在试用helm安装rabbitmq:
使用helm安装一个命名为”shiguang”的release。
其中可以看到ServiceAccount,Role,RoleBinding,Service,StatefulSet,Pod,Secret,ConfigMap等几个字样。

  1. [root@k8s-master ~]# helm list
  2. NAME        REVISION    UPDATED                     STATUS      CHART              APP VERSION    NAMESPACE
  3. shiguang    1           Thu Apr  4 17:57:36 2019    DEPLOYED    rabbitmq-4.11.0    3.7.14         default  
  4. [root@k8s-master ~]# helm status shiguang
  5. LAST DEPLOYED: Thu Apr  4 17:57:36 2019
  6. NAMESPACE: default
  7. STATUS: DEPLOYED
  9. RESOURCES:
  10. ==> v1/ServiceAccount
  11. NAME               SECRETS  AGE
  12. shiguang-rabbitmq  1        2d17h
  14. ==> v1/Role
  15. NAME                               AGE
  16. shiguang-rabbitmq-endpoint-reader  2d17h
  18. ==> v1/RoleBinding
  19. NAME                               AGE
  20. shiguang-rabbitmq-endpoint-reader  2d17h
  22. ==> v1/Service
  23. NAME                        TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)                                AGE
  24. shiguang-rabbitmq-headless  ClusterIP  None          <none>       4369/TCP,5672/TCP,25672/TCP,15672/TCP  2d17h
  25. shiguang-rabbitmq           ClusterIP  10.99.107.39  <none>       4369/TCP,5672/TCP,25672/TCP,15672/TCP  2d17h
  27. ==> v1beta2/StatefulSet
  28. NAME               DESIRED  CURRENT  AGE
  29. shiguang-rabbitmq  1        1        2d17h
  31. ==> v1/Pod(related)
  32. NAME                 READY  STATUS   RESTARTS  AGE
  33. shiguang-rabbitmq-0  1/1    Running  0         2d17h
  35. ==> v1/Secret
  36. NAME               TYPE    DATA  AGE
  37. shiguang-rabbitmq  Opaque  2     2d17h
  39. ==> v1/ConfigMap
  40. NAME                      DATA  AGE
  41. shiguang-rabbitmq-config  2     2d17h
  44. NOTES:
  46. ** Please be patient while the chart is being deployed **
  48. Credentials:
  50.     Username      : user
  51.     echo "Password      : $(kubectl get secret --namespace default shiguang-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)"
  52.     echo "ErLang Cookie : $(kubectl get secret --namespace default shiguang-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)"
  54. RabbitMQ can be accessed within the cluster on port  at shiguang-rabbitmq.default.svc.cluster.local
  56. To access for outside the cluster, perform the following steps:
  58. To Access the RabbitMQ AMQP port:
  60.     kubectl port-forward --namespace default svc/shiguang-rabbitmq 5672:5672
  61.     echo "URL : amqp://127.0.0.1:5672/"
  63. To Access the RabbitMQ Management interface:
  65.     kubectl port-forward --namespace default svc/shiguang-rabbitmq 15672:15672
  66.     echo "URL : http://127.0.0.1:15672/"
  68. [root@k8s-master ~]#

ServiceAccount UserAccount

访问apiserver有两种方式。
第一种:
复制~/.kube/config到客户端目录~/.kube/即可。
第二种:
使用serviceaccount的token即可。如下操作是获取的token

  1. # 获取admin-token的secret名字
  2. $ kubectl -n kube-system get secret|grep admin-token
  3. admin-token-nwphb                          kubernetes.io/service-account-token   3         6m
  4. # 获取token的值
  5. $ kubectl -n kube-system describe secret admin-token-nwphb
  6. Name:        admin-token-nwphb
  7. Namespace:    kube-system
  8. Labels:        <none>
  9. Annotations:    kubernetes.io/service-account.name=admin
  10.         kubernetes.io/service-account.uid=f37bd044-bfb3-11e7-87c0-f4e9d49f8ed0
  12. Type:    kubernetes.io/service-account-token
  14. Data
  15. ====
  16. namespace:    11 bytes
  17. token:        非常长的字符串
  18. ca.crt:        1310 bytes
  19. C

1111.png

Role Rolebinding Clusterrole ClusterroleBind

StatefulSet

StatefulSet是为了解决有状态服务的问题(对应Deployments和ReplicaSets是为无状态服务而设计),其应用场景包括:

  • 稳定的持久化存储,即Pod重新调度后还是能访问到相同的持久化数据,基于PVC来实现
  • 稳定的网络标志,即Pod重新调度后其PodName和HostName不变,基于Headless Service(即没有Cluster IP的Service)来实现
  • 有序部署,有序扩展,即Pod是有顺序的,在部署或者扩展的时候要依据定义的顺序依次依次进行(即从0到N-1,在下一个Pod运行之前所有之前的Pod必须都是Running和Ready状态),基于init containers来实现
  • 有序收缩,有序删除(即从N-1到0)

    Secret

    存储密码、token等信息