Kev txhais lus ntawm tsab xov xwm tau npaj rau hnub ua ntej ntawm kev pib kawm .
Yog tias koj nyeem qhov no, tej zaum koj tau hnov ib yam dab tsi txog Kubernetes (thiab yog tias tsis yog, koj tau xaus li cas ntawm no?) Tab sis qhov tseeb yog Kubernetes? Qhov no ? Los yog ? Qhov no txhais li cas?
Ua kom ncaj ncees, kuv tsis yog 100% tseeb. Tab sis kuv xav tias nws yog qhov nthuav kom khawb rau hauv lub internals thiab pom dab tsi tiag tiag tshwm sim hauv Kubernetes nyob rau hauv nws ntau txheej ntawm abstractions. Yog li tsuas yog kev lom zem, cia peb saib seb qhov tsawg kawg nkaus "Kubernetes pawg" tiag tiag zoo li. (Qhov no yuav yooj yim dua .)
Kuv xav tias koj muaj kev paub yooj yim ntawm Kubernetes, Linux, thiab ntim. Txhua yam peb tham txog ntawm no yog rau kev tshawb fawb / kev kawm nkaus xwb, tsis txhob muab tso rau hauv ntau lawm!
txheej txheem cej luam
Kubernetes muaj ntau yam khoom. Raws li , architecture zoo li no:
Muaj tsawg kawg yim yam qhia ntawm no, tab sis peb yuav tsis quav ntsej lawv feem ntau. Kuv xav hais tias qhov tsawg kawg nkaus uas tuaj yeem hu ua Kubernetes muaj peb lub ntsiab lus tseem ceeb:
- kub kub
- kube-apiserver (uas nyob ntawm lwm yam - nws cov ntaub ntawv)
- thawv runtime (Docker hauv qhov no)
Cia peb saib seb cov ntaub ntawv hais txog lawv li cas (., .). Thaum xub thawj kub kub:
Ib tus neeg sawv cev khiav ntawm txhua qhov ntawm cov pawg. Nws ua kom cov thawv ntim tau khiav hauv lub plhaub.
Suab yooj yim txaus. Yuav ua li cas txog thawv runtimes (container runtime)?
Lub thawv runtime yog ib txoj haujlwm tsim los khiav cov thawv.
Qhia paub heev. Tab sis yog tias koj paub Docker, ces koj yuav tsum muaj lub tswv yim dav dav ntawm qhov nws ua. (Cov ntsiab lus ntawm kev sib cais ntawm lub luag haujlwm ntawm lub thawv runtime thiab kubelet yog qhov hloov maj mam thiab kuv yuav tsis mus rau hauv lawv ntawm no.)
И API server?
API Server yog Kubernetes tswj vaj huam sib luag tivthaiv uas nthuav tawm Kubernetes API. API server yog tus neeg siv khoom sab ntawm Kubernetes tswj vaj huam sib luag
Txhua tus neeg uas tau ua ib yam dab tsi nrog Kubernetes yuav tsum muaj kev cuam tshuam nrog API ncaj qha lossis los ntawm kubectl. Qhov no yog lub plawv ntawm qhov ua rau Kubernetes Kubernetes - lub hlwb uas tig roob YAML peb txhua tus paub thiab hlub (?) rau hauv kev ua haujlwm hauv vaj tse. Nws zoo nkaus li pom tseeb tias API yuav tsum muaj nyob hauv peb qhov kev teeb tsa tsawg kawg nkaus.
Cov kev cai
- Linux virtual lossis lub cev lub tshuab nrog lub hauv paus nkag (Kuv tab tom siv Ubuntu 18.04 ntawm lub tshuab virtual).
- Thiab nws yog txhua yam!
Ntog installation
Peb yuav tsum nruab Docker ntawm lub tshuab peb yuav siv. (Kuv yuav tsis mus rau hauv kev nthuav dav txog yuav ua li cas Docker thiab ntim khoom ua haujlwm; yog tias koj txaus siab, muaj ). Cia li nruab nws nrog apt:
$ sudo apt install docker.io
$ sudo systemctl start docker
Tom qab ntawd, peb yuav tsum tau txais Kubernetes binaries. Qhov tseeb, rau qhov pib pib ntawm peb "cluster" peb tsuas yog xav tau kubelet, txij li los khiav lwm yam servers peb tuaj yeem siv kubelet. Txhawm rau cuam tshuam nrog peb pawg tom qab nws khiav, peb kuj yuav siv kubectl.
