一.系统环境
| 服务器版本 | docker软件版本 | CPU架构 |
|---|---|---|
| CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | x86_64 |
二.前言
pod的常见管理。
管理pod的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/16686769.html
三.pod的管理
3.1 环境介绍
Kubernetes集群架构:k8scloude1作为master节点,k8scloude2,k8scloude3作为worker节点
| 服务器 | 操作系统版本 | CPU架构 | 进程 | 功能描述 |
|---|---|---|---|---|
| k8scloude1/192.168.110.130 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico | k8s master节点 |
| k8scloude2/192.168.110.129 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
| k8scloude3/192.168.110.128 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
3.2 管理pod
使用Nginx镜像创建一个pod
[root@k8scloude1 pod]# vim nginx.yaml
#kind: Pod表示资源类型为Pod labels指定pod标签 metadata下面的name指定pod名字 containers下面全是容器的定义
#image指定镜像名字 imagePullPolicy指定镜像下载策略 containers下面的name指定容器名
#resources指定容器资源(CPU,内存等) env指定容器里的环境变量 dnsPolicy指定DNS策略
#restartPolicy容器重启策略 ports指定容器端口
[root@k8scloude1 pod]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: xx
value: "12"
- name: yy
value: "21"
- name: zz
value: hello
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
[root@k8scloude1 pod]# ls
nginx.yaml pod1.yaml pod2.yaml
[root@k8scloude1 pod]# kubectl apply -f nginx.yaml
pod/nginx created
[root@k8scloude1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 5s
不进入容器,执行ls / 命令
#不进入容器,执行命令:kubectl exec podname -- 命令
[root@k8scloude1 pod]# kubectl exec nginx -- ls /
bin
boot
dev
docker-entrypoint.d
docker-entrypoint.sh
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
进入容器执行命令
#进入容器:kubectl exec -it podname -- bash
[root@k8scloude1 pod]# kubectl exec -it nginx -- bash
root@nginx:/# which nginx
/usr/sbin/nginx
root@nginx:/# exit
exit
从物理机复制文件到pod里
[root@k8scloude1 pod]# kubectl cp /etc/hosts nginx:/tmp
[root@k8scloude1 pod]# kubectl exec nginx -- ls /tmp
hosts
从pod里复制文件到物理机
[root@k8scloude1 pod]# kubectl cp nginx:/etc/hosts nginx_hosts
tar: Removing leading `/' from member names
[root@k8scloude1 pod]# ls
nginx_hosts nginx.yaml pod1.yaml pod2.yaml
[root@k8scloude1 pod]# cat nginx_hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.244.251.202 nginx
[root@k8scloude1 pod]# rm -rf nginx_hosts
查看pod的日志
[root@k8scloude1 pod]# kubectl logs nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/01/12 13:41:43 [notice] 1#1: using the "epoll" event method
2022/01/12 13:41:43 [notice] 1#1: nginx/1.21.5
2022/01/12 13:41:43 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2022/01/12 13:41:43 [notice] 1#1: OS: Linux 3.10.0-693.el7.x86_64
2022/01/12 13:41:43 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/01/12 13:41:43 [notice] 1#1: start worker processes
2022/01/12 13:41:43 [notice] 1#1: start worker process 31
2022/01/12 13:41:43 [notice] 1#1: start worker process 32
当一个pod里有两个容器,怎么查看?kubectl exec -it podname -c 容器名 -- 命令
首先创建一个包含2个容器的pod
[root@k8scloude1 pod]# vim pod2.yaml
[root@k8scloude1 pod]# cat pod2.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod1
name: pod1
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: n1
resources: {}
- image: nginx
imagePullPolicy: IfNotPresent
command: ["sh","-c","sleep 10"]
name: n2
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
[root@k8scloude1 pod]# kubectl apply -f pod2.yaml
pod/pod1 created
[root@k8scloude1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod1 2/2 Running 0 6s
查看pod1的描述信息
[root@k8scloude1 pod]# kubectl describe pod pod1
Name: pod1
Namespace: pod
Priority: 0
Node: k8scloude2/192.168.110.129
Start Time: Wed, 12 Jan 2022 21:53:05 +0800
Labels: run=pod1
