1、资源创建方式

  • 命令行
  • YAML

2、Namespace

名称空间用来隔离资源

  1. kubectl create ns hello
  2. kubectl delete ns hello
  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4. name: hello

3、Pod

运行中的一组容器,Pod是kubernetes中应用的最小单位.

image.png

  1. kubectl run mynginx --image=nginx
  2. # 查看default名称空间的Pod
  3. kubectl get pod
  4. # 描述
  5. kubectl describe pod 你自己的Pod名字
  6. # 删除
  7. kubectl delete pod Pod名字
  8. # 查看Pod的运行日志
  9. kubectl logs Pod名字
  10. # 每个Pod - k8s都会分配一个ip
  11. kubectl get pod -owide
  12. # 使用Pod的ip+pod里面运行容器的端口
  13. curl 192.168.169.136
  14. # 集群中的任意一个机器以及任意的应用都能通过Pod分配的ip来访问这个Pod
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. labels:
  5. run: mynginx
  6. name: mynginx
  7. # namespace: default
  8. spec:
  9. containers:
  10. - image: nginx
  11. name: mynginx
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. labels:
  5. run: myapp
  6. name: myapp
  7. spec:
  8. containers:
  9. - image: nginx
  10. name: nginx
  11. - image: tomcat:8.5.68
  12. name: tomcat

image.png
此时的应用还不能外部访问

4、Deployment

控制Pod,使Pod拥有多副本,自愈,扩缩容等能力

  1. # 清除所有Pod,比较下面两个命令有何不同效果?
  2. kubectl run mynginx --image=nginx
  3. kubectl create deployment mytomcat --image=tomcat:8.5.68
  4. # 自愈能力

1、多副本

  1. kubectl create deployment my-dep --image=nginx --replicas=3
  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. labels:
  5. app: my-dep
  6. name: my-dep
  7. spec:
  8. replicas: 3
  9. selector:
  10. matchLabels:
  11. app: my-dep
  12. template:
  13. metadata:
  14. labels:
  15. app: my-dep
  16. spec:
  17. containers:
  18. - image: nginx
  19. name: nginx

2、扩缩容

  1. kubectl scale --replicas=5 deployment/my-dep
  1. kubectl edit deployment my-dep
  2. #修改 replicas

3、自愈&故障转移

  • 停机
  • 删除Pod
  • 容器崩溃
  • ….

4、滚动更新

  1. kubectl set image deployment/my-dep nginx=nginx:1.16.1 --record
  2. kubectl rollout status deployment/my-dep
  1. # 修改 kubectl edit deployment/my-dep

5、版本回退

  1. #历史记录
  2. kubectl rollout history deployment/my-dep
  3. #查看某个历史详情
  4. kubectl rollout history deployment/my-dep --revision=2
  5. #回滚(回到上次)
  6. kubectl rollout undo deployment/my-dep
  7. #回滚(回到指定版本)
  8. kubectl rollout undo deployment/my-dep --to-revision=2

更多: 除了Deployment,k8s还有 StatefulSetDaemonSetJob 等 类型资源。我们都称为 工作负载。 有状态应用使用 StatefulSet 部署,无状态应用使用 Deployment 部署 https://kubernetes.io/zh/docs/concepts/workloads/controllers/

5、Service

将一组 Pods 公开为网络服务的抽象方法。

  1. #暴露Deploy
  2. kubectl expose deployment my-dep --port=8000 --target-port=80
  3. #使用标签检索Pod
  4. kubectl get pod -l app=my-dep
  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4. labels:
  5. app: my-dep
  6. name: my-dep
  7. spec:
  8. selector:
  9. app: my-dep
  10. ports:
  11. - port: 8000
  12. protocol: TCP
  13. targetPort: 80

1、ClusterIP

  1. # 等同于没有--type的
  2. kubectl expose deployment my-dep --port=8000 --target-port=80 --type=ClusterIP
  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4. labels:
  5. app: my-dep
  6. name: my-dep
  7. spec:
  8. ports:
  9. - port: 8000
  10. protocol: TCP
  11. targetPort: 80
  12. selector:
  13. app: my-dep
  14. type: ClusterIP

2、NodePort

  1. kubectl expose deployment my-dep --port=8000 --target-port=80 --type=NodePort
  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4. labels:
  5. app: my-dep
  6. name: my-dep
  7. spec:
  8. ports:
  9. - port: 8000
  10. protocol: TCP
  11. targetPort: 80
  12. selector:
  13. app: my-dep
  14. type: NodePort

