[Kubernetes Resources] Pod Minimum Scheduling Unit Introduction to Practical Detailed Explanation

1. Pod concept

K8s Chinese official website documents:

K8S Pod official website documentation:

1. What is a pod?

Pod is the smallest scheduling unit in k8s . One or more containers can be defined in a Pod. If there are multiple containers in a Pod, they can share network and storage resources and work together to complete a task. Pods can be abstractly understood as pea pods, and the peas inside are understood as containers, as shown in the following figure:

Pod is equivalent to a logical host. For example, if we deploy an Nginx service, if we use the traditional deployment method, we may deploy it on a physical server or a cloud server. After K8s appears, we can define a Pod resource, and define the Nginx container in this Pod resource, so the Pod plays the role of the logical host.

2. Implementation method of Pod network sharing

The Pod network in the K8s cluster refers to the network that communicates between Pods and between Pods and external networks in the cluster. Each Pod has a unique IP address, and the containers in the Pod share this IP address.

View the IP address of the Pod:

kubectl get pod -n kube-system -o wide

There are many ways to implement the Pod network, including the following:

• Container Network Interface (CNI): CNI is one of the most commonly used Pod networking implementations in Kubernetes. It allows different network plugins to manage pod networks, such as Flannel, Calico, Weave Net, etc.
• Kubernetes Service: Kubernetes Service is an abstract concept that allows Pods to communicate through the Service name without knowing the specific Pod IP address. Service can be exposed through ClusterIP, NodePort, LoadBalancer, etc.
• Ingress: Ingress is a resource object in Kubernetes that allows external traffic to be routed to Services within the cluster. Ingress can be configured in a variety of ways, such as Nginx Ingress Controller, Traefik, etc.

In summary, the Pod network in Kubernetes is a very important concept, which provides an efficient and reliable communication method for applications in the Kubernetes cluster.

Container sharing network mode in Pod:

In K8s, when a Pod is started, a pause container is first started, and then all subsequent containers are linked to this pause container to realize network sharing, as shown in the following figure:

Pod and Pod sharing network method:

• Communication between different Pods on the same node: connect and communicate with different network namespaces through a linux virtual Ethernet device or an Ethernet interface composed of two virtual interfaces.

• Communication between different pod hosts on different nodes: When communicating across pods, if the mac address of the destination pod cannot be found in the local node, it will search the layer-3 routing table for forwarding, which depends on the network configuration between different nodes.

• Communication between external networks and pods: pods communicate through their own ip addresses. (However, the ip addresses of pods are not persistent. When the scale of pods in the cluster is reduced or pod failures or node failures are restarted, the new pod ips may be different from the previous ones. The virtual IP of the service can solve this problem because the virtual ip is fixed.)

3. Pod storage sharing method

When creating a Pod, you can specify to mount a storage volume. All containers in the Pod share access to this storage volume, allowing the container to share data. After the Pod mounts the storage volume, the data will not be lost after the Pod restarts, and the data still exists. As shown below:

4. The overall process of creating a Pod

• Step 1: Submit a pod creation request to the apiserver through the kubectl command. After receiving the pod creation request, the apiservice will write the pod attribute information (metadata) into the etcd database.
• Step 2: The apiserver triggers the watch mechanism to prepare to create pod resources, and forwards the information to the scheduler. The scheduler is responsible for scheduling the pod to the appropriate node, and sends the scheduling information to the apiserver, which then writes it into the etcd database.
• Step 3: The apiserver calls the kubelet through the watch mechanism, specifies the pod information, and calls the container runtime to create and start the container in the pod.
• Step 4: Feedback to the kubelet after the creation is complete, and the kubelet sends the pod status information to the apiserver, and the apiserver writes the pod status information into the etcd database.

To sum up, the scheduler is responsible for scheduling pods to appropriate nodes, kubelet will use the container runtime to create containers, and finally write the pod status into etcd.

2. Use YAML files to define Pod resources

1. Pod resource list YAML file writing skills

1. YAML syntax format:

• Case Sensitive;
• Use indentation to indicate hierarchical relationships;
• The number of spaces indented is not important, as long as the elements of the same level are aligned to the left, usually two spaces are indented at the beginning;
• Indent one space after characters, such as colon, comma, hyphen (-), etc.
• "—" indicates the beginning of a file "..." indicates the end of a file
• "#" means comment

2. Configure Linux tab to indent two spaces

YAML indentation is usually two spaces, we can set the tab in linux to two spaces, so that we can write the YAML list later

cat >> ~/.vimrc << EOF
set tabstop=2
set shiftwidth=2
set expandtab
EOF

Among them, tabstoprepresents the width of the tab key, shiftwidthrepresents the width of the automatic indentation, and expandtabrepresents the automatic conversion of the tab key into a space.

3. Use the kubectl explain help command

When writing the pod resource list, if you forget which field parameters exist in the pod or do not understand the meaning of the parameters, you can use the following help command to view the detailed explanation of the parameters.

kubectl explain pod
kubectl explain pod.spec
kubectl explain pod.spec.containers

2. Create Pod and Pod common commands

1. Create Pod resources

cat pod.yaml 
---
apiVersion: v1       # api版本
kind: Pod            # 定义类型
metadata:            # 元数据
  labels:           
    app: nginx       # 标签
  name: web-nginx    # Pod名称
  namespace: default # Pod名称空间
spec:           
  containers:        
  - name: web-nginx  # 容器名称
    image: nginx     # 容器使用镜像
    imagePullPolicy: IfNotPresent  # 镜像下载策略
    ports:                   
    - containerPort: 80            # 容器内暴露端口

After defining the pod list, use the following command to create it

kubectl apply -f pod.yaml 

You can also use the command line to create Pods, which are not commonly used and are generally used for testing

kubectl run nginx-1 --image=nginx --port=80

2. Pod common commands

1. View the Pod scheduling node and IP address

kubectl get pod -o wide

2. Enter the Pod container:

kubectl exec -it web-nginx -- /bin/bash

If there are multiple containers in the Pod, you can use -c to specify the incoming container

kubectl exec -it web-nginx -c web-nginx -- /bin/bash

3. View pod logs:

kubectl logs web-nginx

Of course, you can add the -f parameter to view the log in real time

kubectl logs -f web-nginx

4. View the Pod through the Pod label:

kubectl get pod -l app

5. Check which tags the Pod has

kubectl get pod --show-labels

6. View Pod details

kubectl describe pod web-nginx

7. Delete Pods

kubectl delete pod web-nginx

Of course, you can also specify the yaml file to delete the resources defined in the file

kubectl delete -f pod.yaml