$ curl -L https://dl.k8s.io/v1.18.5/kubernetes-server-linux-amd64.tar.gz > server.tar.gz
$ tar xzvf server.tar.gz
$ cp kubernetes/server/bin/kubelet .
$ cp kubernetes/server/bin/kubectl .
$ ./kubelet --version
Kubernetes v1.18.5
Yuav ua li cas yog peb cia li khiav kubelet?
$ ./kubelet
F0609 04:03:29.105194 4583 server.go:254] mkdir /var/lib/kubelet: permission denied
kubelet yuav tsum khiav raws li hauv paus. Qhov laj thawj heev, vim nws xav tau los tswj tag nrho cov node. Cia peb saib nws cov parameter:
$ ./kubelet -h
<слишком много строк, чтобы разместить здесь>
$ ./kubelet -h | wc -l
284Wow, muaj ntau txoj kev xaiv! Luckily, peb tsuas xav tau ob peb ntawm lawv. Nov yog ib qho ntawm cov kev txwv uas peb txaus siab rau:
--pod-manifest-path stringTxoj kev mus rau cov npe uas muaj cov ntaub ntawv rau cov pods zoo li qub, lossis txoj hauv kev mus rau cov ntaub ntawv piav qhia cov pods zoo li qub. Cov ntaub ntawv pib nrog dots yog ignored. (DEPRECATED: Qhov kev xaiv no yuav tsum tau teeb tsa hauv cov ntaub ntawv teeb tsa dhau mus rau Kubelet ntawm qhov kev xaiv --config. Yog xav paub ntxiv, saib .)
Qhov kev xaiv no tso cai rau peb khiav - pods uas tsis raug tswj los ntawm Kubernetes API. Static pods tsis tshua siv, tab sis lawv yooj yim heev rau kev loj hlob sai, thiab qhov no yog qhov peb xav tau. Peb yuav tsis quav ntsej qhov lus ceeb toom loj no (dua, tsis txhob khiav qhov no hauv kev tsim khoom!) thiab saib seb peb puas tuaj yeem tau txais lub pod khiav.
Ua ntej peb yuav tsim ib daim ntawv teev npe rau static pods thiab khiav kubelet:
$ mkdir pods
$ sudo ./kubelet --pod-manifest-path=podsTom qab ntawd, nyob rau hauv lwm lub davhlau ya nyob twg / tmux qhov rais / txawm li cas los xij, peb yuav tsim ib lub pod manifest:
$ cat <<EOF > pods/hello.yaml
apiVersion: v1
kind: Pod
metadata:
name: hello
spec:
containers:
- image: busybox
name: hello
command: ["echo", "hello world!"]
EOF
kubelet pib sau qee cov lus ceeb toom thiab zoo li tsis muaj dab tsi tshwm sim. Tab sis qhov ntawd tsis muaj tseeb! Cia peb saib ntawm Docker:
$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c8a35e26663 busybox "echo 'hello world!'" 36 seconds ago Exited (0) 36 seconds ago k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
68f670c3c85f k8s.gcr.io/pause:3.2 "/pause" 2 minutes ago Up 2 minutes k8s_POD_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_0
$ sudo docker logs k8s_hello_hello-mink8s_default_ab61ef0307c6e0dee2ab05dc1ff94812_4
hello world!
kubelet Kuv nyeem cov pod manifest thiab muab Docker cov lus txib kom tso ob peb lub thawv raws li peb cov lus qhia tshwj xeeb. (Yog tias koj xav paub txog lub thawv "pause", nws yog Kubernetes hack - saib .) Kubelet yuav tso peb lub thawv busybox nrog rau cov lus txib uas tau teev tseg thiab yuav rov pib dua nws tsis tu ncua kom txog rau thaum lub pod static deleted.
Nrog koj zoo siab. Peb nyuam qhuav tuaj nrog ib txoj hauv kev tsis meej pem tshaj plaws los tso cov ntawv nyeem rau lub davhlau ya nyob twg!