NodePort范围在 30000-32767 之间

6、Ingress

1、安装

  1. wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
  2. #修改镜像
  3. vi deploy.yaml
  4. #将image的值改为如下值:
  5. registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
  6. # 检查安装的结果
  7. kubectl get pod,svc -n ingress-nginx
  8. # 最后别忘记把svc暴露的端口要放行

如果下载不到,用以下文件

  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4. name: ingress-nginx
  5. labels:
  6. app.kubernetes.io/name: ingress-nginx
  7. app.kubernetes.io/instance: ingress-nginx
  8. ---
  9. # Source: ingress-nginx/templates/controller-serviceaccount.yaml
  10. apiVersion: v1
  11. kind: ServiceAccount
  12. metadata:
  13. labels:
  14. helm.sh/chart: ingress-nginx-3.33.0
  15. app.kubernetes.io/name: ingress-nginx
  16. app.kubernetes.io/instance: ingress-nginx
  17. app.kubernetes.io/version: 0.47.0
  18. app.kubernetes.io/managed-by: Helm
  19. app.kubernetes.io/component: controller
  20. name: ingress-nginx
  21. namespace: ingress-nginx
  22. automountServiceAccountToken: true
  23. ---
  24. # Source: ingress-nginx/templates/controller-configmap.yaml
  25. apiVersion: v1
  26. kind: ConfigMap
  27. metadata:
  28. labels:
  29. helm.sh/chart: ingress-nginx-3.33.0
  30. app.kubernetes.io/name: ingress-nginx
  31. app.kubernetes.io/instance: ingress-nginx
  32. app.kubernetes.io/version: 0.47.0
  33. app.kubernetes.io/managed-by: Helm
  34. app.kubernetes.io/component: controller
  35. name: ingress-nginx-controller
  36. namespace: ingress-nginx
  37. data:
  38. ---
  39. # Source: ingress-nginx/templates/clusterrole.yaml
  40. apiVersion: rbac.authorization.k8s.io/v1
  41. kind: ClusterRole
  42. metadata:
  43. labels:
  44. helm.sh/chart: ingress-nginx-3.33.0
  45. app.kubernetes.io/name: ingress-nginx
  46. app.kubernetes.io/instance: ingress-nginx
  47. app.kubernetes.io/version: 0.47.0
  48. app.kubernetes.io/managed-by: Helm
  49. name: ingress-nginx
  50. rules:
  51. - apiGroups:
  52. - ''
  53. resources:
  54. - configmaps
  55. - endpoints
  56. - nodes
  57. - pods
  58. - secrets
  59. verbs:
  60. - list
  61. - watch
  62. - apiGroups:
  63. - ''
  64. resources:
  65. - nodes
  66. verbs:
  67. - get
  68. - apiGroups:
  69. - ''
  70. resources:
  71. - services
  72. verbs:
  73. - get
  74. - list
  75. - watch
  76. - apiGroups:
  77. - extensions
  78. - networking.k8s.io # k8s 1.14+
  79. resources:
  80. - ingresses
  81. verbs:
  82. - get
  83. - list
  84. - watch
  85. - apiGroups:
  86. - ''
  87. resources:
  88. - events
  89. verbs:
  90. - create
  91. - patch
  92. - apiGroups:
  93. - extensions
  94. - networking.k8s.io # k8s 1.14+
  95. resources:
  96. - ingresses/status
  97. verbs:
  98. - update
  99. - apiGroups:
  100. - networking.k8s.io # k8s 1.14+
  101. resources:
  102. - ingressclasses
  103. verbs:
  104. - get
  105. - list
  106. - watch
  107. ---
  108. # Source: ingress-nginx/templates/clusterrolebinding.yaml
  109. apiVersion: rbac.authorization.k8s.io/v1
  110. kind: ClusterRoleBinding
  111. metadata:
  112. labels:
  113. helm.sh/chart: ingress-nginx-3.33.0
  114. app.kubernetes.io/name: ingress-nginx
  115. app.kubernetes.io/instance: ingress-nginx
  116. app.kubernetes.io/version: 0.47.0
  117. app.kubernetes.io/managed-by: Helm
  118. name: ingress-nginx
  119. roleRef:
  120. apiGroup: rbac.authorization.k8s.io
  121. kind: ClusterRole
  122. name: ingress-nginx
  123. subjects:
  124. - kind: ServiceAccount
  125. name: ingress-nginx
  126. namespace: ingress-nginx
  127. ---
  128. # Source: ingress-nginx/templates/controller-role.yaml
  129. apiVersion: rbac.authorization.k8s.io/v1
  130. kind: Role
  131. metadata:
  132. labels:
  133. helm.sh/chart: ingress-nginx-3.33.0
  134. app.kubernetes.io/name: ingress-nginx
  135. app.kubernetes.io/instance: ingress-nginx
  136. app.kubernetes.io/version: 0.47.0
  137. app.kubernetes.io/managed-by: Helm
  138. app.kubernetes.io/component: controller
  139. name: ingress-nginx
  140. namespace: ingress-nginx
  141. rules:
  142. - apiGroups:
  143. - ''
  144. resources:
  145. - namespaces
  146. verbs:
  147. - get
  148. - apiGroups:
  149. - ''
  150. resources:
  151. - configmaps
  152. - pods
  153. - secrets
  154. - endpoints
  155. verbs:
  156. - get
  157. - list
  158. - watch
  159. - apiGroups:
  160. - ''
  161. resources:
  162. - services
  163. verbs:
  164. - get
  165. - list
  166. - watch
  167. - apiGroups:
  168. - extensions
  169. - networking.k8s.io # k8s 1.14+
  170. resources:
  171. - ingresses
  172. verbs:
  173. - get
  174. - list
  175. - watch
  176. - apiGroups:
  177. - extensions
  178. - networking.k8s.io # k8s 1.14+
  179. resources:
  180. - ingresses/status
  181. verbs:
  182. - update
  183. - apiGroups:
  184. - networking.k8s.io # k8s 1.14+
