一步一步學習k8syaml

k8s的command和args

k8s-proxy淺析

k8s高可用和ingress

手頭命令：

執行命令： kubectl exec pod-name date kubectl exec pod-name -c container-name date kubectl exec -it pod-name -c container-name /bin/bashkubectl get rc,svc kubectl delete po,svc -l name=lable-name kubectl delete pods --all #干掉rc rs kubectl delete rc --all kubectl delete rc --allkubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt #查看鏡像的CMD docker inpect id #查看容器中運行著哪些進程 docker top 61ac514f8ea6#查看容器日志 docker logs -f xx docker ps -l 顯示最新啟動的一個容器（包括已停止的） docker stats #查看各個容器的資源占用 這是個很刁的命令 docker stats 54493133d1f0 容器停止后就自動刪除： docker run --rm centos /bin/echo "One" 殺死所有正在運行的容器：docker kill $(docker ps -a -q) 刪除所有已經停止的容器：docker rm $(docker ps -a -q) 刪除所有未打標簽的鏡像 docker rmi $(docker images -q -f dangling=true)配置代理： export http_proxy=http://proxy_server:port


基礎：
1，創建1個pod

apiVersion: v1 kind: Pod metadata:name: pod-testlabels:app: webapp spec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80

帶環境變量：

apiVersion: v1 kind: Pod metadata:name: myweblabels:name: myweb spec:containers:- name: mywebimage: kubeguide/tomcat-app:v1imagePullPolicy: IfNotPresentports:- containerPort: 8080env:- name: MYSQL_SERVER_HOSTvalue: 'mysql'- name: MYSQL_SERVICE_PORTvalue: '3306'

靜態pod：

1，由kubelet管理，配置kubelete參數KUBELET_OPTS=' --config=/etc/kubernetes/manifests，kubelet監視該目錄。

2，kubectl ?get pod可以看到，kubectl delete pod刪掉后，一直處于pending，直至清單yaml目錄刪除為止。

apiVersion: v1 kind: Pod metadata:name: static-podlabels:name: static-pod spec:containers:- name: static-podimage: nginxports:- name: static-podcontainerPort: 80

2，創建1個rc

apiVersion: v1 kind: ReplicationController metadata:name: webapp spec:replicas: 2template:metadata:name: webapplabels:app: webappspec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80
??
3，創建1個svc
方法1：

apiVersion: v1 kind: Service metadata:name: webapp spec:ports:- port: 8081targetPort: 80selector:app: webapp
方法2：

kubectl export rc webapp

高級
1，創建1個pod，含有多個container

apiVersion: v1 kind: ReplicationController metadata:name: app01 spec:replicas: 2template:metadata:name: app01labels:app: app01spec:containers:- name: app01-nginximage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80- name: app01-tomcatimage: kubeguide/tomcat-app:v1imagePullPolicy: IfNotPresentports:- name: webcontainerPort: 8080protocol: TCP- name: managementcontainerPort: 8005protocol: TCP

創建1個pod,執行命令 command

apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-writefilelabels:app: pod-with-healthcheck-writefile spec:containers:- image: busyboxcommand:- sleep- "3600"imagePullPolicy: IfNotPresentname: busyboxrestartPolicy: Always

apiVersion: v1 kind: Pod metadata:name: command-demolabels:purpose: demonstrate-command spec:containers:- name: command-demo-containerimage: debiancommand: ["printenv"]args: ["HOSTNAME", "KUBERNETES_PORT"]

創建1個pod執行命令-args

apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-writefilelabels:app: pod-with-healthcheck-writefile spec:containers:- image: busyboxargs:- /bin/sh- -c- echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600livenessProbe:exec:command:- cat- /tmp/health

創建一個centos:(官方centos默認不能放后臺運行)

apiVersion: kind: metadata:name: centos spec:replicate: 1template:metadata:labels:app:centosspec:containers:- name: centos-instanceimage: centosargs: ["sleep","655369"]ports:- containersPort: 80

2，創建svc
方法1：
kubectl export rc webapp
方法2：
[root@node151 yaml]# cat app01-svc.yaml apiVersion: v1 kind: Service metadata:name: app01 spec:ports:- name: nginxport: 80protocol: TCP- name: tomcat-webport: 8080protocol: TCP- name: tomcat-managementport: 8005protocol: TCPselector:app: app01


注：rc只能為pod打1個labels。 如：
apiVersion: v1 kind: ReplicationController metadata:name: app01 spec:replicas: 2template:metadata:name: app01labels:app: app01app: nginxapp: tomcat ...只能打到 app: tomcat tag。


