Kubernetes之(六)资源清单定义
常用资源
| 工作负载型 | Pod,ReplicaSet,StatefulSet,DaemonSet,Job,Cronjob |
|---|---|
| 服务发现及均衡 | Sevice,Ingress,... |
| 配置与存储 | Volume,CSI,ConfigMap,Secret,DownwardAPI |
| 集群级资源 | Namespace,Node,Role,ClusterRole,RoleBinding,ClusterRoleBinding |
| 元数据型资源 | HPA,PodTemplate,LimitRange |
Kubernetes不只是使用命令行进行配置,常用使用yaml文件来创建配置清单
Pod的资源清单
apiserver仅接收JSON格式的资源定义;
- 当我们使用kubectl run直接创建资源的时候会被自动转换为JSON格式传给apiserver;
- 使用yaml格式提供配置清单,apiserver可自动将其转换为JSON格式,然后再提交
[root@master ~]# kubectl get pods myapp-9b4987d5-djdr9 -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2019-03-28T06:42:04Z"
generateName: myapp-9b4987d5-
labels:
pod-template-hash: 9b4987d5
run: myapp
name: myapp-9b4987d5-djdr9
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: myapp-9b4987d5
uid: bc03afbd-5120-11e9-80a7-000c295ec349
resourceVersion: "38679"
selfLink: /api/v1/namespaces/default/pods/myapp-9b4987d5-djdr9
uid: 995067e0-5124-11e9-80a7-000c295ec349
spec:
containers:
- image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
name: myapp
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-dqd2f
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: node02
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-dqd2f
secret:
defaultMode: 420
secretName: default-token-dqd2f
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-03-28T06:42:04Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-03-28T06:42:05Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-03-28T06:42:05Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-03-28T06:42:04Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://69b4cab1eb139c8e9c23e79792782db739fae21bedbc9199e1ab75b10729b038
image: ikubernetes/myapp:v1
imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
lastState: {}
name: myapp
ready: true
restartCount: 0
state:
running:
startedAt: "2019-03-28T06:42:05Z"
hostIP: 10.0.0.12
phase: Running
podIP: 10.244.2.13
qosClass: BestEffort
startTime: "2019-03-28T06:42:04Z"
大部分资源清单有以下五个字段组成:
-
apiVersion: group/version # 指明api资源所属的群组及版本,使用kubectl api-version可查看,同一组子资源可以有多个版本
-
kind: 资源类别,Pod,ReplicaSet,Deployment,StatefulSet,DaemonSet,Job,Cronjob 。注意大小写
-
metadata: 元数据
-
name:同一类别要求名字唯一
-
namespace:对应的对象属于哪个名称空间,默认default
-
labels: 标签,搜友资源都可以有标签,K/V类型
-
annotations:资源注解
每个资源的引用PATH
/api/GROUP/VERSION/namespaces/NAMESPACE/TYPE/NAME
小写是固定字符,大写是根据实际情况修改
-
-
spec:最重要字段,定义目标的期望状态,desired state,不同类型资源内部可能有所不同
-
status:当前状态(只读)本字段由kubernetes进行维护
以上可以使用kubectl explain 进行查看相应字段
[root@master ~]# kubectl explain pods
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
查看下一集字段,例如pods下的metadata,使用kubectl explain pods.metadata,以此类推.
二级字段下,每一种字段都有对应的键值类型,常用类型大致如下:
-
<[ ]string>:表示是一个字串列表,也就是字串类型的数组
-
<Object>:表示是可以嵌套的字段
-
<map[string]string>:表示是一个由键值组成映射
-
<[ ]Object>:表示是一个对象列表
-
<[ ]Object> -required-:required表示该字段是一个必选的字段
利用配置清单定义自主式Pod资源
[root@master ~]# mkdir manifests
[root@master ~]# cd manifests/
[root@master manifests]# vim pod-demo.yaml
labels:
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
#labels: {"app": "myapp","tier": "frontend"} 和下面效果一样,建议使用下面格式
labels:
app: myapp
tier: frontend
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
- name: busybox
image: busybox
command:
- "/bin/sh"
- "-c"
- "echo $(date)>>/usr/share/nginx/html/index.html;sleep 3600"
使用**kubectl create -f .yaml创建资源
[root@master manifests]# kubectl create -f pod-demo.yaml
pod/pod-demo created
[root@master manifests]# kubectl describe pods pod-demo
Name: pod-demo
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: node02/10.0.0.12
Start Time: Thu, 28 Mar 2019 17:27:35 +0800
Labels: app=myapp
tier=frontend
Annotations: <none>
Status: Running
IP: 10.244.2.15
Containers:
myapp:
Container ID: docker://81fcdf25bac4f9691aaa80ccf1acd0fe565575ea894d07ea1c382e0366bcbfba
Image: ikubernetes/myapp:v1
Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
Port: <none>
Host Port: <none>
State: Running
Started: Thu, 28 Mar 2019 17:27:35 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-dqd2f (ro)
busybox:
Container ID: docker://af0d0f76b0f6ba9eeaea18178d1d9cf3a052176e219471896a56d727622c9a36
Image: busybox
Image ID: docker-pullable://busybox@sha256:061ca9704a714ee3e8b80523ec720c64f6209ad3f97c0ff7cb9ec7d19f15149f
Port: <none>
Host Port: <none>
Command:
/bin/sh
-c
sleep 3600
State: Running
Started: Thu, 28 Mar 2019 17:27:37 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-dqd2f (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-dqd2f:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-dqd2f
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 13s default-scheduler Successfully assigned default/pod-demo to node02
Normal Pulled 13s kubelet, node02 Container image "ikubernetes/myapp:v1" already present on machine
Normal Created 13s kubelet, node02 Created container
Normal Started 13s kubelet, node02 Started container
Normal Pulling 13s kubelet, node02 pulling image "busybox"
Normal Pulled 11s kubelet, node02 Successfully pulled image "busybox"
Normal Created 11s kubelet, node02 Created container
Normal Started 11s kubelet, node02 Started container
使用kubectl delete -f .yaml删除资源
使用kubectl logs POD_NAME -c CONTAINER_NAME 查看指定Pod内的指定容器的日志
使用kubectl exec -it POD_NAME-c CONTAINER_NAME -- /bin/sh ** 交互式进入指定Pod内的指定容器内部
参考资料
https://www.cnblogs.com/linuxk
马永亮. Kubernetes进阶实战 (云计算与虚拟化技术丛书)