k8s资源之pod全面讲解

最新推荐文章于 2024-05-28 15:26:32 发布
最新推荐文章于 2024-05-28 15:26:32 发布
阅读量593 收藏
点赞数
分类专栏: kubernetes 文章标签: nginx
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/hxpjava1/article/details/103641237
版权

 欢迎关注我的公众号:

 目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:

istio多集群探秘,部署了50次多集群后我得出的结论

istio多集群链路追踪,附实操视频

istio防故障利器,你知道几个,istio新手不要读,太难!

istio业务权限控制,原来可以这么玩

istio实现非侵入压缩,微服务之间如何实现压缩

不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限

不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs

不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了

不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization

不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs

不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs

不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr

不懂envoyfilter也敢说精通istio系列-08-连接池和断路器

不懂envoyfilter也敢说精通istio系列-09-http-route filter

不懂envoyfilter也敢说精通istio系列-network filter-redis proxy

不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager

不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册

 

----------------------------------------------------------------------------------------------------------------------------------------

1)

K8s核心资源,用于运行容器

简称:po

pod可以运行多个容器

Pod中的容器可以共享网络和存储

常用命令:

kubectl create -f nginx-01.yaml 
kubectl apply -f nginx-01.yaml
 kubectl get pod 
kubectl get pod -l name=nginx
kubectl delete pod nginx
kubectl delete pod –all
kubectl get pod -o wide
kubectl edit pod nginx
kubectl get pod nginx -o yaml
Kubectl delete pod –f nginx-01.yaml
kubectl label pod nginx project=web
kubectl annotate pod nginx project=web
kubectl exec -it nginx /bin/bash
kubectl cp default/nginx:/etc/nginx/nginx.conf ~/nginx.conf
 kubectl cp ~/aa default/nginx:/tmp
 kubectl logs nginx

2)Pod生命周期

3)Pod启策略

Pod的重启策略RestartPolicy可能的值为 AlwaysOnFailure Never,默认为 Always

Always:当容器失效时,由kubelet自动重启

OnFailure:当容器终止运行且退出码不为0时,由kubelet自动重启

Never:不论容器运行状态如何都不会重启

4)Pod健康检查

LivenessProbe:存活性探测

ReadnessProbe:就绪性探测
其存活性探测的方法可配置以下三种实现方式:

ExecAction:在容器内执行指定命令。如果命令退出时返回码为 0 则表明容器健康

TCPSocketAction:对指定端口上的容器的 IP 地址进行 TCP 检查。如果能够建立连接,则表明容器健康。

HTTPGetAction:对指定的端口和路径上的容器的 IP 地址执行 HTTP Get 请求。如果响应的状态码大于等于200 且小于 400则表明容器健康

initialDelaySecondstimeoutSeconds参数,分别表示首次检查等待时间以及超时时间

periodSeconds: 15 #检查间隔时间

failureThreshold: 3最大失败次数

successThreshold: 1失败后测试成功的最小连接成功次数

[root@master01 readiness]# cat pod-readiness-exec.yaml 
apiVersion: v1
kind: Pod
metadata:
  labels:
    test: readiness-exec
  name: readiness-exec
spec:
  containers:
  - name: liveness
    image: busybox
    args:
    - /bin/sh
    - -c
    - echo ok > /tmp/health; sleep 10; rm -rf /tmp/health; sleep 600
    readinessProbe:
      exec:
        command:
        - cat
        - /tmp/health
      initialDelaySeconds: 15
      timeoutSeconds: 1
[root@master01 readiness]# cat pod-readiness-http.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-http-healthcheck
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    readinessProbe:
      httpGet:
        path: /_status/healthz
        port: 80
      initialDelaySeconds: 30
      timeoutSeconds: 1
[root@master01 readiness]# cat pod-readiness-tcp.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-tcp-healthcheck
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    readinessProbe:
      tcpSocket:
        port: 80
      initialDelaySeconds: 30
      timeoutSeconds: 1

liveness:

