> 文档中心 > 【云原生实战】Kubernetes核心实战

【云原生实战】Kubernetes核心实战

 

🔎这里是【云原生实战】,关注我学习云原生不迷路
👍如果对你有帮助,给博主一个免费的点赞以示鼓励
欢迎各位🔎点赞👍评论收藏⭐️ 

👀专栏介绍

【云原生实战】 目前主要更新Kubernetes,一起学习一起进步。

👀本期介绍

主要介绍Kubernetes核心实战

文章目录

资源创建方式

Namespace

Pod

Deployment

Service

Ingress

存储抽象

资源创建方式

  • 命令行
  • YAML

Namespace

名称空间用来隔离资源

kubectl create ns hellokubectl delete ns hello
apiVersion: v1kind: Namespacemetadata:  name: hello

Pod

运行中的一组容器,Pod是kubernetes中应用的最小单位.

kubectl run mynginx --image=nginx# 查看default名称空间的Podkubectl get pod # 描述kubectl describe pod 你自己的Pod名字# 删除kubectl delete pod Pod名字# 查看Pod的运行日志kubectl logs Pod名字# 每个Pod - k8s都会分配一个ipkubectl get pod -owide# 使用Pod的ip+pod里面运行容器的端口curl 192.168.169.136# 集群中的任意一个机器以及任意的应用都能通过Pod分配的ip来访问这个Pod
apiVersion: v1kind: Podmetadata:  labels:    run: mynginx  name: mynginx#  namespace: defaultspec:  containers:  - image: nginx    name: mynginx
apiVersion: v1kind: Podmetadata:  labels:    run: myapp  name: myappspec:  containers:  - image: nginx    name: nginx  - image: tomcat:8.5.68    name: tomcat

此时的应用还不能外部访问 

Deployment

控制Pod,使Pod拥有多副本,自愈,扩缩容等能力

# 清除所有Pod,比较下面两个命令有何不同效果?kubectl run mynginx --image=nginxkubectl create deployment mytomcat --image=tomcat:8.5.68# 自愈能力

1、多副本

kubectl create deployment my-dep --image=nginx --replicas=3
apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: my-dep  name: my-depspec:  replicas: 3  selector:    matchLabels:      app: my-dep  template:    metadata:      labels: app: my-dep    spec:      containers:      - image: nginx name: nginx

2、扩缩容

kubectl scale --replicas=5 deployment/my-dep
kubectl edit deployment my-dep#修改 replicas

3、自愈&故障转移

  • 停机
  • 删除Pod
  • 容器崩溃

4、滚动更新

kubectl set image deployment/my-dep nginx=nginx:1.16.1 --recordkubectl rollout status deployment/my-dep
# 修改 kubectl edit deployment/my-dep

5、版本回退

#历史记录kubectl rollout history deployment/my-dep#查看某个历史详情kubectl rollout history deployment/my-dep --revision=2#回滚(回到上次)kubectl rollout undo deployment/my-dep#回滚(回到指定版本)kubectl rollout undo deployment/my-dep --to-revision=2

更多:

除了Deployment,k8s还有 StatefulSetDaemonSetJob 等 类型资源。我们都称为 工作负载

有状态应用使用 StatefulSet 部署,无状态应用使用 Deployment 部署

工作负载资源 | Kubernetes

Service

将一组 Pods 公开为网络服务的抽象方法。

#暴露Deploykubectl expose deployment my-dep --port=8000 --target-port=80#使用标签检索Podkubectl get pod -l app=my-dep
apiVersion: v1kind: Servicemetadata:  labels:    app: my-dep  name: my-depspec:  selector:    app: my-dep  ports:  - port: 8000    protocol: TCP    targetPort: 80

1、ClusterIP

# 等同于没有--type的kubectl expose deployment my-dep --port=8000 --target-port=80 --type=ClusterIP
apiVersion: v1kind: Servicemetadata:  labels:    app: my-dep  name: my-depspec:  ports:  - port: 8000    protocol: TCP    targetPort: 80  selector:    app: my-dep  type: ClusterIP

2、NodePort

kubectl expose deployment my-dep --port=8000 --target-port=80 --type=NodePort
apiVersion: v1kind: Servicemetadata:  labels:    app: my-dep  name: my-depspec:  ports:  - port: 8000    protocol: TCP    targetPort: 80  selector:    app: my-dep  type: NodePort

NodePort范围在 30000-32767 之间

Ingress

1、安装

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml#修改镜像vi deploy.yaml#将image的值改为如下值:registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0# 检查安装的结果kubectl get pod,svc -n ingress-nginx# 最后别忘记把svc暴露的端口要放行

