• 深入理解pod


    •最小部署单元
    •一组容器的集合
    •一个Pod中的容器共享网络命名空间
    •Pod是短暂的

    一、Pod容器分类

    1、Infrastructure Container:基础容器  (维护整个Pod网络空间)

    [root@node01 cfg]# cat kubelet

    KUBELET_OPTS="--logtostderr=true
    --v=4
    --hostname-override=10.192.27.115
    --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig
    --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig
    --config=/opt/kubernetes/cfg/kubelet.config
    --cert-dir=/opt/kubernetes/ssl
    --pod-infra-container-image=10.192.27.111/library/pause-amd64:3.0  #node节点的kubelet服务已经设置好了基础容器的路径

    维护整个Pod网络空间,启动一个容器时,k8s会自动为我们启动一个基础容器

    2、InitContainers:初始化容器(先于业务容器开始执行)
    官方参考地址:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

    apiVersion: v1
    kind: Pod
    metadata:
      name: myapp-pod
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp-container
        image: busybox:1.28
        command: ['sh', '-c', 'echo The app is running! && sleep 3600']
      initContainers:
      - name: init-myservice
        image: busybox:1.28
        command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
      - name: init-mydb
        image: busybox:1.28
        command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']

    3、Containers:业务容器(并行启动)

    二、镜像拉取策略(imagePullPolicy)

    官方参考地址:https://kubernetes.io/docs/concepts/containers/images/

    •IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
    •Always:每次创建Pod 都会重新拉取一次镜像
    •Never:Pod 永远不会主动拉取这个镜像

    拉取私有镜像仓库的镜像(我使用 在pod上指定ImagePullSecrets)

    官方提供了多种方法可以参考:https://kubernetes.io/zh/docs/concepts/containers/images/

    #要先任意一个node节点登录一下 docker login 10.192.27.115  就用在/root/.docker/config.json下面留下凭据
    [root@node01 image]# cat /root/.docker/config.json  #账号:0216000942 密码:Harbor12345  
    {
        "auths": {
            "10.192.27.111": {
                "auth": "MDIxNjAwMDk0MjpIYXJib3IxMjM0NQ=="
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/18.09.4 (linux)"
        }
    }[root@node01 image]# 
    [root@node01 image]# cat /root/.docker/config.json |base64  #base64编码方式
    ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01E
    azBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2Vy
    LUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9
    [root@node01 image]# cat /root/.docker/config.json |base64 -w 0 #转化成一行
    ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01EazBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9[root@node01 image]# 
    #master节点上创建一个秘钥配置文件
    [root@master01 yaml_doc]# vim registry-pull-secret.yaml  #创建一个Secret的yaml文件
    apiVersion: v1
    kind: Secret
    metadata:
      name: registry-pull-secret
    data:
      .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01EazBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9
    type: kubernetes.io/dockerconfigjson
    
    [root@master01 yaml_doc]# kubectl create -f registry-pull-secret.yaml 
    [root@master01 yaml_doc]# kubectl get secrets
    NAME                   TYPE                                  DATA   AGE
    default-token-sj2lw    kubernetes.io/service-account-token   3      9d
    registry-pull-secret   kubernetes.io/dockerconfigjson        1      176m
    [root@master01 yaml_doc]# 
    #master节点上创建一个pod
    [root@master01 yaml_doc]# vim nginx-pod.yaml  #创建一个pod的yaml文件
    apiVersion: v1
    kind: Pod
    metadata:
      name: nginx-pod
      namespace: default
      labels:
        app: nginx-pod
    
    spec:
      imagePullSecrets:         #使用密钥配置文件
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        ports:
        - containerPort: 80
    
