Table of contents
1. Pod introduction
1. Pod structure
2. Pod definition
2. Pod configuration
1. Basic configuration
2. Image pull
3. Start command
4. Environment variables
5. Port settings
6. Resource quota
1. Pod introduction
1. Pod structure _
Each Pod can contain one or more containers, which can be divided into two categories:
- The number of containers where user programs reside can be more or less
- The Pause container, which is a root container that every Pod will have, has two functions:
- It can be used as a basis to evaluate the health status of the entire Pod
- You can set the Ip address on the root container, and other containers have this Ip (Pod IP) to achieve network communication within the Pod
| This is the internal communication of the Pod . The communication between the Pods is realized by the virtual layer 2 network technology. Our current environment uses Flannel |
2. Pod definition _
The following is the resource list of Pod:
| Bash
apiVersion: v1 #Required , version number, such as v1
kind: Pod #Required, resource type, such as Pod
metadata: #Required, metadata
name: string #Required, Pod name
namespace: string #Name of the Pod Space, the default is "default"
labels: #Custom label list-
name: string
spec: #Required, the detailed definition of
the container in the Pod containers: #Required, the list of containers in the Pod-
name: string #Required, the container name
image: string #Required, the image name of the container
imagePullPolicy: [ Always|Never|IfNotPresent ] #Get the policy of the image command: [string] #The container startup command list, if not specified, use the startup command args
used when packaging :
[string] #Container startup command parameter list
workingDir: string #Container working directory
volumeMounts: #Mounted to the storage volume configuration inside the container
- name: string #Refer to the name of the shared storage volume defined by the pod, you need to use the volume name defined in the volumes[] part mountPath
: string #The absolute path of the storage volume to mount in the container should be less than 512 characters
readOnly: boolean #Whether In read-only mode
ports: #List of port library numbers that need to be exposed-
name: string #Name of the port
containerPort: int #The port number that the container needs to monitor
hostPort: int #The port number that the host where the container is located needs to monitor, the default is the same
protocol as the Container : string #Port protocol, support TCP and UDP, default TCP
env: #List of environment variables that need to be set before the container runs- name
: string #Environment variable name
value: string #Environment variable value
resources: #Resource limit and request setting
limits: #Resource limit setting
cpu: string #Cpu limit, the unit is the number of cores, will be used for docker run --cpu-shares parameter
memory: string #Memory limit, the unit can be Mib/Gib, will be used for docker run --memory parameter
requests: #Resource request settings
cpu: string #Cpu request, the initial available quantity of container startup
memory: string #Memory request, the initial available quantity of container startup
lifecycle: #Life cycle hook
postStart: #Execute this hook immediately after the container starts, if the execution fails, it will be restarted according to Policy to restart
preStop: #Execute this hook before the container terminates, no matter what the result is, the container will terminate
livenessProbe: #Settings for the health check of each container in the Pod, when the detection does not respond several times, the container will be automatically restarted
exec: #For the Pod Set the inspection method in the container to exec method
command: [string] #Exec method needs to formulate the command or script
httpGet: #Set the health inspection method of a container in the Pod to HttpGet, you need to formulate Path and port
path: string
port: number
host: string
scheme: string
HttpHeaders:
- name: string
value: string
tcpSocket: #Set the health check method of each container in the Pod to tcpSocket
port: number
initialDelaySeconds: 0 #The time for the first detection after the container is started, in seconds
