集群环境的共享与隔离

  • k8s通过命令空间和Context的设置来对不同的工作组进行分区,使得它们既可以共享同一个k8s集群服务,也能够互不干扰

  • 假设在我们的组织中有两个工作组:开发组和生产运维组。开发组在k8s集群中需要不断创建、修改、删除各Pod、RC、Service等资源对象,以便实现敏捷开发的过程。而生产运维组则需要使用严格的权限设置来确保生产系统中的Pod、RC、Service处于正常运行状态

1. 创建两个命名空间

[root@t71 namespace]# vim namespace-development.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: development


[root@t71 namespace]# vim namespace-production.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: production


[root@t71 namespace]# kubectl create -f namespace-development.yaml
namespace/development created
[root@t71 namespace]# kubectl create -f namespace-production.yaml
namespace/production created

2.定义Context(运行环境)

为两个工作组分别定义一个Context,这个运行环境将属于某个特定的命名空间

[root@t71 namespace]# kubectl config set-cluster kubernetes-cluster --server=http://192.168.4.71:8080
Cluster "kubernetes-cluster" set.
[root@t71 namespace]# kubectl config set-context ctx-dev --namespace=development --cluster=kubernetes-cluster --user=dev
Context "ctx-dev" created.
[root@t71 namespace]# kubectl config set-context ctx-pro --namespace=production --cluster=kubernetes-cluster --user=prod
Context "ctx-pro" created.

kubectl config view命令查看已定义的Context

[root@t71 namespace]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    server: http://192.168.4.71:8080
  name: kubernetes-cluster
contexts:
- context:
    cluster: kubernetes-cluster
    namespace: development
    user: dev
  name: ctx-dev
- context:
    cluster: kubernetes-cluster
    namespace: production
    user: prod
  name: ctx-pro
current-context: ""
kind: Config
preferences: {}
users: []

kubectl config命令在$HOME/.kube目录生成了一个名为config的文件,文件内容就是kubectl config view命令查看到的内容

3. 设定工作组在特定Context环境中工作

  • 3.1 使用kubectl config use-context 命令来设置当前的运行环境
[root@t71 namespace]# kubectl config use-context ctx-dev
Switched to context "ctx-dev".
[root@t71 namespace]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    server: http://192.168.4.71:8080
  name: kubernetes-cluster
contexts:
- context:
    cluster: kubernetes-cluster
    namespace: development
    user: dev
  name: ctx-dev
- context:
    cluster: kubernetes-cluster
    namespace: production
    user: prod
  name: ctx-pro
current-context: ctx-dev
kind: Config
preferences: {}
users: []
[root@t71 namespace]#
  • 3.2 在ctx-dev环境中创建pod
[root@t71 namespace]# vim centos_deploy.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: centos-deploy
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: centos
    spec:
      containers:
      - name: centos
        image: centos:7.5.1804
        command: ['/usr/sbin/init']
[root@t71 namespace]# kubectl  create -f centos_deploy.yaml
deployment.extensions/centos-deploy created
  • 3.3 查看deploy和pod
[root@t71 namespace]# kubectl  get pods
NAME                             READY   STATUS    RESTARTS   AGE
centos-deploy-557dd464d7-2qd5g   1/1     Running   0          4m50s
centos-deploy-557dd464d7-dgmzg   1/1     Running   0          4m50s
centos-deploy-557dd464d7-w8n8w   1/1     Running   0          4m50s
[root@t71 namespace]# kubectl get deploy
NAME            READY   UP-TO-DATE   AVAILABLE   AGE
centos-deploy   3/3     3            3           4m56s
[root@t71 namespace]#
  • 3.4 切换到生产运维组的运行环境
[root@t71 namespace]# kubectl config use-context ctx-pro
Switched to context "ctx-pro".
[root@t71 namespace]# kubectl get pods
No resources found.
[root@t71 namespace]# kubectl get deploy
No resources found.
[root@t71 namespace]# 
  • 3.5 使用同一个yaml文件在ctx-pro中创建3个pod
[root@t71 namespace]# kubectl  create -f centos_deploy.yaml
deployment.extensions/centos-deploy created
[root@t71 namespace]# kubectl  get pods
NAME                             READY   STATUS    RESTARTS   AGE
centos-deploy-557dd464d7-8c4qx   1/1     Running   0          9s
centos-deploy-557dd464d7-bthzb   1/1     Running   0          9s
centos-deploy-557dd464d7-x7lds   1/1     Running   0          9s
[root@t71 namespace]# kubectl  get deploy
NAME            READY   UP-TO-DATE   AVAILABLE   AGE
centos-deploy   3/3     3            3           23s
[root@t71 namespace]# 

这样,两个不同的运行环境中,有相同的Deployment和pod,但是可以创建成功,并且互不干扰,能够在同意额kubernetes集群中同时工作

12-17 09:33