Pod资源定义
自主式pod资源,很少用到,手动创建的资源,用kubectl delete后不会自动创建,而使用pod控制器管理的才会按照用户期望的重新创建;
资源清单:一级字段(apiVersion|kind|metadata|spec|status,status只读不用定义)
pod资源:
kubectl explain pods.spec.containers #containers <[]object>
- name <string>
image <string>
ports <[]string> #
imagePullPolicy <string> #Always|Never|IfNotPresent,标签是latest则默认是Always,可手动设置此项为IfNotPresent
command <[]string>
args <[]string>
Usage:
kubectl explain RESOURCE [options]
kuberctl explain pods.spec.containers
- name <string>
image <string>
默认Always总是到registry下下载镜像|Never总是不下载|IfNotPresent本地没有才下载,如果标签是latest则为Always;这个字段不能直接改(如不能edit)cannot be updated;
仅是附加信息,不能起到暴露端口的作用,不同于docker的-p,kubectl explain pods.spec.containers.ports,常用ContainerPort,protocol默认tcp
,不能运行在shell中(要自己指)
向command中传参,变量引用格式为$(VAR_NAME)同shell的命令替换,
nodeSelector <map[string]string> #节点标签选择器,定义pod仅运行在指定标签的节点上
nodeName <string> #定义容器仅运行在指定的节点上
annotations #资源注解,与label不同的是,它不能用于挑选资源对象,仅用于为对象提供元数据,kv无长度限制,而label最多允许63个字符;
restartPolicy <string> #Always默认|OnFailure|Never,pod每次重启时间基本上是上次时间的2倍,如第1次隔30s,第2次隔1min,第3次2min
kubectl logs #排错用,-c CONTAINER_NAME
标签:
标签和资源对象,多对多关系,实际中,可对1个资源施加多个不同的标签,实现不同维度的管理;
标签的key和value,长度最多63,带前缀不能超过253个字符,key和value只能使用字母|数字|下划线|-|.这5种,且只能以字母或数字开头和结尾;value可为空;kv要见明知义;
标签选择器:
等值关系,=|==|!=;
集合关系,KEY in (VALUE1,VALUE2,...),KEY notin (VALUE1,...),KEY,!KEY;
许多资源支持内嵌字段,使用的标签选择器:
matchLabels,直接给定kv;
matchExpressions,基于给定的表达式来定义使用的标签选择器,{key: "KEY", operator: "OPERATOR", values:[VALUE1,...]},操作符In|NotIn|Exists|NotExists,In和NotIn(values字段的值必须为非空列表),Exists|NotExists(values字段必须为空列表);
kubectl create -f mainfests/pod-demo.yaml
kubectl delete -f mainfests/pod-demo.yaml
kubectl describe pods pod-demo
kubectl get pods --show-labels
kubectl get pods -L app #显示有app标签的
kubectl get pods -l app #过滤
kubectl get pods -l app --show-labels
kubectl label pods pod-demo release=canary #打标签
kubectl get pods -l app --show-labels
kubectl label pods pod-demo release=stable --overwrite #更改时要指定--overwrite
kubectl get pods -l release,app
kubectl get pods -l release=stable,app=myapp
kubectl get pods -l release!=canary
kubectl get pods -l "release in (canary,beta,alpha)"
kubectl get pods -l "release notin (canary,beta,alpha)"
kubectl label nodes node01.magedu.com disktype=ssd
kubectl get nodes --show-labels
kubectl get pods -o wide #显示IP和NODE
注:
command和args关系:
command对应docker的Entrypoint;
args对应docker的Cmd;
command,args都不指,使用docker镜像中定义的;
有command没args,仅运行command,docker镜像的Entrypoint和Cmd忽略;
没command有args,运行docker镜像的Entrypoint,args作为参数传给Entrypoint,不用docker镜像的Cmd;
command有args有,docker镜像的Entrypoint和Cmd忽略;
kubectl get pods -L app #显示标签为app
kubectl get pods -l app #过滤,仅显示标签app有值的pod
kubectl get pods -L app,run
kubectl label pods pod-demo release=canary #打标签
kubectl get pods -l app --show-labels
kubectl label pods pod-demo release=stable --overwrite #改标签
kubectl get pods -l release,app
kubectl get pods -l release=stable --show-labels
kubectl get pods -l release=stable,app=myapp
kubectl get pods -l "release in (canary,beta,alpha)"
kubectl get pods -l "release notin (canary,beta,alpha)"
kubectl get nodes --show-labels #标签前缀必须为域名(最长为253个字符),如beta.kubernetes.io
kubectl label nodes mode01.magedu.com disktype=ssd #给节点打标签,添加资源时可让资源对节点有倾向性
kubectl delete -f pod-demo.yaml
