本文最后更新于38 天前,其中的信息可能已经过时,如有错误请发送邮件到big_fw@foxmail.com
一、容器的类型
- 基础架构容器
- 优先于业务容器启动,负责名称空间的初始化工作。
- 共享 ipc、net、time、user 四个名称空间。
- 初始化容器
- 在基础架构容器之后、业务容器之前运行。
- 用于为业务容器做初始化工作,所有初始化容器执行完毕后才会启动业务容器。
- 业务容器
- 实际用户运行的容器,与业务直接相关。
Tips:
- 删除业务容器时,Pod 的 IP 地址不变。
- 删除基础架构容器时,IP 地址会变动。
- 启动顺序:基础架构容器 > 初始化容器 > 业务容器。
二、Pod 故障排查思路
- kubectl describe
- 用于查看 Pod 的详细信息,包括事件日志。
kubectl describe pod <pod-name> - kubectl logs
- 查看容器日志。
kubectl logs <pod-name> -c <container-name> - kubectl exec
- 在容器中执行命令或进入容器交互。
kubectl exec -it <pod-name> -c <container-name> -- <command> - kubectl cp
- 拷贝文件到容器或从容器中拷贝文件。
kubectl cp <pod-name>:/path/to/file /local/path - kubectl explain
- 查看 Kubernetes 资源字段的含义。
kubectl explain Pod.spec.containers.command - command & args
- 替换容器的默认启动命令或参数。
三、Pod 的重启策略
- Always:无论容器是否正常退出,始终重启。
- Never:无论容器是否正常退出,始终不重启。
- OnFailure:仅在容器异常退出时重启。
四、常见控制器
- rc:ReplicationController
- rs:ReplicaSet
- deploy:Deployment
- ds:DaemonSet
- jobs:Job
- cj:CronJob
五、部署案例
1. GitLab
- 镜像:
gitlab/gitlab-ce:17.5.2-ce.0 - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-casedemo-gitlab
labels:
apps: gitlab
spec:
hostNetwork: true
restartPolicy: Always
nodeName: worker233
containers:
- name: c1
image: gitlab/gitlab-ce:17.5.2-ce.0
ports:
- containerPort: 80- 访问:
http://<Node-IP>/ - 初始密码:
kubectl exec <pod-name> -- cat /etc/gitlab/initial_root_password
2. Jenkins
- 镜像:
jenkins/jenkins:2.479.1-alpine-jdk21 - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-casedemo-jenkins
labels:
apps: jenkins
spec:
hostNetwork: true
restartPolicy: Always
nodeName: worker233
containers:
- name: c1
image: jenkins/jenkins:2.479.1-alpine-jdk21
ports:
- containerPort: 8080- 访问:
http://<Node-IP>:8080/ - 初始密码:
kubectl logs -f <pod-name>
3. SonarQube
- 镜像:
sonarqube:9.9.7-community - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-casedemo-sonarqube
labels:
apps: sonarqube
spec:
hostNetwork: true
restartPolicy: Always
nodeName: worker233
containers:
- name: c1
image: sonarqube:9.9.7-community
ports:
- containerPort: 9000- 访问:
http://<Node-IP>:9000/ - 默认用户名:
admin,密码:admin
4. MySQL
- 镜像:
mysql:8.0.36-oracle - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-casedemo-mysql-env
labels:
apps: mysql
spec:
hostNetwork: true
restartPolicy: Always
nodeName: worker233
containers:
- name: c1
image: mysql:8.0.36-oracle
args:
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
ports:
- containerPort: 3306
env:
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MYSQL_DATABASE
value: oldboyedu
- name: MYSQL_USER
value: linux95
- name: MYSQL_PASSWORD
value: "123456"- 访问:
kubectl exec -it <pod-name> -- mysql
5. WordPress
- 镜像:
wordpress:6.7.1-php8.1-apache - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-casedemo-wp
labels:
apps: mysql
spec:
hostNetwork: true
restartPolicy: Always
nodeName: worker232
containers:
- name: c1
image: wordpress:6.7.1-php8.1-apache
ports:
- containerPort: 80
env:
- name: WORDPRESS_DB_HOST
value: <MySQL-Node-IP>
- name: WORDPRESS_DB_NAME
value: oldboyedu
- name: WORDPRESS_DB_USER
value: linux95
- name: WORDPRESS_DB_PASSWORD
value: "123456"- 访问:
http://<Node-IP>/
6. Elasticsearch
- 镜像:
docker.elastic.co/elasticsearch/elasticsearch:7.17.24 - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-single-es
labels:
apps: es7
spec:
hostNetwork: true
nodeName: worker232
containers:
- name: c1
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.24
ports:
- containerPort: 9200
name: http
- containerPort: 9300
name: tcp
env:
- name: discovery.type
value: single-node
- name: cluster.name
value: oldboyedu-linux95
- name: ES_JAVA_OPTS
value: -Xms256m -Xmx256m- 访问:
http://<Node-IP>:9200/
7. Kibana
- 镜像:
docker.elastic.co/kibana/kibana:7.17.24 - 资源清单:
yaml复制
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-kibana
labels:
apps: kibana
spec:
hostNetwork: true
nodeName: worker233
containers:
- name: c1
image: docker.elastic.co/kibana/kibana:7.17.24
ports:
- containerPort: 5601
name: webui
env:
- name: ELASTICSEARCH_HOSTS
value: http://<Elasticsearch-Node-IP>:9200
- name: I18N_LOCALE
value: zh-CN- 访问:
http://<Node-IP>:5601/
常见控制器
rc(ReplicationController)
- 概述:控制指定 Pod 副本数量始终存活。
- 实战案例yaml复制
apiVersion: v1 kind: ReplicationController metadata: name: oldboyedu-rc labels: school: oldboyedu spec: replicas: 3 selector: apps: xiuxian address: shahe template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 - 操作
- 创建资源:
kubectl apply -f 01-rc-xiuxian.yaml - 删除 Pod 观察副本自动拉起
- 删除 rc 资源会级联删除其创建的 Pod
- 创建资源:
rs(ReplicaSet)
- 概述:与 rc 功能类似,但更轻量级,功能更完善。
- 实战案例yaml复制
