docker-compose编排
wordpress
version: '2'
services:
mysql:
image: 192.168.1.10/library/mysql:latest
expose:
- "3306"
restart: always
environment:
- MYSQL_ROOT_PASSWORD=123456
wordpress:
image: 192.168.1.10/library/wordpress:latest
ports:
- "80:80"
restart: always
environment:
- WORDPRESS_DB_HOST=mysql
- WORDPRESS_DB_USER=root
- WORDPRESS_DB_PASSWORD=123456
owncloud
owncloud:
image: 192.168.1.10/library/owncloud
restart: always
ports:
- "80:80"
links:
- mysql:mysql
mysql:
image: 192.168.1.10/library/mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=123456
lychee
mysql:
image: 192.168.1.10/library/mysql
restart: always
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=123456
- MYSQL_DATABASE=lychee
- MYSQL_USER=lychee
- MYSQL_PASSWORD=123456
lychee:
image: 192.168.1.10/library/lychee
restart: always
ports:
- "80:80"
links:
- "mysql:mysql"
environment:
- WONCLOUD_DB_NAME: lychee
- WONCLOUD_DB_USER: lychee
- WONCLOUD_DB_PASSWORD: 123456
启动/停止命令
docker-compose -f docker-compose.yml up
docker-compose -f docker-compos.yaml down
docker rm $(docker ps -qa)
资源创建
kubectl explain DaemonSet –recursive 可查看模板
kubectl api-resources 可以查看资源的kind
pod管理
在master节点/root目录下编写yaml文件nginx.yaml,具体要求如下:
(1)Pod名称:nginx-pod;
(2)命名空间:default;
(3)容器名称:mynginx;
(4)镜像:nginx;拉取策略:IfNotPresent;
(5)容器端口:80。
(6)并将其调度到节点为disk=stat上
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
nodeSelector:
disk: stat
containers:
- image: 192.168.121.21/library/nginx:latest
name: mynginx
ports:
- containerPort: 80
imagePullPolicy: IfNotPresent
Deployment管理
在master节点/root目录下编写yaml文件nginx-deployment.yaml,具体要求如下:
(1)Deployment名称:nginx-deployment;
(2)命名空间:default;
(3)Pod名称:nginx-deployment,副本数:2;
(4)网络:hostNetwork;
(5)镜像:nginx;
(6)容器端口:80
(7)实现资源限制 :需求内存 300Mi,需求 CPU 300M,限制内存 450Mi,限制 CPU 450M
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-deployment
template:
metadata:
labels:
app: nginx-deployment
spec:
hostNetwork: true
containers:
- name: nginx-deployment
image: 192.168.121.21/library/nginx:latest
ports:
- containerPort: 80
resources:
requests:
cpu: 0.3
memory: 300Mi
limits:
cpu: 0.3
memory: 300Mi
ReplicaSet管理
在master节点/root目录下编写yaml文件replicaset.yaml,具体要求如下:
(1)Replicaset名称:nginx;
(2)命名空间:default;
(3)副本数:3;
(4)镜像:nginx。
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 192.168.121.21/library/nginx:latest
ports:
- contarinerPort: 80
Namespace管理
在master节点/root目录下编写yaml文件my-namespace.yaml,具体要求如下:
(1)Namespace名称:test。
[root@master ~]# vi my-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
Service管理
在master节点/root目录下编写yaml文件service-clusterip.yaml,具体要求如下:
(1)Service名称:service-clusterip;
(2)命名空间:default;
(3)集群内部访问端口:80;targetPort: 81;
(4)Service类型:ClusterIP。
[root@master ~]# vi service-clusterip.yaml
apiVersion: v1
kind: Service
metadata:
name: service-clusterip
namespace: default
spec:
ports:
- port: 80
targetPort: 81
protocol: TCP
type: ClusterIP
RBAC管理
在master节点/root目录下编写yaml文件role.yaml,具体要求如下:
(1)Role名称:pod-reader;
(2)命名空间:default;
(3)对default命名空间内的Pod拥有get、watch、list的权限。
[root@master ~]# vi role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
namespace: default
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
PV管理
在master节点/root目录下编写yaml文件pv.yaml,具体要求如下:
(1)PV名称:pv-local;
(2)命名空间:default;
(3)回收策略:Delete;
(4)访问模式:RWO;
(5)挂载路径:node节点/data/k8s/localpv;
(6)卷容量:5G。
[root@master ~]# vi pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-local
namespace: default
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
local:
path: /data/k8s/localpv
nodeAffinity: #定义应用在哪一个节点上(亲和)
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- 192.168.100.20
HPA管理
在master节点/root目录下编写yaml文件hpa.yaml,具体要求如下:
(1)HPA名称:frontend-scaler;
(2)命名空间:default;
(3)副本数伸缩范围:3–10;
(4)期望每个Pod的CPU使用率为50%。
[root@master ~]# vi hpa.yaml
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: frontend-scaler
namespace: default
spec:
minReplicas: 3
maxReplicas: 10
scaleTargetRef:
apiVersion: v1
kind: Pod
name: test
targetCPUUtilizationPercentage: 50
Secrets管理
在master节点/root目录下编写yaml文件secret.yaml,具体要求如下:
(1)Secret名称:mysecret;
(2)命名空间:default;
(3)类型:Opaque;
(4)username: YWRtaW4=;password: MWYyZDFlMmU2N2Rm。
[root@master ~]# vi secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
namespace: default
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
NetworkPolicy管理
在master节点/root目录下编写yaml文件network-policy-deny.yaml,具体要求如下:
(1)NetworkPolicy名称:default-deny;
(2)命名空间:default;
(3)默认禁止所有入Pod流量。
