Shulou(Shulou.com)06/02 Report--

Brief introduction of Kubernetes Food

Kubernetes is a container cluster management system opened by Google in June 2014. it is developed in GE language. Kubernetes is also known as K8S. K8S is derived from a container cluster management system called Borg within Google. Borg has been in mass production and operation in Google for ten years.

K8S is mainly used for automated deployment, expansion and management of container applications, providing a complete set of functions such as resource scheduling, deployment management, service discovery, capacity expansion and monitoring. Kubernetes v1.0 was officially released in July 2015. as of August 2, 2018, the latest stable version is v1.15.1, and the latest stable version is v1.16.0Kubernetes. The goal is to make the deployment of containerized applications simple and efficient.

Official website: https://kubernetes.io

Main functions of Kubernetes

Data volume

Data is shared among containers in Pod, and data volumes can be used.

Application health check

Check that the service in the container may be blocked and unable to handle requests. You can set a monitoring and checking policy to ensure the robustness of the application.

Copy an application instance

The controller maintains the number of Pod copies to ensure that a Pod or a set of similar Pod quantities are always available

Elastic expansion

Automatically scale the number of Pod copies according to the set indicator (CPU utilization)

Service discovery

Use environment variables or DNS service plug-ins to ensure that the program in the container discovers the Pod entry access address

Load balancing

A group of Pod replicas assign a private cluster IP address, and the load balancer forwards the request to the backend container. Other Pod within the cluster can access the application through this ClusterIP.

Scrolling update

Update service without interruption, updating one Pod at a time instead of deleting the entire service at the same time

Service arrangement

Deploy services through file descriptions to make application deployment more efficient

Resource monitoring

The Node node component integrates the cAdvisor resource collection tool, which can summarize the resource data of the entire cluster node through Heapster, then store it in the InfluxDB time series database, and then display it by Grafana.

Provide authentication and authorization

Support attribute access control (ABAC), role access control (RBAC) authentication and authorization policies

Kubernetes basic object concept

PodPod

Is the smallest deployment unit. A Pod consists of one or more containers. Containers in Pod share storage and network and run on the same Docker host.

Service

Service is an application service abstraction that defines the Pod logical set and the policy for accessing the Pod set. The Service proxy Pod set is represented as an access entry, assigning a cluster IP address, and the request from this IP forwards the load balancer to the container in the backend Pod. Service selects a set of Pod to provide services through Lable Selector.

Volume

Data volumes, sharing data used by containers in Pod

Namespace

Namespaces logically assign objects to different Namespace, can be managed differently by different projects, users, etc., and set control policies to achieve multi-tenancy; namespaces are also known as virtual clusters

Lable

Tags are used to distinguish objects (such as Pod, Service). Key / value pairs exist. Each object can have multiple tags, and objects can be associated through tags.

ReplicaSet

The next-generation Replication Controller; ensures the number of Pod copies specified at any given time and provides functions such as declarative updates; the only difference between RC and RS is that lable selector supports new set-based tags, while RC supports only equation-based tags.

Deployment

Deployment is a higher-level API object that manages ReplicaSets and Pod and provides functions such as declarative updates. Officials recommend using Deployment to manage ReplicaSets instead of using ReplicaSets directly, which means that you may never need to manipulate ReplicaSet objects directly.

Stateful

SetStatefulSet is suitable for persistent applications, with unique network identifiers (IP), persistent storage, orderly deployment, extension, deletion and rolling updates

DaemonSet

DaemonSet ensures that all (or some) nodes run the same Pod; when the node joins the Kubernetes cluster, the Pod is scheduled to run on that node, and when the node is removed from the cluster, DaemonSet's Pod is deleted; deleting DaemonSet cleans up all its created Pod

Job

One-time task, Pod is destroyed after running, the new container is no longer restarted, and the task can be run regularly.

Kubernetes composition

Master components:

Kube-apiserver

Kubernetes API, the unified entrance to the cluster and the coordinator of each component, provides interface services through HTTP API. All object resource additions, deletions, modifications, and monitoring operations are handed over to APIServer and then submitted to Etcd storage.

Kube-controller-manager

Handle the regular background tasks in the cluster, each resource corresponds to a controller, and ControllerManager is responsible for managing these controllers.

