K8s 问题及解答

问题及解答

1. kubectl proxy 命令及其含义，如何通过 proxy 访问 kubernetes 集群？

   Creates a proxy server or application-level gateway between localhost and the Kubernetes API Server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote kubernetes API Server port, except for the path matching the static content path.

   在本地主机和 Kubernetes API 服务器之间创建代理服务器或应用程序级网关。它还允许通过指定的 HTTP 路径提供静态内容。 除了与静态内容路径匹配的路径之外，所有传入的数据都通过一个端口进入并转发到远程 kubernetes API Server 端口。

   kubectl proxy --port=8080
   

   # 获取 API 版本
   # curl http://localhost:8080/api/
    
   {
     "kind": "APIVersions",
     "versions": [
       "v1"
     ],
     "serverAddressByClientCIDRs": [
       {
         "clientCIDR": "0.0.0.0/0",
         "serverAddress": "10.0.2.15:8443"
       }
     ]
   }
   

   获取 Pod 列表

   # curl http://localhost:8080/api/v1/namespaces/default/pods

   {
     "kind": "PodList",
     "apiVersion": "v1",
     "metadata": {
       "resourceVersion": "33074"
     },
     "items": [
       {
         "metadata": {
           "name": "kubernetes-bootcamp-2321272333-ix8pt",
           "generateName": "kubernetes-bootcamp-2321272333-",
           "namespace": "default",
           "uid": "ba21457c-6b1d-11e6-85f7-1ef9f1dab92b",
           "resourceVersion": "33003",
           "creationTimestamp": "2016-08-25T23:43:30Z",
           "labels": {
             "pod-template-hash": "2321272333",
             "run": "kubernetes-bootcamp"
           },
           ...
   }

2. `kubectl port-forward` 命令及其含义，如何通过 port-forward 访问应用？

> Forward one or more local ports to a pod.
>
> 转发一个或多个本地端口到 Pod 中。
>
> Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.
>
> 使用资源类型/名称（例如 deploy/ mydeployment）来选择容器。 如果省略，资源类型默认为 'pod'。

```bash
# 监听本地 5000 端口，转发至 Pod 的 5000 端口
kubectl port-forward deployment/mydeployment 5000

# 监听本地 6000 端口，转发至 Pod 的 5000 端口
kubectl port-forward deployment/mydeployment 6000:5000

# 监听本地随机端口，转发至 Pod 的 5000 端口
kubectl port-forward deployment/mydeployment :5000

3. 修改 Pod label 使其与 Deployment 不相符，集群有什么变化？

   # 创建 Deploy
   kubectl run nginx --image=nginx --replicas=3 -n k8s-yaml --record
    
   # 修改 Lable（注意 overwrite）
   kubectl label pod/nginx-7bb7cd8db5-6p69t run=nginx2 --overwrite -n k8s-yaml
   

   Deployment 控制器会新起一个 nginx Pod，以达到期望的 Replica。

4. kubectl run 如何向 Pod 注入环境变量？如何查看是否注入成功？

   # 通过 `env` 选项
   kubectl run busybox --image=busybox --restart=Never --env="HELLO=World" -- env
    
   # 通过查看 log
   kubectl logs busybox
    
   PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
   HOSTNAME=busybox
   HELLO=World
   KUBERNETES_SERVICE_PORT=443
   KUBERNETES_SERVICE_PORT_HTTPS=443
   KUBERNETES_PORT=tcp://10.96.0.1:443
   KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
   KUBERNETES_PORT_443_TCP_PROTO=tcp
   KUBERNETES_PORT_443_TCP_PORT=443
   KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
   KUBERNETES_SERVICE_HOST=10.96.0.1
   HOME=/root
   

5. 如何通过 kubectl rollout 将应用回滚到指定版本？

   # 创建 Deploy
   kubectl run nginx --image=nginx --replicas=3 --namespace=k8s-yaml --record=true
    
   # 修改 Nginx 的 Version，将 image=nginx 修改成 image=nginx:1.15.2
   kubectl edit deploy/nginx -n k8s-yaml
    
   # 查看此 Deploy 的 history
   kubectl rollout history deploy/nginx -n k8s-yaml
    
   deployment.extensions/nginx
   REVISION  CHANGE-CAUSE
   1         kubectl run nginx --image=nginx --replicas=3 --namespace=k8s-yaml --record=true
   2         kubectl run nginx --image=nginx --replicas=3 --namespace=k8s-yaml --record=true
    
   # 还原到上一版本
   kubectl rollout undo deploy/nginx -n k8s-yaml
   # 还原到特定版本
   kubectl rollout undo deploy/nginx --to-revision=1 -n k8s-yaml
   

6. Pod LivenessProbe 如何使用 exec 进行健康检查？

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: nginx
     namespace: k8s-yaml
   spec:
     selector:
       matchLabels:
         app: nginx
     template:
       metadata:
         labels:
           app: nginx
       spec:
         containers:
         - name: nginx
           image: nginx
           resources:
             limits:
               memory: "128Mi"
               cpu: "50m"
           # 只是为了演示使用 EXEC，Command 无意义
           livenessProbe:
             exec:
               command: ['sh', '-c', 'date >> /usr/share/nginx/html/index.html']
           ports:
           - containerPort: 80
   

7. Pod Lifecycle 如何使用 PostStart Hook？

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: nginx
     namespace: k8s-yaml
   spec:
     selector:
       matchLabels:
         app: nginx
     template:
       metadata:
         labels:
           app: nginx
       spec:
         containers:
         - name: nginx
           image: nginx
           # lifecycle 只有 postStart 和 preStop
           lifecycle:
             postStart:
                tcpSocket:
                   port: 80
           resources:
             limits:
               memory: "128Mi"
               cpu: "50m"
           ports:
           - containerPort: 80
   

8. 创建一个 Secret 并在 Pod 内访问。

   创建 Secret

   使用 Secret

9. 利用环境变量加载 configmap 的例子。

   # 创建 ConfigMap
   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: cm
     namespace: k8s-yaml
   data:
     key1: value1
     key2: value2
    
   # 使用 cm
   apiVersion: v1
   kind: Pod
   metadata:
     name: busybox
     namespace: k8s-yaml
     labels:
       name: busybox
   spec:
     containers:
     - name: busybox
       image: busybox
       command:
         - "/bin/sh"
         - "-c"
         - "env"
       envFrom:
         - configMapRef:
             name: cm
       resources:
         limits:
           memory: "128Mi"
           cpu: "50m"
    
   # 第二种
   ...
   env:
     - valueFrom:
         configMapKeyRef:
           name: cm
           key: key1
   ...
   

10. kubernetes 多区域运行。

    多区域运行

1. 1-9 题目来源
2. kubectl proxy
3. http-proxy-access-api
4. port-forward