Pod:围绕一个或多个容器的包装。一个 pod 应该只包含一个应用程序(因此通常,一个 pod 只运行 1 个容器)。pod 是 Kubernetes 抽象运行容器技术的方式。
服务:每个 pod 从节点的内部范围中有 1 个内部 IP 地址。但是,它也可以通过服务暴露。服务也有一个 IP 地址,其目标是维护 pod 之间的通信,因此如果一个 pod 死亡,新的替代品(具有不同的内部 IP)将可访问并暴露在服务的相同 IP 上。可以配置为内部或外部。服务还充当负载均衡器,当 2 个 pod 连接到同一服务时。
当创建一个 服务 时,可以通过运行 kubectl get endpoints 找到每个服务的端点。
Kubelet:主要节点代理。建立节点与 kubectl 之间通信的组件,只能运行 pod(通过 API 服务器)。Kubelet 不管理未由 Kubernetes 创建的容器。
$ minikube start
😄 minikube v1.19.0 on Ubuntu 20.04
✨ Automatically selected the virtualbox driver. Other choices: none, ssh
💿 Downloading VM boot image ...
> minikube-v1.19.0.iso.sha256: 65 B / 65 B [-------------] 100.00% ? p/s 0s
> minikube-v1.19.0.iso: 244.49 MiB / 244.49 MiB 100.00% 1.78 MiB p/s 2m17.
👍 Starting control plane node minikube in cluster minikube
💾 Downloading Kubernetes v1.20.2 preload ...
> preloaded-images-k8s-v10-v1...: 491.71 MiB / 491.71 MiB 100.00% 2.59 MiB
🔥 Creating virtualbox VM (CPUs=2, Memory=3900MB, Disk=20000MB) ...
🐳 Preparing Kubernetes v1.20.2 on Docker 20.10.4 ...
▪ Generating certificates and keys ...
▪ Booting up control plane ...
▪ Configuring RBAC rules ...
🔎 Verifying Kubernetes components...
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟 Enabled addons: storage-provisioner, default-storageclass
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by defaul
$ minikube status
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured
---- ONCE YOU HAVE A K8 SERVICE RUNNING WITH AN EXTERNAL SERVICE -----
$ minikube service mongo-express-service
(This will open your browser to access the service exposed port)
$ minikube delete
🔥 Deleting "minikube" in virtualbox ...
💀 Removed all traces of the "minikube" cluster
Kubectl 基础
Kubectl 是用于 Kubernetes 集群的命令行工具。它与主进程的 Api 服务器通信,以在 Kubernetes 中执行操作或请求数据。
kubectlversion#Get client and server versionkubectlgetpodkubectlgetserviceskubectlgetdeploymentkubectlgetreplicasetkubectlgetsecretkubectlgetallkubectlgetingresskubectlgetendpoints#kubectl create deployment <deployment-name> --image=<docker image>kubectlcreatedeploymentnginx-deployment--image=nginx#Access the configuration of the deployment and modify it#kubectl edit deployment <deployment-name>kubectleditdeploymentnginx-deployment#Get the logs of the pod for debbugging (the output of the docker container running)#kubectl logs <replicaset-id/pod-id>kubectllogsnginx-deployment-84cd76b964#kubectl describe pod <pod-id>kubectldescribepodmongo-depl-5fd6b7d4b4-kkt9q#kubectl exec -it <pod-id> -- bashkubectlexec-itmongo-depl-5fd6b7d4b4-kkt9q--bash#kubectl describe service <service-name>kubectldescribeservicemongodb-service#kubectl delete deployment <deployment-name>kubectldeletedeploymentmongo-depl#Deploy from config filekubectlapply-fdeployment.yml
Minikube Dashboard
仪表板使您更容易查看 minikube 正在运行的内容,您可以在以下位置找到访问它的 URL:
minikube dashboard --url
🔌 Enabling dashboard ...
▪ Using image kubernetesui/dashboard:v2.3.1
▪ Using image kubernetesui/metrics-scraper:v1.0.7
🤔 Verifying dashboard health ...
🚀 Launching proxy ...
🤔 Verifying proxy health ...
http://127.0.0.1:50034/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
kubectlapply-f<secretpod.yaml>kubectlgetpods#Wait until the pod secretpod is runningkubectlexec-itsecretpod--bashenv|grepSECRET&&cat/etc/foo/my-group/my-username&&echo
#ETCDCTL_API=3 etcdctl --cert <path to client.crt> --key <path to client.ket> --cacert <path to CA.cert> endpoint=[<ip:port>] healthETCDCTL_API=3etcdctl--cert/etc/kubernetes/pki/apiserver-etcd-client.crt--key/etc/kubernetes/pki/apiserver-etcd-client.key--cacert/etc/kubernetes/pki/etcd/etcd/ca.certendpoint=[127.0.0.1:1234]health
一旦您建立了通信,您将能够获取机密:
#ETCDCTL_API=3 etcdctl --cert <path to client.crt> --key <path to client.ket> --cacert <path to CA.cert> endpoint=[<ip:port>] get <path/to/secret>ETCDCTL_API=3etcdctl--cert/etc/kubernetes/pki/apiserver-etcd-client.crt--key/etc/kubernetes/pki/apiserver-etcd-client.key--cacert/etc/kubernetes/pki/etcd/etcd/ca.certendpoint=[127.0.0.1:1234]get/registry/secrets/default/secret_02