如果下载不到,用以下文件

apiVersion: v1kind: Namespacemetadata:  name: ingress-nginx  labels:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx---# Source: ingress-nginx/templates/controller-serviceaccount.yamlapiVersion: v1kind: ServiceAccountmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx  namespace: ingress-nginxautomountServiceAccountToken: true---# Source: ingress-nginx/templates/controller-configmap.yamlapiVersion: v1kind: ConfigMapmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx-controller  namespace: ingress-nginxdata:---# Source: ingress-nginx/templates/clusterrole.yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm  name: ingress-nginxrules:  - apiGroups:      - ''    resources:      - configmaps      - endpoints      - nodes      - pods      - secrets    verbs:      - list      - watch  - apiGroups:      - ''    resources:      - nodes    verbs:      - get  - apiGroups:      - ''    resources:      - services    verbs:      - get      - list      - watch  - apiGroups:      - extensions      - networking.k8s.io   # k8s 1.14+    resources:      - ingresses    verbs:      - get      - list      - watch  - apiGroups:      - ''    resources:      - events    verbs:      - create      - patch  - apiGroups:      - extensions      - networking.k8s.io   # k8s 1.14+    resources:      - ingresses/status    verbs:      - update  - apiGroups:      - networking.k8s.io   # k8s 1.14+    resources:      - ingressclasses    verbs:      - get      - list      - watch---# Source: ingress-nginx/templates/clusterrolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm  name: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: ingress-nginxsubjects:  - kind: ServiceAccount    name: ingress-nginx    namespace: ingress-nginx---# Source: ingress-nginx/templates/controller-role.yamlapiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx  namespace: ingress-nginxrules:  - apiGroups:      - ''    resources:      - namespaces    verbs:      - get  - apiGroups:      - ''    resources:      - configmaps      - pods      - secrets      - endpoints    verbs:      - get      - list      - watch  - apiGroups:      - ''    resources:      - services    verbs:      - get      - list      - watch  - apiGroups:      - extensions      - networking.k8s.io   # k8s 1.14+    resources:      - ingresses    verbs:      - get      - list      - watch  - apiGroups:      - extensions      - networking.k8s.io   # k8s 1.14+    resources:      - ingresses/status    verbs:      - update  - apiGroups:      - networking.k8s.io   # k8s 1.14+    resources:      - ingressclasses    verbs:      - get      - list      - watch  - apiGroups:      - ''    resources:      - configmaps    resourceNames:      - ingress-controller-leader-nginx    verbs:      - get      - update  - apiGroups:      - ''    resources:      - configmaps    verbs:      - create  - apiGroups:      - ''    resources:      - events    verbs:      - create      - patch---# Source: ingress-nginx/templates/controller-rolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx  namespace: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: ingress-nginxsubjects:  - kind: ServiceAccount    name: ingress-nginx    namespace: ingress-nginx---# Source: ingress-nginx/templates/controller-service-webhook.yamlapiVersion: v1kind: Servicemetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx-controller-admission  namespace: ingress-nginxspec:  type: ClusterIP  ports:    - name: https-webhook      port: 443      targetPort: webhook  selector:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/component: controller---# Source: ingress-nginx/templates/controller-service.yamlapiVersion: v1kind: Servicemetadata:  annotations:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx-controller  namespace: ingress-nginxspec:  type: NodePort  ports:    - name: http      port: 80      protocol: TCP      targetPort: http    - name: https      port: 443      protocol: TCP      targetPort: https  selector:    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/component: controller---# Source: ingress-nginx/templates/controller-deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: controller  name: ingress-nginx-controller  namespace: ingress-nginxspec:  selector:    matchLabels:      app.kubernetes.io/name: ingress-nginx      app.kubernetes.io/instance: ingress-nginx      app.kubernetes.io/component: controller  revisionHistoryLimit: 10  minReadySeconds: 0  template:    metadata:      labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller    spec:      dnsPolicy: ClusterFirst      containers: - name: controller   image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/ingress-nginx-controller:v0.46.0   imagePullPolicy: IfNotPresent   lifecycle:     preStop:exec:  command:    - /wait-shutdown   args:     - /nginx-ingress-controller     - --election-id=ingress-controller-leader     - --ingress-class=nginx     - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller     - --validating-webhook=:8443     - --validating-webhook-certificate=/usr/local/certificates/cert     - --validating-webhook-key=/usr/local/certificates/key   securityContext:     capabilities:drop:  - ALLadd:  - NET_BIND_SERVICE     runAsUser: 101     allowPrivilegeEscalation: true   env:     - name: POD_NAMEvalueFrom:  fieldRef:    fieldPath: metadata.name     - name: POD_NAMESPACEvalueFrom:  fieldRef:    fieldPath: metadata.namespace     - name: LD_PRELOADvalue: /usr/local/lib/libmimalloc.so   livenessProbe:     failureThreshold: 5     