    [root@master01 yaml_doc]# kubectl create -f nginx-pod.yaml 
    pod/nginx-pod created
    [root@master01 yaml_doc]# kubectl get pods -o wide  #查看pod分配到哪个node节点 PodIP是172.17.46.2
    NAME        READY   STATUS    RESTARTS   AGE     IP            NODE            NOMINATED NODE   READINESS GATES
    nginx-pod   1/1     Running   0          2m26s   172.17.46.2   10.192.27.116   <none>           <none>
    #master节点上创建一个server
    [root@master01 yaml_doc]# vim nginx-service.yaml
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-service-mxxl
    spec:
      type: NodePort  #server负载均衡模式之一:暴露IP端口 默认是ClusterIP
      ports:
      - port: 80  #集群server端口
        nodePort: 30080  #外部端口
      selector:    #匹配便签为nginx-pod的pod
        app: nginx-pod
    [root@master01 yaml_doc]# kubectl create -f nginx-service.yaml 
    service/nginx-service-mxxl created
    [root@master01 yaml_doc]# kubectl get svc
    NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
    kubernetes           ClusterIP   10.0.0.1     <none>        443/TCP        9d
    nginx-service-mxxl   NodePort    10.0.0.65    <none>        80:30080/TCP   5s   #分配集群IP(可能对应一组pod)和Port为10.0.0.65:80《---- nodeIP:30080
    访问方式:
    浏览器:http://nodeIP:30080
    [root@node01 ~]# curl 172.17.46.2  #访问podIP
    [root@node01 ~]# curl 10.0.0.65  #访问集群IP

     学习一个命令:

    kubectl edit pod/nginx-pod   #相当于 vim nginx-pod.yaml   kubectl apply -f  nginx-pod.yaml

    三、资源限制

    官方参考地址 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
    Pod和Container的资源请求和限制:
    •spec.containers[].resources.limits.cpu
    •spec.containers[].resources.limits.memory
    •spec.containers[].resources.requests.cpu
    •spec.containers[].resources.requests.memory

    创建一个资源限制的容器示例

    [root@master01 yaml_doc]# cat resources-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: frontend
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: db
        image: 10.192.27.111/project/mysql:5.7
        imagePullPolicy: IfNotPresent
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "Harbor12345"
        resources:
          requests:
            memory: "64Mi"
            cpu: "250m"
          limits:
            memory: "128Mi" #最大128M
            cpu: "500m"  #最大半个CPU
      - name: wp
        image: 10.192.27.111/project/wordpress:latest
        imagePullPolicy: IfNotPresent
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        resources:
          requests:
            memory: "1G"
            cpu: 0.5
          limits:
            memory: "2G"
            cpu: 1
            
    [root@master01 yaml_doc]# kubectl create -f resources-pod.yaml
    pod/frontend created
    [root@master01 yaml_doc]# kubectl get pods -o wide
    NAME        READY   STATUS    RESTARTS   AGE     IP            NODE            NOMINATED NODE   READINESS GATES
    frontend    2/2     Running   0          8m23s   172.17.43.2   10.192.27.115   <none>           <none>
    nginx-pod   1/1     Running   0          20h     172.17.46.2   10.192.27.116   <none>           <none>
    [root@master01 yaml_doc]# 
    [root@master01 yaml_doc]# kubectl describe pod frontend
    Name:               frontend
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               10.192.27.115/10.192.27.115
    Start Time:         Thu, 21 Nov 2019 10:55:13 +0800
    Labels:             <none>
    Annotations:        <none>
    Status:             Running
    IP:                 172.17.43.2
    Containers:
      db:
        Container ID:  docker://e01ca1c893378176f31a7c4dc7409e043e0d7a7d8b18f1e2d0bedab3d8d141c1
        Image:         10.192.27.111/project/mysql:5.7
        Image ID:      docker-pullable://10.192.27.111/project/mysql@sha256:5c508e03f7f1987a393816a9ce2358f4abbdd36629972ba870af8f4cfcd031c0
        Port:          <none>
        Host Port:     <none>
        Command:
          /bin/bash
          -ce
          tail -f /dev/null
        State:          Running
          Started:      Thu, 21 Nov 2019 10:55:14 +0800
        Ready:          True
        Restart Count:  0
        Limits:
          cpu:     500m
          memory:  128Mi
        Requests:
          cpu:     250m
          memory:  64Mi
        Environment:
          MYSQL_ROOT_PASSWORD:  Harbor12345
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro)
      wp:
        Container ID:  docker://3f0ee5e0d72e7e5c4ac55aa94fa2aee5022c39583576f0c1842f9636cd7c8b39
        Image:         10.192.27.111/project/wordpress:latest
        Image ID:      docker-pullable://10.192.27.111/project/wordpress@sha256:8add16d8bce7fd2f428f21476f642019638ed85921397f62b87e3c9878c79486
        Port:          <none>
        Host Port:     <none>
        Command:
          /bin/bash
          -ce
          tail -f /dev/null
        State:          Running
          Started:      Thu, 21 Nov 2019 10:55:14 +0800
        Ready:          True
        Restart Count:  0
        Limits:
          cpu:     1
          memory:  2G
        Requests:
          cpu:        500m
          memory:     1G
        Environment:  <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro)
    Conditions:
      Type              Status
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True 
    Volumes:
      default-token-sj2lw:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-sj2lw
        Optional:    false
    QoS Class:       Burstable
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason     Age   From                    Message
      ----    ------     ----  ----                    -------
      Normal  Scheduled  9m7s  default-scheduler       Successfully assigned default/frontend to 10.192.27.115
      Normal  Pulled     9m6s  kubelet, 10.192.27.115  Container image "10.192.27.111/project/mysql:5.7" already present on machine
      Normal  Created    9m6s  kubelet, 10.192.27.115  Created container
      Normal  Started    9m6s  kubelet, 10.192.27.115  Started container
      Normal  Pulled     9m6s  kubelet, 10.192.27.115  Container image "10.192.27.111/project/wordpress:latest" already present on machine
      Normal  Created    9m6s  kubelet, 10.192.27.115  Created container
      Normal  Started    9m6s  kubelet, 10.192.27.115  Started container
    [root@master01 yaml_doc]# 
    #查看名为frontend 的 pod详细信息