apiVersion: apps/v1 kind: ReplicaSet metadata: name: rs-xiuxian labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 - 操作
- 创建资源:
kubectl apply -f 01-rs-matchLabels-xiuxian.yaml - 测试 rs 的高级功能(如 matchExpressions)
- 创建资源:
deploy(Deployment)
- 概述:基于 rs 实现 Pod 副本控制,支持声明式更新。
- 实战案例yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 - 操作
- 创建资源:
kubectl apply -f 01-deploy-matchLabels-xiuxian.yaml - 删除 rs 或 Pod 观察自动重建
- 创建资源:
ds(DaemonSet)
- 概述:每个 worker 节点有且仅有一个 Pod 运行。
- 实战案例yaml复制
apiVersion: apps/v1 kind: DaemonSet metadata: name: ds-xiuxian labels: school: oldboyedu spec: selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 - 操作
- 创建资源:
kubectl apply -f 01-ds-xiuxian.yaml
- 创建资源:
jobs
- 概述:用于实现一次性任务。
- 实战案例yaml复制
apiVersion: batch/v1 kind: Job metadata: name: jobs-xiuxian labels: school: oldboyedu spec: template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: restartPolicy: OnFailure containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 command: - sleep - "5" - 操作
- 创建资源:
kubectl apply -f 01-jobs-xiuxian.yaml
- 创建资源:
cj(CronJob)
- 概述:基于 jobs 实现周期性任务。
- 实战案例yaml复制
apiVersion: batch/v1 kind: CronJob metadata: name: cj-xiuxian labels: school: oldboyedu spec: schedule: "* * * * *" jobTemplate: spec: template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: restartPolicy: Never containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 command: - /bin/sh - -c - date -R; echo "学IT来老男孩,月薪过万不是梦~" - 操作
- 创建资源:
kubectl apply -f 01-cj-xiuxian.yaml
- 创建资源:
玩转 Pod 调度
nodeName
- 实战案例yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-nodename labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: nodeName: worker233 containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
hostPort
- 实战案例yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-ports labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 ports: - containerPort: 80 hostPort: 81
hostNetwork
- 实战案例yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-hostnetwork labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: hostNetwork: true containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 ports: - containerPort: 80
resources(资源限制)
- requests(期望资源)yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-resources labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: jasonyin2020/oldboyedu-linux-tools:v0.1 stdin: true resources: requests: cpu: 0.5 memory: 10G - limits(资源上限)yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-resources-limits labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: containers: - name: c1 image: jasonyin2020/oldboyedu-linux-tools:v0.1 stdin: true resources: limits: cpu: 0.5 memory: 2G requests: cpu: 200m memory: 1G
nodeSelector(基于节点标签调度)
- 实战案例yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-nodeselector labels: school: oldboyedu spec: replicas: 5 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: nodeSelector: school: laonanhai containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
taints(污点)与 tolerations(容忍)
- taints
- 格式:
key[=value]:effect - effect 类型:
- NoSchedule:不接受新 Pod,但不驱逐现有 Pod。
- PreferNoSchedule:尽量避免调度到该节点。
- NoExecute:不接受新 Pod,并驱逐现有 Pod。
- 操作
- 查看污点:
kubectl describe nodes <node-name> | grep Taints - 打污点:
kubectl taint node <node-name> key=value:effect - 删除污点:
kubectl taint node <node-name> key- - 修改污点:
kubectl taint node <node-name> key=value:effect --overwrite
- 查看污点:
- 格式:
- tolerations
- Pod 需要容忍节点的污点才能调度。
- 示例:yaml复制
apiVersion: apps/v1 kind: Deployment metadata: name: deploy-xiuxian-tolerations labels: school: oldboyedu spec: replicas: 10 selector: matchLabels: apps: xiuxian template: metadata: labels: apps: xiuxian address: shahe class: linux95 spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: Equal - key: school value: laonanhai effect: NoExecute operator: Equal containers: - name: c1 image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 resources: requests: cpu: 0.2 memory: 500Mi
cordon/uncordon(标记不可调度/取消不可调度)
- cordon
- 标记节点不可调度,同时打污点。
- 示例:
kubectl cordon <node-name>
- uncordon
- 取消不可调度。
- 示例:
kubectl uncordon <node-name>
drain(驱逐 Pod)
- 功能:驱逐节点上的 Pod,便于维护。
- 操作:
kubectl drain <node-name> --ignore-daemonsets
项目案例
K8S 集群缩容
- 驱逐 Pod:
kubectl drain <node-name> --ignore-daemonsets - 停止 kubelet:
systemctl disable --now kubelet - 重置环境:
kubeadm reset -f - 删除节点:
kubectl delete nodes <node-name>
K8S 集群扩容
- 创建 token:
kubeadm token create <token-name> --ttl 0 --print-join-command - 环境准备:禁用 swap,安装软件包等。
- 启动 kubelet:
systemctl enable kubelet.service - 加入集群:在 worker 节点执行
kubeadm join命令。 - 验证节点加入:
kubectl get nodes