Day09-StatefuleSet控制器
- 0、昨日内容回顾
- 1、StatefulSets控制器
- 1.1 StatefulSet概述
- 1.2 StatefulSets控制器-网络唯一标识之headless
- 1.3 StatefulSets控制器-独享存储
- 2、metric-server
- 2.1 metric-server概述
- 2.2 部署metric-server:
- 2.3 hpa案例
- 3、helm概述
- 3.1 安装helm
- 3.2 helm部署服务
- 3.3 helm的升级
- 3.3.1 基于文件的方式升级应用
- 3.3.2 基于传参的方式升级应用
- 3.4 helm的回滚
- 3.5 共有helm仓库管理
- 3.6 暴露Pod的方式
- 3.7 Ingress控制器工作原理图解
- 3.8 使用helm安装traefik程序
0、昨日内容回顾
-
RBAC认证
- 角色:
- Role:
属于某个名称空间。而是资源是否支持名称空间。 - ClusterRole
全局资源。
- Role:
- 主体:
- User
CN
- Group
O
- ServiceAccount
sa - 主体和角色绑定:
- RoleBinding
- ClusterRoleBinding
- 角色:
-
管理K8s集群的方式:
-
kubectl:
kubectl --kubeconfig=xxx.kubeconfig -
图形化管理:
-
单套机群:
- Dashboard:
- token
- kubeconig
- Dashboard:
-
K8S自动化运维平台: (互联网公司,医疗,)
- 运维架构师,云计算讲师,
- 运维开发: … 25K-35K
- 容器运维: … 15K-25K
- 应用运维: … 10K-15K
- IDC运维
- 网络运维
-
开源的管理方式:
- rancher
- kubesphere
-
-
-
pv,pvc,sc
- pv:
和后端存储关联的资源。 - pvc:
根据用户需要的资源自动关联相应的pv,为Pod提供存储卷。 - sc:
自动创建pv的一种存储类,pvc可以指定去哪个sc申请资源。
- pv:
今日内容预告:
- Ingress:
- StatefulSet:
- metric-server:
- helm:
- 项目一: Jenkins集成K8S实战。
1、StatefulSets控制器
1.1 StatefulSet概述
以Nginx的为例,当任意一个Nginx挂掉,其处理的逻辑是相同的,即仅需重新创建一个Pod副本即可,这类服务我们称之为无状态服务。
以MySQL主从同步为例,master,slave两个库任意一个库挂掉,其处理逻辑是不相同的,这类服务我们称之为有状态服务。
有状态服务面临的难题:
(1)启动/停止顺序;
(2)pod实例的数据是独立存储;
(3)需要固定的IP地址或者主机名;
StatefulSet一般用于有状态服务,StatefulSets对于需要满足以下一个或多个需求的应用程序很有价值。
(1)稳定唯一的网络标识符。
(2)稳定独立持久的存储。
(4)有序优雅的部署和缩放。
(5)有序自动的滚动更新。
稳定的网络标识:
其本质对应的是一个service资源,只不过这个service没有定义VIP,我们称之为headless service,即"无头服务"。
通过"headless service"来维护Pod的网络身份,会为每个Pod分配一个数字编号并且按照编号顺序部署。
综上所述,无头服务("headless service")要求满足以下两点:
(1)将svc资源的clusterIP字段设置None,即"clusterIP: None";
(2)将sts资源的serviceName字段声明为无头服务的名称;
独享存储:
Statefulset的存储卷使用VolumeClaimTemplate创建,称为"存储卷申请模板"。
当sts资源使用VolumeClaimTemplate创建一个PVC时,同样也会为每个Pod分配并创建唯一的pvc编号,每个pvc绑定对应pv,从而保证每个Pod都有独立的存储。
1.2 StatefulSets控制器-网络唯一标识之headless
(1)编写资源清单
[root@k8s231.oldboyedu.com statefulsets]# cat > 01-statefulset-headless-network.yaml <<'EOF'
apiVersion: v1
kind: Service
metadata:
name: linux-headless
spec:
ports:
- port: 80
name: web
# 将clusterIP字段设置为None表示为一个无头服务,即svc将不会分配VIP。
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: linux-web-sts
spec:
selector:
matchLabels:
app: nginx
# 声明无头服务
serviceName: linux-headless
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: harbor.oldboyedu.com/web/apps:v1
EOF
(2)使用响应式API创建测试Pod
[root@k8s231.oldboyedu.com statefulsets]# kubectl run -it dns-test --rm --image=harbor.oldboyedu.com/linux/alpine -- sh
If you don't see a command prompt, try pressing enter.