[root@master01 readiness]# cat pod-liveness-exec.yaml 
apiVersion: v1
kind: Pod
metadata:
  labels:
    test: readiness-exec
  name: liveness-exec
spec:
  containers:
  - name: liveness
    image: busybox
    args:
    - /bin/sh
    - -c
    - echo ok > /tmp/health; sleep 10; rm -rf /tmp/health; sleep 600
    livenessProbe:
      exec:
        command:
        - cat
        - /tmp/health
      initialDelaySeconds: 15
      timeoutSeconds: 1

[root@master01 readiness]# cat pod-liveness-http.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-liveness-http
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    livenessProbe:
      httpGet:
        path: /_status/healthz
        port: 80
      initialDelaySeconds: 30
      timeoutSeconds: 1
[root@master01 readiness]# cat pod-liveness-tcp.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-liveness-tcp
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    livenessProbe:
      tcpSocket:
        port: 80
      initialDelaySeconds: 30
      timeoutSeconds: 1

5)imagePullPolicy

个选择AlwaysNeverIfNotPresent,每次启动时检查和更新(从registeryimages的策略, # Always,每次都检查 # Never,每次都不检查(不管本地是否有) # IfNotPresent,如果本地有就不检查,如果没有就拉取

6)资源管理

[root@master01 resources]# cat tomcat.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: volume-pod
spec:
  containers:
  - name: tomcat
    image: tomcat
    ports:
    - containerPort: 8080
    volumeMounts:
    - name: app-logs
      mountPath: /usr/local/tomcat/logs
    resources:
      limits:
        cpu: 0.1
        memory: 100Mi
  - name: busybox
    image: busybox
    command: ["sh", "-c", "tail -f /logs/catalina*.log"]
    volumeMounts:
    - name: app-logs
      mountPath: /logs
  volumes:
  - name: app-logs
    emptyDir: {}
[root@master01 resources]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80        
    resources:
      requests:
        cpu: 0.01
        memory: 1Mi
      limits:
        cpu: 0.5
        memory: 10Mi
r equests
limits
yum -y install httpd -tools
ab -c 500 -n 20000 http://172.20.2.23:8080/index.html

# vim /etc/sysctl.conf 

net.ipv4.tcp_syncookies = 0

# sysctl -p

7)生命周期管理

postStart : # 容器运行之前运行的任务
preStop :# 容器关闭之前运行的任务 

[root@master01 lifecycle]# cat nginx-postStart-exec.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
    lifecycle:
      postStart:
       exec:
         command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]

[root@master01 lifecycle]# cat nginx-preStop-exec.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
    lifecycle:
      preStop:
       exec:
         command: ["/usr/sbin/nginx","-s","quit"]
[root@master01 lifecycle]# cat nginx-preStop-httpGet.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
    lifecycle:
      preStop:
        httpGet:
          host: 192.168.4.170
          path: api/v2/devops/pkg/upload_hooks
          port: 8090

8)Init Container

[root@master01 initContainers]# cat init.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
  labels:
    app: myapp
spec:
  containers:
  - name: myapp-container
    image: busybox
    command: ['sh', '-c', 'echo The app is running! && sleep 3600']
  initContainers:
  - name: init-myservice
    image: busybox
    command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  - name: init-mydb
    image: busybox
    command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']

[root@master01 initContainers]# cat service.yaml 
kind: Service
apiVersion: v1
metadata:
  name: myservice
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9376
---
kind: Service
apiVersion: v1
metadata:
  name: mydb
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9377

9)nodeSelector

[root@master01 nodeSelector]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  nodeSelector:
    zone: node1
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

