master沟通
- kube-proxy,与外界沟通
- container runtime,运行container的引擎,如docker
- 一个node可以包含多个pods
- 一个pod可以包含多个containers
- 同一个pod里面的所有container共享该pod的ip, mem, volume
- type of resource(object)
kubectl get all --all-namespaces -o wide -name, NAME这一栏的/左侧是resource- service(expose internal to external as an endpoint)
- deployment(YAML)
- replicaSet(自动被deployment托管,所以我们只需要关心deployment就好)
- replication controller(deprecated)
- pod(atomic unit in k8s)
load balance被RC控制,而RC被deployment控制, 即
kubectl expose deployment xxx
Reference
PREVIOUS20190929新加坡国际铁人三项
NEXT北京一周