Kube-scheduler

Select a Node node for the newly created Pod according to the scheduling algorithm

Node components:

Kubelet

Kubelet is the Agent of Master on the Node node, which manages the lifecycle of native running containers, such as creating containers, mounting data volumes on Pod, downloading secret, getting container and node status, etc. Kubelet converts each Pod into a set of containers.

Kube-proxy

Implement Pod network agent on Node node, maintain network rules and layer 4 load balancing

Docker or rocket/rkt

Run the container

Third-party services:

Etcd

Distributed key storage system; used to maintain cluster status, such as Pod, Service and other object information

Unnecessary components:

Kube-dns

Responsible for providing DNS services for the whole cluster

Ingress Controller

Provide public network access for services

Heapster

Provide resource monitoring

Dashboard

Provide GUI

Federation

Provide clusters across availability zones

Fluentd-elasticsearch

Provide cluster log collection, storage and query

Kubernetes Food Formula role IP component master192.168.0.201etcd

Kube-apiserver

Kube-controller-manager

Kube-schedulernode01192.168.0.202kubelet

Kube-proxy

Dockernode02192.168.0.203kubelet

Kube-proxy

DockerPod network 10.244.0.0amp 16

Service network 10.96.0.0amp 12

Get yum source

Install Docker, Kubelet, Kubeadm, Kubectl to all nodes

Master node initialization

Flannel installation

Node joining

Get yum source # enter the repo directory of yum cd / etc/yum.repos.d/# to get the yum source of Docker wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo# write Kubernetes yum source vim / etc/yum.repos.d/ Kubernetes repos [Kubernetes] name=Kubernetes Repobaseurl= https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key .gpgenabled = checking the availability of yum sources yum repolist installation Docker, Kubelet, Kubeadm, Kubectl to all nodes # yum install required parts yum-y install docker-ce kubelet kubeadm kubectl# start Docker service systemctl start docker# set up boot self-boot systemctl enable dockersystemctl enable kubelet

Before starting Docker, due to some force majeure and indescribable reasons, it is recommended that domestic programmers modify the parameters of HttpsProxy, as follows:

Vim / usr/lib/systemd/system/docker.service Environment= "HTTPS_PROXY= http://www.ik8s.io:10080"Environment="NO_PROXY=127.0.0.0/8,192.168.0.0/24"systemctl daemon-reloadsystemctl restart dockerdocker info

# check bridge-nfcat / proc/sys/net/bridge/bridge-nf-call-ip6tables1cat / proc/sys/net/bridge/bridge-nf-call-iptables1Master node initialization # configure kubelet file to ignore Swap error vim / etc/sysconfig/kubeletKUBELET_EXTRA_ARGS= "- fail-swap-on=false" kubeadm init-- pod-network-cidr=10.244.0.0/16-- service-cidr=10.96.0.0/12-- ignore-preflight-errors=Swap

# set according to the prompts given after initialization (it is recommended to create ordinary users to do this) mkdir-p $HOME/.kubesudo cp-I / etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id-u): $(id-g) $HOME/.kube/config# to view the cluster health status kubectl get csNAME STATUS MESSAGE ERRORscheduler Healthy ok Controller-manager Healthy ok etcd-0 Healthy {"health": "true"} # View cluster node information kubectl get nodeNAME STATUS ROLES AGE VERSIONcentos701.0x50j.com NotReady master 9m52s v1.15.viewing docker container docker ps

# View docker image docker images

The reason why the node status shows NoReady is that flannel is not installed yet.

Flannel installation # automatically pull image launch kubectl apply-f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml# to view Pods network information kubectl get pods-n kube-system-o wide# check whether the node status is Ready status kubectl get nodeNAME STATUS ROLES AGE VERSIONcentos701.0x50j.com Ready master 27m v1.15.2 Node join the cluster # join the cluster kubeadm join [MastertIP Address]: 6443-- token [token value]-- discovery-token-ca-cert-hash [certificate hash]-- obtain node information on the ignore-preflight-errors=Swap# primary node kubectl get nodeNAME STATUS ROLES AGE VERSIONcentos701.0x50j.com Ready master 15h v1.15.2centos702.0x50j.com Ready 15h v1.15.2centos703.0x50j.com Ready 15h v1.15.2

