Kubernetes之资源清单定义

Posted wlbl

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Kubernetes之资源清单定义相关的知识,希望对你有一定的参考价值。

Kubernetes之资源清单定义

常用资源

工作负载型 Pod,ReplicaSet,StatefulSet,DaemonSet,Job,Cronjob
服务发现及均衡 Sevice,Ingress,...
配置与存储 Volume,CSI,ConfigMap,Secret,DownwardAPI
集群级资源 Namespace,Node,Role,ClusterRole,RoleBinding,ClusterRoleBinding
元数据型资源 HPA,PodTemplate,LimitRange

Kubernetes不只是使用命令行进行配置,常用使用yaml文件来创建配置清单
Pod的资源清单
apiserver仅接收JSON格式的资源定义;

  • 当我们使用kubectl run直接创建资源的时候会被自动转换为JSON格式传给apiserver;
  • 使用yaml格式提供配置清单,apiserver可自动将其转换为JSON格式,然后再提交
[[email protected] ~]# kubectl get pods myapp-9b4987d5-djdr9 -o yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2019-03-28T06:42:04Z"
  generateName: myapp-9b4987d5-
  labels:
    pod-template-hash: 9b4987d5
    run: myapp
  name: myapp-9b4987d5-djdr9
  namespace: default
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: myapp-9b4987d5
    uid: bc03afbd-5120-11e9-80a7-000c295ec349
  resourceVersion: "38679"
  selfLink: /api/v1/namespaces/default/pods/myapp-9b4987d5-djdr9
  uid: 995067e0-5124-11e9-80a7-000c295ec349
spec:
  containers:
  - image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    name: myapp
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-dqd2f
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: node02
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-dqd2f
    secret:
      defaultMode: 420
      secretName: default-token-dqd2f
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2019-03-28T06:42:04Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2019-03-28T06:42:05Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2019-03-28T06:42:05Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2019-03-28T06:42:04Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://69b4cab1eb139c8e9c23e79792782db739fae21bedbc9199e1ab75b10729b038
    image: ikubernetes/myapp:v1
    imageID: docker-pullable://ikubernetes/[email protected]:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    lastState: {}
    name: myapp
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: "2019-03-28T06:42:05Z"
  hostIP: 10.0.0.12
  phase: Running
  podIP: 10.244.2.13
  qosClass: BestEffort
  startTime: "2019-03-28T06:42:04Z"

大部分资源清单有以下五个字段组成:

  • apiVersion: group/version # 指明api资源所属的群组及版本,使用kubectl api-version可查看,同一组子资源可以有多个版本
  • kind: 资源类别,Pod,ReplicaSet,Deployment,StatefulSet,DaemonSet,Job,Cronjob 。注意大小写
  • metadata: 元数据
    • name:同一类别要求名字唯一
    • namespace:对应的对象属于哪个名称空间,默认default
    • labels: 标签,搜友资源都可以有标签,K/V类型
    • annotations:资源注解

      每个资源的引用PATH
      /api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
      小写是固定字符,大写是根据实际情况修改
  • spec:最重要字段,定义目标的期望状态,desired state,不同类型资源内部可能有所不同

  • status:当前状态(只读)本字段由kubernetes进行维护

以上可以使用kubectl explain 进行查看相应字段

[[email protected] ~]# kubectl explain pods
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.

FIELDS:
   apiVersion   <string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

   kind <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

   metadata     <Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

   spec <Object>
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

   status       <Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

查看下一集字段,例如pods下的metadata,使用kubectl explain pods.metadata,以此类推.

二级字段下,每一种字段都有对应的键值类型,常用类型大致如下:

  • <[ ]string>:表示是一个字串列表,也就是字串类型的数组

  • <Object>:表示是可以嵌套的字段

  • <map[string]string>:表示是一个由键值组成映射

  • <[ ]Object>:表示是一个对象列表

  • <[ ]Object> -required-:required表示该字段是一个必选的字段

利用配置清单定义自主式Pod资源

[[email protected] ~]# mkdir manifests
[[email protected] ~]# cd manifests/
[[email protected] manifests]# vim pod-demo.yaml
  labels:
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  #labels: {"app": "myapp","tier": "frontend"} 和下面效果一样,建议使用下面格式
  labels:
    app: myapp
    tier: frontend
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
  - name: busybox
    image: busybox 
    command:
    - "/bin/sh"
    - "-c"
    - "echo $(date)>>/usr/share/nginx/html/index.html;sleep 3600"

使用kubectl create -f .yaml**创建资源

[[email protected] manifests]# kubectl create -f pod-demo.yaml 
pod/pod-demo created
[[email protected] manifests]# kubectl describe pods pod-demo
Name:               pod-demo
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               node02/10.0.0.12
Start Time:         Thu, 28 Mar 2019 17:27:35 +0800
Labels:             app=myapp
                    tier=frontend
Annotations:        <none>
Status:             Running
IP:                 10.244.2.15
Containers:
  myapp:
    Container ID:   docker://81fcdf25bac4f9691aaa80ccf1acd0fe565575ea894d07ea1c382e0366bcbfba
    Image:          ikubernetes/myapp:v1
    Image ID:       docker-pullable://ikubernetes/[email protected]:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 28 Mar 2019 17:27:35 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-dqd2f (ro)
  busybox:
    Container ID:  docker://af0d0f76b0f6ba9eeaea18178d1d9cf3a052176e219471896a56d727622c9a36
    Image:         busybox
    Image ID:      docker-pullable://[email protected]:061ca9704a714ee3e8b80523ec720c64f6209ad3f97c0ff7cb9ec7d19f15149f
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      -c
      sleep 3600
    State:          Running
      Started:      Thu, 28 Mar 2019 17:27:37 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-dqd2f (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-dqd2f:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-dqd2f
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  13s   default-scheduler  Successfully assigned default/pod-demo to node02
  Normal  Pulled     13s   kubelet, node02    Container image "ikubernetes/myapp:v1" already present on machine
  Normal  Created    13s   kubelet, node02    Created container
  Normal  Started    13s   kubelet, node02    Started container
  Normal  Pulling    13s   kubelet, node02    pulling image "busybox"
  Normal  Pulled     11s   kubelet, node02    Successfully pulled image "busybox"
  Normal  Created    11s   kubelet, node02    Created container
  Normal  Started    11s   kubelet, node02    Started container

使用kubectl delete -f .yaml删除资源
使用
kubectl logs POD_NAME -c CONTAINER_NAME 查看指定Pod内的指定容器的日志
使用
kubectl exec -it POD_NAME-c CONTAINER_NAME -- /bin/sh ** 交互式进入指定Pod内的指定容器内部

参考资料

https://www.cnblogs.com/linuxk
马永亮. Kubernetes进阶实战 (云计算与虚拟化技术丛书)

以上是关于Kubernetes之资源清单定义的主要内容,如果未能解决你的问题,请参考以下文章

Kubernetes(k8s)之编写资源清单

kubernetes资源清单定义

kubernetes 组件之 kubelet

如何在 Kubernetes 中执行清单策略?

K8S之资源清单定义基础

4kubernetes资源清单快速入门190625