【云原生实战】Kubernetes核心实战
🔎这里是【云原生实战】,关注我学习云原生不迷路
👍如果对你有帮助,给博主一个免费的点赞以示鼓励
欢迎各位🔎点赞👍评论收藏⭐️
👀专栏介绍
【云原生实战】 目前主要更新Kubernetes,一起学习一起进步。
👀本期介绍
主要介绍Kubernetes核心实战
文章目录
资源创建方式
- 命令行
- YAML
Namespace
名称空间用来隔离资源
-
kubectl create ns hello
-
kubectl delete ns hello
-
apiVersion: v1
-
kind: Namespace
-
metadata:
-
name: hello
Pod
运行中的一组容器,Pod是kubernetes中应用的最小单位.
-
kubectl run mynginx --image=nginx
-
-
# 查看default名称空间的Pod
-
kubectl get pod
-
# 描述
-
kubectl describe pod 你自己的Pod名字
-
# 删除
-
kubectl delete pod Pod名字
-
# 查看Pod的运行日志
-
kubectl logs Pod名字
-
-
# 每个Pod - k8s都会分配一个ip
-
kubectl get pod -owide
-
# 使用Pod的ip+pod里面运行容器的端口
-
curl 192.168.169.136
-
-
# 集群中的任意一个机器以及任意的应用都能通过Pod分配的ip来访问这个Pod
-
apiVersion: v1
-
kind: Pod
-
metadata:
-
labels:
-
run: mynginx
-
name: mynginx
-
# namespace: default
-
spec:
-
containers:
-
- image: nginx
-
name: mynginx
-
apiVersion: v1
-
kind: Pod
-
metadata:
-
labels:
-
run: myapp
-
name: myapp
-
spec:
-
containers:
-
- image: nginx
-
name: nginx
-
- image: tomcat:8.5.68
-
name: tomcat
此时的应用还不能外部访问
Deployment
控制Pod,使Pod拥有多副本,自愈,扩缩容等能力
-
# 清除所有Pod,比较下面两个命令有何不同效果?
-
kubectl run mynginx --image=nginx
-
-
kubectl create deployment mytomcat --image=tomcat:8.5.68
-
# 自愈能力
-
1、多副本
kubectl create deployment my-dep --image=nginx --replicas=3
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
labels:
-
app: my-dep
-
name: my-dep
-
spec:
-
replicas: 3
-
selector:
-
matchLabels:
-
app: my-dep
-
template:
-
metadata:
-
labels:
-
app: my-dep
-
spec:
-
containers:
-
- image: nginx
-
name: nginx
2、扩缩容
kubectl scale --replicas=5 deployment/my-dep
-
kubectl edit deployment my-dep
-
-
#修改 replicas
3、自愈&故障转移
- 停机
- 删除Pod
- 容器崩溃
4、滚动更新
-
kubectl set image deployment/my-dep nginx=nginx:1.16.1 --record
-
kubectl rollout status deployment/my-dep
# 修改 kubectl edit deployment/my-dep
5、版本回退
-
#历史记录
-
kubectl rollout history deployment/my-dep
-
-
-
#查看某个历史详情
-
kubectl rollout history deployment/my-dep --revision=2
-
-
#回滚(回到上次)
-
kubectl rollout undo deployment/my-dep
-
-
#回滚(回到指定版本)
-
kubectl rollout undo deployment/my-dep --to-revision=2
更多:
除了Deployment,k8s还有 StatefulSet
、DaemonSet
、Job
等 类型资源。我们都称为 工作负载
。
有状态应用使用 StatefulSet
部署,无状态应用使用 Deployment
部署
Service
将一组 Pods 公开为网络服务的抽象方法。
-
#暴露Deploy
-
kubectl expose deployment my-dep --port=8000 --target-port=80
-
-
#使用标签检索Pod
-
kubectl get pod -l app=my-dep
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
app: my-dep
-
name: my-dep
-
spec:
-
selector:
-
app: my-dep
-
ports:
-
- port: 8000
-
protocol: TCP
-
targetPort: 80
1、ClusterIP
-
# 等同于没有--type的
-
kubectl expose deployment my-dep --port=8000 --target-port=80 --type=ClusterIP
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
app: my-dep
-
name: my-dep
-
spec:
-
ports:
-
- port: 8000
-
protocol: TCP
-
targetPort: 80
-
selector:
-
app: my-dep
-
type: ClusterIP
2、NodePort
kubectl expose deployment my-dep --port=8000 --target-port=80 --type=NodePort
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
app: my-dep
-
name: my-dep
-
spec:
-
ports:
-
- port: 8000
-
protocol: TCP
-
targetPort: 80
-
selector:
-
app: my-dep
-
type: NodePort
NodePort范围在 30000-32767 之间
Ingress
1、安装
-
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml
-
-
#修改镜像
-
vi deploy.yaml
-
#将image的值改为如下值:
-
registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
-
-
# 检查安装的结果
-
kubectl get pod,svc -n ingress-nginx
-
-
# 最后别忘记把svc暴露的端口要放行
如果下载不到,用以下文件
-
apiVersion: v1
-
kind: Namespace
-
metadata:
-
name: ingress-nginx
-
labels:
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
-
---
-
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx
-
namespace: ingress-nginx
-
automountServiceAccountToken: true
-
---
-
# Source: ingress-nginx/templates/controller-configmap.yaml
-
apiVersion: v1
-
kind: ConfigMap
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx-controller
-
namespace: ingress-nginx
-
data:
-
---
-
