发布于 

Kubernetes 架构原则和对象设计

[TOC]

Kubernetes 架构原则和对象设计

Shell

## 展示pod所有labels
k get pod --show-labels
## 为多个pod做负载均衡和服务发现(高可用,冗余部署,服务负载均衡)
kubectl expose deploy nginx --selector app=nginx --port=80 --type=NodePort
## 增加标签
k label ns default a=b
## 根据标签,找到pod
k get pod -l app=nginx

## -v 9开始日志debug模式
k get ns default -v 9
k get pods - v 9
## 增加annotations
k annotate ns default b=a
## 读取当前文件夹下的xx.yaml文件,并且指定ns
k create -f xx.yaml --namespaces xx

## 查看linux的环境变量
env

## 设置deploy级别的资源限制
kubectl set resources deployment nginx-deployment -c=nginx --limits=cpu=500m,memory=128Mi

## 查看ep
k get ep -A

## 查看crd
k get crd
## 查看crd的内容
k xxx -oyaml

Todo

  1. 优雅停止
  2. 联机删除
  3. rs更改,deploy不更改

Google Brog

Google Brog简介image-20220115100037865

Brog基本概念

image-20220115100241861

Borg架构

image-20220115100148287

应用高可用

image-20220115100721005

Brog调度原理

image-20220115101103424

Brog隔离型

image-20220115101305757

Kubernetes架构基础

什么是kubernetes(K8s)

image-20220115101458885

命令式(Imperative) vs 声明式(Declarative)

image-20220115122949398

Kubernetes:声明式系统

image-20220115123216099

Kubernetes采用于Brog类似的架构

image-20220115123826032

image-20220115124610934

kubernetes的主节点(master node)

image-20220115124706982

kubernetes的工作节点(worker node)

image-20220115124712832

etcd

image-20220115124829328

ApiServer

image-20220115131733058

image-20220115133307915

Controller Manager

image-20220115133515524

Controller Manager的工作流程

image-20220115133924122

Informer的内部机制

image-20220115134225263

控制器的协同工作原理

image-20220201170809864

常用命令

## 展示pod所有labels
k get pod --show-labels
## 为多个pod做负载均衡和服务发现(高可用,冗余部署,服务负载均衡)
kubectl expose deploy nginx --selector app=nginx --port=80 --type=NodePort
## 增加标签
k label ns default a=b

k edit deploy nginx,deploy的描述

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"nginx-deployment","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"nginx"}},"template":{"metadata":{"labels":{"app":"nginx"}},"spec":{"containers":[{"image":"nginx","name":"nginx"}]}}}}
  creationTimestamp: "2022-02-01T09:10:39Z"
  generation: 2
  name: nginx-deployment
  namespace: default
  resourceVersion: "10265191"
  uid: 0a724bbe-1b92-4f2e-96a6-48101db12849
spec:
  progressDeadlineSeconds: 600
  replicas: 3
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  strategy:
  ## 滚动更新,可以填写绝对值和百分比
    rollingUpdate:
    ## 能够出来的最多新版本比例
      maxSurge: 25%
    ## 新版本出来之后,达到了这个比例不可用,则不在继续更新新版本了  
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx 
        imagePullPolicy: Always
        name: nginx
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 3
  conditions:
  - lastTransitionTime: "2022-02-01T09:10:39Z"
    lastUpdateTime: "2022-02-01T09:10:56Z"
    message: ReplicaSet "nginx-deployment-85b98978db" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  - lastTransitionTime: "2022-02-01T09:34:49Z"
    lastUpdateTime: "2022-02-01T09:34:49Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  observedGeneration: 2
  readyReplicas: 3
  replicas: 3
  updatedReplicas: 3
## 描述滚动更新的过程:nginx-deployment-7c658794b9新的rs
Normal  ScalingReplicaSet  28s   deployment-controller  Scaled up replica set nginx-deployment-7c658794b9 to 1
 Normal  ScalingReplicaSet  24s   deployment-controller  Scaled down replica set nginx-deployment-85b98978db to 2
 Normal  ScalingReplicaSet  24s   deployment-controller  Scaled up replica set nginx-deployment-7c658794b9 to 2
 Normal  ScalingReplicaSet  20s   deployment-controller  Scaled down replica set nginx-deployment-85b98978db to 1
 Normal  ScalingReplicaSet  20s   deployment-controller  Scaled up replica set nginx-deployment-7c658794b9 to 3
 Normal  ScalingReplicaSet  16s   deployment-controller  Scaled down replica set nginx-deployment-85b98978db to 0

