接上一篇博文整理
4:k8s的附加组件
k8s集群中dns服务的作用,就是将svc的名称解析成对应VIP地址
资源类型
4.1 dns服务
1. daemonset:
- 不使用scheduler
- 每个节点都创建一个容器,适合监控部署
- 没有副本参数
2. pet sets:
- 1.5版本后:statueful sets
- 有状态应用,有自己的数据,不能丢失,名称固定
3. jobs:一次性容器,运行一次任务后就停止容器
4. deployment:控制指定容器数量
5. rc:控制指定的容器数量,但滚动升级时会造成服务中断
6. service:暴漏端口
7. pod:最小资源单位,控制管理
=========================================================================
安装dns服务
1:下载dns_docker镜像包
wget http://192.168.12.202/docker_image/docker_k8s_dns.tar.gz
2:导入dns_docker镜像包(node2节点)
3:修改skydns-rc.yaml, 在master节点创建dns服务
spec:
nodeName: 10.0.0.12
4:创建dns服务
kubectl create -f skydns-rc.yaml
kubectl create -f skydns-svc.yaml
5.检查
kubectl get all --namespace=kube-system
6:修改所有node节点kubelet的配置文件
vim /etc/kubernetes/kubelet
KUBELET_ARGS="--cluster_dns=10.254.230.254 --cluster_domain=cluster.local"
7.重启kubelet服务
systemctl restart kubelet
4.2 namespace命令空间
namespace作用:做资源隔离
1.查看系统namespace
kubectl get namespace
2.通常资源都在default
kubectl get pod --namespace=default
3.创建namespace【生产环境建议一个业务一个namespace】
kubectl create namespace wordpress
4.在所有的yml文件中配置namespace,若不配置的话,默认是default
在metadata下面添加一行:
sed -i '3a \ \ namespace: wordpress' *
5.查看创建的namespace
kubectl get all -n wordpress
6.删除namespace
kubectl delete svc --all
kubectl delete deployment --all
kubectl delete rc --all
kubectl delete pod nginx
7.查看所有资源的所有namespace
kubectl get all --all-namespaces
kubectl get pod --all-namespaces -o wide #获取所有pod信息
4.3 健康检查
4.3.1 探针的种类
livenessProbe:健康状态检查,周期性检查服务是否存活,检查结果失败,将重启容器
readinessProbe:可用性检查,周期性检查服务是否可用,不可用将从service的endpoints中移除
4.3.2 探针的检测方法
- exec:执行一段命令 返回值为0, 非0
- httpGet:检测某个 http 请求的返回状态码 2xx,3xx正常, 4xx,5xx错误
- tcpSocket:测试某个端口是否能够连接
4.3.3 liveness探针的exec使用
vi nginx_pod_exec.yaml
iapiVersion: v1
kind: Pod
metadata:
name: exec
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5 #初始化检查(非常重要)
periodSeconds: 5 #每5秒检查一次
timeoutSeconds: 5 #超时时间
successThreshold: 1 #成功几次
failureThreshold: 1 #失败几次
4.3.4 liveness探针的httpGet使用
vi nginx_pod_httpGet.yaml
iapiVersion: v1
kind: Pod
metadata:
name: httpget
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /index.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
4.3.5 liveness探针的tcpSocket使用
vi nginx_pod_tcpSocket.yaml
iapiVersion: v1
kind: Pod
metadata:
name: tcpsocket
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- tail -f /etc/hosts
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 10
periodSeconds: 3
4.3.6 readiness探针的httpGet使用
vi nginx-rc-httpGet.yaml
iapiVersion: v1
kind: ReplicationController
metadata:
name: readiness
spec:
replicas: 2
selector:
app: readiness
template:
metadata:
labels:
app: readiness
spec:
containers:
- name: readiness
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /cheng.html
port: 80
initialDelaySeconds: 3
periodSeconds: 3
创建一个svc
[root@k8s-master health]# kubectl expose rc readiness --port=80 --target-port=80 --type=NodePort
4.4 dashboard服务
1:上传并导入镜像,打标签
[root@k8s-node-2 ~]# docker load -i kubernetes-dashboard-amd64_v1.4.1.tar.gz
[root@k8s-node-2 ~]# docker tag index.tenxcloud.com/google_containers/kubernetes-dashboard-amd64:v1.4.1 10.0.0.11:5000/kubernetes-dashboard-amd64:v1.4.1
2:创建dashborad的deployment和service
[root@k8s-master dashboard]# cat dashboard.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
# Keep the name in sync with image version and
# gce/coreos/kube-manifests/addons/dashboard counterparts
name: kubernetes-dashboard-latest
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
version: latest
kubernetes.io/cluster-service: "true"
spec:
nodeName: 10.0.0.13
containers:
- name: kubernetes-dashboard
image: 10.0.0.11:5000/kubernetes-dashboard-amd64:v1.4.1
resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
ports:
- containerPort: 9090
args:
- --apiserver-host=http://10.0.0.11:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
[root@k8s-master dashboard]# cat dashboard-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
spec:
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 80
targetPort: 9090
[root@k8s-master dashboard]# kubectl create -f dashboard.yaml
[root@k8s-master dashboard]# kubectl create -f dashboard-svc.yaml
[root@k8s-master dashboard]# kubectl get all -n kube-system
当所有的状态都为running时,进行以下操作:
3:访问http://10.0.0.11:8080/ui/
===========================================================================================
daemon sets资源 :一般跑没有数据的容器;无状态的应用
[root@k8s-master daemon_set]# cat k8s_deamonset.yml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx
spec:
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80
resources:
limits:
cpu: 100m
requests:
cpu: 100m
pet sets:有状态的应用;有自己的数据 statefulset 比如跑mysql主从、redis
jobs : 一次性容器
crontabjobs:k8s定时任务
4.5 通过apiservicer反向代理访问service
1. uri中的井号代表锚点
2. 替换url中的命令空间和服务名称后,可以进行反向代理
http://10.0.0.11:8080/api/v1/proxy/namespaces/tomcat/services/myweb/
================================================================================
第一种:NodePort类型 ;可以借助VIP访问
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30008
第二种:ClusterIP类型
type: ClusterIP
ports:
- port: 80
targetPort: 80
http://10.0.0.11:8080/api/v1/proxy/namespaces/命令空间/services/service的名字/
http://10.0.0.11:8080/api/v1/proxy/namespaces/wordpress/services/wordpress/
K8s secrets私密文件管理:
1.登录harbor服务器
2.在master节点创建密钥
kubectl create secret docker-registry default --docker-server=yinwucheng.com --docker-username=admin --docker-password=Harbor12345 --docker-email=991540698@qq.com
- docker-registry:密钥类型
- default:密钥名称
3.上传镜像
[root@k8s-node-2 ~]# docker login yinwucheng.com
[root@k8s-node-2 ~]# docker tag docker.io/busybox:latest yinwucheng.com/library/busybox:latest
[root@k8s-node-2 ~]# docker push yinwucheng.com/library/busybox:latest
3.1使用密钥创建容器
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec:
imagePullSecrets: #使用密钥
- name: default #密钥名称
containers:
- name: nginx
image: yinwucheng.com/library/nginx:1.13
ports:
- containerPort: 80
-
4.宿主机拉取镜像进行测试
来源:CSDN
作者:寻花之梦~~
链接:https://blog.csdn.net/chengyinwu/article/details/103507112