# Source: ingress-nginx/templates/clusterrole.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRole
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
name: ingress-nginx
-
rules:
-
- apiGroups:
-
- ''
-
resources:
-
- configmaps
-
- endpoints
-
- nodes
-
- pods
-
- secrets
-
verbs:
-
- list
-
- watch
-
- apiGroups:
-
- ''
-
resources:
-
- nodes
-
verbs:
-
- get
-
- apiGroups:
-
- ''
-
resources:
-
- services
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- extensions
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingresses
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- ''
-
resources:
-
- events
-
verbs:
-
- create
-
- patch
-
- apiGroups:
-
- extensions
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingresses/status
-
verbs:
-
- update
-
- apiGroups:
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingressclasses
-
verbs:
-
- get
-
- list
-
- watch
-
---
-
# Source: ingress-nginx/templates/clusterrolebinding.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRoleBinding
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
name: ingress-nginx
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: ingress-nginx
-
subjects:
-
- kind: ServiceAccount
-
name: ingress-nginx
-
namespace: ingress-nginx
-
---
-
# Source: ingress-nginx/templates/controller-role.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: Role
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx
-
namespace: ingress-nginx
-
rules:
-
- apiGroups:
-
- ''
-
resources:
-
- namespaces
-
verbs:
-
- get
-
- apiGroups:
-
- ''
-
resources:
-
- configmaps
-
- pods
-
- secrets
-
- endpoints
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- ''
-
resources:
-
- services
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- extensions
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingresses
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- extensions
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingresses/status
-
verbs:
-
- update
-
- apiGroups:
-
- networking.k8s.io # k8s 1.14+
-
resources:
-
- ingressclasses
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- ''
-
resources:
-
- configmaps
-
resourceNames:
-
- ingress-controller-leader-nginx
-
verbs:
-
- get
-
- update
-
- apiGroups:
-
- ''
-
resources:
-
- configmaps
-
verbs:
-
- create
-
- apiGroups:
-
- ''
-
resources:
-
- events
-
verbs:
-
- create
-
- patch
-
---
-
# Source: ingress-nginx/templates/controller-rolebinding.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleBinding
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx
-
namespace: ingress-nginx
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: Role
-
name: ingress-nginx
-
subjects:
-
- kind: ServiceAccount
-
name: ingress-nginx
-
namespace: ingress-nginx
-
---
-
# Source: ingress-nginx/templates/controller-service-webhook.yaml
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx-controller-admission
-
namespace: ingress-nginx
-
spec:
-
type: ClusterIP
-
ports:
-
- name: https-webhook
-
port: 443
-
targetPort: webhook
-
selector:
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/component: controller
-
---
-
# Source: ingress-nginx/templates/controller-service.yaml
-
apiVersion: v1
-
kind: Service
-
metadata:
-
annotations:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx-controller
-
namespace: ingress-nginx
-
spec:
-
type: NodePort
-
ports:
-
- name: http
-
port: 80
-
protocol: TCP
-
targetPort: http
-
- name: https
-
port: 443
-
protocol: TCP
-
targetPort: https
-
selector:
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/component: controller
-
---
-
# Source: ingress-nginx/templates/controller-deployment.yaml
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: controller
-
name: ingress-nginx-controller
-
namespace: ingress-nginx
-
spec:
-
selector:
-
matchLabels:
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/component: controller
-
revisionHistoryLimit: 10
-
minReadySeconds: 0
-
template:
-
metadata:
-
labels:
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/component: controller
-
spec:
-
dnsPolicy: ClusterFirst
-
containers:
-
- name: controller
-
image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0
-
imagePullPolicy: IfNotPresent
-
lifecycle:
-
preStop:
-
exec:
-
command:
-
- /wait-shutdown
-
args:
-
- /nginx-ingress-controller
-
- --election-id=ingress-controller-leader
-
- --ingress-class=nginx
-
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
-
- --validating-webhook=:8443
-
- --validating-webhook-certificate=/usr/local/certificates/cert
-
- --validating-webhook-key=/usr/local/certificates/key
-
securityContext:
-
capabilities:
-
drop:
-
- ALL
-
add:
-
- NET_BIND_SERVICE
-
runAsUser: 101
-
allowPrivilegeEscalation: true
-
env:
-
- name: POD_NAME
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.name
-
- name: POD_NAMESPACE
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.namespace
-
- name: LD_PRELOAD
-
value: /usr/local/lib/libmimalloc.so
-
livenessProbe:
-
failureThreshold: 5
-
httpGet:
-
path: /healthz
-
port: 10254
-
scheme: HTTP
-
initialDelaySeconds: 10
-
periodSeconds: 10
-
successThreshold: 1
-
timeoutSeconds: 1
-
readinessProbe:
-
failureThreshold: 3
-
httpGet:
-
path: /healthz
-
port: 10254
-
scheme: HTTP
-
initialDelaySeconds: 10
-
periodSeconds: 10
-
successThreshold: 1
-
timeoutSeconds: 1
-
ports:
-
- name: http
-
containerPort: 80
-
protocol: TCP
-
- name: https
-
containerPort: 443
-
protocol: TCP
-
- name: webhook
-
containerPort: 8443
-
protocol: TCP
-
volumeMounts:
-
- name: webhook-cert
-
mountPath: /usr/local/certificates/
-
readOnly: true
-
resources:
-
requests:
-
cpu: 100m
-
memory: 90Mi
-
nodeSelector:
-
kubernetes.io/os: linux
-
serviceAccountName: ingress-nginx
-
terminationGracePeriodSeconds: 300
-
volumes:
-
- name: webhook-cert
-
secret:
-
secretName: ingress-nginx-admission
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
-
# before changing this value, check the required kubernetes version
-
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
-
apiVersion: admissionregistration.k8s.io/v1
-
kind: ValidatingWebhookConfiguration
-
metadata:
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
name: ingress-nginx-admission
-
webhooks:
-
- name: validate.nginx.ingress.kubernetes.io
-
matchPolicy: Equivalent
-
rules:
-
- apiGroups:
-
- networking.k8s.io
-
apiVersions:
-
- v1beta1
-
operations:
-
- CREATE
-
- UPDATE
-
resources:
-
- ingresses
-
failurePolicy: Fail
-
sideEffects: None
-
admissionReviewVersions:
-
- v1
-
- v1beta1
-
clientConfig:
-
service:
-
namespace: ingress-nginx
-
name: ingress-nginx-controller-admission
-
path: /networking/v1beta1/ingresses
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
name: ingress-nginx-admission
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
namespace: ingress-nginx
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRole
-
metadata:
-
name: ingress-nginx-admission
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
rules:
-
- apiGroups:
-
- admissionregistration.k8s.io
-
resources:
-
- validatingwebhookconfigurations
-
verbs:
-
- get
-
- update
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRoleBinding
-
metadata:
-
name: ingress-nginx-admission
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: ingress-nginx-admission
-
subjects:
-
- kind: ServiceAccount
-
name: ingress-nginx-admission
-
namespace: ingress-nginx
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: Role
-
metadata:
-
name: ingress-nginx-admission
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
namespace: ingress-nginx
-
rules:
-
- apiGroups:
-
- ''
-
resources:
-
- secrets
-
verbs:
-
- get
-
- create
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleBinding
-
metadata:
-
name: ingress-nginx-admission
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
namespace: ingress-nginx