    查看完整的pod信息比较多是,可以只查看创建过程

    grep -A -B -C
    -A -B -C 后面都跟阿拉伯数字
    -A是显示匹配后和它后面的n行。
    -B是显示匹配行和它前面的n行。
    -C是匹配行和它前后各n行。
    总体来说,-C覆盖面最大,这3个开关都是关于匹配行的上下文的(context)。

    [root@master01 yaml_doc]# kubectl describe pod frontend | grep -A 20 Events #查看pod创建情况 :Events后20行信息
    Events:
      Type    Reason     Age   From                    Message
      ----    ------     ----  ----                    -------
      Normal  Scheduled  11m   default-scheduler       Successfully assigned default/frontend to 10.192.27.115
      Normal  Pulled     11m   kubelet, 10.192.27.115  Container image "10.192.27.111/project/mysql:5.7" already present on machine
      Normal  Created    11m   kubelet, 10.192.27.115  Created container
      Normal  Started    11m   kubelet, 10.192.27.115  Started container
      Normal  Pulled     11m   kubelet, 10.192.27.115  Container image "10.192.27.111/project/wordpress:latest" already present on machine
      Normal  Created    11m   kubelet, 10.192.27.115  Created container
      Normal  Started    11m   kubelet, 10.192.27.115  Started container
    [root@master01 yaml_doc]# 
    #查看该节点的所有信息 包括该节点的docker容器  资源占用情况 
    [root@master01 yaml_doc]# kubectl describe nodes 10.192.27.115
    Name:               10.192.27.115
    Roles:              <none>
    Labels:             beta.kubernetes.io/arch=amd64
                        beta.kubernetes.io/os=linux
                        kubernetes.io/hostname=10.192.27.115
    Annotations:        node.alpha.kubernetes.io/ttl: 0
                        volumes.kubernetes.io/controller-managed-attach-detach: true
    CreationTimestamp:  Mon, 11 Nov 2019 15:37:25 +0800
    Taints:             <none>
    Unschedulable:      false
    Conditions:
      Type             Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
      ----             ------  -----------------                 ------------------                ------                       -------
      MemoryPressure   False   Thu, 21 Nov 2019 11:12:03 +0800   Mon, 11 Nov 2019 15:37:25 +0800   KubeletHasSufficientMemory   kubelet has sufficient memory available
      DiskPressure     False   Thu, 21 Nov 2019 11:12:03 +0800   Mon, 11 Nov 2019 15:37:25 +0800   KubeletHasNoDiskPressure     kubelet has no disk pressure
      PIDPressure      False   Thu, 21 Nov 2019 11:12:03 +0800   Mon, 11 Nov 2019 15:37:25 +0800   KubeletHasSufficientPID      kubelet has sufficient PID available
      Ready            True    Thu, 21 Nov 2019 11:12:03 +0800   Mon, 11 Nov 2019 15:37:35 +0800   KubeletReady                 kubelet is posting ready status
    Addresses:
      InternalIP:  10.192.27.115
      Hostname:    10.192.27.115
    Capacity:   #总共的资源
     cpu:                40
     ephemeral-storage:  51175Mi
     hugepages-1Gi:      0
     hugepages-2Mi:      0
     memory:             32656556Ki
     pods:               110
    Allocatable:  #可以给pod的资源
     cpu:                40
     ephemeral-storage:  48294789041
     hugepages-1Gi:      0
     hugepages-2Mi:      0
     memory:             32554156Ki
     pods:               110
    System Info:
     Machine ID:                 9c53ba3f1bcb43e19507d4a2e98730da
     System UUID:                4C4C4544-0053-5A10-8034-B1C04F4B4C32
     Boot ID:                    8ac2ecf8-70bd-44a4-bfee-422c82d68c3a
     Kernel Version:             3.10.0-957.el7.x86_64
     OS Image:                   CentOS Linux 7 (Core)
     Operating System:           linux
     Architecture:               amd64
     Container Runtime Version:  docker://18.9.4
     Kubelet Version:            v1.13.0
     Kube-Proxy Version:         v1.13.0
    Non-terminated Pods:         (1 in total)
      Namespace                  Name        CPU Requests  CPU Limits  Memory Requests  Memory Limits   AGE
      ---------                  ----        ------------  ----------  ---------------  -------------   ---
      default                    frontend    750m (1%)     1500m (3%)  1067108864 (3%)  2084197Ki (6%)  16m  #每个pod资源限制详细
    Allocated resources:  #所有的pod资源限制
      (Total limits may be over 100 percent, i.e., overcommitted.)
      Resource           Requests         Limits
      --------           --------         ------
      cpu                750m (1%)        1500m (3%)       
      memory             1067108864 (3%)  2084197Ki (6%)
      ephemeral-storage  0 (0%)           0 (0%)
    Events:              <none>
    [root@master01 yaml_doc]# 
    
