2017-08-21 17:44:43 +08:00
<!DOCTYPE HTML>
2017-09-19 22:01:07 +08:00
< html lang = "zh-hans" >
2017-08-21 17:44:43 +08:00
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > 4.3.3 配置最佳实践 · Kubernetes Handbook< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-back-to-top-button/plugin.css" >
2017-08-21 17:44:43 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
2017-09-19 21:38:03 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css" >
2017-08-21 17:44:43 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
2017-10-09 15:28:05 +08:00
2017-08-21 17:44:43 +08:00
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
< link rel = "next" href = "monitor.html" / >
< link rel = "prev" href = "app-log-collection.html" / >
2017-10-09 15:28:05 +08:00
< link rel = "shortcut icon" href = '../favicon.ico' type = "image/x-icon" >
< link rel = "bookmark" href = '../favicon.ico' type = "image/x-icon" >
< style >
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
< / style >
< script >
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
< / script >
2017-08-21 17:44:43 +08:00
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
2017-09-19 22:01:07 +08:00
< input type = "text" placeholder = "输入并搜索" / >
2017-08-21 17:44:43 +08:00
< / div >
< nav role = "navigation" >
< ul class = "summary" >
2017-10-09 15:28:05 +08:00
< li >
< a href = "https://jimmysong.io" target = "_blank" class = "custom-link" > Home< / a >
< / li >
2017-08-21 17:44:43 +08:00
2017-10-09 15:28:05 +08:00
< li class = "divider" > < / li >
2017-08-21 17:44:43 +08:00
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
2017-10-20 10:51:14 +08:00
序言
2017-08-21 17:44:43 +08:00
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.2" data-path = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
< a href = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
1. Kubernetes与云原生应用概览
< / a >
< / li >
< li class = "chapter " data-level = "1.3" data-path = "../concepts/" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/" >
2. 概念原理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.1" data-path = "../concepts/concepts.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/concepts.html" >
2.1 设计理念
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2" data-path = "../concepts/objects.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/objects.html" >
2017-09-03 13:29:38 +08:00
2.2 Objects
2017-08-21 17:44:43 +08:00
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1" data-path = "../concepts/pod-overview.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/pod-overview.html" >
2.2.1 Pod
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.1" data-path = "../concepts/pod.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/pod.html" >
2.2.1.1 Pod解析
< / a >
2017-08-31 23:28:33 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.2" data-path = "../concepts/init-containers.html" >
2017-08-31 23:28:33 +08:00
< a href = "../concepts/init-containers.html" >
2.2.1.2 Init容器
< / a >
2017-09-03 15:58:39 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.3" data-path = "../concepts/pod-security-policy.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/pod-security-policy.html" >
2.2.1.3 Pod安全策略
< / a >
2017-09-17 15:39:26 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.4" data-path = "../concepts/pod-lifecycle.html" >
2017-09-17 15:39:26 +08:00
< a href = "../concepts/pod-lifecycle.html" >
2.2.1.4 Pod的生命周期
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.2" data-path = "../concepts/node.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/node.html" >
2.2.2 Node
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.3" data-path = "../concepts/namespace.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/namespace.html" >
2.2.3 Namespace
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.4" data-path = "../concepts/service.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/service.html" >
2.2.4 Service
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.5" data-path = "../concepts/volume.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/volume.html" >
2.2.5 Volume和Persistent Volume
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.6" data-path = "../concepts/deployment.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/deployment.html" >
2.2.6 Deployment
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.7" data-path = "../concepts/secret.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/secret.html" >
2.2.7 Secret
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.8" data-path = "../concepts/statefulset.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/statefulset.html" >