  185. resources:
  186. - ingressclasses
  187. verbs:
  188. - get
  189. - list
  190. - watch
  191. - apiGroups:
  192. - ''
  193. resources:
  194. - configmaps
  195. resourceNames:
  196. - ingress-controller-leader-nginx
  197. verbs:
  198. - get
  199. - update
  200. - apiGroups:
  201. - ''
  202. resources:
  203. - configmaps
  204. verbs:
  205. - create
  206. - apiGroups:
  207. - ''
  208. resources:
  209. - events
  210. verbs:
  211. - create
  212. - patch
  213. ---
  214. # Source: ingress-nginx/templates/controller-rolebinding.yaml
  215. apiVersion: rbac.authorization.k8s.io/v1
  216. kind: RoleBinding
  217. metadata:
  218. labels:
  219. helm.sh/chart: ingress-nginx-3.33.0
  220. app.kubernetes.io/name: ingress-nginx
  221. app.kubernetes.io/instance: ingress-nginx
  222. app.kubernetes.io/version: 0.47.0
  223. app.kubernetes.io/managed-by: Helm
  224. app.kubernetes.io/component: controller
  225. name: ingress-nginx
  226. namespace: ingress-nginx
  227. roleRef:
  228. apiGroup: rbac.authorization.k8s.io
  229. kind: Role
  230. name: ingress-nginx
  231. subjects:
  232. - kind: ServiceAccount
  233. name: ingress-nginx
  234. namespace: ingress-nginx
  235. ---
  236. # Source: ingress-nginx/templates/controller-service-webhook.yaml
  237. apiVersion: v1
  238. kind: Service
  239. metadata:
  240. labels:
  241. helm.sh/chart: ingress-nginx-3.33.0
  242. app.kubernetes.io/name: ingress-nginx
  243. app.kubernetes.io/instance: ingress-nginx
  244. app.kubernetes.io/version: 0.47.0
  245. app.kubernetes.io/managed-by: Helm
  246. app.kubernetes.io/component: controller
  247. name: ingress-nginx-controller-admission
  248. namespace: ingress-nginx
  249. spec:
  250. type: ClusterIP
  251. ports:
  252. - name: https-webhook
  253. port: 443
  254. targetPort: webhook
  255. selector:
  256. app.kubernetes.io/name: ingress-nginx
  257. app.kubernetes.io/instance: ingress-nginx
  258. app.kubernetes.io/component: controller
  259. ---
  260. # Source: ingress-nginx/templates/controller-service.yaml
  261. apiVersion: v1
  262. kind: Service
  263. metadata:
  264. annotations:
  265. labels:
  266. helm.sh/chart: ingress-nginx-3.33.0
  267. app.kubernetes.io/name: ingress-nginx
  268. app.kubernetes.io/instance: ingress-nginx
  269. app.kubernetes.io/version: 0.47.0
  270. app.kubernetes.io/managed-by: Helm
  271. app.kubernetes.io/component: controller
  272. name: ingress-nginx-controller
  273. namespace: ingress-nginx
  274. spec:
  275. type: NodePort
  276. ports:
  277. - name: http
  278. port: 80
  279. protocol: TCP
  280. targetPort: http
  281. - name: https
  282. port: 443
  283. protocol: TCP
  284. targetPort: https
  285. selector:
  286. app.kubernetes.io/name: ingress-nginx
  287. app.kubernetes.io/instance: ingress-nginx
  288. app.kubernetes.io/component: controller
  289. ---
  290. # Source: ingress-nginx/templates/controller-deployment.yaml
  291. apiVersion: apps/v1
  292. kind: Deployment
  293. metadata:
  294. labels:
  295. helm.sh/chart: ingress-nginx-3.33.0
  296. app.kubernetes.io/name: ingress-nginx
  297. app.kubernetes.io/instance: ingress-nginx
  298. app.kubernetes.io/version: 0.47.0
  299. app.kubernetes.io/managed-by: Helm
  300. app.kubernetes.io/component: controller
  301. name: ingress-nginx-controller
  302. namespace: ingress-nginx
  303. spec:
  304. selector:
  305. matchLabels:
  306. app.kubernetes.io/name: ingress-nginx
  307. app.kubernetes.io/instance: ingress-nginx
  308. app.kubernetes.io/component: controller
  309. revisionHistoryLimit: 10
  310. minReadySeconds: 0
  311. template:
  312. metadata:
  313. labels:
  314. app.kubernetes.io/name: ingress-nginx
  315. app.kubernetes.io/instance: ingress-nginx
  316. app.kubernetes.io/component: controller
  317. spec:
  318. dnsPolicy: ClusterFirst
  319. containers:
  320. - name: controller
  321. image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
  322. imagePullPolicy: IfNotPresent
  323. lifecycle:
  324. preStop:
  325. exec:
  326. command:
  327. - /wait-shutdown
  328. args:
  329. - /nginx-ingress-controller
  330. - --election-id=ingress-controller-leader
  331. - --ingress-class=nginx
  332. - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
  333. - --validating-webhook=:8443
  334. - --validating-webhook-certificate=/usr/local/certificates/cert
  335. - --validating-webhook-key=/usr/local/certificates/key
  336. securityContext:
  337. capabilities:
  338. drop:
  339. - ALL
  340. add:
  341. - NET_BIND_SERVICE
  342. runAsUser: 101
  343. allowPrivilegeEscalation: true
  344. env:
  345. - name: POD_NAME
  346. valueFrom:
  347. fieldRef:
  348. fieldPath: metadata.name
  349. - name: POD_NAMESPACE
  350. valueFrom:
  351. fieldRef:
  352. fieldPath: metadata.namespace
