适用人群:有Docker基础,想学容器编排
难度:高
预计学习时间:40-60小时
为什么学云原生?
| 优势 | 说明 |
|---|
| 行业趋势 | 企业上云是必然趋势 |
| 高薪岗位 | K8s工程师、SRE、平台工程师 |
| 技术深度 | 理解现代应用部署架构 |
| 生态庞大 | CNCF项目数百个 |
学习路线
第1阶段:Docker深入(1周)
├── Dockerfile最佳实践
├── 多阶段构建
├── Docker网络模型
├── Docker Compose编排
└── 镜像优化与安全
第2阶段:Kubernetes基础(3周)
├── K8s架构(Master/Node/etcd)
├── Pod/Deployment/Service
├── ConfigMap/Secret
├── Namespace/ResourceQuota
├── Ingress
└── PV/PVC存储
第3阶段:Kubernetes进阶(2周)
├── Helm包管理
├── RBAC权限管理
├── 网络策略
├── 自动伸缩(HPA/VPA)
├── 调度策略
└── 日志与监控
第4阶段:云原生生态(2周)
├── CI/CD(ArgoCD/Flux)
├── 服务网格(Istio)
├── 可观测性(Prometheus/Grafana/Jaeger)
├── Serverless(Knative)
└── GitOps工作流
核心资源清单
# Pod
apiVersion: v1
kind: Pod
metadata:
name: my-app
labels:
app: my-app
spec:
containers:
- name: my-app
image: nginx:1.24
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 10
periodSeconds: 5
---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: my-app:v1.0
ports:
- containerPort: 8080
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: db-host
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: app-secrets
key: db-password
---
# Service
apiVersion: v1
kind: Service
metadata:
name: my-app-svc
spec:
type: ClusterIP
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
---
# Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-svc
port:
number: 80
---
# ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
db-host: "mysql.default.svc.cluster.local"
db-port: "3306"
app-env: "production"
---
# Secret
curl -v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
data:
db-password: cGFzc3dvcmQxMjM= # base64编码
常用命令速查
# 集群管理
kubectl get nodes # 查看节点
kubectl get pods -A # 查看所有Pod
kubectl get svc # 查看Service
kubectl describe pod <name> # 查看Pod详情
kubectl logs <pod-name> -f # 查看日志
kubectl exec -it <pod> -- /bin/sh # 进入容器
# 部署管理
kubectl apply -f deployment.yaml # 创建/更新
kubectl delete -f deployment.yaml # 删除
kubectl scale deploy my-app --replicas=5 # 扩容
kubectl rollout status deploy my-app # 查看滚动状态
kubectl rollout undo deploy my-app # 回滚
# 调试
kubectl get events --sort-by=.metadata.creationTimestamp
kubectl top pods # 资源使用
kubectl port-forward svc/my-app 8080:80 # 端口转发
Helm Chart 示例
# Chart.yaml
apiVersion: v2
name: my-app
version: 1.0.0
appVersion: "1.0.0"
# values.yaml
replicaCount: 3
image:
repository: my-app
tag: v1.0
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
ingress:
enabled: true
host: app.example.com
resources:
requests:
memory: 128Mi
cpu: 250m
# templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "my-app.fullname" . }}
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
推荐资源
| 资源 | 说明 |
|---|
| Kubernetes官方文档 | 最权威的K8s文档 |
| CNCF Landscape | 云原生生态全景图 |
| KillerCoda | 在线K8s练习环境 |
| KodeKloud | K8s实战课程 |
| 《Kubernetes in Action》 | 经典K8s书籍 |