2.2.8 StatefulSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.9" data-path = "../concepts/daemonset.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/daemonset.html" >
2.2.9 DaemonSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.10" data-path = "../concepts/serviceaccount.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/serviceaccount.html" >
2.2.10 ServiceAccount
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.11" data-path = "../concepts/replicaset.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/replicaset.html" >
2.2.11 ReplicationController和ReplicaSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.12" data-path = "../concepts/job.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/job.html" >
2.2.12 Job
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.13" data-path = "../concepts/cronjob.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/cronjob.html" >
2.2.13 CronJob
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.14" data-path = "../concepts/ingress.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/ingress.html" >
2.2.14 Ingress
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.15" data-path = "../concepts/configmap.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/configmap.html" >
2.2.15 ConfigMap
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.16" data-path = "../concepts/horizontal-pod-autoscaling.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/horizontal-pod-autoscaling.html" >
2.2.16 Horizontal Pod Autoscaling
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.17" data-path = "../concepts/label.html" >
2017-08-21 17:44:43 +08:00
< a href = "../concepts/label.html" >
2.2.17 Label
< / a >
2017-09-03 15:58:39 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.18" data-path = "../concepts/garbage-collection.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/garbage-collection.html" >
2.2.18 垃圾收集
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.19" data-path = "../concepts/network-policy.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/network-policy.html" >
2.2.19 NetworkPolicy
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4" data-path = "../guide/" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/" >
3. 用户指南
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1" data-path = "../guide/resource-configuration.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/resource-configuration.html" >
2017-09-28 21:20:49 +08:00
3.1 资源对象配置
2017-08-21 17:44:43 +08:00
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/configure-liveness-readiness-probes.html" >
3.1.1 配置Pod的liveness和readiness探针
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.2" data-path = "../guide/configure-pod-service-account.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/configure-pod-service-account.html" >
3.1.2 配置Pod的Service Account
< / a >
2017-09-28 21:20:49 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.3" data-path = "../guide/secret-configuration.html" >
2017-09-28 21:20:49 +08:00
< a href = "../guide/secret-configuration.html" >
3.1.3 Secret配置
< / a >
2017-10-10 14:51:45 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.4" data-path = "../guide/resource-quota-management.html" >
2017-10-10 14:51:45 +08:00
< a href = "../guide/resource-quota-management.html" >
3.2.3 管理namespace中的资源配额
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.2" data-path = "../guide/command-usage.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/command-usage.html" >
3.2 命令使用
< / a >
< ul class = "articles" >
2017-11-03 17:48:10 +08:00
< li class = "chapter " data-level = "1.4.2.1" data-path = "../guide/docker-cli-to-kubectl.html" >
< a href = "../guide/docker-cli-to-kubectl.html" >
3.2.1 docker用户过度到kubectl命令行指南
< / a >
< / li >
< li class = "chapter " data-level = "1.4.2.2" data-path = "../guide/using-kubectl.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/using-kubectl.html" >
2017-11-03 17:48:10 +08:00
3.2.2 kubectl命令概览
2017-08-21 17:44:43 +08:00
< / a >
2017-09-16 20:56:43 +08:00
< / li >
2017-11-03 17:48:10 +08:00
< li class = "chapter " data-level = "1.4.2.3" data-path = "../guide/kubectl-cheatsheet.html" >
2017-09-16 20:56:43 +08:00
2017-11-03 17:48:10 +08:00
< a href = "../guide/kubectl-cheatsheet.html" >
2017-09-16 20:56:43 +08:00
2017-11-03 17:48:10 +08:00
3.2.3 kubectl命令技巧大全
2017-09-16 20:56:43 +08:00
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3" data-path = "../guide/cluster-security-management.html" >
2017-08-21 17:44:43 +08:00
2017-09-07 12:29:13 +08:00
< a href = "../guide/cluster-security-management.html" >
2017-08-21 17:44:43 +08:00