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: Role
-
name: ingress-nginx-admission
-
subjects:
-
- kind: ServiceAccount
-
name: ingress-nginx-admission
-
namespace: ingress-nginx
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
-
apiVersion: batch/v1
-
kind: Job
-
metadata:
-
name: ingress-nginx-admission-create
-
annotations:
-
helm.sh/hook: pre-install,pre-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
namespace: ingress-nginx
-
spec:
-
template:
-
metadata:
-
name: ingress-nginx-admission-create
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
spec:
-
containers:
-
- name: create
-
image: docker.io/jettech/kube-webhook-certgen:v1.5.1
-
imagePullPolicy: IfNotPresent
-
args:
-
- create
-
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
-
- --namespace=$(POD_NAMESPACE)
-
- --secret-name=ingress-nginx-admission
-
env:
-
- name: POD_NAMESPACE
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.namespace
-
restartPolicy: OnFailure
-
serviceAccountName: ingress-nginx-admission
-
securityContext:
-
runAsNonRoot: true
-
runAsUser: 2000
-
---
-
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
-
apiVersion: batch/v1
-
kind: Job
-
metadata:
-
name: ingress-nginx-admission-patch
-
annotations:
-
helm.sh/hook: post-install,post-upgrade
-
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
namespace: ingress-nginx
-
spec:
-
template:
-
metadata:
-
name: ingress-nginx-admission-patch
-
labels:
-
helm.sh/chart: ingress-nginx-3.33.0
-
app.kubernetes.io/name: ingress-nginx
-
app.kubernetes.io/instance: ingress-nginx
-
app.kubernetes.io/version: 0.47.0
-
app.kubernetes.io/managed-by: Helm
-
app.kubernetes.io/component: admission-webhook
-
spec:
-
containers:
-
- name: patch
-
image: docker.io/jettech/kube-webhook-certgen:v1.5.1
-
imagePullPolicy: IfNotPresent
-
args:
-
- patch
-
- --webhook-name=ingress-nginx-admission
-
- --namespace=$(POD_NAMESPACE)
-
- --patch-mutating=false
-
- --secret-name=ingress-nginx-admission
-
- --patch-failure-policy=Fail
-
env:
-
- name: POD_NAMESPACE
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.namespace
-
restartPolicy: OnFailure
-
serviceAccountName: ingress-nginx-admission
-
securityContext:
-
runAsNonRoot: true
-
runAsUser: 2000
2、使用
官网地址:Welcome - NGINX Ingress Controller
就是nginx做的
https://139.198.163.211:32401/
测试环境
应用如下yaml,准备好测试环境
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
name: hello-server
-
spec:
-
replicas: 2
-
selector:
-
matchLabels:
-
app: hello-server
-
template:
-
metadata:
-
labels:
-
app: hello-server
-
spec:
-
containers:
-
- name: hello-server
-
image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server
-
ports:
-
- containerPort: 9000
-
---
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
labels:
-
app: nginx-demo
-
name: nginx-demo
-
spec:
-
replicas: 2
-
selector:
-
matchLabels:
-
app: nginx-demo
-
template:
-
metadata:
-
labels:
-
app: nginx-demo
-
spec:
-
containers:
-
- image: nginx
-
name: nginx
-
---
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
app: nginx-demo
-
name: nginx-demo
-
spec:
-
selector:
-
app: nginx-demo
-
ports:
-
- port: 8000
-
protocol: TCP
-
targetPort: 80
-
---
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
app: hello-server
-
name: hello-server
-
spec:
-
selector:
-
app: hello-server
-
ports:
-
- port: 8000
-
protocol: TCP
-
targetPort: 9000
1、域名访问
-
apiVersion: networking.k8s.io/v1
-
kind: Ingress
-
metadata:
-
name: ingress-host-bar
-
spec:
-
ingressClassName: nginx
-
rules:
-
- host: "hello.atguigu.com"
-
http:
-
paths:
-
- pathType: Prefix
-
path: "/"
-
backend:
-
service:
-
name: hello-server
-
port:
-
number: 8000
-
- host: "demo.atguigu.com"
-
http:
-
paths:
-
- pathType: Prefix
-
path: "/nginx" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
-
backend:
-
service:
-
name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
-
port:
-
number: 8000
问题: path: "/nginx" 与 path: "/" 为什么会有不同的效果?
