Kubernetes基础
Kubernetes概述
核心概念
| 概念 | 说明 |
|---|---|
| Pod | 最小部署单元,一个或多个容器 |
| Node | 工作节点,运行Pod的机器 |
| Cluster | 集群,由Master和Worker节点组成 |
| Namespace | 资源隔离的逻辑分区 |
| Deployment | 管理Pod副本和更新策略 |
| Service | 提供稳定的访问入口 |
| ConfigMap | 配置数据存储 |
| Secret | 敏感数据存储 |
| Volume | 存储卷 |
| Ingress | HTTP路由规则 |
架构组件
┌─────────────────────────────────────────────────────────┐
│ Master Node │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ API │ │Scheduler│ │Controller│ │ etcd │ │
│ │ Server │ │ │ │ Manager │ │ │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└─────────────────────────────────────────────────────────┘
│
┌─────────────────┼─────────────────┐
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ Worker Node │ │ Worker Node │ │ Worker Node │
│ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │
│ │ kubelet │ │ │ │ kubelet │ │ │ │ kubelet │ │
│ │ kube-proxy│ │ │ │ kube-proxy│ │ │ │ kube-proxy│ │
│ │ runtime │ │ │ │ runtime │ │ │ │ runtime │ │
│ └───────────┘ │ │ └───────────┘ │ │ └───────────┘ │
│ Pods... │ │ Pods... │ │ Pods... │
└───────────────┘ └───────────────┘ └───────────────┘
kubectl命令
基本命令
# 集群信息
kubectl cluster-info
kubectl version
kubectl get nodes
kubectl describe node node-name
# 资源查看
kubectl get pods # 查看Pod
kubectl get pods -n namespace # 指定命名空间
kubectl get pods -A # 所有命名空间
kubectl get pods -o wide # 详细信息
kubectl get deployments
kubectl get services
kubectl get all # 所有资源
# 详细信息
kubectl describe pod pod-name
kubectl describe deployment deploy-name
# 日志查看
kubectl logs pod-name
kubectl logs -f pod-name # 实时跟踪
kubectl logs pod-name -c container # 指定容器
kubectl logs --previous pod-name # 上一个容器日志
# 进入容器
kubectl exec -it pod-name -- bash
kubectl exec -it pod-name -c container -- bash
# 端口转发
kubectl port-forward pod-name 8080:80
kubectl port-forward service/svc-name 8080:80资源创建与删除
# 创建资源
kubectl apply -f deployment.yaml
kubectl create deployment nginx --image=nginx
# 删除资源
kubectl delete -f deployment.yaml
kubectl delete pod pod-name
kubectl delete deployment deploy-name
kubectl delete all --all # 删除所有资源
# 编辑资源
kubectl edit deployment deploy-name
# 扩缩容
kubectl scale deployment nginx --replicas=3
kubectl autoscale deployment nginx --min=2 --max=10 --cpu-percent=80配置管理
# ConfigMap
kubectl create configmap my-config --from-literal=key1=value1
kubectl create configmap my-config --from-file=config.txt
kubectl get configmap
kubectl describe configmap my-config
# Secret
kubectl create secret generic my-secret --from-literal=password=secret123
kubectl create secret tls tls-secret --cert=path/to/cert --key=path/to/key
kubectl get secrets
kubectl describe secret my-secret
# 解码Secret
kubectl get secret my-secret -o jsonpath='{.data.password}' | base64 -d资源定义文件
Pod
# pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-app
labels:
app: my-app
tier: frontend
spec:
containers:
- name: my-app
image: nginx:latest
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 80
initialDelaySeconds: 5
periodSeconds: 5
env:
- name: ENV_VAR
value: "value"
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
emptyDir: {}Deployment
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.24
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
volumeMounts:
- name: config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: config
configMap:
name: nginx-configService
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: ClusterIP # ClusterIP, NodePort, LoadBalancer
selector:
app: nginx
ports:
- port: 80
targetPort: 80
protocol: TCP
---
# NodePort Service
apiVersion: v1
kind: Service
metadata:
name: nginx-nodeport
spec:
type: NodePort
selector:
app: nginx
ports:
- port: 80
targetPort: 80
nodePort: 30080Ingress
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
tls:
- hosts:
- example.com
secretName: tls-secretConfigMap与Secret
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
database_url: "mysql://localhost:3306/mydb"
cache_ttl: "3600"
config.json: |
{
"key": "value",
"nested": {
"key": "value"
}
}
---
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
username: YWRtaW4= # base64编码
password: cGFzc3dvcmQxMjM=
stringData: # 自动编码
api-key: "secret-api-key"PersistentVolume
# pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-data
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /data/pv
---
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: standard
---
# 在Pod中使用
apiVersion: v1
kind: Pod
metadata:
name: app-with-pvc
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: pvc-data常用运维操作
滚动更新
# 更新镜像
kubectl set image deployment/nginx nginx=nginx:1.25
# 查看更新状态
kubectl rollout status deployment/nginx
# 查看更新历史
kubectl rollout history deployment/nginx
# 回滚
kubectl rollout undo deployment/nginx
kubectl rollout undo deployment/nginx --to-revision=2
# 暂停和恢复
kubectl rollout pause deployment/nginx
kubectl rollout resume deployment/nginx故障排查
# Pod状态异常
kubectl describe pod pod-name # 查看事件
kubectl logs pod-name # 查看日志
kubectl get events --sort-by=.metadata.creationTimestamp
# 节点问题
kubectl describe node node-name
kubectl get nodes -o wide
kubectl cordon node-name # 标记节点不可调度
kubectl drain node-name # 驱逐节点上的Pod
kubectl uncordon node-name # 恢复调度
# 资源使用
kubectl top nodes
kubectl top pods调试技巧
# 创建临时调试Pod
kubectl run debug --rm -it --image=busybox -- sh
kubectl run debug --rm -it --image=nicolaka/netshoot -- bash
# 复制Pod进行调试
kubectl debug pod-name -it --copy-to=debug-pod --image=busybox
# 查看资源定义
kubectl get pod pod-name -o yaml
kubectl get pod pod-name -o jsonHelm包管理
基本命令
# 添加仓库
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
# 搜索Chart
helm search repo nginx
helm show values bitnami/nginx # 查看默认值
# 安装
helm install my-nginx bitnami/nginx
helm install my-nginx bitnami/nginx -f values.yaml
helm install my-nginx bitnami/nginx --set service.type=NodePort
# 升级
helm upgrade my-nginx bitnami/nginx
helm upgrade my-nginx bitnami/nginx --set replicaCount=3
# 卸载
helm uninstall my-nginx
# 查看已安装
helm list
helm status my-nginx💡 Kubernetes建议:
- 使用声明式配置(YAML文件)
- 设置合理的资源限制
- 配置健康检查探针
- 使用Namespace隔离环境