kubernetes资源清单
1、K8S中的资源
集群资源分类
名称空间级别:
工作负载型资源( workload ): Pod、 Repl icaSet、Deployment. StatefulSet、 DaemonSet、 Job、CronJob ( Repl icationController在v1. 11版本被废弃)
服务发现及负载均衡型资源( ServiceDi scovery LoadBalance ): Service、 Ingress、 ...
配置与存储型资源: Volume( 存储卷)、CSI(容器存储接口,可以扩展各种各样的第三方存储卷)
特殊类型的存储卷: Confi gMap(当配置中心来使用的资源类型)、Secret (保存敏感数据)、DownwardAPI (把外部环境中的信息输出给容器)
集群级资源:Narlespace、 Node、 Role、 ClusterRole、Rol eBinding、ClusterRoleBinding
元数据型资源:HPA、PodTemplate、 Limi tRange
K8s中所有的内容都抽象为资源,资源实例化之后, 叫做对象
2、资源清单
在k8s中,一般使用 yaml格式的文件来创建符合我们预期期望的pod,这样的yaml文件我们一般称为资源清单
3、常用字段解释说明
必须存在的属性
| 参数名 | 字段类型 | 说明 |
|---|---|---|
| version | String | 这里是指的是K8S API的版本,目前基本.上是v1,可以用kubectl api-versions命令查询 |
| kind | String | 这里指的是yamI文件定义的资源类型和角色,比如: Pod |
| metadata | Object | 元数据对象,固定值就写metadata |
| metadata.name | String | 元数据对象的名字,这里由我们编写,比如命名Pod的名字 |
| metadata.namespace | String | 元数据对象的命名空间,由我们自身定义 |
| Spec | Object | 详细定义对象,固定值就写Spec |
| spec.containers[] | list | 这里是Spec对象的容器列表定义,是个列表 |
| spec.containers[].name | String | 这里定义容器的名字 |
| spec.containers[].image | String | 这里定义要用到的镜像名称 |
主要对象
| 参数名 | 字段类型 | 说明 |
|---|---|---|
| spec.containers[].name | String | 定义容器的名字 |
| spec.containers[].image | String | 定义要用到的镜像名称 |
| spec.containers[].imagePullPolicy | String | 定义镜像拉取策略,有Always、 Never、IfNotPresent三个值可选(1) Always: 意思是每次都尝试重新拉取镜像(2) Never: 表示仅使用本地镜像(3) IfNotPresent: 如果本地有镜像就使用本地镜像,没有就拉取在线镜像。上面三个值都没设置的话,默认是Always. |
| spec.containers[].command | List | 指定容器启动命令,因为是数组可以指定多个,不指定则使用镜像打包时使用的启动命令。 |
| spec.containers[].args[] | List | 指定容器启动命令参数,因为是数组可以指定多个。 |
| spec.containers[].workingDir | String | 指定容器的工作目录 |
| spec.containers[] volumeMounts[] | List | 指定容器内部的存储卷配置 |
| spec.containers[].volumeMounts[].name | String | 指定可以被容器挂载的存储卷的名称 |
| spec.containers[].volumeMounts[].mountPath | String | 指定可以被容器挂载的存储卷的路径 |
| spec.containers[].volumeMounts[].readOnly | String | 设置存储卷路径的读写模式,ture 或者false,默认为读写模式 |
| spec.containers[].ports[] | List | 指定容器需要用到的端口列表 |
| spec.containers[].ports[].name | String | 指定端口名称; |
| spec.containers[].ports[].containerPort | String | 指定容器需要监听的端口号 |
| spec.containers[].ports[].hostPort | String | 指定容器所在主机需要监听的端口号,默认跟;上面containerPort相同,注意设置了hostPort同一台主机无法启动该容器的相同副本(因为主机的端口号不能相同,这样会冲突) |
| spec.containers[].ports[].protocol | String | 指定端口协议,支持TCP和UDP,默认值为TCP |
| spec.containers[].env[] | List | 指定容器运行前需设置的环境变量列表 |
| spec.containers[].env[].name | String | 指定环境变量名称 |
| spec.containers[].env[].value | String | 指定环境变量值 |
| spec.containers[].resources | Object | 指定资源限制和资源请求的值(这里开始就是设置容器的资源上限) |
| spec.containers[].resources.limits | Object | 指定设置容器运行时资源的运行上限 |
| spec.containers[].resources.imits.cpu | String | 指定CPU的限制,单位为core数, 将用于docker run --cpu-shares参数 (这里前面文章Pod资源限制有讲过) |
| spec.containers[].resources.limits.memory | String | 指定MEM内存的限制,单位为MIB、GiB |
| spec.containers[].resources.requests | Object | 指定容器启动和调度时的限制设置 |
| spec.containers[].resources.requests.cpu | String | CPU请求,单位为core数, 容器启动时初始化可用数量 |
| spec.containers[].resources.requests.memory | String | 内存请求,单位为MIB、GiB, 容器启动的初始化可用数量 |
额外的参数项
| 参数名 | 字段类型 | 说明 |
|---|---|---|
| spec.restartPolicy | String | 定义Pod的重启策略,可选值为Always、OnFailure, 默认值为Always. 1.Always: Pod一旦终止运行,则无论容器是如何终止的,kubelet服务都将重启它。 2.OnFailure:只有Pod以非零退出码终止时,kubelet才 会重启该容器。如果容器正常结束(退出码为0),则kubelet将不会重启它。 3. Never: Pod终止后,kubelet将退出码报告给Master,不会重启该Pod. |
| spec.nodeSelector | Object | 定义Node的L abel过滤标签,以key:value格式指定 |