Launch thiab lwm yam
Peb lub hom phiaj kawg yog khiav Kubernetes API, tab sis ua kom peb ua ntej yuav tsum tau khiav . Cia peb pib ib qho me me thiab lwm yam pawg los ntawm kev tso nws cov chaw nyob rau hauv cov pods directory (piv txwv li, pods/etcd.yaml):
apiVersion: v1
kind: Pod
metadata:
name: etcd
namespace: kube-system
spec:
containers:
- name: etcd
command:
- etcd
- --data-dir=/var/lib/etcd
image: k8s.gcr.io/etcd:3.4.3-0
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
hostNetwork: true
volumes:
- hostPath:
path: /var/lib/etcd
type: DirectoryOrCreate
name: etcd-dataYog tias koj tau ua haujlwm nrog Kubernetes, cov ntaub ntawv YAML no yuav tsum paub txog koj. Tsuas muaj ob lub ntsiab lus tseem ceeb ntawm no:
Peb tau mounted lub host folder /var/lib/etcd nyob rau hauv lub plhaub taum kom cov ntaub ntawv etcd khaws cia tom qab rov pib dua (yog tias qhov no tsis ua tiav, pawg pawg yuav raug tshem tawm txhua zaus lub pod rov pib dua, uas yuav tsis zoo rau txawm tias qhov tsawg kawg Kubernetes installation).
Peb tau nruab hostNetwork: true. Qhov teeb tsa no, unsurprisingly, configures etcd siv tus tswv network es tsis txhob ntawm lub pod's sab hauv network (qhov no yuav ua rau nws yooj yim dua rau API server mus nrhiav lwm yam pawg).
Ib daim tshev yooj yim qhia tau hais tias etcd yog qhov tseeb khiav ntawm localhost thiab txuag cov ntaub ntawv rau disk:
$ curl localhost:2379/version
{"etcdserver":"3.4.3","etcdcluster":"3.4.0"}
$ sudo tree /var/lib/etcd/
/var/lib/etcd/
└── member
├── snap
│ └── db
└── wal
├── 0.tmp
└── 0000000000000000-0000000000000000.walPib lub API server
Khiav Kubernetes API server yog qhov yooj yim dua. Qhov tsuas parameter uas yuav tsum tau dhau yog --etcd-servers, ua qhov koj xav tau:
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
containers:
- name: kube-apiserver
command:
- kube-apiserver
- --etcd-servers=http://127.0.0.1:2379
image: k8s.gcr.io/kube-apiserver:v1.18.5
hostNetwork: true
Muab cov ntaub ntawv YAML no tso rau hauv phau ntawv teev npe pods, thiab API server yuav pib. Kev kuaj nrog curl qhia tau hais tias Kubernetes API tau mloog ntawm qhov chaw nres nkoj 8080 nrog qhib kev nkag mus - tsis muaj kev lees paub yuav tsum tau ua!
$ curl localhost:8080/healthz
ok
$ curl localhost:8080/api/v1/pods
{
"kind": "PodList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/pods",
"resourceVersion": "59"
},
"items": []
}(Ib zaug ntxiv, tsis txhob khiav qhov no hauv kev tsim khoom! Kuv xav tsis thoob me ntsis tias qhov kev teeb tsa tsis raug zoo li ntawd. Tab sis kuv xav tias qhov no yog ua kom txhim kho thiab sim yooj yim dua.)
Thiab, qab ntxiag surprise, kubectl ua haujlwm tawm ntawm lub thawv yam tsis muaj kev teeb tsa ntxiv!
$ ./kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:39:24Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
$ ./kubectl get pod
No resources found in default namespace.teeb meem
Tab sis yog tias koj khawb me ntsis tob, ib yam dab tsi zoo li yuav mus tsis ncaj ncees lawm:
$ ./kubectl get pod -n kube-system
No resources found in kube-system namespace.Cov pods zoo li qub uas peb tsim tau ploj mus! Qhov tseeb, peb cov kubelet node tsis pom txhua:
$ ./kubectl get nodes
No resources found in default namespace.Dab tsi yog qhov teeb meem? Yog tias koj nco qab ob peb nqe lus dhau los, peb tau pib kubelet nrog cov txheej txheem yooj yim heev ntawm cov kab hais kom ua, yog li kubelet tsis paub yuav tiv tauj API server li cas thiab ceeb toom nws ntawm nws lub xeev. Tom qab kawm cov ntaub ntawv, peb pom tus chij coj:
--kubeconfig string
Txoj kev mus rau cov ntaub ntawv kubeconfig, uas qhia txog yuav ua li cas txuas mus rau API server. Muaj --kubeconfig enables API server hom, tsis muaj --kubeconfig enables hom offline.