10)affinity

podAffinity

nodeAffinity

[root@master01 affinity]# cat node-affinity.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: with-node-affinity
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/e2e-az-name
            operator: In
            values:
            - e2e-az1
            - e2e-az2
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 1
        preference:
          matchExpressions:
          - key: type
            operator: In
            values:
            - ssd
  containers:
  - name: with-node-affinity
    image: nginx
    ports:
    - containerPort: 80 
[root@master01 podAffinity]# cat ./*
apiVersion: v1
kind: Pod
metadata:
  name: with-anti-affinity
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - S1
        topologyKey: "kubernetes.io/hostname"
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: security
              operator: In
              values:
              - S2
          topologyKey: kubernetes.io/hostname
  containers:
  - name: with-anti-affinity
    image: nginx
apiVersion: v1
kind: Pod
metadata:
  name: pod-flag-s2
  labels:
    security: "S2"
    app: "nginx"
spec:
  containers:
  - name: nginx
    image: nginx
apiVersion: v1
kind: Pod
metadata:
  name: pod-flag-s1
  labels:
    security: "S1"
    app: "nginx"
spec:
  containers:
  - name: nginx
    image: nginx
apiVersion: v1
kind: Pod
metadata:
  name: pod-affinity
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - S1
        topologyKey: kubernetes.io/hostname
  containers:
  - name: with-pod-affinity
    image: nginx

11)activeDeadlineSeconds

[root@master01 activeDeadlineSeconds]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  activeDeadlineSeconds: 30
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

12)dnsConfig

[root@master01 dnsConfig]# cat dns-example.yaml 
apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: dns-example
spec:
  containers:
    - name: test
      image: busybox
      args:
        - "sh"
        - "-c"
        - "sleep 3600"  
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 114.114.115.115
    searches:
      - ns1.svc.cluster.local
      - my.dns.search.suffix
    options:
      - name: ndots
        value: "2"
      - name: edns0

13)dnsPolicy

None

设置dnsConfig

ClusterFirst

ClusterFirstWithHostNet

Default

[root@master01 dnsPolicy]# cat dns-policy-default.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: dns-example
spec:
  containers:
    - name: test
      image: busybox
      args:
        - "sh"
        - "-c"
        - "sleep 3600"  
  dnsPolicy: "Default"
[root@master01 dnsPolicy]# cat dns-policy-hostNetwork.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: dns-example
spec:
  containers:
    - name: test
      image: busybox
      args:
        - "sh"
        - "-c"
        - "sleep 3600"  
  dnsPolicy: "ClusterFirstWithHostNet"
  hostNetwork: true
14) ephemeralContainers 
[root@master01 ephemeralContainers]# cat ephemeral.json 
{
    "apiVersion": "v1",
    "kind": "EphemeralContainers",
    "metadata": {
            "name": "nginx"
    },
    "ephemeralContainers": [{
        "command": [
            "bash"
        ],
        "image": "shoganator/rpi-alpine-tools",
        "imagePullPolicy": "Always",
        "name": "diagtools",
        "stdin": true,
        "tty": true,
        "terminationMessagePolicy": "File"
    }]
}
kubectl -n default replace --raw / api /v1/namespaces/default/pods/ nginx / ephemeralcontainers -f ./ ephemeral.json
15)hostalias 
[root@master01 hostalias]# cat hostalias.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: hostaliases-pod
spec:
  restartPolicy: Never
  hostAliases:
  - ip: "127.0.0.1"
    hostnames:
    - "foo.local"
    - "bar.local"
  - ip: "10.1.2.3"
    hostnames:
    - "foo.remote"
    - "bar.remote"
  containers:
  - name: cat-hosts
    image: nginx 
    command:
    - cat
    args:
    - "/etc/hosts"

16)hostname

[root@master01 hostname]# cat hostname.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: hostname-pod
spec:
  restartPolicy: Never
  hostname: mark
  containers:
  - name: cat-hosts
    image: nginx 
    command:
    - hostname

17)nodeName

[root@master01 nodename]# cat nodename.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nodename-pod
spec:
  restartPolicy: Never
  nodeName: 192.168.198.156
  containers:
  - name: cat-hosts
    image: nginx

18)preemptionPolicy

[root@master01 preemptionPolicy]# cat preemption.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: preemption-pod
spec:
  restartPolicy: Never
  preemptionPolicy: PreemptLowerPriority
  containers:
  - name: cat-hosts
    image: nginx

19)priority

[root@master01 priority]# cat priority.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: priority-pod
spec:
  restartPolicy: Never
  preemptionPolicy: PreemptLowerPriority
  priority: 1000
  containers:
  - name: cat-hosts
    image: nginx

20)priorityClassName

[root@master01 priorityClass]# cat priorityClass.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: priorityclass-pod
spec:
  restartPolicy: Never
  priorityClassName: high-priority
  containers:
  - name: cat-hosts
    image: nginx



[root@master01 priorityClass]# cat high-priority.yaml 
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: high-priority
value: 1000000
globalDefault: false
description: "This priority class should be used for XYZ service pods only."

