k8s 1.25学习4 - 使用Deployment、StatefulSet部署应用

时间:2022-12-19 23:00:10

k8s集群中apiserver是无状态的,可以有多台同时工作
Controller-Manager、scheduler是有状态的,会选举出一个master节点工作

#查看主节点
kubectl get leases -n kube-system

CoreDNS:Service路由解析

#显示和操作IP路由表
route -n

kubectl run mynginx --image=nginx
kubectl exec -it mynginx -- sh
#nameserver指向dns的IP
cat /etc/resolv.conf
exit

kubectl get svc -A | grep dns
kubectl delete pod mynginx

Pod常用命令

每个Pod包含一个Pause容器
Pause容器是Pod的父容器,负责僵尸进程的回收管理,通过Pause容器使同一个Pod里的容器共享存储、网络、PID、IPC等

#查看k8s.io命名空间内的静态容器
ctr -n k8s.io container ls
ctr -n k8s.io task ls

https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/
Pod官方文档

使用文件创建Pod
#输出Pod的yaml文件,不会自动创建Pod
kubectl run nginx --image=nginx:1.15.12 -oyaml --dry-run=client > pod.yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  containers:
  - image: nginx:1.15.12
    name: nginx

kubectl apply -f pod.yaml
查看yaml文件格式中的版本号
kubectl api-resources | grep pod
kubectl api-resources | grep deployment
覆盖镜像中entrypoint命令
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  containers:
  - image: nginx:1.15.12
    name: nginx
    command: ["sleep", "10"]  #entrypoint
	
	
#查看帮忙文档	
kubectl explain Pod.spec.containers	

#command覆盖镜像中entrypoint
#args覆盖镜像中CMD中的参数

Pod镜像拉取策略
imagePullPolicy: IfNotPresent # 可选,镜像拉取策略,IfNotPresent、Never、IfNotPresent

Pod重启策略
#默认Always
#OnFailure:容器执行entrypoint命令后,以不为0的状态码终止,则自动重启该容器
restartPolicy: Always #Always、OnFailure、Never


Pod的三种探针

startupProbe:判断容器内的应用程序是否已经启动
livenessProbe:探测容器是否在运行;如果不满足健康条件,根据Pod中设置的restartPolicy(重启策略)来判断,Pod是否要进行重启操作
readinessProbe:探测容器内的程序是否健康,即判断容器是否为就绪(Ready)状态;不可用将从Service的Endpoints中移除

kubectl get svc -n kube-system
kubectl describe svc metrics-server -n kube-system
kubectl get pods -n kube-system -owide | grep metrics
kubectl get endpoints metrics-server -n kube-system

程序如果启动比较慢,需要使用startupProbe探针
只有等startupProbe检测通过了之后,才会开始检测livenessProbe、readinessProbe
应用启动时间大于30秒,就需要配置startupProbe,这样livenessProbe、readinessProbe的间隔检查时间就可以配置小一些了
vi nginx-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.15.12
    imagePullPolicy: IfNotPresent
    command:
    - sh
    - -c
    - sleep 30; nginx -g "daemon off;"
    startupProbe:
      tcpSocket:
        port: 80
      initialDelaySeconds: 10 # 初始化时间
      timeoutSeconds: 2 # 超时时间
      periodSeconds: 5 # 检测间隔
      successThreshold: 1 # 检查成功为2次表示就绪
      failureThreshold: 5 # 检测失败1次表示未就绪
    readinessProbe: 
      httpGet:
        path: /index.html
        port: 80
        scheme: HTTP
      initialDelaySeconds: 10 # 初始化时间, 健康检查延迟执行时间
      timeoutSeconds: 2 # 超时时间
      periodSeconds: 5 # 检测间隔
      successThreshold: 1 # 检查成功为2次表示就绪
      failureThreshold: 2 # 检测失败1次表示未就绪
    livenessProbe: # 可选,健康检查
      exec: # 端口检测方式
        command:
        - sh
        - -c
        - pgrep nginx
      initialDelaySeconds: 10 # 初始化时间
      timeoutSeconds: 2 # 超时时间
      periodSeconds: 5 # 检测间隔
      successThreshold: 1 # 检查成功为 2 次表示就绪
      failureThreshold: 2 # 检测失败 1 次表示未就绪
    ports:
    - containerPort: 80
  restartPolicy: Never
kubectl apply -f nginx-pod.xml
kubectl delete -f nginx-pod.xml
preStop容器停止前执行指令

