完全重装docker,在docker ui 的右上角有个炸弹图标, 点击reset然后恢复到出厂设置.

安装kubectl v1.17.4

brew install kubernetes-cli

# 或已经装过， 升级一下
brew upgrade kubernetes-cli

详见： https://kubernetes.io/docs/tasks/tools/install-kubectl/

docker-for-desktop 2020

千万不要勾Enable kubernetes, 我们的奇葩网络会一直显示Kubernetes is starting..

按照这里的来 https://github.com/AliyunContainerService/k8s-for-docker-desktop

我装好了最新的docker ce 2.2.0.4 显示的docker engine为 19.03.8 显示的Kubernetes为v1.15.5

所以我先切换到了 v1.15.5分支

git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop
cd k8s-for-docker-desktop
git checkout v1.15.5
./load_images.sh
然后等待k8s相关的几个image下载完成
最后重启docker ce 勾选Enable Kubernetes

最后这个repo 的 README中还有一些关于kubernetes的骚操作， 挨着做一遍

docker-for-desktop 2018笔记

详见: Tutorial : Getting Started with Kubernetes with Docker on Mac

和minikube对比: Local Kubernetes for Mac– MiniKube vs Docker Desktop

docker自带的kubernetes叫docker-for-desktop, 在docker app中勾上enable kubernetes便会自动安装(需要装很长时间), 对应的配置文件~/.kube/config.

This will start a single node Kubernetes cluster for you and install the kubectl command line utility as well. This might take a while, but the dialog will let you know once the Kubernetes cluster is ready.

阿里云Docker社区版中Kubernetes开发

也可以不用docker中集成的kubernetes, 选择安装minikube, 装好后. 在docker app的右键菜单中会出来minikube, 如下

切换 kubernetes context

kubectl config get-contexts
kubectl config use-context docker-for-desktop
kubectl config use-context minikube

安装部署并打开Dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml
kubectl proxy

访问: http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy

测试

kubectl version # 显示kubectl命令行及k8s服务端的版本
kubectl cluster-info # 查看集群信息
kubectl config view # 显示当前kubectl配置
kubectl get node # 查看集群中结点
kubectl api-versions # 查看API-Server支持的API版本集合
kubectl run nginx --image=nginx:1.12.2
kubectl get deploy
kubectl get deploy nginx

kubectl describe deploy nginx
kubectl get rs

创建资源

kubectl create -f <res.yaml> # 按照yaml文件创建资源
kubectl run <name> --image=<image> # 使用某镜像创建Deployment

检查与调试

kubectl get <type> <name>  # 查看某种类型资源
kubectl describe <type> <name> # 检查某特定资源实例
kubectl logs # 检查某POD的日志(标准输出)
kubectl exec -it pod_id # 在容器内执行命令

kubectl expose deploy nginx --type=NodePort --name=nginx-ext --port=80
kubectl get ep # endpoints
kubectl scale deploy nginx --replicas=3

公司的macOS (怀疑是公司的软件不允许跑minikube)

E1017 10:19:51.388141    2212 start.go:168] Error starting host: Error creating host: Error executing step: Creating VM.
: Unable to start the VM: /usr/local/bin/VBoxManage startvm minikube --type headless failed:
VBoxManage: error: The virtual machine 'minikube' has terminated unexpectedly during startup with exit code 1 (0x1)
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine
.

➜  ~ kubectl get pods -o wide
NAME          READY   STATUS    RESTARTS   AGE   IP          NODE
kubia-4h2kb   1/1     Running   0          8m    10.1.0.13   docker-for-desktop
kubia-nh7qx   1/1     Running   0          8m    10.1.0.14   docker-for-desktop
kubia-wqx59   1/1     Running   0          27m   10.1.0.12   docker-for-desktop

Docker for Mac with Kubernetes — Enable K8S Dashboard

k8s qa

If I build image with an old tag and push to registry. will k8s pull this image? (imagePullPolicy: IfNotPresent)

k8s考试题目: https://vitalflux.com/tag/kubernetes/

port

简明定义

Port: Port is the port number which makes a service visible to other services running within the same K8s cluster. In other words, in case a service wants to invoke another service running within the same Kubernetes cluster, it will be able to do so using port specified against “port” in the service spec file.

Target Port: Target port is the port on the POD where the service is running.

Nodeport: Node port is the port on which the service can be accessed from external users using Kube-Proxy.

containerPort containerPort which is similar as targetPort , it is used in pod definition yaml.

来自: https://vitalflux.com/kubernetes-port-targetport-and-nodeport/

for a pod, what's the difference between containerPort and

for a service what's difference between targetPort and nodePort what is nodePort, when to use and why don't we use? https://stackoverflow.com/questions/41509439/whats-the-difference-between-clusterip-nodeport-and-loadbalancer-service-types

What does it mean for a Service to be of type NodePort, and have both port and targetPort specified? (两个答案都要读100遍) https://stackoverflow.com/questions/41963433/what-does-it-mean-for-a-service-to-be-of-type-nodeport-and-have-both-port-and-t

nodePort is the port that a client outside of the cluster will "see". nodePort is opened on every node in your cluster via kube-proxy. With iptables magic Kubernetes (k8s) then routes traffic from that port to a matching service pod (even if that pod is running on a completely different node).

port is the port your service listens on inside the cluster(service to service communication inside your cluster). Let's take this example:

---
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  ports:
  - port: 8080
    targetPort: 8070 (可选的, 默认等于port)
    nodePort: 31222
    protocol: TCP 
  selector:
    component: my-service-app

From inside my k8s cluster this service will be reachable via my-service.default.svc.cluster.local:8080 (service to service communication inside your cluster) and any request reaching there is forwarded to a running pod on targetPort 8070.

tagetPort is also by default the same value as port if not specified otherwise.

"nodePort -> port -> targetPort

nodePort is unique, so 2 different services cannot have the same nodePort assigned. Once declared, the k8s master reserves that nodePort for that service. nodePort is then opened on EVERY node (master and worker) - also the nodes that do not run a pod of that service - k8s iptables magic takes care of the routing. That way you can make your service request from outside your k8s cluster to any node on nodePort without worrying whether a pod is scheduled there or not.

From the #kubernetes-users Slack channel: "the nodePort routes to the service, which in turn routes to the pod / if you hit the service directly then the nodePort step is skipped / the 'magical routing' is handled by kube-proxy". This led me to say (using invented notation): "nodePort -> port -> targetPort, not nodePort -> targetPort && port -> targetPort".

POD

docker的运行单元是container k8s的运行单元是pod (pod的IP地址是动态变化的)

deployment基础配置

https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/

关于service

Now that we know our pod is working, lets make it accessible to the public internet. For this, we need to add a new Kubernetes resource that will provision a public public IP address and route incoming requests to our pod. This can be accomplished using a Kubernetes resource called a Service.

要读的: Kubernetes: Exposing Pods as a Service https://www.stratoscale.com/blog/kubernetes/kubernetes-exposing-pods-service/

service的官方文档: https://kubernetes.io/docs/concepts/services-networking/service/

为什么要有服务? http://dockone.io/article/8426 服务是在Pod之上抽象的一层，用于给特定一组Pod分配单独虚拟IP地址的技术

IBM k8s badge中用的NodePort K8s 101中用的LoadBalancer SmartSpeaker没写service的type.

到底用哪个? Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what?

关于ingress

Kubernetes Ingress https://medium.com/@cashisclay/kubernetes-ingress-82aa960f658e

Ingress Controller and Kubernetes Using Minikube — a Tiny Demonstration https://medium.com/@schogini/ingress-controller-and-kubernetes-using-minikube-a-tiny-demonstration-63c2a73e2803

Ingress的官方文档 https://kubernetes.io/docs/concepts/services-networking/ingress/

Setting up Ingress on Minikube https://medium.com/@Oskarr3/setting-up-ingress-on-minikube-6ae825e98f82

apiVersion: v1
kind: Pod
metadata:
  name: spring-pod
spec:
  containers:
  - image: chkrishna/springdemoapp:latest
    name: spring-demoapp
    ports:
    - containerPort: 8080
      hostPort: 9090
      protocol: TCP

uniquejava / blog

kubernetes #239

入门 Kubernetes 101

进阶 ALL THINGS KUBERNETES

Lab & IBM badge