2017-09-07 12:29:13 +08:00
3.3 集群安全性管理
2017-08-21 17:44:43 +08:00
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/managing-tls-in-a-cluster.html" >
3.3.1 管理集群中的TLS
< / a >
2017-08-21 18:44:34 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.2" data-path = "../guide/kubelet-authentication-authorization.html" >
2017-08-21 18:44:34 +08:00
< a href = "../guide/kubelet-authentication-authorization.html" >
3.3.2 kubelet的认证授权
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.3" data-path = "../guide/tls-bootstrapping.html" >
2017-08-21 18:44:34 +08:00
< a href = "../guide/tls-bootstrapping.html" >
3.3.3 TLS bootstrap
< / a >
2017-08-31 14:23:44 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
2017-08-31 14:23:44 +08:00
< a href = "../guide/kubectl-user-authentication-authorization.html" >
2017-11-02 16:33:01 +08:00
3.3.4 创建用户认证授权的kubeconfig文件
2017-08-31 14:23:44 +08:00
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.5" data-path = "../guide/rbac.html" >
2017-08-31 14:23:44 +08:00
< a href = "../guide/rbac.html" >
3.3.5 RBAC——基于角色的访问控制
< / a >
2017-09-07 14:13:59 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.6" data-path = "../guide/ip-masq-agent.html" >
2017-09-07 14:13:59 +08:00
< a href = "../guide/ip-masq-agent.html" >
3.3.6 IP伪装代理
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4" data-path = "../guide/access-kubernetes-cluster.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/access-kubernetes-cluster.html" >
3.4 访问 Kubernetes 集群
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.1" data-path = "../guide/access-cluster.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/access-cluster.html" >
3.4.1 访问集群
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
3.4.2 使用 kubeconfig 文件配置跨集群认证
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/connecting-to-applications-port-forward.html" >
3.4.3 通过端口转发访问集群中的应用程序
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.4" data-path = "../guide/service-access-application-cluster.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/service-access-application-cluster.html" >
3.4.4 使用 service 访问群集中的应用程序
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5" data-path = "../guide/application-development-deployment-flow.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/application-development-deployment-flow.html" >
3.5 在kubernetes中开发部署应用
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
2017-08-21 17:44:43 +08:00
< a href = "../guide/deploy-applications-in-kubernetes.html" >
3.5.1 适用于kubernetes的应用开发部署流程
< / a >
2017-08-21 18:44:34 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
2017-08-21 18:44:34 +08:00
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
< / a >
2017-10-23 13:40:58 +08:00
< / li >
< li class = "chapter " data-level = "1.4.5.3" data-path = "../guide/using-statefulset.html" >
< a href = "../guide/using-statefulset.html" >
3.5.3 使用StatefulSet部署用状态应用
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5" data-path = "./" >
2017-08-21 17:44:43 +08:00
< a href = "./" >
4. 最佳实践
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1" data-path = "install-kbernetes1.6-on-centos.html" >
2017-08-21 17:44:43 +08:00
< a href = "install-kbernetes1.6-on-centos.html" >
4.1 在CentOS上部署kubernetes1.6集群
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.1" data-path = "create-tls-and-secret-key.html" >
2017-08-21 17:44:43 +08:00
< a href = "create-tls-and-secret-key.html" >
4.1.1 创建TLS证书和秘钥
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.2" data-path = "create-kubeconfig.html" >
2017-08-21 17:44:43 +08:00
< a href = "create-kubeconfig.html" >
4.1.2 创建kubeconfig文件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.3" data-path = "etcd-cluster-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "etcd-cluster-installation.html" >
4.1.3 创建高可用etcd集群
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.4" data-path = "kubectl-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "kubectl-installation.html" >
4.1.4 安装kubectl命令行工具
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.5" data-path = "master-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "master-installation.html" >
4.1.5 部署master节点
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.6" data-path = "node-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "node-installation.html" >
4.1.6 部署node节点
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.7" data-path = "kubedns-addon-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "kubedns-addon-installation.html" >
4.1.7 安装kubedns插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.8" data-path = "dashboard-addon-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "dashboard-addon-installation.html" >
