HackMD
K8S筆記
在k8s建立pods,第一次輸入視為create,之後info會提示是否update
docker run -t
kubectl apply -f <file name or directory> kubectl apply -f pod.yaml
列出pod列表
kubectl get pods
列出所有列表
kubectl get all
將本地端口轉發到k8s集群端口
kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT kubectl port-forward pod/auth-service 8080:80
修改config後apply,查看更新狀況,一直沒成功會time out
kubectl rollout status deployment auth-service-deployment
重啟pod
kubectl rollout restart deployment <deployment_name> -n <namespace>
服務有異常,回滾至上個版本
kubectl rollout undo deployment auth-service-deployment –record
回滾至指定版本
kubectl rollout undo deployment auth-service-deployment –to-revision=1 –record
列出所有port-forward process
ps -ef|grep port-forward
停止監聽process
kill -9 <process number>
進入容器
kubectl exec -it POD_NAME – sh
刪除namespace底下的所有容器
kubectl delete ns NAME_SPACE
下載dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
開啟API Server
kubectl proxy
生成token
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-system-default
labels:
k8s-app: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: kube-system
apiVersion: v1
kind: Secret
metadata:
name: default
namespace: kube-system
labels:
k8s-app: kube-system
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF
打印token
TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
kubectl config set-credentials docker-desktop –token="${TOKEN}"
echo $TOKEN
透過Ingress實現nginx
透過.yaml安裝
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml
範例
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
ingressClassName: nginx
defaultBackend: <!-- 在沒有規定其他port號下,預設會導向odin-service的8000port -->
service:
name: odin-service
port:
number: 8000
apiVersion: v1
kind: Service
metadata:
name: odin-service
spec:
selector:
type: demo
type: NodePort
ports:
- protocol: TCP
port: 8000
targetPort: 80
nodePort: 30390
Deployment "auth-service-deployment" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"type":"demo1"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable
當更改selector,需要刪除服務在新建
// deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: chat-service-deployment
labels:
type: chat-demo
spec:
replicas: 1
selector:
matchLabels:
type: chat-demo
template:
metadata:
labels:
type: chat-demo
spec:
restartPolicy: Always //default
containers:
- name: chat-service
image: odinveve/chat-service
ports:
- containerPort: 8080
- Always: Pod終止就重啟, 此為default設定。
- OnFailure: Pod發生錯誤時才重啟。
- Never: 從不重啟。
基本部署種類
k8s目前簡單的種類有兩種,重建部署策略(Recreate)、滾動部署(Ramped aka. Rolling-update)
// app-v1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-service-deployment
labels:
app: auth-service
spec:
replicas: 3
strategy:
type: RollingUpdate //default
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: auth-service
template:
metadata:
labels:
app: auth-service
version: v1
spec:
containers:
- name: auth-service
image: odinveve/auth-service
ports:
- containerPort: 8080
由於k8s server API沒有stop這個概念,若要關閉了話,直接吧replicas設成0即可
刪除全部
kubectl delete all –all –namespace default
Minikube
啟動dashboard
minikube dashboard
service為loadBalancer時,要expose去建立外部IP(測試會需要)
minikube tunnel
為service建立通道,並返回一個可造訪的URL
minikube service <service_name> -n <sn>