  353. - name: LD_PRELOAD
  354. value: /usr/local/lib/libmimalloc.so
  355. livenessProbe:
  356. failureThreshold: 5
  357. httpGet:
  358. path: /healthz
  359. port: 10254
  360. scheme: HTTP
  361. initialDelaySeconds: 10
  362. periodSeconds: 10
  363. successThreshold: 1
  364. timeoutSeconds: 1
  365. readinessProbe:
  366. failureThreshold: 3
  367. httpGet:
  368. path: /healthz
  369. port: 10254
  370. scheme: HTTP
  371. initialDelaySeconds: 10
  372. periodSeconds: 10
  373. successThreshold: 1
  374. timeoutSeconds: 1
  375. ports:
  376. - name: http
  377. containerPort: 80
  378. protocol: TCP
  379. - name: https
  380. containerPort: 443
  381. protocol: TCP
  382. - name: webhook
  383. containerPort: 8443
  384. protocol: TCP
  385. volumeMounts:
  386. - name: webhook-cert
  387. mountPath: /usr/local/certificates/
  388. readOnly: true
  389. resources:
  390. requests:
  391. cpu: 100m
  392. memory: 90Mi
  393. nodeSelector:
  394. kubernetes.io/os: linux
  395. serviceAccountName: ingress-nginx
  396. terminationGracePeriodSeconds: 300
  397. volumes:
  398. - name: webhook-cert
  399. secret:
  400. secretName: ingress-nginx-admission
  401. ---
  402. # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
  403. # before changing this value, check the required kubernetes version
  404. # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
  405. apiVersion: admissionregistration.k8s.io/v1
  406. kind: ValidatingWebhookConfiguration
  407. metadata:
  408. labels:
  409. helm.sh/chart: ingress-nginx-3.33.0
  410. app.kubernetes.io/name: ingress-nginx
  411. app.kubernetes.io/instance: ingress-nginx
  412. app.kubernetes.io/version: 0.47.0
  413. app.kubernetes.io/managed-by: Helm
  414. app.kubernetes.io/component: admission-webhook
  415. name: ingress-nginx-admission
  416. webhooks:
  417. - name: validate.nginx.ingress.kubernetes.io
  418. matchPolicy: Equivalent
  419. rules:
  420. - apiGroups:
  421. - networking.k8s.io
  422. apiVersions:
  423. - v1beta1
  424. operations:
  425. - CREATE
  426. - UPDATE
  427. resources:
  428. - ingresses
  429. failurePolicy: Fail
  430. sideEffects: None
  431. admissionReviewVersions:
  432. - v1
  433. - v1beta1
  434. clientConfig:
  435. service:
  436. namespace: ingress-nginx
  437. name: ingress-nginx-controller-admission
  438. path: /networking/v1beta1/ingresses
  439. ---
  440. # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
  441. apiVersion: v1
  442. kind: ServiceAccount
  443. metadata:
  444. name: ingress-nginx-admission
  445. annotations:
  446. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  447. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  448. labels:
  449. helm.sh/chart: ingress-nginx-3.33.0
  450. app.kubernetes.io/name: ingress-nginx
  451. app.kubernetes.io/instance: ingress-nginx
  452. app.kubernetes.io/version: 0.47.0
  453. app.kubernetes.io/managed-by: Helm
  454. app.kubernetes.io/component: admission-webhook
  455. namespace: ingress-nginx
  456. ---
  457. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
  458. apiVersion: rbac.authorization.k8s.io/v1
  459. kind: ClusterRole
  460. metadata:
  461. name: ingress-nginx-admission
  462. annotations:
  463. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  464. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  465. labels:
  466. helm.sh/chart: ingress-nginx-3.33.0
  467. app.kubernetes.io/name: ingress-nginx
  468. app.kubernetes.io/instance: ingress-nginx
  469. app.kubernetes.io/version: 0.47.0
  470. app.kubernetes.io/managed-by: Helm
  471. app.kubernetes.io/component: admission-webhook
  472. rules:
  473. - apiGroups:
  474. - admissionregistration.k8s.io
  475. resources:
  476. - validatingwebhookconfigurations
  477. verbs:
  478. - get
  479. - update
  480. ---
  481. # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
  482. apiVersion: rbac.authorization.k8s.io/v1
  483. kind: ClusterRoleBinding
  484. metadata:
  485. name: ingress-nginx-admission
  486. annotations:
  487. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  488. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  489. labels:
  490. helm.sh/chart: ingress-nginx-3.33.0
  491. app.kubernetes.io/name: ingress-nginx
  492. app.kubernetes.io/instance: ingress-nginx
  493. app.kubernetes.io/version: 0.47.0
  494. app.kubernetes.io/managed-by: Helm
  495. app.kubernetes.io/component: admission-webhook
  496. roleRef:
  497. apiGroup: rbac.authorization.k8s.io
  498. kind: ClusterRole
  499. name: ingress-nginx-admission
  500. subjects:
  501. - kind: ServiceAccount
  502. name: ingress-nginx-admission
  503. namespace: ingress-nginx
  504. ---
  505. # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
  506. apiVersion: rbac.authorization.k8s.io/v1