vi pod-preStop.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.15.12
    imagePullPolicy: IfNotPresent
    lifecycle:
      preStop:
       exec:
         command:
         - sh
         - -c
         - sleep 10
    ports: 
    - containerPort: 80 
  restartPolicy: Never
kubectl apply -f pod-preStop.yaml
kubectl delete -f pod-preStop.yaml

无状态应用管理Deployment

Replication Controller可确保Pod副本数达到期望值,即确保一个Pod或一组同类Pod总是可用
ReplicaSet是支持基于集合的标签选择器的下一代Replication Controller
它主要用作Deployment协调创建、删除和更新Pod,和Replication Controller唯一的区别是,ReplicaSet支持标签选择器

#生成deployment模板
kubectl create deploy nginx --image=nginx:1.15.12-alpine --replicas=3 -oyaml --dry-run=client > nginx-deploy.yaml
kubectl apply -f nginx-deploy.yaml
kubectl get deploy
kubectl get rs
kubectl get pod
kubectl delete pod nginx-b7599c689-qchww
kubectl get pod

查看整个Deployment创建的状态

kubectl rollout status deployment/nginx
kubectl get deploy
kubectl get rs -l app=nginx
kubectl get pods --show-label

更新Deployment

kubectl set image deployment nginx nginx=nginx:1.13 --record
kubectl rollout status deployment/nginx
kubectl describe deploy nginx

回滚Deployment

#查看历史版本
kubectl rollout history deployment nginx

#查看某一个版本的信息
kubectl rollout history deployment nginx --revision=3

#回滚到上一个版本
kubectl rollout undo deployment nginx

#回滚到指定版本
kubectl rollout undo deployment nginx --to-revision=3

扩容

kubectl scala deployment nginx --replicas=5 

暂停和恢复Deployment更新

kubectl rollout pause deployment nginx
#更新配置信息,但不重启pod
kubectl set image deployment nginx nginx=1.15.12-alpine --record
kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
#恢复pod,自动更新
kubectl rollout resume deployment nginx
kubectl get rs

Deployment更新策略
.spec.strategy.type==RollingUpdate,默认滚动更新
.spec.strategy.rollingUpdate.maxUnavailable,指定在回滚更新时最大不可用的Pod数量,默认为25%
.spec.strategy.rollingUpdate.maxSurge可以超过期望值的最大Pod数,默认为25%(一次启动多个副本,最大限制数量)


StatefulSet部署有状态应用

#StatefulSet服务域名格式:StatefulSetName-0.ServiceName.Namepace.svc.cluster.local
web-0.nginx.default.svc.cluster.local

StatefulSet需要创建一个Service对外提供服务
vi statefulset.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  selector:
    matchLabels:
      app: nginx # has to match .spec.template.metadata.labels
  serviceName: "nginx"
  replicas: 3 # by default is 1
  minReadySeconds: 10 # by default is 0
  template:
    metadata:
      labels:
        app: nginx # has to match .spec.selector.matchLabels
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx
        image: nginx:1.15.12-alpine
        ports:
        - containerPort: 80
          name: web

创建

kubectl apply -f statefulset.yaml
kubectl rollout status sts web
kubectl get pods
kubectl get sts

Pod创建时按顺序一个一个单独创建,缩容时按倒序一个一个接着关闭

kubectl exec -it web-2 --sh 
curl web-0.nginx.default.svc.cluster.local
nslookup web-0.nginx.default.svc.cluster.local