httpGet:path: /healthzport: 10254scheme: HTTP     initialDelaySeconds: 10     periodSeconds: 10     successThreshold: 1     timeoutSeconds: 1   readinessProbe:     failureThreshold: 3     httpGet:path: /healthzport: 10254scheme: HTTP     initialDelaySeconds: 10     periodSeconds: 10     successThreshold: 1     timeoutSeconds: 1   ports:     - name: httpcontainerPort: 80protocol: TCP     - name: httpscontainerPort: 443protocol: TCP     - name: webhookcontainerPort: 8443protocol: TCP   volumeMounts:     - name: webhook-certmountPath: /usr/local/certificates/readOnly: true   resources:     requests:cpu: 100mmemory: 90Mi      nodeSelector: kubernetes.io/os: linux      serviceAccountName: ingress-nginx      terminationGracePeriodSeconds: 300      volumes: - name: webhook-cert   secret:     secretName: ingress-nginx-admission---# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml# before changing this value, check the required kubernetes version# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisitesapiVersion: admissionregistration.k8s.io/v1kind: ValidatingWebhookConfigurationmetadata:  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  name: ingress-nginx-admissionwebhooks:  - name: validate.nginx.ingress.kubernetes.io    matchPolicy: Equivalent    rules:      - apiGroups:   - networking.k8s.io apiVersions:   - v1beta1 operations:   - CREATE   - UPDATE resources:   - ingresses    failurePolicy: Fail    sideEffects: None    admissionReviewVersions:      - v1      - v1beta1    clientConfig:      service: namespace: ingress-nginx name: ingress-nginx-controller-admission path: /networking/v1beta1/ingresses---# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yamlapiVersion: v1kind: ServiceAccountmetadata:  name: ingress-nginx-admission  annotations:    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  namespace: ingress-nginx---# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  name: ingress-nginx-admission  annotations:    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhookrules:  - apiGroups:      - admissionregistration.k8s.io    resources:      - validatingwebhookconfigurations    verbs:      - get      - update---# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: ingress-nginx-admission  annotations:    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhookroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: ingress-nginx-admissionsubjects:  - kind: ServiceAccount    name: ingress-nginx-admission    namespace: ingress-nginx---# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yamlapiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:  name: ingress-nginx-admission  annotations:    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  namespace: ingress-nginxrules:  - apiGroups:      - ''    resources:      - secrets    verbs:      - get      - create---# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  name: ingress-nginx-admission  annotations:    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  namespace: ingress-nginxroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: ingress-nginx-admissionsubjects:  - kind: ServiceAccount    name: ingress-nginx-admission    namespace: ingress-nginx---# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yamlapiVersion: batch/v1kind: Jobmetadata:  name: ingress-nginx-admission-create  annotations:    helm.sh/hook: pre-install,pre-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  namespace: ingress-nginxspec:  template:    metadata:      name: ingress-nginx-admission-create      labels: helm.sh/chart: ingress-nginx-3.33.0 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 0.47.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook    spec:      containers: - name: create   image: docker.io/jettech/kube-webhook-certgen:v1.5.1   imagePullPolicy: IfNotPresent   args:     - create     - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc     - --namespace=$(POD_NAMESPACE)     - --secret-name=ingress-nginx-admission   env:     - name: POD_NAMESPACEvalueFrom:  fieldRef:    fieldPath: metadata.namespace      restartPolicy: OnFailure      serviceAccountName: ingress-nginx-admission      securityContext: runAsNonRoot: true runAsUser: 2000---# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yamlapiVersion: batch/v1kind: Jobmetadata:  name: ingress-nginx-admission-patch  annotations:    helm.sh/hook: post-install,post-upgrade    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded  labels:    helm.sh/chart: ingress-nginx-3.33.0    app.kubernetes.io/name: ingress-nginx    app.kubernetes.io/instance: ingress-nginx    app.kubernetes.io/version: 0.47.0    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/component: admission-webhook  namespace: ingress-nginxspec:  template:    metadata:      name: ingress-nginx-admission-patch      labels: helm.sh/chart: ingress-nginx-3.33.0 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 0.47.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook    spec:      containers: - name: patch   image: docker.io/jettech/kube-webhook-certgen:v1.5.1   imagePullPolicy: IfNotPresent   args:     - patch     - --webhook-name=ingress-nginx-admission     - --namespace=$(POD_NAMESPACE)     - --patch-mutating=false     - --secret-name=ingress-nginx-admission     - --patch-failure-policy=Fail   env:     - name: POD_NAMESPACEvalueFrom:  fieldRef:    fieldPath: metadata.namespace      restartPolicy: OnFailure      serviceAccountName: ingress-nginx-admission      securityContext: runAsNonRoot: true runAsUser: 2000