/ #
/ #
/ # for i in `seq 0 2`;do ping linux-web-sts-${i}.linux-headless.default.svc.oldboyedu.com -c 3;done
PING linux-web-sts-0.linux-headless.default.svc.oldboyedu.com (10.100.3.36): 56 data bytes
64 bytes from 10.100.3.36: seq=0 ttl=64 time=0.287 ms
64 bytes from 10.100.3.36: seq=1 ttl=64 time=0.071 ms
64 bytes from 10.100.3.36: seq=2 ttl=64 time=0.070 ms
--- linux-web-sts-0.linux-headless.default.svc.oldboyedu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.142/0.287 ms
PING linux-web-sts-1.linux-headless.default.svc.oldboyedu.com (10.100.1.223): 56 data bytes
64 bytes from 10.100.1.223: seq=0 ttl=62 time=1.432 ms
64 bytes from 10.100.1.223: seq=1 ttl=62 time=0.462 ms
64 bytes from 10.100.1.223: seq=2 ttl=62 time=0.474 ms
--- linux-web-sts-1.linux-headless.default.svc.oldboyedu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.462/0.789/1.432 ms
PING linux-web-sts-2.linux-headless.default.svc.oldboyedu.com (10.100.3.37): 56 data bytes
64 bytes from 10.100.3.37: seq=0 ttl=64 time=0.114 ms
64 bytes from 10.100.3.37: seq=1 ttl=64 time=0.068 ms
64 bytes from 10.100.3.37: seq=2 ttl=64 time=0.068 ms
--- linux-web-sts-2.linux-headless.default.svc.oldboyedu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.068/0.083/0.114 ms
/ #
1.3 StatefulSets控制器-独享存储
(1)编写资源清单
[root@k8s231.oldboyedu.com statefulsets]# cat > 02-statefulset-headless-volumeClaimTemplates.yaml <<'EOF'
apiVersion: v1
kind: Service
metadata:
name: linux-headless-volume
spec:
ports:
- port: 80
name: web
clusterIP: None
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: linux-web-sts-volume
spec:
selector:
matchLabels:
apps: nginx
serviceName: linux-headless-volume
replicas: 3
# 卷申请模板,会为每个Pod去创建唯一的pvc并与之关联哟!
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
# 声明咱们自定义的动态存储类,即sc资源。
storageClassName: "managed-nfs-storage"
resources:
requests:
storage: 2Gi
template:
metadata:
labels:
apps: nginx
spec:
containers:
- name: nginx
image: harbor.oldboyedu.com/web/apps:v1
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux-sts-svc
spec:
selector:
apps: nginx
ports:
- port: 80
targetPort: 80
EOF
(2)连接到Pod逐个修改nginx首页文件
[root@k8s231.oldboyedu.com statefulsets]# kubectl exec -it linux-web-sts-volume-0 -- sh
/ #
/ # echo 'www.oldboyedu.com v0.1' > /usr/share/nginx/html/index.html
/ #
/ # exit
[root@k8s231.oldboyedu.com statefulsets]#
[root@k8s231.oldboyedu.com statefulsets]# kubectl exec -it linux-web-sts-volume-1 -- sh
/ #
/ # echo 'www.oldboyedu.com v0.2' > /usr/share/nginx/html/index.html
/ #
/ # exit
[root@k8s231.oldboyedu.com statefulsets]#
[root@k8s231.oldboyedu.com statefulsets]# kubectl exec -it linux-web-sts-volume-2 -- sh
/ #
/ # echo 'www.oldboyedu.com v0.3' > /usr/share/nginx/html/index.html
/ #
/ # exit
[root@k8s231.oldboyedu.com statefulsets]#
(3)测试SVC访问
测试方式1:
[root@k8s231.oldboyedu.com statefulsets]# kubectl get svc oldboyedu-linux-sts-svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux-sts-svc ClusterIP 10.200.161.211 <none> 80/TCP 10m
[root@k8s231.oldboyedu.com statefulsets]#
[root@k8s231.oldboyedu.com statefulsets]# for i in `seq 1000`;do curl 10.200.161.211;sleep 0.5; done
测试方式2:
[root@k8s231.oldboyedu.com statefulsets]# vim /etc/resolv.conf # 不修改宿主机的配置文件的话,可以直接启动pod进行测试即可。
...
