k8s deployment and related introduction

1, Kubedm deployment k8s cluster

1. Environmental preparation

centos 7.6

cpu:Binuclear

mem:2G

3 individual node Node time must be synchronized
master node1 node2
192.168.229.187 192.168.229.40 192.168.229.50

The k8s version installed here is version 1.15.0, and the docker deployment installation specifies version 18.9.0
Set host name

[root@localhost ~]# hostnamectl set-hostname master #master node operation 
[root@localhost ~]# hostnamectl set-hostname node1 #node1 node operation 
[root@localhost ~]# hostnamectl set-hostname node2 #node2 node operation 

Turn off the firewall

[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl disable firewalld

Empty iptables

[root@master ~]# iptables -F
[root@master ~]# iptables-save

Disable selinux

[root@master ~]# vim /etc/selinux/config
SELINUX=disabled

Disable swap

[root@master ~]# swapoff –a
[root@master ~]# vim /etc/fstab
#/dev/mapper/centos-swap swap          swap    defaults        0 0
[root@master ~]# free -h

Edit the corresponding domain name resolution

[root@master ~]# vim /etc/hosts
192.168.229.187 master
192.168.229.40 node1
192.168.229.50 node2

Set secret free transmission

[root@master ~]# ssh-keygen -t rsa
[root@master ~]# ssh-copy-id root@node1
[root@master ~]# ssh-copy-id root@node2

Turn on iptables bridging

[root@master ~]# vim /etc/sysctl.conf
...
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@master ~]# sysctl -p
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@master ~]# sysctl -p  #If you are prompted that there is no folder or directory, enter the following command
[root@master ~]# modprobe br_netfilter
[root@master ~]# sysctl -p  #Two node nodes also need to be done
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

Now that the basic environment is ready, you need to prepare the yum source of docker and kubernetes on each node. It is recommended to use Alibaba cloud's Yum source to operate on the master node first.
2. Add yum source for docker

#step 1: install some necessary system tools
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

#Step 2: add software source information
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#Step 3: update and install docker CE
sudo yum makecache fast
sudo yum -y install docker-ce

#Step 4: start Docker service
sudo service docker start

3. Add yum source for kubernetes

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

4. Copy the yum source file to the other two node nodes

[root@master yum.repos.d]# scp docker-ce.repo kubernetes.repo node1:/etc/yum.repos.d/
[root@master yum.repos.d]# scp docker-ce.repo kubernetes.repo node2:/etc/yum.repos.d/

5. Configure docker accelerator

[root@master ~]# vim /etc/docker/daemon.json
{"registry-mirrors":
["https://1dmptu91.mirror.aliyuncs.com"]}
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker

The version of docker is 18.09.0, which is because k8s:1.15.0 recommends the highest version of docker
6. The master node deploys kubectl, kubelet and kuberadm. Other node nodes only need to deploy kubelet and kuberadm

[root@master ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
[root@node1 ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0
[root@node2 ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0
[root@master ~]# systemctl enable docker
[root@master ~]# systemctl enable kubelet

So far, after the preparation work is completed, we can start initialization. However, due to the limitations of the domestic network environment, we can't download the image directly from Google's image station. This requires us to manually download the image from the docker image station and rename it. Here, we use the foot book to realize it. Note that if you want to download the image yourself, the following commands download the image version, which is not applicable to k8s1 Version 15.
7. Image import
It has been downloaded here. You only need to import the corresponding image.

[root@master ~]# cat images.sh
#!/bin/bash
for i in /root/images/*
do
docker load < $i
done
echo -e "\e[1;31m Import complete\e[0m"

Or you can use the command directly

[root@master ~]# for i in /root/*;do docker load < $i;done

node1 and node2 nodes only need to import three images.

[root@node1 images]# ls
kube-proxy-1-15.tar flannel-0.11.0.tar pause-3-1.tar

8. Initialize the cluster

[root@master ~]# kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap

Execute the corresponding command according to the prompt

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get node

It can be seen that the status of the master is not ready. The reason for this status is the lack of an attachment flannel. Without the network, each Pod cannot communicate.
Add a network component (flannel), which can be accessed through https://github.com/coreos/flannel Get in

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@master ~]# kubectl get pod -n kube-system

Or download it in advance

[root@master ~]# kubectl apply -f kube-flannel.yml
[root@master ~]# kubectl get nodes

The above is the installation and deployment of the master node, and then the installation of each node node and joining the cluster. Note here that verify that the node node is ready for the relevant image.