2、使用

官网地址:Welcome - NGINX Ingress Controller

就是nginx做的

https://139.198.163.211:32401/

http://139.198.163.211:31405/

测试环境

应用如下yaml,准备好测试环境

apiVersion: apps/v1kind: Deploymentmetadata:  name: hello-serverspec:  replicas: 2  selector:    matchLabels:      app: hello-server  template:    metadata:      labels: app: hello-server    spec:      containers:      - name: hello-server image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server ports: - containerPort: 9000---apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: nginx-demo  name: nginx-demospec:  replicas: 2  selector:    matchLabels:      app: nginx-demo  template:    metadata:      labels: app: nginx-demo    spec:      containers:      - image: nginx name: nginx---apiVersion: v1kind: Servicemetadata:  labels:    app: nginx-demo  name: nginx-demospec:  selector:    app: nginx-demo  ports:  - port: 8000    protocol: TCP    targetPort: 80---apiVersion: v1kind: Servicemetadata:  labels:    app: hello-server  name: hello-serverspec:  selector:    app: hello-server  ports:  - port: 8000    protocol: TCP    targetPort: 9000

1、域名访问

apiVersion: networking.k8s.io/v1kind: Ingress  metadata:  name: ingress-host-barspec:  ingressClassName: nginx  rules:  - host: "hello.atguigu.com"    http:      paths:      - pathType: Prefix path: "/" backend:   service:     name: hello-server     port:number: 8000  - host: "demo.atguigu.com"    http:      paths:      - pathType: Prefix path: "/nginx"  # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404 backend:   service:     name: nginx-demo  ## java,比如使用路径重写,去掉前缀nginx     port:number: 8000

问题: path: "/nginx" 与 path: "/" 为什么会有不同的效果?

2、路径重写

apiVersion: networking.k8s.io/v1kind: Ingress  metadata:  annotations:    nginx.ingress.kubernetes.io/rewrite-target: /$2  name: ingress-host-barspec:  ingressClassName: nginx  rules:  - host: "hello.atguigu.com"    http:      paths:      - pathType: Prefix path: "/" backend:   service:     name: hello-server     port:number: 8000  - host: "demo.atguigu.com"    http:      paths:      - pathType: Prefix path: "/nginx(/|$)(.*)"  # 把请求会转给下面的服务,下面的服务一定要能处理这个路径,不能处理就是404 backend:   service:     name: nginx-demo  ## java,比如使用路径重写,去掉前缀nginx     port:number: 8000

3、流量限制

apiVersion: networking.k8s.io/v1kind: Ingressmetadata:  name: ingress-limit-rate  annotations:    nginx.ingress.kubernetes.io/limit-rps: "1"spec:  ingressClassName: nginx  rules:  - host: "haha.atguigu.com"    http:      paths:      - pathType: Exact path: "/" backend:   service:     name: nginx-demo     port:number: 8000

存储抽象

环境准备

1、所有节点

#所有机器安装yum install -y nfs-utils

2、主节点

#nfs主节点echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exportsmkdir -p /nfs/datasystemctl enable rpcbind --nowsystemctl enable nfs-server --now#配置生效exportfs -r

3、从节点

showmount -e 172.31.0.4#执行以下命令挂载 nfs 服务器上的共享目录到本机路径 /root/nfsmountmkdir -p /nfs/datamount -t nfs 172.31.0.4:/nfs/data /nfs/data# 写入一个测试文件echo "hello nfs server" > /nfs/data/test.txt

4、原生方式数据挂载

apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: nginx-pv-demo  name: nginx-pv-demospec:  replicas: 2  selector:    matchLabels:      app: nginx-pv-demo  template:    metadata:      labels: app: nginx-pv-demo    spec:      containers:      - image: nginx name: nginx volumeMounts: - name: html   mountPath: /usr/share/nginx/html      volumes: - name: html   nfs:     server: 172.31.0.4     path: /nfs/data/nginx-pv

