deployment介绍和使用

什么是deployment

deployment是对pods和ReplicaSet的定义,定义了pods和ReplicaSet的定义和实现方式等。
如下为deployment的定义

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.12.2
ports:
- containerPort: 80

metadata 指明了服务名为nginx-deployment, 标签为nginx,
spec指定了pod的副本为3个,每个pod容器镜像为ngix:1.12.2, 容器端暴漏的端口为80
接下来我们启动deployment

1
kubectl create -f deployment_nginx.yml 

会显示:”nginx-deployment deployment has been created”
我们执行

1
kubectl get deployment 

查看deployment状态

1
2
NAME               DESIRED   CURRENT   UP-TO-DATE   AVAILABLE  AGE  
nginx-deployment 3 3 3 3 9s

可以看到deployment启动了三个pod,并且三个pod都是可用的。

1
kubectl get rs

可以看到ReplicaSet的状态为启动了3个pod,都是就绪状态
接下来可以查看下pod

1
kubectl get pods

显示deployment详细信息

1
kubectl get deployment -o wide

我们也可以更新deployment的image

1
kubectl set image deployment nginx-deployment nginx=nginx:1.1.13

我们可以回滚deployment版本

1
kubectl rollout undo deployment nginx-deployment 

查看deployment的历史信息

1
kubectl rollout history deployment nginx-deployment 

将deployment服务暴露出去

1
kubectl expose deployment nginx-deployment --type=NodePort

终端会提示服务已经暴露出去

1
service nginx-deployment  exposed

我们接下来查看下service信息

1
kubectl get svc

会显示服务映射的端口和地址

安装kubeadm

基于ubuntu配置k8s环境

1
hostnamectl set-hostname k8s-master

设置好后可以查看下我们的配置

1
tail /etc/hosts

查看防火墙状态

1
sudo apt-get install ufw

关闭临时分区

1
swapoff -a

更新https

1
apt-get update && apt-get install -y apt-transport-https

获取gpg

1
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 

新增源

1
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"

更新apt

1
apt-get update

查看1.15最新版本

1
apt-cache madison kubelet kubectl kubeadm |grep '1.15.4-00'         //查看1.15的最新版本

安装指定版本的工具

1
apt install -y kubelet=1.15.4-00 kubectl=1.15.4-00 kubeadm=1.15.4-00        //安装指定的版本

kubelet禁用swap

1
2
3
4
5
tee /etc/default/kubelet <<-'EOF'
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF

systemctl daemon-reload && systemctl restart kubelet

初始化k8s

1
2
3
4
5
kubeadm init \
--kubernetes-version=v1.15.4 \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.24.0.0/16 \
--ignore-preflight-errors=Swap

在当前账户下执行,kubectl配置调用

1
2
3
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

使用fannel的overlay网络实现多节点pod通信

1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看pods信息

1
kubectl get pods -A

配置dashboard

1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml

配置后查看pod信息

1
get pods -A

查看namespaces信息

1
kubectl get namespaces

可以查看所有的namespaces信息
设置好网络模式后,接下来查看下apiserver暴露的地址

1
kubectl cluster-info

显示如下

1
2
3
4
5
Kubernetes master is running at https://172.17.0.9:6443
Heapster is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
monitoring-grafana is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
monitoring-influxdb is running at https://172.17.0.9:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy

如果外网访问,换成外网地址就行了。
我自己dashboard的访问地址:

1
https://81.68.86.146:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

因为访问dashboard需要权限
1.创建服务账号
首先创建一个叫admin-user的服务账号,并放在kube-system名称空间下:

1
2
3
4
5
6
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system

执行kubectl create命令:

1
kubectl create -f admin-user.yaml

2.绑定角色
默认情况下,kubeadm创建集群时已经创建了admin角色,我们直接绑定即可:

1
2
3
4
5
6
7
8
9
10
11
12
13
# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

执行kubectl create命令:

1
kubectl create -f  admin-user-role-binding.yaml

3.获取Token
现在我们需要找到新创建的用户的Token,以便用来登录dashboard:

1
2
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $
1}')

4 制作证书
k8s默认启动了证书验证,我们创建证书

1
2
3
4
5
6
# 生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
# 生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
# 生成p12
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

然后我们将kubecfg.p12 copy到windows双击安装证书即可。
然后chrome 打开地址:

1
https://81.68.86.146:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

单节点k8s,默认pod不被调度在master节点,需要设置去污点

1
kubectl taint nodes --all node-role.kubernetes.io/master-     //去污点,master节点可以被调度

输出如下

1
node/k8s-master untainted

感谢关注我的公众号

wxgzh.jpg