•最小部署单元
•一组容器的集合
•一个Pod中的容器共享网络命名空间
•Pod是短暂的
一、Pod容器分类
1、Infrastructure Container:基础容器 (维护整个Pod网络空间)
[root@node01 cfg]# cat kubelet
KUBELET_OPTS="--logtostderr=true
--v=4
--hostname-override=10.192.27.115
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig
--config=/opt/kubernetes/cfg/kubelet.config
--cert-dir=/opt/kubernetes/ssl
--pod-infra-container-image=10.192.27.111/library/pause-amd64:3.0 #node节点的kubelet服务已经设置好了基础容器的路径
维护整个Pod网络空间,启动一个容器时,k8s会自动为我们启动一个基础容器
2、InitContainers:初始化容器(先于业务容器开始执行)
官方参考地址:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
3、Containers:业务容器(并行启动)
二、镜像拉取策略(imagePullPolicy)
官方参考地址:https://kubernetes.io/docs/concepts/containers/images/
•IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
•Always:每次创建Pod 都会重新拉取一次镜像
•Never:Pod 永远不会主动拉取这个镜像
拉取私有镜像仓库的镜像(我使用 在pod上指定ImagePullSecrets)
官方提供了多种方法可以参考:https://kubernetes.io/zh/docs/concepts/containers/images/
#要先任意一个node节点登录一下 docker login 10.192.27.115 就用在/root/.docker/config.json下面留下凭据 [root@node01 image]# cat /root/.docker/config.json #账号:0216000942 密码:Harbor12345 { "auths": { "10.192.27.111": { "auth": "MDIxNjAwMDk0MjpIYXJib3IxMjM0NQ==" } }, "HttpHeaders": { "User-Agent": "Docker-Client/18.09.4 (linux)" } }[root@node01 image]# [root@node01 image]# cat /root/.docker/config.json |base64 #base64编码方式 ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01E azBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2Vy LUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9 [root@node01 image]# cat /root/.docker/config.json |base64 -w 0 #转化成一行 ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01EazBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9[root@node01 image]#
#master节点上创建一个秘钥配置文件 [root@master01 yaml_doc]# vim registry-pull-secret.yaml #创建一个Secret的yaml文件 apiVersion: v1 kind: Secret metadata: name: registry-pull-secret data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xOTIuMjcuMTExIjogewoJCQkiYXV0aCI6ICJNREl4TmpBd01EazBNanBJWVhKaWIzSXhNak0wTlE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNCAobGludXgpIgoJfQp9 type: kubernetes.io/dockerconfigjson [root@master01 yaml_doc]# kubectl create -f registry-pull-secret.yaml [root@master01 yaml_doc]# kubectl get secrets NAME TYPE DATA AGE default-token-sj2lw kubernetes.io/service-account-token 3 9d registry-pull-secret kubernetes.io/dockerconfigjson 1 176m [root@master01 yaml_doc]#
#master节点上创建一个pod [root@master01 yaml_doc]# vim nginx-pod.yaml #创建一个pod的yaml文件 apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: default labels: app: nginx-pod spec: imagePullSecrets: #使用密钥配置文件 - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] ports: - containerPort: 80 [root@master01 yaml_doc]# kubectl create -f nginx-pod.yaml pod/nginx-pod created [root@master01 yaml_doc]# kubectl get pods -o wide #查看pod分配到哪个node节点 PodIP是172.17.46.2 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-pod 1/1 Running 0 2m26s 172.17.46.2 10.192.27.116 <none> <none>
#master节点上创建一个server [root@master01 yaml_doc]# vim nginx-service.yaml apiVersion: v1 kind: Service metadata: name: nginx-service-mxxl spec: type: NodePort #server负载均衡模式之一:暴露IP端口 默认是ClusterIP ports: - port: 80 #集群server端口 nodePort: 30080 #外部端口 selector: #匹配便签为nginx-pod的pod app: nginx-pod [root@master01 yaml_doc]# kubectl create -f nginx-service.yaml service/nginx-service-mxxl created [root@master01 yaml_doc]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 9d nginx-service-mxxl NodePort 10.0.0.65 <none> 80:30080/TCP 5s #分配集群IP(可能对应一组pod)和Port为10.0.0.65:80《---- nodeIP:30080
