• kubectl默认使用default的namespace,也可以在命令行中通过--namespace指定。如果希望永久地修改namespace,可以通过context,context位于kubectl的配置文件中,通常位于$HOME/.kube/config文件中,该文件中也包含向cluster认证的信息。
  • 创建context:
kubectl config set-context my-context --namespace=mystuff --users xxx --clusters xxx
  • 使用某个context:
kubectl config use-context my-context
  • 获取某种obejct的列表:
kubectl get objecttype
  • 获取某个object详情:
kubectl get objecttype object-name
  • pod中的每个container都有自己的cgroup,但是他们共享同一个linux namespace。
  • 创建pod:
kubectl run pod-name --image=xxx
  • 从本地host机器port forward到其中一个pod:
kubectl port-forward xxx 8080:8080
  • ReplicaSets can be deployed directly. But more often than not, they are deployed indirectly via even higher-level objects such as Deployments.

  • K8s pod: Keeping it high level, you ring-fence an area of the host OS, build a network stack, create a bunch of kernel namespaces, and run one or more containers in it - that’s a Pod.

  • Be sure to take that and mark it in your brain as important - Virtualization does VM’s, Docker does containers, and Kubernetes does Pods!

  • Under the hood, a Pod is something called a pause container. That’s right, a Pod just a fancy name for a special container! This means the containers that run inside of Pods are really containers running inside of containers!

  • ReplicaSets are the future, and ReplicationControllers are being phased out.Deployments build on top of ReplicaSets.

  • The problem with environment variables is that they are inserted into Pods at creation time. This means that Pods have no way of learning about new objects added to the cluster after the Pod itself is created. This is a major reason why DNS is the preferred method.

  • Deployments manage ReplicaSets, and ReplicaSets manage Pods.

  • When we need to push an update, we commit the changes to the same Deployment manifest file and rePOST it to the API server. In the background, Kubernetes creates a new ReplicaSet (now we have two) and winds the old one down at the same time that it winds the new one up.

  • LoadBalancer service will automatically create a couple of things: a cluster IP (only accessible inside the Kubernetes cluster) and a service node port. A service node port is exposed in every node in the cluster. This is important.The load balancer is external to the cluster, which means it will have an external IP and it will forward packets to the service node ports created above.When the packets reach the node (before nodes were called minions) it all depends on what kind of kube-proxy we are using. There are two modes: userspace or iptables.

  • 安装k8s前提

    • 禁用防火墙
    • 禁用swap分区
    • 禁用SELinux
    • sysctl net.bridge.bridge-nf-call-iptables=1
  • rc的number,template和label selector都可以改变,但是只有number的变化才会影响既有的pod。对label和template的改变不会影响已有的pod。

  • 修改了rc的label selector之后,将导致原有的label下的pod不在受rc所管理。

  • 用kubeadm创建cluster时,master上有多个ip地址时,可以通过--apiserver-advertise-address参数指定IP,比如:

kubeadm init --pod-network-cidr= --apiserver-advertise-address=
  • k8s网络好文章:https://www.digitalocean.com/community/tutorials/kubernetes-networking-under-the-hood

  • k8s中所有的网络插件都需要遵循:

    • all containers can communicate with all other containers without NAT
    • all nodes can communicate with all containers (and vice-versa) without NAT
    • the IP that a container sees itself as is the same IP that others see it as
  • 在定义service时,nodePort表示需要在node机器上开启的端口,port表示该service在cluster内部可以访问的端口,targetPort表示container中程序运行的端口。

  • 通过kubectl exec -it [pod-name] -- /bin/bash登录到container之后,通过ifconfig -a可以发现,pod中的网络其实很简单,就一个本地loop网卡和一个集群内部通信网卡:

root@nginx-86c57db685-9d8xd:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet  netmask  broadcast
        ether aa:64:aa:2b:db:5a  txqueuelen 0  (Ethernet)
        RX packets 8327  bytes 9094530 (8.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3451  bytes 198149 (193.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet  netmask
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0