k8s入门知识点
[TOC]
k8s并不神秘,你可以结合vm和redis之类的中间件
Q-1:为什么需要k8s
Q0:k8s架构,k8s基本概念入门
Q1:k8s的yml讲解。
Q2:k8s能做什么?k8s如何做?
推荐官方文档和中文文档:
1.为什么需要k8s
来个官方链接:https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/
2.基本架构和基本概念入门
2.1基本架构
对比几张来自不同网站的架构图
[图片上传失败...(image-eb049d-1582014664031)]
必须包含master和node 各至少一个。
-
master节点可认为是管家,包含核心组件
- <1>api-server(一组Restful的api接口,k8s集群控制的唯一入口和前端,是组件间交互的中枢,像是身份认证,授权等机制都由api提供)
- <2>数据管理(k8s的数据均存储在etcd中,仅由apiserver操作数据)
- <3>scheduler(pod调度,可自定义调度算法)
- <4>controller-manager(管理集群内各类资源controller,如副本数,endpoint,namespace,自愈等,使之始终处于“期望状态”)等功能。
官方推荐master部署在独立的物理主机上,该主机一般不会run其他服务。
-
node 节点就是用来run实际的pod,包含
- kubelet(systemd来进行管理,定期向master 汇报node状态,并接受apiserver的命令,负责node和master之间的通信,可认为是node的声明周期管理器)
- kube-proxy(service的代理器,将到达service的request load到具体的endpoint去,由iptables mode实现,比如常用的nodeport模式可实现外部访问集群内部service)
- container - runtime (还包含了各种容器,如docker的运行环境)。
如下单service的应用外部访问示意:hello service对外提供服务,内部负载了3个pod,controller 为deployment
2.2 k8s的对象模型
k8s可以看做是面向对象的,每类服务可看做是k8s的一个对象。这些对象由用户定义yaml,k8s的api负责创建。所有对象包含spec(规范)+status两类基本信息。
例如:k8s创建pod的api为:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#pod-v1-core
kubectl 也会将yaml转成json发送到master节点。
k8s中常用的对象有pod、deployment、service、statefulSet等,每个对象至少包含3个metadata:namespace、name、uid。
2.2.1 k8s中常见的object kind:
-
pod
- 基本调度单元,特定关系的一组容器集合,最小的部署集合。
- 非持久性实体,调度失败、自愈等情况会被终止,重建,不建议手动创建Pod,而是通过controller创建pod,如deployment。
-
Service
- pod 重启之后ip会改变,多个相同服务的pod需要有discovery+loadbalance 。这一点与“微服务”中的概念一致。通过label selector 可轻松实现逻辑分组。
- service 的声明周期内,ip不会改变。可通过nodeport 暴露到外部。
- 有的service不需要ip、有的service 不需要负载均衡。
-
Controllers
Replicaset (rs)副本数,用于loadbalance和冗余。(老版本是ReplicationController- rc,算是功能升级,官方推荐使用rs 代替rc)。现阶段非特殊情况如升级pod的操作,也不推荐单独使用,
-
Deployment
使用并管理rs ,算是更高一层的概念,这是现在比较常用的部署app的方式。deployment为pod和rs提供声明式更新(而非命令式)。支持滚动更新(rollingUpdate),支持回滚操作。
-
statefulSet(k8s 1.9 GA)
我们自己开发的应用一般都是stateless的,像是redis、zk、kafka、mysql这类的中间件通常需要使用statefulSet。通常适用于稳定的持久存储、稳定的网络标识、有序部署有序扩展、有序收缩、有序滚动升级的场景。
pod的存储一般都是volumes外挂到persistent介质。并且伸缩或删除不会删除关联的存储。需要headless service负责pod的网络身份。
<font color=red size=1>
