Kubernetes进阶实战读书笔记：资源管理基础（一）

一、资源对象及API群组

1、表征状态转移

基本元素为资源：resource

资源即对象、一个资源通常意味着一个附带类型和关联数据、支持的操作方法以及与其他对象的关系的对象、他们是有状态的事物、即rest中的S(state)

表征：representation

REST组件通过使用表征来捕获资源的当前逾期状态并在组件之间传输改表征从而对资源执行操作、表征是一个字节序列、由数据、描述数据的元数据以及偶尔描述元数据组成、表征的数据格式为媒体类型
常用的有JSON或XML.API客户端不能直接访问资源、他们需要执行动作来改变资源的状态

行为：action

2、资源分类

kubernetes将一切事物都抽象为API资源、资源可以分组为集合，每个集合只包含单一类型的资源、集合、资源、子集及资源间的关系如下图所示

二、Kubernetes资源对象

1、常用资源对象

2、工作负载型资源

 daemonset

3、发现和负责均衡

4、配置存储：volume

5、集群级资源

6、元数据型资源

三、资源在API中的组织形式

1、资源在API中的组织形式

2、资源类型

3、种类（kind）

4、集合（collecton）

5、资源或对象

四、访问Kubernetes REST API

接助命令在本地主机上为API Server启动一个代理网关、由它支持使用HTTP进行通讯、其工作逻辑如下图所示

例如、本地127.0.0.1的8080端口上启动API Server的一个代理网关

?

1 2	[root@master ~]# kubectl proxy --port=8080 Starting to serve on 127.0.0.1:8080

1、列出集群上所有的Namespaces对象

?

1 2 3 4 5 6 7 8

[root@master ~]# curl localhost:8080/api/v1/namespaces {   "kind": "NamespaceList",   "apiVersion": "v1",   "metadata": {     "selfLink": "/api/v1/namespaces",     "resourceVersion": "329417"     ......

2、安装JSON的命令行处理器jq命令

?

1 2 3 4 5

安装EPEL源： yum install epel-release -y   安装jq： yum install jq -y

3、仅显示相关的NamespacesList对象中的各成员对象

?

1 2 3 4 5 6 7

[root@master ~]# curl -s localhost:8080/api/v1/namespaces/ | jq .items[].metadata.name "default" "ingress-nginx" "kube-node-lease" "kube-public" "kube-system" "weave"

4、给出特定的Namespaces资源对象的名称则能够直接获取相应的资源信息以kube-system名称空间为例

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

[root@master ~]# curl -s localhost:8080/api/v1/namespaces/kube-system {   "kind": "Namespace",   "apiVersion": "v1",   "metadata": {     "name": "kube-system",     "selfLink": "/api/v1/namespaces/kube-system",     "uid": "1e69045d-bfea-4292-b4e8-1fbaaefaae22",     "resourceVersion": "14",     "creationTimestamp": "2020-08-03T15:20:46Z",     "managedFields": [       {         "manager": "kube-apiserver",         "operation": "Update",         "apiVersion": "v1",         "time": "2020-08-03T15:20:46Z",         "fieldsType": "FieldsV1",         "fieldsV1": {"f:status":{"f:phase":{}}}       }     ]   },   "spec": {     "finalizers": [       "kubernetes"     ]   },   "status": {     "phase": "Active"   }

五、资源配置清单

 1、资源配置清单：namespaces kube-system

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[root@master ~]# kubectl get namespaces kube-system -o yaml apiVersion: v1 kind: Namespace metadata:   creationTimestamp: "2020-08-03T15:20:46Z"   managedFields:   - apiVersion: v1     fieldsType: FieldsV1     fieldsV1:       f:status:         f:phase: {}     manager: kube-apiserver     operation: Update     time: "2020-08-03T15:20:46Z"   name: kube-system   resourceVersion: "14"   selfLink: /api/v1/namespaces/kube-system   uid: 1e69045d-bfea-4292-b4e8-1fbaaefaae22 spec:   finalizers:   - kubernetes status:   phase: Active

