1 Resource Categories in Kubernetes
see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#-strong-api-overview-strong-
Workload
are objects you use to manage and run your containers on the cluster.
- Container
- Cronjob
- DaemonSet
- Deployment
- Job
- Pod
- ReplicaSet
- ReplicationController
- StatefulSet
Service
resources are objects you use to "stitch" your workloads together into an externally accessible, load-balanced Service.
- Service Discovery
- Load-Balance
- Ingress
Config and Storage
resources are objects you use to inject initialization data into your applications, and to persist data that is external to your container.
- ConfigMap
- Secret
- PersistentVolumeClaim
- StorageClass
- Volume
- VolumeAttachment
- CSI
- ...
Metadata
resources are objects you use to configure the behavior of other resources within the cluster, such as HorizontalPodAutoscaler
for scaling workloads.
- PodTemplate
- LimitRange
- Event
- HorizontalPodAutoscaler(HPA)
- ...
Cluster
resources objects define how the cluster itself is configured; these are typically used only by cluster operators
- Namespace
- Node
- Role
- ClusterRole
- Persisitentvolume
- RoleBinding
- ClusterRoleBinding
- ...
2. Get Kubernetes Resource Info
Show running pods
[root@k8smaster ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 3h nginx-79976cbb47-p247g 1/1 Running 0 3h nginx-79976cbb47-ppbqv 1/1 Running 0 3h
Show how is this pod build
[root@k8smaster ~]# kubectl get pod nginx-79976cbb47-ppbqv -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: "2019-01-03T13:34:16Z" generateName: nginx-79976cbb47- labels: pod-template-hash: "3553276603" run: nginx name: nginx-79976cbb47-ppbqv namespace: default ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: nginx-79976cbb47 uid: 43cecba5-0f5c-11e9-8668-000c297191df resourceVersion: "39591" selfLink: /api/v1/namespaces/default/pods/nginx-79976cbb47-ppbqv uid: 43d50008-0f5c-11e9-8668-000c297191df spec: containers: - image: nginx:1.14-alpine imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 80 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-rxs5t readOnly: true dnsPolicy: ClusterFirst nodeName: k8snode1 priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-rxs5t secret: defaultMode: 420 secretName: default-token-rxs5t status: conditions: - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:16Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:18Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: null status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2019-01-03T13:34:16Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://3d438e181572b2072cee7c7794914e94ee1df133d06cf32193d964c29f879525 image: nginx:1.14-alpine imageID: docker-pullable://nginx@sha256:e3f77f7f4a6bb5e7820e013fa60b96602b34f5704e796cfd94b561ae73adcf96 lastState: {} name: nginx ready: true restartCount: 0 state: running: startedAt: "2019-01-03T13:34:17Z" hostIP: 172.16.0.12 phase: Running podIP: 10.244.1.6 qosClass: BestEffort startTime: "2019-01-03T13:34:16Z"
3 Resource Objects
Resource objects typically have 3 components:
- Resource ObjectMeta: This is metadata about the resource, such as its name, type, api version, annotations, and labels. This contains fields that maybe updated both by the end user and the system (e.g. annotations).
- ResourceSpec: This is defined by the user and describes the desired state of system. Fill this in when creating or updating an object.
- ResourceStatus: This is filled in by the server and reports the current state of the system. In most cases, users don't need to change this.
4 Syntax of Resource Template
4.1 Name of API
- apiVersion
- kind
- spec
- metadata
- etc.
4.2 Name of group
- core (by default, if it is not mentioned)
- apps
- batch
- extensions
- ...
4.3 Version number
- v1 (stable version)
- v1beta
- ...
For example apiVersion: v1 means apiVersion is the name of API; group is core (by default); version is v1
5 First Level Resources for K8s Template
Here are 5 common resource types, which are normally defined by user:
- apiVersion: group/version
- kind: resource type -> pod, service, deployment etc.
- metadata: name, namespace, labels, annotations (optional)
- spec (disired state)
- status (maintained by kubernetes)
You can also use "kubectl explain {resource type}" to show them with their parameter type
for example show pod definition
[root@k8smaster ~]# kubectl explain pod KIND: Pod VERSION: v1 DESCRIPTION: Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. FIELDS: apiVersion <string> APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources kind <string> Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds metadata <Object> Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata spec <Object> Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status status <Object> Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
If you need more information about the usage of attribute metadata, you can use kubectl explain resourcename.objectname.objectname...
[root@k8smaster ~]# kubectl explain pod.metadata KIND: Pod VERSION: v1 RESOURCE: metadata <Object> DESCRIPTION: Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. FIELDS: annotations <map[string]string> Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations clusterName <string> The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. generation <integer> A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. labels <map[string]string> Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels name <string> Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names namespace <string> Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/
selfLink <string> SelfLink is a URL representing this object. Populated by the system. Read-only. uid <string> UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
...
5 Write a simple YAML Template
create a new file named pod-demo.yaml
touch pod-demo.yaml vi pod-demo.yaml
add following content to file
apiVersion: v1 kind: Pod metadata: name: pod-demo namespace: default labels: app: myapp tier: frontend spec: containers: - name: myapp image: ikubernetes/myapp:v1 - name: busybox image: busybox:latest command: - "/bin/sh" - "-c" - "echo date >> /usr/share/nginx/html/index.html; sleep 5"
See output
[root@k8smaster ~]# kubectl create -f pod-demo.yaml pod/pod-demo created [root@k8smaster ~]# kubectl get pods -w NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 5h13m nginx-79976cbb47-p247g 1/1 Running 0 5h13m nginx-79976cbb47-ppbqv 1/1 Running 0 5h13m pod-demo 0/2 ContainerCreating 0 15s pod-demo 2/2 Running 0 15s pod-demo 1/2 Running 0 20s pod-demo 2/2 Running 1 24s pod-demo 1/2 Running 1 29s ^C[root@k8smaster ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-79976cbb47-8dqnk 1/1 Running 0 5h nginx-79976cbb47-p247g 1/1 Running 0 5h nginx-79976cbb47-ppbqv 1/1 Running 0 5h pod-demo 1/2 Running 1 38s [root@k8smaster ~]# kubectl describe pod pod-demo Name: pod-demo Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Thu, 03 Jan 2019 19:46:35 +0100 Labels: app=myapp tier=frontend Annotations: <none> Status: Running IP: 10.244.1.10 Containers: myapp: Container ID: docker://b9cb870577649ea76da415c19b9b72276ee8803698c5a3178f7fa9955e3cf983 Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: <none> Host Port: <none> State: Running Started: Thu, 03 Jan 2019 19:46:44 +0100 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) busybox: Container ID: docker://b5a91b353122a176b80a0c2f487093337576de190b72fff6d7e0adaf00a389bc Image: busybox:latest Image ID: docker-pullable://busybox@sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0 Port: <none> Host Port: <none> Command: /bin/sh -c echo date >> /usr/share/nginx/html/index.html; sleep 5 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:47:20 +0100 Finished: Thu, 03 Jan 2019 19:47:25 +0100 Last State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:46:58 +0100 Finished: Thu, 03 Jan 2019 19:47:03 +0100 Ready: False Restart Count: 2 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulling 80s kubelet, k8snode1 pulling image "ikubernetes/myapp:v1" Normal Pulled 72s kubelet, k8snode1 Successfully pulled image "ikubernetes/myapp:v1" Normal Created 72s kubelet, k8snode1 Created container Normal Started 