Kubernetes 控制器介绍
1.控制器:是用于管理pod ,确保pod 符合预期的状态,pod出现故障时,控制会尝试重启,重启失败也会控制pod 重建。通过label-selector相关联。
2.控制器的分类:
Deployment:
StatefulSet:
DeamonSet:
Job:
CronJob:
3.pod 与控制器的关系
pod和控制器通过标签进行关联
4.Deployment
适用于部署无状态的应用,管理pod和replicaSet,可以做版本的控制
例子:
[root@m7-autocv-gpu01 demo]# cat tomcat-deployment2.yaml apiVersion: apps/v1beta1 kind: Deployment metadata: labels: app: tomcat1102 name: tomecat1102 spec: replicas: 2 selector: matchLabels: app: tomcat1102 template: metadata: labels: app: tomcat1102 spec: imagePullSecrets: - name: registry-pull-secret containers: - image: tomcat:latest name: tomcat ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: tomcat1102-service labels: app: tomcat1102 spec: type: NodePort ports: - port: 80 targetPort: 8080 selector: app: tomcat1102 [root@m7-autocv-gpu01 demo]# kubectl apply -f tomcat-deployment2.yaml deployment.apps/tomecat1102 created service/tomcat1102-service created [root@m7-autocv-gpu01 demo]# kubectl get pods,deployment,rs --show-labels=true NAME READY STATUS RESTARTS AGE LABELS pod/tomecat1102-7d5cffb76-njqnz 1/1 Running 0 2m44s app=tomcat1102,pod-template-hash=7d5cffb76 pod/tomecat1102-7d5cffb76-rbjlp 1/1 Running 0 2m44s app=tomcat1102,pod-template-hash=7d5cffb76 NAME READY UP-TO-DATE AVAILABLE AGE LABELS deployment.extensions/tomecat1102 2/2 2 2 2m44s app=tomcat1102 NAME DESIRED CURRENT READY AGE LABELS replicaset.extensions/tomecat1102-7d5cffb76 2 2 2 2m44s app=tomcat1102,pod-template-hash=7d5cffb76
5.StatefulSet
适用部署有状态的应用,解决pod独立生命周期,保持pod启动顺序和唯一性(唯一网路标识,持久存储;优雅部署扩展删除和终止;滚动更新)
5.1headless service 无头服务类型,将ClusterIP置为none
例子:
[root@m7-autocv-gpu01 demo]# cat headless.yaml apiVersion: v1 kind: Service metadata: name: nginx1102 labels: app: nginx1102 spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx1102 [root@m7-autocv-gpu01 demo]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx1102 ClusterIP None <none> 80/TCP 19s
kubernetes 的service 集群ip为none,内部转发的pod的ip不固定,因此需要通过dns实现内部转发,保证pod的内部通信
5.2部署coredns
上传coredns的yaml文件
[root@m7-autocv-gpu01 demo]# cat coredns.yaml # Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: Reconcile name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: EnsureExists name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 proxy . /etc/resolv.conf cache 30 loop reload loadbalance } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: # replicas: not specified here: # 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: coredns image: coredns/coredns:1.2.2 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: kube-dns clusterIP: 10.0.0.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP [root@m7-autocv-gpu01 demo]#
创建coredns
创建coredns [root@m7-autocv-gpu01 demo]# kubectl apply -f coredns.yaml 查看生成的pod 默认生成在kube-system 命名空间中 [root@m7-autocv-gpu01 demo]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-76d8bcb64d-fvp9w 1/1 Running 0 10m
测试dns
创建一个pod并进入容器中测试是否可以解析成功
创建一个测试pod [root@m7-autocv-gpu01 demo]# cat pod7.yaml apiVersion: v1 kind: Pod metadata: name: dns-test spec: containers: - name: busybox image: busybox:1.28.4 args: - /bin/sh - -c - sleep 36000 restartPolicy: Never [root@m7-autocv-gpu01 demo]# kubectl create -f pod7.yaml pod/dns-test created 进入pod中 [root@m7-autocv-gpu01 demo]# kubectl exec -it dns-test sh / # 测试解析 / # nslookup kubernetes Server: 10.254.0.2 Address 1: 10.254.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes Address 1: 10.254.0.1 kubernetes.default.svc.cluster.local / # 可以正常解析到
5.3分别创建pod 和无头服务测试
创建pod 和服务 [root@m7-autocv-gpu01 demo]# cat sts.yaml apiVersion: v1 kind: Service metadata: name: nginx1103-service labels: app: nginx1103-service spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx-statefulset --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: nginx-statefulset namespace: default spec: serviceName: nginx1103-service replicas: 2 selector: matchLabels: app: nginx-statefulset template: metadata: labels: app: nginx-statefulset spec: containers: - name: nginx-statefulset image: nginx:latest ports: - containerPort: 80 查看状态 [root@m7-autocv-gpu01 demo]# kubectl get pods,svc -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/nginx-statefulset-0 1/1 Running 0 11s 172.30.192.2 m7-autocv-gpu03 <none> <none> pod/nginx-statefulset-1 1/1 Running 0 8s 172.30.216.3 m7-autocv-gpu01 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/nginx1103-service ClusterIP None <none> 80/TCP 11s app=nginx-statefulset [root@m7-autocv-gpu01 demo]# kubectl get ep NAME ENDPOINTS AGE nginx1103-service 172.30.192.2:80,172.30.216.3:80 20s 可以看到pod 的ip 和service的ip 是相互关联的