Tag nrho lub sij hawm no, tsis paub nws, peb tau khiav lub kubelet nyob rau hauv "offline hom." (Yog tias peb tau ua tus pedantic, peb tuaj yeem xav txog lub kub kub ib leeg ua "qhov tsawg kawg nkaus Kubernetes", tab sis qhov ntawd yuav ua rau tho txawv heev). Txhawm rau ua qhov "tiag" configuration ua haujlwm, peb yuav tsum dhau cov ntaub ntawv kubeconfig rau kubelet kom nws paub yuav ua li cas tham nrog API server. Luckily nws yog qhov yooj yim heev (vim peb tsis muaj teeb meem kev lees paub lossis daim ntawv pov thawj):
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://127.0.0.1:8080
name: mink8s
contexts:
- context:
cluster: mink8s
name: mink8s
current-context: mink8s
Txuag no li kubeconfig.yaml, tua cov txheej txheem kubelet thiab rov pib dua nrog cov tsis tsim nyog:
$ sudo ./kubelet --pod-manifest-path=pods --kubeconfig=kubeconfig.yaml(Los ntawm txoj kev, yog tias koj sim nkag mus rau API ntawm curl thaum kubelet tsis khiav, koj yuav pom tias nws tseem khiav! Kubelet tsis yog "niam txiv" ntawm nws cov pods zoo li Docker, nws zoo li "tswj daemon.” Cov thawv uas tswj los ntawm kubelet yuav khiav mus ntxiv kom txog thaum kubelet nres lawv.)
Hauv ob peb feeb kubectl yuav tsum qhia peb cov pods thiab nodes raws li peb xav tau:
$ ./kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default hello-mink8s 0/1 CrashLoopBackOff 261 21h
kube-system etcd-mink8s 1/1 Running 0 21h
kube-system kube-apiserver-mink8s 1/1 Running 0 21h
$ ./kubectl get nodes -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
mink8s Ready <none> 21h v1.18.5 10.70.10.228 <none> Ubuntu 18.04.4 LTS 4.15.0-109-generic docker://19.3.6Cia peb zoo siab rau peb tus kheej lub sijhawm no (Kuv paub tias kuv twb tau ua kev zoo siab rau peb tus kheej) - peb muaj Kubernetes "cluster" tsawg kawg khiav nrog API ua haujlwm tau zoo!
Peb tso hauv qab
Tam sim no cia saib dab tsi API muaj peev xwm. Cia peb pib nrog nginx pod:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: nginx
name: nginxNtawm no peb tau txais qhov yuam kev zoo nkauj:
$ ./kubectl apply -f nginx.yaml
Error from server (Forbidden): error when creating "nginx.yaml": pods "nginx" is
forbidden: error looking up service account default/default: serviceaccount
"default" not found
$ ./kubectl get serviceaccounts
No resources found in default namespace.Ntawm no peb pom yuav ua li cas woefully tsis tiav peb Kubernetes ib puag ncig yog - peb tsis muaj nyiaj rau cov kev pabcuam. Cia peb sim dua los ntawm kev tsim ib tus as-qhauj kev pabcuam thiab saib yuav ua li cas:
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
EOS
serviceaccount/default created
$ ./kubectl apply -f nginx.yaml
Error from server (ServerTimeout): error when creating "nginx.yaml": No API
token found for service account "default", retry after the token is
automatically created and added to the service accountTxawm tias thaum peb tsim cov kev pabcuam tus account manually, lub authentication token tsis tsim. Raws li peb txuas ntxiv mus sim nrog peb cov minimalistic "cluster", peb yuav pom tias feem ntau ntawm cov khoom muaj txiaj ntsig uas feem ntau tshwm sim yuav ploj mus. Kubernetes API server yog qhov tsawg heev, nrog rau feem ntau ntawm kev nqa hnyav thiab kev teeb tsa tsis siv neeg tshwm sim hauv ntau tus tswj hwm thiab cov haujlwm tom qab uas tseem tsis tau ua haujlwm.