Scheduler(调度器)

image-20220201175838645

Kubelet

image-20220201180035422

Kube-Proxy

image-20220201183417086

Kubectl

Kubectl 命令和 kubeconfig

image-20220201183852016

// -v 9开始日志debug模式
k get ns default -v 9
k get pods - v 9

kubectl常用命令

image-20220201185512075

kubectl describe

kubectl describe 展示资源的详细信息和相关 Event。

kubectl exec

kubectl exec 提供进入运行容器的通道,可以进入容器进行 debug 操作。

kubectl logs

Kubectl logs 可查看 pod 的标准输入(stdout, stderr),与 tail 用法类似。

深入理解Kubernetes

Kubernetes生态系统

image-20220201190857833

Kubernetes设计理念

image-20220201191144384

Kubernetes Master

image-20220201191417932

Kubernetes分层架构

image-20220201191454212

image-20220201191935197

image-20220201192013548

API设计原则

image-20220201192221183

image-20220201192643068

image-20220201192726799

Kubernetes 如何通过对象的组合完成业务描述

image-20220201192803314

## 查看kubelet配置文件的路径:/var/lib/kubelet/config.yaml
## 查看k8s核心pod的yaml文件路径:/etc/kubernetes/manifests
ps -fe | grep kubelet

/usr/bin/kubelet 
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf 
--kubeconfig=/etc/kubernetes/kubelet.conf 
--config=/var/lib/kubelet/config.yaml 
--network-plugin=cni 
--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6

————————————

kube-apiserver 
--advertise-address=10.252.189.253 
--allow-privileged=true 
--authorization-mode=Node,RBAC 
--client-ca-file=/etc/kubernetes/pki/ca.crt 
--enable-admission-plugins=NodeRestriction 
--enable-bootstrap-token-auth=true 
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt 
--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt 
--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key 
--etcd-servers=https://127.0.0.1:2379 
--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt 
--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key 
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 
--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt 
--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key 
--requestheader-allowed-names=front-proxy-client 
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt 
--requestheader-extra-headers-prefix=X-Remote-Extra- 
--requestheader-group-headers=X-Remote-Group 
--requestheader-username-headers=X-Remote-User 
--secure-port=6443 
--service-account-issuer=https://kubernetes.default.svc.cluster.local 
--service-account-key-file=/etc/kubernetes/pki/sa.pub 
--service-account-signing-key-file=/etc/kubernetes/pki/sa.key 
--service-cluster-ip-range=10.96.0.0/12 
--tls-cert-file=/etc/kubernetes/pki/apiserver.crt 
--tls-private-key-file=/etc/kubernetes/pki/apiserver.key

架构设计原则

image-20220201195617345

引导(Bootstarpping)原则

image-20220201200412699

核心技术概念和API对象

image-20220201200759600

TyeMeta

image-20220201201233045

Metadata

image-20220201201432909

image-20220201202059445

Label

image-20220201202124354

Annotations

image-20220201202145713

Spec和Status

image-20220201204651206

常用 Kubernetes 对象及其分组

image-20220201204942604

核心对象概览

Node

image-20220201205223902

Namespace

image-20220201205255271

Pod

image-20220201205820108

如何通过 Pod 对象定义支撑应用运行

image-20220201205946797

存储卷

image-20220201210509935

Pod网络

image-20220201210627481

资源限制

image-20220201210713796

等同于在每个 Pod 中设置 resources limits

image-20220201210803032

健康检查

image-20220201210821748

image-20220201210832835

ConfigMap

image-20220201210855835

Secret(密钥对象)

image-20220201210916044

用户(User Account)& 服务帐户(Service Account)

image-20220201210931959

Service

image-20220201210946044

image-20220201210956165

Replica Set(副本集)

image-20220201211032170

Deployment(部署)

image-20220201211049058

StatefulSet(有状态服务集)

image-20220201211113347

Statefulset 与 Deployment 的差异

image-20220201211139434

Job(任务)

image-20220201211300289

DaemonSet(后台支撑服务集)

image-20220201211320661

存储 PV 和 PVC

image-20220201211336530

CustomResourceDefinition

image-20220201211354608

参考资料
文章链接