"注意:statefulSet 对应的service为headless servie,和普通的service的区别在于,普通的有cluster ip,通过只有service 有dns,通过iptables进行负载。headless service无cluster ip,endpoints是所有pod的dns地址。就意味着statefulset 创建pod的时候为pod生成了dns信息。如3 节点的mysql,会生成mysql-0 ... mysql-2三个pod(pod名称生产规则为pod+递增序号),并且会生成域: $(podname).(headless server name),完整FQDN为: $(podname).(headless server name).namespace.svc.cluster.local"
</font>看一个完整的statefulSet + headless service 的示例。
apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: web spec: serviceName: "nginx" replicas: 1 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.11 ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /usr/share/nginx/html nodeSelector: node: kube-node3 volumes: - name: www hostPath: path: /mydir
-
DeamonSet
每个node都有一个pod副本运行。常用在后台常驻程序如ceph,日志收集,心跳检查,Prometheus exporter等。
-
ConfigMap
向pod 提供非敏感的配置信息,支持键值对,单个属性,配置文件。
使用方式:环境变量,容器命令行参数,数据卷挂载。
定义示例:
apiVersion:V1 kind:ConfigMap metadata: name:hello-config namespace:public-config data: title:hello everybody sex:girl
引用示例:
apiVersion:V1 kind:deployment metadata: name:hello-dem spec: containers: - name:goodboy image:hub/images command:["/bin/bash","-c","echo ${envTitle} ${envSex}"] env: - name:envTitle valueFrom: configMapKeyRef: name:hello-config key:title - name:envSex valueFrom: configMapKeyRef: name:hello-config key:sex
-
Secret
对应于ConfigMap,用于敏感信息配置,如token,密码,秘钥等。
-
Endpoints
service 和 pod 之间的关系会创建endpoint对象,默认与service 同名。kube-proxy将会监听service 和 endpoint的变化,从而更新iptables的规则。
-
PodDisruptionBudget(pdb,主动驱逐保护)
- 没有pdb。当进行节点维护时,如果某个服务的多个pod在该节点上,则节点的停机可能会造成服务中断或者服务降级。举个例子,某服务有5个pod,最低3个pod能保证服务质量,否则会造成响应慢等影响,此时该服务的4个pod在node01上,如果对node01进行停机维护,此时只有1个pod能正常对外服务,在node01的4个pod迁移过程中,就会影响该服务正常响应;
- pdb能保证应用在节点维护时不低于一定数量的pod运行,从而保持服务质量;
等等其他的如 ingress
2.2.2 k8s中有常见的metadata
-
name && UID (uid是在k8s的整个声明周期中均唯一,不会产生相同的uid,可对等为mysql的auto increment key)
来看一个api访问对象的路径:/api/{version}/namespaces/{namespace}/{object-kind}/{name} ,k8s通过层层限定来寻找唯一标识的name。
-
namespace
对一组资源和对象的抽象集合,从逻辑上划分k8s实现分层管理,并实现一定层度上的资源和权限隔离。
内置三个namespace:default,kube-system(存放api-server、dns插件等),kube-public(供所有用户包含未经过身份验证的用户使用,实现资源集群内共享)
Node和persistentVolume(简称PV,通过PVC和pod绑定)不属于任何namespace。
-
label
标识性的数据,有严格的命名规范,k8s可通过标签组合管理对象,达到松耦合。在spec中通过selectors进行匹配。
-
annotation(理解为java注释吧)
非标识性的元数据附加到对象上。通常会有时间戳,版本号,用户信息等辅助信息。
2.2.3 k8s spec中常见的参数
-
selectors(标签和标签选择器)
对应label对应的key-value 进行对象的选择
2.3 k8s的ip模型
k8s的ip:
- node Ip :node节点的ip,为物理ip.