2、路径重写
-
apiVersion: networking.k8s.io/v1
-
kind: Ingress
-
metadata:
-
annotations:
-
nginx.ingress.kubernetes.io/rewrite-target: /$2
-
name: ingress-host-bar
-
spec:
-
ingressClassName: nginx
-
rules:
-
- host: "hello.atguigu.com"
-
http:
-
paths:
-
- pathType: Prefix
-
path: "/"
-
backend:
-
service:
-
name: hello-server
-
port:
-
number: 8000
-
- host: "demo.atguigu.com"
-
http:
-
paths:
-
- pathType: Prefix
-
path: "/nginx(/|$)(.*)" # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404
-
backend:
-
service:
-
name: nginx-demo ## java,比如使用路径重写,去掉前缀nginx
-
port:
-
number: 8000
3、流量限制
-
apiVersion: networking.k8s.io/v1
-
kind: Ingress
-
metadata:
-
name: ingress-limit-rate
-
annotations:
-
nginx.ingress.kubernetes.io/limit-rps: "1"
-
spec:
-
ingressClassName: nginx
-
rules:
-
- host: "haha.atguigu.com"
-
http:
-
paths:
-
- pathType: Exact
-
path: "/"
-
backend:
-
service:
-
name: nginx-demo
-
port:
-
number: 8000
存储抽象
环境准备
1、所有节点
-
#所有机器安装
-
yum install -y nfs-utils
2、主节点
-
#nfs主节点
-
echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exports
-
-
mkdir -p /nfs/data
-
systemctl enable rpcbind --now
-
systemctl enable nfs-server --now
-
#配置生效
-
exportfs -r
3、从节点
-
showmount -e 172.31.0.4
-
-
#执行以下命令挂载 nfs 服务器上的共享目录到本机路径 /root/nfsmount
-
mkdir -p /nfs/data
-
-
mount -t nfs 172.31.0.4:/nfs/data /nfs/data
-
# 写入一个测试文件
-
echo "hello nfs server" > /nfs/data/test.txt
4、原生方式数据挂载
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
labels:
-
app: nginx-pv-demo
-
name: nginx-pv-demo
-
spec:
-
replicas: 2
-
selector:
-
matchLabels:
-
app: nginx-pv-demo
-
template:
-
metadata:
-
labels:
-
app: nginx-pv-demo
-
spec:
-
containers:
-
- image: nginx
-
name: nginx
-
volumeMounts:
-
- name: html
-
mountPath: /usr/share/nginx/html
-
volumes:
-
- name: html
-
nfs:
-
server: 172.31.0.4
-
path: /nfs/data/nginx-pv
1、PV&PVC
PV:持久卷(Persistent Volume),将应用需要持久化的数据保存到指定位置
PVC:持久卷申明(Persistent Volume Claim),申明需要使用的持久卷规格
1、创建pv池
静态供应
-
#nfs主节点
-
mkdir -p /nfs/data/01
-
mkdir -p /nfs/data/02
-
mkdir -p /nfs/data/03
创建PV
-
apiVersion: v1
-
kind: PersistentVolume
-
metadata:
-
name: pv01-10m
-
spec:
-
capacity:
-
storage: 10M
-
accessModes:
-
- ReadWriteMany
-
storageClassName: nfs
-
nfs:
-
path: /nfs/data/01
-
server: 172.31.0.4
-
---
-
apiVersion: v1
-
kind: PersistentVolume
-
metadata:
-
name: pv02-1gi
-
spec:
-
capacity:
-
storage: 1Gi
-
accessModes:
-
- ReadWriteMany
-
storageClassName: nfs
-
nfs:
-
path: /nfs/data/02
-
server: 172.31.0.4
-
---
-
apiVersion: v1
-
kind: PersistentVolume
-
metadata:
-
name: pv03-3gi
-
spec:
-
capacity:
-
storage: 3Gi
-
accessModes:
-
- ReadWriteMany
-
storageClassName: nfs
-
nfs:
-
path: /nfs/data/03
-
server: 172.31.0.4
2、PVC创建与绑定