4.1.8 安装dashboard插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.9" data-path = "heapster-addon-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "heapster-addon-installation.html" >
4.1.9 安装heapster插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.10" data-path = "efk-addon-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "efk-addon-installation.html" >
4.1.10 安装EFK插件
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2" data-path = "service-discovery-and-loadbalancing.html" >
2017-08-21 17:44:43 +08:00
< a href = "service-discovery-and-loadbalancing.html" >
4.2 服务发现与负载均衡
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.1" data-path = "traefik-ingress-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "traefik-ingress-installation.html" >
4.2.1 安装Traefik ingress
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.2" data-path = "distributed-load-test.html" >
2017-08-21 17:44:43 +08:00
< a href = "distributed-load-test.html" >
4.2.2 分布式负载测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.3" data-path = "network-and-cluster-perfermance-test.html" >
2017-08-21 17:44:43 +08:00
< a href = "network-and-cluster-perfermance-test.html" >
4.2.3 网络和集群性能测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.4" data-path = "edge-node-configuration.html" >
2017-08-21 17:44:43 +08:00
< a href = "edge-node-configuration.html" >
4.2.4 边缘节点配置
< / a >
2017-10-27 19:09:01 +08:00
< / li >
< li class = "chapter " data-level = "1.5.2.5" data-path = "nginx-ingress-installation.html" >
< a href = "nginx-ingress-installation.html" >
2017-10-27 19:16:49 +08:00
4.2.5 安装Nginx ingress
2017-10-27 19:09:01 +08:00
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3" data-path = "operation.html" >
2017-08-21 17:44:43 +08:00
< a href = "operation.html" >
4.3 运维管理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.1" data-path = "service-rolling-update.html" >
2017-08-21 17:44:43 +08:00
< a href = "service-rolling-update.html" >
4.3.1 服务滚动升级
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.2" data-path = "app-log-collection.html" >
2017-08-21 17:44:43 +08:00
< a href = "app-log-collection.html" >
4.3.2 应用日志收集
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter active" data-level = "1.5.3.3" data-path = "configuration-best-practice.html" >
2017-08-21 17:44:43 +08:00
< a href = "configuration-best-practice.html" >
4.3.3 配置最佳实践
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.4" data-path = "monitor.html" >
2017-08-21 17:44:43 +08:00
< a href = "monitor.html" >
4.3.4 集群及应用监控
< / a >
< / li >
2017-10-27 11:59:37 +08:00
< li class = "chapter " data-level = "1.5.3.5" data-path = "data-persistence-problem.html" >
2017-08-21 17:44:43 +08:00
< a href = "data-persistence-problem.html" >
4.3.6 数据持久化问题
< / a >
2017-09-03 15:58:39 +08:00
< / li >
2017-10-27 11:59:37 +08:00
< li class = "chapter " data-level = "1.5.3.6" data-path = "manage-compute-resources-container.html" >
2017-09-03 15:58:39 +08:00
< a href = "manage-compute-resources-container.html" >
4.3.7 管理容器的计算资源
< / a >
2017-09-25 21:41:08 +08:00
< / li >
2017-10-27 11:59:37 +08:00
< li class = "chapter " data-level = "1.5.3.7" data-path = "using-prometheus-to-monitor-kuberentes-cluster.html" >
2017-09-25 21:41:08 +08:00
< a href = "using-prometheus-to-monitor-kuberentes-cluster.html" >
4.3.8 使用Prometheus监控kubernetes集群
< / a >
2017-10-16 17:36:01 +08:00
< / li >
2017-10-27 11:59:37 +08:00
< li class = "chapter " data-level = "1.5.3.8" data-path = "using-heapster-to-get-object-metrics.html" >
2017-10-16 17:36:01 +08:00
< a href = "using-heapster-to-get-object-metrics.html" >
4.3.9 使用Heapster获取集群和对象的metric数据
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4" data-path = "storage.html" >
2017-08-21 17:44:43 +08:00
< a href = "storage.html" >
4.4 存储管理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1" data-path = "glusterfs.html" >
2017-08-21 17:44:43 +08:00
< a href = "glusterfs.html" >
4.4.1 GlusterFS
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1.1" data-path = "using-glusterfs-for-persistent-storage.html" >
2017-08-21 17:44:43 +08:00
< a href = "using-glusterfs-for-persistent-storage.html" >
4.4.1.1 使用GlusterFS做持久化存储
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1.2" data-path = "storage-for-containers-using-glusterfs-with-openshift.html" >
2017-08-21 17:44:43 +08:00
< a href = "storage-for-containers-using-glusterfs-with-openshift.html" >
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
< / a >
2017-09-01 21:04:51 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.2" data-path = "cephfs.html" >
2017-09-01 21:04:51 +08:00
< a href = "cephfs.html" >