Annotations: cni.projectcalico.org/containerID: d103a6cb8e6535c5cfa8cf52153a80c11b75c0b7a744c7ad1028f3f4e88a627e
cni.projectcalico.org/podIP: 10.244.112.141/32
cni.projectcalico.org/podIPs: 10.244.112.141/32
Status: Running
IP: 10.244.112.141
IPs:
IP: 10.244.112.141
Containers:
n1:
Container ID: docker://e54540c02e54109af7437fd00f18bcca3969e75eafb336dadb9ddb21022520ed
Image: nginx
Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: <none>
Host Port: <none>
State: Running
Started: Wed, 12 Jan 2022 21:53:06 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-42h2q (ro)
n2:
Container ID: docker://2d09c058d4c11f51c1c22c58012c79f5b8ec8327fcdd43e17f4533cb01f098d0
Image: nginx
Image ID: docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Port: <none>
Host Port: <none>
Command:
sh
-c
sleep 10
State: Terminated
Reason: Completed
Exit Code: 0
Started: Wed, 12 Jan 2022 21:53:39 +0800
Finished: Wed, 12 Jan 2022 21:53:49 +0800
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Wed, 12 Jan 2022 21:53:17 +0800
Finished: Wed, 12 Jan 2022 21:53:27 +0800
Ready: False
Restart Count: 2
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-42h2q (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-42h2q:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 46s default-scheduler Successfully assigned pod/pod1 to k8scloude2
Normal Pulled 46s kubelet Container image "nginx" already present on machine
Normal Created 46s kubelet Created container n1
Normal Started 46s kubelet Started container n1
Normal Pulled 13s (x3 over 46s) kubelet Container image "nginx" already present on machine
Normal Created 13s (x3 over 46s) kubelet Created container n2
Normal Started 13s (x3 over 46s) kubelet Started container n2
Warning BackOff 3s (x2 over 24s) kubelet Back-off restarting failed container
查看pod里的n1容器的/tmp目录
#当一个pod里有两个容器,怎么查看:kubectl exec -it podname -c 容器名 -- 命令
[root@k8scloude1 pod]# kubectl exec -it pod1 -c n1 -- ls /tmp
查看pod里的n2容器的/tmp目录
[root@k8scloude1 pod]# kubectl exec -it pod1 -c n2 -- ls /tmp
进入pod1里的n1容器
[root@k8scloude1 pod]# kubectl exec -it pod1 -c n1 -- bash
root@pod1:/# which nginx
/usr/sbin/nginx
root@pod1:/# exit
exit
查看pod1里的n1容器日志
[root@k8scloude1 pod]# kubectl logs pod1 -c n1
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/01/12 13:53:06 [notice] 1#1: using the "epoll" event method
2022/01/12 13:53:06 [notice] 1#1: nginx/1.21.5
2022/01/12 13:53:06 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2022/01/12 13:53:06 [notice] 1#1: OS: Linux 3.10.0-693.el7.x86_64
2022/01/12 13:53:06 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/01/12 13:53:06 [notice] 1#1: start worker processes
2022/01/12 13:53:06 [notice] 1#1: start worker process 32
2022/01/12 13:53:06 [notice] 1#1: start worker process 33
编辑pod: kubectl edit pod podname
[root@k8scloude1 pod]# kubectl edit pod nginx
Edit cancelled, no changes made.
容器里运行命令的一种写法是使用command
[root@k8scloude1 pod]# vim pod2.yaml
[root@k8scloude1 pod]# cat pod2.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod1
name: pod1
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: n1
resources: {}
- image: nginx
imagePullPolicy: IfNotPresent
command: ["sh","-c","sleep 10"]
name: n2
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
容器里运行命令的另一种写法是使用args
[root@k8scloude1 pod]# kubectl run podtest --image=nginx --dry-run=client -o yaml -- sh -c sleep 100
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: podtest
name: podtest
spec:
containers:
- args:
- sh
- -c
- sleep
- "100"
image: nginx
name: podtest
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}