访问方式: 浏览器:http://nodeIP:30080 [root@node01 ~]# curl 172.17.46.2 #访问podIP [root@node01 ~]# curl 10.0.0.65 #访问集群IP
学习一个命令:
kubectl edit pod/nginx-pod #相当于 vim nginx-pod.yaml kubectl apply -f nginx-pod.yaml
三、资源限制
官方参考地址 https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Pod和Container的资源请求和限制:
•spec.containers[].resources.limits.cpu
•spec.containers[].resources.limits.memory
•spec.containers[].resources.requests.cpu
•spec.containers[].resources.requests.memory
创建一个资源限制的容器示例
[root@master01 yaml_doc]# cat resources-pod.yaml apiVersion: v1 kind: Pod metadata: name: frontend spec: imagePullSecrets: - name: registry-pull-secret containers: - name: db image: 10.192.27.111/project/mysql:5.7 imagePullPolicy: IfNotPresent command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] env: - name: MYSQL_ROOT_PASSWORD value: "Harbor12345" resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" #最大128M cpu: "500m" #最大半个CPU - name: wp image: 10.192.27.111/project/wordpress:latest imagePullPolicy: IfNotPresent command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] resources: requests: memory: "1G" cpu: 0.5 limits: memory: "2G" cpu: 1 [root@master01 yaml_doc]# kubectl create -f resources-pod.yaml pod/frontend created [root@master01 yaml_doc]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES frontend 2/2 Running 0 8m23s 172.17.43.2 10.192.27.115 <none> <none> nginx-pod 1/1 Running 0 20h 172.17.46.2 10.192.27.116 <none> <none> [root@master01 yaml_doc]#
[root@master01 yaml_doc]# kubectl describe pod frontend Name: frontend Namespace: default Priority: 0 PriorityClassName: <none> Node: 10.192.27.115/10.192.27.115 Start Time: Thu, 21 Nov 2019 10:55:13 +0800 Labels: <none> Annotations: <none> Status: Running IP: 172.17.43.2 Containers: db: Container ID: docker://e01ca1c893378176f31a7c4dc7409e043e0d7a7d8b18f1e2d0bedab3d8d141c1 Image: 10.192.27.111/project/mysql:5.7 Image ID: docker-pullable://10.192.27.111/project/mysql@sha256:5c508e03f7f1987a393816a9ce2358f4abbdd36629972ba870af8f4cfcd031c0 Port: <none> Host Port: <none> Command: /bin/bash -ce tail -f /dev/null State: Running Started: Thu, 21 Nov 2019 10:55:14 +0800 Ready: True Restart Count: 0 Limits: cpu: 500m memory: 128Mi Requests: cpu: 250m memory: 64Mi Environment: MYSQL_ROOT_PASSWORD: Harbor12345 Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro) wp: Container ID: docker://3f0ee5e0d72e7e5c4ac55aa94fa2aee5022c39583576f0c1842f9636cd7c8b39 Image: 10.192.27.111/project/wordpress:latest Image ID: docker-pullable://10.192.27.111/project/wordpress@sha256:8add16d8bce7fd2f428f21476f642019638ed85921397f62b87e3c9878c79486 Port: <none> Host Port: <none> Command: /bin/bash -ce tail -f /dev/null State: Running Started: Thu, 21 Nov 2019 10:55:14 +0800 Ready: True Restart Count: 0 Limits: cpu: 1 memory: 2G Requests: cpu: 500m memory: 1G Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-sj2lw: Type: Secret (a volume populated by a Secret) SecretName: default-token-sj2lw Optional: false QoS Class: Burstable Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 9m7s default-scheduler Successfully assigned default/frontend to 10.192.27.115 Normal Pulled 9m6s kubelet, 10.192.27.115 Container image "10.192.27.111/project/mysql:5.7" already present on machine Normal Created 9m6s kubelet, 10.192.27.115 Created container Normal Started 9m6s kubelet, 10.192.27.115 Started container Normal Pulled 9m6s kubelet, 10.192.27.115 Container image "10.192.27.111/project/wordpress:latest" already present on machine Normal Created 9m6s kubelet, 10.192.27.115 Created container Normal Started 9m6s kubelet, 10.192.27.115 Started container [root@master01 yaml_doc]#