- pod Ip:pod的ip,即docker 容器的ip,为虚拟ip。
- cluster Ip:service 的ip,为虚拟ip。提供一个集群内部的虚拟IP以供Pod访问。
2.4 k8s的volume
k8s的volume和docker有所不同,v是独立于容器的,与pod声明周期相同,即pod删除空间也被删除。有多重类型
-
emptydir
空目录,pod中的容器会共享此目录
如下所示,busybox的文件写入,在nginx容器中能够读出来。
[root@master ~]# cat test.yaml apiVersion: v1 kind: Service metadata: name: serivce-mynginx namespace: default spec: type: NodePort selector: app: mynginx ports: - name: nginx port: 80 targetPort: 80 nodePort: 30080 --- apiVersion: apps/v1 kind: Deployment metadata: name: deploy namespace: default spec: replicas: 1 selector: matchLabels: app: mynginx template: metadata: labels: app: mynginx spec: containers: - name: mynginx image: lizhaoqwe/nginx:v1 volumeMounts: - mountPath: /usr/share/nginx/html/ name: share ports: - name: nginx containerPort: 80 - name: busybox image: busybox command: - "/bin/sh" - "-c" - "sleep 4444" volumeMounts: - mountPath: /data/ name: share volumes: - name: share emptyDir: {}
-
hostpath
使用node的目录进行挂载
-
configmap && secret
前面讲过,configmap和secret 都可以使用文件的方式,也可以把文件直接挂载到容器中。
如:
spec: containers: - name: nginx image: nginx ports: - name: nginx containerPort: 80 volumeMounts: - name: html-config mountPath: /nginx/vars/ readOnly: true volumes: - name: html-config configMap: name: nginx-var
-
外部存储
如nfs,ceph等。外部存储一般需要用到storageClass + pvc + pv。可参考blog:https://www.cnblogs.com/benjamin77/p/9944268.html
2.5 k8s port
Port,Targetport,Nodeport区别
service 暴露nodeport 到node上,node 接受request 之后通过kube-proxy 负载到具体的pod(iptables 或 ipvs)。
3.k8s yaml讲解
一个yaml通常如下:其中apiVersion、kind、metadata、spec(规格)是必填的项目。通常spec对于对象而言是能起决定性作用的描述。且对于pod、deployment、service等对象有各自特殊格式的spec。
3.1 Depolyment的yaml示例
Deployment API 版本对照表
Kubernetes 版本 | Deployment 版本 |
---|---|
v1.5-v1.15 | extensions/v1beta1 |
v1.7-v1.15 | apps/v1beta1 |
v1.8-v1.15 | apps/v1beta2 |
v1.9+ | apps/v1 |
这是sre定义的内容:
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
k8s-app: chainaccesspipe # lables k-v形式供service selector选择
name: chainaccesspipe
namespace: chainaccess-dev # 命名空间
annotations:
title: "这是个测试title"
date: "2020/10/10 "
status: "be happy"
spec:
replicas: 1 # 副本数
selector:
matchLabels:
k8s-app: chainaccesspipe #template选择器
template:
metadata:
labels:
k8s-app: chainaccesspipe
spec:
initContainers: #初始化容器
- image: www.xxx.com/middleware/sysctl:latest
imagePullPolicy: Always
name: sysctl
resources:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
securityContext:
privileged: true
runAsUser: 0
containers:
- name: chainaccesspipe
image: www.xxx.com/baseserver-dev/pipe:integration.0.9.1.0.0
# resources:
# requests:
# memory: "2G"
# cpu: "350m"
# limits:
# memory: "2G"
# cpu: 1
# livenessProbe:
# httpGet:
# path: /actuator/health
# port: 8017
# initialDelaySeconds: 150
# periodSeconds: 5
# readinessProbe:
# httpGet:
# path: /actuator/health
# port: 8017
# initialDelaySeconds: 150
# periodSeconds: 3
env: # 环境变量
- name: LC_ALL
value: en_US.utf8
- name: JAVA_OPTS_OVERRIDE
value: |-
-Xms1024m
-Xmx1024m
-Dport=8017
-Dnacos-namespace=5ea6a570-379f-4d74-9553-066a2227720f
-Duser.timezone=GMT+08
args:
- -jar
- /app/app.jar
ports:
- containerPort: 8017 #容器暴露端口
imagePullPolicy: Always
securityContext:
runAsUser: 1000
fsGroup: 1000
imagePullSecrets:
- name: sec8084
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: chainaccesspipe
annotations:
prometheus.io/scrape: "true"
prometheus.io/app-metrics-path: /actuator/prometheus
name: chainaccesspipe
namespace: chainaccess-dev
spec:
ports:
- port: 8017
targetPort: 8017
nodePort: 28017
type: NodePort
selector:
k8s-app: chainaccesspipe
接下来我们登陆21 ,通过api获取下完整的map:
curl -s 127.0.0.1:8080/apis/apps/v1/namespaces/chainaccess-dev/deployments/chainaccesspipe | jq
内容如下,这个是v1版本下,完整的map,我们可以对比下定义的yaml。
{
"kind": "Deployment",
"apiVersion": "apps/v1",
"metadata": {
"name": "chainaccesspipe",
"namespace": "chainaccess-dev",
"selfLink": "/apis/apps/v1/namespaces/chainaccess-dev/deployments/chainaccesspipe",
"uid": "9ca01515-2aca-11ea-b7ca-005056aa5684",
"resourceVersion": "84030034",
"generation": 1,
"creationTimestamp": "2019-12-30T06:07:08Z",
"labels": {
"k8s-app": "chainaccesspipe"
},
"annotations": {
"deployment.kubernetes.io/revision": "1"
}
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"k8s-app": "chainaccesspipe"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"k8s-app": "chainaccesspipe"
}
},
"spec": {
"initContainers": [
{
"name": "sysctl",
"image": "harbor.xxx.com/middleware/sysctl:latest",
"resources": {
"limits": {
"cpu": "20m",
"memory": "20Mi"
},
"requests": {
"cpu": "20m",
"memory": "20Mi"
}
},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always",
"securityContext": {
"privileged": true,
"runAsUser": 0
}
}
],
"containers": [
{
"name": "chainaccesspipe",
"image": "harbor.xxx.com/baseserver-dev/pipe:release.0.9.1.1.0",
"args": [
"-jar",
"/app/app.jar"
],
"ports": [
{
"containerPort": 8080,
"protocol": "TCP"
}
],
"env": [
{
"name": "LC_ALL",
"value": "en_US.utf8"
},
{
"name": "JAVA_OPTS_OVERRIDE",
"value": "-Xms1024m\n-Xmx1024m\n-Dport=8080\n-Dnacos-server-addr=nacos-headless.nacos-server:8848\n-Dnacos-namespace=9482afb2-3267-45ea-92cd-48edaae5837b\n-Duser.timezone=GMT+08"
}
],
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {
"runAsUser": 1000,
"fsGroup": 1000
},
"imagePullSecrets": [
{
"name": "sec8084"
}
],
"schedulerName": "default-scheduler"
}
},
"strategy": {
"type": "RollingUpdate",
"rollingUpdate": {
"maxUnavailable": "25%",
"maxSurge": "25%"
}
},
"revisionHistoryLimit": 10,
"progressDeadlineSeconds": 600
},
"status": {
"observedGeneration": 1,
"replicas": 1,
"updatedReplicas": 1,
"readyReplicas": 1,
"availableReplicas": 1,
"conditions": [
{
"type": "Progressing",
"status": "True",
"lastUpdateTime": "2019-12-30T06:07:17Z",
"lastTransitionTime": "2019-12-30T06:07:08Z",
"reason": "NewReplicaSetAvailable",
"message": "ReplicaSet \"chainaccesspipe-6bf9469bf4\" has successfully progressed."
},
{
"type": "Available",
"status": "True",
"lastUpdateTime": "2020-01-19T08:10:00Z",
"lastTransitionTime": "2020-01-19T08:10:00Z",
"reason": "MinimumReplicasAvailable",
"message": "Deployment has minimum availability."