创建PVC
-
kind: PersistentVolumeClaim
-
apiVersion: v1
-
metadata:
-
name: nginx-pvc
-
spec:
-
accessModes:
-
- ReadWriteMany
-
resources:
-
requests:
-
storage: 200Mi
-
storageClassName: nfs
创建Pod绑定PVC
-
apiVersion: apps/v1
-
kind: Deployment
-
metadata:
-
labels:
-
app: nginx-deploy-pvc
-
name: nginx-deploy-pvc
-
spec:
-
replicas: 2
-
selector:
-
matchLabels:
-
app: nginx-deploy-pvc
-
template:
-
metadata:
-
labels:
-
app: nginx-deploy-pvc
-
spec:
-
containers:
-
- image: nginx
-
name: nginx
-
volumeMounts:
-
- name: html
-
mountPath: /usr/share/nginx/html
-
volumes:
-
- name: html
-
persistentVolumeClaim:
-
claimName: nginx-pvc
2、ConfigMap
抽取应用配置,并且可以自动更新
1、redis示例
1、把之前的配置文件创建为配置集
-
# 创建配置,redis保存到k8s的etcd;
-
kubectl create cm redis-conf --from-file=redis.conf
-
apiVersion: v1
-
data: #data是所有真正的数据,key:默认是文件名 value:配置文件的内容
-
redis.conf: |
-
appendonly yes
-
kind: ConfigMap
-
metadata:
-
name: redis-conf
-
namespace: default
2、创建Pod
-
apiVersion: v1
-
kind: Pod
-
metadata:
-
name: redis
-
spec:
-
containers:
-
- name: redis
-
image: redis
-
command:
-
- redis-server
-
- "/redis-master/redis.conf" #指的是redis容器内部的位置
-
ports:
-
- containerPort: 6379
-
volumeMounts:
-
- mountPath: /data
-
name: data
-
- mountPath: /redis-master
-
name: config
-
volumes:
-
- name: data
-
emptyDir: {}
-
- name: config
-
configMap:
-
name: redis-conf
-
items:
-
- key: redis.conf
-
path: redis.conf
3、检查默认配置
-
kubectl exec -it redis -- redis-cli
-
-
127.0.0.1:6379> CONFIG GET appendonly
-
127.0.0.1:6379> CONFIG GET requirepass
4、修改ConfigMap
-
apiVersion: v1
-
kind: ConfigMap
-
metadata:
-
name: example-redis-config
-
data:
-
redis-config: |
-
maxmemory 2mb
-
maxmemory-policy allkeys-lru
5、检查配置是否更新
-
kubectl exec -it redis -- redis-cli
-
-
127.0.0.1:6379> CONFIG GET maxmemory
-
127.0.0.1:6379> CONFIG GET maxmemory-policy
检查指定文件内容是否已经更新
修改了CM。Pod里面的配置文件会跟着变
配置值未更改,因为需要重新启动 Pod 才能从关联的 ConfigMap 中获取更新的值。
原因:我们的Pod部署的中间件自己本身没有热更新能力
3、Secret
Secret 对象类型用来保存敏感信息,例如密码、OAuth 令牌和 SSH 密钥。 将这些信息放在 secret 中比放在 Pod 的定义或者 容器镜像 中来说更加安全和灵活。
-
kubectl create secret docker-registry leifengyang-docker \
-
--docker-username=leifengyang \
-
--docker-password=Lfy123456 \
-
--docker-email=534096094@qq.com
-
-
##命令格式
-
kubectl create secret docker-registry regcred \
-
--docker-server=<你的镜像仓库服务器> \
-
--docker-username=<你的用户名> \
-
--docker-password=<你的密码> \
-
--docker-email=<你的邮箱地址>
-
apiVersion: v1
-
kind: Pod
-
metadata:
-
name: private-nginx
-
spec:
-
containers:
-
- name: private-nginx
-
image: leifengyang/guignginx:v1.0
-
imagePullSecrets:
-
- name: leifengyang-docker
文章来源: blog.csdn.net,作者:陶然同学,版权归原作者所有,如需转载,请联系作者。
原文链接:blog.csdn.net/weixin_45481821/article/details/125129968
- 点赞
- 收藏
- 关注作者
评论(0)