# 第五模块 Kubernetes落地实践(下)
# Workload 工作负载
控制器又称工作负载,是用于实现管理Pod的中间层
- ReplicaSet: 不常用
- Deployment: 用于管理无状态应用,支持滚动更新和回滚功能
- DaemonSet: 通常用于实现系统级后台任务,比如EFK服务
- Job: 只要完成就立即退出,不需要重启或重建
- Cronjob:周期性任务控制,不需要持续后台运行
- StatefulSet:管理有状态应用
# Deployment 编排文件
- 基本原理:定义kind为Deployment编排文件,Pod打上标签,Deployment匹配标签
apiVersion: apps/v1
kind: Deployment
metadata:
name: fastapi-deployment
namespace: ni-ning
spec:
replicas: 2 # 指定 Pod 副本数
selector: # 匹配 Pod 标签
matchLabels:
app: my-api
template:
metadata:
labels: # 被 Pod 打标签
app: my-api
spec:
containers:
- name: fastapi
image: 192.168.1.106:5000/fastapi:0.0.1
ports:
- containerPort: 80
# Deployment 部署查看
[root@k8s-master one-pod]# kubectl create -f deploy.yaml
[root@k8s-master one-pod]# kubectl -n ni-ning get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
fastapi-deployment 2/2 2 2 11s
[root@k8s-master one-pod]# kubectl -n ni-ning get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
fastapi-deployment-576db9876-794mw 1/1 Running 0 5m4s 10.244.0.19 k8s-master <none> <none>
fastapi-deployment-576db9876-vw497 1/1 Running 0 5m4s 10.244.0.18 k8s-master <none> <none>
[root@k8s-master one-pod]# kubectl -n ni-ning get rs
NAME DESIRED CURRENT READY AGE
fastapi-deployment-576db9876 2 2 2 5m56s
NAME列出了集群中 Deployments 的名称READY显示当前正在运行的副本数/期望的副本数UP-TO-DATE显示已更新以实现期望状态的副本数AVAILABLE显示应用程序可供用户使用的副本数AGE显示应用程序运行的时间量
# Deployment 副本保障
Controller 实时检测 Pod 状态,并保障副本数一直处于期望的值
# 删除 pod,观察pod状态变化
[root@k8s-master one-pod]# kubectl -n ni-ning delete pod fastapi-deployment-576db9876-794mw
# 观察 pod
[root@k8s-master one-pod]# kubectl -n ni-ning get po -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
fastapi-deployment-576db9876-lkm9l 1/1 Running 0 37s 10.244.0.20 k8s-master <none> <none>
fastapi-deployment-576db9876-vw497 1/1 Running 0 16m 10.244.0.18 k8s-master <none> <none>
# 动态扩容 pod
[root@k8s-master one-pod]# kubectl -n ni-ning scale deploy fastapi-deployment --replicas=3
# Deployment 滚动更新
spec:
replicas: 2
selector:
matchLabels:
app: mydig
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate # 指定更新方式为滚动更新,默认策略,通过get deploy yaml查看
- 服务回滚
若升级出现问题,有对应回滚机制
# Service 服务访问
kube-proxy 提供负载均衡能力,Service对应实现的资源
通过Deployment来创建一组Pod来提供具有高可用性的服务,但存在如下两个问题:
- Pod IP仅仅是集群内可见的虚拟IP,外部无法访问;
- Pod IP会随着Pod的销毁而消失,Pod IP可能随时随地都会变化;
# Cluster IP 负载均衡
- Service是一组Pod的服务抽象,相当于一组Pod的LB,负责将请求分发给对应的Pod;
- Service会为这个LB提供一个IP,一般称为Cluster IP;
- 使用Service对象,通过selector进行标签选择,找到对应的Pod;
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: ni-ning
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: my-api
type: ClusterIP
# 创建服务
[root@k8s-master one-pod]# kubectl create -f service.yaml
# 查看Pod标签情况
[root@k8s-master one-pod]# kubectl -n ni-ning get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
fastapi-deployment-576db9876-gqb46 1/1 Running 0 42m app=my-api,pod-template-hash=576db9876
fastapi-deployment-576db9876-lkm9l 1/1 Running 0 44m app=my-api,pod-template-hash=576db9876
fastapi-deployment-576db9876-vw497 1/1 Running 0 60m app=my-api,pod-template-hash=576db9876
# 创建的服务
[root@k8s-master one-pod]# kubectl -n ni-ning get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-service ClusterIP 10.224.176.149 <none> 80/TCP 53s
# 服务详情
[root@k8s-master one-pod]# kubectl -n ni-ning describe svc my-service
Name: my-service
Namespace: ni-ning
Labels: <none>
Annotations: <none>
Selector: app=my-api
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.224.176.149
IPs: 10.224.176.149
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.0.18:80,10.244.0.20:80,10.244.0.21:80
Session Affinity: None
Events: <none>
- Service对象创建的同时,会创建同名的endpoints对象,与readinessProbe监测结合,监测是失败时,从endpoints列表中提出对应的Pod IP
[root@k8s-master one-pod]# kubectl -n ni-ning get endpoints
NAME ENDPOINTS AGE
my-service 10.244.0.18:80,10.244.0.20:80,10.244.0.21:80 15m
# CoreDNS 服务发现
CoreDNS是一个Go语言实现的插件DNS服务端,是CNCF成员,是一个高性能、易扩展的DNS服务端
[root@k8s-master one-pod]# kubectl -n kube-system get po -o wide|grep dns
coredns-59d64cd4d4-fq2tb 1/1 Running 1 74d 10.244.0.9 k8s-master <none> <none>
coredns-59d64cd4d4-qjrdg 1/1 Running 1 74d 10.244.0.8 k8s-master <none> <none>
# 查看的pod解析配置
[root@k8s-master one-pod]# kubectl -n ni-ning exec -ti fastapi-deployment-576db9876-gqb46 -- sh
/data/app/fastapi # cat /etc/resolv.conf
nameserver 10.224.0.10
search ni-ning.svc.cluster.local svc.cluster.local cluster.local
# nameserver 10.224.0.10 从哪来
[root@k8s-master one-pod]# kubectl -n kube-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.224.0.10 <none> 53/UDP,53/TCP,9153/TCP 74d
# 启动pod的时候,会把kube-dns服务的cluster-ip地址注入到pod的resolve解析配置中,同时添加对应的namespace的search域
# 因此跨namespace通过service name访问的话,需要添加对应的namespace名称
[root@k8s-master one-pod]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.224.0.1 <none> 443/TCP 74d
# NodePort 负载均衡
- NodePort实现集群外访问能力
- NodePort对外端口号随机默认在30000-32767,不指定的会随机使用其中一个
- NodePort = ClusterIP:Port + NodeIP(宿主机IP):NodePort
apiVersion: v1
kind: Service
metadata:
name: my-nodeport
namespace: ni-ning
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: my-api
type: NodePort
[root@k8s-master one-pod]# kubectl create -f nodeport.yaml
[root@k8s-master one-pod]# kubectl -n ni-ning get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-nodeport NodePort 10.224.171.182 <none> 80:32184/TCP 31s
my-service ClusterIP 10.224.176.149 <none> 80/TCP 41m
# 集群内类似ClusterIP访问
curl 10.224.171.182
# 集群外浏览器访问
http://192.168.75.129:32184
- NodePort 不推荐使用
# kube-proxy 节点代理
运行在每个节点上,监听API Server中服务对象的变化,再通过创建流量路由规则来实现网络的转发
# Ingress 服务访问
- Ingress 对外访问服务,推荐使用