[root@node1 images]# ls
kube-proxy-1-15.tar flannel-0.11.0.tar pause-3-1.tar
[root@node1 ~]# kubeadm join 192.168.229.187:6443 --token 3s1qqv.2yjc3r09ghz9xkge \
    --discovery-token-ca-cert-hash sha256:d54805f71e054da4a2a0830e02884bf4b4e0b6a744e516a28e2b0c6ba3035c69
[root@node2 ~]# kubeadm join 192.168.229.187:6443 --token 3s1qqv.2yjc3r09ghz9xkge \
    --discovery-token-ca-cert-hash sha256:d54805f71e054da4a2a0830e02884bf4b4e0b6a744e516a28e2b0c6ba3035c69
[root@master ~]# kubectl get nodes

Make sure all pod s are running

[root@master ~]# kubectl get pod --all-namespaces

9. Set the automatic completion function of kubectl command line tool

[root@master ~]# yum install -y bash-completion
[root@master ~]# source /usr/share/bash-completion/bash_completion
[root@master ~]# source <(kubectl completion bash)
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc

For the convenience of writing yaml files, the number of tab spaces is set here

[root@master ~]# vim .vimrc
set tabstop=2
[root@master ~]# source .vimrc

10. Common commands for cluster debugging
How to install the specified version of kubenetes? Note that the version of kubernetes is consistent, which is mainly reflected in the unification of all downloaded components.
If there is a problem during cluster initialization, even after the problem is solved, you should run this command before initializing the cluster again

[root@master ~]# kubeadm reset Kube-proxy,kube-apiserver,kube-controller-manager,kube-scheduler

List the installed rpm packages

yum list installed | grep kube

Uninstall the installed rpm package

yum remove kubeadm.x86_64 kubectl.x86_64 kubelet.x86_64 -y

Install the specified kubedm

yum install -y kubelet-1.12.1 kubeadm-1.12.1 kubectl-1.12.1

2, k8s architecture and basic concepts


Module introduction

kubectl: k8s It is the command line side, which is used to send the operation instructions of customers.

API server: yes k8s Front end interface of cluster, various client tools and k8s Other components of can be managed through it k8s Various resources of the cluster. It provides HTTP/HTTPS RESTful API,Namely K8S API. 

Scheduler: Responsible for deciding to Pod Where Node Run on. When scheduling, we will fully consider the topology of the cluster, the current load of each node, as well as the high availability, performance, data affinity and requirements.

Controller Manager: Be responsible for managing various resources of the cluster to ensure that the resources are in the expected state. It consists of a variety of Controller Composition, including Replication Controller,Endpoints Controller,Namespace Controller,Serviceaccounts Controller wait.

Etcd: Responsible for preservation k8s Cluster configuration information and status information of various resources. When the data changes, etcd Will be notified quickly k8s Related components. Third party components, which have alternative solutions:Consul,zookeeper. 

Pod: k8s The smallest component of the cluster. One Pod Within, one or more containers can be run. In most cases, one Pod There's only one inside Container Container.

Flannel: yes k8s Cluster network scheme can ensure Pod Cross host communication. Third party solutions, there are also alternatives.

Kubelet: It is Node of agent(agent),When Scheduler Identify a Node Run on Pod After that, the Pod The specific configuration information sent to the node kubelet,kubelet Based on this information, the container is created and run, and the Master Report running status.

kube-proxy: Responsible for the visit service of TCP/UDP The data flow is forwarded to the container at the back end. If there are multiple copies, kube-proxy Load balancing will be achieved.

Examples
Create a deployment resource object, Pod controller.

