Notes to Chapter 2 of kubernetes in action

《Kubernetes in Action》 Chapter two notes

The container implements the isolation mechanism

1. namspace Separate system view （ file 、 process 、 Network interface 、 Host name ）
2. cgroups Isolate resources （CPU、 Memory 、 Network bandwidth, etc ）

Advantages of virtual machines over containers

• kernel . The virtual machine runs on its own kernel ; The container calls the same kernel , There will be security risks .

perform docker run <image>

1. Whether the image already exists on this machine
2. If not, pull
3. Create containers based on images
4. Running in a container docker run Specified command
5. The process terminates after output , The container stops running
   docker run busybox echo "Hello world"（ there helloworld It must be right ）
   Output ：

Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
aa2a8d90b84c: Pull complete 
Digest: sha256:be4684e4004560b2cd1f12148b7120b0ea69c385bcc9b12a637537a2c60f97fb
Status: Downloaded newer image for busybox:latest
Hello world

docker Of tag What is it for

There will be multiple versions of the image ,tag Used to distinguish versions , Each version has a unique tag name . Generally, it is specified by default tag by latest That's why you can always see xx:latest This image name .

Build your own mirror image

1. establish Dockerfile（ Pay attention to the same directory as your files ）
2. docker build -t kubia . Don't miss the last . It is required to build a directory called kubia Mirror image
3. Docker Look in this directory Dockerfile And according to the instructions inside （ from docker The client uploads the directory file to the daemon , from docker Daemon ） To build the image （ Therefore, the client and daemon can be on different machines ）

Or not Dockerfile Instead, manually take the final state as the new image after running the command in the container

Image layering

When pulling images, there will be multiple pull complete, This is layer by layer pulling . These layers can be shared by different images . Each layer is downloaded independently , So there is no need to repeatedly download the layers that already exist on the machine .
When building the mirror ,Dockerfile Each individual instruction in creates a new layer .

1. After pulling all layers of the basic image, create a new layer and add your file .
2. Create another layer to specify the commands executed when the image is run .
3. The last layer will be marked your_name:latest It is specified before kubia

List all local images

docker images

Run your new image

docker run --name kubia-container -p 8080:8080 -d kubia

• --name Create a new container with this name
• -d Separate from the command line , Running in the background

But my container doesn't work , from docker Desktop log Found to be app.js A grammatical error of , So the container and image are deleted and recreated , obtain ：

curl localhost:8080
You've hit 380fe46afa1d

ok

View instructions

• Look at the container docker ps ( Running container ,-a Then it includes running and stopped ）
• Look at the mirror image docker images
• View container details docker inspect Container name Will print a long... Containing the bottom information of the container json

Delete instruction

• Delete container docker rm <container-id> Pay attention first stop
• delete mirror docker rmi <image-id>

id It's a hexadecimal number

Run inside the container shell

Multiple processes can be run in a container , If the image contains bash shell Then you can also run one shell.
First use -it Interactive mode ,i Is the standard input stream ,t Is to assign a pseudo terminal .
docker exec -it kubia-container bash
So you can see the process inside the container ：
ps axu
Get the output like this ：

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  1.2 614436 25812 ?        Ssl  02:45   0:00 node app.js
root        12  0.0  0.1  20340  3220 pts/0    Ss   02:55   0:00 bash
root        19  0.0  0.1  17504  2048 pts/0    R+   02:58   0:00 ps axu

It can be used exit To exit the container （ Not stop the container ）.

About docker Daemon

at present docker Rely on some Linux The kernel feature ( such as Cgroup And Namespace） So it must run in linux On the system , If it is mac Will automatically create a linux virtual machine . So how to log in to this virtual machine ？
I'm using Docker Desktop, Set up ->Resources->ADVANCED Pull to the position with virtual machine at the bottom , In about /Users/xxx/Library/Containers/com.docker.docker/Data/vms/0/data There is one Docker.raw file .
But I didn't find what the online article said tty Soft connection , So use the following Method ：
Temporarily build a minimized debian Containers , Specifies that the container runs on pid=host Under the namespace , Then the container runs nsenter command .
principle ：
–rm Indicates that the container will be automatically deleted when exiting ;
–privileged Indicates that the container is allowed to access the host （ That is what we want to login VM） Various devices in ;
–pid=host Indicates that the container is allowed to share the process namespace of the host （namespace）, Or, to put it mildly, it allows the container to see various processes in the host ;
nsenter Is a gadget that allows us to enter a specified namespace Then run the specified command ,ns=namespace,enter= Get into .
namespace It is the foundation of container technology , Basically, we can think namespace It is a group of isolated resources , Different processes can see different system resources .
So you can see the previous app.js(kubia)

/ # ps axu |grep app.js
 6370 root      0:00 node app.js
25933 root      0:00 grep app.js

What does the container stand alone

The file system is independent , The process tree is also independent , So you will see the process id Follow the process on the host id Different .

Push your own image to the image warehouse

Docker Hub
After logging in, you can push images to your image warehouse , But according to Docker Hub To mark .
docker tag kubia xxx/kubia
This will create an additional label for the same image , Point to the same image id.

• Log in on this computer docker hub docker login
• docker push xxx/kubia Push your image
  So others can use it , Or used on other machines , as long as docker run -p 8080:8080 -d xxx/kubia. This application uses node.js It is installed inside the image , So the host does not need to be installed node.js. Applications run in exactly the same environment every time .

Use minikube start-up k8s colony （ A single node ）

install minikube after ,minikube start. It will take a long time , To be patient .
install kubectl, Show cluster information kubectl cluster-info

kubectl cluster-info
Kubernetes master is running at https://192.168.99.100:8443
KubeDNS is running at https://192.168.99.100:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

kubectl The command-line client passes to K8s API The server sends out REST Request to interact with the cluster .

minikube Stop the cluster and other commands

• minikube stop Stop the cluster
• minikube delete Delete cluster
• minikube dashboard Pop up the browser page ： Cluster Overview
• minikube addons list View the list of extensions

kubectl Relevant command

• kubectl get nodes View node status in cluster （ Simple information ）
• kubectl describe node xx View more information about nodes

kubectl The order of

1. install [email protected]（ I am a mac But there's a hole , Use brew install bash-completion To install the default version v1 Corresponding Bash3.2,kubectl The completion script of cannot be adapted bash-completion v1 and Bash 3.2, It must be equipped with bash-completion v2 and Bash 4.1+. So we need to brew install bash）
2. brew info [email protected] Check the information , There will be a sentence Add the following line to your ~/.bash_profile: Add the following sentence to ~/.bash_profile That's all right. . then source ~/.bash_profile.
3. export BASH_COMPLETION_COMPAT_DIR="/usr/local/etc/bash_completion.d" [[ -r "/usr/local/etc/profile.d/bash_completion.sh" ]] && . "/usr/local/etc/profile.d/bash_completion.sh"
   But keep reporting the wrong . Later, it was found that it was written in the official document ：

If you use Homebrew Installed kubectl（ As mentioned above ）, that kubectl The completion script should have been installed in the directory /usr/local/etc/bash_completion.d/kubectl It's in . In this case , You don't need to do anything .

emmm Just fine

K8s Run the first application on

• Deploy Node.js application kubectl run kubia --image=xx/kubia --port=8080 --generator=run/v1 Remember to xx Change your name .
  Here comes another problem unknown flag: --generator. So in v1.21 Found in ：

Remove deprecated --generator, --replicas, --service-generator, --service-overrides, --schedule from kubectl run Deprecate --serviceaccount, --hostport, --requests, --limits in kubectl run (#99732, @soltysh)

ok , Have been abandoned . Its purpose is to make k8s Create a Repliaction Controller.
So I wrote a yaml（ Pay attention to replacement xxx）.

apiVersion: v1
kind: ReplicationController
metadata:
  name: kubia
spec:
  replicas: 3
  template:
    metadata:
      name: kubia
      labels:
        app: kubia
    spec:
      containers:
        - name: nodejs
          image: xxx/kubia
---
apiVersion: v1
kind: Service
metadata:
  name: kubia
spec:
  type: LoadBalancer
  selector:
    app: kubia
  ports:
  - port: 80
    targetPort: 8080

kubectl apply -f kubia-rc-and-service-v1.yaml

pod What is it?

pod It's a set of closely related containers , They run on the same work node and the same Linux In the namespace . Own your own IP、 Host name 、 Process, etc , Run a stand-alone application （ A single process runs in a single container , Or a pig application process and other supporting processes, each running in its own container ）. All containers run on the same logical machine .
You cannot list individual containers ,pod It's independent k8s object .

• see pods kubectl get pods
• Details kubectl describe pods

First ,kubectl towards k8sAPI Server send REST HTTP request , Create a new... In the cluster rc object . then ,rc Create a new pod, The scheduler schedules it to a work node .kubectl notice pod Be scheduled , inform docker Pull the specified image from the image center . therefore , After downloading the image docker Create and run the container . After scheduling pod Run now .

visit web application - Through service

pod Of ip The address is within the cluster , If you want to access from outside , Need to pass through service object Make it public , That is to create a special LoadBalancer Type of service （yaml Written in ）.（ Routine service is not good , Only internal access ）LoadBalancer Type of service will create an external load balancing . We need to pass this load balancing public ip To visit pod.

• expose rc Create services kubectl expose rc kubia --type=LoadBalancer --name kubia-http --port=80 --target-port=8080
• List services kubectl get services
  It will take some time to have EXTERNAL-IP. however ！！！minikube I won't support it LoadBalancer Type of service , Therefore, the service will not have external IP. But you can access the service through the external port . Can run minikube service kubia-http Get services that can be accessed ip And port . It will pop up directly from the browser .

The app will pod Name as its hostname .rc Managed pod Expose through a service .pod Contain any number of containers , Inside the container is node.js process , The process is bound to 8080 port , wait for http request .pod Have their own ip And the host name
Customers through fixed ip Connect to service , Not directly connected pod, The service ensures that one pod Accept the connection , No matter pod Their own ip. That is, the request arriving at the service will be forwarded to a container belonging to the service ip And port .

pod Horizontal expansion （ Capacity expansion ）

• see kubectl get replicationcontroller
• Change the desired number of copies kubectl scale rc kubia --replicas=3
• Check it again kubectl get pods You will find corresponding pod Quantity changes .
  When multiple application instances are running , If you request the service again url Will switch randomly pod. Services stand in front as load balancing . If you want to see pod Which node is scheduled to ：

List podIP And nodes

kubectl get pods -o wide
Check the details kubectl describe pod kubia-hczji