进入dns-test的pod 中测试是否可以解析到
[root@m7-autocv-gpu01 demo]# kubectl exec -it dns-test sh Name: nginx-statefulset-0.nginx1103-service Address 1: 172.30.192.2 nginx-statefulset-0.nginx1103-service.default.svc.cluster.local / # nslookup nginx-statefulset-1.nginx1103-service Server: 10.254.0.2 Address 1: 10.254.0.2 kube-dns.kube-system.svc.cluster.local Name: nginx-statefulset-1.nginx1103-service Address 1: 172.30.216.3 nginx-statefulset-1.nginx1103-service.default.svc.cluster.local / # 能够正常解析到对应的ip,通过pod名做解析时后面跟上对应的service的名称
6.DeamonSet
特点:在每个node上运行一个pod,新加入的node也会自动运行一个pod
例子:
编写一个pod的yaml文件,不需要指定replicas的数量
[root@m7-autocv-gpu01 demo]# cat ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: nginx1103 labels: app: nginx1103 spec: selector: matchLabels: app: nginx1103 template: metadata: labels: app: nginx1103 spec: containers: - name: ngin image: nginx:1.15.4 ports: - containerPort: 80 创建pod [root@m7-autocv-gpu01 demo]# kubectl create -f ds.yaml daemonset.apps/nginx1103 created 查看pod 的状态和数量 [root@m7-autocv-gpu01 demo]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx1103-9jm7f 1/1 Running 0 91s 172.30.192.3 m7-autocv-gpu03 <none> <none> nginx1103-g7pd6 1/1 Running 0 91s 172.30.224.3 m7-autocv-gpu02 <none> <none> nginx1103-vzggj 1/1 Running 0 91s 172.30.216.6 m7-autocv-gpu01 <none> <none> 可以看到在pod的数量和node节点数一样,并且每个节点一个
7.Job
分类:普通任务(Job)和定时任务(CronJob)
Job例子:
[root@m7-autocv-gpu01 demo]# cat job.yaml apiVersion: batch/v1 kind: Job metadata: name: pi spec: template: spec: containers: - name: pi image: perl command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"] restartPolicy: Never backoffLimit: 4 创建pod [root@m7-autocv-gpu01 demo]# kubectl create -f job.yaml job.batch/pi created [root@m7-autocv-gpu01 demo]# kubectl get pods NAME READY STATUS RESTARTS AGE pi-hm7v2 0/1 ContainerCreating 0 8s 执行结果 [root@m7-autocv-gpu01 demo]# kubectl get pods NAME READY STATUS RESTARTS AGE pi-hm7v2 0/1 Completed 0 3m34s [root@m7-autocv-gpu01 demo]# kubectl logs pi-hm7v2 3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989380952572010654858632788659361533818279682303019520353018529689957736225994138912497217752834791315155748572424541506959508295331168617278558890750983817546374649393192550604009277016711390098488240128583616035637076601047101819429555961989467678374494482553797747268471040475346462080466842590694912933136770289891521047521620569660240580381501935112533824300355876402474964732639141992726042699227967823547816360093417216412199245863150302861829745557067498385054945885869269956909272107975093029553211653449872027559602364806654991198818347977535663698074265425278625518184175746728909777727938000816470600161452491921732172147723501414419735685481613611573525521334757418494684385233239073941433345477624168625189835694855620992192221842725502542568876717904946016534668049886272327917860857843838279679766814541009538837863609506800642251252051173929848960841284886269456042419652850222106611863067442786220391949450471237137869609563643719172874677646575739624138908658326459958133904780275901
pod跑完一次任务后不在执行
8.CronJob
应用在定时任务中,如:通知,备份
例子:
[root@m7-autocv-gpu01 demo]# cat cronjob.yaml apiVersion: batch/v1beta1 kind: CronJob metadata: name: hello spec: schedule: "*/1 * * * *" jobTemplate: spec: template: spec: containers: - name: hello image: busybox args: - /bin/sh - -c - date; echo Hello from the Kubernetes cluster restartPolicy: OnFailure 查看pod [root@m7-autocv-gpu01 demo]# kubectl get pods NAME READY STATUS RESTARTS AGE hello-1572767880-cnr6b 0/1 Completed 0 2m27s hello-1572767940-dcmgn 0/1 Completed 0 87s hello-1572768000-7h4fp 0/1 Completed 0 27s 注意:根据设定的时长反复执行 查看定时任务 [root@m7-autocv-gpu01 demo]# kubectl get cronjob NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE hello */1 * * * * False 0 62s 3m9s 查看pod日志 [root@m7-autocv-gpu01 demo]# kubectl log hello-1572768000-7h4fp log is DEPRECATED and will be removed in a future version. Use logs instead. Sun Nov 3 08:00:07 UTC 2019 Hello from the Kubernetes cluster
