Kubernetes基础:Pod中的Pause容器
在构建Kubernetes集群的时候我们使用到了一个名为Pause的镜像,这篇文章中我们来看一下在一个最基础的单元中Pause容器的使用状况。
事前准备:集群
本文使用Kubernetes 1.17.2,可参看下文进行快速环境搭建:
- 单机版本或者集群版本环境搭建
[root@host131 ansible]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
192.168.163.131 Ready 2m25s v1.17.2 192.168.163.131 CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5
[root@host131 ansible]#
事前准备:Pod
使用如下Pod的YAML配置文件
[root@host131 Pod]# cat pod.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: testbox
namespace: default
spec:
containers:
- name: testbox-host
image: busybox:latest
command: ["sleep"]
args: ["1000"]
...
[root@host131 Pod]#
创建并确认Pod信息
[root@host131 Pod]# kubectl create -f pod.yaml
pod/testbox created
[root@host131 Pod]#
[root@host131 Pod]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
testbox 1/1 Running 0 8s 10.254.152.3 192.168.163.131
[root@host131 Pod]#
[root@host131 Pod]# kubectl describe pod testbox
Name: testbox
Namespace: default
Priority: 0
Node: 192.168.163.131/192.168.163.131
Start Time: Sat, 08 Feb 2020 20:18:50 -0500
Labels:
Annotations:
Status: Running
IP: 10.254.152.3
IPs:
IP: 10.254.152.3
Containers:
testbox-host:
Container ID: docker://de2eecac8a47ee6837cdd4915a1f2708366fe4b124611a4b2ac1469d9dd6924b
Image: busybox:latest
Image ID: docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
Port:
Host Port:
Command:
sleep
Args:
1000
State: Running
Started: Sat, 08 Feb 2020 20:18:53 -0500
Ready: True
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-ljwn6 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-ljwn6:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-ljwn6
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 17s default-scheduler Successfully assigned default/testbox to 192.168.163.131
Normal Pulling 17s kubelet, 192.168.163.131 Pulling image "busybox:latest"
Normal Pulled 14s kubelet, 192.168.163.131 Successfully pulled image "busybox:latest"
Normal Created 14s kubelet, 192.168.163.131 Created container testbox-host
Normal Started 14s kubelet, 192.168.163.131 Started container testbox-host
[root@host131 Pod]#
确认Pod的存在
使用docker ps命令以Pod名testbox为关键字进行搜索,可以看到除了BusyBox的容器之外还有一个pause的镜像,详细信息如下所示:
[root@host131 Pod]# docker ps |grep testbox
de2eecac8a47 busybox "sleep 1000" About a minute ago Up About a minute k8s_testbox-host_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0
4a39e1a37391 gcr.io/google_containers/pause-amd64:3.1 "/pause" About a minute ago Up About a minute k8s_POD_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0
[root@host131 Pod]#
pause容器和busybox的关联
对上述两个容器使用inspect命令,本文示例信息在下面的参考内容中全部贴出了,这里对其中的关联进行如下说明:
- pause容器的ID(4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811)在busybox中NetworkMode和IpcMode等多处进行关联
- HostConfig.Binds中pause容器未设定,而busybox中默认设定了service account的一些信息
- CpuPeriod:pause容器被设定未0,而busybox设定为100000
- 环境变量Env与Labels等:pause容器中仅设定最基础的PATH,busybox在此基础上进行了设定,Labels等也类似
- NetworkSettings:只在pause中设定,busybox不做设定。
整体说明:
pause作为Pod中第一个容器,它是为整个Pod提供网络基础设施设定的,所以整体的NetworkSettings中也只在pause容器中有所设定,而pause的Dockerfile也非常简单,它是一个from scratch的基础镜像。作为第一个启动的容器和Pid为1的进程,它所负责的内容和init比较类似,Pause主要负责如下内容:
- 包括基础网络设定的命名空间的共享(父子进程管理中,子进程会共享父进程的多种命名空前,在前面的文章中介绍过Linux的6种命令空间并进行过模拟,此处不再赘述)
- 负责僵尸进程的处理,在后续的源码解析中会进一步说明。
参考内容:inspect详细信息
- pause容器的inspect信息
[root@host131 Pod]# docker inspect k8s_POD_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0
[
{
"Id": "4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811",
"Created": "2020-02-09T01:18:50.407266072Z",
"Path": "/pause",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 14657,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-02-09T01:18:50.684697657Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e",
"ResolvConfPath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/hostname",
"HostsPath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/hosts",
"LogPath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811-json.log",
"Name": "/k8s_POD_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "1g"
}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": -998,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"seccomp=unconfined"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 2,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "/kubepods/besteffort/pod1f0708d3-fe71-4668-b398-920d3278a546",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/9aa12d8060b726b034c5c7828b38c05dff3d246c0886006931604188f1ae34d1-init/diff:/var/lib/docker/overlay2/92cf016f5ae66908dbca746c846be9d117d0a775f7f7d6ac59ced5f47811527f/diff",
"MergedDir": "/var/lib/docker/overlay2/9aa12d8060b726b034c5c7828b38c05dff3d246c0886006931604188f1ae34d1/merged",
"UpperDir": "/var/lib/docker/overlay2/9aa12d8060b726b034c5c7828b38c05dff3d246c0886006931604188f1ae34d1/diff",
"WorkDir": "/var/lib/docker/overlay2/9aa12d8060b726b034c5c7828b38c05dff3d246c0886006931604188f1ae34d1/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "testbox",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"Image": "gcr.io/google_containers/pause-amd64:3.1",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/pause"
],
"OnBuild": null,
"Labels": {
"annotation.kubernetes.io/config.seen": "2020-02-08T20:18:50.092849465-05:00",
"annotation.kubernetes.io/config.source": "api",
"io.kubernetes.container.name": "POD",
"io.kubernetes.docker.type": "podsandbox",
"io.kubernetes.pod.name": "testbox",
"io.kubernetes.pod.namespace": "default",
"io.kubernetes.pod.uid": "1f0708d3-fe71-4668-b398-920d3278a546"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "522acf2906641701cfcc6746769a3b989d3aff9ab3eb7056984ab8532f4f6326",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/522acf290664",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "d522b1d76543bd1072c4e461e58b79a86433958c9c4fb2ad4b8317ddd21fbe4e",
"Gateway": "10.254.152.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "10.254.152.3",
"IPPrefixLen": 21,
"IPv6Gateway": "",
"MacAddress": "02:42:0a:fe:98:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "a0aaaf83254c57361b048203aa90422f4d150677fcdd606966f9b29e7a24b111",
"EndpointID": "d522b1d76543bd1072c4e461e58b79a86433958c9c4fb2ad4b8317ddd21fbe4e",
"Gateway": "10.254.152.1",
"IPAddress": "10.254.152.3",
"IPPrefixLen": 21,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:fe:98:03",
"DriverOpts": null
}
}
}
}
]
[root@host131 Pod]#
- busybox容器的inspect信息
[root@host131 Pod]# docker inspect k8s_testbox-host_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0
[
{
"Id": "de2eecac8a47ee6837cdd4915a1f2708366fe4b124611a4b2ac1469d9dd6924b",
"Created": "2020-02-09T01:18:53.164802631Z",
"Path": "sleep",
"Args": [
"1000"
],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-02-09T01:18:53.266500495Z",
"FinishedAt": "2020-02-09T01:35:33.257185763Z"
},
"Image": "sha256:6d5fcfe5ff170471fcc3c8b47631d6d71202a1fd44cf3c147e50c8de21cf0648",
"ResolvConfPath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811/hostname",
"HostsPath": "/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/etc-hosts",
"LogPath": "/var/lib/docker/containers/de2eecac8a47ee6837cdd4915a1f2708366fe4b124611a4b2ac1469d9dd6924b/de2eecac8a47ee6837cdd4915a1f2708366fe4b124611a4b2ac1469d9dd6924b-json.log",
"Name": "/k8s_testbox-host_testbox_default_1f0708d3-fe71-4668-b398-920d3278a546_0",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/volumes/kubernetes.io~secret/default-token-ljwn6:/var/run/secrets/kubernetes.io/serviceaccount:ro",
"/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/etc-hosts:/etc/hosts",
"/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/containers/testbox-host/2c4f1a71:/dev/termination-log"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {
"max-size": "1g"
}
},
"NetworkMode": "container:4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811",
"PortBindings": null,
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "container:4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 1000,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"seccomp=unconfined"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 2,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "/kubepods/besteffort/pod1f0708d3-fe71-4668-b398-920d3278a546",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 100000,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/asound",
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/c2985676cea73d146f7911bff0830cf68a5a8e6be0dffa257e5c191350a3862d-init/diff:/var/lib/docker/overlay2/72c2db679958db531aab82d9c11c4e9397697a2f03b011a8e3e35b165e37d641/diff",
"MergedDir": "/var/lib/docker/overlay2/c2985676cea73d146f7911bff0830cf68a5a8e6be0dffa257e5c191350a3862d/merged",
"UpperDir": "/var/lib/docker/overlay2/c2985676cea73d146f7911bff0830cf68a5a8e6be0dffa257e5c191350a3862d/diff",
"WorkDir": "/var/lib/docker/overlay2/c2985676cea73d146f7911bff0830cf68a5a8e6be0dffa257e5c191350a3862d/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/volumes/kubernetes.io~secret/default-token-ljwn6",
"Destination": "/var/run/secrets/kubernetes.io/serviceaccount",
"Mode": "ro",
"RW": false,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/etc-hosts",
"Destination": "/etc/hosts",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/1f0708d3-fe71-4668-b398-920d3278a546/containers/testbox-host/2c4f1a71",
"Destination": "/dev/termination-log",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "testbox",
"Domainname": "",
"User": "0",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"KUBERNETES_SERVICE_PORT_HTTPS=443",
"KUBERNETES_PORT=tcp://10.254.0.1:443",
"KUBERNETES_PORT_443_TCP=tcp://10.254.0.1:443",
"KUBERNETES_PORT_443_TCP_PROTO=tcp",
"KUBERNETES_PORT_443_TCP_PORT=443",
"KUBERNETES_PORT_443_TCP_ADDR=10.254.0.1",
"KUBERNETES_SERVICE_HOST=10.254.0.1",
"KUBERNETES_SERVICE_PORT=443",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"1000"
],
"Healthcheck": {
"Test": [
"NONE"
]
},
"Image": "busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"sleep"
],
"OnBuild": null,
"Labels": {
"annotation.io.kubernetes.container.hash": "58ac6600",
"annotation.io.kubernetes.container.restartCount": "0",
"annotation.io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
"annotation.io.kubernetes.container.terminationMessagePolicy": "File",
"annotation.io.kubernetes.pod.terminationGracePeriod": "30",
"io.kubernetes.container.logpath": "/var/log/pods/default_testbox_1f0708d3-fe71-4668-b398-920d3278a546/testbox-host/0.log",
"io.kubernetes.container.name": "testbox-host",
"io.kubernetes.docker.type": "container",
"io.kubernetes.pod.name": "testbox",
"io.kubernetes.pod.namespace": "default",
"io.kubernetes.pod.uid": "1f0708d3-fe71-4668-b398-920d3278a546",
"io.kubernetes.sandbox.id": "4a39e1a373912987af38d718c632ee0a184ec5470f37f840a76fc535fdfd1811"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {}
}
}
]
[root@host131 Pod]#