    [root@master01 yaml_doc]# kubectl get ns #查看所有命名空间
    NAME          STATUS   AGE
    default       Active   8d  #默认使用这个
    kube-public   Active   8d
    kube-system   Active   8d
    [root@master01 yaml_doc]#
    #查看该节点的所有信息 包括该节点的docker容器 资源占用情况

    四、重启策略(restartPolicy)

    •Always:当容器终止退出后,总是重启容器,默认策略。
    •OnFailure:当容器异常退出(退出状态码非0)时,才重启容器。
    •Never::当容器终止退出,从不重启容器。

    [root@master01 yaml_doc]# cat restart-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: restart-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
    #    command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        args:
          - /bin/sh
          - -c
          - sleep 30; exit 0
      restartPolicy: Always  #当容器终止退出后,总是重启容器,默认策略。
    [root@master01 yaml_doc]# 
    
    
    [root@master01 yaml_doc]# kubectl apply -f restart-pod.yaml 
    pod/restart-pod created
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   0          1s            #容器起来花了1秒
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS      RESTARTS   AGE
    restart-pod   0/1     Completed   0          31s     #容器30秒完成任务退出了
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   1          32s   #退出后又重启了 #RESTARTS的数值为1 说明重启了一次
    Always示例
    [root@master01 yaml_doc]# cat restart-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: restart-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
    #    command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        args:
          - /bin/sh
          - -c
          - sleep 30; exit 0
      restartPolicy: Never        #当容器终止退出,从不重启容器。
    [root@master01 yaml_doc]# 
    
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   0          1s            #容器起来花了1秒
    
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS      RESTARTS   AGE
    restart-pod   0/1     Completed   0          31s  #不重启 容器30秒完成Completed任务退出了  
    
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS      RESTARTS   AGE
    restart-pod   0/1     Completed   0          76s  #不重启了 容器可用变为0/1 
    Never
    [root@master01 yaml_doc]# cat restart-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: restart-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
    #    command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        args:
          - /bin/sh
          - -c
          - sleep 30; exit 0
      restartPolicy: OnFailure
    [root@master01 yaml_doc]# 
    
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   0          1s            #容器起来花了1秒
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS      RESTARTS   AGE
    restart-pod   0/1     Completed   0          31s  #正常退出不重启 容器30秒完成Completed任务退出了  
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS      RESTARTS   AGE
    restart-pod   0/1     Completed   0          44s
    [root@master01 yaml_doc]# 
    
    
    
    
    [root@master01 yaml_doc]# cat restart-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: restart-pod
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
    #    command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        args:
          - /bin/sh
          - -c
          - sleep 30; exit 3
      restartPolicy: OnFailure   #当容器异常退出(退出状态码非0)时,才重启容器
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   0          1s            #容器起来花了1秒
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   0/1     Error     0          31s   ##当容器异常退出(退出状态码非0)时,才重启容器
    [root@master01 yaml_doc]# kubectl get pods
    NAME          READY   STATUS    RESTARTS   AGE
    restart-pod   1/1     Running   1          32s
    OnFailure示例

    学习一个命令# kubectl get ep #service endpoint

    endpoint是k8s集群中的一个资源对象,存储在etcd中,用来记录一个service对应的所有pod的访问地址。service配置selector(关联一组pod),endpoint controller才会自动创建对应的endpoint对象;否则,不会生成endpoint对象。
    例如,k8s集群中创建一个名为nginx-service-mxxl的service,就会生成一个同名的endpoint对象,ENDPOINTS就是service关联的pod的ip地址和端口。

    [root@master01 yaml_doc]# kubectl get ep,svc
    NAME                           ENDPOINTS                               AGE
    endpoints/kubernetes           10.192.27.100:6443,10.192.27.114:6443   10d
    endpoints/nginx-service-mxxl   172.17.46.2:80                          23h
    
    NAME                         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
    service/kubernetes           ClusterIP   10.0.0.1     <none>        443/TCP        10d    #对应两个master节点
    service/nginx-service-mxxl   NodePort    10.0.0.65    <none>        80:30080/TCP   23h    # 对应 172.17.46.2:80  
    [root@master01 yaml_doc]# 

     

    五、健康检查(Probe)

    Probe有以下两种类型:
    livenessProbe:如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。 #根据 四、 重启机制
    readinessProbe:如果检查失败,Kubernetes会把Pod从service endpoints中剔除。#剔除endpoints


    官方详细介绍了:https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
    Probe支持以下三种检查方法:
    httpGet:发送HTTP请求,返回200-400范围状态码为成功。
    exec:执行Shell命令返回状态码是0为成功。
    tcpSocket:发起TCP Socket建立成功。

    [root@master01 yaml_doc]# cat liveness-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      labels:
        test: liveness
      name: liveness-exec
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: liveness
        image: 10.192.27.111/project/busybox:latest
        args:
        - /bin/sh
        - -c
        - touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 600
        livenessProbe:
          exec:
            command:
            - cat
            - /tmp/healthy  #如果这个文件不存在返回的状态码非零  echo $?  就是会重启容器
          initialDelaySeconds: 5  # 容器启动五秒之后启动健康检查
          periodSeconds: 5 #间隔5执行健康检查
        
    [root@master01 yaml_doc]# kubectl get pods
    NAME            READY   STATUS    RESTARTS   AGE
    liveness-exec   1/1     Running   0          52s
    [root@master01 yaml_doc]# 
    NAME            READY   STATUS    RESTARTS   AGE
    liveness-exec   1/1     Running   1          53s   #重启了一次
    liveness检查示例
    [root@master01 yaml_doc]# cat readiness-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      labels:
        test: readiness
      name: readiness-exec
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: readiness
        image: 10.192.27.111/project/busybox:latest
        args:
        - /bin/sh
        - -c
        - touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 600
        readinessProbe:
          exec:
            command:
            - cat
            - /tmp/healthy  #如果这个文件不存在返回的状态码非零  echo $?  就是会重启容器
          initialDelaySeconds: 5  # 容器启动五秒之后启动健康检查
          periodSeconds: 5 #间隔5执行健康检查
    [root@master01 yaml_doc]#     
        
    [root@master01 yaml_doc]# kubectl get pods
    NAME             READY   STATUS    RESTARTS   AGE
    readiness-exec   1/1     Running   0          24s
    [root@master01 yaml_doc]# kubectl get pods
    NAME             READY   STATUS    RESTARTS   AGE
    readiness-exec   0/1     Running   0          25s
    readiness检查示例

    六、调度约束

    nodeName用于将Pod调度到指定的Node名称上
    nodeSelector用于将Pod调度到匹配Label的Node上

    ############没有指定node节点创建pod的情况########
    [root@master01 yaml_doc]# kubectl create -f nginx-pod.yaml 
    pod/nginx-pod created
    [root@master01 yaml_doc]# kubectl get pods
    NAME        READY   STATUS    RESTARTS   AGE
    nginx-pod   1/1     Running   0          9s
    [root@master01 yaml_doc]# kubectl describe pod nginx-pod
    Name:               nginx-pod
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               10.192.27.116/10.192.27.116
    Start Time:         Thu, 21 Nov 2019 16:29:07 +0800
    Labels:             app=nginx-pod
    Annotations:        <none>
    Status:             Running
    IP:                 172.17.46.2
    Containers:
      nginx:
        Container ID:  docker://78a9dd0bdb54c2dde89e588fa0d09cea265b617f7e5752318d783483086eb2e6
        Image:         10.192.27.111/project/nginx:latest
        Image ID:      docker-pullable://10.192.27.111/project/nginx@sha256:f56b43e9913cef097f246d65119df4eda1d61670f7f2ab720831a01f66f6ff9c
        Port:          80/TCP
        Host Port:     0/TCP
        Command:
          /bin/bash
          -ce
          tail -f /dev/null
        State:          Running
          Started:      Thu, 21 Nov 2019 16:29:08 +0800
        Ready:          True
        Restart Count:  0
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro)
    Conditions:
      Type              Status
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True 
    Volumes:
      default-token-sj2lw:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-sj2lw
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason     Age   From                    Message
      ----    ------     ----  ----                    -------
      Normal  Scheduled  15s   default-scheduler       Successfully assigned default/nginx-pod to 10.192.27.116  #这行调用了调度器 
      Normal  Pulled     14s   kubelet, 10.192.27.116  Container image "10.192.27.111/project/nginx:latest" already present on machine
      Normal  Created    14s   kubelet, 10.192.27.116  Created container
      Normal  Started    14s   kubelet, 10.192.27.116  Started container
    [root@master01 yaml_doc]# 
    没有指定node节点创建pod的情况
    ############指定node节点创建pod########
    [root@master01 yaml_doc]# cat nodeName-pod.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: nginx-pod
      namespace: default
      labels:
        app: nginx-pod
    
    spec:
      nodeName: 10.192.27.115
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 10.192.27.111/project/nginx:latest
        imagePullPolicy: IfNotPresent
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        ports:
        - containerPort: 80
    [root@master01 yaml_doc]# 
    
    
    [root@master01 yaml_doc]# kubectl create -f nodeName-pod.yaml 
    pod/nginx-pod created
    [root@master01 yaml_doc]# kubectl get pods
    NAME        READY   STATUS    RESTARTS   AGE
    nginx-pod   1/1     Running   0          2s
    [root@master01 yaml_doc]# kubectl describe pod nginx-pod
    Name:               nginx-pod
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               10.192.27.115/10.192.27.115
    Start Time:         Thu, 21 Nov 2019 16:26:29 +0800
    Labels:             app=nginx-pod
    Annotations:        <none>
    Status:             Running
    IP:                 172.17.43.2
    Containers:
      nginx:
        Container ID:  docker://18af2f91fd29c78540b294e56111ef5d0c96494cebdf971cc1d4f5876929f61e
        Image:         10.192.27.111/project/nginx:latest
        Image ID:      docker-pullable://10.192.27.111/project/nginx@sha256:f56b43e9913cef097f246d65119df4eda1d61670f7f2ab720831a01f66f6ff9c
        Port:          80/TCP
        Host Port:     0/TCP
        Command:
          /bin/bash
          -ce
          tail -f /dev/null
        State:          Running
          Started:      Thu, 21 Nov 2019 16:26:30 +0800
        Ready:          True
        Restart Count:  0
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro)
    Conditions:
      Type              Status
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True 
    Volumes:
      default-token-sj2lw:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-sj2lw
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason   Age   From                    Message
      ----    ------   ----  ----                    -------  #这行没有调度器  因为是直接指定了node节点,就没有显示
      Normal  Pulled   6s    kubelet, 10.192.27.115  Container image "10.192.27.111/project/nginx:latest" already present on machine
      Normal  Created  6s    kubelet, 10.192.27.115  Created container
      Normal  Started  6s    kubelet, 10.192.27.115  Started container
    [root@master01 yaml_doc]# 
    指定node节点创建pod
    [root@master01 yaml_doc]# kubectl get nodes --show-labels
    NAME            STATUS   ROLES    AGE   VERSION   LABELS
    10.192.27.115   Ready    <none>   10d   v1.13.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.115
    10.192.27.116   Ready    <none>   10d   v1.13.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.116
    [root@master01 yaml_doc]# 
    [root@master01 yaml_doc]# kubectl label nodes 10.192.27.115 team=a  #给每个node设置标签
    node/10.192.27.115 labeled
    [root@master01 yaml_doc]# kubectl label nodes 10.192.27.116 team=b
    node/10.192.27.116 labeled
    [root@master01 yaml_doc]# kubectl get nodes --show-labels
    NAME           STATUS   ROLES    AGE   VERSION   LABELS
    10.192.27.115   Ready    <none>   9d    v1.13.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.115,team=a
    10.192.27.116   Ready    <none>   9d    v1.13.0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.116,team=b
    [root@master01 yaml_doc]# 
    [root@master01 yaml_doc]# vim pod5.yaml 
    apiVersion: v1
    kind: Pod
    metadata:
      name: pod-example
    kind: Pod
    metadata:
      name: pod-example
      labels:
        app: nginx
    spec:
      nodeSelector:
        team: a
      containers:
      - name: nginx
        image: nginx:1.15
    
    [root@master01 yaml_doc]# kubectl apply -f pod5.yaml 
    pod/pod-example created
    
    
    [root@master01 yaml_doc]# kubectl describe pod pod-example
    Name:               pod-example
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               10.192.27.115/10.192.27.115
    Start Time:         Thu, 12 Sep 2019 22:01:14 +0800
    Labels:             app=nginx
    Annotations:        kubectl.kubernetes.io/last-applied-configuration:
                          {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"nginx"},"name":"pod-example","namespace":"default"},"spec":{...
    Status:             Running
    IP:                 172.17.39.8
    Containers:
      nginx:
        Container ID:   docker://2ce176b032561b1de82a941aacae9127a7bd4dd8439e23480f28289ae2825893
        Image:          nginx:1.15
        Image ID:       docker-pullable://nginx@sha256:670ba067df36460bc89cb0ec333c79795f720639846ad32724d019197afb61e9
        Port:           <none>
        Host Port:      <none>
        State:          Running
          Started:      Thu, 12 Sep 2019 22:01:35 +0800
        Ready:          True
        Restart Count:  0
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-4zq5b (ro)
    Conditions:
      Type              Status
      Initialized       True 
      Ready             True 
      ContainersReady   True 
      PodScheduled      True 
    Volumes:
      default-token-4zq5b:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-4zq5b
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  team=a
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason     Age   From                   Message
      ----    ------     ----  ----                   -------
      Normal  Scheduled  45s   default-scheduler      Successfully assigned default/pod-example to 10.192.27.115 ####走到了调度器了
      Normal  Pulled     26s   kubelet, 10.192.27.115  Container image "nginx:1.15" already present on machine
      Normal  Created    26s   kubelet, 10.192.27.115  Created container
      Normal  Started    24s   kubelet, 10.192.27.115  Started container
    [root@master01 yaml_doc]# 
    nodeSelector用于将Pod调度到匹配Label的Node上

     七、故障排查

    https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/

    故障排除的方法:
    kubectl describe TYPE/NAME
    kubectl logs TYPE/NAME [-c CONTAINER]
    kubectl exec POD [-c CONTAINER] --COMMAND [args...]

     

  • 相关阅读:
    Docker
    docker
    Go
    Docker4Windows -- 从外部(非本机host)访问 由docker container运行的程序
    Unable to resolve target 'android-9'
    win7中VS2010中安装CSS3.0问题解决方法
    修改vs2005,vs2008,vs2010调试默认浏览器
    Android SDK Content loader has encountered a problem” “parseSdkContent Failed ”
    解决parseSdkContent failed java.lang.NullPointerException错误
    50个Android开发人员必备UI效果源码[转载]
  • 原文地址:https://www.cnblogs.com/linux985/p/11898029.html
Copyright © 2020-2023  润新知