Kubernetes CKA认证运维工程师笔记

DevOps工程师可以通过Certified Kubernetes Administrator认证 #生活技巧# #工作学习技巧# #职业技能认证#

Kubernetes CKA认证运维工程师笔记-Kubernetes应用程序生命周期管理 1. 在Kubernetes中部署应用流程2. 使用Deployment部署Java应用2.1 Pod与Deployment的关系2.2 Deployment控制器介绍 3. 服务编排（YAML）3.1 服务编排：YAML文件创建资源对象3.2 服务编排：YAML文件格式说明3.3 服务编排：资源字段太多，记不住怎么办 4. 应用升级、弹性收缩、回滚、删除5. 滚动升级与回滚实现机制6. Pod对象：Pod设计思想、应用自修复、Init container、静态Pod6.1 Pod对象：基本概念6.2 Pod对象：存在的意义6.3 Pod对象：容器分类6.4 Pod对象：应用自恢复（重启策略+健康检查）6.5 Pod对象：Init container6.6 Pod对象：静态Pod

1. 在Kubernetes中部署应用流程

镜像基本分为三类：

基础镜像运行环境镜像项目镜像

2. 使用Deployment部署Java应用

0、制作镜像
1、使用Deployment控制器部署镜像
kubectl create deployment web --image=lizhenliang/java-demo
kubectl get deploy,pods
2、使用Service发布Pod
kubectl expose deployment web --port=80 --type=NodePort --target-port=8080 --name=web
kubectl get service

2.1 Pod与Deployment的关系

Deployment是最为常用的controllers（也称为workload），其他控制器还有DaemonSet、StatefulSet等。
controllers作用：

管理Pod对象使用标签与Pod关联控制器了Pod的运维，例如滚动更新、伸缩、副本管理、维护Pod状态等

2.2 Deployment控制器介绍

Deployment的功能：

管理Pod和ReplicaSet具有上线部署、副本设定、滚动升级、回滚等功能提供声明式更新，例如只更新一个新的Image

应用场景：网站、API、微服务

3. 服务编排（YAML）

3.1 服务编排：YAML文件创建资源对象

定义Deployment：

# 控制器定义 apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: default spec: replicas: 3 selector: matchLabels: app: nginx # 被控制对象 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.19 ports: - containerPort: 80

12345678910111213141516171819202122

[root@k8s-master ~]# vim deployment.yaml [root@k8s-master ~]# cat deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.19 ports: - containerPort: 80 [root@k8s-master ~]# kubectl apply -f deployment.yaml deployment.apps/nginx-deployment created [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 2 6d8h my-dep-5f8dfc8c78-f4ln4 1/1 Running 2 6d8h my-dep-5f8dfc8c78-j9fqp 1/1 Running 2 6d8h nginx-deployment-7cf55fb7bb-d2t9n 0/1 ContainerCreating 0 14s nginx-deployment-7cf55fb7bb-gbtfr 0/1 ContainerCreating 0 14s nginx-deployment-7cf55fb7bb-npfqz 0/1 ContainerCreating 0 14s nginx-php 1/1 Running 1 47h web-96d5df5c8-ghb6g 1/1 Running 2 9d web2 1/1 Running 1 46h [root@k8s-master ~]# kubectl get deployment NAME READY UP-TO-DATE AVAILABLE AGE my-dep 3/3 3 3 6d8h nginx-deployment 2/3 3 2 37s web 1/1 1 1 9d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 2 6d8h my-dep-5f8dfc8c78-f4ln4 1/1 Running 2 6d8h my-dep-5f8dfc8c78-j9fqp 1/1 Running 2 6d8h nginx-deployment-7cf55fb7bb-d2t9n 1/1 Running 0 54s nginx-deployment-7cf55fb7bb-gbtfr 1/1 Running 0 54s nginx-deployment-7cf55fb7bb-npfqz 1/1 Running 0 54s nginx-php 1/1 Running 1 47h web-96d5df5c8-ghb6g 1/1 Running 2 9d web2 1/1 Running 1 46h [root@k8s-master ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS my-dep-5f8dfc8c78-dvxp8 1/1 Running 2 6d8h app=my-dep,pod-template-hash=5f8dfc8c78 my-dep-5f8dfc8c78-f4ln4 1/1 Running 2 6d8h app=my-dep,pod-template-hash=5f8dfc8c78 my-dep-5f8dfc8c78-j9fqp 1/1 Running 2 6d8h app=my-dep,pod-template-hash=5f8dfc8c78 nginx-deployment-7cf55fb7bb-d2t9n 1/1 Running 0 2m57s app=nginx,pod-template-hash=7cf55fb7bb nginx-deployment-7cf55fb7bb-gbtfr 1/1 Running 0 2m57s app=nginx,pod-template-hash=7cf55fb7bb nginx-deployment-7cf55fb7bb-npfqz 1/1 Running 0 2m57s app=nginx,pod-template-hash=7cf55fb7bb nginx-php 1/1 Running 1 47h run=nginx-php web-96d5df5c8-ghb6g 1/1 Running 2 9d app=web,pod-template-hash=96d5df5c8 web2 1/1 Running 1 46h <none>

