目录
0.控制器作用
pod类型的资源,删除pod后,不会重建
替用户监视并保证相应的节点上始终有用户所期望的副本数量的pod在运行
如果所运行的pod副本数超过了用户期望的,那么控制器就会删掉,直到和用户期望的一致
如果所运行的pod副本数低于用户期望的,那么控制器就会创建,直到和用户期望的一致
1.常用控制器类型
ReplicationController RC:
ReplicationSet RS:
按用户期望的副本创建pod,并始终保持相应数量副本
Deployment:
Deployment通过控制RS来保证POD始终保持相应的数量副本
支持滚动更新,回滚,回滚默认保留10个版本
提供声明式配置,支持动态修改
管理无状态应用最理想的控制器
node节点可能会运行0个或多个POD
DeamonSet:
一个节点只运行一个,必须是始终运行的状态
StatefulSet:
有状态应用
Job:
只运行一次的任务,不需要一直运行的任务
确认任务完成才会退出
Cronjob:
周期性的任务
1.编写RS控制器资源配置清单
cat >nginx-rs.yaml <<EOF
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx-rs
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx-containers
image: nginx:1.14.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
EOF
2.应用RS资源配置清单
kubectl create -f nginx-rs.yaml
3.查看RS资源
kubectl get rs
kubectl get pod -o wide
4.动态修改配置 扩容 收缩 升级
kubectl edit rs nginx
kubectl scale rs nginx --replicas=5
5.修改yaml文件应用修改
vim nginx-rs.yaml
kubectl apply -f nginx-rs.yaml
RS控制器示意图
1.Deployment资源配置清单
cat >nginx-dp.yaml<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx-containers
image: nginx:1.14.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
EOF
2.应用资源配置清单
kubectl create -f nginx-dp.yaml
3.查看
kubectl get pod -o wide
kubectl get deployments.apps
kubectl describe deployments.apps nginx-deployment
4.更新版本
方法1: 命令行根据资源配置清单修改镜像
kubectl set image -f nginx-dp.yaml nginx-containers=nginx:1.16.0
查看有没有更新
kubectl get pod
kubectl describe deployments.apps nginx-deployment
kubectl describe pod nginx-deployment-7c596b4d95-6ztld
方法2: 命令行根据资源类型修改镜像
打开2个窗口:
第一个窗口监控pod状态
kubectl get pod -w
第二个窗口更新操作
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.14.0
查看更新后的deployment信息
kubectl describe deployments.apps nginx-deployment
----------------------------------------------------
Normal ScalingReplicaSet 14m deployment-controller Scaled up replica set nginx-deployment-7c596b4d95 to 1
Normal ScalingReplicaSet 14m deployment-controller Scaled down replica set nginx-deployment-9c74bb6c7 to 1
Normal ScalingReplicaSet 14m deployment-controller Scaled up replica set nginx-deployment-7c596b4d95 to 2
Normal ScalingReplicaSet 13m deployment-controller Scaled down replica set nginx-deployment-9c74bb6c7 to 0
Normal ScalingReplicaSet 8m30s deployment-controller Scaled up replica set nginx-deployment-9c74bb6c7 to 1
Normal ScalingReplicaSet 8m29s (x2 over 32m) deployment-controller Scaled up replica set nginx-deployment-9c74bb6c7 to 2
Normal ScalingReplicaSet 8m29s deployment-controller Scaled down replica set nginx-deployment-7c596b4d95 to 1
Normal ScalingReplicaSet 8m28s deployment-controller Scaled down replica set nginx-deployment-7c596b4d95 to 0
----------------------------------------------------
更新过程:
nginx-deployment-7c596b4d95-8z7kf #老的版本
nginx-deployment-7c596b4d95-6ztld #老的版本
nginx-deployment-9c74bb6c7-pgfxz 0/1 Pending
nginx-deployment-9c74bb6c7-pgfxz 0/1 Pending
nginx-deployment-9c74bb6c7-pgfxz 0/1 ContainerCreating #拉取新版本镜像
nginx-deployment-9c74bb6c7-pgfxz 1/1 Running #运行新POD
nginx-deployment-7c596b4d95-8z7kf 1/1 Terminating #停止一个旧的POD
nginx-deployment-9c74bb6c7-h7mk2 0/1 Pending
nginx-deployment-9c74bb6c7-h7mk2 0/1 Pending
nginx-deployment-9c74bb6c7-h7mk2 0/1 ContainerCreating #拉取新版本镜像
nginx-deployment-9c74bb6c7-h7mk2 1/1 Running #运行新POD
nginx-deployment-7c596b4d95-6ztld 1/1 Terminating #停止一个旧的POD
nginx-deployment-7c596b4d95-8z7kf 0/1 Terminating #等待旧的POD结束
nginx-deployment-7c596b4d95-6ztld 0/1 Terminating #等待旧的POD结束
查看滚动更新状态:
kubectl rollout status deployment nginx-deployment
5.回滚上一个版本
kubectl describe deployments.apps nginx-deployment
kubectl rollout undo deployment nginx-deployment
kubectl describe deployments.apps nginx-deployment
6.回滚到指定版本
v1 1.14.0
v2 1.15.0
v3 3.333.3
回滚到v1版本
创建第一版 1.14.0
kubectl create -f nginx-dp.yaml --record
更新第二版 1.15.0
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.15.0
更新第三版 1.99.0
kubectl set image deployment nginx-deployment nginx-containers=nginx:1.16.0
查看所有历史版本
kubectl rollout history deployment nginx-deployment
查看指定历史版本信息
kubectl rollout history deployment nginx-deployment --revision=1
回滚到指定版本
kubectl rollout undo deployment nginx-deployment --to-revision=1
7.扩缩容
kubectl scale deployment nginx-deployment --replicas=5
kubectl scale deployment nginx-deployment --replicas=2
Service控制器
0.Service控制器
Sercice控制器和POD控制器没关系
Sercice控制器可以选择由POD控制器创建的POD资源
1.三种IP
NodeIP :节点对外提供访问的IP
ClusterIP :用来动态发现和负载均衡POD的IP
PodIP :提供POD使用的IP
2.创建ClusterIP
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
type: ClusterIP
3.查看ClusterIP
kubectl get svc
4.创建NodeIP资源配置清单
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx
ports:
- name: http
port: 8080 #clusterIP的端口号
protocol: TCP
targetPort: 80 #POD暴露的端口
nodePort: 30000 #NodeIP的端口号,也就是对外用户访问的端口号
type: NodePort
5.查看创建的资源
kubectl get svc
Ingress控制器介绍
1.没有ingress之前,pod对外提供服务只能通过NodeIP:NodePort的形式,但是这种形式有缺点,一个节点上的PORT不能重复利用。比如某个服务占用了80,那么其他服务就不能在用这个端口了。
2.NodePort是4层代理,不能解析7层的http,不能通过域名区分流量
3.为了解决这个问题,我们需要用到资源控制器叫Ingress,作用就是提供一个统一的访问入口。工作在7层
4.虽然我们可以使用nginx/haproxy来实现类似的效果,但是传统部署不能动态的发现我们新创建的资源,必须手动修改配置文件并重启。
5.适用于k8s的ingress控制器主流的有ingress-nginx和traefik
6.ingress-nginx == nginx + go --> deployment部署
7.traefik有一个UI界面
安装部署traefik
1.traefik_dp.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
tolerations:
- operator: "Exists"
nodeSelector:
kubernetes.io/hostname: node1
containers:
- image: traefik:v1.7.17
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
args:
- --api
- --kubernetes
- --logLevel=INFO
2.traefik_rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
3.traefik_svc.yaml
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
type: NodePort
4.应用资源配置
kubectl create -f ./
5.查看并访问
kubectl -n kube-system get svc
创建traefik的web-ui的ingress规则
1.类比nginx:
upstream traefik-ui {
server traefik-ingress-service:8080;
}
server {
location / {
proxy_pass http://traefik-ui;
include proxy_params;
}
}
2.ingress写法:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-ui
namespace: kube-system
spec:
rules:
- host: traefik.ui.com
http:
paths:
- path: /
backend:
serviceName: traefik-ingress-service
servicePort: 8080
3.访问测试:
traefik.ui.com
ingress实验
1.实验目标
未使用ingress之前只能通过IP+端口访问:
tomcat 8080
nginx 8090
使用ingress之后直接可以使用域名访问:
traefik.nginx.com:80 --> nginx 8090
traefik.tomcat.com:80 --> tomcat 8080
2.创建2个pod和svc
mysql-dp.yaml
mysql-svc.yaml
tomcat-dp.yaml
tomcat-svc.yaml
nginx-dp.yaml
nginx-svc-clusterip.yaml
3.创建ingress控制器资源配置清单并应用
cat >nginx-ingress.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-nginx
namespace: default
spec:
rules:
- host: traefik.nginx.com
http:
paths:
- path: /
backend:
serviceName: nginx-service
servicePort: 80
EOF
cat >tomcat-ingress.yaml<<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-tomcat
namespace: default
spec:
rules:
- host: traefik.tomcat.com
http:
paths:
- path: /
backend:
serviceName: myweb
servicePort: 8080
EOF
kubectl apply -f nginx-ingress.yaml
kubectl apply -f tomcat-ingress.yaml
4.查看创建的资源
kubectl get svc
kubectl get ingresses
kubectl describe ingresses traefik-nginx
kubectl describe ingresses traefik-tomcat
5.访问测试
traefik.nginx.com
traefik.tomcat.com
原文:https://www.cnblogs.com/gongjingyun123--/p/12543226.html