4.4.2 CephFS
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.2.1" data-path = "using-ceph-for-persistent-storage.html" >
2017-09-01 21:04:51 +08:00
< a href = "using-ceph-for-persistent-storage.html" >
4.4.2.1 使用Ceph做持久化存储
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< / ul >
2017-10-19 15:31:08 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.5" data-path = "services-management-tool.html" >
2017-10-19 15:31:08 +08:00
< a href = "services-management-tool.html" >
4.5 服务编排管理
< / a >
2017-10-20 16:22:43 +08:00
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.5.1" data-path = "helm.html" >
< a href = "helm.html" >
2017-10-25 17:12:37 +08:00
4.5.1 使用Helm管理kubernetes应用
2017-10-20 16:22:43 +08:00
< / a >
2017-10-27 11:59:37 +08:00
< / li >
< li class = "chapter " data-level = "1.5.5.2" data-path = "create-private-charts-repo.html" >
< a href = "create-private-charts-repo.html" >
4.5.2 构建私有Chart仓库
< / a >
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.6" data-path = "ci-cd.html" >
< a href = "ci-cd.html" >
4.6 持续集成与发布
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.6.1" data-path = "jenkins-ci-cd.html" >
< a href = "jenkins-ci-cd.html" >
4.6.1 使用Jenkins进行持续集成与发布
< / a >
< / li >
< li class = "chapter " data-level = "1.5.6.2" data-path = "drone-ci-cd.html" >
< a href = "drone-ci-cd.html" >
4.6.2 使用Drone进行持续集成与发布
< / a >
2017-11-02 16:33:01 +08:00
< / li >
< / ul >
< / li >
< li class = "chapter " data-level = "1.5.7" data-path = "update-and-upgrade.html" >
< a href = "update-and-upgrade.html" >
4.7 更新与升级
< / a >
< ul class = "articles" >
< li class = "chapter " data-level = "1.5.7.1" data-path = "manually-upgrade.html" >
< a href = "manually-upgrade.html" >
4.7.1 手动升级kubernetes集群
< / a >
< / li >
< li class = "chapter " data-level = "1.5.7.2" data-path = "dashboard-upgrade.html" >
< a href = "dashboard-upgrade.html" >
4.7.2 升级dashboard
< / a >
2017-10-20 16:22:43 +08:00
< / li >
< / ul >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6" data-path = "../usecases/" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/" >
5. 领域应用
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.1" data-path = "../usecases/microservices.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/microservices.html" >
5.1 微服务架构
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.1.1" data-path = "../usecases/service-discovery-in-microservices.html" >
2017-09-20 21:55:19 +08:00
< a href = "../usecases/service-discovery-in-microservices.html" >
5.1.1 微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2" data-path = "../usecases/service-mesh.html" >
2017-09-20 21:55:19 +08:00
< a href = "../usecases/service-mesh.html" >
5.2 Service Mesh 服务网格
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1" data-path = "../usecases/istio.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/istio.html" >
5.1.1 Istio
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1.1" data-path = "../usecases/istio-installation.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/istio-installation.html" >
5.1.1.1 安装istio
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1.2" data-path = "../usecases/configuring-request-routing.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/configuring-request-routing.html" >
5.1.1.2 配置请求的路由规则
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.2" data-path = "../usecases/linkerd.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/linkerd.html" >
5.1.2 Linkerd
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.2.1" data-path = "../usecases/linkerd-user-guide.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/linkerd-user-guide.html" >
5.1.2.1 Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3" data-path = "../usecases/big-data.html" >
2017-08-21 17:44:43 +08:00
< a href = "../usecases/big-data.html" >
5.2 大数据
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3.1" data-path = "../usecases/spark-standalone-on-kubernetes.html" >
2017-08-21 17:44:43 +08:00
2017-08-30 14:20:52 +08:00
< a href = "../usecases/spark-standalone-on-kubernetes.html" >
2017-08-21 17:44:43 +08:00
2017-08-30 14:20:52 +08:00
5.2.1 Spark standalone on Kubernetes
2017-08-21 17:44:43 +08:00
< / a >
2017-08-31 14:23:44 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3.2" data-path = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
2017-09-14 15:57:50 +08:00
< a href = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-08-31 14:23:44 +08:00
5.2.2 运行支持kubernetes原生调度的Spark程序
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
2017-08-30 16:52:33 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.4" data-path = "../usecases/serverless.html" >