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364

[root@k8s-master ~]# vim service.yaml [root@k8s-master ~]# cat service.yaml apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app: nginx ports: - protocol: TCP port: 80 targetPort: 80 type: NodePort [root@k8s-master ~]# kubectl apply -f service.yaml service/my-service created [root@k8s-master ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d my-dep NodePort 10.111.199.51 <none> 80:31734/TCP 6d8h my-service NodePort 10.100.228.0 <none> 80:32433/TCP 12s web NodePort 10.96.132.243 <none> 80:31340/TCP 9d [root@k8s-master ~]# kubectl get ep NAME ENDPOINTS AGE kubernetes 10.0.0.61:6443 9d my-dep 10.244.169.150:8080,10.244.36.84:8080,10.244.36.85:8080 6d8h my-service 10.244.169.151:80,10.244.169.152:80,10.244.36.88:80 26s web 10.244.36.86:80 9d [root@k8s-master ~]# curl 10.100.228.0 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 2 6d8h my-dep-5f8dfc8c78-f4ln4 1/1 Running 2 6d8h my-dep-5f8dfc8c78-j9fqp 1/1 Running 2 6d8h nginx-deployment-7cf55fb7bb-d2t9n 1/1 Running 0 9m34s nginx-deployment-7cf55fb7bb-gbtfr 1/1 Running 0 9m34s nginx-deployment-7cf55fb7bb-npfqz 1/1 Running 0 9m34s nginx-php 1/1 Running 1 47h web-96d5df5c8-ghb6g 1/1 Running 2 9d web2 1/1 Running 1 46h [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-d2t9n /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-gbtfr /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-npfqz /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 10.244.235.192 - - [01/Dec/2021:06:08:41 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" # 在浏览器里面输入IP地址加端口号 [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-d2t9n /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 10.244.235.192 - - [01/Dec/2021:06:12:32 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-" 2021/12/01 06:12:32 [error] 32#32: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.244.235.192, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.61:32433", referrer: "http://10.0.0.61:32433/" 10.244.235.192 - - [01/Dec/2021:06:12:32 +0000] "GET /favicon.ico HTTP/1.1" 404 154 "http://10.0.0.61:32433/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-" [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-gbtfr /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up [root@k8s-master ~]# kubectl logs nginx-deployment-7cf55fb7bb-npfqz /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 10.244.235.192 - - [01/Dec/2021:06:08:41 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" [root@k8s-master ~]# kubectl api-versions admissionregistration.k8s.io/v1 admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 autoscaling/v2beta2 batch/v1 batch/v1beta1 certificates.k8s.io/v1 certificates.k8s.io/v1beta1 coordination.k8s.io/v1 coordination.k8s.io/v1beta1 crd.projectcalico.org/v1 discovery.k8s.io/v1beta1 events.k8s.io/v1 events.k8s.io/v1beta1 extensions/v1beta1 metrics.k8s.io/v1beta1 networking.k8s.io/v1 networking.k8s.io/v1beta1 node.k8s.io/v1beta1 policy/v1beta1 rbac.authorization.k8s.io/v1 rbac.authorization.k8s.io/v1beta1 scheduling.k8s.io/v1 scheduling.k8s.io/v1beta1 storage.k8s.io/v1 storage.k8s.io/v1beta1 v1

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165

标签在资源关联的用法：

标签选择器 selector标签 项目解释apiVersionAPI版本kind资源类型metadata资源元数据spec资源规格replicas副本数量selector标签选择器templatePod模板metadataPod元数据specPod规格containers容器配置

