一个容器多个进程,一个pod多个容器
- 一个容器多个进程:在Docker的镜像编译脚本Dockerfile中带起多个进程,如下可以在contivNet.sh中启动多个进程
FROM 192.168.1.2:5001/world/centos7/ovs-2.6.4:1
COPY ./bin /contiv/bin/
COPY ./scripts /contiv/scripts/
ENTRYPOINT ["/contiv/scripts/contivNet.sh"]
- 一个pod多个容器,可以在yaml文件中如下设置,在containers 中定义两个容器
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netplugin-ovs
namespace: kube-system
labels:
k8s-app: contiv-netplugin
spec:
updateStrategy:
type: OnDelete
selector:
matchLabels:
k8s-app: contiv-netplugin
template:
metadata:
labels:
k8s-app: contiv-netplugin
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '9004'
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
hostNetwork: true
hostPID: true
nodeSelector:
node-role.kubernetes.io/node: ""
node-network-driver: "ovs"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: contiv-netplugin
containers:
- name: netplugin-exporter
image: 192.168.1.2:5001/contiv/exporter:0.1
env:
- name: CONTIV_ETCD
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_etcd
- name: CONTIV_ROLE
value: 'ovs-netplugin'
volumeMounts:
- mountPath: /k8s_log/contiv
name: var-log-contiv-exporter
readOnly: false
- name: contiv-netplugin
image: 192.168.1.2:5001/contiv/netplugin:1.2.0_6.3
env:
- name: CONTIV_ROLE
value: netplugin
- name: CONTIV_NETPLUGIN_VLAN_UPLINKS
value: enp130s0f0
- name: CONTIV_NETPLUGIN_DRIVER
value: ovs
- name: CONTIV_NETPLUGIN_LOG_LEVEL
value: INFO
- name: CONTIV_NETPLUGIN_MODE
valueFrom:
configMapKeyRef:
name: contiv-config
key: contiv_mode
- name: CONTIV_NETPLUGIN_VTEP_IP
valueFrom:
可以在每个容器中启动一个进程,例如可以使用command启动进程:
command:
- /bin/sh
- -c
- /kubemark --morph=kubelet --name=$(NODE_NAME) --kubeconfig=/kubeconfig/kubelet-$(NODE_NAME).kubeconfig $(CONTENT_TYPE) --alsologtostderr --v=4
这样一个pod中启动了两个容器,每个容器启动了一个进程。
一个pod多个容器实例: 打印log的辅助容器
当容器的log输出到文件时,我们想用kubectl logs来查看容器日志是查看不到的。我们可以使用启动另一个容器的方式来实现。例如,开源cillium的项目tetragon,每个Pod启动两个容器。一个是用于业务处理的tetragon容器,它运行的log写入日志/var/run/cilium/tetragon/tetragon.log, 另一个容器export-stdout是把日志内容输出到标准输出。这里贴出daemonset的部分定义文件:
spec:
containers:
- args:
- /var/run/cilium/tetragon/tetragon.log
command:
- hubble-export-stdout
image: quay.io/cilium/hubble-export-stdout:v1.0.3
imagePullPolicy: IfNotPresent
name: export-stdout
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/cilium/tetragon
name: export-logs
- args:
- --config-dir=/etc/tetragon/tetragon.conf.d/
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: quay.io/cilium/tetragon:v0.11.0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- tetra
- status
- --server-address
- localhost:54321
...
第一个容器export-stdout的参数是/var/run/cilium/tetragon/tetragon.log,运行的命令是hubble-export-stdout,而这个命令是一个简单的脚本,内容如下:
#!/bin/sh
set -e
tail -q -F "$@" 2> /dev/null
而制作这个容器镜像的dockerfile内容如下:
# skopeo inspect --override-os linux docker://busybox:1.36.0-musl | jq -r .Digest
FROM docker.io/library/busybox:1.36.0-musl@sha256:b6252cc4d3a3a702284d828b89cf99d902fad4b00b4aebf2299aa15bfeae54bf as busybox
FROM scratch
# Use busybox statically compiled (musl) sh implementation
COPY --from=busybox /bin/sh /bin/sh
COPY --from=busybox /bin/tail /usr/bin/tail
COPY hubble-export-stdout /usr/local/bin/hubble-export-stdout
ENTRYPOINT ["/bin/sh", "/usr/local/bin/hubble-export-stdout"]