21)readinessGates

[root@master01 readinessGates]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  readinessGates:
  - conditionType: "www.example.com/feature-1"
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

22)Security Context

Container-level Security Context:仅应用到指定的容器

Pod-level Security Context:应用到Pod内所有容器以及Volume

Pod Security PoliciesPSP):应用到集群内部所有Pod以及Volume

[root@master01 podSecurityContext]# cat ./*
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-10
spec:
  securityContext:
    sysctls:
    - name: kernel.shm_rmid_forced
      value: "0"
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"  
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-1
spec:
  securityContext:
    runAsUser: 1000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    args:
    - "sh"
    -  "-c"
    -  "sleep 36000"
    securityContext:
      allowPrivilegeEscalation: false
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-3
spec:
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
    securityContext:
      privileged: true
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-4-1
spec:
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_TIME"]
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-5
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_TIME"]
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-6
spec:
  securityContext:
    runAsNonRoot: true
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
    securityContext:
      capabilities:
        add: ["NET_ADMIN", "SYS_TIME"]
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-7
spec:
  securityContext:
    fsGroup: 1234
    supplementalGroups: [5678]
    seLinuxOptions:
      level: "s0:c123,c456"
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-8
spec:
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"  
    securityContext:
      capabilities:
        drop:
        - NET_RAW
        - CHOWN
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-9
spec:
  securityContext:
    sysctls:
    - name: net.ipv4.ip_forward
      value: "1"
  containers:
  - name: sec-ctx-4
    image: busybox
    args:
    - "sh"
    - "-c"
    - "sleep 36000"

23)serviceAccountName

[root@master01 serviceAccountName]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  serviceAccountName: default
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

24)subdomain

[root@master01 subdomain]# cat ./*
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: nginx-0
spec:
  hostname: mark
  subdomain: com
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

25)terminationGracePeriodSeconds

[root@master01 terminationGracePeriodSeconds]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  terminationGracePeriodSeconds: 0
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80        
      hostPort: 80

26)tolerations

Taints Tolerations
taint 定义在 node 上,排斥 pod
toleration 定义在 pod 中, 容忍 taint

kubectl taint nodes node1 key=value:NoSchedule

kubectl taint nodes node1 key:NoSchedule-

Affect:

NoSchedule

NoExecute

[root@master01 tolerations]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
  tolerations:
  - key: "example-key"
    operator: "Exists"
    effect: "NoSchedule"