3.2 服务编排：YAML文件格式说明

YAML 是一种简洁的非标记语言。

语法格式：

缩进表示层级关系不支持制表符 “tab” 缩进，使用空格缩进通常开头缩进 2 个空格字符后缩进 1 个空格，如冒号、逗号等“- - -” 表示YAML格式，一个文件的开始“#” 注释

3.3 服务编排：资源字段太多，记不住怎么办

用create命令生成

kubectl create deployment nginx --image=nginx:1.16 -o yaml --dry-run=client > my-deploy.yaml 1 用get命令导出

kubectl get deployment nginx -o yaml > my-deploy.yaml 1 Pod容器的字段拼写忘记了

kubectl explain pods.spec.containers kubectl explain deployment 12

-o, --output=’’: 输出指定的格式，常用的有json/yaml/name

[root@k8s-master ~]# kubectl create deployment nginx --image=nginx:1.16 -o yaml --dry-run=client apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: nginx name: nginx spec: replicas: 1 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: nginx:1.16 name: nginx resources: {} status: {} [root@k8s-master ~]# kubectl get deploy web -o yaml apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" creationTimestamp: "2021-11-22T03:30:03Z" generation: 1 labels: app: web managedFields: - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: .: {} f:app: {} f:spec: f:progressDeadlineSeconds: {} f:replicas: {} f:revisionHistoryLimit: {} f:selector: f:matchLabels: .: {} f:app: {} f:strategy: f:rollingUpdate: .: {} f:maxSurge: {} f:maxUnavailable: {} f:type: {} f:template: f:metadata: f:labels: .: {} f:app: {} f:spec: f:containers: k:{"name":"nginx"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-create operation: Update time: "2021-11-22T03:30:03Z" - apiVersion: apps/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:deployment.kubernetes.io/revision: {} f:status: f:conditions: .: {} k:{"type":"Available"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"Progressing"}: .: {} f:lastTransitionTime: {} f:lastUpdateTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} f:observedGeneration: {} f:replicas: {} f:unavailableReplicas: {} f:updatedReplicas: {} manager: kube-controller-manager operation: Update time: "2021-12-09T21:15:24Z" name: web namespace: default resourceVersion: "1568972" selfLink: /apis/apps/v1/namespaces/default/deployments/web uid: ba0bbdcc-5760-4dce-86af-7eb647156b68 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: web strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: web spec: containers: - image: nginx imagePullPolicy: Always name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 status: conditions: - lastTransitionTime: "2021-11-22T03:30:03Z" lastUpdateTime: "2021-11-22T03:30:28Z" message: ReplicaSet "web-96d5df5c8" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing - lastTransitionTime: "2021-12-09T21:15:24Z" lastUpdateTime: "2021-12-09T21:15:24Z" message: Deployment does not have minimum availability. reason: MinimumReplicasUnavailable status: "False" type: Available observedGeneration: 1 replicas: 1 unavailableReplicas: 1 updatedReplicas: 1 [root@k8s-master ~]# kubectl get deploy web -o yaml > deploy2.yaml [root@k8s-master ~]# vi deploy2.yaml [root@k8s-master ~]# cat deploy2.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: web name: web namespace: default spec: replicas: 1 selector: matchLabels: app: web strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: web spec: containers: - image: nginx imagePullPolicy: Always name: nginx resources: {} dnsPolicy: ClusterFirst restartPolicy: Always

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199

4. 应用升级、弹性收缩、回滚、删除

应用升级

kubectl set image deployment/web nginx=nginx:1.16 # 查看升级状态 kubectl rollout status deployment/web 123

[root@k8s-master ~]# kubectl set image deployment nginx-deployment nginx=nginx:1.16 deployment.apps/nginx-deployment image updated [root@k8s-master ~]# kubectl get pods -w NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 14d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 14d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 14d nginx-deployment-644599b9c9-96ng4 0/1 ContainerCreating 0 4s nginx-deployment-644599b9c9-c47jg 1/1 Running 0 31s nginx-deployment-7cf55fb7bb-d2t9n 1/1 Running 2 8d nginx-deployment-7cf55fb7bb-gbtfr 1/1 Running 2 8d nginx-deployment-7cf55fb7bb-npfqz 0/1 Terminating 2 8d nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d nginx-deployment-7cf55fb7bb-npfqz 0/1 Terminating 2 8d nginx-deployment-7cf55fb7bb-npfqz 0/1 Terminating 2 8d ··· [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 14d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 14d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 14d nginx-deployment-644599b9c9-96ng4 1/1 Running 0 77s nginx-deployment-644599b9c9-c47jg 1/1 Running 0 104s nginx-deployment-644599b9c9-d45qx 1/1 Running 0 46s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d

