k8s deploy
Deploy k8s
k8s deploy use kubeadm, it deploy master apiserver, scheduler, control manager and kubelet ; in k8s worker it deploy kebulet which is node agent.
Taint is used to mark the speical node e.g where master is running ; other pod will not run in this node as consequence.
weave/calico etc network plugin need to be added
k8s pod
in docker, docker container is implemented by Linux Cgroup (for limiation e.g cpu, memory), Namespace (for isolation) and rootfs (for file system). Containers in same pod shareds same network namespace and volume, it is implemented by a infra container which will create the network namespae first, and other containers in same pod join this network.
Init container will start first than normal container; it is called sidecar usually, e.g flunted log containee.
pod is like VM, container is like the process running in the VM. Pod can select target Node byusing nodeselctor.
POD Pending-- Yaml file has been submited saved in ETCD, some container in this pod has not been created successfully
POD running -- Pod has been combined with a Node, and the containers has running
POD succeeded -- Pod has finsihed the work and quit successfully, you will see it if the container is job/cornjob
Pod failed - at leant one container is non-0 return value
Pod restart policy:
Alwasy: as long as the contianer not running, it will restart , POD status will be running forever .
OnFrailure: Only restart if container falied; if a pod has mutiple container, it the pod will be in failure if all container stopped.
Nerver
Podpreset can be used to combine developer's yaml with other info needed in k8s yaml e.g vlume, port number
Pod Deployment
bash-5.1$ ke get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
bsc 3 3 3 3 1y
Service Account
Pod has differnet service account, some of them allow GET to Kube API, some of them is evetything. The SA info is saved as secret ; it is attached as vllume
Stateful
1) pod need to be started by correct order and new created pod has same network idendtity as old one.
2) The voulme should be persistent -- acheieved by using PV
Headless service is representd by A dns hostname, and it point to the IP for the pod behind it directly.
by using stateful controller , the pod created will be labled with number e,g web-0, web-1; if a headless service combined, then both of them will have their own dns name e.g web-0.nginx ; by this way the request to a sepcific dns will always arrive at sepcific pod.
Deamonset
a) each node has one and only has one pod ; 2) new node will be added this pod
used for logging plugin, network plugin; monitoring etc.
Monitoring
Data collected by
a) nodeexported which runs as demonset in node; it catchs cpu , memory, etc
b) metrics about k8s component, work queue etc
c) core metrics, pod, node,
Metrics based on resouce:
Utilisation
Satruation
Errors
Metrics based on Service
Request Rate
request Errors
Request Duration
Pod Deleting
1 pod deleted by kubectl with default grace period (30sec)
2 API server make the pod as terminating ;
3 kubectl in the node which running the pod notice the terminating, it will
a) if prestop is set, it will run prestop hook,
b) send Term signal to process to the containers for that pod;
4 at same time, service will be updated to delete this pod; the iptable route will be changed.
5 after grace period expire, kubectl send sigkill to force stop.
6 remove pod object