除了极少数资源之外、Kubernetes系统上的绝大多数资源都是由其使用者所创建的、创建时、需要以上述输出结果中类似的方式以YAML或JSON序列化方案定义资源的相关配置数据

即用户期望的目标状态、而后再由Kubernetes的底层组件确保活动对象的运行时状态与用户提供的配置清单中定义的状态无限接近

 2、资源配置清单：deployments.apps myapp-deploy

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[root@master chapter5]# kubectl get deployments.apps myapp-deploy -o yaml apiVersion: apps/v1 kind: Deployment metadata:   annotations:   ......    name: myapp-deploy   namespace: default   resourceVersion: "361135"   selfLink: /apis/apps/v1/namespaces/default/deployments/myapp-deploy   uid: 74ac89a8-0f06-43a4-81bc-c39fddbde74d spec:   progressDeadlineSeconds: 600   replicas: 3   revisionHistoryLimit: 10   selector:     matchLabels:       app: myapp ....... status:   availableReplicas: 3   conditions: .......

事实上、对几乎所有的资源来说apiVersion、kind、metadata字段的功能基本上都是相同的、但spec则用于资源的期望状态、而status字段则用于记录活动对象的当前状态

六、对象资源格式

1、所有一级字段

2、metadata嵌套字段

必选字段

可选字段

3、spec字段

七、资源配置清单格式文档

1、了解一级字段

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

[root@master ~]# kubectl explain pods KIND:     Pod VERSION:  v1   DESCRIPTION:      Pod is a collection of containers that can run on a host. This resource is      created by clients and scheduled onto hosts.   FIELDS:    apiVersion   <string>      APIVersion defines the versioned schema of this representation of an      object. Servers should convert recognized schemas to the latest internal      value, and may reject unrecognized values. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources      kind <string>      Kind is a string value representing the REST resource this object      represents. Servers may infer this from the endpoint the client submits      requests to. Cannot be updated. In CamelCase. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds      metadata <Object>      Standard object's metadata. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata      spec <Object>      Specification of the desired behavior of the pod. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status      status   <Object>      Most recently observed status of the pod. This data may not be up to date.      Populated by the system. Read-only. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

