管理pod资源对象
一、标签与标签选择器
随着同类型资源对象的数量越来越多,分类管理也变得越来越有必要:基于简单且直接的标准将资源对象划分为多个较小的分组,无论对开发人员还是对系统工程师来说,都能提升管理效率,这就是kubernetes标签的核心功能之一。对于附带标签的资源对象,可用标签选择器挑选出符合过滤条件的资源已完成所需要的操作。
1. 什么是标签
标签其实就一对 key/value ,被关联到对象上,比如Pod,标签的使用倾向于能够表示对象的特殊特点,就是一眼就看出了这个Pod是干什么的,标签可以用来划分特定的对象(比如版本,服务类型等),标签可以在创建一个对象的时候直接定义,也可以在后期随时修改,每一个对象可以拥有多个标签,但是,key值必须是唯一的。创建标签之后也可以方便对资源进行分组管理。如果对pod打标签,之后就可以使用标签来查看、删除指定的pod。
在k8s中,大部分资源都可以打标签。
2. 给pod资源打标签
对已经存在的pod打标签
[root@k8s-master1 pod]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-test-7d464f958f-k5nmh 1/1 Running 0 3h35m nginx-test-7d464f958f-pxwkv 1/1 Running 0 3h33m tomcat-test 1/1 Running 0 3h16m You have new mail in /var/spool/mail/root [root@k8s-master1 pod]# kubectl label pods tomcat-test release=v1 pod/tomcat-test labeled You have new mail in /var/spool/mail/root [root@k8s-master1 pod]# kubectl get pods tomcat-test --show-labels NAME READY STATUS RESTARTS AGE LABELS tomcat-test 1/1 Running 0 3h17m release=v1,run=tomcat-test
3. 查看资源标签
#查看默认名称空间下所有pod资源的标签
[root@k8s-master1 pod]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS nginx-test-7d464f958f-k5nmh 1/1 Running 0 3h41m app=nginx,pod-template-hash=7d464f958f nginx-test-7d464f958f-pxwkv 1/1 Running 0 3h40m app=nginx,pod-template-hash=7d464f958f tomcat-test 1/1 Running 0 3h23m release=v1,run=tomcat-test You have new mail in /var/spool/mail/root
#查看默认名称空间下指定pod具有的所有标签
[root@k8s-master1 pod]# kubectl get pods nginx-test-7d464f958f-pxwkv --show-labels NAME READY STATUS RESTARTS AGE LABELS nginx-test-7d464f958f-pxwkv 1/1 Running 0 3h40m app=nginx,pod-template-hash=7d464f958f
#列出默认名称空间下标签key是run的pod,不显示标签
[root@k8s-master1 pod]# kubectl get pods -l run NAME READY STATUS RESTARTS AGE tomcat-test 1/1 Running 0 3h24m
#列出默认名称空间下标签key是run、值是v1的pod,不显示标签
[root@k8s-master1 pod]# kubectl get pods -l release=v1 NAME READY STATUS RESTARTS AGE tomcat-test 1/1 Running 0 3h26m
#列出默认名称空间下标签key是release的所有pod,并打印对应的标签值
[root@k8s-master1 pod]# kubectl get pods -L release NAME READY STATUS RESTARTS AGE RELEASE nginx-test-7d464f958f-k5nmh 1/1 Running 0 3h46m nginx-test-7d464f958f-pxwkv 1/1 Running 0 3h44m tomcat-test 1/1 Running 0 3h27m v1
#查看所有名称空间下的所有pod的标签
[root@k8s-master1 pod]# kubectl get pods --show-labels --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE LABELS default nginx-test-7d464f958f-k5nmh 1/1 Running 0 3h49m app=nginx,pod-template-hash=7d464f958f default nginx-test-7d464f958f-pxwkv 1/1 Running 0 3h47m app=nginx,pod-template-hash=7d464f958f default tomcat-test 1/1 Running 0 3h30m release=v1,run=tomcat-test kube-system calico-kube-controllers-6949477b58-82r4z 1/1 Running 2 27d k8s-app=calico-kube-controllers,pod-template-hash=6949477b58 kube-system calico-node-kr8bt 1/1 Running 7 27d controller-revision-hash=8595d65b74,k8s-app=calico-node,pod-template-generation=2 kube-system calico-node-pzzlf 1/1 Running 9 27d controller-revision-hash=8595d65b74,k8s-app=calico-node,pod-template-generation=2 kube-system calico-node-wwrjq 1/1 Running 20 27d controller-revision-hash=8595d65b74,k8s-app=calico-node,pod-template-generation=2 kube-system coredns-7f89b7bc75-2cgxw 1/1 Running 3 27d k8s-app=kube-dns,pod-template-hash=7f89b7bc75 kube-system coredns-7f89b7bc75-gm6jp 1/1 Running 2 27d k8s-app=kube-dns,pod-template-hash=7f89b7bc75 kube-system etcd-k8s-master1 1/1 Running 2 27d component=etcd,tier=control-plane kube-system kube-apiserver-k8s-master1 1/1 Running 2 27d component=kube-apiserver,tier=control-plane kube-system kube-controller-manager-k8s-master1 1/1 