k8s知识点

docker创建image是在docker daemon创建的，docker client和daemon可以不在同一个机器上，mac 或者windows的daemon运行在vm上

image的组成如图，每一层叫一个layer，

 

container中运行的processes有不同的IDs,container有他自己的PID LINUX namespace，有着完全分离的process tree，有着他自己完整的filesystem。一个app不仅有着他自己的filesystem，还有processes，users，hostname，network interfaces。

 

使用kubectl的一个便捷方式是使用alias，将

alias k=kubectl加入bashrc文件中即可。

 

 

一个pod由多个co-located containers组成.这些containers会运行在同一个worker node和同一个linux namespace。每一个pod好比为一个分离的物理机器，有他自己的ip,hostname,processes等。一个worker node 上可以有多个pods。

 

具体工作流程

 

app会report它的pod name 来作为hostname，因为每个pod被视为一个分离的独立的有着唯一IP地址和hostname的机器。

 

The third component of your system is the kubia-http service. To understand why you need services, you need to learn a key detail about pods. They’re ephemeral. A pod may disappear at any time—because the node it’s running on has failed, because someone deleted the pod, or because the pod was evicted from an otherwise healthy node. When any of those occurs, a missing pod is replaced with a new one by the Replication-Controller, as described previously. This new pod gets a different IP address from the pod it’s replacing. This is where services come in—to solve the problem of ever-changing pod IP addresses, as well as exposing multiple pods at a single constant IP and port pair.

When a service is created, it gets a static IP, which never changes during the lifetime of the service. Instead of connecting to pods directly, clients should connect to the service through its constant IP address. The service makes sure one of the pods receives the connection, regardless of where the pod is currently running (and what its IP address is).

使用kubernetes的正确方式是告诉它你想让他达到什么样的状态，然后让他自己去操作，而不是你手动去操作。

 

在一个container中运行着一个app，执行kill 1指令会杀死pid为1 的进程-即supervisor进程，它会导致container失效（why？），从而pod会rm这个container并去repo中去拉取这个container的image并重新运行起来。