1234567891011121314151617181920212223242526272829

弹性伸缩

# 手动扩容 kubectl scale deployment web --replicas=10 # 自动水平扩容（注意Pod必须配置resource.request） kubectl autoscale deployment web --min=3 --max=10 --cpu-percent=80 kubectl get hpa 12345

[root@k8s-master ~]# kubectl scale deployment nginx-deployment --replicas=10 deployment.apps/nginx-deployment scaled [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 14d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 14d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 14d nginx-deployment-644599b9c9-2ffhg 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-2t5vn 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-8tbgl 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-96ng4 1/1 Running 0 2m45s nginx-deployment-644599b9c9-c47jg 1/1 Running 0 3m12s nginx-deployment-644599b9c9-d45qx 1/1 Running 0 2m14s nginx-deployment-644599b9c9-dhjzm 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-pvpwm 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-xsr8k 0/1 ContainerCreating 0 2s nginx-deployment-644599b9c9-zqskd 0/1 ContainerCreating 0 2s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 14d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 14d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 14d nginx-deployment-644599b9c9-2ffhg 1/1 Running 0 82s nginx-deployment-644599b9c9-2t5vn 1/1 Running 0 82s nginx-deployment-644599b9c9-8tbgl 1/1 Running 0 82s nginx-deployment-644599b9c9-96ng4 1/1 Running 0 4m5s nginx-deployment-644599b9c9-c47jg 1/1 Running 0 4m32s nginx-deployment-644599b9c9-d45qx 1/1 Running 0 3m34s nginx-deployment-644599b9c9-dhjzm 1/1 Running 0 82s nginx-deployment-644599b9c9-pvpwm 1/1 Running 0 82s nginx-deployment-644599b9c9-xsr8k 1/1 Running 0 82s nginx-deployment-644599b9c9-zqskd 1/1 Running 0 82s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d

123456789101112131415161718192021222324252627282930313233343536373839

HPA：Pod水平扩容
kubectl top/hpa -> apiserver -> metrics-server -> kubelet -> pod
如果hpa出现unkunow：

kubectl top 正常否deployment 是否配置 request
containers: name: nginx
image: nginx:1.14.2
ports: containerPort: 80
resources:
requests:
cpu: 0.5