hxpjava1
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
关于k8s解析不到pod dns信息
longtails的博客
12-29 1万+
关于k8s解析不到pod dns信息 这其实是自己对k8s的dns解析不理解,service和podk8s中的dns记录形式不同,service是通过名字的,pod是用ip的(192-168-0-1的形式)。 busybox:1.28,latest版本不行 apiVersion: v1 kind: Pod metadata: name: busybox1 spec: contain...
k8s资源+pod详解
m0_59004799的博客
11-29 344
虽然每个Pod都会分配一个单独的Pod IP,然而却存在如下两问题:• Pod IP 会随着Pod的重建产生变化• Pod IP 仅仅是集群内可见的虚拟IP,外部无法访问这样对于访问这个服务带来了难度。因此,kubernetes设计了Service来解决这个问题。Service可以看作是一组同类Pod对外的访问接口。借助Service,应用可以方便地实现服务发现和负载均衡。
k8s教程(service篇)-pod的dns域名
阿甘兄
01-13 3205
pod dns 域名概念及设置
k8s-Pod域名学习总结
liuyij3430448的博客
03-10 3109
默认使用ip的方式,不利于正式的生产环境。(Pod的切换可能会导致IP的变化)可以在Pod yaml配置中设置hostname字段定义容器环境的主机名, 并设置subdomain字段定义容器环境的子域名。spec:hostname: 主机名称subdomain: 子域名[hostname]yaml中配置的hostnameyaml中配置的subdomainPod所在的命名空间默认为例如k8s集群default命名空间中有如下pod: order-service-pod此时pod域名为。
【kubernetes】关于k8s集群如何将pod调度到指定node节点(亲和与反亲和等)
最新发布
zzzxxx520369的博客
05-28 1419
(12)kubelet 是在 Node 上面运行的进程,它也通过 List-Watch 的方式监听(Watch,通过https的6443端口)APIServer 发送的 Pod 更新的事件。由于指定 Pod 所在的 node01 节点上具有带有键 kgc 和标签值 a 的标签,node02 也有这个kgc=a的标签,所以 node01 和 node02 是在一个拓扑域中,反亲和要求新 Pod 与指定 Pod 不在同一拓扑域,所以新 Pod 没有可用的 node 节点,即为 Pending 状态。
CoreDNS系列:Kubernetes内部域名解析原理、弊端及优化方
开开的博客
10-19 1419
Kubernetes 中的 DNS 本篇,是 CoreDNS 的前篇之一,后续会着重介绍 CoreDNS,但是步步深入讲 CoreDNS,讲一下 Kubernetes,以及 kubedns 有一定的必要,所以,就有了 CoreDNS 系列,本篇主要尽可能详尽的说明 Kubernetes 的DNS解析原理,以及 Kubernetes 集群中 DNS 解析目前存在的弊端和优化方式。 在 Kubernetes 中,服务发现有几种方式: ①:基于环境变量的方式 ②:基于内部域名的方式 基本上,使用环境变量的方
k8s kubernetes 核心组件 CoreDNS 域名解析服务 学习总结
liuyij3430448的博客
03-23 3681
coredns 默认读取当前文件夹下的Corefile配置文件,可以使用–conf 指定配置文件Corefile由一个或多个条目组成,条目本身则由标签和定义组成除非只有一个条目,否则条目的定义必须包含在花括号{} 中,用于划分边界左边花括号“{” 必须出现在以标签开头的行末尾 右边花括号“}” 必须单独出现在一行上,{}之间的文件被叫做块注释以#号开头grpc.com {grpc.com {directive1 agr1 agr2 #单行参数directive1 { #多行参数使用{}
五天学会k8s超详细讲解pdf
02-04
本教程“五天学会k8s超详细讲解”显然是一份旨在帮助初学者快速掌握k8s核心概念和实践操作的资料集合。以下是基于提供的文件名,对k8s学习路径的详细解析: 第一天:Kubernetes第1天.pdf 在第一天的学习中,通常会...
k8s.zip kubernetes分享
03-30
这个“k8s.zip kubernetes分享”提供的资源显然是一个全面的Kubernetes学习资料,旨在帮助用户从初学者逐渐进阶为专家。其中包含的“kubernetes培训PPT完整版非常实用.rar”很可能是一份详尽的PPT教程,涵盖了...
k8s视频教程入门到进阶(基于V1.19版本).rar
04-06
本套视频教程针对V1.19版本,是2021年最新录制的全面教学资源,适合对K8s感兴趣的初学者和希望提升技能的开发者。 ### K8s基础知识 1. **容器化技术**:K8s建立在Docker等容器技术之上,提供了轻量级的运行环境,...
K8S新版学习教程(k8s in action) 英文原版
12-20