| spec.imagePullSecrets | Object | 定义pul镜像时使用secret名称,以name:secretkey格式指定 |
| spec.hostNetwork | Boolean | 定义是否使用主机网络模式,默认值为false。设置true表示使用宿主机网络,不使用docker网桥,同时设置了true将无法在同一台宿主机上启动第二个副本。 |
pod 模板
[root@k8s-master01 ~]# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
[root@k8s-master01 ~]# kubectl explain pod.apiVersion
KIND: Pod
VERSION: v1
FIELD: apiVersion <string>
DESCRIPTION:
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
编写一个pod模板
vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
version: v1
spec:
containers:
- name: app
image: hub.atguigu.com/library/myapp:v1
- name: test
image: hub.atguigu.com/library/myapp:v1
运行pod,运行两个一样的,
[root@k8s-master01 ~]# kubectl apply -f pod.yml
pod/myapp-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/2 Error 1 11s
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 18h
nginx-deployment-78b46578cd-r627l 1/1 Running 1 18h
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 18h
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 2/2 Running 2 19s
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 18h
nginx-deployment-78b46578cd-r627l 1/1 Running 1 18h
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 18h
[root@k8s-master01 ~]# kubectl describe pod myapp-pod
Name: myapp-pod
Namespace: default
Priority: 0
Node: k8s-node01/192.168.192.130
Start Time: Fri, 27 May 2022 14:21:19 +0800
Labels: app=myapp
version=v1
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"myapp","version":"v1"},"name":"myapp-pod","namespace":"defau...
Status: Running
IP: 10.244.1.7
Containers:
app:
Container ID: docker://34235fe754a94a46831d0af6de066bbf5f5ae4e79d24c45b234233527dcdacd0
Image: hub.atguigu.com/library/myapp:v1
Image ID: docker-pullable://hub.atguigu.com/library/myapp@sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e
Port: <none>
Host Port: <none>
State: Running
Started: Fri, 27 May 2022 14:21:20 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
test:
Container ID: docker://db23413db42f06e4817b7601faa4ed927cef5df8bfb8ff001581bf4a6cd52721
Image: hub.atguigu.com/library/myapp:v1
Image ID: docker-pullable://hub.atguigu.com/library/myapp@sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e
Port: <none>
Host Port: <none>
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 27 May 2022 14:22:54 +0800
Finished: Fri, 27 May 2022 14:22:57 +0800
Ready: False
Restart Count: 4
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-2k8kw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-2k8kw
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m14s default-scheduler Successfully assigned default/myapp-pod to k8s-node01
Normal Pulled 2m13s kubelet, k8s-node01 Container image "hub.atguigu.com/library/myapp:v1" already present on machine
Normal Created 2m13s kubelet, k8s-node01 Created container app
Normal Started 2m13s kubelet, k8s-node01 Started container app
Normal Pulled 39s (x5 over 2m13s) kubelet, k8s-node01 Container image "hub.atguigu.com/library/myapp:v1" already present on machine
Normal Created 39s (x5 over 2m13s) kubelet, k8s-node01 Created container test
Normal Started 39s (x5 over 2m12s) kubelet, k8s-node01 Started container test
Warning BackOff 35s (x7 over 2m7s) kubelet, k8s-node01 Back-off restarting failed container
# 查看容器日志,加-c指定容器名称
[root@k8s-master01 ~]# kubectl log myapp-pod -c test
log is DEPRECATED and will be removed in a future version. Use logs instead.