[root@k8s-master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-97769f7c7-z6npb 1/1 Running 4 18d calico-node-4pwdc 1/1 Running 4 18d calico-node-9r6zd 1/1 Running 4 18d calico-node-vqzdj 1/1 Running 4 18d coredns-6d56c8448f-gcgrh 1/1 Running 4 18d coredns-6d56c8448f-tbsmv 1/1 Running 4 18d etcd-k8s-master 1/1 Running 5 18d kube-apiserver-k8s-master 1/1 Running 11 18d kube-controller-manager-k8s-master 1/1 Running 13 17d kube-proxy-5qpgc 1/1 Running 4 18d kube-proxy-q2xfq 1/1 Running 4 18d kube-proxy-tvzpd 1/1 Running 4 18d kube-scheduler-k8s-master 1/1 Running 15 17d metrics-server-84f9866fdf-kt2nb 1/1 Running 4 10d [root@k8s-master ~]# kubectl api-resources|grep hpa horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler [root@k8s-master ~]# kubectl autoscale deployment nginx-deployment --min=3 --max=10 --cpu-percent=10 horizontalpodautoscaler.autoscaling/nginx-deployment autoscaled [root@k8s-master ~]# kubectl get hpa NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE nginx-deployment Deployment/nginx-deployment <unknown>/10% 3 10 10 40s [root@k8s-master ~]# vi deployment.yaml [root@k8s-master ~]# cat deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.19 ports: - containerPort: 80 resources: requests: cpu: 0.5 [root@k8s-master ~]# kubectl apply -f deployment.yaml deployment.apps/nginx-deployment configured [root@k8s-master ~]# kubectl get hpa NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE nginx-deployment Deployment/nginx-deployment 0%/10% 3 10 3 8m28s # 对项目压测 [root@k8s-node1 ~]# yum install httpd-tools [root@k8s-node1 ~]# ab -n 100000 -c 1000 http://10.100.228.0/index.html This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking 10.100.228.0 (be patient) Completed 10000 requests Completed 20000 requests [root@k8s-master ~]# kubectl top pod NAME CPU(cores) MEMORY(bytes) my-dep-5f8dfc8c78-dvxp8 3m 178Mi my-dep-5f8dfc8c78-f4ln4 2m 189Mi my-dep-5f8dfc8c78-j9fqp 2m 172Mi nginx-deployment-7f78c49b8f-6fnq2 246m 4Mi nginx-deployment-7f78c49b8f-ftzb7 395m 5Mi nginx-deployment-7f78c49b8f-tjldz 267m 2Mi nginx-php 1m 14Mi web-96d5df5c8-ghb6g 0m 3Mi web2 1m 16Mi [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 6m40s nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 6m37s nginx-deployment-7f78c49b8f-mjjkt 1/1 Running 0 10s nginx-deployment-7f78c49b8f-mw5vb 1/1 Running 0 10s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 6m35s nginx-deployment-7f78c49b8f-tr7v6 1/1 Running 0 10s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-4bnjn 0/1 Pending 0 22s nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 7m8s nginx-deployment-7f78c49b8f-cdqn6 0/1 Pending 0 22s nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 7m5s nginx-deployment-7f78c49b8f-mjjkt 1/1 Running 0 38s nginx-deployment-7f78c49b8f-mw5vb 1/1 Running 0 38s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 7m3s nginx-deployment-7f78c49b8f-tr7v6 1/1 Running 0 38s nginx-deployment-7f78c49b8f-ww7bw 0/1 Pending 0 22s nginx-deployment-7f78c49b8f-z47qc 0/1 Pending 0 22s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl delete hpa nginx nginx-deployment horizontalpodautoscaler.autoscaling "nginx-deployment" deleted [root@k8s-master ~]# kubectl get hpa No resources found in default namespace. [root@k8s-master ~]# kubectl top hpa error: unknown command "hpa" See 'kubectl top -h' for help and examples [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-4bnjn 0/1 Pending 0 4m4s nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 10m nginx-deployment-7f78c49b8f-cdqn6 0/1 Pending 0 4m4s nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 10m nginx-deployment-7f78c49b8f-mjjkt 1/1 Running 0 4m20s nginx-deployment-7f78c49b8f-mw5vb 1/1 Running 0 4m20s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 10m nginx-deployment-7f78c49b8f-tr7v6 1/1 Running 0 4m20s nginx-deployment-7f78c49b8f-ww7bw 0/1 Pending 0 4m4s nginx-deployment-7f78c49b8f-z47qc 0/1 Pending 0 4m4s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl scale deployment nginx-deployment --replicas=3 deployment.apps/nginx-deployment scaled [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 11m nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 11m nginx-deployment-7f78c49b8f-mjjkt 0/1 Terminating 0 5m14s nginx-deployment-7f78c49b8f-mw5vb 0/1 Terminating 0 5m14s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 11m nginx-deployment-7f78c49b8f-tr7v6 0/1 Terminating 0 5m14s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 11m nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 11m nginx-deployment-7f78c49b8f-mjjkt 0/1 Terminating 0 5m17s nginx-deployment-7f78c49b8f-mw5vb 0/1 Terminating 0 5m17s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 11m nginx-deployment-7f78c49b8f-tr7v6 0/1 Terminating 0 5m17s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 11m nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 11m nginx-deployment-7f78c49b8f-mjjkt 0/1 Terminating 0 5m21s nginx-deployment-7f78c49b8f-mw5vb 0/1 Terminating 0 5m21s nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 11m nginx-deployment-7f78c49b8f-tr7v6 0/1 Terminating 0 5m21s nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE my-dep-5f8dfc8c78-dvxp8 1/1 Running 4 15d my-dep-5f8dfc8c78-f4ln4 1/1 Running 4 15d my-dep-5f8dfc8c78-j9fqp 1/1 Running 4 15d nginx-deployment-7f78c49b8f-6fnq2 1/1 Running 0 11m nginx-deployment-7f78c49b8f-ftzb7 1/1 Running 0 11m nginx-deployment-7f78c49b8f-tjldz 1/1 Running 0 11m nginx-php 1/1 Running 3 10d web-96d5df5c8-ghb6g 1/1 Running 4 17d web2 1/1 Running 3 10d