}
]
}
}
3.2 pod完整yaml
apiVersion: v1 #必选,版本号,例如v1,版本号必须可以用 kubectl api-versions 查询到 .
kind: Pod #必选,Pod
metadata: #必选,元数据
name: string #必选,Pod名称
namespace: string #必选,Pod所属的命名空间,默认为"default"
labels: #自定义标签
- name: string #自定义标签名字
annotations: #自定义注释列表
- name: string
spec: #必选,Pod中容器的详细定义
containers: #必选,Pod中容器列表
- name: string #必选,容器名称,需符合RFC 1035规范
image: string #必选,容器的镜像名称
imagePullPolicy: [ Always|Never|IfNotPresent ] #获取镜像的策略 Alawys表示下载镜像 IfnotPresent表示优先使用本地镜像,否则下载镜像,Nerver表示仅使用本地镜像
command: [string] #容器的启动命令列表,如不指定,使用打包时使用的启动命令
args: [string] #容器的启动命令参数列表
workingDir: string #容器的工作目录
volumeMounts: #挂载到容器内部的存储卷配置
- name: string #引用pod定义的共享存储卷的名称,需用volumes[]部分定义的的卷名
mountPath: string #存储卷在容器内mount的绝对路径,应少于512字符
readOnly: boolean #是否为只读模式
ports: #需要暴露的端口库号列表
- name: string #端口的名称
containerPort: int #容器需要监听的端口号
hostPort: int #容器所在主机需要监听的端口号,默认与Container相同
protocol: string #端口协议,支持TCP和UDP,默认TCP
env: #容器运行前需设置的环境变量列表
- name: string #环境变量名称
value: string #环境变量的值
resources: #资源限制和请求的设置
limits: #资源限制的设置
cpu: string #Cpu的限制,单位为core数,将用于docker run --cpu-shares参数
memory: string #内存限制,单位可以为Mib/Gib,将用于docker run --memory参数
requests: #资源请求的设置
cpu: string #Cpu请求,容器启动的初始可用数量
memory: string #内存请求,容器启动的初始可用数量
livenessProbe: #对Pod内各容器健康检查的设置,当探测无响应几次后将自动重启该容器,检查方法有exec、httpGet和tcpSocket,对一个容器只需设置其中一种方法即可
exec: #对Pod容器内检查方式设置为exec方式
command: [string] #exec方式需要制定的命令或脚本
httpGet: #对Pod内个容器健康检查方法设置为HttpGet,需要制定Path、port
path: string
port: number
host: string
scheme: string
HttpHeaders:
- name: string
value: string
tcpSocket: #对Pod内个容器健康检查方式设置为tcpSocket方式
port: number
initialDelaySeconds: 0 #容器启动完成后首次探测的时间,单位为秒
timeoutSeconds: 0 #对容器健康检查探测等待响应的超时时间,单位秒,默认1秒
periodSeconds: 0 #对容器监控检查的定期探测时间设置,单位秒,默认10秒一次
successThreshold: 0
failureThreshold: 0
securityContext:
privileged: false
restartPolicy: [Always | Never | OnFailure] #Pod的重启策略,Always表示一旦不管以何种方式终止运行,kubelet都将重启,OnFailure表示只有Pod以非0退出码退出才重启,Nerver表示不再重启该Pod
nodeSelector: obeject #设置NodeSelector表示将该Pod调度到包含这个label的node上,以key:value的格式指定
imagePullSecrets: #Pull镜像时使用的secret名称,以key:secretkey格式指定
- name: string
hostNetwork: false #是否使用主机网络模式,默认为false,如果设置为true,表示使用宿主机网络
volumes: #在该pod上定义共享存储卷列表
- name: string #共享存储卷名称 (volumes类型有很多种)
emptyDir: {} #类型为emtyDir的存储卷,与Pod同生命周期的一个临时目录。为空值
hostPath: string #类型为hostPath的存储卷,表示挂载Pod所在宿主机的目录
path: string #Pod所在宿主机的目录,将被用于同期中mount的目录
secret: #类型为secret的存储卷,挂载集群与定义的secre对象到容器内部
scretname: string
items:
- key: string
path: string
configMap: #类型为configMap的存储卷,挂载预定义的configMap对象到容器内部
name: string
items:
- key: string
path: string
附录:
附录1:k8s常见api操作
# 查看当前集群支持的API版本
$ curl -s 127.0.0.1:8080/api/ | jq -r .versions
# 查看指定API的资源操作类型 返回一个字典列表
$ curl -s 127.0.0.1:8080/api/v1/ | jq keys
[
"groupVersion",
"kind",
"resources"
]
# 查看当前k8s集群支持的操作类型
curl -s 127.0.0.1:8080/api/v1/ | jq .resources | grep "name\b"
"name": "bindings",
"name": "componentstatuses",