2017-08-30 16:52:33 +08:00
< a href = "../usecases/serverless.html" >
5.3 Serverless架构
< / a >
2017-10-27 19:09:01 +08:00
< / li >
< li class = "chapter " data-level = "1.6.5" data-path = "../usecases/edge-computing.html" >
< a href = "../usecases/edge-computing.html" >
5.4 边缘计算
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7" data-path = "../develop/" >
2017-08-21 17:44:43 +08:00
< a href = "../develop/" >
6. 开发指南
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.1" data-path = "../develop/developing-environment.html" >
2017-08-21 17:44:43 +08:00
< a href = "../develop/developing-environment.html" >
6.1 开发环境搭建
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.2" data-path = "../develop/testing.html" >
2017-08-21 17:44:43 +08:00
< a href = "../develop/testing.html" >
6.2 单元测试和集成测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.3" data-path = "../develop/client-go-sample.html" >
2017-08-21 17:44:43 +08:00
< a href = "../develop/client-go-sample.html" >
6.3 client-go示例
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.4" data-path = "../develop/contribute.html" >
2017-08-21 17:44:43 +08:00
< a href = "../develop/contribute.html" >
6.4 社区贡献
< / a >
2017-10-23 19:09:41 +08:00
< / li >
< li class = "chapter " data-level = "1.7.5" data-path = "../develop/minikube.html" >
< a href = "../develop/minikube.html" >
6.5 Minikube
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8" data-path = "../appendix/" >
2017-08-21 17:44:43 +08:00
< a href = "../appendix/" >
7. 附录
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.1" data-path = "../appendix/docker-best-practice.html" >
2017-08-21 17:44:43 +08:00
< a href = "../appendix/docker-best-practice.html" >
7.1 Docker最佳实践
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.2" data-path = "../appendix/issues.html" >
2017-08-21 17:44:43 +08:00
< a href = "../appendix/issues.html" >
7.2 问题记录
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.3" data-path = "../appendix/tricks.html" >
2017-08-21 17:44:43 +08:00
< a href = "../appendix/tricks.html" >
7.3 使用技巧
< / a >
2017-09-21 15:00:54 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.4" data-path = "../appendix/debug-kubernetes-services.html" >
2017-09-21 15:00:54 +08:00
< a href = "../appendix/debug-kubernetes-services.html" >
2017-10-27 11:59:37 +08:00
7.4 kubernetes中的应用故障排查
2017-09-21 15:00:54 +08:00
< / a >
2017-10-18 14:16:55 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.5" data-path = "../appendix/material-share.html" >
2017-10-18 14:16:55 +08:00
< a href = "../appendix/material-share.html" >
2017-10-18 16:53:12 +08:00
7.5 Kubernetes相关资讯和情报链接
2017-10-18 14:16:55 +08:00
< / a >
2017-08-21 17:44:43 +08:00
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
2017-09-19 22:01:07 +08:00
本书使用 GitBook 发布
2017-08-21 17:44:43 +08:00
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > 4.3.3 配置最佳实践< / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "配置最佳实践" > 配 置 最 佳 实 践 < / h1 >
< p > 本 文 档 旨 在 汇 总 和 强 调 用 户 指 南 、 快 速 开 始 文 档 和 示 例 中 的 最 佳 实 践 。 该 文 档 会 很 活 跃 并 持 续 更 新 中 。 如 果 你 觉 得 很 有 用 的 最 佳 实 践 但 是 本 文 档 中 没 有 包 含 , 欢 迎 给 我 们 提 Pull Request。 < / p >
< h2 id = "通用配置建议" > 通 用 配 置 建 议 < / h2 >
< ul >
< li > 定 义 配 置 文 件 的 时 候 , 指 定 最 新 的 稳 定 API版 本 ( 目 前 是 V1) 。 < / li >
< li > 在 配 置 文 件 push到 集 群 之 前 应 该 保 存 在 版 本 控 制 系 统 中 。 这 样 当 需 要 的 时 候 能 够 快 速 回 滚 , 必 要 的 时 候 也 可 以 快 速 的 创 建 集 群 。 < / li >
< li > 使 用 YAML格 式 而 不 是 JSON格 式 的 配 置 文 件 。 在 大 多 数 场 景 下 它 们 都 可 以 作 为 数 据 交 换 格 式 , 但 是 YAML格 式 比 起 JSON更 易 读 和 配 置 。 < / li >
< li > 尽 量 将 相 关 的 对 象 放 在 同 一 个 配 置 文 件 里 。 这 样 比 分 成 多 个 文 件 更 容 易 管 理 。 参 考 < a href = "https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/all-in-one/guestbook-all-in-one.yaml" target = "_blank" > guestbook-all-in-one.yaml< / a > 文 件 中 的 配 置 ( 注 意 , 尽 管 你 可 以 在 使 用 < code > kubectl< / code > 命 令 时 指 定 配 置 文 件 目 录 , 你 也 可 以 在 配 置 文 件 目 录 下 执 行 < code > kubectl create< / code > — — 查 看 下 面 的 详 细 信 息 ) 。 < / li >
< li > 为 了 简 化 和 最 小 化 配 置 , 也 为 了 防 止 错 误 发 生 , 不 要 指 定 不 必 要 的 默 认 配 置 。 例 如 , 省 略 掉 < code > ReplicationController< / code > 的 selector和 label, 如 果 你 希 望 它 们 跟 < code > podTemplate< / code > 中 的 label一 样 的 话 , 因 为 那 些 配 置 默 认 是 < code > podTemplate< / code > 的 label产 生 的 。 更 多 信 息 请 查 看 < a href = "https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/" target = "_blank" > guestbook app< / a > 的 yaml文 件 和 < a href = "https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/frontend-deployment.yaml" target = "_blank" > examples< / a > 。 < / li >
< li > 将 资 源 对 象 的 描 述 放 在 一 个 annotation中 可 以 更 好 的 内 省 。 < / li >
< / ul >
< h2 id = "裸的pods-vs-replication-controllers和-jobs" > 裸 的 Pods vs Replication Controllers和 Jobs< / h2 >
