K8S應用快速入門

一、獲取資源

命令： kubectl get <資源名稱>
幫助： kubectl get --help
使用 kubectl api-resources 獲取支持的資源的完整列表。

以node資源爲例：
kubectl get nodes

參數：

• -o wide 輸出格式，常用格式：json | yaml | wide；
• -w 監控輸出結果，類似tail命令的-f選項；
• --show-labels 顯示標籤；

獲取資源的詳細信息：
kubectl describe node k8s-master.fhw.com

獲取集羣信息：

[root@s1 ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.100.49:6443
KubeDNS is running at https://192.168.100.49:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

二、手動部署一個應用

2.1 手動創建一個控制器deployment

創建一個控制器

[root@s1 ~]# kubectl run nginx-deploy --image=nginx:1.14-alpine --replicas=1 --port=80
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx-deploy created

參數：

• --restart=[Always, OnFailure, Never]，pod重啓策略，Always是pod退出後總是立即重啓，Never是pod退出後不再重啓。默認是Always
• --command -- <cmd> <arg1> ... <argN>，指定在容器中運行的命令；
• --schedule="0/5 * * * ?" ，創建一個Cron Job控制器。

查看deployment列表：

[root@s1 ~]# kubectl get deployment
NAME           READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deploy   1/1     1            1           2m15s

控制器創建後，會自動部署Pod：

[root@s1 ~]# kubectl get pods -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP           NODE   NOMINATED NODE   READINESS GATES
nginx-deploy-66ff98548d-w4gn2   1/1     Running   0          11m   10.244.1.4   n1     <none>           <none>

通過pod 的IP訪問pod中運行的nginx服務：

[root@s1 ~]# curl  10.244.1.4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

2.2 部署一個service

service爲pod提供一個固定訪問端點。

用法：

Usage:
  kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name]
[--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]

部署service

[root@s1 ~]# kubectl expose deployment nginx-deploy --port=80 --target-port=80 --protocol=TCP --type=ClusterIP
service/nginx-deploy exposed

• deployment：暴露的資源類型爲控制器deployment；
• nginx-deploy: deployment的名稱
• --port=80: service的端口
• --target-port=80 : Pod的端口
• --type="": service類型有ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.
  -- ClusterIP：表示這個service只能在羣集內部訪問，不能在集羣外部訪問；
  -- NodePort：表示可以在集羣外部訪問到；

獲取service列表：

[root@s1 ~]#  kubectl get svc -o wide
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE    SELECTOR
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP   10d    <none>
nginx-deploy   ClusterIP   10.106.115.124   <none>        80/TCP    113s   run=nginx-deploy

 通過service IP 訪問pod中的nginx服務：

[root@s1 ~]# curl 10.106.115.124
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

運行一個客戶端Pod，在客戶端Pod內部通過service的名稱去訪問nginx服務：

[root@s1 ~]# kubectl run client -it --image=busybox --replicas=1 --restart=Never
If you don't see a command prompt, try pressing enter.
/ # wget nginx-deploy
Connecting to nginx-deploy (10.106.115.124:80)
saving to 'index.html'
index.html           100% |****************************************************************************************************|   612  0:00:00 ETA
'index.html' saved

service通過label去關聯pod： 

[root@s1 ~]# kubectl describe svc nginx
Name:              nginx-deploy
Namespace:         default
Labels:            run=nginx-deploy
Annotations:       <none>
Selector:          run=nginx-deploy
Type:              ClusterIP
IP:                10.106.115.124
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.4:80
Session Affinity:  None
Events:            <none>

這時你刪除這個關聯的pod，控制器會立即啓動一個新pod，並且關聯至名爲nginx這個service。

2.3 動態擴縮容Pod副本

先創建一個新應用，叫myapp：

[root@s1 ~]#  kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.

[root@s1 ~]#  kubectl get pods -o wide
NAME                            READY   STATUS    RESTARTS   AGE    IP           NODE   NOMINATED NODE   READINESS GATES
myapp-7c468db58f-4zqd7          1/1     Running   0          4m1s   10.244.1.6   n1     <none>           <none>
myapp-7c468db58f-w6bqf          1/1     Running   0          4m1s   10.244.2.3   n2     <none>           <none>
nginx-deploy-66ff98548d-w4gn2   1/1     Running   0          119m   10.244.1.4   n1     <none>           <none>

在第2.2節創建的客戶端Pod中通過ip訪問新建的應用myapp：

[root@s1 ~]# kubectl run client -it --image=busybox --replicas=1 --restart=Never
If you don't see a command prompt, try pressing enter.
/ # wget -O - -q 10.244.1.6/hostname.html
myapp-7c468db58f-4zqd7
/ # wget -O - -q 10.244.2.3/hostname.html
myapp-7c468db58f-w6bqf

兩個Pod中的內容分別對應Pod名稱。

爲myapp創建一個service：

[root@s1 ~]# kubectl expose deployment myapp --name=myapp --port=80
service/myapp exposed
[root@s1 ~]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP   10d
myapp          ClusterIP   10.105.150.147   <none>        80/TCP    13s
nginx-deploy   ClusterIP   10.106.115.124   <none>        80/TCP    108m

通過service IP 訪問myapp：

[root@s1 ~]# while true;do wget -O - -q  10.111.230.41/hostname.html; sleep 1;done              
myapp-7c468db58f-8hj8g
myapp-7c468db58f-8hj8g
myapp-7c468db58f-wfhph
myapp-7c468db58f-8hj8g
myapp-7c468db58f-wfhph
myapp-7c468db58f-8hj8g
myapp-7c468db58f-wfhph
myapp-7c468db58f-8hj8g
myapp-7c468db58f-8hj8g