"name": "configmaps",
"name": "endpoints",
"name": "events",
"name": "limitranges",
"name": "namespaces",
"name": "namespaces/finalize",
"name": "namespaces/status",
"name": "nodes",
"name": "nodes/proxy",
"name": "nodes/status",
"name": "persistentvolumeclaims",
"name": "persistentvolumeclaims/status",
"name": "persistentvolumes",
"name": "persistentvolumes/status",
"name": "pods",
"name": "pods/attach",
"name": "pods/binding",
"name": "pods/eviction",
"name": "pods/exec",
"name": "pods/log",
"name": "pods/portforward",
"name": "pods/proxy",
"name": "pods/status",
"name": "podtemplates",
"name": "replicationcontrollers",
"name": "replicationcontrollers/scale",
"name": "replicationcontrollers/status",
"name": "resourcequotas",
"name": "resourcequotas/status",
"name": "secrets",
"name": "serviceaccounts",
"name": "services",
"name": "services/proxy",
"name": "services/status",
# 常用的,需要关注的几个资源类型 【namespaces|nodes|pods|podtemplates|replicationcontrollers|services|secrets】
# 查看某个namespace的URL
$ curl -s 127.0.0.1:8080/api/v1/namespaces/ | jq .items | jq values[0] | grep -E '(name|selfLink)'
"name": "default",
"selfLink": "/api/v1/namespaces/default",
# 查看namespace详情
$ curl -s 127.0.0.1:8080/api/v1/namespaces/default | jq .spec
{
"finalizers": [
"kubernetes"
]
}
# 查看全部node
$ curl -s 127.0.0.1:8080/api/v1/nodes | jq .items | grep -E "\bname\b|selfLink"
"name": "172.25.47.138",
"selfLink": "/api/v1/nodes/172.25.47.138",
"name": "172.25.47.202",
"selfLink": "/api/v1/nodes/172.25.47.202",
"name": "172.25.47.75",
"selfLink": "/api/v1/nodes/172.25.47.75",
"name": "10.0.0.121",
"selfLink": "/api/v1/nodes/10.0.0.121",
"name": "10.0.0.122",
"selfLink": "/api/v1/nodes/10.0.0.122",
# 查看某个node详情【当前该节点的资源信息以及设置限制条件,当前节点运行的pod容器以及镜像相关信息】
$ curl -s 127.0.0.1:8080/api/v1/nodes/10.0.0.122 | jq .status
{
"capacity": {
"cpu": "4",
"ephemeral-storage": "14987616Ki",
"hugepages-2Mi": "0",
"memory": "6627524Ki",
"pods": "110"
},
"allocatable": {
"cpu": "4",
"ephemeral-storage": "13812586883",
"hugepages-2Mi": "0",
"memory": "6525124Ki",
"pods": "110"
},
"conditions": [
{
"type": "OutOfDisk",
"status": "False",
"lastHeartbeatTime": "2018-07-19T03:15:50Z",
"lastTransitionTime": "2018-06-28T01:59:06Z",
"reason": "KubeletHasSufficientDisk",
"message": "kubelet has sufficient disk space available"
},
{
"type": "MemoryPressure",
"status": "False",
"lastHeartbeatTime": "2018-07-19T03:15:50Z",
"lastTransitionTime": "2018-06-28T01:59:06Z",
"reason": "KubeletHasSufficientMemory",
"message": "kubelet has sufficient memory available"
},
{
"type": "DiskPressure",
"status": "False",
"lastHeartbeatTime": "2018-07-19T03:15:50Z",
"lastTransitionTime": "2018-06-28T01:59:06Z",
"reason": "KubeletHasNoDiskPressure",
"message": "kubelet has no disk pressure"
},
{
"type": "PIDPressure",
"status": "False",
"lastHeartbeatTime": "2018-07-19T03:15:50Z",