  507. kind: Role
  508. metadata:
  509. name: ingress-nginx-admission
  510. annotations:
  511. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  512. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  513. labels:
  514. helm.sh/chart: ingress-nginx-3.33.0
  515. app.kubernetes.io/name: ingress-nginx
  516. app.kubernetes.io/instance: ingress-nginx
  517. app.kubernetes.io/version: 0.47.0
  518. app.kubernetes.io/managed-by: Helm
  519. app.kubernetes.io/component: admission-webhook
  520. namespace: ingress-nginx
  521. rules:
  522. - apiGroups:
  523. - ''
  524. resources:
  525. - secrets
  526. verbs:
  527. - get
  528. - create
  529. ---
  530. # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
  531. apiVersion: rbac.authorization.k8s.io/v1
  532. kind: RoleBinding
  533. metadata:
  534. name: ingress-nginx-admission
  535. annotations:
  536. helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
  537. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  538. labels:
  539. helm.sh/chart: ingress-nginx-3.33.0
  540. app.kubernetes.io/name: ingress-nginx
  541. app.kubernetes.io/instance: ingress-nginx
  542. app.kubernetes.io/version: 0.47.0
  543. app.kubernetes.io/managed-by: Helm
  544. app.kubernetes.io/component: admission-webhook
  545. namespace: ingress-nginx
  546. roleRef:
  547. apiGroup: rbac.authorization.k8s.io
  548. kind: Role
  549. name: ingress-nginx-admission
  550. subjects:
  551. - kind: ServiceAccount
  552. name: ingress-nginx-admission
  553. namespace: ingress-nginx
  554. ---
  555. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
  556. apiVersion: batch/v1
  557. kind: Job
  558. metadata:
  559. name: ingress-nginx-admission-create
  560. annotations:
  561. helm.sh/hook: pre-install,pre-upgrade
  562. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  563. labels:
  564. helm.sh/chart: ingress-nginx-3.33.0
  565. app.kubernetes.io/name: ingress-nginx
  566. app.kubernetes.io/instance: ingress-nginx
  567. app.kubernetes.io/version: 0.47.0
  568. app.kubernetes.io/managed-by: Helm
  569. app.kubernetes.io/component: admission-webhook
  570. namespace: ingress-nginx
  571. spec:
  572. template:
  573. metadata:
  574. name: ingress-nginx-admission-create
  575. labels:
  576. helm.sh/chart: ingress-nginx-3.33.0
  577. app.kubernetes.io/name: ingress-nginx
  578. app.kubernetes.io/instance: ingress-nginx
  579. app.kubernetes.io/version: 0.47.0
  580. app.kubernetes.io/managed-by: Helm
  581. app.kubernetes.io/component: admission-webhook
  582. spec:
  583. containers:
  584. - name: create
  585. image: docker.io/jettech/kube-webhook-certgen:v1.5.1
  586. imagePullPolicy: IfNotPresent
  587. args:
  588. - create
  589. - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
  590. - --namespace=$(POD_NAMESPACE)
  591. - --secret-name=ingress-nginx-admission
  592. env:
  593. - name: POD_NAMESPACE
  594. valueFrom:
  595. fieldRef:
  596. fieldPath: metadata.namespace
  597. restartPolicy: OnFailure
  598. serviceAccountName: ingress-nginx-admission
  599. securityContext:
  600. runAsNonRoot: true
  601. runAsUser: 2000
  602. ---
  603. # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
  604. apiVersion: batch/v1
  605. kind: Job
  606. metadata:
  607. name: ingress-nginx-admission-patch
  608. annotations:
  609. helm.sh/hook: post-install,post-upgrade
  610. helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  611. labels:
  612. helm.sh/chart: ingress-nginx-3.33.0
  613. app.kubernetes.io/name: ingress-nginx
  614. app.kubernetes.io/instance: ingress-nginx
  615. app.kubernetes.io/version: 0.47.0
  616. app.kubernetes.io/managed-by: Helm
  617. app.kubernetes.io/component: admission-webhook
  618. namespace: ingress-nginx
  619. spec:
  620. template:
  621. metadata:
  622. name: ingress-nginx-admission-patch
  623. labels:
  624. helm.sh/chart: ingress-nginx-3.33.0
  625. app.kubernetes.io/name: ingress-nginx
  626. app.kubernetes.io/instance: ingress-nginx
  627. app.kubernetes.io/version: 0.47.0
  628. app.kubernetes.io/managed-by: Helm
  629. app.kubernetes.io/component: admission-webhook
  630. spec:
  631. containers:
  632. - name: patch
  633. image: docker.io/jettech/kube-webhook-certgen:v1.5.1
  634. imagePullPolicy: IfNotPresent
  635. args:
  636. - patch
  637. - --webhook-name=ingress-nginx-admission
  638. - --namespace=$(POD_NAMESPACE)
  639. - --patch-mutating=false
  640. - --secret-name=ingress-nginx-admission
  641. - --patch-failure-policy=Fail
  642. env:
  643. - name: POD_NAMESPACE
  644. valueFrom:
  645. fieldRef:
  646. fieldPath: metadata.namespace
  647. restartPolicy: OnFailure
  648. serviceAccountName: ingress-nginx-admission
  649. securityContext:
  650. runAsNonRoot: true
  651. runAsUser: 2000