[root@master ~]# kubectl run test-web --image=httpd --replicas=2 --port=80
[root@master ~]# kubectl get pod -o wide
NAME                        READY   STATUS    RESTARTS   AGE     IP           NODE    NOMINATED NODE   READINESS GATES
test-web-667c58c6d8-7s7vb   1/1     Running   0          2m46s   10.244.1.2   node1   <none>           <none>
test-web-667c58c6d8-7xl96   1/1     Running   0          2m46s   10.244.2.2   node2   <none>           <none>

Analyze the role of each component and the architecture workflow:

1.kubectl Send deployment request to API server;

2.API server notice Controller Manager Create a Deployment resources;

3.Scheduler Execute the scheduling task and transfer the two copies Pod Distribute to node1 and node2 upper;

4.node1 and node2 Upper kubelet Create and run on their respective nodes Pod;

Supplement:
1.The configuration and current status information of the application are saved in the etcd In, execute kubectl get pod Time,API server Will from etcd Read these data in;

2.flannel For each Pod Assign a IP,But not created at this time Service Resources, current kube-proxy Not involved yet;

Common resource object types

Replication Controller:: Used to ensure that each Pod The replica can meet the target number at any time. In short, it is used to ensure that each container or container group is always running and accessible: the old generation is stateless Pod Application controller.

ReplicaSet: A new generation of stateless Pod Application controller, which is connected with RC The difference is that the supported label selectors are different, RC Only equivalent selectors are supported, RS Collection based selectors are additionally supported.

StatefulSet: Used to manage stateful persistent applications, such as database Service program, which is related to Deployment The difference is that it will be for everyone Pod Create a unique persistent identifier and ensure that each Pod Order between.

DaemonSet:Used to ensure that each node is running a Pod A copy of the new node will also be added Pod,When a node is removed, this class Pod Will be recycled.

Job: It is used to manage applications that can be terminated after running, such as batch processing job tasks.

Volume: PV PVC storageclass

ConfigMap: 

Secret: 

Role: 

ClusterRole: 

RoleBinding: 

ClusterRoleBinding: 

Service account: 

Helm: 

3, Two ways to create resources

Create in command line mode
Create Pod controller and deployment (by k8s: version 1.18, this method has changed to create Pod resources)

[root@docker ~]# kubectl run web --image=nginx --replicas=2

View controller status

[root@docker ~]# kubectl get deployments

View resource details

[root@docker ~]# kubectl describe deployments. web

Note: when viewing a resource object, no namespace is specified. The default namespace is default. You can add the - n option to view the resources of the specified namespace.
Note that the deployment resource object created by direct operation is a frequently used controller resource type. In addition to deployment, there are rc, rs and other Pod controllers. Deployment is an advanced Pod controller.
Create Service resource type

[root@docker ~]# kubectl expose deployment web --name svc --port=80 --type=NodePort

Note that if you want the external network to be able to access the service, you can expose the deployment resource and get the service resource, but the type of svc resource must be nodeport (the case must be in strict accordance with the requirements).
Expansion and contraction of services

[root@docker ~]# kubectl scale deployment web --replicas=8
[root@docker ~]# kubectl edit deployments. web

Service upgrade and rollback

[root@docker ~]# kubectl set image deployment web web=nginx:1.15
[root@docker ~]# kubectl edit deployments. web

RollBACK

[root@docker ~]# kubectl rollout undo deployment web

Common command set

kubectl run  #Create a deployment or job to manage the created container;

kubectl get  #Display one or more resources. You can use tag filtering to view the resources in the current namespace by default;

kubectl expose  #Expose a resource as a service resource of a new kubernetes, including pod(po), service(svc), replication controller(rc), deployment(deploy), replicaset(rs);

kubectl describe  #Display the details of a specific resource or resource group;

kubectl scale  #You can set new values for Deployment,ReplicaSet,Replication Controller, or StatefulSet, and you can specify one or more prerequisites;

kubectl set  #Change existing application resources;

kubectl rollout  #Resource rollback management;

Configuration list (yml, yaml)
The common function of Yaml field

apiVersion: api Version information;

kind: Category of resource object;

metadata: Metadata name field is required;

spec: The state expected by the user;

status: What kind of state resources are in now;

You can use the kubectl explain command to see how the yaml file of the resource object we want to write is written. For example, if you view the deployment resource, it can be written as:

[root@docker ~]# kubectl explain deploy

Deployment

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: web1
spec:
  replicas: 4
  template:
    metadata:
      labels:
        app: web1
    spec:
      containers:
      - name: web1
        image: nginx

Service

kind: Service
apiVersion: v1
metadata:
  name: svc1
spec:
  selector:
    app: web1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