The token value and certificate hash value are provided when initializing the cluster

Dashboard Visualization plugin # downloads the yaml file to the local wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml# to modify the yaml file Enable the public network to access vim kubernetes-dashboard.yaml.---#-Dashboard Service-# kind: ServiceapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-systemspec: type: NodePort # add type: NodePort ports:-port: 443 targetPort: 8443 nodePort: 31620 # add nodePort: 31620 selector: k8s-app: kubernetes-dashboard# modify configuration to pull image vim kubernetes-dashboard.yaml from Ali Cloud Warehouse. Containers:-name: kubernetes-dashboard # image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 ports:.# execute deployment dashboard service kubectl create-f kubernetes-dashboard.yaml

Viewing the status of Pod as running indicates that dashboard has been successfully deployed.

Kubectl get pod-- namespace=kube-system-o wide | grep dashboard

Dashboard creates its own Deployment and Service in kube-system namespace

Kubectl get deployment kubernetes-dashboard-namespace=kube-system

Kubectl get service kubernetes-dashboard-namespace=kube-system

Visit https://[host_ip]:31620/#!/login

# create dashboard-adminuser.yaml Get Tokenvim dashboard-adminuser.yamlapiVersion: v1kind: ServiceAccountmetadata: name: admin-user namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: name: admin-userroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-adminsubjects:- kind: ServiceAccount name: admin-user namespace: kube-system# execute yaml file kubectl create-f dashboard-adminuser.yaml# View admin-user account tokenkubectl-nkube-system describe secret $(kubectl-nkube- System get secret | grep admin-user | awk'{print $1}')

Log in to the Dashboard panel using the obtained Token value

Kubernetes eating method # query node information kubectl describe node [node name] # View cluster information kubectl cluster-info# view created Podskubectl get pods-o wide# view created Serviceskubectl get services-o wide# view Pod network information kubectl describe pods [Pod name] # check Pod network information kubectl describe service [Pod name] # run Podkubectl run NAME-- image=image [--env= "key=value"] [--port=port] [--replicas=replicas ] [--dry-run=bool] [--overrides=inline-json] [--command]-- [COMMAND] [args...] [options] # Chestnut: run Nginxkubectl run nginx-image=nginx:1.14-port=80-replicas=1 run Busyboxkubectl run client-image=busybox-replicas=1-it-restart=Never

-- image specifies the image you want to eat.

-- port specifies the exposed port

-- replicas specifies the number of creations

# delete Podkubectl delete ([- f FILENAME] | [- k DIRECTORY] | TYPE [(NAME |-l label |-- all)]) # Chestnut: kubectl delete pods nginx-7c45b84548-7bnr6

TYPE specifies the type of deletion, such as services,pods

NAME specifies the name

-l specify label

# create servicekubectl expose (- f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP | UDP | SCTP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [options] # Chestnut: kubectl expose deployment nginx--name=nginx-service-- port=8081-- target-port=80-- protocol=TCP

Deployment specifies the name of the deployment pod

-- name of name services

-- external port of port

-- target-port internal port (pod exposed port)

-- protocol designated protocol

# expand / reduce the number of pod kubectl scale [--resource-version=version] [--current-replicas=count]-- replicas=COUNT (- f FILENAME | TYPE NAME) # Chestnut: kubectl scale-- replicas=0 deployment myapp

-- specified quantity of replicas

# Rolling upgrade kubectl set image (- f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1# Chestnut: kubectl set image deployment nginx-web nginx-web=nginx:1.10# rolls back to the previous version of kubectl rollout undo deployment [Pod name] # View status kubectl rollout status deployment nginx-web

The name of the CONTAINER_NAME_1 pod

CONTAINER_IMAGE_1 upgrade to that image

# add the tag kubectl label [--overwrite] (- f FILENAME | TYPE NAME) KEY_1=VAL_1. KEY_N=VAL_N [--resource-version=version] # Chestnut: kubectl label pods test-pod release=canary

TYPE specifies the type, such as svc,pods

NAME specifies the name

KEY specifies the key value

VAL specifies the tag value

You can add-- show-labels view tag when you have get information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.