一、NameSpace
Kubernetes(K8S)中的 Namespace 是一种用于组织和隔离集群资源的方式。它具有以下用途和相关概念:
- 资源隔离:Namespace 提供资源隔离与命名空间划分。它将整个集群划分为多个逻辑部分,每个部分称为一个 Namespace。不同 Namespace 中的资源相互隔离,避免了资源名称冲突以及不同应用之间的干扰。
- 多租户支持:通过 Namespace,K8S 能够实现多租户的支持。每个租户可以拥有自己的 Namespace,并能够独立管理和使用属于自己的资源。这有助于在一个集群中同时运行多个不同的应用或团队,并提供更好的资源管理和访问控制。
- 访问控制:Namespace 可以用来进行访问控制和权限管理。您可以为每个 Namespace 配置不同的 RBAC(Role-Based Access Control)策略,从而控制用户或组对该 Namespace 内资源的访问权限。这样可以确保不同团队或应用之间的资源隔离和安全性。
- 可视化和监控:Namespace 可以用于帮助可视化和监控集群中不同应用程序的资源使用情况。通过将不同应用程序的资源分配到不同的 Namespace 中,您可以更方便地查看和监控每个应用程序的资源消耗情况,并做出相应的优化和调整。
- 环境隔离:Namespace 可以用于在开发、测试和生产环境之间实现逻辑隔离。每个环境可以使用不同的 Namespace,使得不同环境中的资源相互独立。这样能够更好地管理和控制不同环境中的应用程序和配置。
- 资源限额:Namespace 允许您为每个 Namespace 设置资源限额,以控制其使用的 CPU、内存和存储等资源。这有助于避免某个应用程序占用过多资源导致其他应用受影响,提高集群的稳定性和可靠性。
通过使用 Namespace,您可以有效地组织、隔离和管理 Kubernetes 集群中的资源。它提供了一种灵活而强大的方式来划分和控制不同应用程序和团队的资源,并帮助实现多租户支持、访问控制、环境隔离等功能。
[root@master ~]# kubectl create ns dev
namespace/dev created
二、Pod
运行中的一组容器,Pod是kuberneres中应用的最小单位
【1】命令式对象管理: 直接使用命令去操作kubernetes资源
[root@k8s-master ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-598f5c449-bdzdm 1/1 Running 0 25m
kube-flannel kube-flannel-ds-hxwjt 1/1 Running 0 75m
kube-flannel kube-flannel-ds-zk5pb 1/1 Running 0 75m
kube-system coredns-6d56c8448f-dcbrw 1/1 Running 0 84m
kube-system coredns-6d56c8448f-ntdsj 1/1 Running 0 84m
kube-system etcd-k8s-master 1/1 Running 3 84m
kube-system kube-apiserver-k8s-master 1/1 Running 3 84m
kube-system kube-controller-manager-k8s-master 1/1 Running 2 84m
kube-system kube-proxy-5m7p6 1/1 Running 0 84m
kube-system kube-proxy-7h28l 1/1 Running 0 79m
kube-system kube-scheduler-k8s-master 1/1 Running 0 84m
[root@k8s-master ~]# kubectl describe pods nginx-598f5c449-bdzdm
Name: nginx-598f5c449-bdzdm
Namespace: default
Priority: 0
Node: k8s-node1/192.168.137.12
Start Time: Sun, 17 Sep 2023 17:06:08 +0800
Labels: app=nginx
pod-template-hash=598f5c449
Annotations: <none>
Status: Running
IP: 10.244.1.5
IPs:
IP: 10.244.1.5
Controlled By: ReplicaSet/nginx-598f5c449
Containers:
nginx:
Container ID: docker://b7d46bf333041d577700cb4f9b6ac2274be2f189c4e8a07ddd314c1d38c92a74
Image: docker.io/nginx
Image ID: docker-pullable://docker.io/nginx@sha256:6926dd802f40e5e7257fded83e0d8030039642e4e10c4a98a6478e9c6fe06153
Port: <none>
Host Port: <none>
State: Running
Started: Sun, 17 Sep 2023 17:06:28 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-z246f (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-z246f:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-z246f
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 26m default-scheduler Successfully assigned default/nginx-598f5c449-bdzdm to k8s-node1
Normal Pulling 26m kubelet, k8s-node1 Pulling image "docker.io/nginx"
Normal Pulled 26m kubelet, k8s-node1 Successfully pulled image "docker.io/nginx" in 18.897074387s
Normal Created 26m kubelet, k8s-node1 Created container nginx
Normal Started 26m kubelet, k8s-node1 Started container nginx
进入pod
查看log 加上f表示实时查看
[root@k8s-master ~]# kubectl logs nginx-598f5c449-bdzdm
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/09/17 09:06:28 [notice] 1#1: using the "epoll" event method
2023/09/17 09:06:28 [notice] 1#1: nginx/1.25.2
2023/09/17 09:06:28 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2023/09/17 09:06:28 [notice] 1#1: OS: Linux 3.10.0-1160.el7.x86_64
2023/09/17 09:06:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/09/17 09:06:28 [notice] 1#1: start worker processes
2023/09/17 09:06:28 [notice] 1#1: start worker process 28
10.244.0.0 - - [17/Sep/2023:09:08:11 +0000] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36" "-"
10.244.0.0 - - [17/Sep/2023:09:08:11 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.137.11:32371/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36" "-"
