.png)
手机流量卡
免费领卡
号卡合伙人
产品服务
关于本站Kubernetes 容器编排实战教程:从入门到生产部署
Kubernetes 作为云原生时代的容器编排王者,已成为 DevOps 工程师的必备技能。本文将从核心概念入手,手把手带你完成集群搭建、配置管理、存储卷、网络策略、HPA 自动扩缩容,最后通过一个完整的实战案例串联所有知识点,助你从入门到实战,全面掌握 K8s 容器编排技术。## 一、Kubernetes 核心概念解析 ### 1.1 Pod:最小调度单元 Pod 是 Kubernetes 中最小的可部署单元,包含一个或多个容器。这些容器共享网络命名空间和存储卷,始终被调度到同一节点上运行。 理解 Pod 的关键点: - 每个 Pod 拥有唯一的 IP 地址 - Pod 内容器通过 localhost 互相访问 - Pod 是临时的,重启后 IP 会变化
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
tier: frontend
spec:
containers:
- name: nginx
image: nginx:1.24
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
restartPolicy: Always
### 1.2 Deployment:声明式应用管理
Deployment 提供了 Pod 的声明式更新能力,支持滚动更新、回滚等高级功能。它通过 ReplicaSet 维护期望的 Pod 副本数量。
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp-deployment
spec:
replicas: 3
selector:
matchLabels:
app: webapp
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: webapp
spec:
containers:
- name: webapp
image: webapp:v1.0
ports:
- containerPort: 8080
env:
- name: ENV
value: "production"
### 1.3 Service:服务发现与负载均衡
Service 为 Pod 提供稳定的访问入口,实现服务发现和负载均衡。主要类型包括 ClusterIP、NodePort、LoadBalancer。
apiVersion: v1
kind: Service
metadata:
name: webapp-service
spec:
type: LoadBalancer
selector:
app: webapp
ports:
- port: 80
targetPort: 8080
protocol: TCP
## 二、集群搭建实战
### 2.1 环境准备
生产环境集群搭建需要准备以下基础设施:
- 3 台 Linux 服务器(1 Master + 2 Worker)
- 操作系统:Ubuntu 22.04 或 CentOS 8
- 硬件配置:Master 节点 4C8G,Worker 节点 2C4G 起
### 2.2 使用 kubeadm 搭建集群
# 所有节点执行:安装容器运行时 sudo apt-get update sudo apt-get install -y containerd # 配置 containerd sudo mkdir -p /etc/containerd containerd config default | sudo tee /etc/containerd/config.toml sudo systemctl restart containerd # 安装 kubeadm、kubelet、kubectl sudo apt-get install -y kubeadm kubelet kubectl # Master 节点初始化集群 sudo kubeadm init --pod-network-cidr=10.244.0.0/16 # 配置 kubectl mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config # 安装网络插件(Flannel) kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml # Worker 节点加入集群 sudo kubeadm join### 2.3 集群状态验证:6443 --token --discovery-token-ca-cert-hash sha256:
# 查看节点状态 kubectl get nodes -o wide # 查看组件状态 kubectl get cs # 查看所有命名空间的 Pod kubectl get pods --all-namespaces## 三、配置管理 ### 3.1 ConfigMap:配置中心 ConfigMap 用于存储非敏感的配置数据,支持通过环境变量或挂载文件的方式注入到 Pod 中。
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: "production"
DATABASE_HOST: "mysql-service"
DATABASE_PORT: "3306"
config.yaml: |
server:
port: 8080
mode: release
log:
level: info
path: /var/log/app
### 3.2 Secret:敏感信息管理
Secret 用于存储密码、密钥等敏感信息,数据以 Base64 编码存储。
apiVersion: v1 kind: Secret metadata: name: db-secret type: Opaque data: username: YWRtaW4= password: cGFzc3dvcmQxMjM= stringData: connection-string: "mysql://admin:password123@mysql-service:3306/appdb"### 3.3 在 Pod 中使用配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-deployment
spec:
replicas: 2
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:v1.0
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: db-secret
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: app-config
## 四、存储卷管理
### 4.1 PV 与 PVC 概述
PersistentVolume(PV)是集群级别的存储资源,PersistentVolumeClaim(PVC)是用户对存储的声明。两者解耦了存储供应与使用。
### 4.2 创建持久化存储
# 定义 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-storage
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-ssd
reclaimPolicy: Retain
---
# 创建 PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: app-data-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: fast-storage
resources:
requests:
storage: 10Gi
### 4.3 在 Pod 中使用存储
apiVersion: v1
kind: Pod
metadata:
name: app-with-storage
spec:
containers:
- name: app
image: nginx
volumeMounts:
- name: data-volume
mountPath: /data
- name: config-volume
mountPath: /etc/nginx/conf.d
readOnly: true
volumes:
- name: data-volume
persistentVolumeClaim:
claimName: app-data-pvc
- name: config-volume
configMap:
name: nginx-config
## 五、网络策略
### 5.1 网络策略概述
NetworkPolicy 用于控制 Pod 之间的网络流量,实现微服务间的访问控制。默认情况下,所有 Pod 可以互相通信,网络策略可以限制这种通信。
### 5.2 实施网络隔离
# 默认拒绝所有入站流量
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
---
# 允许特定 Pod 访问
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend
namespace: production
spec:
podSelector:
matchLabels:
tier: backend
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
tier: frontend
ports:
- protocol: TCP
port: 8080
### 5.3 多层架构网络隔离示例
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-network-policy
spec:
podSelector:
matchLabels:
app: mysql
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: backend
ports:
- port: 3306
protocol: TCP
egress:
- to:
- podSelector:
matchLabels:
app: backend
ports:
- port: 3306
protocol: TCP
## 六、HPA 自动扩缩容
### 6.1 HPA 工作原理
Horizontal Pod Autoscaler(HPA)根据 CPU 使用率、内存使用率或自定义指标自动调整 Deployment 的副本数量,实现弹性伸缩。
### 6.2 配置 HPA
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: webapp-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: webapp-deployment
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Pods
value: 2
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
### 6.3 HPA 运维命令
# 查看 HPA 状态 kubectl get hpa # 查看 HPA 详细信息 kubectl describe hpa webapp-hpa # 手动调整副本数测试 kubectl scale deployment webapp-deployment --replicas=5 # 查看自动扩缩容事件 kubectl get events --field-selector reason=Scaled## 七、实战案例:部署微服务应用 ### 7.1 架构设计 我们将部署一个完整的微服务应用,包含: - 前端服务(Nginx) - 后端 API 服务 - 数据库(MySQL) - 缓存(Redis) ### 7.2 完整部署清单
# 命名空间
apiVersion: v1
kind: Namespace
metadata:
name: microservices
---
# 数据库 Secret
apiVersion: v1
kind: Secret
metadata:
name: db-credentials
namespace: microservices
type: Opaque
stringData:
root-password: "MySecurePassword123"
database: "appdb"
---
# Redis 部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: microservices
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
ports:
- containerPort: 6379
resources:
requests:
memory: "64Mi"
cpu: "100m"
---
# Redis Service
apiVersion: v1
kind: Service
metadata:
name: redis-service
namespace: microservices
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
---
# MySQL 部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: microservices
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: root-password
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: db-credentials
key: database
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-storage
emptyDir: {}
---
# MySQL Service
apiVersion: v1
kind: Service
metadata:
name: mysql-service
namespace: microservices
spec:
selector:
app: mysql
ports:
- port: 3306
targetPort: 3306
---
# 后端 API 部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-server
namespace: microservices
spec:
replicas: 3
selector:
matchLabels:
app: api-server
template:
metadata:
labels:
app: api-server
spec:
containers:
- name: api
image: node:18-alpine
command: ["node", "/app/server.js"]
ports:
- containerPort: 3000
env:
- name: DB_HOST
value: "mysql-service"
- name: REDIS_HOST
value: "redis-service"
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "500m"
---
# 后端 API Service
apiVersion: v1
kind: Service
metadata:
name: api-service
namespace: microservices
spec:
selector:
app: api-server
ports:
- port: 80
targetPort: 3000
---
# HPA 配置
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: api-hpa
namespace: microservices
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: api-server
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
---
# 网络策略
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-network-policy
namespace: microservices
spec:
podSelector:
matchLabels:
app: api-server
policyTypes:
- Ingress
- Egress
ingress:
- from: []
ports:
- port: 3000
egress:
- to:
- podSelector:
matchLabels:
app: mysql
ports:
- port: 3306
- to:
- podSelector:
matchLabels:
app: redis
ports:
- port: 6379
### 7.3 部署与验证
# 应用所有配置 kubectl apply -f microservices-deployment.yaml # 查看部署状态 kubectl get all -n microservices # 查看 Pod 日志 kubectl logs -f deployment/api-server -n microservices # 测试服务连通性 kubectl run test --image=busybox -it --rm --restart=Never -- wget -qO- http://api-service.microservices.svc.cluster.local # 清理资源 kubectl delete namespace microservices## 总结 本文系统讲解了 Kubernetes 容器编排的核心技能: 1. **核心概念**:Pod 是最小调度单元,Deployment 实现声明式管理,Service 提供服务发现 2. **集群搭建**:使用 kubeadm 快速搭建生产级 K8s 集群 3. **配置管理**:ConfigMap 和 Secret 实现配置与镜像解耦 4. **存储卷**:PV/PVC 机制实现持久化存储的动态供给 5. **网络策略**:NetworkPolicy 实现微服务间的访问控制 6. **HPA 自动扩缩容**:基于资源指标实现弹性伸缩 掌握这些核心技能,你已经具备了在生产环境中使用 Kubernetes 的能力。建议在实际项目中多加练习,深入理解每个组件的工作原理,逐步积累运维经验。K8s 生态庞大,持续学习是保持竞争力的关键。
本文链接:https://www.kkkliao.cn/?id=963 转载需授权!
版权声明:本文由廖万里的博客发布,如需转载请注明出处。