1、PV&PVC

PV:持久卷(Persistent Volume),将应用需要持久化的数据保存到指定位置

PVC:持久卷申明(Persistent Volume Claim),申明需要使用的持久卷规格

1、创建pv池

静态供应

#nfs主节点mkdir -p /nfs/data/01mkdir -p /nfs/data/02mkdir -p /nfs/data/03

创建PV

apiVersion: v1kind: PersistentVolumemetadata:  name: pv01-10mspec:  capacity:    storage: 10M  accessModes:    - ReadWriteMany  storageClassName: nfs  nfs:    path: /nfs/data/01    server: 172.31.0.4---apiVersion: v1kind: PersistentVolumemetadata:  name: pv02-1gispec:  capacity:    storage: 1Gi  accessModes:    - ReadWriteMany  storageClassName: nfs  nfs:    path: /nfs/data/02    server: 172.31.0.4---apiVersion: v1kind: PersistentVolumemetadata:  name: pv03-3gispec:  capacity:    storage: 3Gi  accessModes:    - ReadWriteMany  storageClassName: nfs  nfs:    path: /nfs/data/03    server: 172.31.0.4

2、PVC创建与绑定

创建PVC

kind: PersistentVolumeClaimapiVersion: v1metadata:  name: nginx-pvcspec:  accessModes:    - ReadWriteMany  resources:    requests:      storage: 200Mi  storageClassName: nfs

创建Pod绑定PVC

apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: nginx-deploy-pvc  name: nginx-deploy-pvcspec:  replicas: 2  selector:    matchLabels:      app: nginx-deploy-pvc  template:    metadata:      labels: app: nginx-deploy-pvc    spec:      containers:      - image: nginx name: nginx volumeMounts: - name: html   mountPath: /usr/share/nginx/html      volumes: - name: html   persistentVolumeClaim:     claimName: nginx-pvc

2、ConfigMap

抽取应用配置,并且可以自动更新

1、redis示例

1、把之前的配置文件创建为配置集

# 创建配置,redis保存到k8s的etcd;kubectl create cm redis-conf --from-file=redis.conf
apiVersion: v1data:    #data是所有真正的数据,key:默认是文件名   value:配置文件的内容  redis.conf: |    appendonly yeskind: ConfigMapmetadata:  name: redis-conf  namespace: default

2、创建Pod

apiVersion: v1kind: Podmetadata:  name: redisspec:  containers:  - name: redis    image: redis    command:      - redis-server      - "/redis-master/redis.conf"  #指的是redis容器内部的位置    ports:    - containerPort: 6379    volumeMounts:    - mountPath: /data      name: data    - mountPath: /redis-master      name: config  volumes:    - name: data      emptyDir: {}    - name: config      configMap: name: redis-conf items: - key: redis.conf   path: redis.conf

3、检查默认配置

kubectl exec -it redis -- redis-cli127.0.0.1:6379> CONFIG GET appendonly127.0.0.1:6379> CONFIG GET requirepass

4、修改ConfigMap

apiVersion: v1kind: ConfigMapmetadata:  name: example-redis-configdata:  redis-config: |    maxmemory 2mb    maxmemory-policy allkeys-lru 

5、检查配置是否更新

kubectl exec -it redis -- redis-cli127.0.0.1:6379> CONFIG GET maxmemory127.0.0.1:6379> CONFIG GET maxmemory-policy

检查指定文件内容是否已经更新

修改了CM。Pod里面的配置文件会跟着变

配置值未更改,因为需要重新启动 Pod 才能从关联的 ConfigMap 中获取更新的值。

原因:我们的Pod部署的中间件自己本身没有热更新能力

3、Secret

Secret 对象类型用来保存敏感信息,例如密码、OAuth 令牌和 SSH 密钥。 将这些信息放在 secret 中比放在 Pod 的定义或者 容器镜像 中来说更加安全和灵活。

kubectl create secret docker-registry leifengyang-docker \--docker-username=leifengyang \--docker-password=Lfy123456 \--docker-email=534096094@qq.com##命令格式kubectl create secret docker-registry regcred \  --docker-server= \  --docker-username= \  --docker-password= \  --docker-email=
apiVersion: v1kind: Podmetadata:  name: private-nginxspec:  containers:  - name: private-nginx    image: leifengyang/guignginx:v1.0  imagePullSecrets:  - name: leifengyang-docker