Kubernetes 概述
Kubernetes(K8s)是容器编排的标准工具。Claude Code 可以帮你编写 K8s 配置文件并部署应用。
前置知识
本教程假设你已经了解 Docker 容器化基础。
Kubernetes 核心概念
Kubernetes 架构:
┌─────────────────────────────────────────┐
│ Master Node (Control Plane) │
│ ┌─────────┐ ┌─────────┐ ┌───────────┐ │
│ │ API │ │ Scheduler│ │ Controller│ │
│ │ Server │ │ │ │ Manager │ │
│ └─────────┘ └─────────┘ └───────────┘ │
└─────────────────────────────────────────┘
↑ 管理的服务 ↓
┌─────────────────────────────────────────┐
│ Worker Node 1 │
│ ┌─────┐ ┌─────┐ ┌─────┐ │
│ │ Pod │ │ Pod │ │ Pod │ │
│ └─────┘ └─────┘ └─────┘ │
└─────────────────────────────────────────┘
基础 YAML 配置
Deployment
bash
帮我创建一个 Node.js 应用的 Kubernetes Deployment 配置文件。yaml
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
version: v1
spec:
replicas: 3
selector:
matchLabels:
app: myapp
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: myapp
version: v1
spec:
containers:
- name: myapp
image: myapp:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: http
protocol: TCP
env:
- name: NODE_ENV
value: "production"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: myapp-secrets
key: database-url
- name: REDIS_URL
value: "redis://redis-service:6379"
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 10"]Service
yaml
# k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-service
labels:
app: myapp
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 3000
protocol: TCP
name: http
selector:
app: myappIngress
yaml
# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "30"
nginx.ingress.kubernetes.io/proxy-send-timeout: "30"
spec:
ingressClassName: nginx
tls:
- hosts:
- myapp.example.com
secretName: myapp-tls
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp-service
port:
number: 80ConfigMap 和 Secret
ConfigMap
yaml
# k8s/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myapp-config
data:
APP_ENV: "production"
LOG_LEVEL: "info"
CACHE_TTL: "3600"
MAX_UPLOAD_SIZE: "10485760"Secret
yaml
# k8s/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
type: Opaque
stringData:
database-url: "postgresql://user:password@db-service:5432/myapp"
redis-password: "your-redis-password"
jwt-secret: "your-jwt-secret-key"数据库配置
PostgreSQL StatefulSet
yaml
# k8s/postgres.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
spec:
serviceName: postgres-service
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: myapp-secrets
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: myapp-secrets
key: postgres-password
- name: POSTGRES_DB
value: "myapp"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "500m"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: postgres-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "standard"
resources:
requests:
storage: 10GiRedis
yaml
# k8s/redis.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7-alpine
command: ["redis-server", "--requirepass", "$(REDIS_PASSWORD)"]
ports:
- containerPort: 6379
name: redis
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: myapp-secrets
key: redis-password
resources:
requests:
memory: "128Mi"
cpu: "50m"
limits:
memory: "512Mi"
cpu: "200m"
volumeMounts:
- name: redis-data
mountPath: /data
volumes:
- name: redis-data
persistentVolumeClaim:
claimName: redis-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-pvc
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "standard"
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: redis-service
spec:
clusterIP: None
selector:
app: redis
ports:
- port: 6379
targetPort: 6379Horizontal Pod Autoscaler
yaml
# k8s/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: myapp-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15完整的部署清单
kustomization.yaml
bash
帮我创建一个 Kustomize 配置来管理不同环境的部署。yaml
# k8s/overlays/production/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: production
bases:
- ../../base
namePrefix: prod-
commonLabels:
environment: production
patchesStrategicMerge:
- deployment-patch.yaml
images:
- name: myapp:latest
newName: registry.example.com/myapp
newTag: "v1.0.0"
secretGenerator:
- name: prod-secrets
envs:
- secrets.env
configMapGenerator:
- name: prod-config
envs:
- config.envyaml
# k8s/overlays/production/deployment-patch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 5
template:
spec:
containers:
- name: myapp
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "1Gi"
cpu: "1000m"常用命令
bash
# 应用配置
kubectl apply -f k8s/
# 查看 pods
kubectl get pods -o wide
# 查看日志
kubectl logs -f myapp-xxx
# 进入 pod
kubectl exec -it myapp-xxx -- sh
# 扩缩容
kubectl scale deployment myapp --replicas=5
# 滚动更新
kubectl set image deployment/myapp myapp=myapp:v2
# 回滚
kubectl rollout undo deployment/myapp
# 查看状态
kubectl rollout status deployment/myapp
# 删除
kubectl delete -f k8s/生产环境注意
生产环境应使用高可用配置、设置资源限制、配置健康检查、启用自动扩缩容。
总结
使用 Claude Code 编写 Kubernetes 配置:
- 使用 Deployment 管理应用
- 通过 Service 发现和负载均衡
- 使用 ConfigMap/Secret 管理配置
- 配置 HPA 实现自动扩缩容
- 使用 Kustomize 管理多环境
- 遵循 K8s 最佳实践