0
点赞
收藏
分享

微信扫一扫

kubernetes学习笔记4-pod



Pod资源定义​


自主式pod资源,很少用到,手动创建的资源,用kubectl delete后不会自动创建,而使用pod控制器管理的才会按照用户期望的重新创建

资源清单:一级字段(apiVersion|kind|metadata|spec|status,status只读不用定义


pod资源:

kubectl explain pods.spec.containers #containers <[]object>

- name <string>

image <string>

ports <[]string> #

imagePullPolicy <string> #Always|Never|IfNotPresent,标签是latest则默认是Always,可手动设置此项为IfNotPresent

command <[]string>

args <[]string>


Usage:

kubectl explain RESOURCE [options]

kuberctl explain pods.spec.containers


- name <string>

image <string>


默认Always总是到registry下下载镜像|Never总是不下载|IfNotPresent本地没有才下载,如果标签是latest则为Always;这个字段不能直接改(如不能edit)cannot be updated;


仅是附加信息,不能起到暴露端口的作用,不同于docker的-p,kubectl explain pods.spec.containers.ports,常用ContainerPort,protocol默认tcp


,不能运行在shell中(要自己指)

向command中传参,变量引用格式为$(VAR_NAME)同shell的命令替换,


nodeSelector <map[string]string> #节点标签选择器,定义pod仅运行在指定标签的节点上

nodeName <string> #定义容器仅运行在指定的节点上


annotations #资源注解,与label不同的是,它不能用于挑选资源对象,仅用于为对象提供元数据,kv无长度限制,而label最多允许63个字符;


restartPolicy <string> #Always默认|OnFailure|Never,pod每次重启时间基本上是上次时间的2倍,如第1次隔30s,第2次隔1min,第3次2min



kubectl logs #排错用,-c CONTAINER_NAME


标签:

标签和资源对象,多对多关系,实际中,可对1个资源施加多个不同的标签,实现不同维度的管理;

标签的key和value,长度最多63,带前缀不能超过253个字符,key和value只能使用字母|数字|下划线|-|.这5种,且只能以字母或数字开头和结尾;value可为空;kv要见明知义;


标签选择器:

等值关系,=|==|!=;

集合关系,KEY in (VALUE1,VALUE2,...),KEY notin (VALUE1,...),KEY,!KEY;


许多资源支持内嵌字段,使用的标签选择器:

matchLabels,直接给定kv;

matchExpressions,基于给定的表达式来定义使用的标签选择器,{key: "KEY", operator: "OPERATOR", values:[VALUE1,...]},操作符In|NotIn|Exists|NotExists,In和NotIn(values字段的值必须为非空列表),Exists|NotExists(values字段必须为空列表);


kubectl create -f mainfests/pod-demo.yaml

kubectl delete -f mainfests/pod-demo.yaml

kubectl describe pods pod-demo

kubectl get pods --show-labels

kubectl get pods -L app #显示有app标签的

kubectl get pods -l app #过滤

kubectl get pods -l app --show-labels

kubectl label pods pod-demo release=canary #打标签

kubectl get pods -l app --show-labels

kubectl label pods pod-demo release=stable --overwrite #更改时要指定--overwrite

kubectl get pods -l release,app

kubectl get pods -l release=stable,app=myapp

kubectl get pods -l release!=canary

kubectl get pods -l "release in (canary,beta,alpha)"

kubectl get pods -l "release notin (canary,beta,alpha)"

kubectl label nodes node01.magedu.com disktype=ssd

kubectl get nodes --show-labels

kubectl get pods -o wide #显示IP和NODE


注:

command和args关系:

command对应docker的Entrypoint;

args对应docker的Cmd;

command,args都不指,使用docker镜像中定义的;

有command没args,仅运行command,docker镜像的Entrypoint和Cmd忽略;

没command有args,运行docker镜像的Entrypoint,args作为参数传给Entrypoint,不用docker镜像的Cmd;

command有args有,docker镜像的Entrypoint和Cmd忽略;

kubernetes学习笔记4-pod_kubernetes


kubernetes学习笔记4-pod_pod_02



kubectl get pods -L app #显示标签为app

kubectl get pods -l app #过滤,仅显示标签app有值的pod

kubectl get pods -L app,run

kubectl label pods pod-demo release=canary #打标签

kubectl get pods -l app --show-labels

kubectl label pods pod-demo release=stable --overwrite #改标签

kubectl get pods -l release,app

kubectl get pods -l release=stable --show-labels

kubectl get pods -l release=stable,app=myapp

kubectl get pods -l "release in (canary,beta,alpha)"

kubectl get pods -l "release notin (canary,beta,alpha)"

kubectl get nodes --show-labels #标签前缀必须为域名(最长为253个字符),如beta.kubernetes.io

kubectl label nodes mode01.magedu.com disktype=ssd #给节点打标签,添加资源时可让资源对节点有倾向性

kubectl delete -f pod-demo.yaml

kubectl create -f pod-demo.yaml

kubectl describe pods pod-demo #查看pod是否在指定标签disktype=ssd上,查看Annotations

kubectl describe pods pod-demo


例:

apiVersion: v1

kind: Pod

metadata:

name: pod-demo

namespace: default

labels:

app: myapp

tier: frontend

annotations:

magedu.com/created-by: cluster admin

spec:

containers:

- name: myapp

image: ikubernetes/myapp:v1

ports:

- name: http

containerPort: 80

- name: https

containerPort: 443

- name: busybox

image: busybox:latest

imagePullPolicy: IfNotPresent

command:

- "/bin/sh"

- "-c"

- "sleep 3600"

nodeSelector:

disktype: ssd



pod的生命周期:​

1个容器内部可运行多个进程,一般我们只运行1个进程;

1个Pod内部可运行多个容器(主容器和side car容器),一般我们只运行1个容器;

init container,初始化容器,依次串行执行;

main container,主容器运行前后有,post start和pre stop,可理解为2个钩子,类似awk的begin和end;主容器运行过程中有,linveness probe存活状态检测和readiness probe就绪状态(容器中的主进程是否准备就绪可对外提供服务)检测,3种探测行为,执行自定义命令ExecAction|向指定的套接字发请求TCPSocketAction|向指定的http服务发请求HTTPGetAction

注:docker中没有liveness probe,因为一旦进程退出容器就不在;k8s中有这2种探测,pod中可有多个容器;

kubernetes学习笔记4-pod_kubernetes_03


pod状态:

pending挂起,条件不满足,调度没完成,如pod-demo创建后没有标签为disktype: ssd的节点;

running,

failed,

succeeded,

unknown,


创建pod,经历如下阶段,

用户请求-->apiserver-->目标状态保存到etcd中,

apiserver-->schedule-->调度成功的结果保存到etcd中;

目标节点的kubelet通过apiserver知道有个新任务给它,在它的节点上创建并启动pod,执行成功或失败的状态发给apiserver-->etcd中;


pod的终止,pod发生故障或异常,应平滑终止,向pod内的每个容器发送term信号,有宽限期一般是30s,时间到了还没结束,再发送kill信号;


探针类型有3种:

ExecAction,exec;

TCPSocketAction,tcpSocket;

HTTPGetAction,httpGet;


kuberctl explain pods.spec.containers.livenessProbe

livenessProbe <Object> #exec|httpGet|tcpSocket,只需定义1种探针,failureThreshold <integer>默认探测3次才算失败,successThreshold默认成功1次,periodSeconds <integer>默认每隔10s探测1次,timeoutSeconds <integer>默认探测1s超时,initialDelaySeconds <integer>确保应用就绪后再探测,第1次探测开始的时间


kubectl explain pods.spec.containers.livenessProbe.exec

command <[]string> #返回0健康,非0不健康

kubectl explain pods.spec.containers.livenessProbe.httpGet

kubectl explain pods.spec.containers.livenessProbe.tcpSocket


例:

vim mainfests/liveness-exec.yaml

apiVersion: v1

kind: Pod

metadata:

name: liveness-exec-pod

namespace: default

spec:

containers:

- name: liveness-exec-container

image: busybox:latest

imagePullPolicy: IfNotPresent

command: ["/bin/sh","-c","touch /tmp/healthy;sleep 30; rm -f /tmp/healthy;sleep 3600"]

livenessProbe:

exec:

command: ["test","-e","/tmp/healthy"]

initialDelaySeconds: 2

periodSeconds: 3


kubectl create -f liveness-exec.yaml

kubectl get pods -w #RESTARTS中

kubectl describe pods liveness-execXXXX #看Containers,Restart Count,默认Always会重启


例:

vim mainfests/liveness-httpget.yaml

apiVersion: v1

kind: Pod

metadata:

name: liveness-httpget-pod

namespace: default

spec:

containers:

- name: liveness-httpget-container

image: ikubernetes/myapp:v1

imagePullPolicy: IfNotPresent

ports:

- name: http

containerPort: 80

livenessProbe:

httpGet:

port: http

path: /index.html

initialDelaySeconds: 1

periodSeconds: 3


kubectl create -f liveness-httpget.yaml

kubectl describe pods liveness-httpgetXXXX #查看liveness-httpget-container

kubectl exec -it liveness-httpget-pod -- /bin/sh

rm -f /usr/share/nginx/html/index.html

kubectl describe pods liveness-httpget-pod

kubectl get pods #RESTARTS



例:

vim mainfests/readiness-httpget.yaml

apiVersion: v1

kind: Pod

metadata:

name: readiness-httpget-pod

namespace: default

spec:

containers:

- name: readiness-httpget-container

image: ikubernetes/myapp:v1

imagePullPolicy: IfNotPresent

ports:

- name: http

containerPort: 80

readinessProbe:

httpGet:

port: http

path: /index.html

initialDelaySeconds: 1

periodSeconds: 3


kubectl create -f readiness-httpget.yaml

kubectl get pods

kubectl exec -it readiness-httpget-pod -- /bin/sh

rm -f /usr/share/nginx/html/index.html

kubectl get pods



例:

kubectl explain pods.spec.containers.lifecycle

kubectl explain pods.spec.containers.lifecycle.postStart #exec|httpGet|tcpSocket

kubectl explain pods.spec.containers.lifecycle.preStop


vim poststart-pod.yaml

apiVersion: v1

kind: Pod

metadata:

name: poststart-pod

namespace: default

spec:

containers:

- name: busybox-httpd

image: busybox:latest

imagePullPolicy: IfNotPresent

lifecycle:

postStart:

exec:

command: ["/bin/sh","-c","mkdir -p /data/web/html; echo home_page > /data/web/html/index.html"]

command: ["/bin/httpd" ]

有问题,此处路径不能依赖postStart中创建的


kubectl create -f poststart-pod.yaml

kubectl delete -f poststart-pod.yaml






举报

相关推荐

0 条评论