< ul >
< li > 如 果 有 其 他 方 式 替 代 “ 裸 的 “ pod( 如 没 有 绑 定 到 < a href = "https://kubernetes.io/docs/user-guide/replication-controller" target = "_blank" > replication controller < / a > 上 的 pod) , 那 么 就 使 用 其 他 选 择 。 在 node节 点 出 现 故 障 时 , 裸 奔 的 pod不 会 被 重 新 调 度 。 Replication Controller总 是 会 重 新 创 建 pod, 除 了 明 确 指 定 了 < a href = "https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy" target = "_blank" > < code > restartPolicy: Never< / code > < / a > 的 场 景 。 < a href = "https://kubernetes.io/docs/concepts/jobs/run-to-completion-finite-workloads/" target = "_blank" > Job< / a > 也 许 是 比 较 合 适 的 选 择 。 < / li >
< / ul >
< h2 id = "services" > Services< / h2 >
< ul >
< li > 通 常 最 好 在 创 建 相 关 的 < a href = "https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/" target = "_blank" > replication controllers< / a > 之 前 先 创 建 < a href = "https://kubernetes.io/docs/concepts/services-networking/service/" target = "_blank" > service< / a > , 你 也 可 以 在 创 建 Replication Controller的 时 候 不 指 定 replica数 量 ( 默 认 是 1) , 创 建 service后 , 在 通 过 Replication Controller来 扩 容 。 这 样 可 以 在 扩 容 很 多 个 replica之 前 先 确 认 pod是 正 常 的 。 < / li >
< li > 除 非 十 分 必 要 的 情 况 下 ( 如 运 行 一 个 node daemon) , 不 要 使 用 < code > hostPort< / code > ( 用 来 指 定 暴 露 在 主 机 上 的 端 口 号 ) 。 当 你 给 Pod绑 定 了 一 个 < code > hostPort< / code > , 该 pod可 被 调 度 到 的 主 机 的 受 限 了 , 因 为 端 口 冲 突 。 如 果 是 为 了 调 试 目 的 来 通 过 端 口 访 问 的 话 , 你 可 以 使 用 < a href = "https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/" target = "_blank" > kubectl proxy and apiserver proxy< / a > 或 者 < a href = "https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/" target = "_blank" > kubectl port-forward< / a > 。 你 可 使 用 < a href = "https://kubernetes.io/docs/concepts/services-networking/service/" target = "_blank" > Service< / a > 来 对 外 暴 露 服 务 。 如 果 你 确 实 需 要 将 pod的 端 口 暴 露 到 主 机 上 , 考 虑 使 用 < a href = "https://kubernetes.io/docs/user-guide/services/#type-nodeport" target = "_blank" > NodePort< / a > service。 < / li >
< li > 跟 < code > hostPort< / code > 一 样 的 原 因 , 避 免 使 用 < code > hostNetwork< / code > 。 < / li >
< li > 如 果 你 不 需 要 kube-proxy的 负 载 均 衡 的 话 , 可 以 考 虑 使 用 使 用 < a href = "https://kubernetes.io/docs/user-guide/services/#headless-services" target = "_blank" > headless services< / a > 。 < / li >
< / ul >
< h2 id = "使用label" > 使 用 Label< / h2 >
< ul >
< li > < p > 定 义 < a href = "https://kubernetes.io/docs/user-guide/labels/" target = "_blank" > labels< / a > 来 指 定 应 用 或 Deployment的 < strong > semantic attributes< / strong > 。 例 如 , 不 是 将 label附 加 到 一 组 pod来 显 式 表 示 某 些 服 务 ( 例 如 , < code > service:myservice< / code > ) , 或 者 显 式 地 表 示 管 理 pod的 replication controller( 例 如 , < code > controller:mycontroller< / code > ) , 附 加 label应 该 是 标 示 语 义 属 性 的 标 签 , 例 如 < code > {app:myapp,tier:frontend,phase:test,deployment:v3}< / code > 。 这 将 允 许 您 选 择 适 合 上 下 文 的 对 象 组 — — 例 如 , 所 有 的 ” tier:frontend“ pod的 服 务 或 app是 “ myapp” 的 所 有 “ 测 试 ” 阶 段 组 件 。 有 关 此 方 法 的 示 例 , 请 参 阅 < a href = "https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook/" target = "_blank" > guestbook< / a > 应 用 程 序 。 < / p >
< p > 可 以 通 过 简 单 地 从 其 service的 选 择 器 中 省 略 特 定 于 发 行 版 本 的 标 签 , 而 不 是 更 新 服 务 的 选 择 器 来 完 全 匹 配 replication controller的 选 择 器 , 来 实 现 跨 越 多 个 部 署 的 服 务 , 例 如 滚 动 更 新 。 < / p >
< / li >
< li > < p > 为 了 滚 动 升 级 的 方 便 , 在 Replication Controller的 名 字 中 包 含 版 本 信 息 , 例 如 作 为 名 字 的 后 缀 。 设 置 一 个 < code > version< / code > 标 签 页 是 很 有 用 的 。 滚 动 更 新 创 建 一 个 新 的 controller而 不 是 修 改 现 有 的 controller。 因 此 , version含 混 不 清 的 controller名 字 就 可 能 带 来 问 题 。 查 看 < a href = "https://kubernetes.io/docs/tasks/run-application/rolling-update-replication-controller/" target = "_blank" > Rolling Update Replication Controller< / a > 文 档 获 取 更 多 关 于 滚 动 升 级 命 令 的 信 息 。 < / p >
< p > 注 意 < a href = "https://kubernetes.io/docs/concepts/workloads/controllers/deployment/" target = "_blank" > Deployment< / a > 对 象 不 需 要 再 管 理 replication controller 的 版 本 名 。 Deployment 中 描 述 了 对 象 的 期 望 状 态 , 如 果 对 spec的 更 改 被 应 用 了 话 , Deployment controller 会 以 控 制 的 速 率 来 更 改 实 际 状 态 到 期 望 状 态 。 ( Deployment目 前 是 < a href = "https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups" target = "_blank" > < code > extensions< / code > API Group< / a > 的 一 部 分 ) 。 < / p >
< / li >
< li > < p > 利 用 label做 调 试 。 因 为 Kubernetes replication controller和 service使 用 label来 匹 配 pods, 这 允 许 你 通 过 移 除 pod中 的 label的 方 式 将 其 从 一 个 controller或 者 service中 移 除 , 原 来 的 controller会 创 建 一 个 新 的 pod来 取 代 移 除 的 pod。 这 是 一 个 很 有 用 的 方 式 , 帮 你 在 一 个 隔 离 的 环 境 中 调 试 之 前 的 “ 活 着 的 ” pod。 查 看 < a href = "https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/" target = "_blank" > < code > kubectl label< / code > < / a > 命 令 。 < / p >