2023/09/17 09:08:11 [error] 28#28: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.244.0.0, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.137.11:32371", referrer: "http://192.168.137.11:32371/"
命令式对象配置: 通过命令配置和配置文件去操作作kubernetes资源
写一个ymal文件:
apiVersion: v1 # API版本号,注意:具有多个,不同的对象可能会使用不同API
kind: Pod # 对象类型,pod
metadata: # 元数据
name: mynginx # POD名称
spec: # specification of the resource content(资源内容的规范)
containers: # 容器列表
- name: mynginx # 容器名称
image: nginx # 容器镜像然后运行yaml文件(提前创建好了命名空间string)
[root@master ~]# vi pod.yaml
[root@master ~]# kubectl apply -f pod.yaml
pod/mynginx created
[root@master ~]# kubectl get pod -n string
NAME READY STATUS RESTARTS AGE
mynginx 1/1 Running 0 27s
[root@master ~]# kubectl describe pod mynginx -n string
Name: mynginx
Namespace: string
Priority: 0
Node: node02/172.31.0.2
Start Time: Mon, 09 Jan 2023 17:10:22 +0800
Labels: <none>
Annotations: cni.projectcalico.org/containerID: 5a1eefb7be0f61fc7cceca2c8bfe67e72fe104db89a13b9f58921804278a2904
cni.projectcalico.org/podIP: 192.168.140.74/32
cni.projectcalico.org/podIPs: 192.168.140.74/32
Status: Running
IP: 192.168.140.74
IPs:
IP: 192.168.140.74
Containers:
mynginx:
Container ID: docker://613b31a4f4736788af136f9187bf78d64ac0f6e0b3960a34087ed481ebed7847
Image: nginx
Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 09 Jan 2023 17:10:23 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-tv5f7 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-tv5f7:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-tv5f7
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 52s default-scheduler Successfully assigned string/mynginx to node02
Normal Pulling 51s kubelet Pulling image "nginx"
Normal Pulled 51s kubelet Successfully pulled image "nginx" in 429.471972ms
Normal Created 51s kubelet Created container mynginx
Normal Started 51s kubelet Started container mynginx
[root@master ~]# kubectl delete -f pod2.yaml
pod "mynginx" deleted用bashboard创建pod
一个pod里面运行多个容器
apiVersion: v1 # API版本号,注意:具有多个,不同的对象可能会使用不同API
kind: Pod # 对象类型,pod
metadata: # 元数据
name: mynginx # POD名称
namespace: string # 所属的命名空间
spec: # specification of the resource content(资源内容的规范)
containers: # 容器列表
- name: mynginx # 容器名称
image: nginx # 容器镜像
- name: mytomcat
image: tomcat 运行容器
[root@master ~]# kubectl apply -f pod.yaml
pod/mynginx created
[root@master ~]# kubectl get pod -n string
NAME READY STATUS RESTARTS AGE
mynginx 0/2 ContainerCreating 0 23s
[root@master ~]# kubectl get pod -n string -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mynginx 0/2 ContainerCreating 0 33s <none> node01 <none> <none>
[root@master ~]# kubectl get pod mynginx -n string -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mynginx 2/2 Running 0 7m40s 192.168.196.139 node01 <none> <none>进入容器查看
[root@master ~]# kubectl exec -it mynginx -n string -- /bin/bash
Defaulting container name to mynginx.
Use 'kubectl describe pod/mynginx -n string' to see all of the containers in this pod.
root@mynginx:/# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@mynginx:/# curl 127.0.0.1:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title>
<style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1
{font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background
-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b>
Status Report</p><p><b>Description</b> The origin server did not find a current representation for the target resource
or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/10.0.14</h3></body></html>root
@mynginx:/# !!注意在一个pod里不能有多个应用都用同一个端口
原创文章,作者:AIRF,如若转载,请注明出处:http://www.ai-rf.com/index.php/2023/09/17/%e3%80%90%e4%b8%89%e3%80%91k8s_namespace%e5%92%8cpod/
