核心对象

Node

• node可以是物理机或者虚拟机
• 为了运行POD，每个节点上至少要运行container runtime（比如docker，dockerd，或者rkt），kubelet和kube-proxy

Node是core group，所以这里的group是None

apiVersion: v1
kind: Node
metadata:
  annotations:
    kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
    node.alpha.kubernetes.io/ttl: "0"
    projectcalico.org/IPv4Address: 172.31.0.173/24
    projectcalico.org/IPv4VXLANTunnelAddr: 192.168.237.1
    volumes.kubernetes.io/controller-managed-attach-detach: "true"
  creationTimestamp: "2022-05-13T02:25:00Z"
  labels:
    beta.kubernetes.io/arch: amd64
    beta.kubernetes.io/os: linux
    kubernetes.io/arch: amd64
    kubernetes.io/hostname: kubernetes-master
    kubernetes.io/os: linux
    node-role.kubernetes.io/control-plane: ""
    node-role.kubernetes.io/master: ""
    node.kubernetes.io/exclude-from-external-load-balancers: ""
  name: kubernetes-master
  resourceVersion: "648260"
  uid: e7213ca1-f210-4ee0-9751-b3e2859bc23c
spec:
  podCIDR: 192.168.0.0/24     # subnet
  podCIDRs:
  - 192.168.0.0/24
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
# 状态上报信息
status:   
  addresses:
  - address: 172.31.0.173
    type: InternalIP
  - address: kubernetes-master
    type: Hostname
  # 可分配的资源
  allocatable:
    cpu: "2"
    ephemeral-storage: "37803678044"
    hugepages-1Gi: "0"
    hugepages-2Mi: "0"
    memory: 3928152Ki
    pods: "110"
  # 节点上所有资源
  capacity:
    cpu: "2"
    ephemeral-storage: 41019616Ki
    hugepages-1Gi: "0"
    hugepages-2Mi: "0"
    memory: 4030552Ki
    pods: "110"
  # 节点健康状态
  conditions:    
  - lastHeartbeatTime: "2022-05-13T02:32:38Z"
    lastTransitionTime: "2022-05-13T02:32:38Z"
    message: Calico is running on this node
    reason: CalicoIsUp
    status: "False"
    type: NetworkUnavailable
  - lastHeartbeatTime: "2022-05-16T12:40:14Z"
    lastTransitionTime: "2022-05-13T02:24:57Z"
    message: kubelet has sufficient memory available
    reason: KubeletHasSufficientMemory
    status: "False"
    type: MemoryPressure
  - lastHeartbeatTime: "2022-05-16T12:40:14Z"
    lastTransitionTime: "2022-05-13T02:24:57Z"
    message: kubelet has no disk pressure
    reason: KubeletHasNoDiskPressure
    status: "False"
    type: DiskPressure
  - lastHeartbeatTime: "2022-05-16T12:40:14Z"
    lastTransitionTime: "2022-05-13T02:24:57Z"
    message: kubelet has sufficient PID available
    reason: KubeletHasSufficientPID
    status: "False"
    type: PIDPressure
  - lastHeartbeatTime: "2022-05-16T12:40:14Z"
    lastTransitionTime: "2022-05-13T02:32:14Z"
    message: kubelet is posting ready status. AppArmor enabled
    reason: KubeletReady
    status: "True"
    type: Ready
  # 镜像
  images:
  - names:
    - k8s.gcr.io/etcd@sha256:64b9ea357325d5db9f8a723dcf503b5a449177b17ac87d69481e126bb724c263
    - k8s.gcr.io/etcd:3.5.1-0
    sizeBytes: 292558922
  # 节点上的各个组件版本
  nodeInfo:
    architecture: amd64
    bootID: 50cc6902-78d8-48b6-ac78-8338bfe325b6
    containerRuntimeVersion: docker://20.10.12
    kernelVersion: 5.4.0-67-generic
    kubeProxyVersion: v1.23.6
    kubeletVersion: v1.23.6
    machineID: f1cf2447bcc7435ba71406b08929e352
    operatingSystem: linux
    osImage: Ubuntu 20.04.2 LTS
    systemUUID: 237753d4-525b-4ef2-b5e1-48bab8ce9c27

如何创建，删除

Namespace

• namespace 是一组资源和对象的抽象集合，比如可以将系统内部对象划分为不同的项目或者用户组
• 常见的 pod，service，replication controller，deployment 都属于某一个namespace（默认是default）
• node和persistentVolumes不属于任何namespace

apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: "2022-05-13T02:25:02Z"
  labels:
    kubernetes.io/metadata.name: default
  name: default
  resourceVersion: "206"
  uid: 154e58fc-de88-4057-97d7-82f3ec61d755
spec:
  finalizers:
  - kubernetes
status:
  phase: Active

finalizers早起出现在namespace中，后来应用场景多了后才放到metadata中

如何创建删除namespace

kubectl create namespace my-namespac
kubectl delete namespace my-namespac

Pod

Pod是一组关联的容器集合，是k8s调度的基本单位（以Pod为单位进行资源申请）
Pod设计理念是多个容器在一个Pod中共享网络和文件系统，通过进程间通信和文件共享这种简单的方式完成应用组织

• 默认共享网络
• 通过挂载方式共享存储卷
• 共享Security Context

Pod的环境变量定义方式

• 直接设置值
• 从Pod Spec读取某些属性
• 从ConfigMap读取某些属性
• 从Secret读取某些属性

待补充课程例子

存储卷

通过存储卷可以将外部存储挂载到Pod内使用
存储卷定义包含两部分：
volumes: 可以存储卷来源
补充有哪些种类
volumeMounts: 定义存储卷如何mount到容器内部

      containers:
      - name: nginx
        image: nginx:1.8
        ports:
        - containerPort: 80
        volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: nginx-vol
      volumes:
      - name: nginx-vol
        hostPath:
          path: "/var/data"

资源限制

限制CPU和内存

kubectl set resources deployment nginx-deployment-7bc6d87686-94vkr -c nginx --limits=cpu=500m,memory=128Mi

容器名从哪里获得

健康检查

探针类型

• LivenessProbe 探测应用是否处于健康状态，如果不健康则会删除并重新创建Pod
• ReadinessProbe 探测应用是否处于就绪且处于正常服务状态，如果异常则拒绝接收来自service的流量
• StartupProbe 探测应用是否启动完成，如果在 failureThreshold * PeriodSeconds 周期内未就绪，则Pod会被重启

Pod可以stop或停止吗

探活方式

• Exec
• TCP
• HTTP

readiness 案例和课件

ConfigMap

• 用来将非机密数据保存到键值对中
• 使用时，Pods可以将其作用到环境变量、命令行参数或存储卷中的配置文件
• 将配置信息和容器镜像解耦，便于应用配置修改

—from-file 以文件名为key，内容为value
—from-env-file 忽略文件名，内容为value；忽略注释部分
—from-literal=key=value 以键值形式从命令行输入

root@kubernetes-master:~# kubectl create configmap literal --from-literal=hello=world --from-literal=key=value
configmap/literal created
root@kubernetes-master:~# kubectl get configmap literal -o yaml
apiVersion: v1
data:
  hello: world
  key: value
kind: ConfigMap
metadata:
  creationTimestamp: "2022-05-16T16:18:34Z"
  name: literal
  namespace: default
  resourceVersion: "676986"
  uid: e3609d7c-6507-4713-8098-26ce54187f8b
root@kubernetes-master:~#