72s kubelet, k8snode1 Started container Normal Scheduled 53s default-scheduler Successfully assigned default/pod-demo to k8snode1 Normal Pulling 38s (x3 over 72s) kubelet, k8snode1 pulling image "busybox:latest" Normal Pulled 36s (x3 over 68s) kubelet, k8snode1 Successfully pulled image "busybox:latest" Normal Created 36s (x3 over 68s) kubelet, k8snode1 Created container Normal Started 36s (x3 over 68s) kubelet, k8snode1 Started container Warning BackOff 29s (x2 over 52s) kubelet, k8snode1 Back-off restarting failed container [root@k8smaster ~]# kubectl describe pod pod-demo Name: pod-demo Namespace: default Priority: 0 PriorityClassName: <none> Node: k8snode1/172.16.0.12 Start Time: Thu, 03 Jan 2019 19:46:35 +0100 Labels: app=myapp tier=frontend Annotations: <none> Status: Running IP: 10.244.1.10 Containers: myapp: Container ID: docker://b9cb870577649ea76da415c19b9b72276ee8803698c5a3178f7fa9955e3cf983 Image: ikubernetes/myapp:v1 Image ID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513 Port: <none> Host Port: <none> State: Running Started: Thu, 03 Jan 2019 19:46:44 +0100 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) busybox: Container ID: docker://b5a91b353122a176b80a0c2f487093337576de190b72fff6d7e0adaf00a389bc Image: busybox:latest Image ID: docker-pullable://busybox@sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0 Port: <none> Host Port: <none> Command: /bin/sh -c echo date >> /usr/share/nginx/html/index.html; sleep 5 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:47:20 +0100 Finished: Thu, 03 Jan 2019 19:47:25 +0100 Last State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 03 Jan 2019 19:46:58 +0100 Finished: Thu, 03 Jan 2019 19:47:03 +0100 Ready: False Restart Count: 2 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-rxs5t (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: default-token-rxs5t: Type: Secret (a volume populated by a Secret) SecretName: default-token-rxs5t Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Pulling 92s kubelet, k8snode1 pulling image "ikubernetes/myapp:v1" Normal Pulled 84s kubelet, k8snode1 Successfully pulled image "ikubernetes/myapp:v1" Normal Created 84s kubelet, k8snode1 Created container Normal Started 84s kubelet, k8snode1 Started container Normal Scheduled 65s default-scheduler Successfully assigned default/pod-demo to k8snode1 Normal Pulling 50s (x3 over 84s) kubelet, k8snode1 pulling image "busybox:latest" Normal Pulled 48s (x3 over 80s) kubelet, k8snode1 Successfully pulled image "busybox:latest" Normal Created 48s (x3 over 80s) kubelet, k8snode1 Created container Normal Started 48s (x3 over 80s) kubelet, k8snode1 Started container Warning BackOff 41s (x2 over 64s) kubelet, k8snode1 Back-off restarting failed container
Validating Pods with "kubectl logs pod-demo myapp"
[root@k8smaster ~]# curl 10.244.1.10 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> [root@k8smaster ~]# kubectl logs pod-demo myapp 10.244.0.0 - - [03/Jan/2019:18:52:20 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-" [root@k8smaster ~]# kubectl logs pod-demo busybox /bin/sh: can't create /usr/share/nginx/html/index.html: nonexistent directory [root@k8smaster ~]#
* curl 10.244.1.10 command is only for generating logs
We can see busybox doesn't work. So delete this pod first
[root@k8smaster ~]# kubectl delete pods pod-demo pod "pod-demo" deleted
Go into running container myapp
[root@k8smaster ~]# kubectl exec -it pod-demo -c myapp -- /bin/sh / # whoami root / # cd /usr/share/nginx/html/ /usr/share/nginx/html # ll /bin/sh: ll: not found /usr/share/nginx/html # ls 50x.html index.html /usr/share/nginx/html # cat index.html Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
* this example wont work, because these two containers myapp, busybox don't share the same filesystem... so "echo date >> /usr/share/nginx/html/index.html; sleep 5" won't write anything in index.html (index.html is in myapp container)
So just edite the last line of template yaml file
- "echo date >> /usr/share/nginx/html/index.html; sleep 5" to - "sleep 5000"
busybox container will sleep 5000 sec then exit...
Done :-)