"lastTransitionTime": "2018-06-28T01:59:06Z",
"reason": "KubeletHasSufficientPID",
"message": "kubelet has sufficient PID available"
},
{
"type": "Ready",
"status": "True",
"lastHeartbeatTime": "2018-07-19T03:15:50Z",
"lastTransitionTime": "2018-07-18T08:18:31Z",
"reason": "KubeletReady",
"message": "kubelet is posting ready status"
}
],
"addresses": [
{
"type": "InternalIP",
"address": "10.0.0.122"
},
{
"type": "Hostname",
"address": "10.0.0.122"
}
],
"daemonEndpoints": {
"kubeletEndpoint": {
"Port": 10250
}
},
"nodeInfo": {
"machineID": "cd7f16da1665b7cee74f46122e2d7cdd",
"systemUUID": "0E96FBAF-C214-18F8-D9E6-8B65B9B5A413",
"bootID": "f67f0185-4be6-41d0-b5e0-d126165f6986",
"kernelVersion": "3.10.0-327.el7.x86_64",
"osImage": "CentOS Linux 7 (Core)",
"containerRuntimeVersion": "docker://1.12.6",
"kubeletVersion": "v1.10.4",
"kubeProxyVersion": "v1.10.4",
"operatingSystem": "linux",
"architecture": "amd64"
},
"images": [
{
"names": [
"dockerhub.jd.com/wolf/fe-wolf@sha256:0b155e99f27de990cfd3a5f96bcc13b820530cf1236b96ca5d87efae4f65f62a",
"dockerhub.jd.com/wolf/fe-wolf:latest"
],
"sizeBytes": 352597644
},
{
"names": [
"xxbandy123/go-web@sha256:c375b479a74b0ec77608a221a28ddc4589149d55a04845eac697903add557c30",
"xxbandy123/go-web:latest"
],
"sizeBytes": 338268706
},
{
"names": [
"dockerhub.jd.com/gcr_mirror/pause-amd64@sha256:fcaff905397ba63fd376d0c3019f1f1cb6e7506131389edbcb3d22719f1ae54d",
"dockerhub.jd.com/gcr_mirror/pause-amd64:3.1"
],
"sizeBytes": 742472
}
]
}
# 查看pod相关信息【由于一般k8s是不建议使用pod类型来直接控制容器的,因此这个接口直接查没什么意义】
# 查看apis group相关信息
curl -s 127.0.0.1:8080/apis/extensions/v1beta1 | grep "\bname\b"
"name": "daemonsets",
"name": "daemonsets/status",
"name": "deployments",
"name": "deployments/rollback",
"name": "deployments/scale",
"name": "deployments/status",
"name": "ingresses",
"name": "ingresses/status",
"name": "networkpolicies",
"name": "podsecuritypolicies",
"name": "replicasets",
"name": "replicasets/scale",
"name": "replicasets/status",
"name": "replicationcontrollers",
"name": "replicationcontrollers/scale",
$ curl -s 127.0.0.1:8080/apis/apps/v1beta1 | grep "\bname\b"
"name": "controllerrevisions",
"name": "deployments",
"name": "deployments/rollback",
"name": "deployments/scale",
"name": "deployments/status",
"name": "statefulsets",
"name": "statefulsets/scale",
"name": "statefulsets/status",
# 查看控制器对应的控制器信息【statefulset,deployment】 这些控制器的信息一般在/apis/apps/下
# job和cronjob一般会在/apis/batch/下
$ curl -s 127.0.0.1:8080/apis/batch/v1 | grep "\bname\b"
"name": "jobs",
"name": "jobs/status",
curl -s 127.0.0.1:8080/apis/batch/v1/jobs | jq -r .items | grep name
"name": "image-build-service",
"namespace": "default",
"selfLink": "/apis/batch/v1/namespaces/default/jobs/image-build-service",
"job-name": "image-build-service"
"name": "image-build-service",
"job-name": "image-build-service"
"name": "hosts",
"name": "image-build-service",