1個pod，2個container，共享存儲--tomcat日志搜集案例

apiVersion: v1 kind: Pod metadata:name: volume-pod spec:containers:- name: tomcatimage: tomcatimagePullPolicy: IfNotPresentports:- containerPort: 8080volumeMounts:- name: app-logsmountPath: /usr/local/tomcat/logs- name: busyboximage: busyboximagePullPolicy: IfNotPresentcommand: ["sh","-c","tail -f /logs/localhost_access_log*.txt"]volumeMounts:- name: app-logsmountPath: /logsvolumes:- name: app-logsemptyDir: {}
kubectl logs -f volume-pod -c busybox kubectl exec -ti volume-pod -c tomcat -- ls /usr/local/tomcat/logs kubectl exec -ti volume-pod -c tomcat -- tail /usr/local/tomcat/logs/localhost_access_log.2017-05-04.txt
小結：
從這里可以看到 command指令用法。

configMap：--為pod提供配置

1，提供env

2，提供配置文件

pod使用方法：

1，通過env獲取cm種內容

2，通過volume掛載cm種文件

舉個栗子：

變量

[root@node151 yaml]# cat cm-appvars.yaml apiVersion: v1 kind: ConfigMap metadata:name: cm-appvars data:apploglevel: infoappdatadir: /var/data [root@node151 yaml]# cat cm-test-pod.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-pod spec:containers:- name: cm-testimage: busyboxcommand: [ "/bin/sh", "-c", "env | grep APP" ]env:- name: APPLOGLEVELvalueFrom:configMapKeyRef:name: cm-appvarskey: apploglevel- name: APPDATADIRvalueFrom:configMapKeyRef:[root@node151 yaml]# cat cm-test-pod.yaml? apiVersion: v1 kind: Pod metadata:name: cm-test-pod spec:containers:- name: cm-testimage: busyboxcommand: [ "/bin/sh", "-c", "env | grep APP" ]env:- name: APPLOGLEVELvalueFrom:configMapKeyRef:name: cm-appvarskey: apploglevel- name: APPDATADIRvalueFrom:configMapKeyRef:name: cm-appvarskey: appdatadirname: cm-appvarskey: appdatadir 驗證：
kubectl get po --show-all ---這里運行后會變成complete狀態 kubectl logs cm-test-pod #可以看到環境變量

