Pod spec.containers详解
[root@master ~]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object> # 数组,代表可以有多个容器
FIELDS:
name <string> # 容器名称
image <string> # 容器需要的镜像地址
imagePullPolicy <string> # 镜像拉取策略
command <[]string> # 容器的启动命令列表,如不指定,使用打包时使用的启动命令
args <[]string> # 容器的启动命令需要的参数列表
env <[]Object> # 容器环境变量的配置
ports <[]Object> # 容器需要暴露的端口号列表
resources <Object> # 资源限制和资源请求的设置
基础配置
创建多个容器
创建pod-base.yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: pod-base
namespace: dev
labels:
user: rkun18
spec:
containers:
- name: nginx
image: nginx:1.17.1
- name: busybox
image: busybox:1.30
查看pods:
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pod-base 1/2 CrashLoopBackOff 5 4m45s
有一个容器没有启动
镜像拉取策略
三种镜像拉取策略:
- Always:总是从远程仓库拉取
- IfNotPresent:本地有用本地,没有用远程
- Never:只用本地镜像,本地没有就报错
创建一个yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: pod-imagepullpolicy
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: IfNotPresent # 用于设置镜像拉取策略
- name: busybox
image: busybox:1.30
查询信息:
[root@master ~]# vim tmp.yaml
[root@master ~]# kubectl create -f tmp.yaml
pod/pod-imagepullpolicy created
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pod-imagepullpolicy 1/2 Running 2 20s
还是只运行了一个nginx
启动命令
command:pod初始化后执行的命令类似于docker中dockerfile里的CMD
为什么前两个案例中busybox没有启动?
- busy不是程序,而是工具类集合
- k8s集群启动后,它就会自动关闭
- 解决办法就是让其一直运行,用到command命令
创建pod-command.yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: pod-command
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
- name: busybox
image: busybox:1.30
command: ["/bin/sh","-c","touch /tmp/hello.txt;while true;do /bin/echo $(date +%T) >> /tmp/hello.txt; sleep 3; done;"]
一直运行,每隔3秒写入时间 >> /tmp/hello.txt
command用于pod容器初始化完毕后运行一个命令
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pod-command 2/2 Running 0 103s
pod-imagepullpolicy 1/2 CrashLoopBackOff 6 9m14s
这下两个容器都启动成功了
- kubectl exec pod名称 -n 命名空间 -it -c 容器名称 /bin/bash 容器内执行命令
- 使用这个命令进入容器
- 查看txt文件内容
[root@master ~]# kubectl exec pod-command -n dev -it -c busybox /bin/sh
/ # tail -f /tmp/hello.txt
12:40:47
12:40:50
12:40:53
12:40:56
12:40:59
12:41:02
12:41:05
12:41:08
12:41:11
12:41:14
12:41:17
12:41:20
12:41:23
12:41:26
环境变量
env: 向容器传递环境变量
以键值对形式创建
创建pod-env.yaml文件:
apiVersion: v1
kind: Pod
metadata:
name: pod-env
namespace: dev
spec:
containers:
- name: busybox
image: busybox:1.30
command: ["/bin/sh","-c","while true;do /bin/echo $(date +%T);sleep 60; done;"]
env: # 设置环境变量列表
- name: "username"
value: "admin"
- name: "password"
value: "123456"
创建容器
[root@master ~]# kubectl create -f pod-env.yaml
pod/pod-env created
进入容器,输出环境变量
[root@master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-command 2/2 Running 0 14m
pod-env 1/1 Running 0 65s
pod-imagepullpolicy 1/2 CrashLoopBackOff 9 22m
[root@master ~]# kubectl exec -it pod-env -n dev -c busybox /bin/sh
/ # echo $username
admin
/ # echo $password
123456
/ #
这种方式不推荐,推荐放在配置文件中去。
端口配置
ports:端口配置
查看详细信息:
[root@master ~]# kubectl explain pod.spec.containers.ports
KIND: Pod
VERSION: v1
RESOURCE: ports <[]Object>
DESCRIPTION:
List of ports to expose from the container. Exposing a port here gives the
system additional information about the network connections a container
uses, but is primarily informational. Not specifying a port here DOES NOT
prevent that port from being exposed. Any port which is listening on the
default "0.0.0.0" address inside a container will be accessible from the
network. Cannot be updated.
