本文共 7618 字,大约阅读时间需要 25 分钟。
In the beginning there was the FreeBSD - and later Linux - chroot jail. Chroot was a way to bring an unmounted file system to life so you could execute commands as though it was actually running on its own host. Then came the Linux Containers project (LXC and LXD) that added network and storage configurations to run jails (now more commonly called containers) within appropriately isolated and optimized environments.
最初有FreeBSD-后来的Linux-chroot监狱。 Chroot是使已卸载文件系统栩栩如生的一种方法,因此您可以像实际在其自己的主机上运行一样执行命令。 然后是Linux容器项目(LXC和LXD),该项目添加了网络和存储配置,以在适当隔离和优化的环境中运行jail(现在更称为容器)。
And then there was Docker. Docker containers streamlined container operations so that software resources used by multiple containers could be efficiently shared. They also added online public repositories populated by vast collections of software tools. But the real value of Docker was in how easy it made deploying reliably predictable application environments.
然后是Docker。 Docker容器简化了容器操作,因此可以有效共享多个容器使用的软件资源。 他们还添加了由大量软件工具组成的在线公共存储库。 但是Docker的真正价值在于它使部署可靠可预测的应用程序环境变得多么容易。
Then, out of the mists of time appeared Kubernetes. While originally developed within Google, Kubernetes has since been released as open source software under the control of the Cloud Native Computing Foundation.
然后,在时间的迷雾中出现了Kubernetes。 Kubernetes最初是在Google内部开发的,后来在Cloud Native Computing Foundation的控制下作为开源软件发布。
At its heart, Kubernetes manages containers just the way Docker does. But Kubernetes adds a vast ecosystem of scaling, load balancing, network proxying, and multi-node administration tools to the mix. Docker’s own Swarm comes with a comparable suite of tools, but Kubernetes has, so far at least, proven far more popular.
本质上,Kubernetes就像Docker一样管理容器。 但是Kubernetes在组合中添加了扩展,负载平衡,网络代理和多节点管理工具等广阔的生态系统。 Docker自己的Swarm附带了类似的工具套件,但是至少到目前为止,Kubernetes已被证明更受欢迎。
Kubernetes is much more of a native enterprise-scale tool than Docker Swarm. It's not that Docker Swarm can't be used in the enterprise - it certainly can - it's that Kubernetes isn't necessarily such a great fit for a quick and dirty local development environment. The main reason is that, at this point at any rate, you need an existing cluster before you can get anything to happen, and creating a local cluster requires a running hypervisor of one flavor or another. So having a public cloud like AWS where you can freely provision all the bits and pieces that go into a cluster without having to worry about infrastructure, matters more for Kubernetes than it does for Docker in general.
与Docker Swarm相比,Kubernetes更是一种本机企业级工具。 并不是说Docker Swarm不能在企业中使用-它肯定可以-是Kubernetes不一定非常适合快速而肮脏的本地开发环境。 主要原因是,无论如何在这一点上都需要一个现有的集群,然后才能进行任何事情,而创建本地集群则需要一个运行中的一种或另一种虚拟机管理程序。 因此,拥有像AWS这样的公共云,您可以在不担心基础架构的情况下自由地配置进入集群的所有零碎零碎,对于Kubernetes而言,其重要性远胜于Docker。
Kubernetes' larger resource footprint and steeper learning curve can be offset by some impressive integration: working with persistent storage volumes is straightforward. And robust deployment monitoring solutions are easily available.