2022/05/27 06:32:21 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2022/05/27 06:32:21 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2022/05/27 06:32:21 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2022/05/27 06:32:21 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2022/05/27 06:32:21 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
2022/05/27 06:32:21 [emerg] 1#1: still could not bind()
nginx: [emerg] still could not bind()
修改pod.yml文件
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
version: v1
spec:
containers:
- name: app
image: hub.atguigu.com/library/myapp:v1
删除原来的pod
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/2 CrashLoopBackOff 9 23m
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 19h
nginx-deployment-78b46578cd-r627l 1/1 Running 1 19h
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 19h
[root@k8s-master01 ~]# kubectl delete pod myapp-pod
pod "myapp-pod" deleted
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 19h
nginx-deployment-78b46578cd-r627l 1/1 Running 1 19h
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 19h
再次运行
[root@k8s-master01 ~]# kubectl create -f pod.yml
pod/myapp-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 0 9s
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 19h
nginx-deployment-78b46578cd-r627l 1/1 Running 1 19h
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 19h
[root@k8s-master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-pod 1/1 Running 0 40s 10.244.1.8 k8s-node01 <none> <none>
nginx-deployment-78b46578cd-4g4cb 1/1 Running 1 19h 10.244.2.4 k8s-node02 <none> <none>
nginx-deployment-78b46578cd-r627l 1/1 Running 1 19h 10.244.1.5 k8s-node01 <none> <none>
nginx-deployment-78b46578cd-vvkd6 1/1 Running 1 19h 10.244.1.6 k8s-node01 <none> <none>
[root@k8s-master01 ~]# curl 10.244.1.8
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
4、容器生命周期
init容器
Pod能够具有多个容器,应用运行在容器里面,但是它也可能有一“个或多个先于应用容器启动的Init容器
Init容器与普通的容器非常像,除了如下两点:
➢Init 容器总是运行到成功完成为止
➢每个Init容器都必须在下一一个Init容器启动之前成功完成
如果Pod的Init容器失败,Kubernetes 会不断地重启该Pod,直到Init容器成功为止。然而,如果Pod对应的restartPolicy 为Never,它不会重新启动
init容器的作用
因为Init 容器具有与应用程序容器分离的单独镜像,所以它们的启动相关代码具有如下优势:
➢它们可以包含并运行实用工具,但是出于安全考虑,是不建议在应用程序容器镜像中包含这些实用工具的
➢它们可以包含使用工具和定制化代码来安装,但是不能出现在应用程序镜像中。例如,创建镜像没必要FROM另. 个镜像,只需要在安装过程中使用类似sed、awk、 python 域dig这样的上具。
➢应用程序镜像可以分离出创建和部署的角色,而没有必要联合它们构建-一个单独的镜像。
➢Init容器使用Linux Namespace, 所以相对应用程序容器来说具有不同的文件系统视图。因此,它们能够具有访问Secret 的权限,而应用程序容器则不能。
➢它们必须在应川程序容器启动之前运行完成,而应川程序容器是并行运行的,所以Init容器能够提供了一种简单的阳塞或延迟应川容器的启动的方法,直到满足了一组先决条件。
演示实例
init容器
创建init-pod.yml模板文件
vi init-pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init-myservice
image: busybox
command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2;done;']
- name: init-mydb
image: busybox
command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
node01、node02下载镜像
docker pull busybox
master主机,删除所有运行的pod
[root@k8s-master01 ~]# kubectl delete deployment --all
deployment.extensions "nginx-deployment" deleted
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 0 6h26m
[root@k8s-master01 ~]# kubectl delete pod --all
pod "myapp-pod" deleted
[root@k8s-master01 ~]# kubectl get pod
No resources found.
