kubernetes pod

容器与Pod资源对象

• Pod对象是一组容器的集合，这些容器共享Network、UTS及IPC名称空间，因此具有相同的域名、主机名和网络接口，并可通过IPC直接通信

• 为一个Pod对象中的各容器提供网络名称空间等共享机制的是底层基础容器pause

• ，一个Pod对象中的多个容器必须运行于同一工作节点之上

kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
nginx-ds-7gmf9               1/1     Running   31         39d
nginx-ds-hnv6g               1/1     Running   4          2d1h
wordpress-7f95769f89-rzmcm   1/1     Running   4          46h


docker ps |grep wordpress-7f95769f89-rzmcm
db29c2b3c4b8        df73d804e139                        "/wordpress_entrypoi…"   10 minutes ago      Up 10 minutes                            k8s_wordpress_wordpress-7f95769f89-rzmcm_default_081b4b0c-bc3d-4db0-9638-4020fe4c5b04_4
adafaeadec13        harbor.od.com/public/pause:latest   "/pause"                 10 minutes ago      Up 10 minutes                            k8s_POD_wordpress-7f95769f89-rzmcm_default_081b4b0c-bc3d-4db0-9638-4020fe4c5b04_4

分布式系统设计的几种模型

• 1）Sidecar pattern（边车模型或跨斗模型）

• 2）Ambassador pattern（大使模型）

• 3）Adapter pattern（适配器模型）

资源清单格式

一级字段：

• apiVersion(group/version)
• kind
• metadata(name,namespace,labels,annotations,…)
• spec
• status(只读)

pod资源

pod-daemon.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    - name: https
      containerPort: 443
  - name: busybox
    image: busybox:latest
    command:
    - "/bin/sh"
    - "-c"
    - "sleep 3600"

explain

kubectl explain deployments.spec.template.spec.containers.image
kubectl explain deployments.spec.template.spec.containers.imagePullPolicy

spec.containers <[]object>

- name >
  image: >
  imagePullPolicy: , Never, IfNotPresent)>  

修改镜像中的默认应用：
command, args
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/

Docker field name	Kubernetes field name
Entrypoint	command
Cmd	args

Image Entrypoint	Image Cmd	Container command	Container args	Command run
[/ep-1]	[foo bar]			[ep-1 foo bar]
[/ep-1]	[foo bar]	[/ep-2]		[ep-2]
[/ep-1]	[foo bar]		[zoo boo]	[ep-1 zoo boo]
[/ep-1]	[foo bar]	[/ep-2]	[zoo boo]	[ep-2 zoo boo]

暴露端口

• Kubernetes系统的网络模型中，各Pod的IP地址处于同一网络平面，无论是否为容器指定了要暴露的端口，都不会影响集群中其他节点之上的Pod客户端对其进行访问,这就意味着，任何监听在非lo接口上的端口都可以通过Pod网络直接被请求。
• 从这个角度来说，容器端口只是信息性数据，它只是为集群用户提供一个快速了解相关Pod对象的可访问端口的途径，而且显式指定容器端口，还能为其赋予一个名称以方便调用

  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports：
    - name: http
      containerPort: 80
      protocol: TCP

• Pod对象的IP地址仅在当前集群内可达，它们无法直接接收来自集群外部客户端的请求流量，尽管它们的服务可达性不受工作节点边界的约束，但依然受制于集群边界。一个简单的解决方案是通过其所在的工作节点的IP地址和端口将其暴露到集群外部

• hostPort ：主机端口，它将接收到的请求通过NAT机制转发至由containerPort字段指定的容器端口。
• hostIP ：主机端口要绑定的主机IP，默认为0.0.0.0，即主机之上所有可用的IP地址；考虑到托管的Pod对象是由调度器调度运行的，工作节点的IP地址难以明确指定，因此此字段通常使用默认值

注意:
hostPort与NodePort类型的Service对象暴露端口的方式不同，
NodePort是通过所有节点暴露容器服务，
而hostPort则是经由Pod对象所在节点的IP地址来进行

