2.如何创建一个Pod资源
Pod是Kubernetes中最基本的部署调度单元,可以包含container,逻辑上表示某种应用的一个实例。例如一个web站点应用由前端、后端及数据库构建而成,这三个组件将运行在各自的容器中,那么我们可以创建包含三个container的pod。
创建pod流程:
master节点:kubectl -> kube-api -> kubelet -> CRI容器环境初始化
第一步:
客户端提交创建Pod的请求,可以通过调用API Server的Rest API接口,也可以通过kubectl命令行工具。如kubectl apply -f filename.yaml
(资源清单文件)
第二步:
apiserver接收到pod创建请求后,会将yaml中的属性信息(metadata)写入etcd。
第三步:
apiserver触发watch机制准备创建pod,信息转发给调度器scheduler,调度器使用调度算法选择node,调度器将node信息给apiserver,
apiserver将绑定的node信息写入etcd
调度器用一组规则过滤掉不符合要求的主机。比如Pod指定了所需要的资源量,那么可用资源比Pod需要的资源量少的主机会被过滤掉。
scheduler 查看 k8s api ,类似于通知机制。
首先判断:pod.spec.Node == null?
若为null,表示这个Pod请求是新来的,需要创建;因此先进行调度计算,找到最“闲”的node。
然后将信息在etcd数据库中更新分配结果:pod.spec.Node = nodeA (设置一个具体的节点)
ps:同样上述操作的各种信息也要写到etcd数据库中中
第四步:
apiserver又通过watch机制,调用kubelet,指定pod信息,调用Docker API创建并启动pod内的容器。
第五步:
创建完成之后反馈给kubelet, kubelet又将pod的状态信息给apiserver,
apiserver又将pod的状态信息写入etcd。
2.1 资源清单YAML文件书写技巧
apiVersion: v1 #api版本
kind: Pod #创建的资源
metadata:
name: tomcat-test #Pod的名字
namespace: default #Pod所在的名称空间
labels:
app: tomcat #Pod具有的标签
spec:
containers:
- name: tomcat-java #Pod里容器的名字,这里必须要用-,不加就报错
ports:
- containerPort: 8080 #容器暴露的端口,这里必须要用-,不加就报错
image: tomcat-8.5-jre8:v1 #容器使用的镜像
imagePullPolicy: IfNotPresent #镜像拉取策略
#更新资源清单文件
kubectl apply -f pod-tomcat.yaml
Pod资源清单编写技巧
通过kubectl explain 查看定义Pod资源包含哪些字段。
pod
[root@k8s01 ~]# kubectl explain pods
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
#[Pod是可以在主机上运行的容器的集合。此资源是由客户端创建并安排到主机上。]
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
#[APIVersion定义了对象,代表了一个版本。]
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
#[Kind是字符串类型的值,代表了要创建的资源。服务器可以从客户端提交的请求推断出这个资源。]
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
#[metadata是对象,定义元数据属性信息的]
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
#[spec制定了定义Pod的规格,里面包含容器的信息]
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
#[status表示状态,这个不可以修改,定义pod的时候也不需要定义这个字段]
metadata
#查看pod.metadata字段如何定义
[root@k8s01 ~]# kubectl explain pod.metadata
KIND: Pod
VERSION: v1
RESOURCE: metadata <Object>
# metadata是对象<Object>,下面可以有多个字段
DESCRIPTION:
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
FIELDS:
annotations <map[string]string>
Annotations is an unstructured key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying objects. More
info: http://kubernetes.io/docs/user-guide/annotations
# annotations是注解,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型的
"metadata": {
"annotations": {
"key1" : "value1",
"key2" : "value2"
}
}
用Annotation来记录的信息包括:
build信息、release信息、Docker镜像信息等,例如时间戳、release id号、镜像hash值、docker registry地址等;
日志库、监控库、分析库等资源库的地址信息;
程序调试工具信息,例如工具名称、版本号等;
团队的联系信息,例如电话号码、负责人名称、网址等。
clusterName <string>
The name of the cluster which the object belongs to. This is used to
distinguish resources with same name and namespace in different clusters.
This field is not set anywhere right now and apiserver is going to ignore
it if set in create or update request.
#对象所属群集的名称。这是用来区分不同集群中具有相同名称和命名空间的资源。此字段现在未设置在任何位置,apiserver将忽略它,如
果设置了就使用设置的值
creationTimestamp <string>
deletionGracePeriodSeconds <integer>
deletionTimestamp <string>
finalizers <[]string>
generateName <string>
generation <integer>
labels <map[string]string> #创建的资源具有的标签
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services. More info: http://kubernetes.io/docs/user-guide/labels
#labels是标签,labels是map类型,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型的
managedFields <[]Object>
name <string> #创建的资源的名字
namespace <string> #创建的资源所属的名称空间
Namespace defines the space within which each name must be unique. An empty
namespace is equivalent to the "default" namespace, but "default" is the
canonical representation. Not all objects are required to be scoped to a
namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces
# namespaces划分了一个空间,在同一个namesace下的资源名字是唯一的,默认的名称空间是default。
ownerReferences <[]Object>
resourceVersion <string>
selfLink <string>
uid <string>
spec
#查看pod.spec字段如何定义
[root@k8s01 ~]# kubectl explain pod.spec
KIND: Pod
VERSION: v1
RESOURCE: spec <Object>
DESCRIPTION:
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
PodSpec is a description of a pod.