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d1h
nginx-deployment NodePort 10.97.63.227 <none> 30000:30607/TCP 25h
[root@k8s-master01 ~]# kubectl delete svc nginx-deployment
service "nginx-deployment" deleted
删除后创建pod
[root@k8s-master01 ~]# kubectl create -f init-pod.yml
pod/myapp-pod created
[root@k8s-master01 ~]# kubectl describe pod myapp-pod
Name: myapp-pod
Namespace: default
Priority: 0
Node: k8s-node01/192.168.192.130
Start Time: Fri, 27 May 2022 22:51:45 +0800
Labels: app=myapp
Annotations: <none>
Status: Pending
IP: 10.244.1.12
Init Containers:
init-myservice:
Container ID: docker://69d3feb177f4ce1b20820a27f70904fecbede35f8a8b86565c5bf4d647082cba
Image: busybox
Image ID: docker-pullable://busybox@sha256:ebadf81a7f2146e95f8c850ad7af8cf9755d31cdba380a8ffd5930fba5996095
Port: <none>
Host Port: <none>
Command:
sh
-c
until nslookup myservice; do echo waiting for myservice; sleep 2;done;
State: Running
Started: Fri, 27 May 2022 22:52:07 +0800
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
init-mydb:
Container ID:
Image: busybox
Image ID:
Port: <none>
Host Port: <none>
Command:
sh
-c
until nslookup mydb; do echo waiting for mydb; sleep 2; done;
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Containers:
myapp-container:
Container ID:
Image: busybox
Image ID:
Port: <none>
Host Port: <none>
Command:
sh
-c
echo The app is running! && sleep 3600
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Conditions:
Type Status
Initialized False
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-2k8kw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-2k8kw
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 31s default-scheduler Successfully assigned default/myapp-pod to k8s-node01
Normal Pulling 30s kubelet, k8s-node01 Pulling image "busybox"
Normal Pulled 9s kubelet, k8s-node01 Successfully pulled image "busybox"
Normal Created 9s kubelet, k8s-node01 Created container init-myservice
Normal Started 9s kubelet, k8s-node01 Started container init-myservice
# 查看日志
[root@k8s-master01 ~]# kubectl log myapp-pod -c init-myservice
waiting for myservice
Server: 10.96.0.10
Address: 10.96.0.10:53
** server can't find myservice.default.svc.cluster.local: NXDOMAIN
*** Can't find myservice.svc.cluster.local: No answer
*** Can't find myservice.cluster.local: No answer
*** Can't find myservice.default.svc.cluster.local: No answer
*** Can't find myservice.svc.cluster.local: No answer
*** Can't find myservice.cluster.local: No answer
waiting for myservice
创建myservice.yml模板
vi myservice.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9376
创建mydb.yml模板
vi mydb.yml
kind: Service
apiVersion: v1
metadata:
name: mydb
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9377
创建myservice pod
[root@k8s-master01 ~]# kubectl create -f myservice.yml
service/myservice created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 Init:0/2 0 14m
# 等一会,再看,有一个启动初始化成功
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 Init:1/2 0 14m
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d3h
myservice ClusterIP 10.105.235.164 <none> 80/TCP 2m7s
[root@k8s-master01 ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5c98db65d4-4kj2t 1/1 Running 4 2d3h
coredns-5c98db65d4-7zsr7 1/1 Running 4 2d3h
etcd-k8s-master01 1/1 Running 5 2d3h
kube-apiserver-k8s-master01 1/1 Running 5 2d3h
kube-controller-manager-k8s-master01 1/1 Running 4 2d3h
kube-flannel-ds-amd64-5chsx 1/1 Running 4 2d1h
kube-flannel-ds-amd64-8bxpj 1/1 Running 5 2d1h
kube-flannel-ds-amd64-g4gh9 1/1 Running 4 2d1h
kube-proxy-cznqr 1/1 Running 4 2d1h
kube-proxy-mcsdl 1/1 Running 4 2d1h
kube-proxy-t7v46 1/1 Running 4 2d3h
kube-scheduler-k8s-master01 1/1 Running 4 2d3h
创建mydb pod
[root@k8s-master01 ~]# kubectl create -f mydb.yml
service/mydb created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 Init:1/2 0 18m
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 PodInitializing 0 19m
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 ImagePullBackOff 0 19m
# 查看报错原因:k8s-node01下载busybox镜像失败了
[root@k8s-master01 ~]# kubectl describe pod myapp-pod
Name: myapp-pod
Namespace: default
Priority: 0
Node: k8s-node01/192.168.192.130
Start Time: Fri, 27 May 2022 22:51:45 +0800
Labels: app=myapp
Annotations: <none>
Status: Running
IP: 10.244.1.12
Init Containers:
init-myservice:
Container ID: docker://69d3feb177f4ce1b20820a27f70904fecbede35f8a8b86565c5bf4d647082cba
Image: busybox
Image ID: docker-pullable://busybox@sha256:ebadf81a7f2146e95f8c850ad7af8cf9755d31cdba380a8ffd5930fba5996095
Port: <none>
Host Port: <none>
Command:
sh
-c
until nslookup myservice; do echo waiting for myservice; sleep 2;done;
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 27 May 2022 22:52:07 +0800
Finished: Fri, 27 May 2022 23:06:34 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
init-mydb:
Container ID: docker://bc055644ff837f1b592b94ccf04749874ccc4b2792e55277895f823853dd8582
Image: busybox
Image ID: docker-pullable://busybox@sha256:ebadf81a7f2146e95f8c850ad7af8cf9755d31cdba380a8ffd5930fba5996095
Port: <none>
Host Port: <none>
Command:
sh
-c
until nslookup mydb; do echo waiting for mydb; sleep 2; done;
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 27 May 2022 23:07:06 +0800
Finished: Fri, 27 May 2022 23:10:48 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Containers:
myapp-container:
Container ID: docker://4663a37aac2121ebbfd52f0dda1ddf9833a6cdd2f65cee8f4c44d9b40f1fa437
Image: busybox
Image ID: docker-pullable://busybox@sha256:ebadf81a7f2146e95f8c850ad7af8cf9755d31cdba380a8ffd5930fba5996095
Port: <none>
Host Port: <none>
Command:
sh
-c
echo The app is running! && sleep 3600
State: Running
Started: Fri, 27 May 2022 23:12:16 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-2k8kw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-2k8kw
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 22m default-scheduler Successfully assigned default/myapp-pod to k8s-node01
Normal Pulling 22m kubelet, k8s-node01 Pulling image "busybox"
Normal Pulled 22m kubelet, k8s-node01 Successfully pulled image "busybox"
Normal Started 22m kubelet, k8s-node01 Started container init-myservice
Normal Created 22m kubelet, k8s-node01 Created container init-myservice
Normal Pulling 7m35s kubelet, k8s-node01 Pulling image "busybox"
Normal Pulled 7m4s kubelet, k8s-node01 Successfully pulled image "busybox"
Normal Created 7m4s kubelet, k8s-node01 Created container init-mydb
Normal Started 7m4s kubelet, k8s-node01 Started container init-mydb
Warning Failed 3m4s kubelet, k8s-node01 Failed to pull image "busybox": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/library/busybox/manifests/latest: net/http: TLS handshake timeout
Warning Failed 2m33s kubelet, k8s-node01 Failed to pull image "busybox": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout
Warning Failed 2m33s (x2 over 3m4s) kubelet, k8s-node01 Error: ErrImagePull
Normal BackOff 2m18s (x2 over 3m4s) kubelet, k8s-node01 Back-off pulling image "busybox"
Warning Failed 2m18s (x2 over 3m4s) kubelet, k8s-node01 Error: ImagePullBackOff
Normal Pulling 2m3s (x3 over 3m22s) kubelet, k8s-node01 Pulling image "busybox"
Normal Pulled 115s kubelet, k8s-node01 Successfully pulled image "busybox"
Normal Created 115s kubelet, k8s-node01 Created container myapp-container
Normal Started 114s kubelet, k8s-node01 Started container myapp-container
[root@k8s-master01 ~]#
在node01上重新下载busybox镜像,最好就是在下载镜像的时候指定版本号
[root@k8s-node01 ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
Digest: sha256:ebadf81a7f2146e95f8c850ad7af8cf9755d31cdba380a8ffd5930fba5996095
Status: Image is up to date for busybox:latest
再到master主机上查看,成功了
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 0 25m
特殊说明
- 在Pod启动过程中,InitI容器会按顺序在网络和数据卷初始化(pause)之后启动。每个容器必须在下一个容器启动之前成功退出
- 如果由于运行时或失败退出,将导致容器启动失败,它会根据Pod的restartPolicy指定的策略进行重试。然而,如果Pod的restartPolicy 设置为Always, Init 容器失败时会使用RestartPolicy策略
- 在所有的Init 容器没有成功之前,Pod 将不会变成Ready状态。Init 容器的端口将不会在Service中进行聚集。正在 初始化中的Pod处于Pending 状态,但应该会将Initializing 状态设置为true
- 如果Pod重启,所有Init 容器必须重新执行
- 对Init 容器spec 的修改被限制在容器image 字段,修改其他字段都不会生效。更改Init容器的image 字段,等价于重启该Pod
[root@k8s-master01 ~]# kubectl edit pod myapp-pod
- Init容器具有应用容器的所有字段。除了readinessProbe, 因为Init 容器无法定义不同于完成(completion)的就绪(readiness) 之外的其他状态。这会在验证过程中强制执行
- 在Pod中的每个app 和Init 容器的名称必须唯一; 与任何其它容器共享同一一个名称,会在验证时抛出错误
容器探针
探针是由kubeIet 对容器执行的定期诊断。要执行诊断,kubelet 调用由容器实现的Handler. 有三种类型的处理程序:
➢ExecAction:在容器内执行指定命令。如果命令退出时返回码为0则认为诊断成功。
➢TCPSocketAction: 对指定端口上的容器的IP地址进行TCP检查。如果端口打开,则诊断被认为是成功的。
➢HTTPGetAction: 对指定的端口和路径上的容器的IP 地址执行HTTP Get请求。如果响应的
状态码大于等于200且小于400, 则诊断被认为是成功的每次探测都将获得以下三种结果之一:
➢成功:容器通过了诊断.
➢失败:容器未通过诊断。
➢未知:诊断失败,因此不会采取任何行动
探测方式
探测方式
- livenessProbe:指示容器是否正在运行。如果存活探测失败,则kubelet 会杀死容器,并且容器将受到其重启策略的影响。如果容器不提供存活探针,则默认状态为Success
- readinessProbe:指示容器是否准备好服务请求。如果就绪探测失败,端点控制器将从与Pod匹配的所有Service的端点中删除该Pod的IP地址。初始延迟之前的就绪状态默认为Failure.如果容器不提供就绪探针,则默认状态为Success
Pod hook
Pod hook (伪子)是由Kubernetes 管理的kubelet 发起的,当容器中的进程启动前或者容器中的进程终止之前运行,这是包含在容器的生命周期之中。可以同时为Pod中的所有容器都配置hook Hook的类型包括两种:
- exec:执行一段命令
- HTTP:发送HTTP请求
重启策略
PodSpec中有一个 restartPolicy 字段,可能的值为Always、OnFailure 和Never.默认为Always. restartPolicy 适用于Pod中的所有容器。restartPolicy 仅指通过同一节点上的kubelet重新启动容器。失败的容器由kubelet以五分钟为上限的指数退避延迟(10秒,20秒,40秒…)重新启动,并在成功执行十分钟后重置。如Pod文档中所述,一 旦绑定到-一个节点,Pod将永远不会重新绑定到另一个节点.