令人印象深刻的集成可以抵消Kubernetes更大的资源占用和更陡峭的学习曲线:使用持久性存储卷非常简单。 强大的部署监视解决方案也很容易获得。
Here - based on content from - is how Kubernetes works. A cluster is made up of the networking, storage, and compute resources that your workloads will use. The cluster's physical or virtual computers - called nodes - serve as either primaries or replicas. A primary runs the services that manage all cluster operations. The primary itself is managed through the kube-apiserver service which responds to instructions you send to it using the kubectl client software. The primary also hosts:
根据内容,此处介绍了Kubernetes的工作方式。 群集由工作负载将使用的网络,存储和计算资源组成。 群集的物理或虚拟计算机(称为节点)充当主数据库或副本计算机。 主服务器运行管理所有群集操作的服务。 主数据库本身通过kube-apiserver服务进行管理,该服务响应您使用kubectl客户端软件发送给它的指令。 主服务器还托管:
• A database of cluster configuration known as etcd
•集群配置数据库,称为etcd
• kube-controller-manager, that measures the current state of a cluster
•kube-controller-manager,用于测量集群的当前状态
against its desired state
违背其理想状态
• kube-scheduler, which balances configuration specifications against avail-
•kube-scheduler,可在配置规格与可用状态之间取得平衡
able resources
有能力的资源
• The cloud-controller-manager that provides critical integration with public
•提供与公众的关键集成的云控制器经理
Nodes are controlled by software agents called kubelets and maintain reliable and secure network connectivity through the kube-proxy service. Important stuff - your actual application workload - happens on the nodes within pods, which are organizing structures within which the application containers themselves run. Multiple containers can run on a pod, all sharing a single IP address and compute resources - providing a single instance of your application.
节点由称为kubelet的软件代理控制,并通过kube-proxy服务维护可靠和安全的网络连接。 重要的事情-您实际的应用程序工作负荷-发生在Pod内的节点上,这些Pod正在组织应用程序容器本身在其中运行的结构。 多个容器可以在容器上运行,所有容器共享一个IP地址和计算资源-提供应用程序的单个实例。
The good news is that the kubectl software is smart enough to simply read your YAML configuration document and use it to bring all the details to life without your help. If you want to become a successful Kubernetes admin you really should understand all these details. But you can be forgiven for being a bit relaxed about it all in the meantime: most of the action takes place invisibly, hidden by the relatively simple command set we'll soon see.
好消息是,kubectl软件足够智能,可以简单地阅读您的YAML配置文档,并在不需要您帮助的情况下使用它来使所有细节栩栩如生。 如果您想成为一名成功的Kubernetes管理员,您确实应该了解所有这些细节。 但是与此同时,您对此有所放松也可以原谅:大多数动作是无形的,被我们很快将看到的相对简单的命令集所隐藏。
Just so you can't say I didn't show you anything practical here, let's install the lightweight Kubernetes version, MicroK8s, on a Linux machine. All you'll need for this in-and-out exercise is a working copy of the Snaps package manager. This single command will install all the core services, libraries, and binaries necessary for small, proof-of-concept demos.
只是为了您不能说我在这里没有给您看任何实用的东西,让我们在Linux机器上安装轻量级的Kubernetes版本MicroK8s。 这项进出练习所需的全部是Snaps软件包管理器的工作副本。 这个命令将安装小型概念验证演示所需的所有核心服务,库和二进制文件。
snap install microk8s --classic
Just to prove that the installation succeeded, ask the service to list all the nodesthat are currently running. Of course, there won’t be any of those yet.
只是为了证明安装成功,要求服务列出当前正在运行的所有节点。 当然,这些还没有。
$ sudo microk8s.kubectl get nodesNo resources found.
There will, however, be a single service with a private IP address associated withit:
但是,将有一个与之关联的专用IP地址的单一服务:
$ sudo microk8s.kubectl get servicesNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.152.183.1443/TCP 80s
Finally, you can enable the browser-based Kubernetes administration dashboard using this microk8s.enable command. The output you'll get will include extra instructions for displaying and using the authentication token you'll need to connect.
最后,您可以使用此microk8s.enable命令启用基于浏览器的Kubernetes管理仪表板。 您将获得的输出将包括显示和使用您需要连接的身份验证令牌的其他说明。
$ sudo microk8s.enable dns dashboardEnabling DNSApplying manifestserviceaccount/coredns createdconfigmap/coredns created[...]If RBAC is not enabled access the dashboard using the default token retrieved with:token=$(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)microk8s.kubectl -n kube-system describe secret $token
In an RBAC enabled setup (microk8s.enable RBAC) you need to create a user with restricted permissions as shown in
在启用RBAC的设置(microk8s.enable RBAC)中,您需要创建具有受限权限的用户,如所示
This article is based on content in There's much more administration goodness in the form of books, courses, and articles available at .
本文基于内容 提供了书籍,课程和文章形式的管理优势。
翻译自:
转载地址:http://bshwd.baihongyu.com/