timeoutSeconds: 0 #The timeout for waiting for the response of the container health check detection, in seconds, the default is 1 second
periodSeconds: 0 #Periodical monitoring and inspection of the container Detection time setting , in seconds, by default once every 10
seconds NodeSelector on the node node specified to the name : obeject #Setting NodeSelector means scheduling the Pod to the node containing this label imagePullSecrets: #The secret name used when pulling the image, specified in key:secretkey format- name: string hostNetwork: false # Whether to use the host network mode, the default is false, if set to true, it means to use the host network volumes: #Define the list of shared storage volumes on this pod
- name: string #Shared storage volume name (there are many types of volumes)
emptyDir: {} #A storage volume of type emtyDir, a temporary directory with the same life cycle as the Pod. It is an empty value
hostPath: string #The storage volume type is hostPath, which means the directory where the Pod is mounted on the host machine
path: string #The directory of the host machine where the Pod is located will be used for the mount directory during the same period
secret: #The type is secret Storage volume, mount the cluster and defined secret objects into the container
scretname: string
items:
- key: string
path: string
configMap: #Storage volume of type configMap, mount the predefined configMap object into the container
name: string
items :
- key: string
path: string |
View resource type by explain
| TypeScript
#小提示:
# 在这里,可通过一个命令来查看每种资源的可配置项
# kubectl explain 资源类型 查看某种资源可以配置的一级属性
# kubectl explain 资源类型.属性 查看属性的子属性
[root@master ~]# kubectl explain pod
KIND: Pod
VERSION: v1
FIELDS:
apiVersion <string>
kind <string>
metadata <Object>
spec <Object>
status <Object>
[root@master ~]# kubectl explain pod.metadata
KIND: Pod
VERSION: v1
RESOURCE: metadata <Object>
FIELDS:
annotations <map[string]string>
clusterName <string>
creationTimestamp <string>
deletionGracePeriodSeconds <integer>
deletionTimestamp <string>
finalizers <[]string>
generateName <string>
generation <integer>
labels <map[string]string>
managedFields <[]Object>
name <string>
namespace <string>
ownerReferences <[]Object>
resourceVersion <string>
selfLink <string>
uid <string> |
在kubernetes中基本所有资源的一级属性都是一样的,主要包含5部分:
在上面的属性中,spec是接下来研究的重点,继续看下它的常见子属性:
- containers <[]Object> 容器列表,用于定义容器的详细信息
- nodeSelector <map[]> 根据NodeSelector中定义的信息选择将该Pod调度到包含这些label的Node 上
- volumes <[]Object> 存储卷,用于定义Pod上面挂在的存储信息
二、Pod配置
以下主要来研究pod.spec.containers属性,这也是pod配置中最为关键的一项配置。
| Bash
[root@master ~]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object> # 数组,代表可以有多个容器
FIELDS:
name <string> # 容器名称
image <string> # 容器需要的镜像地址
imagePullPolicy <string> # 镜像拉取策略
command <[]string> # 容器的启动命令列表,如不指定,使用打包时使用的启动命令
args <[]string> # 容器的启动命令需要的参数列表
env <[]Object> # 容器环境变量的配置
ports <[]Object> # 容器需要暴露的端口号列表
resources <Object> # 资源限制和资源请求的设置 |
1、基本配置
创建pod-base.yaml文件,内容如下:
| SQL
apiVersion: v1
kind: Pod
metadata:
name: pod-base
namespace: dev
labels:
user: heima
spec:
containers:
- name: nginx
image: nginx:1.17.1
- name: busybox
image: busybox:1.30 |
上面定义了一个比较简单Pod的配置,里面有两个容器:
nginx:用1.17.1版本的nginx镜像创建,(nginx是一个轻量级web容器)
busybox:用1.30版本的busybox镜像创建,(busybox是一个小巧的linux命令集合)
| Shell
# 创建Pod
[root@master pod]# kubectl apply -f pod-base.yaml
pod/pod-base created
# 查看Pod状况
# READY 1/2 : 表示当前Pod中有2个容器,其中1个准备就绪,1个未就绪
# RESTARTS : 重启次数,因为有1个容器故障了,Pod一直在重启试图恢复它
[root@master pod]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-base 1/2 Running 4 95s
# 可以通过describe查看内部的详情
# 此时已经运行起来了一个基本的Pod,虽然它暂时有问题
[root@master pod]# kubectl describe pod pod-base -n dev |
2、镜像拉取
imagePullPolicy,用于设置镜像拉取策略,kubernetes支持配置三种拉取策略:
| Bash
apiVersion: v1
kind: Pod
metadata:
name: pod-imagepullpolicy
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
imagePullPolicy: Always # 用于设置镜像拉取策略
- name: busybox
image: busybox:1.30 |
Always:总是从远程仓库拉取镜像(一直远程下载)
IfNotPresent:本地有则使用本地镜像,本地没有则从远程仓库拉取镜像(本地有就本地 本地没远程下载)
Never:只使用本地镜像,从不去远程仓库拉取,本地没有就报错 (一直使用本地)
| 默认值说明: 如果镜像tag为具体版本号, 默认策略是:IfNotPresent 如果镜像tag为:latest(最终版本) ,默认策略是always |
3、启动命令
在前面的案例中,一直有一个问题没有解决,就是的busybox容器一直没有成功运行,那么到底是什么原因导致这个容器的故障呢?