ContainerPort represents a network port in a single container.
FIELDS:
containerPort #容器监听端口 <integer> -required-
Number of port to expose on the pod's IP address. This must be a valid port
number, 0 < x < 65536.
hostIP <string> #外部端口绑定IP
What host IP to bind the external port to.
hostPort <integer> #容器在主机上公开的端口
Number of port to expose on the host. If specified, this must be a valid
port number, 0 < x < 65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
name <string> #端口号名称
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
named port in a pod must have a unique name. Name for the port that can be
referred to by services.
protocol <string>
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
编写pod-ports.yaml:
apiVersion: v1
kind: Pod
metadata:
name: pod-ports
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
ports: # 设置容器暴露的端口列表
- name: nginx-port
containerPort: 80
protocol: TCP
查看pod详细信息:
[root@master ~]# kubectl get pods pod-ports -n dev -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2023-05-27T13:07:05Z"
name: pod-ports
namespace: dev
resourceVersion: "24045"
selfLink: /api/v1/namespaces/dev/pods/pod-ports
uid: 80a5c7f8-bcb6-4403-af87-5710d480e7c7
spec:
containers:
- image: nginx:1.17.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
name: nginx-port
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-l42sx
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: node1
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-l42sx
secret:
defaultMode: 420
secretName: default-token-l42sx
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-05-27T13:07:05Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-05-27T13:07:08Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-05-27T13:07:08Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-05-27T13:07:05Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://cc8fc9a15b2abeb56bbb1421cc289034b32077522ac8a2c9e5ede599fe0549f1
image: nginx:1.17.1
imageID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
lastState: {}
name: nginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-05-27T13:07:07Z"
hostIP: 192.168.126.129
phase: Running
podIP: 10.244.1.9
podIPs:
- ip: 10.244.1.9
qosClass: BestEffort
startTime: "2023-05-27T13:07:05Z"
访问容器中的程序,需要主要podip+containerPort
尝试访问下:
[root@master ~]# curl 10.244.1.9:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
访问成功
资源配置
resources:对容器进行资源配置,主要是限制资源,防止资源不平衡分配
子选项:
- 用于限制运行时容器的最大占用资源,当容器占用资源超过limits时会被终止,并进行重启
- requests:用于设置容器的最小资源,如果资源不够容器将无法启动
这两个选项可以设置容器的上下限
新建pod-resorces.yaml文件,创建pod
apiVersion: v1
kind: Pod
metadata:
name: pod-resources
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
resources: # 资源配额
limits: # 限制资源(上限)
cpu: "2" # CPU限制,单位是core数
memory: "10Gi" # 内存限制
requests: # 请求资源(下限)
cpu: "1" # CPU限制,单位是core数
memory: "10Mi" # 内存限制
- cpu:内核数量,可以为整数也可以为小数
- memory:内存大小,单位Gi,MI,G,M等形式
查看
[root@master ~]# kubectl create -f pod-resources.yaml
pod/pod-resources created
[root@master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-command 2/2 Running 0 54m
pod-env 1/1 Running 0 40m
pod-imagepullpolicy 1/2 CrashLoopBackOff 16 61m
pod-ports 1/1 Running 0 22m
pod-resources 1/1 Running 0 51s
发现可以执行
我们可以修改一些内容,看看能否执行:
首先由于pod运行太多了,我们直接删除ns dev 在新建一个ns dev:
[root@master ~]# kubectl delete ns dev
namespace "dev" deleted
[root@master ~]# kubectl create ns dev
namespace/dev created
查看节点剩余内存:
[root@master mine]# free -g
total used free shared buff/cache available
Mem: 1 0 0 0 0 0
Swap: 0 0 0
修改pod-resources.yaml文件内容为:
apiVersion: v1
kind: Pod
metadata:
name: pod-resources
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
resources: # 资源配额
limits: # 限制资源(上限)
cpu: "2" # CPU限制,单位是core数
memory: "10Gi" # 内存限制
requests: # 请求资源(下限)
cpu: "1" # CPU限制,单位是core数
memory: "10Gi" # 内存限制
查看能否启动
[root@master mine]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
pod-resources 0/1 Pending 0 23s
不行,目前有三个节点,每个节点的内存都不足10G,所以都不能运行,处于挂起状态