标签

资源与标签对应关系 ： 多对对

key=value
key: 字母 数字 _ - . (字母或数字开头)
value: 可以为空， 只能字母或数字开头及结尾

查看标签

kubectl get pods -l app --show-labels 
NAME       READY   STATUS    RESTARTS   AGE     LABELS
nginx      1/1     Running   5          39d     app=web
pod-demo   2/2     Running   0          4m12s   app=myapp,tier=frontend

kubectl get pods -l release,app --show-labels

kubectl get pods -L app,run
NAME                            READY   STATUS    RESTARTS   AGE     APP     RUN
busybox                         1/1     Running   624        38d             
client                          1/1     Running   0          4d16h           client
myapp-9b4987d5-5trrs            1/1     Running   0          4d15h           myapp
myapp-9b4987d5-6shwd            1/1     Running   0          4d15h           myapp
myapp-9b4987d5-9xstm            1/1     Running   0          4d15h           myapp
myapp-9b4987d5-h5k2d            1/1     Running   0          4d15h           myapp
myapp-9b4987d5-jw55t            1/1     Running   0          4d15h           myapp
nginx                           1/1     Running   5          39d     web     
nginx-deploy-84cbfc56b6-j5wbr   1/1     Running   0          4d16h           nginx-deploy
nginx-deploy-84cbfc56b6-tjmzz   1/1     Running   0          4d16h           nginx-deploy
pod-demo                        2/2     Running   0          6m32s   myapp

打标签

kubectl label pods pod-demo release=canary
kubectl label pods nginx-deploy-84cbfc56b6-j5wbr release=canary
已有标签覆盖
kubectl label pods pod-demo release=stable --overwrite

标签选择器

等值关系

= 
==
!=

kubectl get pods -l release=stable --show-labels
kubectl get pods -l release=stable,app=myapp --show-labels

集合关系

KEY in (VALUE1,VALUE2,...)
KEY notin (VALUE1,VALUE2,...)
!KEY

kubectl get pods -l "release in (canary,beta,alpha)"
kubectl get pods -l "release notin (canary,beta,alpha)"

内嵌字段定义其使用的标签选择器

matchLables: 直接给定键值
matchExpressions: 基于给定的表达式来定义使用标签选择器 {key:“KEY”, operator:“OPERATOR”, values:[VAL1,VAL2,…]}
操作符：
In NotIn : values字段值必须为非空列表
Exists NotExists : values字段的值必须为空列表

节点标签选择器

nodeSelector

节点打标签

kubectl label nodes 10.0.0.12 disktype=ssd

  nodeSelector:
    disktype: ssd

nodeName

annotations: 与label不同的地方在于它不能用于挑选资源对象,仅用于为对象提供"元数据"

  annotations:
    wuxingge.org/created-by: "cluster admin"

pod生命周期

状态

Pending 已经创建,但没有适合运行的节点(调度没有完成)
Running
Failed
Succeded
Unknown

创建pod

pod生命周期中的重要行为:

• 初始化容器
• 容器探测:
  • livenessProbe(存活性探测)
    • exec
    • tcpSocket
    • httpGet
    • initialDelaySeconds(容器启动后延时探测)

cat liveness-exec.yaml

apiVersion: v1
kind: Pod
metadata:
  name: liveness-exec-pod
  namespace: default
spec:
  containers:
  - name: liveness-exec-container
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh","-c","touch /tmp/healthy; sleep 60; rm -f /tmp/healthy;sleep 3600"]
    livenessProbe:
      exec:
        command: ["test","-e","/tmp/healthy"]
      initialDelaySeconds: 1
      periodSeconds: 3

cat liveness-httpGet.yaml

apiVersion: v1
kind: Pod
metadata:
  name: liveness-httpget-pod
  namespace: default
spec:
  containers:
  - name: liveness-httpget-container
    image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    livenessProbe:
      httpGet:
        port: http
        path: /index.html
      initialDelaySeconds: 1
      periodSeconds: 3

进入pod容器

kubectl exec -it liveness-httpget-pod -- /bin/sh

• readinessProbe(就绪探测)

cat readiness-httpGet.yaml

apiVersion: v1
kind: Pod
metadata:
  name: readiness-httpget-pod
  namespace: default
spec:
  containers:
  - name: readiness-httpget-container
    image: ikubernetes/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    readinessProbe:
      httpGet:
        port: http
        path: /index.html
      initialDelaySeconds: 1
      periodSeconds: 3

• lifecycle

kubectl explain pods.spec.containers.lifecycle

cat poststart-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: poststart-pod
  namespace: default
spec:
  containers:
  - name: busybox-httpd
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    lifecycle:
      postStart:
        exec:
          command: ["mkdir","-p","/data/web/html"]
    command: ["/bin/sh","-c","sleep 3600"]

restartPolicy

Always, OnFailure,Never  Default to Always

pod整理

apiVersion , kind , metadata , spec , status(只读)

spec:
    containers:
    	name
    	image
    	imagePullPolicy: Always , Never , IfNotPresent
    	port:
    		name
    		containerPort
    	livenessProbe
    	readinessProbe
    	lifecycle
    nodeSelecter
    nodeName
    restartPolicy:
    	Always , Never , OnFailure