1.k8s是什麼?
Kubernetes是用于配置,管理和擴充應用程式的容器編排軟體。 換句話說,Kubernetes允許您管理叢集中的容器化應用程式(例如VM叢集或實體計算機叢集中的容器應用)的生命周期。
一個應用程式可能需要許多其他資源才能運作,例如卷,網絡和Secrets資訊,這些資源将幫助完成諸如連接配接資料庫,與防火牆後端通信以及保護密鑰之類的事情。 Kubernetes可以幫助将這些資源添加到應用程式中。應用程式所需的基礎結構資源以聲明方式進行管理。
像Apache Mesos和Docker Swarm一樣,Kubernetes是一個容器編排器,用于供應,管理和擴充應用程式。
The key paradigm of Kubernetes is its declarative model. The user provides the desired state and Kubernetes will do its best to make it happen. If you need five instances, you do not start five separate instances on your own but rather tell Kubernetes that you need five instances, and Kubernetes will reconcile the state automatically. At this point, you simply need to know that you declare the state that you want and Kubernetes makes that happen. If something goes wrong with one of your instances and it crashes, Kubernetes still knows the desired state and creates new instances on an available node.
Kubernetes的關鍵範例是其聲明模型(declarative model)。使用者提供所需的狀态,Kubernetes會盡力做到這一點。如果您需要五個執行個體,則不必自己啟動五個單獨的執行個體,而是告訴Kubernetes您需要五個執行個體,Kubernetes會自動協調狀态。此時,您隻需要知道您聲明了所需的狀态,Kubernetes便會做到這一點。如果您的一個執行個體出了問題并且崩潰了,Kubernetes仍然知道所需的狀态并在可用節點上建立新執行個體。
Kubernetes是由社群開發的,旨在解決容器擴充和管理需求。
2.k8s架構
Kubernetes的核心是資料存儲(存儲資料使用的是etcd資料庫)。 聲明性模型(declarative model)作為對象(object)存儲在資料存儲中,這意味着當您說要使用一個容器的五個執行個體時,該請求将存儲在資料庫etcd中。 請求資訊的更改會被監視,而且請求會被委派給控制器以采取措施。 控制器會對(declarative model)模型做出反應,并嘗試采取措施以達到所需狀态。 Kubernetes的強大之處在于其簡單的模型。
在下圖中,API伺服器是一個簡單的HTTP伺服器,用于處理資料存儲上的建立/讀取/更新/删除(CRUD)操作。 控制器會确定您想要的更改,然後進行更改。
控制器負責執行個體化任何Kubernetes資源所代表的實際資源。 這些實際資源是您的應用程式成功運作所需要的。
3.k8s資源模型
參考資料:https://kubernetes.io/docs/concepts/
Kubernetes基礎架構為每種目的定義了一種資源。 每個資源均由控制器監視和處理。 定義應用程式時,它包含這些資源的集合。 然後,控制器将讀取此集合以建構應用程式的actual backing instances。
k8s裡面的一些資源resource的解釋:
Config maps: holds configuration data for pods to consume
Daemon sets: ensures that each node in the cluster runs this pod
Deployments: defines a desired state of a deployment object
Events: provides life cycle events on pods and other deployment objects
Endpoints: allows an inbound connections to reach the cluster services
Ingress: a collection of rules that allows inbound connections to reach the cluster services
Jobs: creates one or more pods and when they complete successfully, the job is marked as completed
Node: a worker machine in Kubernetes
Namespaces: multiple virtual clusters backed by the same physical cluster
Pods: the smallest deployable units of computing that can be created and managed in Kubernetes
Persistent volumes: provides an API for users and administrators to abstract details about how storage is provided from how it is consumed
Replica sets: ensures that a specified number of pod replicas are running at any given time
Secrets: holds sensitive information, such as passwords, OAuth tokens, and SSH keys
Service accounts: provides an identity for processes that run in a pod
Services: an abstraction that defines a logical set of pods and a policy by which to
access them, sometimes called a microservice
Stateful sets: the workload API object that manages stateful applications
4.pod是什麼?
pod是您可以建立和運作的最小的對象模型。可以給pod添加一個label。當準備擴充應用程式時,可以使用label來告訴Kubernetes需要擴充哪個Pod。pod通常代表叢集中的一個程序。 Pod至少包含一個運作job的容器,此外,其中可能還包含稱為“sidecars”的其他容器,比如用于監視的容器,記錄日志的容器等。本質上,pod是一組容器。
一個app通常是一組Pod組成的。盡管整個應用程式可以在單個Pod中運作,但是通常會建構多個Pod,這些Pod可以互相通信以建立有用的應用程式。
Best practice:在建構應用程式時将應用程式邏輯和後端資料庫分為單獨的Pod可以友善後期更好地進行擴充。
Kubernetes可以人通過Kubectl指令修改資料庫etcd中的模型來管理應用程式以及管理叢集和叢集資源。
指令:
kubectl(建立|擷取|應用|删除)-f myResource.yaml //通常通過YAML來直接操縱資源更加簡單。
Kubernetes使用可用性檢查(活動性探針(liveness probes) )來知道何時重新啟動容器。 例如,活動性探針可以捕獲正在運作應用程式的死鎖。 在這種狀态下重新啟動容器可以幫助使應用程式更有效的運作,盡管可能存在錯誤。
另外,Kubernetes使用就緒檢查來了解容器何時準備開始接受流量。 當pod裡面的所有容器都準備就緒時,将其視為就緒。 此檢查的一種用途是控制将哪些pod用作服務的後端。 如果未準備好pod,則将其從負載均衡器中卸下。
5.應用是如何被deploy到k8s環境中的?
- The user deploys a new app by using the kubectl CLI. Kubectl sends the request to the API server.
- The API server receives the request and stores it in the data store (etcd). After the request is written to the data store, the API server is done with the request.
- Watchers detect the resource changes and send notifications to the Controller to act on those changes.
- The Controller detects the new app and creates new pods to match the desired number of instances. Any changes to the stored model will be used to create or delete pods.
- The Scheduler assigns new pods to a node based on specific criteria. The Scheduler decides on whether to run pods on specific nodes in the cluster. The Scheduler modifies the model with the node information.
- A Kubelet on a node detects a pod with an assignment to itself and deploys the requested containers through the container runtime, for example, Docker. Each node watches the storage to see what pods it is assigned to run. The node takes necessary actions on the resources assigned to it such as to create or delete pods.
- Kubeproxy manages network traffic for the pods, including service discovery and load balancing. Kubeproxy is responsible for communication between pods that want to interact.