查看完整的pod信息比较多是,可以只查看创建过程
grep -A -B -C
-A -B -C 后面都跟阿拉伯数字
-A是显示匹配后和它后面的n行。
-B是显示匹配行和它前面的n行。
-C是匹配行和它前后各n行。
总体来说,-C覆盖面最大,这3个开关都是关于匹配行的上下文的(context)。
[root@master01 yaml_doc]# kubectl describe pod frontend | grep -A 20 Events #查看pod创建情况 :Events后20行信息 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 11m default-scheduler Successfully assigned default/frontend to 10.192.27.115 Normal Pulled 11m kubelet, 10.192.27.115 Container image "10.192.27.111/project/mysql:5.7" already present on machine Normal Created 11m kubelet, 10.192.27.115 Created container Normal Started 11m kubelet, 10.192.27.115 Started container Normal Pulled 11m kubelet, 10.192.27.115 Container image "10.192.27.111/project/wordpress:latest" already present on machine Normal Created 11m kubelet, 10.192.27.115 Created container Normal Started 11m kubelet, 10.192.27.115 Started container [root@master01 yaml_doc]#
#查看该节点的所有信息 包括该节点的docker容器 资源占用情况 [root@master01 yaml_doc]# kubectl describe nodes 10.192.27.115 Name: 10.192.27.115 Roles: <none> Labels: beta.kubernetes.io/arch=amd64 beta.kubernetes.io/os=linux kubernetes.io/hostname=10.192.27.115 Annotations: node.alpha.kubernetes.io/ttl: 0 volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Mon, 11 Nov 2019 15:37:25 +0800 Taints: <none> Unschedulable: false Conditions: Type Status LastHeartbeatTime LastTransitionTime Reason Message ---- ------ ----------------- ------------------ ------ ------- MemoryPressure False Thu, 21 Nov 2019 11:12:03 +0800 Mon, 11 Nov 2019 15:37:25 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available DiskPressure False Thu, 21 Nov 2019 11:12:03 +0800 Mon, 11 Nov 2019 15:37:25 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure PIDPressure False Thu, 21 Nov 2019 11:12:03 +0800 Mon, 11 Nov 2019 15:37:25 +0800 KubeletHasSufficientPID kubelet has sufficient PID available Ready True Thu, 21 Nov 2019 11:12:03 +0800 Mon, 11 Nov 2019 15:37:35 +0800 KubeletReady kubelet is posting ready status Addresses: InternalIP: 10.192.27.115 Hostname: 10.192.27.115 Capacity: #总共的资源 cpu: 40 ephemeral-storage: 51175Mi hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32656556Ki pods: 110 Allocatable: #可以给pod的资源 cpu: 40 ephemeral-storage: 48294789041 hugepages-1Gi: 0 hugepages-2Mi: 0 memory: 32554156Ki pods: 110 System Info: Machine ID: 9c53ba3f1bcb43e19507d4a2e98730da System UUID: 4C4C4544-0053-5A10-8034-B1C04F4B4C32 Boot ID: 8ac2ecf8-70bd-44a4-bfee-422c82d68c3a Kernel Version: 3.10.0-957.el7.x86_64 OS Image: CentOS Linux 7 (Core) Operating System: linux Architecture: amd64 Container Runtime Version: docker://18.9.4 Kubelet Version: v1.13.0 Kube-Proxy Version: v1.13.0 Non-terminated Pods: (1 in total) Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE --------- ---- ------------ ---------- --------------- ------------- --- default frontend 750m (1%) 1500m (3%) 1067108864 (3%) 2084197Ki (6%) 16m #每个pod资源限制详细 Allocated resources: #所有的pod资源限制 (Total limits may be over 100 percent, i.e., overcommitted.) Resource Requests Limits -------- -------- ------ cpu 750m (1%) 1500m (3%) memory 1067108864 (3%) 2084197Ki (6%) ephemeral-storage 0 (0%) 0 (0%) Events: <none> [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl get ns #查看所有命名空间 NAME STATUS AGE default Active 8d #默认使用这个 kube-public Active 8d kube-system Active 8d [root@master01 yaml_doc]#
四、重启策略(restartPolicy)
•Always:当容器终止退出后,总是重启容器,默认策略。
•OnFailure:当容器异常退出(退出状态码非0)时,才重启容器。
•Never::当容器终止退出,从不重启容器。