kubectl create -f pod-demo.yaml
kubectl describe pods pod-demo #查看pod是否在指定标签disktype=ssd上,查看Annotations
kubectl describe pods pod-demo
例:
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
annotations:
magedu.com/created-by: cluster admin
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- "/bin/sh"
- "-c"
- "sleep 3600"
nodeSelector:
disktype: ssd
pod的生命周期:
1个容器内部可运行多个进程,一般我们只运行1个进程;
1个Pod内部可运行多个容器(主容器和side car容器),一般我们只运行1个容器;
init container,初始化容器,依次串行执行;
main container,主容器运行前后有,post start和pre stop,可理解为2个钩子,类似awk的begin和end;主容器运行过程中有,linveness probe存活状态检测和readiness probe就绪状态(容器中的主进程是否准备就绪可对外提供服务)检测,3种探测行为,执行自定义命令ExecAction|向指定的套接字发请求TCPSocketAction|向指定的http服务发请求HTTPGetAction;
注:docker中没有liveness probe,因为一旦进程退出容器就不在;k8s中有这2种探测,pod中可有多个容器;
pod状态:
pending挂起,条件不满足,调度没完成,如pod-demo创建后没有标签为disktype: ssd的节点;
running,
failed,
succeeded,
unknown,
创建pod,经历如下阶段,
用户请求-->apiserver-->目标状态保存到etcd中,
apiserver-->schedule-->调度成功的结果保存到etcd中;
目标节点的kubelet通过apiserver知道有个新任务给它,在它的节点上创建并启动pod,执行成功或失败的状态发给apiserver-->etcd中;
pod的终止,pod发生故障或异常,应平滑终止,向pod内的每个容器发送term信号,有宽限期一般是30s,时间到了还没结束,再发送kill信号;
探针类型有3种:
ExecAction,exec;
TCPSocketAction,tcpSocket;
HTTPGetAction,httpGet;
kuberctl explain pods.spec.containers.livenessProbe
livenessProbe <Object> #exec|httpGet|tcpSocket,只需定义1种探针,failureThreshold <integer>默认探测3次才算失败,successThreshold默认成功1次,periodSeconds <integer>默认每隔10s探测1次,timeoutSeconds <integer>默认探测1s超时,initialDelaySeconds <integer>确保应用就绪后再探测,第1次探测开始的时间
kubectl explain pods.spec.containers.livenessProbe.exec
command <[]string> #返回0健康,非0不健康
kubectl explain pods.spec.containers.livenessProbe.httpGet
kubectl explain pods.spec.containers.livenessProbe.tcpSocket
例:
vim mainfests/liveness-exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /tmp/healthy;sleep 30; rm -f /tmp/healthy;sleep 3600"]
livenessProbe:
exec:
command: ["test","-e","/tmp/healthy"]
initialDelaySeconds: 2
periodSeconds: 3
kubectl create -f liveness-exec.yaml
kubectl get pods -w #RESTARTS中
kubectl describe pods liveness-execXXXX #看Containers,Restart Count,默认Always会重启
例:
vim mainfests/liveness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
kubectl create -f liveness-httpget.yaml
kubectl describe pods liveness-httpgetXXXX #查看liveness-httpget-container
kubectl exec -it liveness-httpget-pod -- /bin/sh
rm -f /usr/share/nginx/html/index.html
kubectl describe pods liveness-httpget-pod
kubectl get pods #RESTARTS
例:
vim mainfests/readiness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
kubectl create -f readiness-httpget.yaml
kubectl get pods
kubectl exec -it readiness-httpget-pod -- /bin/sh
rm -f /usr/share/nginx/html/index.html
kubectl get pods
例:
kubectl explain pods.spec.containers.lifecycle
kubectl explain pods.spec.containers.lifecycle.postStart #exec|httpGet|tcpSocket
kubectl explain pods.spec.containers.lifecycle.preStop
vim poststart-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: poststart-pod
namespace: default
spec:
containers:
- name: busybox-httpd
image: busybox:latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","mkdir -p /data/web/html; echo home_page > /data/web/html/index.html"]
command: ["/bin/httpd" ]
有问题,此处路径不能依赖postStart中创建的
kubectl create -f poststart-pod.yaml
kubectl delete -f poststart-pod.yaml