Peb tuaj yeem ua haujlwm ntawm qhov teeb meem no los ntawm kev teeb tsa kev xaiv automountServiceAccountToken rau tus account kev pabcuam (vim peb yuav tsis tas siv nws lawm):
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
automountServiceAccountToken: false
EOS
serviceaccount/default configured
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 0/1 Pending 0 13mThaum kawg, lub plhaub tau tshwm sim! Tab sis qhov tseeb nws yuav tsis pib vim peb tsis muaj (scheduler) yog lwm qhov tseem ceeb ntawm Kubernetes. Ntxiv dua thiab, peb pom tias Kubernetes API yog qhov xav tsis thoob tias " ruam" - thaum koj tsim Pod hauv API, nws sau npe rau nws, tab sis tsis sim txiav txim siab seb qhov twg los khiav nws.
Qhov tseeb, koj tsis xav tau tus teem sijhawm los khiav lub pod. Koj muaj peev xwm manually ntxiv ib lub rau lub manifest nyob rau hauv lub parameter nodeName:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: nginx
name: nginx
nodeName: mink8s
(Hloov mink8s mus rau lub npe ntawm node.) Tom qab rho tawm thiab thov, peb pom tias nginx tau pib thiab mloog rau qhov chaw nyob IP sab hauv:
$ ./kubectl delete pod nginx
pod "nginx" deleted
$ ./kubectl apply -f nginx.yaml
pod/nginx created
$ ./kubectl get pods -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 30s 172.17.0.2 mink8s <none> <none>
$ curl -s 172.17.0.2 | head -4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>Txhawm rau kom paub tseeb tias lub network ntawm cov pods ua haujlwm raug, peb tuaj yeem khiav curl los ntawm lwm lub pods:
$ cat <<EOS | ./kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: curl
spec:
containers:
- image: curlimages/curl
name: curl
command: ["curl", "172.17.0.2"]
nodeName: mink8s
EOS
pod/curl created
$ ./kubectl logs curl | head -6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>Nws yog qhov nthuav heev kom khawb rau hauv ib puag ncig no thiab pom dab tsi ua haujlwm thiab qhov tsis zoo. Kuv pom tias ConfigMap thiab zais cia ua haujlwm raws li qhov xav tau, tab sis Kev Pabcuam thiab Kev xa tawm tsis ua.
Kev vam meej!
Cov ncej no tau ntev, yog li kuv yuav tshaj tawm txoj kev yeej thiab hais tias qhov no yog qhov tsim nyog tau txais txiaj ntsig uas tuaj yeem hu ua "Kubernetes". Los xaus: plaub binaries, tsib kab lus hais tsis tau thiab "tsuas yog" 45 kab ntawm YAML (tsis yog. ntau npaum li cov qauv Kubernetes) thiab peb muaj ob peb yam ua haujlwm:
- Pods raug tswj xyuas siv Kubernetes API li niaj zaus (nrog ob peb hacks)
- Koj tuaj yeem upload thiab tswj cov duab ntim rau pej xeem
- Pods tseem ciaj sia thiab rov pib dua
- Kev sib koom tes ntawm cov pods hauv tib lub node ua haujlwm zoo heev
- ConfigMap, zais cia thiab yooj yim khaws cia ua haujlwm raws li xav tau
Tab sis ntau yam ua rau Kubernetes muaj txiaj ntsig tiag tiag tseem ploj, xws li:
- Pod Scheduler
- Kev lees paub / kev tso cai
- Ntau cov nodes
- Network ntawm kev pabcuam
- Clustered internal DNS
- Cov tswj hwm rau cov nyiaj pabcuam, kev xa tawm, kev koom ua ke nrog cov chaw muab huab thiab feem ntau ntawm lwm yam khoom zoo uas Kubernetes nqa.
Yog li peb tau txais dab tsi tiag? Kubernetes API, khiav ntawm nws tus kheej, tsuas yog lub platform rau thawv automation. Nws tsis ua ntau ntau - nws yog ib txoj haujlwm rau ntau tus tswj hwm thiab cov neeg ua haujlwm siv API - tab sis nws muab qhov chaw zoo sib xws rau automation.
Nyeem ntxiv:
Tau qhov twg los: www.hab.com