## K8S筆記 ### 在k8s建立pods，第一次輸入視為create，之後info會提示是否update docker run -t kubectl apply -f <file name or directory> ==kubectl apply -f pod.yaml== ### 列出pod列表 kubectl get pods ### 列出所有列表 kubectl get all ### 將本地端口轉發到k8s集群端口 kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT ==kubectl port-forward pod/auth-service 8080:80== ### 修改config後apply,查看更新狀況,一直沒成功會time out kubectl rollout status deployment auth-service-deployment ### 重啟pod kubectl rollout restart deployment <deployment_name> -n <namespace> ### 服務有異常，回滾至上個版本 kubectl rollout undo deployment auth-service-deployment --record ### 回滾至指定版本 kubectl rollout undo deployment auth-service-deployment --to-revision=1 --record ### 列出所有port-forward process ps -ef|grep port-forward ### 停止監聽process kill -9 <process number> ### 進入容器 kubectl exec -it POD_NAME -- sh ### 刪除namespace底下的所有容器 kubectl delete ns NAME_SPACE :::info ### 下載dashboard kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml ### 開啟API Server kubectl proxy ### 生成token kubectl apply -f - <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kube-system-default labels: k8s-app: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: default namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: default namespace: kube-system labels: k8s-app: kube-system annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token EOF 打印token TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}') kubectl config set-credentials docker-desktop --token="${TOKEN}" echo $TOKEN ::: ## 透過Ingress實現nginx ### 透過.yaml安裝 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml ### 範例 ```yaml! apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: ingressClassName: nginx defaultBackend: <!-- 在沒有規定其他port號下，預設會導向odin-service的8000port --> service: name: odin-service port: number: 8000 ``` ```yaml! apiVersion: v1 kind: Service metadata: name: odin-service spec: selector: type: demo type: NodePort ports: - protocol: TCP port: 8000 targetPort: 80 nodePort: 30390 ``` :::warning ==Deployment "auth-service-deployment" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"type":"demo1"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable== 當更改selector,需要刪除服務在新建 ::: ```yaml! // deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: chat-service-deployment labels: type: chat-demo spec: replicas: 1 selector: matchLabels: type: chat-demo template: metadata: labels: type: chat-demo spec: restartPolicy: Always //default containers: - name: chat-service image: odinveve/chat-service ports: - containerPort: 8080 ``` - Always: Pod終止就重啟, 此為default設定。 - OnFailure: Pod發生錯誤時才重啟。 - Never: 從不重啟。 ### 基本部署種類 k8s目前簡單的種類有兩種，重建部署策略(Recreate)、滾動部署（Ramped aka. Rolling-update) ```yaml! // app-v1.yaml apiVersion: apps/v1 kind: Deployment metadata: name: auth-service-deployment labels: app: auth-service spec: replicas: 3 strategy: type: RollingUpdate //default rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: auth-service template: metadata: labels: app: auth-service version: v1 spec: containers: - name: auth-service image: odinveve/auth-service ports: - containerPort: 8080 ``` ### 由於k8s server API沒有==stop==這個概念，若要關閉了話，直接吧==replicas==設成==0==即可 ### 刪除全部 kubectl delete all --all --namespace default ## Minikube ### 啟動dashboard minikube dashboard ### service為loadBalancer時，要expose去建立外部ＩＰ（測試會需要） minikube tunnel ### 為service建立通道，並返回一個可造訪的URL minikube service <service_name> -n <sn>