本文已参与「新人创作礼」活动,一起开启掘金创作之路。
K8S核心组件和架构原理
概念
K8S Docs Concepts:kubernetes.io/docs/concep…
Container
(1) 先以container为起点,k8s既然是容器编排工具,那么一定会有container
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-iD84KTDY-1623944147709)(gitee.com/onlycreator…)
Pod
(2) 那k8s如何操作这些container呢?从感性的角度来讲,得要有点逼格,k8s不想直接操作container,因为操作container的事情是docker来做的,k8s中要有自己的最小操作单位,称之为 Pod
说白了,Pod就是一个或多个Container的组合
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-T1QtfR3k-1623944147719)(gitee.com/onlycreator…)
看看官网怎么描述的 :kubernetes.io/docs/concep…
A Pod (as in a pod of whales or pea pod) is a group of one or more containers (such as Docker containers),with shared storage/network, and a specification for how to run the containers.
ReplicaSet
(3) 那Pod的维护谁来做呢?那就是ReplicaSet,通过selector来进行管理
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZOd10aKC-1623944147723)(gitee.com/onlycreator…) 看看官网怎么描述的 :kubernetes.io/docs/concep…
A ReplicaSet is defined with fields, including a selector that specifies how to
identify Pods it can acquire, a number of replicas indicating how many Pods it
should be maintaining, and a pod template specifying the data of new Pods it
should create to meet the number of replicas criteria.
Deployment
(4) Pod和ReplicaSet的状态如何维护和监测呢?Deployment
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3oOytuWw-1623944147729)(gitee.com/onlycreator…) 官网是如何描述的 :kubernetes.io/docs/concep…
A Deployment controller provides declarative updates for Pods and ReplicaSets.
You describe a desired state in a Deployment, and the Deployment controller
changes the actual state to the desired state at a controlled rate. You can
define Deployments to create new ReplicaSets, or to remove existing Deployments
and adopt all their resources with new Deployments.
Label
(5) 不妨把相同或者有关联的Pod分门别类一下,那怎么分门别类呢?Label
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-N7ixy3AF-1623944147732)(gitee.com/onlycreator…)
官网是如何描述的 :kubernetes.io/docs/concep…
Labels are key/value pairs that are attached to objects, such as pods.
Service
(6) 具有相同label的service要是能够有个名称就好了,Service
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4msTjSzY-1623944147736)(gitee.com/onlycreator…)
看官网上怎么说 :kubernetes.io/docs/concep…
An abstract way to expose an application running on a set of Pods as a network service.
With Kubernetes you don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.
Node
(7) 上述说了这么多,Pod运行在哪里呢?当然是机器咯,比如一台centos机器,我们把这个机器 称作为Node
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-GLJ9hQaI-1623944147739)(gitee.com/onlycreator…)
看看官网怎么说 :kubernetes.io/docs/concep…
A node is a worker machine in Kubernetes, previously known as a minion. A node may be a VM or physical machine, depending on the cluster. Each node contains the services necessary to run pods and is managed by the master components.
Cluster
(8) 难道只有一个Node吗?显然不太合适,多台Node共同组成集群才行嘛
画个图表示一下咯,最好能把之前的Label,Service也一起画上去,整体感受一下
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wOWwDddM-1623944147741)(gitee.com/onlycreator…) (9) 此时,我们把目光转移到由3个Node节点组成的Master-Node集群
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-a21gqfIa-1623944147745)(gitee.com/onlycreator…)
组件
(10) 这个集群要配合完成一些工作,总要有一些组件的支持吧?接下来我们来想想有哪些组件, 然后画一个相对完整的架构图
01-总得要有一个操作集群的客户端,也就是和集群打交道
kubectl
02-请求肯定是到达Master Node,然后再分配给Worker Node创建Pod之类的
关键是命令通过kubectl过来之后,是不是要认证授权一下?
03-请求过来之后,Master Node中谁来接收?
APIServer
04-API收到请求之后,接下来调用哪个Worker Node创建Pod,Container之类的,得要有调度策略
Scheduler[https://kubernetes.io/docs/concepts/scheduling/kube-scheduler/]
05-Scheduler通过不同的策略,真正要分发请求到不同的Worker Node上创建内容,具体谁负责?
Controller Manager
06-Worker Node接收到创建请求之后,具体谁来负责
Kubelet服务,最终Kubelet会调用Docker Engine,创建对应的容器[这边是不是也反应出一点,在Node上需要有Docker Engine,不然怎么创建维护容器?]
07-会不会涉及到域名解析的问题?
DNS
08-是否需要有监控面板能够监测整个集群的状态?
Dashboard
09-集群中这些数据如何保存?分布式存储
ETCD
10-至于像容器的持久化存储,网络等可以联系一下Docker中的内容
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-A6ai2w9Y-1623944147747)(gitee.com/onlycreator…) 不妨把这个图翻转一下方便查看
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-DLF399nr-1623944147749)(gitee.com/onlycreator…
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-JqnLHrrK-1623944147752)(gitee.com/onlycreator…)]