[root@master01 yaml_doc]# cat restart-pod.yaml apiVersion: v1 kind: Pod metadata: name: restart-pod spec: imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent # command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] args: - /bin/sh - -c - sleep 30; exit 0 restartPolicy: Always #当容器终止退出后,总是重启容器,默认策略。 [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl apply -f restart-pod.yaml pod/restart-pod created [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 0 1s #容器起来花了1秒 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Completed 0 31s #容器30秒完成任务退出了 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 1 32s #退出后又重启了 #RESTARTS的数值为1 说明重启了一次
[root@master01 yaml_doc]# cat restart-pod.yaml apiVersion: v1 kind: Pod metadata: name: restart-pod spec: imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent # command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] args: - /bin/sh - -c - sleep 30; exit 0 restartPolicy: Never #当容器终止退出,从不重启容器。 [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 0 1s #容器起来花了1秒 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Completed 0 31s #不重启 容器30秒完成Completed任务退出了 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Completed 0 76s #不重启了 容器可用变为0/1
[root@master01 yaml_doc]# cat restart-pod.yaml apiVersion: v1 kind: Pod metadata: name: restart-pod spec: imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent # command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] args: - /bin/sh - -c - sleep 30; exit 0 restartPolicy: OnFailure [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 0 1s #容器起来花了1秒 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Completed 0 31s #正常退出不重启 容器30秒完成Completed任务退出了 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Completed 0 44s [root@master01 yaml_doc]# [root@master01 yaml_doc]# cat restart-pod.yaml apiVersion: v1 kind: Pod metadata: name: restart-pod spec: imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent # command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] args: - /bin/sh - -c - sleep 30; exit 3 restartPolicy: OnFailure #当容器异常退出(退出状态码非0)时,才重启容器 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 0 1s #容器起来花了1秒 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 0/1 Error 0 31s ##当容器异常退出(退出状态码非0)时,才重启容器 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE restart-pod 1/1 Running 1 32s
学习一个命令# kubectl get ep #service endpoint
endpoint是k8s集群中的一个资源对象,存储在etcd中,用来记录一个service对应的所有pod的访问地址。service配置selector(关联一组pod),endpoint controller才会自动创建对应的endpoint对象;否则,不会生成endpoint对象。
例如,k8s集群中创建一个名为nginx-service-mxxl的service,就会生成一个同名的endpoint对象,ENDPOINTS就是service关联的pod的ip地址和端口。
[root@master01 yaml_doc]# kubectl get ep,svc NAME ENDPOINTS AGE endpoints/kubernetes 10.192.27.100:6443,10.192.27.114:6443 10d endpoints/nginx-service-mxxl 172.17.46.2:80 23h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 10d #对应两个master节点 service/nginx-service-mxxl NodePort 10.0.0.65 <none> 80:30080/TCP 23h # 对应 172.17.46.2:80 [root@master01 yaml_doc]#
五、健康检查(Probe)
Probe有以下两种类型:
livenessProbe:如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。 #根据 四、 重启机制
readinessProbe:如果检查失败,Kubernetes会把Pod从service endpoints中剔除。#剔除endpoints
官方详细介绍了:https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
Probe支持以下三种检查方法:
httpGet:发送HTTP请求,返回200-400范围状态码为成功。
exec:执行Shell命令返回状态码是0为成功。
tcpSocket:发起TCP Socket建立成功。
