2.1 K8s资源对象之概述
[root@k8s-master01 ~]# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices apiregistration.k8s.io false APIService
controllerrevisions apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
tokenreviews authentication.k8s.io false TokenReview
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
leases coordination.k8s.io true Lease
events ev events.k8s.io true Event
daemonsets ds extensions true DaemonSet
deployments deploy extensions true Deployment
ingresses ing extensions true Ingress
networkpolicies netpol extensions true NetworkPolicy
podsecuritypolicies psp extensions false PodSecurityPolicy
replicasets rs extensions true ReplicaSet
networkpolicies netpol networking.k8s.io true NetworkPolicy
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io false ClusterRole
rolebindings rbac.authorization.k8s.io true RoleBinding
roles rbac.authorization.k8s.io true Role
priorityclasses pc scheduling.k8s.io false PriorityClass
storageclasses sc storage.k8s.io false StorageClass
volumeattachments storage.k8s.io false VolumeAttachment
[root@k8s-master01 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
k8s中所有的内容都抽象成资源,资源实例化后,成为对象。
- Pod
- ReplicationController(v1.11废弃)、ReplicaSet、Deployment
- StatefulSet
- DaemonSet
- Job、Cronjob
- Service
- Ingress
- Volume
- ConfigMap、Secret
- DownwardAPI:把外部环境信息输出给容器
- CSI:容器存储接口,可以扩展各种各样的第三方存储卷
- Namespace
- Node
- Role
- CluserRole
- Rolebinding
- CluserRolebinding
- StorageClass、pv
- HPA
- PodTemplate
- LimitRange
apiserve仅接受json格式的资源定义,但以使用yaml格式提供配置清单,apiserver会自动将其转换为json格式,而后再提交;大部分资源的配置清单都有5个一级字段:
格式:group/version;version又分为alpha、beta、stable(缺省)
使用kubectl api-versions命令获取可用api,使用kubectl explain Kind_NAME查看某个具体的k8s对象的apiVersion,也可以通过kubectl api-versions查看k8s支持的所有version。
[root@k8s-master01 ~]# kubectl explain deployment
KIND: Deployment
VERSION: apps/v1
......
[root@k8s-master01 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
......
标识yaml定义的资源类型
- name: 资源的名称,实例化对象的名称;同一个kind中,其值是唯一的
- namespace:名称空间,注意:集群级别对象不存在Namespace概念
- lables:标签
- annotaions:注解
- selfLink:自引用,使用curl /api/GOURP/VERSION/namespaces/NAMESPACE/TPYE/NAME访问,例如:/api/v1/namespaces/kube-system/pods/metrics-server-868fdcf88c-lwfr8,可以通过代理来使用selfLink来访问
定义用户期望的状态,desired state。使用kubectl explain pod.spec
spec.containers[]
spec.containers[].name
spec.containers[].image
spec.containers[].imagePullPolicy
spec.containers[].commnad[]
spec.containers[].args[]
spec.containers[].workingDir
spec.containers[].volumeMounts[]
spec.containers[].volumeMounts[].name
spec.containers[].volumeMounts[].mountPath
spec.containers[].volumeMounts[].readOnly
spec.containers[].ports[]
spec.containers[].ports[].name
spec.containers[].ports[].containerPort
spec.containers[].ports[].hostPort
spec.containers[].ports[].protocol
spec.containers[].env[]
spec.containers[].env[].name
spec.containers[].env[].value
spec.containers[].resources
……
spec.restartPolicy
spec.nodeSelector
spec.imagePullSecrets 拉取镜像时使用的secret
spec.hostNetwork 使用主机网络,不使用docker0网桥
本字段由kubenetes集群维护,用户不能定义
- kubectl explain pods 查看pods的相关定义帮助文档
- kubectl explain pods.spec 查看spec的帮助文档
- <string> 表示字符串
- <[]string> 表示字符串列表,由字串组成的列表。也可以使用[]表示
- <map> 表示由key:value组成的字典,也可以使用{}表示
- <Object> 对象,可嵌套的字段
- <[]Object> 对象列表,由对象组成的列表
- kubectl explain pods.spec.containers 查看contianers相关帮助文档
- key首字母小写,后面的每个单词的首字母大写,例如:apiVersion、kind
- value首字母大写,后面的每个单词的首字母大写,即所有单词的首字母都大写,例如:Pod、IfNotPresent
快速生成资源清单的yaml文件,然后在此基础上进行修改:
#方法1:使用kubectl create --dry-run重定向为yaml文件
[root@k8smaster ~]# kubectl create deployment test-pod --image=nginx:latest -o yaml --dry-run >test-pod.yaml
#方法2:将已存在的对象导出yaml文件
[root@k8smaster ~]# kubectl get pods pod-secret -o yaml --export >test-pod.yaml
1、查看pod的事件event
kubectl describe pod PODNAME
2、查看pod内容器的日志
kubectl logs [-f] (PODNAME | TYPE/NAME) [-c CONTAINER]