#Pod的spec字段是用来描述Pod的
FIELDS:
activeDeadlineSeconds <integer>
#表示Pod可以运行的最长时间,达到设置的值后,Pod会自动停止。
affinity <Object>
#定义亲和性的
automountServiceAccountToken <boolean>
containers <[]Object> -required-
#containers是对象列表,用来定义容器的,是必须字段。对象列表 表示下面有很多对象,对象列表下面的内容用 - 连接。
dnsConfig <Object>
dnsPolicy <string>
enableServiceLinks <boolean>
ephemeralContainers <[]Object>
hostAliases <[]Object>
hostIPC <boolean>
hostNetwork <boolean>
hostPID <boolean>
hostname <string>
imagePullSecrets <[]Object>
initContainers <[]Object>
nodeName <string>
nodeSelector <map[string]string>
overhead <map[string]string>
preemptionPolicy <string>
priority <integer>
priorityClassName <string>
readinessGates <[]Object>
restartPolicy <string>
runtimeClassName <string>
schedulerName <string>
securityContext <Object>
serviceAccount <string>
serviceAccountName <string>
setHostnameAsFQDN <boolean>
shareProcessNamespace <boolean>
subdomain <string>
terminationGracePeriodSeconds <integer>
tolerations <[]Object>
topologySpreadConstraints <[]Object>
volumes <[]Object>
containers
#查看pod.spec.containers字段如何定义
[root@k8s01 ~]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
#container是定义在pod里面的,一个pod至少要有一个容器。
FIELDS:
args <[]string>
command <[]string>
env <[]Object>
envFrom <[]Object>
image <string>
#image是用来指定容器需要的镜像的
imagePullPolicy <string>
#镜像拉取策略,pod是要调度到node节点的,那pod启动需要镜像,可以根据这个字段设置镜像拉取策略,支持如下三种:
Always:不管本地是否存在镜像,都要重新拉取镜像
Never: 从不拉取镜像
IfNotPresent:如果本地存在,使用本地的镜像,本地不存在,从官方拉取镜像
lifecycle <Object>
livenessProbe <Object>
name <string> -required-
#name是必须字段,用来指定容器名字的
ports <[]Object>
#port是端口,属于对象列表
readinessProbe <Object>
resources <Object>
securityContext <Object>
startupProbe <Object>
stdin <boolean>
stdinOnce <boolean>
terminationMessagePath <string>
terminationMessagePolicy <string>
tty <boolean>
volumeDevices <[]Object>
volumeMounts <[]Object>
workingDir <string>
container.ports
#查看pod.spec.container.ports字段如何定义
[root@k8s01 ~]# kubectl explain pod.spec.containers.ports
KIND: Pod
VERSION: v1
RESOURCE: ports <[]Object>
DESCRIPTION:
List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
FIELDS:
containerPort <integer> -required-
Number of port to expose on the pod's IP address. This must be a valid port
number, 0 < x < 65536.
#containerPort是必须字段, pod中的容器需要暴露的端口。
hostIP <string>
What host IP to bind the external port to.
#将容器中的服务暴露到宿主机的端口上时,可以指定绑定的宿主机 IP。
hostPort <integer>
Number of port to expose on the host. If specified, this must be a valid
port number, 0 < x < 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
#容器中的服务在宿主机上映射的端口
name <string>
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
#端口的名字
protocol <string>
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
2.2 通过资源清单文件创建第一个Pod
[root@k8s01 ~]# cat pod-first.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-first
namespace: default
labels:
app: tomcat-pod-first
spec:
containers:
- name: tomcat-first
ports:
- containerPort: 8080
image: tomcat:8.5-jre8-alpine
imagePullPolicy: IfNotPresent
#更新资源清单文件
kubectl apply -f pod-first.yaml
#查看pod是否创建成功
[root@k8s01 ~]# kubectl get pods -l app=tomcat-pod-first -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-first 1/1 Running 0 2m6s 10.244.236.136 k8s02 <none> <none>
#查看pod日志
kubectl logs pod-first
#查看pod里指定容器的日志
kubectl logs pod-first -c tomcat-first
#进入到刚才创建的pod,刚才创建的pod名字是web
kubectl exec -it pod-first -- /bin/bash
#假如pod里有多个容器,进入到pod里的指定容器,按如下命令:
kubectl exec -it pod-first -c tomcat-first -- /bin/bash
我们上面创建的pod是一个自主式pod,也就是通过pod创建一个应用程序,如果pod出现故障停掉,那么我们通过pod部署的应用也就会停掉
,不安全, 还有一种控制器管理的pod,通过控制器创建pod,可以对pod的生命周期做管理,可以定义pod的副本数,如果有一个pod意外停
掉,那么会自动起来一个pod替代之前的pod
2.3 通过kubectl run创建Pod
kubectl run tomcat --image=tomcat-8.5-jre8:v1 --image-pull-policy='IfNotPresent' --port=8080标签:kubectl,创建,spec,port,pod,k8s,Pod,metadata From: https://blog.51cto.com/u_13236892/5777514