[root@master01 yaml_doc]# cat liveness-pod.yaml apiVersion: v1 kind: Pod metadata: labels: test: liveness name: liveness-exec spec: imagePullSecrets: - name: registry-pull-secret containers: - name: liveness image: 10.192.27.111/project/busybox:latest args: - /bin/sh - -c - touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 600 livenessProbe: exec: command: - cat - /tmp/healthy #如果这个文件不存在返回的状态码非零 echo $? 就是会重启容器 initialDelaySeconds: 5 # 容器启动五秒之后启动健康检查 periodSeconds: 5 #间隔5执行健康检查 [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE liveness-exec 1/1 Running 0 52s [root@master01 yaml_doc]# NAME READY STATUS RESTARTS AGE liveness-exec 1/1 Running 1 53s #重启了一次
[root@master01 yaml_doc]# cat readiness-pod.yaml apiVersion: v1 kind: Pod metadata: labels: test: readiness name: readiness-exec spec: imagePullSecrets: - name: registry-pull-secret containers: - name: readiness image: 10.192.27.111/project/busybox:latest args: - /bin/sh - -c - touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 600 readinessProbe: exec: command: - cat - /tmp/healthy #如果这个文件不存在返回的状态码非零 echo $? 就是会重启容器 initialDelaySeconds: 5 # 容器启动五秒之后启动健康检查 periodSeconds: 5 #间隔5执行健康检查 [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE readiness-exec 1/1 Running 0 24s [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE readiness-exec 0/1 Running 0 25s
六、调度约束
nodeName用于将Pod调度到指定的Node名称上
nodeSelector用于将Pod调度到匹配Label的Node上
############没有指定node节点创建pod的情况######## [root@master01 yaml_doc]# kubectl create -f nginx-pod.yaml pod/nginx-pod created [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 9s [root@master01 yaml_doc]# kubectl describe pod nginx-pod Name: nginx-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: 10.192.27.116/10.192.27.116 Start Time: Thu, 21 Nov 2019 16:29:07 +0800 Labels: app=nginx-pod Annotations: <none> Status: Running IP: 172.17.46.2 Containers: nginx: Container ID: docker://78a9dd0bdb54c2dde89e588fa0d09cea265b617f7e5752318d783483086eb2e6 Image: 10.192.27.111/project/nginx:latest Image ID: docker-pullable://10.192.27.111/project/nginx@sha256:f56b43e9913cef097f246d65119df4eda1d61670f7f2ab720831a01f66f6ff9c Port: 80/TCP Host Port: 0/TCP Command: /bin/bash -ce tail -f /dev/null State: Running Started: Thu, 21 Nov 2019 16:29:08 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-sj2lw: Type: Secret (a volume populated by a Secret) SecretName: default-token-sj2lw Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 15s default-scheduler Successfully assigned default/nginx-pod to 10.192.27.116 #这行调用了调度器 Normal Pulled 14s kubelet, 10.192.27.116 Container image "10.192.27.111/project/nginx:latest" already present on machine Normal Created 14s kubelet, 10.192.27.116 Created container Normal Started 14s kubelet, 10.192.27.116 Started container [root@master01 yaml_doc]#
############指定node节点创建pod######## [root@master01 yaml_doc]# cat nodeName-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: default labels: app: nginx-pod spec: nodeName: 10.192.27.115 imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.192.27.111/project/nginx:latest imagePullPolicy: IfNotPresent command: [ "/bin/bash", "-ce", "tail -f /dev/null" ] ports: - containerPort: 80 [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl create -f nodeName-pod.yaml pod/nginx-pod created [root@master01 yaml_doc]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-pod 1/1 Running 0 2s [root@master01 yaml_doc]# kubectl describe pod nginx-pod Name: nginx-pod Namespace: default Priority: 0 PriorityClassName: <none> Node: 10.192.27.115/10.192.27.115 Start Time: Thu, 21 Nov 2019 16:26:29 +0800 Labels: app=nginx-pod Annotations: <none> Status: Running IP: 172.17.43.2 Containers: nginx: Container ID: docker://18af2f91fd29c78540b294e56111ef5d0c96494cebdf971cc1d4f5876929f61e Image: 10.192.27.111/project/nginx:latest Image ID: docker-pullable://10.192.27.111/project/nginx@sha256:f56b43e9913cef097f246d65119df4eda1d61670f7f2ab720831a01f66f6ff9c Port: 80/TCP Host Port: 0/TCP Command: /bin/bash -ce tail -f /dev/null State: Running Started: Thu, 21 Nov 2019 16:26:30 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-sj2lw (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-sj2lw: Type: Secret (a volume populated by a Secret) SecretName: default-token-sj2lw Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- #这行没有调度器 因为是直接指定了node节点,就没有显示 Normal Pulled 6s kubelet, 10.192.27.115 Container image "10.192.27.111/project/nginx:latest" already present on machine Normal Created 6s kubelet, 10.192.27.115 Created container Normal Started 6s kubelet, 10.192.27.115 Started container [root@master01 yaml_doc]#
[root@master01 yaml_doc]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS 10.192.27.115 Ready <none> 10d v1.13.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.115 10.192.27.116 Ready <none> 10d v1.13.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.116 [root@master01 yaml_doc]# [root@master01 yaml_doc]# kubectl label nodes 10.192.27.115 team=a #给每个node设置标签 node/10.192.27.115 labeled [root@master01 yaml_doc]# kubectl label nodes 10.192.27.116 team=b node/10.192.27.116 labeled [root@master01 yaml_doc]# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS 10.192.27.115 Ready <none> 9d v1.13.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.115,team=a 10.192.27.116 Ready <none> 9d v1.13.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=10.192.27.116,team=b [root@master01 yaml_doc]# [root@master01 yaml_doc]# vim pod5.yaml apiVersion: v1 kind: Pod metadata: name: pod-example kind: Pod metadata: name: pod-example labels: app: nginx spec: nodeSelector: team: a containers: - name: nginx image: nginx:1.15 [root@master01 yaml_doc]# kubectl apply -f pod5.yaml pod/pod-example created [root@master01 yaml_doc]# kubectl describe pod pod-example Name: pod-example Namespace: default Priority: 0 PriorityClassName: <none> Node: 10.192.27.115/10.192.27.115 Start Time: Thu, 12 Sep 2019 22:01:14 +0800 Labels: app=nginx Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"nginx"},"name":"pod-example","namespace":"default"},"spec":{... Status: Running IP: 172.17.39.8 Containers: nginx: Container ID: docker://2ce176b032561b1de82a941aacae9127a7bd4dd8439e23480f28289ae2825893 Image: nginx:1.15 Image ID: docker-pullable://nginx@sha256:670ba067df36460bc89cb0ec333c79795f720639846ad32724d019197afb61e9 Port: <none> Host Port: <none> State: Running Started: Thu, 12 Sep 2019 22:01:35 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-4zq5b (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-4zq5b: Type: Secret (a volume populated by a Secret) SecretName: default-token-4zq5b Optional: false QoS Class: BestEffort Node-Selectors: team=a Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 45s default-scheduler Successfully assigned default/pod-example to 10.192.27.115 ####走到了调度器了 Normal Pulled 26s kubelet, 10.192.27.115 Container image "nginx:1.15" already present on machine Normal Created 26s kubelet, 10.192.27.115 Created container Normal Started 24s kubelet, 10.192.27.115 Started container [root@master01 yaml_doc]#
七、故障排查
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/
故障排除的方法:
kubectl describe TYPE/NAME
kubectl logs TYPE/NAME [-c CONTAINER]
kubectl exec POD [-c CONTAINER] --COMMAND [args...]
