集群环境的共享与隔离
-
k8s通过命令空间和Context的设置来对不同的工作组进行分区,使得它们既可以共享同一个k8s集群服务,也能够互不干扰
-
假设在我们的组织中有两个工作组:开发组和生产运维组。开发组在k8s集群中需要不断创建、修改、删除各Pod、RC、Service等资源对象,以便实现敏捷开发的过程。而生产运维组则需要使用严格的权限设置来确保生产系统中的Pod、RC、Service处于正常运行状态
1. 创建两个命名空间
[root@t71 namespace]# vim namespace-development.yaml
apiVersion: v1
kind: Namespace
metadata:
name: development
[root@t71 namespace]# vim namespace-production.yaml
apiVersion: v1
kind: Namespace
metadata:
name: production
[root@t71 namespace]# kubectl create -f namespace-development.yaml
namespace/development created
[root@t71 namespace]# kubectl create -f namespace-production.yaml
namespace/production created
2.定义Context(运行环境)
为两个工作组分别定义一个Context,这个运行环境将属于某个特定的命名空间
[root@t71 namespace]# kubectl config set-cluster kubernetes-cluster --server=http://192.168.4.71:8080
Cluster "kubernetes-cluster" set.
[root@t71 namespace]# kubectl config set-context ctx-dev --namespace=development --cluster=kubernetes-cluster --user=dev
Context "ctx-dev" created.
[root@t71 namespace]# kubectl config set-context ctx-pro --namespace=production --cluster=kubernetes-cluster --user=prod
Context "ctx-pro" created.
kubectl config view命令查看已定义的Context
[root@t71 namespace]# kubectl config view
apiVersion: v1
clusters:
- cluster:
server: http://192.168.4.71:8080
name: kubernetes-cluster
contexts:
- context:
cluster: kubernetes-cluster
namespace: development
user: dev
name: ctx-dev
- context:
cluster: kubernetes-cluster
namespace: production
user: prod
name: ctx-pro
current-context: ""
kind: Config
preferences: {}
users: []
kubectl config命令在$HOME/.kube目录生成了一个名为config的文件,文件内容就是kubectl config view命令查看到的内容
3. 设定工作组在特定Context环境中工作
- 3.1 使用kubectl config use-context <context_name>命令来设置当前的运行环境
[root@t71 namespace]# kubectl config use-context ctx-dev
Switched to context "ctx-dev".
[root@t71 namespace]# kubectl config view
apiVersion: v1
clusters:
- cluster:
server: http://192.168.4.71:8080
name: kubernetes-cluster
contexts:
- context:
cluster: kubernetes-cluster
namespace: development
user: dev
name: ctx-dev
- context:
cluster: kubernetes-cluster
namespace: production
user: prod
name: ctx-pro
current-context: ctx-dev
kind: Config
preferences: {}
users: []
[root@t71 namespace]#
- 3.2 在ctx-dev环境中创建pod
[root@t71 namespace]# vim centos_deploy.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: centos-deploy
spec:
replicas: 3
template:
metadata:
labels:
app: centos
spec:
containers:
- name: centos
image: centos:7.5.1804
command: ['/usr/sbin/init']
[root@t71 namespace]# kubectl create -f centos_deploy.yaml
deployment.extensions/centos-deploy created
- 3.3 查看deploy和pod
[root@t71 namespace]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos-deploy-557dd464d7-2qd5g 1/1 Running 0 4m50s
centos-deploy-557dd464d7-dgmzg 1/1 Running 0 4m50s
centos-deploy-557dd464d7-w8n8w 1/1 Running 0 4m50s
[root@t71 namespace]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
centos-deploy 3/3 3 3 4m56s
[root@t71 namespace]#
- 3.4 切换到生产运维组的运行环境
[root@t71 namespace]# kubectl config use-context ctx-pro
Switched to context "ctx-pro".
[root@t71 namespace]# kubectl get pods
No resources found.
[root@t71 namespace]# kubectl get deploy
No resources found.
[root@t71 namespace]#
- 3.5 使用同一个yaml文件在ctx-pro中创建3个pod
[root@t71 namespace]# kubectl create -f centos_deploy.yaml
deployment.extensions/centos-deploy created
[root@t71 namespace]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos-deploy-557dd464d7-8c4qx 1/1 Running 0 9s
centos-deploy-557dd464d7-bthzb 1/1 Running 0 9s
centos-deploy-557dd464d7-x7lds 1/1 Running 0 9s
[root@t71 namespace]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
centos-deploy 3/3 3 3 23s
[root@t71 namespace]#
这样,两个不同的运行环境中,有相同的Deployment和pod,但是可以创建成功,并且互不干扰,能够在同意额kubernetes集群中同时工作