nameserver 10.200.0.10
[root@k8s231.oldboyedu.com statefulsets]# for i in `seq 1000`;do curl oldboyedu-linux-sts-svc.default.svc.oldboyedu.com;sleep 0.5; done
2、metric-server
2.1 metric-server概述
Metrics Server从kubelets收集资源指标,并通过Metrics API将它们暴露在Kubernetes apiserver中,以供HPA(Horizontal Pod Autoscaler)和VPA(Vertical Pod Autoscaler)使用。
Metrics API也可以通过kubectl top访问,从而更容易调试自动缩放管道。
参考链接:
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/metrics-server
https://kubernetes.io/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/
https://github.com/kubernetes-sigs/metrics-server
2.2 部署metric-server:
(1)下载资源清单
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml
(2)修改资源清单,修改deploy资源两处
[root@k8s231.oldboyedu.com metrics-server]# vim high-availability-1.21+.yaml
...
apiVersion: apps/v1
kind: Deployment
...
spec:
...
template:
...
spec:
# 在args后添加"--kubelet-insecure-tls",和"image"字段。
- args:
- --kubelet-insecure-tls
# image: registry.k8s.io/metrics-server/metrics-server:v0.6.3
image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.3
(3)创建应用
[root@k8s231.oldboyedu.com metrics-server]# kubectl apply -f high-availability-1.21+.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
poddisruptionbudget.policy/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@k8s231.oldboyedu.com metrics-server]#
(4)检查状态
[root@k8s231.oldboyedu.com metrics-server]# kubectl -n kube-system get pods | grep metrics-server
metrics-server-848678b447-kztmz 1/1 Running 0 5m47s
metrics-server-848678b447-rh6p6 1/1 Running 0 5m47s
[root@k8s231.oldboyedu.com metrics-server]#
(5)验证 metrics-server是否正常
[root@k8s231.oldboyedu.com metrics-server]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s231.oldboyedu.com 168m 8% 1464Mi 39%
k8s232.oldboyedu.com 53m 2% 663Mi 18%
k8s233.oldboyedu.com 52m 2% 680Mi 18%
[root@k8s231.oldboyedu.com metrics-server]#
[root@k8s231.oldboyedu.com metrics-server]# kubectl top pods
NAME CPU(cores) MEMORY(bytes)
linux-web-sts-volume-0 0m 1Mi
linux-web-sts-volume-1 0m 1Mi
linux-web-sts-volume-2 0m 1Mi
nfs-client-provisioner-69b9bbb79f-sj26j 3m 15Mi
[root@k8s231.oldboyedu.com metrics-server]#
2.3 hpa案例
(1)创建资源清单
[root@k8s231.oldboyedu.com horizontalpodautoscalers]# cat 01-deploy-stress.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: oldboyedu-linux85-stress
spec:
replicas: 1
selector:
matchExpressions:
- key: apps
operator: Exists
template:
metadata:
labels:
apps: stress
spec:
containers:
- name: web
image: jasonyin2020/oldboyedu-linux-tools:v0.1
command:
- tail
- -f
- /etc/hosts
resources:
requests:
cpu: 500m
memory: 200M
limits:
cpu: 1
memory: 500M
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
(2)创建hpa规则,最小要运行2个Pod,最多运行5个Pod
- 响应式创建规则:
[root@k8s231.oldboyedu.com horizontalpodautoscalers]# kubectl autoscale deployment oldboyedu-linux85-stress --min=2 --max=5 --cpu-percent=80
horizontalpodautoscaler.autoscaling/oldboyedu-linux85-stress autoscaled
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
- 声明式创建规则:
[root@k8s231.oldboyedu.com horizontalpodautoscalers]# cat 02-hpa.yaml
# 指定Api的版本号
apiVersion: autoscaling/v2
# 指定资源类型
kind: HorizontalPodAutoscaler
# 指定hpa源数据信息
metadata:
# 指定名称
name: oldboyedu-linux85-stress
# 指定名称空间
namespace: default
# 用户的期望状态
spec:
# 指定最大的Pod副本数量
maxReplicas: 5
# 指定监控指标
metrics:
# 指定资源限制
- resource:
# 指定资源限制的名称
name: cpu
# 指定限制的阈值
target:
averageUtilization: 80