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191

回滚

kubectl rollout history deployment/web kubectl rollout undo deployment/web # 回滚上一个版本 kubectl rollout undo deployment/web --to-revision=2 # 回滚指定版本 123

[root@k8s-master ~]# kubectl rollout history deployment nginx-deployment deployment.apps/nginx-deployment REVISION CHANGE-CAUSE 1 <none> 2 <none> 3 <none> --record参数将当前命令记录到发布记录里，方便知道回滚的镜像版本： kubectl set image deployment nginx-deployment nginx=nginx:1.17 --record 12345678910

删除

kubectl delete deploy/web kubectl delete svc/web 12

5. 滚动升级与回滚实现机制

滚动更新策略
每次只升级一个或多个服务，升级完成加入生产环境，不断执行这个过程，直到集群中的全部旧版升级新版本。

特点：

用户无感知，平滑过渡

缺点：

部署周期长发布策略较复杂

滚动更新在K8s中实现：

1个Deployment2个ReplicaSet

[root@k8s-master ~]# kubectl get rs NAME DESIRED CURRENT READY AGE my-dep-5f8dfc8c78 3 3 3 15d nginx-deployment-644599b9c9 0 0 0 5h27m nginx-deployment-7cf55fb7bb 0 0 0 8d nginx-deployment-7f78c49b8f 3 3 3 5h8m web-96d5df5c8 1 1 1 17d 1234567

ReplicaSet：副本集

协助Deployment做事Pod副本数量管理，不断对比当前Pod数量与期望Pod数量Deployment每次发布都会创建一个RS作为记录，用于实现回滚

kubectl get rs #查看RS记录
kubectl rollout history deployment web #版本对应RS记录

6. Pod对象：Pod设计思想、应用自修复、Init container、静态Pod

6.1 Pod对象：基本概念

最小部署单元一组容器的集合一个Pod中的容器共享网络命名空间Pod是短暂的

定义Pod：

apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: container1 image: nginx - name: container2 image: centos 1234567891011

6.2 Pod对象：存在的意义

Pod为亲密性应用而存在。
亲密性应用场景：

两个应用之间发生文件交互两个应用需要通过127.0.0.1或者socket通信（典型组合nginx+php）两个应用需要发生频繁的调用

6.3 Pod对象：容器分类

Infrastructure Container：基础容器，维护整个Pod网络空间InitContainers：初始化容器，先于业务容器开始执行Containers：业务容器，并行启动

6.4 Pod对象：应用自恢复（重启策略+健康检查）

重启策略：

Always：当容器终止退出后，总是重启容器，默认策略。OnFailure：当容器异常退出（退出状态码非0）时，才重启容器。Never：当容器终止退出，从不重启容器。

健康检查有以下两种类型：

livenessProbe（存活检查）：如果检查失败，将杀死容器，根据Pod的restartPolicy来操作。readinessProbe（就绪检查）：如果检查失败，Kubernetes会把Pod从service endpoints中剔除。

持久运行的程序，例如nginx、MySQL、jar
计划任务 cronjob
数据处理程序 job

if [ 1 == 2 ]; then
echo yes
exit 1
else
exit 0
fi

1、tcp端口探测
2、curl http://ip
3、ping检查服务器状态
4、端口是监听

支持以下三种检查方法：

httpGet：发送HTTP请求，返回200-400范围状态码为成功。exec：执行Shell命令返回状态码是0为成功。tcpSocket：发起TCP Socket建立成功。

apiVersion: apps/v1 kind: Deployment metadata: labels: app: web name: web spec: replicas: 1 selector: matchLabels: app: web template: metadata: labels: app: web spec: restartPolicy: Always containers: - image: lizhenliang/java-demo name: java-demo livenessProbe: tcpSocket: port: 8080 initialDelaySeconds: 30 periodSeconds: 20