Use the same label and label selector content to associate two resource objects with each other.
Note: the default type of the created Service resource object is ClusterIP, which means that any node in the cluster can access it. Its function is to provide a unified access interface for the Pod that really provides services at the back end. If you want to know whether the external network can access the Service, you should change the type to NodePort

kind: Service
apiVersion: v1
metadata:
  name: svc1
spec:
  type: NodePort  #Specify the type for Internet access
  selector:
    app: web1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 30033  #Specify the cluster mapping port in the range of 30000-32767

Run the yaml file using the kubectl apply command.

kubectl apply -f web.yaml
kubectl apply -f web-svc.yaml

Detailed explanation of resource types
Deployment, Service and Pod are k8s the three core resource objects.
Deployment: the most common controller for stateless applications, which supports the expansion and contraction of applications, rolling updates and other operations.
Servcie: it provides a fixed access interface for Pod objects with elastic changes and life cycle, which is used for service discovery and service access.
Pod: is the smallest unit for running containers and scheduling. The same pod can run multiple containers at the same time, which share NET, UTS and IPC. In addition, there are USER, PID and MOUNT.

1.Deployment
Create a Deployment resource object named bdqn1, replicas:5, and use httpd for the image.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: test1
spec:
  replicas: 5
  template:
    metadata:
      labels:
        app: test1
    spec:
      containers:
        - name: test1
          image: httpd
          ports:
            - containerPort: 80

Analyze why Deployment is called advanced Pod controller?

[root@master yaml]# kubectl describe deployments. test1
...
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  3m5s  deployment-controller  Scaled up replica set test1-644db4b57b to 4

Note: events is an event prompt, which describes the whole process of the whole resource from the beginning to the present. Instead of directly creating and controlling the back-end Pod, Deployment creates a new resource object: ReplicaSet(test1-644db4b57b).
View the details of the RS and you will see the whole RS Events.

[root@master yaml]# kubectl describe rs test1-644db4b57b
...
Events:
  Type    Reason            Age    From                   Message
  ----    ------            ----   ----                   -------
  Normal  SuccessfulCreate  9m53s  replicaset-controller  Created pod: test1-644db4b57b-4688l
  Normal  SuccessfulCreate  9m53s  replicaset-controller  Created pod: test1-644db4b57b-72vhc
  Normal  SuccessfulCreate  9m53s  replicaset-controller  Created pod: test1-644db4b57b-rmz8v
  Normal  SuccessfulCreate  9m53s  replicaset-controller  Created pod: test1-644db4b57b-w25q8

At this time, you can view the details of any Pod and see the complete workflow of this Pod.

[root@master yaml]# kubectl describe pod test1-644db4b57b-4688l
...
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  11m   default-scheduler  Successfully assigned default/test1-644db4b57b-4688l to node1
  Normal  Pulled     11m   kubelet, node1     Container image "192.168.229.187:5000/httpd:v1" already present on machine
  Normal  Created    11m   kubelet, node1     Created container test1
  Normal  Started    11m   kubelet, node1     Started container test1


2.Service
To create a Service resource, it is required to be associated with the above test1.

kind: Service
apiVersion: v1
metadata:
  name: test-svc
spec:
  selector:
    app: test1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

By default, the resource type of Service is Cluster IP. In the above YAML file, spec.ports Port: describes the port of the Cluster IP. It only provides a unified access portal for the back-end Pod (effective in the k8s cluster).

[root@master yaml]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        23d
test-svc     NodePort    10.103.159.206   <none>        80:32767/TCP   6s
[root@master yaml]# curl 10.103.159.206
11111

If you want the external network to access the backend Pod, you should change the resource type of the Service to NodePort.

kind: Service
apiVersion: v1
metadata:
  name: test-svc
spec:
  type: NodePort
  selector:
    app: test1
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 32034  #The valid range of nodePort is 30000-32767

As we saw above, when accessing the Cluster IP, the back-end Pod will provide services for us in turn
Even if there is load balancing, KUBE-PROXY component will not take effect without Service resources, because it is responsible for load balancing. Now that there are Service resources, how does it achieve load balancing? What is the underlying principle?
On the surface, you can know the real Pod of the backend by viewing the Endpoint corresponding to the SVC resource through the describe command.