2、了解二级字段

kubectl explain pods.spec

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215

[root@master ~]# kubectl explain pods.spec KIND:     Pod VERSION:  v1   RESOURCE: spec <Object>   DESCRIPTION:      Specification of the desired behavior of the pod. More info:      https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status        PodSpec is a description of a pod.   FIELDS:    activeDeadlineSeconds    <integer>      Optional duration in seconds the pod may be active on the node relative to      StartTime before the system will actively try to mark it failed and kill      associated containers. Value must be a positive integer.      affinity <Object>      If specified, the pod's scheduling constraints      automountServiceAccountToken <boolean>      AutomountServiceAccountToken indicates whether a service account token      should be automatically mounted.      containers   <[]Object> -required-      List of containers belonging to the pod. Containers cannot currently be      added or removed. There must be at least one container in a Pod. Cannot be      updated.      dnsConfig    <Object>      Specifies the DNS parameters of a pod. Parameters specified here will be      merged to the generated DNS configuration based on DNSPolicy.      dnsPolicy    <string>      Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are      'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS      parameters given in DNSConfig will be merged with the policy selected with      DNSPolicy. To have DNS options set along with hostNetwork, you have to      specify DNS policy explicitly to 'ClusterFirstWithHostNet'.      enableServiceLinks   <boolean>      EnableServiceLinks indicates whether information about services should be      injected into pod's environment variables, matching the syntax of Docker      links. Optional: Defaults to true.      ephemeralContainers  <[]Object>      List of ephemeral containers run in this pod. Ephemeral containers may be      run in an existing pod to perform user-initiated actions such as debugging.      This list cannot be specified when creating a pod, and it cannot be      modified by updating the pod spec. In order to add an ephemeral container      to an existing pod, use the pod's ephemeralcontainers subresource. This      field is alpha-level and is only honored by servers that enable the      EphemeralContainers feature.      hostAliases  <[]Object>      HostAliases is an optional list of hosts and IPs that will be injected into      the pod's hosts file if specified. This is only valid for non-hostNetwork      pods.      hostIPC  <boolean>      Use the host's ipc namespace. Optional: Default to false.      hostNetwork  <boolean>      Host networking requested for this pod. Use the host's network namespace.      If this option is set, the ports that will be used must be specified.      Default to false.      hostPID  <boolean>      Use the host's pid namespace. Optional: Default to false.      hostname <string>      Specifies the hostname of the Pod If not specified, the pod's hostname will      be set to a system-defined value.      imagePullSecrets <[]Object>      ImagePullSecrets is an optional list of references to secrets in the same      namespace to use for pulling any of the images used by this PodSpec. If      specified, these secrets will be passed to individual puller      implementations for them to use. For example, in the case of docker, only      DockerConfig type secrets are honored. More info:      https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod      initContainers   <[]Object>      List of initialization containers belonging to the pod. Init containers are      executed in order prior to containers being started. If any init container      fails, the pod is considered to have failed and is handled according to its      restartPolicy. The name for an init container or normal container must be      unique among all containers. Init containers may not have Lifecycle      actions, Readiness probes, Liveness probes, or Startup probes. The      resourceRequirements of an init container are taken into account during      scheduling by finding the highest request/limit for each resource type, and      then using the max of of that value or the sum of the normal containers.      Limits are applied to init containers in a similar fashion. Init containers      cannot currently be added or removed. Cannot be updated. More info:      https://kubernetes.io/docs/concepts/workloads/pods/init-containers/      nodeName <string>      NodeName is a request to schedule this pod onto a specific node. If it is      non-empty, the scheduler simply schedules this pod onto that node, assuming      that it fits resource requirements.      nodeSelector <map[string]string>      NodeSelector is a selector which must be true for the pod to fit on a node.      Selector which must match a node's labels for the pod to be scheduled on      that node. More info:      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/      overhead <map[string]string>      Overhead represents the resource overhead associated with running a pod for      a given RuntimeClass. This field will be autopopulated at admission time by      the RuntimeClass admission controller. If the RuntimeClass admission      controller is enabled, overhead must not be set in Pod create requests. The      RuntimeClass admission controller will reject Pod create requests which      have the overhead already set. If RuntimeClass is configured and selected      in the PodSpec, Overhead will be set to the value defined in the      corresponding RuntimeClass, otherwise it will remain unset and treated as      zero. More info:      https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This      field is alpha-level as of Kubernetes v1.16, and is only honored by servers      that enable the PodOverhead feature.      preemptionPolicy <string>      PreemptionPolicy is the Policy for preempting pods with lower priority. One      of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.      This field is alpha-level and is only honored by servers that enable the      NonPreemptingPriority feature.      priority <integer>      The priority value. Various system components use this field to find the      priority of the pod. When Priority Admission Controller is enabled, it      prevents users from setting this field. The admission controller populates      this field from PriorityClassName. The higher the value, the higher the      priority.      priorityClassName    <string>      If specified, indicates the pod's priority. "system-node-critical" and      "system-cluster-critical" are two special keywords which indicate the      highest priorities with the former being the highest priority. Any other      name must be defined by creating a PriorityClass object with that name. If      not specified, the pod priority will be default or zero if there is no      default.      readinessGates   <[]Object>      If specified, all readiness gates will be evaluated for pod readiness. A      pod is ready when all its containers are ready AND all conditions specified      in the readiness gates have status equal to "True" More info:      https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md      restartPolicy    <string>      Restart policy for all containers within the pod. One of Always, OnFailure,      Never. Default to Always. More info:      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy      runtimeClassName <string>      RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,      which should be used to run this pod. If no RuntimeClass resource matches      the named class, the pod will not be run. If unset or empty, the "legacy"      RuntimeClass will be used, which is an implicit class with an empty      definition that uses the default runtime handler. More info:      https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a      beta feature as of Kubernetes v1.14.      schedulerName    <string>      If specified, the pod will be dispatched by specified scheduler. If not      specified, the pod will be dispatched by default scheduler.      securityContext  <Object>      SecurityContext holds pod-level security attributes and common container      settings. Optional: Defaults to empty. See type description for default      values of each field.      serviceAccount   <string>      DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.      Deprecated: Use serviceAccountName instead.      serviceAccountName   <string>      ServiceAccountName is the name of the ServiceAccount to use to run this      pod. More info:      https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/      shareProcessNamespace    <boolean>      Share a single process namespace between all of the containers in a pod.      When this is set containers will be able to view and signal processes from      other containers in the same pod, and the first process in each container      will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both      be set. Optional: Default to false.      subdomain    <string>      If specified, the fully qualified Pod hostname will be      "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not      specified, the pod will not have a domainname at all.      terminationGracePeriodSeconds    <integer>      Optional duration in seconds the pod needs to terminate gracefully. May be      decreased in delete request. Value must be non-negative integer. The value      zero indicates delete immediately. If this value is nil, the default grace      period will be used instead. The grace period is the duration in seconds      after the processes running in the pod are sent a termination signal and      the time when the processes are forcibly halted with a kill signal. Set      this value longer than the expected cleanup time for your process. Defaults      to 30 seconds.      tolerations  <[]Object>      If specified, the pod's tolerations.      topologySpreadConstraints    <[]Object>      TopologySpreadConstraints describes how a group of pods ought to spread      across topology domains. Scheduler will schedule pods in a way which abides      by the constraints. This field is only honored by clusters that enable the      EvenPodsSpread feature. All topologySpreadConstraints are ANDed.      volumes  <[]Object>      List of volumes that can be mounted by containers belonging to the pod.      More info: https://kubernetes.io/docs/concepts/storage/volumes

3、了解三级以上字段

kubectl explain pods.spec.containers

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148

[root@master ~]# kubectl explain pods.spec.containers KIND:     Pod VERSION:  v1   RESOURCE: containers <[]Object>   DESCRIPTION:      List of containers belonging to the pod. Containers cannot currently be      added or removed. There must be at least one container in a Pod. Cannot be      updated.        A single application container that you want to run within a pod.   FIELDS:    args <[]string>      Arguments to the entrypoint. The docker image's CMD is used if this is not      provided. Variable references $(VAR_NAME) are expanded using the      container's environment. If a variable cannot be resolved, the reference in      the input string will be unchanged. The $(VAR_NAME) syntax can be escaped      with a double $$, ie: $$(VAR_NAME). Escaped references will never be      expanded, regardless of whether the variable exists or not. Cannot be      updated. More info:      https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell      command  <[]string>      Entrypoint array. Not executed within a shell. The docker image's      ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)      are expanded using the container's environment. If a variable cannot be      resolved, the reference in the input string will be unchanged. The      $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).      Escaped references will never be expanded, regardless of whether the      variable exists or not. Cannot be updated. More info:      https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell      env  <[]Object>      List of environment variables to set in the container. Cannot be updated.      envFrom  <[]Object>      List of sources to populate environment variables in the container. The      keys defined within a source must be a C_IDENTIFIER. All invalid keys will      be reported as an event when the container is starting. When a key exists      in multiple sources, the value associated with the last source will take      precedence. Values defined by an Env with a duplicate key will take      precedence. Cannot be updated.      image    <string>      Docker image name. More info:      https://kubernetes.io/docs/concepts/containers/images This field is      optional to allow higher level config management to default or override      container images in workload controllers like Deployments and StatefulSets.      imagePullPolicy  <string>      Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always      if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.      More info:      https://kubernetes.io/docs/concepts/containers/images#updating-images      lifecycle    <Object>      Actions that the management system should take in response to container      lifecycle events. Cannot be updated.      livenessProbe    <Object>      Periodic probe of container liveness. Container will be restarted if the      probe fails. Cannot be updated. More info:      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes      name <string> -required-      Name of the container specified as a DNS_LABEL. Each container in a pod      must have a unique name (DNS_LABEL). Cannot be updated.      ports    <[]Object>      List of ports to expose from the container. Exposing a port here gives the      system additional information about the network connections a container      uses, but is primarily informational. Not specifying a port here DOES NOT      prevent that port from being exposed. Any port which is listening on the      default "0.0.0.0" address inside a container will be accessible from the      network. Cannot be updated.      readinessProbe   <Object>      Periodic probe of container service readiness. Container will be removed      from service endpoints if the probe fails. Cannot be updated. More info:      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes      resources    <Object>      Compute Resources required by this container. Cannot be updated. More info:      https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/      securityContext  <Object>      Security options the pod should run with. More info:      https://kubernetes.io/docs/concepts/policy/security-context/ More info:      https://kubernetes.io/docs/tasks/configure-pod-container/security-context/      startupProbe <Object>      StartupProbe indicates that the Pod has successfully initialized. If      specified, no other probes are executed until this completes successfully.      If this probe fails, the Pod will be restarted, just as if the      livenessProbe failed. This can be used to provide different probe      parameters at the beginning of a Pod's lifecycle, when it might take a long      time to load data or warm a cache, than during steady-state operation. This      cannot be updated. This is a beta feature enabled by the StartupProbe      feature flag. More info:      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes      stdin    <boolean>      Whether this container should allocate a buffer for stdin in the container      runtime. If this is not set, reads from stdin in the container will always      result in EOF. Default is false.      stdinOnce    <boolean>      Whether the container runtime should close the stdin channel after it has      been opened by a single attach. When stdin is true the stdin stream will      remain open across multiple attach sessions. If stdinOnce is set to true,      stdin is opened on container start, is empty until the first client      attaches to stdin, and then remains open and accepts data until the client      disconnects, at which time stdin is closed and remains closed until the      container is restarted. If this flag is false, a container processes that      reads from stdin will never receive an EOF. Default is false      terminationMessagePath   <string>      Optional: Path at which the file to which the container's termination      message will be written is mounted into the container's filesystem. Message      written is intended to be brief final status, such as an assertion failure      message. Will be truncated by the node if greater than 4096 bytes. The      total message length across all containers will be limited to 12kb.      Defaults to /dev/termination-log. Cannot be updated.      terminationMessagePolicy <string>      Indicate how the termination message should be populated. File will use the      contents of terminationMessagePath to populate the container status message      on both success and failure. FallbackToLogsOnError will use the last chunk      of container log output if the termination message file is empty and the      container exited with an error. The log output is limited to 2048 bytes or      80 lines, whichever is smaller. Defaults to File. Cannot be updated.      tty  <boolean>      Whether this container should allocate a TTY for itself, also requires      'stdin' to be true. Default is false.      volumeDevices    <[]Object>      volumeDevices is the list of block devices to be used by the container.      volumeMounts <[]Object>      Pod volumes to mount into the container's filesystem. Cannot be updated.      workingDir   <string>      Container's working directory. If not specified, the container runtime's      default will be used, which might be configured in the container image.      Cannot be updated.

4、优势

?

1	kubectl get deployments.apps myapp-deploy  -o yamal --export > deploy-demo.yaml

命令行只支持部分资源对象的部分属性、而资源清单支持配置资源的所有属性字段而且使用配置清单文件还能够进行版本追踪、复审等高级功能的操作

八、资源对象管理方式

1、声明式编程

2、陈述式编程

3、命令分类