2、使用

官网地址:https://kubernetes.github.io/ingress-nginx/ 就是nginx做的

https://139.198.163.211:32401/ http://139.198.163.211:31405/

测试环境

应用如下yaml,准备好测试环境

修改
kubectl get ins
kubectl edit ins ins名称

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. name: hello-server
  5. spec:
  6. replicas: 2
  7. selector:
  8. matchLabels:
  9. app: hello-server
  10. template:
  11. metadata:
  12. labels:
  13. app: hello-server
  14. spec:
  15. containers:
  16. - name: hello-server
  17. image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server
  18. ports:
  19. - containerPort: 9000
  20. ---
  21. apiVersion: apps/v1
  22. kind: Deployment
  23. metadata:
  24. labels:
  25. app: nginx-demo
  26. name: nginx-demo
  27. spec:
  28. replicas: 2
  29. selector:
  30. matchLabels:
  31. app: nginx-demo
  32. template:
  33. metadata:
  34. labels:
  35. app: nginx-demo
  36. spec:
  37. containers:
  38. - image: nginx
  39. name: nginx
  40. ---
  41. apiVersion: v1
  42. kind: Service
  43. metadata:
  44. labels:
  45. app: nginx-demo
  46. name: nginx-demo
  47. spec:
  48. selector:
  49. app: nginx-demo
  50. ports:
  51. - port: 8000
  52. protocol: TCP
  53. targetPort: 80
  54. ---
  55. apiVersion: v1
  56. kind: Service
  57. metadata:
  58. labels:
  59. app: hello-server
  60. name: hello-server
  61. spec:
  62. selector:
  63. app: hello-server
  64. ports:
  65. - port: 8000
  66. protocol: TCP
  67. targetPort: 9000