[root@master yaml]# kubectl describe svc test-svc
...
Endpoints:                10.244.1.33:80,10.244.1.34:80,10.244.2.27:80 + 1 more...
...

By viewing iptables rules, you can understand the specific process of balancing.

[root@master yaml]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        23d
test-svc     NodePort    10.103.159.206   <none>        80:32767/TCP   8m11s

[root@master yaml]# iptables-save | grep 10.103.159.206
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.103.159.206/32 -p tcp -m comment --comment "default/test-svc: cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.103.159.206/32 -p tcp -m comment --comment "default/test-svc: cluster IP" -m tcp --dport 80 -j KUBE-SVC-W3OX4ZP4Y24AQZNW
#If the target address is port 80 of 10.103.159.206/32 and the TCP protocol is used, jump the traffic to KUBE-SVC-W3OX4ZP4Y24AQZNW

[root@master yaml]# iptables-save | grep KUBE-SVC-W3OX4ZP4Y24AQZNW
-A KUBE-SVC-W3OX4ZP4Y24AQZNW -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-UNUAETQI6W3RVNLM
-A KUBE-SVC-W3OX4ZP4Y24AQZNW -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-QNYBCG5SL7K2IM5K
-A KUBE-SVC-W3OX4ZP4Y24AQZNW -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-NP7BZEGCZQZXEG4R
-A KUBE-SVC-W3OX4ZP4Y24AQZNW -j KUBE-SEP-5KNXDMFFQ4CLBFVI

[root@master yaml]# iptables-save | grep KUBE-SEP-UNUAETQI6W3RVNLM
:KUBE-SEP-UNUAETQI6W3RVNLM - [0:0]
-A KUBE-SEP-UNUAETQI6W3RVNLM -s 10.244.1.33/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-UNUAETQI6W3RVNLM -p tcp -m tcp -j DNAT --to-destination 10.244.1.33:80
-A KUBE-SVC-W3OX4ZP4Y24AQZNW -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-UNUAETQI6W3RVNLM
SNAT:Source NAT(Source address translation);

DNAT:Destination NAT(Destination address translation);

MASQ:Dynamic source address translation;

Service Load balancing:The default is iptables rule;

3. Rollback to the specified version
Prepare the private images used by the three versions to simulate different images for each upgrade.

[root@master yaml]# vim test1.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: test1
spec:
  replicas: 4
  template:
    metadata:
      labels:
        test: test
    spec:
      containers:
      - name: test1
        image: 192.168.229.187:5000/httpd:v1
[root@master yaml]# vim test2.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: test1
spec:
  replicas: 4
  template:
    metadata:
      labels:
        test: test
    spec:
      containers:
      - name: test1
        image: 192.168.229.187:5000/httpd:v2
[root@master yaml]# vim test3.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: test1
spec:
  replicas: 4
  template:
    metadata:
      labels:
        test: test
    spec:
      containers:
      - name: test1
        image: 192.168.229.187:5000/httpd:v3

Here, three yaml files specify different versions of images.
Run a service and record a version information.

[root@master yaml]# kubectl apply -f test1.yaml --record

See what version information is available

[root@master yaml]# kubectl rollout history deployment test1
deployment.extensions/test1
REVISION  CHANGE-CAUSE
1         kubectl apply --filename=test1.yaml --record=true

Run and upgrade the deployment resource and record the version information.

[root@master yaml]# kubectl apply -f test2.yaml --record
[root@master yaml]# kubectl apply -f test3.yaml --record

Upgrade the version of test1

[root@master yaml]# kubectl set image deploy test1 test1=192.168.229.187:5000/httpd:v2

At this point, you can run an associated Service resource to verify whether the upgrade is successful.

[root@master yaml]# kubectl apply -f test-svc.yaml
[root@master yaml]# kubectl get deployments. test1 -o wide

Rollback to the specified version

[root@master yaml]# kubectl rollout undo deployment test1 --to-revision=1

4. Use label to control the position of pod
Add node label

[root@master yaml]# kubectl label nodes node2 disk=ssd
node/node2 labeled
[root@master yaml]# kubectl get nodes --show-labels

Delete node label

[root@master yaml]# kubectl label nodes node02 disk-
 ...
spec:
  revisionHistoryLimit: 10
  replicas: 3
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: test-web
        image: 192.168.1.10:5000/httpd:v1
        ports:
        - containerPort: 80
        nodeSelector:  #Add node selector
        disk: ssd  #Consistent with the label content

5. Namespace
Default namespace: default
View namespaces

[root@master yaml]# kubectl get ns
NAME              STATUS   AGE
default           Active   25d
kube-node-lease   Active   25d
kube-public       Active   25d
kube-system       Active   25d
test              Active   22m

View namespace details

[root@master yaml]# kubectl describe ns default
Name:         default
Labels:       <none>
Annotations:  <none>
Status:       Active

No resource quota.

