K8s之Pod资源管理（五）

pod是k8s管理的最小单元

pod中有多个容器，现实生产环境中只有一个容器

---

特点:

1.最小部署单元
2.一组容器的集合
3.一个Pod中的容器共享网络命令空间
4.Pod是短暂的

---

Pod容器分类：

1：infrastructure container 基础容器（透明的过程，用户无感知）

维护整个Pod网络空间

node节点操作

`查看容器的网络`
[root@node1 ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.18.148 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"	#提示网络组件镜像会从阿里云上进行下载

`每次创建Pod时候就会创建，与Pod对应的，对于用户是透明的`
[root@node1 ~]# docker ps
CONTAINER ID        IMAGE                                                                 COMMAND                  CREATED             STATUS              PORTS               NAMES
......此处省略多行
54d9e6ec3c02        registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0   "/pause"
#网络组件会被自动加载成一个组件提供出去
`结论：基础容器在创建时，一定会去创建一个网络容器`

---

2：initcontainers 初始化容器

pod在进行创建时一定会被执行当中的初始化initcontainers，在老版本中执行时不会区分前后顺序（在系统进行加载时PID号数字越小，优先级别越高，越先被启动），随着云平台的改进，启动模式改为主机形式，分隔出的初始化容器会被优先加载，在初始化容器加载完成之后后面的业务容器才能正常接着运行

---

3：container 业务容器（并行启动）

官方网站：https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

示例：

Init containers in use

This example defines a simple Pod that has two init containers. The first waits for myservice, and the second waits for mydb. Once both init containers complete, the Pod runs the app container from its spec section.

apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
  labels:
    app: myapp
spec:
  containers:
  - name: myapp-container
    image: busybox:1.28
    command: ['sh', '-c', 'echo The app is running! && sleep 3600']
  initContainers:
  - name: init-myservice
    image: busybox:1.28
    command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  - name: init-mydb
    image: busybox:1.28
    command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']

镜像拉取策略（image PullPolicy）

IfNotPresent：默认值，镜像在宿主机上不存在时才拉取

Always：每次创建Pod都会重新拉取一次镜像

Never：Pod永远不会主动拉取这个镜像

官方网站：https://kubernetes.io/docs/concepts/containers/images

示例：

Verify by creating a pod that uses a private image, e.g.:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-1
spec:
  containers:
    - name: uses-private-image
      image: $PRIVATE_IMAGE_NAME
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
EOF

master1上操作

[root@master1 ~]# kubectl get pods
NAME                                READY   STATUS    RESTARTS   AGE
my-nginx-d55b94fd-kc2gl             1/1     Running   0          40h
my-nginx-d55b94fd-tkr42             1/1     Running   0          40h
nginx-6c94d899fd-8pf48              1/1     Running   0          2d15h
nginx-deployment-5477945587-f5dsm   1/1     Running   0          2d14h
nginx-deployment-5477945587-hmgd2   1/1     Running   0          2d14h
nginx-deployment-5477945587-pl2hn   1/1     Running   0          2d14h

[root@master1 ~]# kubectl edit deployment/my-nginx
......此处省略多行
    spec:
      containers:
      - image: nginx:1.15.4
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

[root@master1 ~]# cd demo/
[root@master1 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: nginx
      image: nginx
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
[root@master1 demo]# kubectl create -f pod1.yaml	#进行创建
pod/mypod created

此时会出现CrashLoopBackOff创建之后又关闭的状态提示

`失败的状态的原因是因为命令启动冲突`
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: nginx
      image: nginx:1.14		#同时更改一下版本nginx:1.14
      imagePullPolicy: Always
#删除最后一行的command: [ "echo", "SUCCESS" ]语句

`删除原有的资源`
[root@master1 demo]# kubectl delete -f pod1.yaml
pod "mypod" deleted

`更新资源`
[root@master1 demo]# kubectl apply -f pod1.yaml
pod/mypod created
[root@master1 demo]# kubectl get pods
NAME                                READY   STATUS    RESTARTS   AGE
mypod                               1/1     Running   0          3m26s

`查看分配节点`
[root@master1 demo]# kubectl get pods -o wide
NAME          READY   STATUS    RESTARTS   AGE     IP            NODE           NOMINATED NODE
mypod         1/1     Running   0          4m45s   172.17.40.5   192.168.18.145   <none>
#此时172.17.40.5段，对应的是node2节点的192.168.18.145地址

`到node2上查看指定的应用是否部署到指定节点上`
[root@node2 ~]# curl -I 172.17.40.5
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 15 Feb 2020 04:11:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes