kubernetes资源之daemonset和ingress

kubernetes资源之daemonset和ingress

​​istio多集群探秘，部署了50次多集群后我得出的结论​​

​​istio多集群链路追踪，附实操视频​​

​​istio防故障利器，你知道几个,istio新手不要读，太难！​​

​​istio业务权限控制，原来可以这么玩​​

​​istio实现非侵入压缩，微服务之间如何实现压缩​​

​​不懂envoyfilter也敢说精通istio系列-filter-再也不用再代码里写csrf逻辑了​​

​​不懂envoyfilter也敢说精通istio系列filter​​

​​不懂envoyfilter也敢说精通istio系列-network filter-redis proxy​​

​​不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager​​

​​不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册​​

————————————————

daemonset：

DaemonSet用于再集群中的全部节点上同时运行一份指定的pod资源副本，后续新加入的工作节点也会自动创建一个相关的pod对象，当从集群中移除节点时，此类pod对象也将被自动回收而无须重建。也可以使用节点选择器及节点标签指定仅在部分具有特定特征的节点上运行指定的pod对象。

通常运行那些执行系统级操作任务的应用，具体如下：

•1、运行集群存储的守护进程，如在各个节点上运行glusterfs或ceph

•2、在各个节点上运行日志收集守护进程，如fluentd和logstash

•3、在各个节点上运行监控系统的代理守护进程，如Prometheus Node Exporter、collectd、Datadog agent、New Relic agent或Ganlia gmond等

常用命令：

•kubectl create -f nginx-daemonset.yaml

•kubectl apply -f nginx-daemonset.yaml

•kubectl delete -f nginx-daemonset.yaml

•kubectl replace -f nginx-daemonset.yaml

•kubectl edit ds test-daemon

•kubectl get ds

•kubectl label ds test-daemon stage=test

•kubectl get ds -l stage=test

•kubectl label ds test-daemon stage-

•kubectl annotate ds test-daemon myanno=test

•kubectl annotate ds test-daemon myanno-

•kubectl patch ds test-daemon  -p '{"metadata":{"labels":{"aa":"bb"}}}‘

•kubectl diff -f nginx-daemonset.yaml

•kubectl describe ds test-daemon

•kubectl set image ds test-daemon nginx=nginx:1.16

•kubectl rollout history ds test-daemon

•kubectl rollout undo ds test-daemon

•kubectl rollout restart ds test-daemon

•kubectl rollout status ds test-daemon

•kubectl rollout undo ds test-daemon --to-revision=4

updateStrategy：

•OnDelete

•RollingUpdate

apiVersion: apps/v1kind: DaemonSetmetadata: name: test-daemonspec: selector: matchLabels: name: test-daemon template: metadata: labels: name: test-daemon spec: containers: - name: nginx image: nginx

apiVersion: apps/v1kind: DaemonSetmetadata: name: test-daemonspec: selector: matchLabels: name: test-daemon template: metadata: labels: name: test-daemon spec: nodeSelector: app: ds containers: - name: nginx image: nginx

apiVersion: apps/v1kind: DaemonSetmetadata: name: test-daemonspec: updateStrategy: type: OnDelete selector: matchLabels: name: test-daemon template: metadata: labels: name: test-daemon spec: containers: - name: nginx image: nginx

ingress：

•k8s 对外暴露服务（service）主要有两种方式：NotePort, LoadBalance， 此外externalIPs也可以使各类service对外提供服务，但是当集群服务很多的时候，NodePort方式最大的缺点是会占用很多集群机器的端口；LB方式最大的缺点则是每个service一个LB又有点浪费和麻烦，并且需要k8s之外的支持； 而ingress则只需要一个NodePort或者一个LB就可以满足所有service对外服务的需求。

helm：

•​​Releases · helm/helm · GitHub​​

•Chmod +x helm && mv helm /usr/local/bin

•helm repo add stable ​​repo add incubator delete -f ingress.yaml

• kubectl create -f ingress.yaml

•kubectl apply -f ingress.yaml

• kubectl replace -f ingress.yaml

•Kubectl get ingress

•Kubectl patch ingress ingress-myapp –p ‘{“matadata”:{“labels”:{“aa”:”bb”}}}’

•Kubectl label ingress ingerss-myapp stage=test

•Kubectl label ingress ingress-myapp stage-

•Kubectl annotate ingress ingress-myapp anno=test

•Kubectl annotate ingress ingress-myapp anno-

•kubectl get ingress ingress-myapp -o yaml

•Kuebctl get ingerss –l stage=test

v1kind: Servicemetadata: name: myapp-svc namespace: defaultspec: selector: app: myapp env: test ports: - name: port: 80 targetPort: 80---apiVersion: apps/v1kind: Deploymentmetadata: name: myapp-testspec: replicas: 2 selector: matchLabels: app: myapp env: test template: metadata: labels: app: myapp env: test spec: containers: - name: myapp image: nginx:1.15-alpine ports: - name: containerPort: 80

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress.class: "nginx"spec: rules: - host: test.top paths: - path: / backend: serviceName: myapp-svc servicePort: 80

genrsa -out tls.key 2048

•openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=GuangDong/L=Guangzhou/O=DevOps/CN=mynginx.test

•kubectl create secret tls nginx-ingress-secret --cert=tls.crt --key=tls.key

apiVersion: extensions/v1beta1kind: Ingressmetadata: name: ingress-myapp namespace: default annotations: kubernetes.io/ingress.class: "nginx"spec: tls: - hosts: - mynginx.test secretName: nginx-ingress-secret rules: - host: mynginx.test paths: - path: / backend: serviceName: myapp-svc servicePort: 80

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。