No resource limits.

Create namespace

[root@master yaml]# kubectl create ns test
[root@master yaml]# vim test.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: test

Note: the namespace resource object is only used to isolate resource objects, and cannot isolate the communication between pods in different namespaces. That is the function of network policy resources.
To view resources with a specified namespace, you can use the – namespace or - n option

[root@master yaml]# kubectl get pod -n test
NAME   READY   STATUS    RESTARTS   AGE
test   1/1     Running   0          28m

Delete a namespace

[root@master yaml]# kubectl delete ns test

Note: when deleting a namespace, be careful not to perform this operation easily. After execution, all resources under this namespace will be deleted by default.
6.pod
Creating pod resource with yaml file

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-app
    image: httpd

A single pod runs multiple containers

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-app
    image: httpd
    
  - name: test-web
    image: busybox

Image acquisition strategy in Pod
Change the image Download Strategy of the above Pod resources to IfNotPresent.

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  containers:
  - name: test-app
    image: httpd
    imagePullPolicy: IfNotPresent

k8s by default, there are three different strategies according to the different tags of the image.

Always:The image label is"latest"Or when the image label does not exist, it is always from the specified warehouse(Default official warehouse or private warehouse)Get the latest image from.

IfNotPresent:Download from the target repository only if the local image does not exist. This means that if there is a local image, you can directly use the local image without online downloading.

Never:It is forbidden to download images from the warehouse, that is, only local images are used.

Note: if the label is "latest" or this label does not exist, the default image download strategy is "Always", while for the images of other labels, "IfNotPresent" is used by default.
The "local" mentioned in the above statement refers to the image that can be viewed by the docker images command.
Restart strategy of container
Add the above Pod resources to the restart policy as OnFailure.

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
spec:
  restartPolicy: OnFailure
  containers:
  - name: test-app
    image: httpd
    imagePullPolicy: IfNotPresent

The strategy is as follows:

Always:Danfan Pod Restart the object when it terminates. This is the default setting;

OnFailure:Only in Pod Restart the object only when it has an error;

Never:Never restart;

Simple method:
Multiple resource objects can exist in the same yaml file at the same time, but it is better to have resources related to the same service. And when writing, different resources need to be isolated with "-". In fact, the default is the yaml of a resource, and there is "-" at the top, but it is usually omitted.

[root@master yaml]# vim pod.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: test
---
kind: Pod
apiVersion: v1
metadata:
  name: test-pod
  namespace: test
spec:
  restartPolicy: OnFailure
  containers:
  - name: test-app
    image: httpd
    imagePullPolicy: IfNotPresent

Default health check for Pod
According to the default restart strategy of the Pod, perform health check on the Pod

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: healthcheck
  namespace: test
spec:
  restartPolicy: OnFailure
  containers:
  - name: test-app
    image: httpd
    imagePullPolicy: IfNotPresent
    args:
    - sh
    - -c
    - sleep 10; exit 1

Monitor the running status of pod

[root@master yaml]# kubectl get pod -n test -w

If we change the exit status code to 0 at this time, that is, normal exit, we still use the OnFailure policy, but it will not restart the Pod.

[root@master yaml]# vim pod.yaml
kind: Pod
apiVersion: v1
metadata:
  name: healthcheck
  namespace: test
spec:
  restartPolicy: OnFailure
  containers:
  - name: test-app
    image: httpd
    imagePullPolicy: IfNotPresent
    args:
    - sh
    - -c
    - sleep 10; exit 0

Monitor the running status of pod

[root@master yaml]# kubectl get pod -n test -w

Tags: Docker Kubernetes

Posted by bughunter2 on Tue, 10 May 2022 09:06:22 +0300