[k8s] kubelet单组件启动静态pod

kubelet单组件启动静态pod

无需k8s其他组件,单独下载kubelet的二进制,可以启动静态pod.

静态pod不受api管理,kubectl get po可以看到,但是kubectl delete pod 删除后,出去pending状态, 节点容器并没有删除,要想删除,去节点操作kubelet相对应的目录文件

静态pod创建有2中方法: 最常用的配置文件方法,还有http方法.

配置文件形式

- 获取pause镜像787k
docker pull lanny/gcr.io_google_containers_pause-amd64:3.0
docker tag lanny/gcr.io_google_containers_pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0 


- 启动kubelet
mkdir -p /root/k8s/manifests
kubelet --allow-privileged=true --pod-manifest-path=/root/k8s/manifests --cluster-dns=10.254.0.2 --cluster-domain=cluster.local --v=2

- manifests静态pod目录下新建busybox-count.yml
[root@n1 ~]# cat /root/k8s/manifests/busybox-count.yml
apiVersion: v1
kind: Pod
metadata:
  name: counter
spec:
  containers:
  - name: count
    image: busybox
    args: [/bin/sh, -c,
            'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']


- 自动启动成功
[root@n1 ~]# docker ps -a
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS               NAMES
bf0d15b72b5e        busybox                                    "/bin/sh -c 'i=0; ..."   4 minutes ago       Up 4 minutes                            k8s_count_counter-n1.ma.com_default_0f4803e09eeb6a864cc007da1ad165f3_0
92d6592d972f        gcr.io/google_containers/pause-amd64:3.0   "/pause"                 4 minutes ago       Up 4 minutes                            k8s_POD_counter-n1.ma.com_default_0f4803e09eeb6a864cc007da1ad165f3_0


- kubelet退出后,pod依旧running
- docker rm容器后,这个容器exit状态,kubelet会重新runing一个容器

- busybox+pause=pod 共享ip协议栈(IP+mac一样)
- pause的ip和mac
[root@n1 ~]# docker inspect 92d6592d972f|grep -i ipaddr
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",
                    
[root@n1 ~]# docker inspect 92d6592d972f|grep -i mac
            "MacAddress": "02:42:ac:11:00:02",
                    "MacAddress": "02:42:ac:11:00:02",

- busybox的ip和mac
[root@n1 ~]# docker exec bf0d15b72b5e ip ad
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
- kubelet启动参数里的dns和域会被注入进去.
[root@n1 ~]# docker exec -it bf0d15b72b5e sh
/ # cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

/ # cat /etc/hosts
172.17.0.2	counter-n1.ma.com
/ # 

docker的dns设置

/usr/bin/dockerd --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 --iptables=false --dns 10.233.0.3 --dns 114.114.114.114 --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2

docker run -it --rm busybox
 / # cat /etc/resolv.conf 
search default.svc.cluster.local svc.cluster.local
nameserver 10.233.0.3
nameserver 114.114.114.114

http方式

kubelet会定期向这个url请求yaml,来更新pod

 --manifest-url string                                                                                       URL for accessing the container manifest