原来busybox并不是一个程序,而是类似于一个工具类的集合,kubernetes集群启动管理后,它会自动关闭。解决方法就是让其一直在运行,这就用到了command配置。
| Shell
apiVersion: v1
kind: Pod
metadata:
name: pod-command
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
- name: busybox
image: busybox:1.30
command: ["/bin/sh","-c","touch /tmp/hello.txt;while true;do /bin/echo $(date +%T) >> /tmp/hello.txt; sleep 3; done;"]
|
command,用于在pod中的容器初始化完毕之后运行一个命令。
稍微解释下上面命令的意思:
| "/bin/sh","-c", 使用sh执行命令 touch /tmp/hello.txt; 创建一个/tmp/hello.txt 文件 while true;do /bin/echo $(date +%T) >> /tmp/hello.txt; sleep 3; done; 每隔3秒向文件中写入当前时间 |
特别说明:
通过上面发现command已经可以完成启动命令和传递参数的功能,为什么这里还要提供一个args选项,用于传递参数呢?这其实跟docker有点关系,kubernetes中的command、args两项其实是实现覆盖Dockerfile中ENTRYPOINT的功能。
1 如果command和args均没有写,那么用Dockerfile的配置。
2 如果command写了,但args没有写,那么Dockerfile默认的配置会被忽略,执行输入的command
3 如果command没写,但args写了,那么Dockerfile中配置的ENTRYPOINT的命令会被执行,使用当前args的参数
4 如果command和args都写了,那么Dockerfile的配置被忽略,执行command并追加上args参数
4、环境变量
| Bash
apiVersion: v1
kind: Pod
metadata:
name: pod-env
namespace: dev
spec:
containers:
- name: busybox
image: busybox:1.30
command: ["/bin/sh","-c","while true;do /bin/echo $(date +%T);sleep 60; done;"]
env: # 设置环境变量列表
- name: "username"
value: "admin"
- name: "password"
value: "123456" |
env,环境变量,用于在pod中的容器设置环境变量。
| Bash
# 创建Pod
[root@master ~]# kubectl create -f pod-env.yaml
pod/pod-env created
# 进入容器,输出环境变量
[root@master ~]# kubectl exec pod-env -n dev -c busybox -it /bin/sh
/ # echo $username
admin
/ # echo $password
123456 |
这种方式不是很推荐,推荐将这些配置单独存储在配置文件中,这种方式将在后面介绍。
5、端口设置
本小节来介绍容器的端口设置,也就是containers的ports选项。
首先看下ports支持的子选项:
| Bash
[root@master ~]# kubectl explain pod.spec.containers.ports
KIND: Pod
VERSION: v1
RESOURCE: ports <[]Object>
FIELDS:
name <string> # 端口名称,如果指定,必须保证name在pod中是唯一的
containerPort<integer> # 容器要监听的端口(0<x<65536)
hostPort <integer> # 容器要在主机上公开的端口,如果设置,主机上只能运行容器的一个副本(一般省略)
hostIP <string> # 要将外部端口绑定到的主机IP(一般省略)
protocol <string> # 端口协议。必须是UDP、TCP或SCTP。默认为“TCP”。 |
6、资源配额
容器中的程序要运行,肯定是要占用一定资源的,比如cpu和内存等,如果不对某个容器的资源做限制,那么它就可能吃掉大量资源,导致其它容器无法运行。针对这种情况,kubernetes提供了对内存和cpu的资源进行配额的机制,这种机制主要通过resources选项实现,他有两个子选项:
limits:用于限制运行时容器的最大占用资源,当容器占用资源超过limits时会被终止,并进行重启
requests :用于设置容器需要的最小资源,如果环境资源不够,容器将无法启动
可以通过上面两个选项设置资源的上下限。
| Bash
apiVersion: v1
kind: Pod
metadata:
name: pod-resources
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
resources: # 资源配额
limits: # 限制资源(上限)
cpu: "2" # CPU限制,单位是core数
memory: "10Gi" # 内存限制
requests: # 请求资源(下限)
cpu: "1" # CPU限制,单位是core数
memory: "10Mi" # 内存限制 |
在这对cpu和memory的单位做一个说明:
cpu:core数,可以为整数或小数
memory: 内存大小,可以使用Gi、Mi、G、M等形式
三、Pod生命周期
四、Pod调度