检测探针-就绪检测
readinessProbe-httpget
vi read.yml
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: hub.atguigu.com/library/myapp:v1
imagePullPolicy: IfNotPresent
readinessProbe:
httpGet:
port: 80
path: /index1.html
initialDelaySeconds: 1
periodSeconds: 3
创建pod
[root@k8s-master01 ~]# kubectl create -f read.yaml
pod/readiness-httpget-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 1 2d11h
readiness-httpget-pod 0/1 Running 0 106s
[root@k8s-master01 ~]# kubectl describe pod readiness-httpget-pod
Name: readiness-httpget-pod
Namespace: default
Priority: 0
Node: k8s-node01/192.168.192.130
Start Time: Mon, 30 May 2022 09:58:03 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.1.14
Containers:
readiness-httpget-container:
Container ID: docker://a918ab6a1a399593e81b7eb49ef1e7cfd95e679b8d48d2b9d260928368a06a25
Image: hub.atguigu.com/library/myapp:v1
Image ID: docker-pullable://hub.atguigu.com/library/myapp@sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e
Port: <none>
Host Port: <none>
State: Running
Started: Mon, 30 May 2022 09:58:05 +0800
Ready: False
Restart Count: 0
Readiness: http-get http://:80/index1.html delay=1s timeout=1s period=3s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-2k8kw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-2k8kw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-2k8kw
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m47s default-scheduler Successfully assigned default/readiness-httpget-pod to k8s-node01
Normal Pulled 2m45s kubelet, k8s-node01 Container image "hub.atguigu.com/library/myapp:v1" already present on machine
Normal Created 2m45s kubelet, k8s-node01 Created container readiness-httpget-container
Normal Started 2m45s kubelet, k8s-node01 Started container readiness-httpget-container
Warning Unhealthy 99s (x22 over 2m42s) kubelet, k8s-node01 Readiness probe failed: HTTP probe failed with statuscode: 404
进入容器
如果只有一个容器就不用指定容器名称,多个就需要指定加-c 容器名称
[root@k8s-master01 ~]# kubectl exec readiness-httpget-pod -it -- /bin/sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
50x.html index.html
/usr/share/nginx/html # echo "abc123" >> index1.html
/usr/share/nginx/html # exit
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 1 2d11h
readiness-httpget-pod 1/1 Running 0 8m27s
这就是就绪检测
检测探针-存活检测
livenessProbe-exec
vi live-exec.yml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox
imagePullPolicy: IfNotPresent # 如果本地有就不用远程下载
command: ["/bin/sh", "-c", "touch /tmp/live; sleep 60; rm -rf /tmp/live; sleep 3600"]
livenessProbe:
exec:
command: ["test", "-e", "/tmp/live"] # 检测是否存在,存在返回0
initialDelaySeconds: 1 # 延时1s
periodSeconds: 3 # 重试循环时间3s
创建pod
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 2 2d11h
readiness-httpget-pod 1/1 Running 0 23m
[root@k8s-master01 ~]# kubectl delete pod --all
pod "myapp-pod" deleted
pod "readiness-httpget-pod" deleted
[root@k8s-master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d14h
mydb ClusterIP 10.104.62.254 <none> 80/TCP 2d11h
myservice ClusterIP 10.105.235.164 <none> 80/TCP 2d11h
[root@k8s-master01 ~]# kubectl delete svc mydb myservice
service "mydb" deleted
service "myservice" deleted
[root@k8s-master01 ~]# kubectl create -f live-exec.yml
pod/liveness-exec-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-exec-pod 1/1 Running 0 42s
[root@k8s-master01 ~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
liveness-exec-pod 0/1 CrashLoopBackOff 6 12m
liveness-exec-pod 1/1 Running 7 14m
容器运行60消失,pod重启再次运行容器60秒消失
[root@k8s-master01 ~]# kubectl get pod
'NAME READY STATUS RESTARTS AGE
liveness-exec-pod 0/1 CrashLoopBackOff 7 16m
[root@k8s-master01 ~]# kubectl delete pod --all
pod "liveness-exec-pod" deleted
livenessProbe-httpget
vi live-http.yml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: hub.atguigu.com/library/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 10 # 最大超时时间
创建pod
[root@k8s-master01 ~]# kubectl create -f live-http.yml
pod/liveness-httpget-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 0 10s