12345678910111213141516171819202122232425

参考文档: https://kubernetes.io/docs/tasks/configure-pod-container/configureliveness-readiness-probes/

6.5 Pod对象：Init container

Init container：

基本支持所有普通容器特征优先普通容器执行

应用场景：

控制普通容器启动，初始容器完成后才会启动业务容器初始化配置，例如下载应用配置文件、注册信息等

apiVersion: v1 kind: Pod metadata: name: init-demo spec: containers: - name: nginx image: nginx ports: - containerPort: 80 volumeMounts: - name: workdir mountPath: /usr/share/nginx/html initContainers: - name: install image: busybox command: - wget - "-O" - "/work-dir/index.html" - http://kubernetes.io volumeMounts: - name: workdir mountPath: "/work-dir" dnsPolicy: Default volumes: - name: workdir emptyDir: {}

12345678910111213141516171819202122232425262728

6.6 Pod对象：静态Pod

静态Pod特点：

Pod由特定节点上的kubelet管理不能使用控制器Pod名称标识当前节点名称

在kubelet配置文件启用静态Pod：

vi /var/lib/kubelet/config.yaml ... staticPodPath: /etc/kubernetes/manifests ... 1234

将部署的pod yaml放到该目录会由kubelet自动创建

课后作业

1、在节点上配置kubelet托管启动一个pod

节点：k8s-node1pod名称：web镜像：nginx

# 检查是否启用 cat /var/lib/kubelet/config.yaml staticPodPath: /etc/kubernetes/manifests vi /etc/kubernetes/manifests/web.yaml apiVersion: v1 kind: Pod metadata: name: web namespace: labels: app: myapp spec: containers: - name: nginx image: nginx # 注：如果不生效，检查配置文件是否启用该功能

1234567891011121314151617

2、向pod中添加一个init容器，init容器创建一个空文件，如果该空文件没有被检测到pod退出

pod名称：web

apiVersion: v1 kind: Pod metadata: name: web spec: initContainers: - name: init image: nginx command: - touch - /opt/test volumeMounts: - name: data mountPath: /opt containers: - name: nginx image: nginx volumeMounts: - name: data mountPath: /opt livenessProbe: exec: command: - cat - /opt/test restartPolicy: Never volumes: - name: data emptyDir: {}

1234567891011121314151617181920212223242526272829

3、创建一个deployment 副本数 3，然后滚动更新镜像版本，并记录这个更新记录，最后再回滚到上一个版本

名称：nginx镜像版本：1.16更新镜像版本：1.17

kubectl create deployment web --image=nginx:1.16 kubectl set image deployment web nginx=nginx:1.17 --record kubectl rollout history deploy web # 查看版本记录 kubectl rollout undo deployment web # 回滚到上一个版本 kubectl rollout undo deployment web --to-revision=1 # 也可以回滚到指定版本 12345

4、给web deployment扩容副本数为3

kubectl scale deployment web --replicas=3 1

5、创建一个pod，其中运行着nginx、redis、memcached、consul 4个容器

apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: nginx image: nginx - name: redis image: redis - name: memcache image: memcached - name: consul image: consul

12345678910111213141516

6、把deployment输出json文件，再删除创建的deployment

kubectl get deployments.apps web -o json > web.json kubectl delete deployments.apps web 12

7、生成一个deployment yaml文件保存到/opt/deploy.yaml

名称：web标签：app_env_stage=dev

kubectl create deployment web --image=nginx --dry-run=client -o yaml > /opt/deploy.yaml # 再修改标签 apiVersion: apps/v1 kind: Deployment metadata: name: java-demo spec: replicas: 3 selector: matchLabels: app_env_stage=dev template: metadata: labels: app_env_stage=dev spec: containers: - name: nginx image: nginx

1234567891011121314151617181920

网址：Kubernetes CKA认证运维工程师笔记 https://www.yuejiaxmz.com/news/view/320835

相关内容

自动化运维工具
Kubernetes pod cpu 使用率计算方法 HPA
家庭运维系统之家Ops: 使用Talos与GitOps搭建自动化家园
提升效率，主流自动化运维工具推荐
笔记本电脑怎么保养维护（笔记本电脑保养正确方法）
电子电器维修工程师
自动化运维实践：构建高效的CI/CD流程
高效能笔记法
达人课堂：笔记本电脑要定期保养维护
认证流程

随便看看