"name": "dockerhost",
"name": "branch",
"name": "giturl",
"name": "app",
"name": "dockerfiledir",
"name": "hosts",
# 查看当前/apis/apps/支持的apiversion
$ curl -s 127.0.0.1:8080/apis/apps | jq .versions |grep "groupVersion"
"groupVersion": "apps/v1",
"groupVersion": "apps/v1beta2",
"groupVersion": "apps/v1beta1",
# 查看应用的api支持的相关资源类型 【daemonsets|deployments|replicasets|statefulsets】
$ curl -s 127.0.0.1:8080/apis/apps/v1 | jq .resources | grep "name\b"
"name": "controllerrevisions",
"name": "daemonsets",
"name": "daemonsets/status",
"name": "deployments",
"name": "deployments/scale",
"name": "deployments/status",
"name": "replicasets",
"name": "replicasets/scale",
"name": "replicasets/status",
"name": "statefulsets",
"name": "statefulsets/scale",
"name": "statefulsets/status",
# 问题:job类型的资源在哪里查看 batch/extension?
# 查看deployment名称和selflink
$ curl -s 127.0.0.1:8080/apis/apps/v1/deployments | jq .items | grep -E "(\bname\b|\bnamespace\b|selfLink)"
"name": "test-go-web",
"namespace": "default",
"selfLink": "/apis/apps/v1/namespaces/default/deployments/test-go-web",
# 查看某个deployment详情
$ kubectl get deployments -o wide
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
test-go-web 5 5 5 5 1h test-go-web xxbandy123/go-web run=test-go-web
$ curl -s 127.0.0.1:8080/apis/apps/v1/namespaces/default/deployments/test-go-web | jq .spec
{
"replicas": 5,
"selector": {
"matchLabels": {
"run": "test-go-web"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "test-go-web"
}
},
"spec": {
"containers": [
{
"name": "test-go-web",
"image": "xxbandy123/go-web",
"ports": [
{
"containerPort": 9090,
"protocol": "TCP"
}
],
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {},
"schedulerName": "default-scheduler"
}
},
"strategy": {
"type": "RollingUpdate",
"rollingUpdate": {
"maxUnavailable": 1,
"maxSurge": 1
}
},
"revisionHistoryLimit": 10,
"progressDeadlineSeconds": 600
}
# 查看service资源下的实例
# curl -s 127.0.0.1:8080/api/v1/services/ | jq ".items" | jq values[1] |grep -E "(\bname\b|selfLink|\bnamespace\b)"
"name": "test-go-web",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/test-go-web",
# 查看某个service详情 【具体的资源类型会被划分到namespaces下】
$ curl -s 127.0.0.1:8080/api/v1/namespaces/default/services/test-go-web | jq -r '.spec'
{
"ports": [
{
"protocol": "TCP",
"port": 9090,
"targetPort": 9090,
"nodePort": 30315
}
],
"selector": {
"run": "test-go-web"
},
"clusterIP": "10.254.141.49",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Cluster"
}
# 查看configmap
$ curl -s 127.0.0.1:8080/api/v1/configmaps | jq .items
# 查看secrets
$ curl -s 127.0.0.1:8080/api/v1/secrets | jq .items | grep "\"\bname\b"
附录2:参考资料:
- pod 操作 https://blog.51cto.com/3241766/2420421
- k8s EN-doc https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13
- k8s CN-doc https://www.kubernetes.org.cn/
- volumes //www.greatytc.com/p/d351c967298e
- Headless service + statefulSet