用法2：文件掛載

[root@node151 yaml]# cat cm-appconfigfiles.yaml apiVersion: v1 kind: ConfigMap metadata:name: cm-appconfigfiles data:key-admin-key.pem: -----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABAoIBADX7Z5bVptc2D4p/hED85k6XuVsdV8SiyO8vdmFbjTMRC+OGprMHlb7YJkBxzK1Y1SpryHK43FGZN/W4KQNAYs/FSnl2Ic7NUZ0sgFHuJStSolrdjUmodk0Dq/a8vDx0qlLNRtlMa4K7RjplPjR48tWDASAQIcdNhaoEdaBMts8XIteoieCgQZDbKl/m0jC9s8+I2BtynEKuC9x2PhdlgnOWlGch8T3cM6KUZjMpp5Pj6lWBH7Po5FlufoiUaGSdOiGjIbxtQIoSxaJf+GQ27oXUYuDIlaQ6cwSi1yifP9Q5w+3EIkAKCvOUgEspMuh1TO/f+6RmQILk9sq1Ozu5ZxECgYEAyxGBE8zFD6Sy0Y3GST0fZZ+I6m2jgvLBzHl0sihypHil5td14fXh9X2Q0JqeLBQBPuL6/9+TfN91lX/k+f4+Dl8GVIrXyHkb5nDLBiXwqwZNVUCOsWiRaXRftW9UusVmgZmDV3Mjdo/dRoqvOSGsi6ndxRAkE1inwKUHH7gusscCgYEA+QzLcbqTnOT7bdjPp6z5Tawyyllo8wt6XhmjSoky4scHu4QcYezdI4x3rRV3QVyLqzzix0EY3AVGzjLO+uUOWZ01v1r0jAqgNDLd/e+3iU7fQ2q3Y9Ce2Dkuvw1EB7PZQw6hLq1pV1NPBW4ovO6r8XEtxOL2bBwfQMGSVR6y9O8CgYBCx47bJAvqCQ+FOkpq617X3I76CPQsrAhvZcGqlQKec86bC2AI3wNf59snvrElba67L4m7e5rVBed1MonqbGGb+EPsqXwswScbsRwS+YcbtwbXclN6pBitxUd0Mxh6E1CSbhlzOLoA027BM/pLn3dOtp3noFc8xXrlL2AYXkl9IQKBgQC+e2+7G3W9QVGgsXwZhe3j33m1VG81vSipgjhnUMpPsuSSIjhHGZAFmXELO+jLYAofPWFB/uMRnSOLoEa4lKrGFby/D8UMuy/O3Lz3dPpOlbmjaaK8QBrNy+aaD35h2cepRy42ckGonbpJr/iOkImIEAVumhzZkSTCNYtDeUhslwKBgFvULjjmaAu/VDriBxDS64PmrNHLHuegMY/qxONVGyHvmnVqD6XuCdOxzMPWIgxFFc1RY9VdYAfx6EkspRT3aTjVMvQdXZ2H5wOWtEW+qkfYK/WaRXH9KkMrrxuwgszsGzKHvIRxtyaH+VQcVMgrBKmi+pQweyJuwNRTskK59XJl-----END RSA PRIVATE KEY-----key-admin.pem: -----BEGIN CERTIFICATE-----MIID3TCCAsWgAwIBAgIUH6w5Lfb2KXf3J/uccCqIBSZ1cYMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4XDTE3MDUwMzEwMjcwMFoXDTE4MDUwMzEwMjcwMFowazELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMTBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY4sv2ctwdti38slk0IIvdAyIZqaEwVIege96QpxisDqDPWRUkJXWa/npjnwxxG0c/oYG+xQ46j+GQwMDotD/ZmQQA0yykte5i8yIB0mRnHB3ZNbpmwSYFI9j7TKyAhUvB7JfGps+aKxr4nfUSDBQBG06Gbzz/U04s+P/jQi71Z6n5Oepdq8OKpZLRQc0sPZ98z4QWXjV4ccJMOfzEmM3kGeb8oxlb59fTJNMSO0bG0YsLLLfPjb/GRxwFqnTsPW9SmKxVyrTlFXuaQGCAnLaotbC2M5B8kIp8Ake4txYh0Pupzymi2yk/glUBDxdLOZJCZoN9zBWGEh/UWoFlyTyQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDA855ogXEPB8jQ+8vCPaI470l10MB8GA1UdIwQYMBaAFPKIL6U7gHcBzv0TNO+5SymZ6fcJMA0GCSqGSIb3DQEBCwUAA4IBAQBz9jhLSGeOQYbQDSb2LDgbO/fBpbZnNzSVCX6HgWgHJaC43J0SruGD+u3jyhhhYhsQLO+lQTZl3yzoWOjWYLlGc5cDqMDf6d8YAElyAywpbip/Xa/EuY/2oiOSxmJosyY4NltIeeUMccbmOX1mx0wfyD1mrFizplY5OpSfqLOFdLYfftZzPHbZznDhvRyow3/Q+gTqFq8JC8x7JWKCfQEjY/k20w8ptz+xSPqtwYKyE79S1+qDK1P459cJJNS7YprbPY7oEUnbigmU1RNt2w4JZzbfTDSeoTVx9XWRMgTNQ1har1NboZGaVJhROepe38vgVvfH5gKckgISrakiB19M-----END CERTIFICATE-----key-ca.pem: -----BEGIN CERTIFICATE-----MIIDvjCCAqagAwIBAgIUP/7TgWfkZ6torHllMQK4qKVdKm0wDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMB4XDTE3MDUwMzEwMDcwMFoXDTIyMDUwMjEwMDcwMFowZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HQdd+mApPqm9iQKwyNzEtQFShNm3l0hfZeFsoPK7pkNcc8NMajdiNzzSvorb8W8n4ALNt4i6lHADmw82JfHmunkO1EfKWu0kzSb47JXsqLDBjGm/rIENgXP+z+dJME8ELLP+xYtRssHGqR67NqHQWH3WcU86DmxmOT+eq5qsSzGYVnLOH1vHY1m1OcLslO+NU+9QY48AwGcOcE1iVUkSWEGtlr9KR0hi+x0tWJpJJ2WZspmg6szbFUO+8ucQyaymTBWNEt1mo7vawwivJNpM+td9FdXvUBtD9hZKf0nyzFCsnOhFsHBZfIq7oQc1rQ10fQTSVVjZkH8Euh7hQHMZQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU8ogvpTuAdwHO/RM077lLKZnp9wkwHwYDVR0jBBgwFoAU8ogvpTuAdwHO/RM077lLKZnp9wkwDQYJKoZIhvcNAQELBQADggEBAFKzFPaTXU5z1QNFEVjcJnLHvp8qlsfUpy6ivjD5x6AZErrrbKTMU7JATx5uo0G62lMarjhGcJV6l/bEfcDlGVvdSe3Nw7+bbYDlLYop1at84aD8sjTRuE1/m1XMhiMMnlOvF5es6joCzFgIEistjC/3d5kP+oPASmNPSTffHG04kEKbbcwWYACVtlHgdhohab9IGd5JskZGptjCCZcVEqjGtbT6gQ4p8Io5Fiz3W9HpD+2Dhk/pT6u0rLDR3p+4/bqo+NGrjOHHbQpe24kkg7nhZZSUmJKo6hrDRbnDVA94eznsj3Nl4U2rrg+poVxbRu4rIeH7dmQkL/6i4X6TZqs=-----END CERTIFICATE-----
注意：以上都是實驗性key，沒啥意義。