扩容

kubectl scale sts web --replicas=5
kubectl get pods
StatefulSet更新策略

RollingUpdate默认滚动更新

分段更新partition

  updateStrategy:
    rollingUpdate:
      partition: 0
    type: RollingUpdate

partition默认值为0,表示更新后缀大于等于0的Pod;如果配置为3,则表示只更新后缀大于等于3的Pod,而小于3的Pod不会更新;可以用于灰度测试

删除sts

kubectl delete sts web
kubectl get sts
kubectl get pod 

#删除default命名空间中的所有pod
kubectl delete pod --all

守护进程集DaemonSet

每个节点上可以有一个守护进程集

kubectl get ds -n kube-system

#DaemonSet的yaml与Deployment类似,只是少了副本这一个参数
#删除replicas: 3,修改kind: DaemonSet
cp nginx-deploy.yaml nginx-ds.yaml
kubectl apply -f nginx-ds.yaml
kubectl get ds
kubectl get pods

查看node节点上的label

kubectl get node --show-labels
#node节点上增加label
kubectl label node k8s-node2 k8s-node3 disktype=ssd
kubectl get node --show-labels

指定节点部署Pod:.spec.template.spec.nodeSelector

#节点选择器
    nodeSelector:
      disktype: ssd
kubectl apply -f nginx-ds.yaml
kubectl get pods -owide


kubectl get ds -oyaml
kubectl get ds 
kubectl rollout status ds/nginx
kubectl rollout history daemonset nginx
kubectl rollout undo daemonset nginx
kubectl get controllerrevision
kubectl delete -f nginx-ds.yaml

HPA自动扩缩容

kubectl get apiservices | grep autoscaling
kbuectl create deployment hpa-nginx --image=nginx:1.15.12-alpine --dry-run=client -oyaml > hpa-nginx.yaml

1颗CPU是1000m
创建一个deploy,限制CPU资源为10m

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hpa-nginx
  name: hpa-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hpa-nginx
  template:
    metadata:
      labels:
        app: hpa-nginx
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
        resources: 
          requests: 
            cpu: 10m

创建

kubectl apply -f hpa-nginx.yaml 
kubectl get deploy

#创建Service
kubectl expose deploy hpa-nginx --port=80
kubectl get svc
curl http://10.96.226.0
kubectl top pods

创建hpa

#CPU使用率超过10%时开始扩容
kubectl autoscale deploy hpa-nginx --cpu-percent=10 --min=1 --max=10
kubectl get hpa
kubectl get hpa -oyaml

压测

kubectl get svc
#增大访问压力
while true; do wget -q -O - http://10.96.226.0 > /dev/null; done
kubectl top pods
kubectl logs -f hpa-nginx-54c8954b44-j5spv
kubectl top pods
kubectl get hpa
kubectl delete -f hpa-nginx.yaml

Label标签选择器

Label可以对k8s的一些对象进行分组,用于区分同样的资源不同的分组
Selector可以根据资源的标签查询出精确的对象信息
一般不修改Pod的标签,常修改Node的标签

kubectl get pods --show-labels
kubectl get pods -l app=nginx
kubectl get nodes --show-labels
kubectl get nodes -l disktype=ssd
kubectl get svc -n kube-system --show-labels

给节点打标签

kubectl label node k8s-node2 region=sz
kubectl get node -l region=sz


#yaml使用nodeSelector选择部署在指定的节点上
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      nodeSelector:
        region: sz

获取label中disktype为nginx或者ssd的数据

kubectl get nodes -l 'disktype in (nginx, ssd)' --show-labels

#匹配多个条件
kubectl get nodes -l 'region!=sz, disktype in (nginx, ssd)' --show-labels

#匹配是否存在标签
kubectl get nodes -l region

修改标签

kubectl label node k8s-node2 region=sh --overwrite

#批量修改标签
kubectl label node -l region region=wh --overwrite

删除标签

kubectl label node k8s-node2 region-