如圖，兩個myapp Pod做負載均衡。

將myapp擴容至5個

[root@s1 ~]# kubectl scale deployment myapp --replicas=5
deployment.apps/myapp scaled
[root@s1 ~]# while true;do wget -O - -q  10.111.230.41/hostname.html; sleep 1;done
myapp-7c468db58f-kf26d
myapp-7c468db58f-wfhph
myapp-7c468db58f-kf26d
myapp-7c468db58f-kf26d
myapp-7c468db58f-s2cn4
myapp-7c468db58f-8hj8g
myapp-7c468db58f-s2cn4
myapp-7c468db58f-fqr28
myapp-7c468db58f-wfhph
myapp-7c468db58f-wfhph
myapp-7c468db58f-fqr28
myapp-7c468db58f-kf26d

這時新增的Pod會立即加入到myapp service中接受請求。

再將myapp縮減至3個

[root@s1 ~]# kubectl scale deployment myapp --replicas=3
deployment.apps/myapp scaled
[root@s1 ~]# while true;do wget -O - -q  10.111.230.41/hostname.html; sleep 1;done
myapp-7c468db58f-wfhph
myapp-7c468db58f-fqr28
myapp-7c468db58f-fqr28
myapp-7c468db58f-8hj8g
myapp-7c468db58f-wfhph
myapp-7c468db58f-8hj8g
myapp-7c468db58f-wfhph

2.4 滾動更新

升級myapp鏡像的版本。

[root@s1 ~]# kubectl set image deployment myapp myapp=ikubernetes/myapp:v2
deployment.apps/myapp image updated
[root@s1 ~]# kubectl get deployments -o wide
NAME    READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                 SELECTOR
myapp   3/3     3            3           44m   myapp        ikubernetes/myapp:v2   run=myapp

查看滾動更新狀態：

[root@s1 ~]# kubectl rollout status deployment myapp
deployment "myapp" successfully rolled out

[root@s1 ~]# while true;do wget -O - -q  10.111.230.41; sleep 1;done               
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>

myapp更新過後，pod名稱也更新了

[root@s1 ~]# kubectl get pods -o wide               
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE   NOMINATED NODE   READINESS GATES
client                   0/1     Error     0          54m   10.244.2.6    n2     <none>           <none>
myapp-64758bffd4-72ms4   1/1     Running   0          34m   10.244.1.11   n1     <none>           <none>
myapp-64758bffd4-b9c7j   1/1     Running   0          34m   10.244.1.12   n1     <none>           <none>
myapp-64758bffd4-qb6vm   1/1     Running   0          34m   10.244.2.9    n2     <none>           <none>

查看pod內容器的鏡像版本：

[root@s1 ~]# kubectl describe pod myapp-64758bffd4-72ms4
Name:         myapp-64758bffd4-72ms4
Namespace:    default
Priority:     0
Node:         n1/192.168.100.50
Start Time:   Mon, 16 Dec 2019 14:15:50 +0800
Labels:       pod-template-hash=64758bffd4
              run=myapp
Annotations:  <none>
Status:       Running
IP:           10.244.1.11
IPs:
  IP:           10.244.1.11
Controlled By:  ReplicaSet/myapp-64758bffd4
Containers:
  myapp:
    Container ID:   docker://4e317de24603219331e12d5119f37d9a4a9cce46571e3a2447367f28129b6414
    Image:          ikubernetes/myapp:v2
    Image ID:       docker-pullable://ikubernetes/myapp@sha256:85a2b81a62f09a414ea33b74fb8aa686ed9b168294b26b4c819df0be0712d358
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Mon, 16 Dec 2019 14:15:57 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-6hhk2 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-6hhk2:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-6hhk2
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  35m   default-scheduler  Successfully assigned default/myapp-64758bffd4-72ms4 to n1
  Normal  Pulling    35m   kubelet, n1        Pulling image "ikubernetes/myapp:v2"
  Normal  Pulled     35m   kubelet, n1        Successfully pulled image "ikubernetes/myapp:v2"
  Normal  Created    35m   kubelet, n1        Created container myapp
  Normal  Started    35m   kubelet, n1        Started container myapp

2.5 動態回滾

默認回滾至上一版本

[root@s1 ~]# kubectl rollout undo deployment myapp
deployment.apps/myapp rolled back

[root@s1 ~]# while true;do wget -O - -q  10.111.230.41; sleep 1;done
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

自動擴縮容依賴於監控系統，去監控系統資源使用率，根據系統資源去判斷是否需要擴容。這個問題後續再記錄。

2.6 配置從集羣外部訪問myapp

修改service myapp的類型爲NodePort

[root@s1 ~]# kubectl edit svc myapp
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2019-12-16T06:00:08Z"
  labels:
    run: myapp
  name: myapp
  namespace: default
  resourceVersion: "30911"
  selfLink: /api/v1/namespaces/default/services/myapp
  uid: b200645b-d1e1-47b0-8a9d-862f7f0079ff
spec:
  clusterIP: 10.111.230.41
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: myapp
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}
                   

查看service myapp

[root@s1 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        11d
myapp        NodePort    10.111.230.41   <none>        80:30661/TCP   55m

在集羣中每個節點上都會開啓一個30661端口（這個端口是隨機生成的），映射到K8S集羣的myapp service的80端口。可自行在其它節點驗證。

提供給集羣外部的訪問端口爲30661。
外部訪問地址：http://192.168.100.49:30661
在192.168.100.49這臺主機上驗證，如圖：

[root@s1 ~]# curl 192.168.100.49:30661
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

三個節點均可正常訪問。

如果想通過一個固定地址去訪問這個myapp，可以利用nginx做反向代理。