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-app spec:containers:- name: cm-test-appimage: kubeguide/tomcat-app:v1ports:- containerPort: 8080volumeMounts:- name: certkeymountPath: /configfilesvolumes:- name: certkeyconfigMap:name: cm-appconfigfilesitems:- key: key-admin.pempath: admin.pem- key: key-admin-key.pempath: admin-key.pem- key: key-ca.pempath: ca.pem 驗證：

kubectl exec -it cm-test-app -- bash ls /configfiles

如果不指定items： 則掛載后的文件名字為key-xxx

[root@node151 yaml]# cat cm-test-app.yaml apiVersion: v1 kind: Pod metadata:name: cm-test-app spec:containers:- name: cm-test-appimage: kubeguide/tomcat-app:v1ports:- containerPort: 8080volumeMounts:- name: certkeymountPath: /configfilesvolumes:- name: certkeyconfigMap:name: cm-appconfigfiles
cm創建的3種方法：

kubectl create configmap ca.pem --from-file=ca.pem kubectl create configmap cm-appconfig --from-file=configfilesdir kubectl create configmap cm-appenv --from-literal=loglevel=info --from-literal=appdatadir=/var/data

使用cm注意：

1，在pod前創建

2，只能掛載目錄

外部訪問：

Services overview diagram for userspace proxy

1，container級別端口映射到物理機
注：cni網絡不支持
Limitation: Due to #31307, HostPort won’t work with CNI networking plugin at the moment. That means all hostPort attribute in pod would be simply ignored

如果非cni：

apiVersion: v1 kind: Pod metadata:name: pod-hostportlabels:app: webapp spec:containers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80hostPort: 30090

2，pod級別端口映射到物理機: 這種方式不分配podip 共享物理機的ip地址.同時進程可以在物理機看到

apiVersion: v1 kind: Pod metadata:name: pod-hostnetworklabels:app: webapp spec:hostNetwork: truecontainers:- name: webappimage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80

[root@no161 ~]# kk|grep po default pod-hostnetwork 1/1 Running 0 18s 192.168.8.162 no162
[root@no162 ~]# ps -ef|grep nginx root 29405 29388 0 15:00 ? 00:00:00 nginx: master process nginx -g daemon off; 100 29426 29405 0 15:00 ? 00:00:00 nginx: worker process

3，svc級別端口映射到物理機

apiVersion: v1 kind: Service metadata:name: webapp spec:type: NodePortports:- port: 80targetPort: 80nodePort: 30081selector:app: webapp
4，svc還可以將請求發給第三方lb，由lb來轉發到各個pod。

svc高級
創建一個svc可訪問外部mysql服務
1，創建1個無selector的svc
apiVersion: v1 kind: Service metadata:name: my-service spec:ports:- protocol: TCPport: 3306targetPort: 3306
創建1個同name的endpoint即會自動關聯到上面svc。

apiVersion: v1 kind: Endpoints metadata:name: my-service subsets:- addresses:- ip: 192.168.6.87ports:- port: 3306
測試：
node151$ mysql -h svc-address -uroot -pxxx

liveness-活躍性

1,寫文件

apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-writefilelabels:app: pod-with-healthcheck-writefile spec:containers:- name: pod-with-healthcheck-writefileimage: busyboxargs:- /bin/sh- -c- echo ok > /tmp/health; spleep 10; rm -rf /tmp/health; sleep 600livenessProbe:exec:command:- cat- /tmp/healthinitialDelaySeconds: 15timeoutSeconds: 1

2,tcp sock:通過與容器localhost:80建連接

apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck-tcpsock spec:containers:- name: nginximage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80livenessProbe:tcpSocket:port: 80initialDelaySeconds: 30timeoutSeconds: 1

3,http status 200<

apiVersion: v1 kind: Pod metadata:name: pod-with-healthcheck spec:containers:- name: nginximage: nginx:1.11.4-alpineimagePullPolicy: IfNotPresentports:- containerPort: 80livenessProbe:httpGet:path: /_status/healthzport: 80initialDelaySeconds: 30 #首次創建后,等多久去檢查timeoutSeconds: 1 #當超時,干掉重建 #通過本地的kubenetes發起請求檢查 kubectl logs -f pod-with-healthcheck192.168.6.154 - - [10/May/2017:05:46:15 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-" 192.168.6.154 - - [10/May/2017:05:46:25 +0000] "GET /_status/healthz HTTP/1.1" 404 169 "-" "Go-http-client/1.1" "-"

總結

以上是生活随笔為你收集整理的[k8s]一步一步学习k8syaml的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。