< / li >
< / ul >
< h2 id = "容器镜像" > 容 器 镜 像 < / h2 >
< ul >
< li > < p > < a href = "https://kubernetes.io/docs/concepts/containers/images/" target = "_blank" > 默 认 容 器 镜 像 拉 取 策 略 < / a > 是 < code > IfNotPresent< / code > , 当 本 地 已 存 在 该 镜 像 的 时 候 < a href = "https://kubernetes.io/docs/admin/kubelet/" target = "_blank" > Kubelet< / a > 不 会 再 从 镜 像 仓 库 拉 取 。 如 果 你 希 望 总 是 从 镜 像 仓 库 中 拉 取 镜 像 的 话 , 在 yaml文 件 中 指 定 镜 像 拉 取 策 略 为 < code > Always< / code > ( < code > imagePullPolicy: Always< / code > ) 或 者 指 定 镜 像 的 tag为 < code > :latest< / code > 。 < / p >
< p > 如 果 你 没 有 将 镜 像 标 签 指 定 为 < code > :latest< / code > , 例 如 指 定 为 < code > myimage:v1< / code > , 当 该 标 签 的 镜 像 进 行 了 更 新 , kubelet也 不 会 拉 取 该 镜 像 。 你 可 以 在 每 次 镜 像 更 新 后 都 生 成 一 个 新 的 tag( 例 如 < code > myimage:v2< / code > ) , 在 配 置 文 件 中 明 确 指 定 该 版 本 。 < / p >
< p > < strong > 注 意 : < / strong > 在 生 产 环 境 下 部 署 容 器 应 该 尽 量 避 免 使 用 < code > :latest< / code > 标 签 , 因 为 这 样 很 难 追 溯 到 底 运 行 的 是 哪 个 版 本 的 容 器 和 回 滚 。 < / p >
< / li >
< / ul >
< h2 id = "使用kubectl" > 使 用 kubectl< / h2 >
< ul >
< li > 尽 量 使 用 < code > kubectl create -f < directory> < / code > 。 kubeclt会 自 动 查 找 该 目 录 下 的 所 有 后 缀 名 为 < code > .yaml< / code > 、 < code > .yml< / code > 和 < code > .json< / code > 文 件 并 将 它 们 传 递 给 < code > create< / code > 命 令 。 < / li >
< li > 使 用 < code > kubectl delete< / code > 而 不 是 < code > stop< / code > . < code > Delete< / code > 是 < code > stop< / code > 的 超 集 , < code > stop< / code > 已 经 被 弃 用 。 < / li >
< li > 使 用 kubectl bulk 操 作 ( 通 过 文 件 或 者 label) 来 get和 delete。 查 看 < a href = "https://kubernetes.io/docs/user-guide/labels/#label-selectors" target = "_blank" > label selectors < / a > 和 < a href = "https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively" target = "_blank" > using labels effectively< / a > 。 < / li >
< li > 使 用 < code > kubectl run< / code > 和 < code > expose< / code > 命 令 快 速 创 建 只 有 单 个 容 器 的 Deployment。 查 看 < a href = "https://kubernetes.io/docs/user-guide/quick-start/" target = "_blank" > quick start guide< / a > 中 的 示 例 。 < / li >
< / ul >
< h2 id = "参考" > 参 考 < / h2 >
2017-10-09 15:28:05 +08:00
< p > < a href = "https://kubernetes.io/docs/concepts/configuration/overview/" target = "_blank" > Configuration Best Practices< / a > < / p >
< footer class = "page-footer" > < span class = "copyright" > Copyright © jimmysong.io 2017 all right reserved, powered by Gitbook< / span > < span class = "footer-modification" > Updated:
2017-08-21 18:23:34
< / span > < / footer >
2017-08-21 17:44:43 +08:00
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< a href = "app-log-collection.html" class = "navigation navigation-prev " aria-label = "Previous page: 4.3.2 应用日志收集" >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a href = "monitor.html" class = "navigation navigation-next " aria-label = "Next page: 4.3.4 集群及应用监控" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2017-11-07 10:29:19 +08:00
gitbook.page.hasChanged({"page":{"title":"4.3.3 配置最佳实践","level":"1.5.3.3","depth":3,"next":{"title":"4.3.4 集群及应用监控","level":"1.5.3.4","depth":3,"path":"practice/monitor.md","ref":"practice/monitor.md","articles":[]},"previous":{"title":"4.3.2 应用日志收集","level":"1.5.3.2","depth":3,"path":"practice/app-log-collection.md","ref":"practice/app-log-collection.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.1","level":"1.2","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":1,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.2","level":"1.2","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":2,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.3","level":"1.2","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":3,"url":"../images/12-factor-app.png","index":3,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.4","level":"1.2","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":4,"url":"../images/kubernetes-jenkins-ci-cd.png","index":4,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.5","level":"1.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":5,"url":"../images/filebeat-l
2017-08-21 17:44:43 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
2017-09-19 21:38:03 +08:00
< script src = "../gitbook/gitbook-plugin-back-to-top-button/plugin.js" > < / script >
2017-08-21 17:44:43 +08:00
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
2017-10-09 15:28:05 +08:00
< script src = "../gitbook/gitbook-plugin-github-buttons/plugin.js" > < / script >
2017-10-11 18:13:13 +08:00
< script src = "../gitbook/gitbook-plugin-3-ba/plugin.js" > < / script >
2017-08-21 17:44:43 +08:00
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >