Kubernetes实战指南
本文将介绍Kubernetes的核心概念和实践经验,帮助你掌握容器编排技术。
基础架构
- 集群组件
1
2
3
4
5
6
|
# 查看集群状态
kubectl get nodes
kubectl get pods --all-namespaces
# 查看组件状态
kubectl get componentstatuses
|
- 网络架构
1
2
3
4
5
|
# 查看网络策略
kubectl get networkpolicies
# 查看服务
kubectl get services
|
Pod管理
- Pod创建
1
2
3
4
5
6
7
8
9
10
11
|
# nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
|
- Pod操作
1
2
3
4
5
6
7
8
|
# 创建Pod
kubectl apply -f nginx-pod.yaml
# 查看Pod状态
kubectl get pod nginx-pod
# 查看Pod详情
kubectl describe pod nginx-pod
|
Deployment部署
- Deployment配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
# nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
|
- 滚动更新
1
2
3
4
5
6
7
8
|
# 更新镜像
kubectl set image deployment/nginx-deployment nginx=nginx:1.19
# 查看更新状态
kubectl rollout status deployment/nginx-deployment
# 回滚更新
kubectl rollout undo deployment/nginx-deployment
|
服务暴露
- Service配置
1
2
3
4
5
6
7
8
9
10
11
12
|
# nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
type: LoadBalancer
|
- Ingress配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# nginx-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
spec:
rules:
- host: nginx.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
|
存储管理
- PersistentVolume
1
2
3
4
5
6
7
8
9
10
11
12
|
# pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/mysql
|
- PersistentVolumeClaim
1
2
3
4
5
6
7
8
9
10
11
|
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
|
配置管理
- ConfigMap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
# nginx-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
|
- Secret
1
2
3
4
5
6
7
8
9
|
# mysql-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
type: Opaque
data:
username: YWRtaW4=
password: cGFzc3dvcmQ=
|
资源限制
- 资源配额
1
2
3
4
5
6
7
8
9
10
11
|
# resource-quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
spec:
hard:
requests.cpu: "4"
requests.memory: 4Gi
limits.cpu: "8"
limits.memory: 8Gi
|
- 限制范围
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# limit-range.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-limit-range
spec:
limits:
- default:
cpu: 1
memory: 512Mi
defaultRequest:
cpu: 0.5
memory: 256Mi
type: Container
|
监控与日志
- Prometheus部署
1
2
3
|
# 使用Helm安装Prometheus
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack
|
- 日志收集
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# fluentd-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: fluentd-config
data:
fluent.conf: |
<source>
@type tail
path /var/log/containers/*.log
pos_file /var/log/fluentd-containers.log.pos
tag kubernetes.*
</source>
|
最佳实践
-
高可用配置
- 使用多副本
- 配置反亲和性
- 使用PodDisruptionBudget
-
安全建议
- 启用RBAC
- 使用NetworkPolicy
- 定期更新组件
掌握这些Kubernetes实践技巧,将帮助你构建可靠的容器化应用平台。