1、域名访问

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4. name: ingress-host-bar
  5. spec:
  6. ingressClassName: nginx
  7. rules:
  8. - host: "hello.atguigu.com"
  9. http:
  10. paths:
  11. - pathType: Prefix
  12. path: "/"
  13. backend:
  14. service:
  15. name: hello-server
  16. port:
  17. number: 8000
  18. - host: "demo.atguigu.com"
  19. http:
  20. paths:
  21. - pathType: Prefix
  22. path: "/nginx" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
  23. backend:
  24. service:
  25. name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
  26. port:
  27. number: 8000

问题: path: “/nginx” 与 path: “/“ 为什么会有不同的效果?

2、路径重写

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4. annotations:
  5. nginx.ingress.kubernetes.io/rewrite-target: /$2
  6. name: ingress-host-bar
  7. spec:
  8. ingressClassName: nginx
  9. rules:
  10. - host: "hello.atguigu.com"
  11. http:
  12. paths:
  13. - pathType: Prefix
  14. path: "/"
  15. backend:
  16. service:
  17. name: hello-server
  18. port:
  19. number: 8000
  20. - host: "demo.atguigu.com"
  21. http:
  22. paths:
  23. - pathType: Prefix
  24. path: "/nginx(/|$)(.*)" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
  25. backend:
  26. service:
  27. name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
  28. port:
  29. number: 8000

3、流量限制

  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4. name: ingress-limit-rate
  5. annotations:
  6. nginx.ingress.kubernetes.io/limit-rps: "1"
  7. spec:
  8. ingressClassName: nginx
  9. rules:
  10. - host: "haha.atguigu.com"
  11. http:
  12. paths:
  13. - pathType: Exact
  14. path: "/"
  15. backend:
  16. service:
  17. name: nginx-demo
  18. port:
  19. number: 8000

7、存储抽象

环境准备

1、所有节点

  1. #所有机器安装
  2. yum install -y nfs-utils

2、主节点

  1. #nfs主节点
  2. echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exports
  3. mkdir -p /nfs/data
  4. systemctl enable rpcbind --now
  5. systemctl enable nfs-server --now
  6. #配置生效
  7. exportfs -r

3、从节点

  1. showmount -e 172.31.0.4
  2. #执行以下命令挂载 nfs 服务器上的共享目录到本机路径 /root/nfsmount
  3. mkdir -p /nfs/data
  4. mount -t nfs 172.31.0.4:/nfs/data /nfs/data
  5. # 写入一个测试文件
  6. echo "hello nfs server" > /nfs/data/test.txt

4、原生方式数据挂载

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. labels:
  5. app: nginx-pv-demo
  6. name: nginx-pv-demo
  7. spec:
  8. replicas: 2
  9. selector:
  10. matchLabels:
  11. app: nginx-pv-demo
  12. template:
  13. metadata:
  14. labels:
  15. app: nginx-pv-demo
  16. spec:
  17. containers:
  18. - image: nginx
  19. name: nginx
  20. volumeMounts:
  21. - name: html
  22. mountPath: /usr/share/nginx/html
  23. volumes:
  24. - name: html
  25. nfs:
  26. server: 172.31.0.4
  27. path: /nfs/data/nginx-pv

1、PV&PVC

PV:持久卷(Persistent Volume),将应用需要持久化的数据保存到指定位置 PVC:持久卷申明(Persistent Volume Claim),申明需要使用的持久卷规格

1、创建pv池

静态供应

  1. #nfs主节点
  2. mkdir -p /nfs/data/01
  3. mkdir -p /nfs/data/02
  4. mkdir -p /nfs/data/03