《Kubernetes in Action》是关于Kubernetes(简称K8s)的权威学习教程,它针对的是K8s的新版本,因此对于想要深入了解和掌握最新Kubernetes技术的人来说,是一本不可多得的指南。Kubernetes是一种开源容器编排系统,...
Kubernetes(K8s) CKA 认证班(第4期,2021年3月课程,基于V1.20最新版本).rar
05-07
通过这个资源,你可以获得系统性的学习路径,包括理论讲解、实战演练和案例分析,以帮助你全面掌握Kubernetes V1.20版的核心知识并准备CKA考试。 总的来说,CKA认证对于想要深入理解和管理Kubernetes集群的专业人士...
K8S DNS使用
k8seasz的博客
05-05 2346
[k8s]coredns/kube-dns配置subdomain
weixin_30740295的博客
12-05 395
思想: kube-dns或coredns本质上是一个dns服务软件.都需要配置配置文件.要控制怎么查询,即控制他的配置文件即可. 本文先说下coredns怎么配置,然后在配下kube-dns(包含了外建dnsmasq搭建,模拟集群访问公司私有域情景) 参考: https://coredns.io/2017/03/01/coredns-for-kubernetes-service-discovery...
1.Kubernetes(K8S)架构1(Master,Node和Pod)
热门推荐
qq_21047625的博客
05-21 1万+
简介: K8S是当前主流的容器编排系统,服务编排系统要想实现服务的自动化部署和运行离不开容器编排系统. 容器目的是解决服务器的异构问题,解决了部署的时候无需在考虑底层系统环境是否能够满足服务的需要. 但是单独的容器并没有生产的价值,因为他只是提供了底层应用的托管程序,并没有处理多个容器容器投入生产的问题,而容器的编排则是处理多个容器投入生产的痛点问题 容器编排系统是在大范围...
StatefulSet暴露每个pod地址
weixin_42562106的博客
05-15 509
还是mongo假如使用了hostpath 地址就是IP apiVersion: v1 kind: Service metadata: name: mongodb-headless labels: name: mongo spec: ports: - port: 27017 targetPort: 27017 clusterIP: None selector: role: mongo --- apiVersion: apps/v1 kind: Stat
K8s学习笔记——资源组件篇
golfxiao的专栏
11-05 1427
Ingress为进入集群的请求提供路由规则的集合,类似于反向代理Nginx的作用,它可以按规则将请求路由到具体的Service上
云计算中Region、AZ、POD的三角关系
wangxiyong2011的专栏
01-12 1万+
这三个概念是云计算中很常见的概念,但三者之间的关系一直没太搞明白,最近搜罗一番并整理一下,记录于此,以备后查。
K8S 中的pod 和 node 区别
m0_61209018的博客
10-12 1万+
初学K8S,对于node 和 pod,感到很迷茫,查询之后,记录如下: pod 在Kubernetes中,最小的管理元素不是一个个独立的容器,而是Pod,Pod是最小的,管理,创建,计划的最小单元. 一个Pod(as ub a pod of whales or pea pod)相当于一个共享context的配置组,在同一个context下,应用可能还会有独立的cgroup隔离机制,一个Pod是一个容器环境下的“逻辑主机”,它可能包含一个或者多个紧密相连的应用,这些应用可能是在同一个物理主机或虚拟机
k8s固定pod资源
05-25
Kubernetes 中可以使用资源限制(Resource Limits)和资源请求(Resource Requests)来控制 Pod 使用的资源资源限制可以确保 Pod 不会超过指定的资源使用量,而资源请求则可以保证 Pod 能够获得足够的资源来正常运行。 如果想要固定一个 Pod资源,可以通过在 Pod 的 YAML 配置文件中指定资源限制和请求来实现。例如,以下是一个使用了 CPU 和内存限制和请求的 Pod 配置示例: ``` apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image resources: limits: cpu: "1" memory: "1Gi" requests: cpu: "0.5" memory: "512Mi" ``` 在上面的示例中,`my-pod` Pod 中的 `my-container` 容器被限制了使用最多 1 CPU 和 1GB 内存,并且请求了最少 0.5 CPU 和 512MB 内存。这样可以确保该 Pod 不会超过指定的资源使用量。 值得注意的是,如果资源限制和请求的值不足以支持 Pod 的运行,该 Pod 可能会被 Kubernetes 调度器拒绝或被强制终止。因此,一定要确保设置合适的资源限制和请求。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

hxpjava1

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值