[root@k8s-master01 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
liveness-httpget-pod 1/1 Running 0 48s 10.244.1.16 k8s-node01 <none> <none>
[root@k8s-master01 ~]# curl 10.244.1.16/index.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@k8s-master01 ~]# kubectl exec liveness-httpget-pod -it -- /bin/sh
/ # rm -rf /usr/share/nginx/html/index.html
/ # exit
[root@k8s-master01 ~]# curl 10.244.1.16/index.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 1 2m55s
# 再次查看又重启了
[root@k8s-master01 ~]# curl 10.244.1.16/index.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
检测index.html文件没有了,就会删掉容器,pod就会重启
livenessProbe-tcp
vi live-tcp.yml
apiVersion: v1
kind: Pod
metadata:
name: probe-tcp
spec:
containers:
- name: nginx
image: hub.atguigu.com/library/myapp:v1
livenessProbe:
initialDelaySeconds: 5
timeoutSeconds: 1
tcpSocket:
port: 8080
periodSeconds: 3
创建pod
[root@k8s-master01 ~]# kubectl delete pod --all
pod "liveness-httpget-pod" deleted
pod "probe-tcp" deleted
[root@k8s-master01 ~]# kubectl create -f live-tcp.yml
pod/probe-tcp created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
probe-tcp 1/1 Running 1 21s
[root@k8s-master01 ~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
probe-tcp 1/1 Running 5 95s
probe-tcp 0/1 CrashLoopBackOff 5 105s
probe-tcp 1/1 Running 6 3m15s
probe-tcp 0/1 CrashLoopBackOff 6 3m28s
启动以后等待5秒开始检测8080端口,8080端口没有响应,超时时间1s,检测失败就退出了
组合使用
read:这个容器启动的时候,1s以后进行就绪检测,条件就是index1.html文件必须存在,不存在,3s以后再检测一下,如果有的话就进行read状态,不就绪的话状态不改成read
live:这个容器启动的时候,1s以后进行存活检测,不能存活就重启了,存活的状态是不存活的话就干掉了
vi live-http.yml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: hub.atguigu.com/library/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
port: 80
path: /index1.html
initialDelaySeconds: 1
periodSeconds: 3
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 10
创建pod
[root@k8s-master01 ~]# kubectl apply -f live-http.yml
pod/liveness-httpget-pod created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 0/1 Running 0 19s
probe-tcp 0/1 CrashLoopBackOff 17 37m
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 0/1 Running 0 27s
probe-tcp 0/1 CrashLoopBackOff 17 37m
[root@k8s-master01 ~]# kubectl delete pod probe-tcp
pod "probe-tcp" deleted
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 0/1 Running 0 4m28s
[root@k8s-master01 ~]# kubectl exec liveness-httpget-pod -it -- /bin/sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
50x.html index.html
/usr/share/nginx/html # echo "abc123" > index1.html
/usr/share/nginx/html # exit
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 1/1 Running 0 6m3s
[root@k8s-master01 ~]# kubectl exec liveness-httpget-pod -it -- rm -rf /usr/share/nginx/html/index.html
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
liveness-httpget-pod 0/1 Running 1 7m50s
启动、退出动作
vi post.yml
apiVersion: v1
kind: Pod
metadata:
name: lifecycle-demo
spec:
containers:
- name: lifecycle-demo-container
image: hub.atguigu.com/library/myapp:v1
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
preStop:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStop handler > /usr/share/message"]
# command: ["/usr/sbin/nginx", "-s", "quit"]
创建pod
[root@k8s-master01 ~]# kubectl create -f post.yml
pod/lifecycle-demo created
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
lifecycle-demo 1/1 Running 0 6s
liveness-httpget-pod 0/1 Running 2 26m
[root@k8s-master01 ~]# kubectl exec lifecycle-demo -it -- /bin/sh
/ # cat /usr/share/message
Hello from the postStart handler
Pod phase可能存在的值
- 挂起(Pending) : Pod 已被Kubernetes 系统接受,但有一个或者多个容器镜像尚未创建。等待时间包括调度Pod的时间和通过网络下载镜像的时间,这可能需要花点时间
- 运行中(Running):该Pod已经绑定到了一个节点上, Pod中所有的容器都已被创建。至少有一个容器正在运行,或者正处于启动或重启状态
- 成功(Succeeded):Pod中的所有容器都被成功终止,并且不会再重启
- 失败(Failed): Pod中的所有容器都已终止了,并且至少有一个容器是因为失败终止。也就是说,容器以非0状态退出或者被系统终止
- 未知(Unknown):因为某些原因无法取得Pod的状态,通常是因为与Pod所在主机通信失败
遇到问题6:koolshare ping不通外网,master、node01、node01无法联外网
开始192.168.13.0网段不能联网,后来改成了192.168.100.0,就可以了
706
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
