您现在的位置是:首页 >技术杂谈 >K8S实战网站首页技术杂谈
K8S实战
1、环境隔离
1.1、使用命名空间进行环境隔离,如下创建一个开发的命名空间
kubectl create namespace zo-dev #创建名字为zo-dev的命名空间
kubectl delete namespace zo-dev #删除名字为zo-dev的命名空间,删除命名空间时候其下的所有资源会被一并删除
kubectl api-resources --namespaced=true
kubectl get namespace # 查看有哪些命名空间
kubectl describe namespace zo-dev # 查看名字为zo-dev空间的相关信息
kubectl delete ns zo-dev --force --grace-period=0 #强制删除命名空间
1.2也可以使用yaml文件创建
apiVersion: v1
kind: Namespace
metadata:
name: zo-dev
labels:
name: zo-dev
然后执行 kubectl apply -f xx.yaml
1.3 跨命名空间之间的应用通信
实现即隔离,也可可以部分互通,比如A团队应用在一个空间,B团队在另一个空间,则二者可以通信。
1.4 命名空间中的资源限制
可限制某个命名空间的POD、CPU、内存、存储资源的总数
k8s实践(5)k8s的命名空间Namespace_k8s创建命名空间_hguisu的博客-CSDN博客
1.5 客户通过可不同的人员分配不同的账号,使之只能操作对应空间的pod,可参考:
k8s dashboard 配置指导_51CTO博客_k8s 配置中心 (参考dashboard基于命名空间的权限分发)
关于K8s集群环境工作组隔离配置多集群切换的一些笔记_k8s管理_山河已无恙_InfoQ写作社区
2、基本命令
2.1 查看某个命名空间的下的pod
kubectl get pods -n zo-dev
2.2 查看某个容器的日志
kubectl logs XXXX -n zo-dev #用上面显示的pod名称查看某个命名空间下的某个POD的日志
3、部署应用
如下分别给出 java应用及java应用暴露的service示例
3.1 JAVA 应用部署及暴露服务
http端口号是10000
kind: Deployment
apiVersion: apps/v1
metadata:
name: zo-java
namespace: zo-dev
labels:
k8s-app: zo-java
spec:
replicas: 2
selector:
matchLabels:
k8s-app: zo-java
template:
metadata:
name: zo-java
creationTimestamp: null
labels:
k8s-app: zo-java
spec:
containers:
- name: zo-java
image: registry.cn-hangzhou.aliyuncs.com/zo-base/zo-java:1.0.0
command:
- java
- -Djava.security.egd=file:/dev/./urandom
- -Dspring.profiles.active=offline
- -jar
- zo-java-template.jar
ports:
- name: http
containerPort: 10000
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
volumeMounts:
- mountPath: /logs/zo-template-log
name: logs
securityContext:
privileged: false
volumes:
- name: logs
hostPath:
path: /root/logs/zo-java
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: zo-docker
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
k8s-app: zo-java
name: zo-java
namespace: zo-dev
spec:
type: NodePort
ports:
- name: http
protocol: TCP
port: 10000
targetPort: 10000
nodePort: 10000
selector:
k8s-app: zo-java
status:
loadBalancer: {}
3.3 Nginx-web-ui部署及暴露服务
kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx-web-ui
namespace: zo-dev
labels:
k8s-app: nginx-web-ui
spec:
replicas: 1
selector:
matchLabels:
k8s-app: nginx-web-ui
template:
metadata:
name: nginx-web-ui
creationTimestamp: null
labels:
k8s-app: nginx-web-ui
spec:
containers:
- name: nginx-web-ui
image: cym1102/nginxwebui:latest
command:
- java
- -Dfile.encoding=UTF-8
- -jar
- /home/nginxWebUI.jar
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
volumeMounts:
- mountPath: /home/nginxWebUI
name: data
securityContext:
privileged: false
volumes:
- name: data
hostPath:
path: /root/nginxWebUI
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
k8s-app: nginx-web-ui
name: nginx-web-ui
namespace: zo-dev
spec:
type: NodePort
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 80
- name: https
protocol: TCP
port: 443
targetPort: 443
nodePort: 443
- name: dashborad
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 18080
selector:
k8s-app: nginx-web-ui
status:
loadBalancer: {}