[root@master ~]# vi network-policy-deny.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
健康检查
在master节点/root目录下编写yaml文件liveness_httpget.yaml,具体要求如下:
(1)Pod名称:liveness-http;
(2)命名空间:default;
(3)镜像:nginx;端口:80;
(4)容器启动时运行命令“echo Healty > /usr/share/nginx/html/healthz”;
(5)httpGet请求的资源路径为/healthz,地址默认为Pod IP,端口使用容器中定义的端口名称HTTP;
(6)启动后延时30秒开始运行检测;
(7)每隔3秒执行一次liveness probe。
apiVersion: v1
kind: Pod
metadata:
name: liveness-http
namespace: default
spec:
containers:
- name: nginx
image: 192.168.100.10/library/nginx:latest
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- echo Healty > /usr/share/nginx/html/healthz
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 30
periodSeconds: 3
ResourceQuota管理
创建命名空间quota-example,在master节点/root目录下编写yaml文件quota.yaml,具体要求如下:
(1)ResourceQuota名称:compute-resources;
(2)命名空间:quota-example;
(3)命名空间内所有Pod数量不超过4;
(4)命名空间内所有容器内存申请总和不得超过1G;
(5)命名空间内所有内存限制不得超过2G;
(6)命名空间内所有容器申请的CPU不得超过1;
(7)命名空间内所有容器限制的CPU不得超过2。
[root@master ~]# kubectl create ns quota-example
namespace/quota-example created
[root@master ~]# vi quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
namespace: quota-example
spec:
hard:
pods: "4"
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
Volume管理
在master节点/root目录下编写yaml文件emptydir.yaml,具体要求如下:
(1)Pod名称:pod-emptydir;
(2)命名空间:default;
(3)镜像:nginx;
(4)Volume类型:emptyDir;名称data-volume;
(5)挂载路径:/data。
[root@master ~]# vi emptydir.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-emptydir
namespace: default
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- name: data-volume
mountPath: /data
volumes:
- name: data-volume
emptyDir: {}
DaemonSet管理
在master节点/root目录下编写yaml文件daemonset.yaml,具体要求如下:
(1)DaemonSet名称:fluentd;
(2)命名空间:default;
(3)镜像:quay.io/fluentd_elasticsearch/fluentd:v2.5.2;
(4)容器名称:fluentd-container01;
(5)将Pod调度到非污点的节点上。
[root@master ~]# vi daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: default
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: fluentd-container01
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
列出环境内所有的pv并以name字段排序
Kubectl get pv --stor-by=.metadata.name
Kubectl get pv --stor-by=.spec.capacity.storage (以capacity排序)
指定在命名空间内创建一个Pod名称为test,内含四个指定的镜像nginx、redis、memcached、busybox。
kubectl run test --image=nginx --image=redis --image=memcached \
> --image=busybox --restart=Never -n <namespace>
创建一个Pod名称为test,镜像为nginx,Volume名称cache-volume为挂在在/data目录下,且Volume是non-Persistent(不持久的)的。
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: test
image: nginx
volumeMounts:
- mountPath: /data
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
提供一个Pod的yaml,要求添加Init Container,Init Container的作用是创建一个空文件,Pod的Containers判断文件是否存在,不存在则退出。
apiVersion: v1
kind: Pod
metadata:
name: init-demo
spec:
containers:
- name: nginx
image: busybox:1.28
command:['sh', '-c', 'if [ ! -e "/opt/myfile"]; then exit;fi;']
initContainers:
- name: install
image: busybox
command: ['sh', '-c', 'touch /opt/myfile']
列出Service名为test下的Pod并找出使用CPU使用率最高的一个,将Pod名称写入文件中。
Kubectl get svc test -o wide (找到app=xxx)
Kubectl top pods -l ‘app=xxx’
将deployment为nginx-app的副本数从1变成4。
Kubectl scale --replicas=4 deployment nginx-app
创建nginx-app的deployment,使用镜像为nginx:1.11.0-alpine,修改镜像为1.11.3-alpine,并记录升级,再使用回滚,将镜像回滚至nginx:1.11.0-alpine。
# 创建nginx-app的deployment
kubectl run nginx-app --image=nginx:1.11.0-alpine --record #记录
# 修改镜像,nginx-app为container的名字
kubectl set image deployment nginx-app nginx-app=nginx:1.11.3-alipne
# 回滚
kubectl rollout undo deployment nginx-app
创建Secret名为mysecret,内含有password字段,值为bob,然后在Pod1里使用ENV进行调用,Pod2里使用Volume挂载在/data下。
#将密码值使用base64加密,记录在Notepad里
echo -n 'bob' | base64
Ym9i
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque(不透明)
data:
password: Ym9i
pod1.yaml ###使用env进行调用
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef(密钥引用):
name: mysecret
key: password
pod2.yaml ###挂载到data目录下
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: mypod
image: nginx
volumeMounts:
- name: mysecret
mountPath: "/data"
readOnly: true
volumes:
- name: mysecret
secret:
secretName: mysecret
使master节点不可调度,并重新分配该节点上的Pod
#直接drain(驱逐节点上所有pod)会出错,
#需要添加--ignore-daemonsets --delete-local-data参数(忽略守护进程--删除本地数据)
kubectl drain master --ignore-daemonsets --delete-local-data
创建一个pv,类型是hostPath,位于/data中,大小1G,模式ReadOnlyMany
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-host
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
hostPath:
path: /data
创建ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
backend:
serviceName: nginx
serverPort: 80