创建PV

  1. apiVersion: v1
  2. kind: PersistentVolume
  3. metadata:
  4. name: pv01-10m
  5. spec:
  6. capacity:
  7. storage: 10M
  8. accessModes:
  9. - ReadWriteMany
  10. storageClassName: nfs
  11. nfs:
  12. path: /nfs/data/01
  13. server: 172.31.0.4
  14. ---
  15. apiVersion: v1
  16. kind: PersistentVolume
  17. metadata:
  18. name: pv02-1gi
  19. spec:
  20. capacity:
  21. storage: 1Gi
  22. accessModes:
  23. - ReadWriteMany
  24. storageClassName: nfs
  25. nfs:
  26. path: /nfs/data/02
  27. server: 172.31.0.4
  28. ---
  29. apiVersion: v1
  30. kind: PersistentVolume
  31. metadata:
  32. name: pv03-3gi
  33. spec:
  34. capacity:
  35. storage: 3Gi
  36. accessModes:
  37. - ReadWriteMany
  38. storageClassName: nfs
  39. nfs:
  40. path: /nfs/data/03
  41. server: 172.31.0.4


2、PVC创建与绑定

创建PVC

  1. kind: PersistentVolumeClaim
  2. apiVersion: v1
  3. metadata:
  4. name: nginx-pvc
  5. spec:
  6. accessModes:
  7. - ReadWriteMany
  8. resources:
  9. requests:
  10. storage: 200Mi
  11. storageClassName: nfs

创建Pod绑定PVC

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. labels:
  5. app: nginx-deploy-pvc
  6. name: nginx-deploy-pvc
  7. spec:
  8. replicas: 2
  9. selector:
  10. matchLabels:
  11. app: nginx-deploy-pvc
  12. template:
  13. metadata:
  14. labels:
  15. app: nginx-deploy-pvc
  16. spec:
  17. containers:
  18. - image: nginx
  19. name: nginx
  20. volumeMounts:
  21. - name: html
  22. mountPath: /usr/share/nginx/html
  23. volumes:
  24. - name: html
  25. persistentVolumeClaim:
  26. claimName: nginx-pvc

2、ConfigMap

抽取应用配置,并且可以自动更新

1、redis示例

1、把之前的配置文件创建为配置集

  1. # 创建配置,redis保存到k8s的etcd;
  2. kubectl create cm redis-conf --from-file=redis.conf
  1. apiVersion: v1
  2. data: #data是所有真正的数据,key:默认是文件名 value:配置文件的内容
  3. redis.conf: |
  4. appendonly yes
  5. kind: ConfigMap
  6. metadata:
  7. name: redis-conf
  8. namespace: default

2、创建Pod

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: redis
  5. spec:
  6. containers:
  7. - name: redis
  8. image: redis
  9. command:
  10. - redis-server
  11. - "/redis-master/redis.conf" #指的是redis容器内部的位置
  12. ports:
  13. - containerPort: 6379
  14. volumeMounts:
  15. - mountPath: /data
  16. name: data
  17. - mountPath: /redis-master
  18. name: config
  19. volumes:
  20. - name: data
  21. emptyDir: {}
  22. - name: config
  23. configMap:
  24. name: redis-conf
  25. items:
  26. - key: redis.conf
  27. path: redis.conf

3、检查默认配置

  1. kubectl exec -it redis -- redis-cli
  2. 127.0.0.1:6379> CONFIG GET appendonly
  3. 127.0.0.1:6379> CONFIG GET requirepass

4、修改ConfigMap

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4. name: example-redis-config
  5. data:
  6. redis-config: |
  7. maxmemory 2mb
  8. maxmemory-policy allkeys-lru

5、检查配置是否更新

  1. kubectl exec -it redis -- redis-cli
  2. 127.0.0.1:6379> CONFIG GET maxmemory
  3. 127.0.0.1:6379> CONFIG GET maxmemory-policy

检查指定文件内容是否已经更新 修改了CM。Pod里面的配置文件会跟着变

配置值未更改,因为需要重新启动 Pod 才能从关联的 ConfigMap 中获取更新的值。 原因:我们的Pod部署的中间件自己本身没有热更新能力


3、Secret

Secret 对象类型用来保存敏感信息,例如密码、OAuth 令牌和 SSH 密钥。 将这些信息放在 secret 中比放在 Pod 的定义或者 容器镜像 中来说更加安全和灵活。

  1. kubectl create secret docker-registry leifengyang-docker \
  2. --docker-username=leifengyang \
  3. --docker-password=Lfy123456 \
  4. --docker-email=534096094@qq.com
  5. ##命令格式
  6. kubectl create secret docker-registry regcred \
  7. --docker-server=<你的镜像仓库服务器> \
  8. --docker-username=<你的用户名> \
  9. --docker-password=<你的密码> \
  10. --docker-email=<你的邮箱地址>
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: private-nginx
  5. spec:
  6. containers:
  7. - name: private-nginx
  8. image: leifengyang/guignginx:v1.0
  9. imagePullSecrets:
  10. - name: leifengyang-docker