type: Utilization
type: Resource
# 指定最小的Pod副本数量
minReplicas: 2
# 当前的hpa规则应用在哪个资源
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: oldboyedu-linux85-stress
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
(3)压力测试
[root@k8s231.oldboyedu.com ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-69b9bbb79f-sj26j 1/1 Running 0 157m
oldboyedu-linux85-stress-6d58b8cb88-4qtvk 1/1 Running 0 7m44s
oldboyedu-linux85-stress-6d58b8cb88-kkmr9 1/1 Running 0 4m46s
oldboyedu-linux85-stress-6d58b8cb88-w77xj 1/1 Running 0 75s
[root@k8s231.oldboyedu.com ~]#
[root@k8s231.oldboyedu.com ~]#
[root@k8s231.oldboyedu.com ~]# kubectl exec oldboyedu-linux85-stress-6d58b8cb88-4qtvk -- stress -c 4 --verbose --timeout 10m
stress: info: [6] dispatching hogs: 4 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [6] using backoff sleep of 12000us
stress: dbug: [6] setting timeout to 600s
stress: dbug: [6] --> hogcpu worker 4 [12] forked
stress: dbug: [6] using backoff sleep of 9000us
stress: dbug: [6] setting timeout to 600s
stress: dbug: [6] --> hogcpu worker 3 [13] forked
stress: dbug: [6] using backoff sleep of 6000us
stress: dbug: [6] setting timeout to 600s
stress: dbug: [6] --> hogcpu worker 2 [14] forked
...
(4)观察Pod的副本数量
[root@k8s231.oldboyedu.com horizontalpodautoscalers]# kubectl get hpa
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
oldboyedu-linux85-stress Deployment/oldboyedu-linux85-stress 138%/80% 2 5 5 18m
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
[root@k8s231.oldboyedu.com horizontalpodautoscalers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-69b9bbb79f-sj26j 1/1 Running 0 171m
oldboyedu-linux85-stress-6d58b8cb88-4qtvk 1/1 Running 0 20m
oldboyedu-linux85-stress-6d58b8cb88-dx27m 1/1 Running 0 12m
oldboyedu-linux85-stress-6d58b8cb88-kkmr9 1/1 Running 0 17m
oldboyedu-linux85-stress-6d58b8cb88-qxcc2 1/1 Running 0 12m
oldboyedu-linux85-stress-6d58b8cb88-w77xj 1/1 Running 0 14m
[root@k8s231.oldboyedu.com horizontalpodautoscalers]#
3、helm概述
如上图所示,Helm目前有两个版本,即V2和V3。
2019年11月Helm团队发布V3版本,相比v2版本最大变化是将Tiller删除,并大部分代码重构。
helm v3相比helm v2还做了很多优化,比如不同命名空间资源同名的情况在v3版本是允许的,我们在生产环境中使用建议大家使用v3版本,不仅仅是因为它版本功能较强,而且相对来说也更加稳定了。
官方地址:
https://helm.sh/docs/intro/install/
github地址:
https://github.com/helm/helm/releases
3.1 安装helm
- 下载helm
[root@k8s231.oldboyedu.com helm]# wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
- 解压helm程序到指定目录(此处不解压README.MD文档及授权文件信息)
[root@k8s231.oldboyedu.com helm]# tar xf helm-v3.9.0-linux-amd64.tar.gz -C /usr/local/sbin/ linux-amd64/helm --strip-components=1
"--strip-components":
跳过解压目录的前缀路径。
- 验证helm安装成功
[root@k8s231.oldboyedu.com helm]# helm version
version.BuildInfo{Version:"v3.9.0", GitCommit:"7ceeda6c585217a19a1131663d8cd1f7d641b2a7", GitTreeState:"clean", GoVersion:"go1.17.5"}
[root@k8s231.oldboyedu.com helm]#
- 配置helm命令的自动补全-新手必备
[root@k8s231.oldboyedu.com helm]# helm completion bash > /etc/bash_completion.d/helm
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# source /etc/bash_completion.d/helm
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm # 连续按2次tab键,出现如下内容则成功
completion (generate autocompletion scripts for the specified shell)
create (create a new chart with the given name)
dependency (manage a chart's dependencies)
env (helm client environment information)
get (download extended information of a named release)
help (Help about any command)
...
3.2 helm部署服务
- 管理Chart生命周期初体验
(1)创建chart
[root@k8s231.oldboyedu.com helm]# helm create oldboyedu-linux
Creating oldboyedu-linux
[root@k8s231 helm]# kubectl create ns oldboyedu-helm
namespace/oldboyedu-helm created
[root@k8s231 helm]# kubectl get ns
NAME STATUS AGE
default Active 32d
kube-flannel Active 32d
kube-node-lease Active 32d
kube-public Active 32d
kube-system Active 32d
kubernetes-dashboard Active 2d22h
oldboyedu-helm Active 3s
(3)安装chart
[root@k8s231.oldboyedu.com helm]# helm install web01 oldboyedu-linux -n oldboyedu-helm
NAME: web01
LAST DEPLOYED: Sun Apr 23 15:51:49 2023
NAMESPACE: oldboyedu-helm
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
#######################################
# 欢迎使用老男孩IT教育K8S集群服务系统 #
# 官方网站: #
# www.oldboyedu.com #
#######################################
恭喜您: harbor.oldboyedu.com/web/apps:v1应用已经部署成功
请尝试访问web吧~
[root@k8s231.oldboyedu.com helm]#
(3)卸载chart
[root@k8s231.oldboyedu.com helm]# helm uninstall web01 -n oldboyedu-helm
release "web01" uninstalled
[root@k8s231.oldboyedu.com helm]#
3.3 helm的升级
(1)部署chart
[root@k8s231.oldboyedu.com helm]# helm install web01 oldboyedu-linux -n oldboyedu-helm
(2)查看发现的Release
[root@k8s231.oldboyedu.com helm]# helm list -n oldboyedu-helm
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web01 oldboyedu-helm 1 2023-04-23 16:30:22.790921622 +0800 CST deployed oldboyedu-linux-v0.1 v1
[root@k8s231.oldboyedu.com helm]#
3.3.1 基于文件的方式升级应用
[root@k8s231.oldboyedu.com helm]# cat oldboyedu-linux/values.yaml
oldboyedu_linux_apps:
namespace: oldboyedu-helm
image: harbor.oldboyedu.com/web/apps
tags: v2
replicas: 5
labels:
apps: web
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm upgrade web01 oldboyedu-linux -f oldboyedu-linux/values.yaml -n oldboyedu-helm
Release "web01" has been upgraded. Happy Helming!
NAME: web01
LAST DEPLOYED: Sun Apr 23 16:32:00 2023
NAMESPACE: oldboyedu-helm
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
#######################################
# 欢迎使用老男孩IT教育K8S集群服务系统 #
# 官方网站: #
# www.oldboyedu.com #
#######################################
恭喜您: harbor.oldboyedu.com/web/apps:v2应用已经部署成功
请尝试访问web吧~
[root@k8s231.oldboyedu.com helm]#
(4)再次查看版本
[root@k8s231.oldboyedu.com helm]# helm list -n oldboyedu-helm
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web01 oldboyedu-helm 2 2023-04-23 16:32:00.516613778 +0800 CST deployed oldboyedu-linux-v0.1 v1
[root@k8s231.oldboyedu.com helm]#
(5)验证升级是否成功
[root@k8s231.oldboyedu.com helm]# kubectl get svc -n oldboyedu-helm
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux-web-svc ClusterIP 10.200.246.134 <none> 80/TCP 2m49s
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# curl 10.200.246.134
<h1 style='color: green;'>www.oldboyedu.com v0.2</h1>
[root@k8s231.oldboyedu.com helm]#
3.3.2 基于传参的方式升级应用
[root@k8s231.oldboyedu.com helm]# helm upgrade --set oldboyedu_linux_apps.tags=v3,replicas=2 web01 oldboyedu-linux -n oldboyedu-helm
Release "web01" has been upgraded. Happy Helming!
NAME: web01
LAST DEPLOYED: Sun Apr 23 16:36:35 2023
NAMESPACE: oldboyedu-helm
STATUS: deployed
REVISION: 3
TEST SUITE: None
NOTES:
#######################################
# 欢迎使用老男孩IT教育K8S集群服务系统 #
# 官方网站: #
# www.oldboyedu.com #
#######################################
恭喜您: harbor.oldboyedu.com/web/apps:v3应用已经部署成功
请尝试访问web吧~
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm list -n oldboyedu-helm
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web01 oldboyedu-helm 3 2023-04-23 16:36:35.992389649 +0800 CST deployed oldboyedu-linux-v0.1 v1
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# kubectl get svc -n oldboyedu-helm
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux-web-svc ClusterIP 10.200.246.134 <none> 80/TCP 6m46s
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# curl 10.200.246.134
<h1 style='color: green;'>www.oldboyedu.com v0.3</h1>
[root@k8s231.oldboyedu.com helm]#
3.4 helm的回滚
(1)查看当前的发行版本
[root@k8s231.oldboyedu.com helm]# helm list -n oldboyedu-helm
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
web01 oldboyedu-helm 3 2023-04-23 16:36:35.992389649 +0800 CST deployed oldboyedu-linux-v0.1 v1
[root@k8s231.oldboyedu.com helm]#
(2)查看某个Release发布的历史版本
[root@k8s231.oldboyedu.com helm]# helm history web01 -n oldboyedu-helm
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Sun Apr 23 16:30:22 2023 superseded oldboyedu-linux-v0.1 v1 Install complete
2 Sun Apr 23 16:32:00 2023 superseded oldboyedu-linux-v0.1 v1 Upgrade complete
3 Sun Apr 23 16:36:35 2023 deployed oldboyedu-linux-v0.1 v1 Upgrade complete
[root@k8s231.oldboyedu.com helm]#
(3)回滚到上一个版本
[root@k8s231.oldboyedu.com helm]# helm rollback web01 -n oldboyedu-helm
Rollback was a success! Happy Helming!
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# kubectl get svc -n oldboyedu-helm
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux-web-svc ClusterIP 10.200.246.134 <none> 80/TCP 10m
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# curl 10.200.246.134
<h1 style='color: green;'>www.oldboyedu.com v0.2</h1>
[root@k8s231.oldboyedu.com helm]#
(4)回滚到指定版本
[root@k8s231.oldboyedu.com helm]# helm history web01 -n oldboyedu-helm
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Sun Apr 23 16:30:22 2023 superseded oldboyedu-linux-v0.1 v1 Install complete
2 Sun Apr 23 16:32:00 2023 superseded oldboyedu-linux-v0.1 v1 Upgrade complete
3 Sun Apr 23 16:36:35 2023 superseded oldboyedu-linux-v0.1 v1 Upgrade complete
4 Sun Apr 23 16:40:56 2023 superseded oldboyedu-linux-v0.1 v1 Rollback to 2
5 Sun Apr 23 16:42:10 2023 superseded oldboyedu-linux-v0.1 v1 Rollback to 3
6 Sun Apr 23 16:43:06 2023 deployed oldboyedu-linux-v0.1 v1 Rollback to 4
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm rollback web01 1 -n oldboyedu-helm
Rollback was a success! Happy Helming!
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# kubectl get svc -n oldboyedu-helm
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux-web-svc ClusterIP 10.200.246.134 <none> 80/TCP 13m
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# curl 10.200.246.134
<h1 style='color: green;'>www.oldboyedu.com v0.1</h1>
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm history web01 -n oldboyedu-helm
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION
1 Sun Apr 23 16:30:22 2023 superseded oldboyedu-linux-v0.1 v1 Install complete
2 Sun Apr 23 16:32:00 2023 superseded oldboyedu-linux-v0.1 v1 Upgrade complete
3 Sun Apr 23 16:36:35 2023 superseded oldboyedu-linux-v0.1 v1 Upgrade complete
4 Sun Apr 23 16:40:56 2023 superseded oldboyedu-linux-v0.1 v1 Rollback to 2
5 Sun Apr 23 16:42:10 2023 superseded oldboyedu-linux-v0.1 v1 Rollback to 3
6 Sun Apr 23 16:43:06 2023 superseded oldboyedu-linux-v0.1 v1 Rollback to 4
7 Sun Apr 23 16:44:07 2023 deployed oldboyedu-linux-v0.1 v1 Rollback to 1
[root@k8s231.oldboyedu.com helm]#
(5)卸载Release
[root@k8s231.oldboyedu.com helm]# helm uninstall web01 -n oldboyedu-helm
release "web01" uninstalled
[root@k8s231.oldboyedu.com helm]#
3.5 共有helm仓库管理
(1)添加共有仓库
[root@k8s231.oldboyedu.com helm]# helm repo add oldboyedu-azure http://mirror.azure.cn/kubernetes/charts/
"oldboyedu-azure" has been added to your repositories
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# helm repo add oldboyedu-aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
"oldboyedu-aliyun" has been added to your repositories
[root@k8s231.oldboyedu.com helm]#
(2)查看仓库列表
[root@k8s231.oldboyedu.com helm]# helm repo list
NAME URL
oldboyedu-azure http://mirror.azure.cn/kubernetes/charts/
oldboyedu-aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
[root@k8s231.oldboyedu.com helm]#
(3)搜索关心的chart
[root@k8s231.oldboyedu.com helm]# helm search repo mysql
NAME CHART VERSION APP VERSION DESCRIPTION
oldboyedu-aliyun/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-...
oldboyedu-azure/mysql 1.6.9 5.7.30 DEPRECATED - Fast, reliable, scalable, and easy...
oldboyedu-azure/mysqldump 2.6.2 2.4.1 DEPRECATED! - A Helm chart to help backup MySQL...
...
(4)下载chart
[root@k8s231.oldboyedu.com helm]# helm pull oldboyedu-aliyun/mysql --untar
(5)部署chart,部署过程中可能会遇到坑哟~请自行修改!【考点: deploy,sc,coreDNS】
[root@k8s231.oldboyedu.com helm]# helm install db01 mysql -n oldboyedu-helm
[root@k8s231 helm]# vim mysql/templates/deployment.yaml
# apiVersion: extensions/v1beta1
apiVersion: apps/v1 # 修改
kind: Deployment
.....
spec:
# 添加
selector:
matchLabels:
app: {{ template "mysql.fullname" . }}
[root@k8s231 helm]# vim mysql/values.yaml
## GKE, AWS & OpenStack)
##
# storageClass: "-"
storageClass: "managed-nfs-storage" # 修改
(6)测试链接MySQL
[root@k8s231.oldboyedu.com helm]# MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace oldboyedu-helm db01-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo)
[root@k8s231.oldboyedu.com helm]#
[root@k8s231.oldboyedu.com helm]# kubectl run -it --rm db-client --image=harbor.oldboyedu.com/db/mysql:8.0.32-oracle -- mysql -h db01-mysql.oldboyedu-helm.svc.oldboyedu.com -p$MYSQL_ROOT_PASSWORD
If you don't see a command prompt, try pressing enter.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql>
3.6 暴露Pod的方式
- hostNetwork
- hostPort
- nodePort
- Ingress
- kubectl port-forward
games.oldboyedu.com:8080
www.oldboyedu.com:8080
LB:
- 四层代理:
- 传输层 —> IP:PORT
- 七层代理
- 应用层 —> http|ftp|redis|mysql|…
http: Ingress Contoller --->
nginx
traefik
3.7 Ingress控制器工作原理图解
3.8 使用helm安装traefik程序
(1)添加traefik的helm源
[root@k8s231.oldboyedu.com helm]# helm repo add traefik https://traefik.github.io/charts
"traefik" has been added to your repositories
[root@k8s231.oldboyedu.com helm]#
(2)更新helm的源
[root@k8s231.oldboyedu.com helm]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "oldboyedu-aliyun" chart repository
...Successfully got an update from the "traefik" chart repository
...Successfully got an update from the "oldboyedu-azure" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@k8s231.oldboyedu.com helm]#
(3)拉取官方的traefik的Chart
[root@k8s231.oldboyedu.com helm]# helm pull traefik/traefik --untar
(4)修改Chart的配置文件
[root@k8s231.oldboyedu.com helm]# vim traefik/values.yaml
image:
...
# repository: traefik
repository: harbor.oldboyedu.com/traefik/traefik
service:
...
# type: LoadBalancer
type: NodePort
(5)安装traefik程序
[root@k8s231.oldboyedu.com helm]# helm install traefik traefik
(6)开启traefik的端口转发功能,为了安全起见,helm默认没有开启dashboar,因此需要运维手动暴露
[root@k8s231.oldboyedu.com helm]# kubectl port-forward `kubectl get pods -l "app.kubernetes.io/name=traefik" -o name` --address=0.0.0.0 9000:9000
(7)访问traefik的dashboard页面,如果打不开,将6步骤重新执行下试试看
http://10.0.0.231:9000/dashboard/
今日作业:
- 完成课堂的所有练习并整理思维导图;
- 将"jasonyin2020/oldboyedu-games:v0.1"游戏镜像使用helm部署,请自行设计:
扩展作业:
- 请尝试搭建helm的私有仓库,并将作业2推送到该私有仓库上.
推荐阅读:
https://github.com/helm/chartmuseum
https://hub.docker.com/r/chartmuseum/chartmuseum