Running 43 27d component=kube-controller-manager,tier=control-plane kube-system kube-proxy-4tnzv 1/1 Running 2 27d controller-revision-hash=6fb4b4fd8f,k8s-app=kube-proxy,pod-template-generation=1 kube-system kube-proxy-mnnsg 1/1 Running 2 27d controller-revision-hash=6fb4b4fd8f,k8s-app=kube-proxy,pod-template-generation=1 kube-system kube-proxy-mxnhb 1/1 Running 2 27d controller-revision-hash=6fb4b4fd8f,k8s-app=kube-proxy,pod-template-generation=1 kube-system kube-scheduler-k8s-master1 1/1 Running 42 27d component=kube-scheduler,tier=control-plane kubernetes-dashboard dashboard-metrics-scraper-7445d59dfd-vghl2 1/1 Running 2 27d k8s-app=dashboard-metrics-scraper,pod-template-hash=7445d59dfd kubernetes-dashboard kubernetes-dashboard-54f5b6dc4b-x6498 1/1 Running 4 27d k8s-app=kubernetes-dashboard,pod-template-hash=54f5b6dc4b
4. 标签选择器
标签选择器用于表达标签的查询条件或选择标准,kubernetes API目前支持两个选择器:基于等值关系以及基于集合关系。例如:env=production 和env!=qa 是基于等值关系的选择器,而iter in(frontend,backend)则是基于集合关系的选择器。另外,使用标签选择器时还将遵循以下逻辑:
1)同时指定的多个选择器之间的逻辑关系为“与”操作
2)使用空值的标签选择器意味着每个资源对象都将被选中
3)空的标签选择器将无法选出任何资源。
基于等值关系的标签选择器的可用操作符有“=”,“==” 和“!=” 三种,其中前两个意义相同,都表示“等值”关系,最后一个表示“不等”关系。“kubectl get ”命令的“-l”选项能够指定使用标签选择器。如,显示键名app的值为myapp的所有pod
[root@k8s-master1 ~]# kubectl get pods -l "app=myapp" -L app NAME READY STATUS RESTARTS AGE APP pod-test 1/1 Running 1 4d11h myapp
基于集合关系的标签选择器支持in,notin和exists三种操作符,他们的使用格式及意义具体如下:
key in (value1, value2,...):指定的键名的值存在于给定的列表中即满足条件
key notin (value1, value2,...):指定的键名的值不存在于给定的列表中即满足条件
key: 所有存在此键名标签的资源
!key:所有不存在此键名标签的资源
kubernetes的诸多资源对象必须以标签选择器的方式关联到pod资源对象。如Service、Deployment和ReplicaSet类型的资源等,它们在spec字段中嵌套使用嵌套的“selector” 字段,通过“matchLabels”来指定标签选择器,有的甚至还支持使用“matchExpression”构造复杂的标签选择机制。
matchLabels:通过直接给定键值对来指定标签选择器
matchExpression:基于表达式指定的标签选择器列表,每个选择器都形如“{key: KEY_VALUE,operator: ORERATOR, value:[VALUE1,VALUE2,...]}”,选择器列表间为“逻辑与”关系;使用In或NotIn操作符时,其values不强制要求为非空的字符串列表,而使用Exists或DostNotExists时,其values必须为空。
二、pod节点选择器nodeSelector
在创建pod资源的时候,pod会根据schduler进行调度,那么默认会调度到随机的一个工作节点,如果想要pod调度到指定节点或者调度到一些具有相同特点的node节点,怎么办呢?
可以使用pod中的nodeName或者nodeSelector字段指定要调度到的node节点
1. nodeName
指定pod节点运行在哪个具体node上
[root@k8s-master1 pod]# vim pod-node.yaml
You have new mail in /var/spool/mail/root
[root@k8s-master1 pod]# cat pod-node.yaml
apiVersion: v1
kind: Pod
metadata:
name: demo-pod
namespace: default
labels:
app: myapp
env: dev
spec:
nodeName: k8s-node1
containers:
- name: tomcat-pod-java
ports:
- containerPort: 8080
image: tomcat:8.5-jre8-alpine
imagePullPolicy: IfNotPresent
- name: busybox
image: busybox:1.28
command:
- "/bin/sh"
- "-c"
- "sleep 3600"
[root@k8s-master1 pod]# kubectl apply -f pod-node.yaml
pod/demo-pod created
[root@k8s-master1 pod]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-pod 2/2 Running 0 6s 10.244.36.82 k8s-node1 <none> <none>
2. nodeSelector
指定pod调度到具有哪些标签的node节点上
给node节点打标签,打个具有disk=ceph的标签
[root@k8s-master1 pod]# kubectl label nodes k8s-node2 disk=ceph node/k8s-node2 labeled [root@k8s-master1 pod]# kubectl get node k8s-node2 --show-labels NAME STATUS ROLES AGE VERSION LABELS k8s-node2 Ready worker 27d v1.20.6 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,disk=ceph,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node2,
kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
定义pod的时候指定要调度到具有disk=ceph标签的node上
[root@k8s-master1 pod]# vim demo-pod.yaml
You have new mail in /var/spool/mail/root
[root@k8s-master1 pod]# cat demo-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-test
namespace: default
labels:
app: myapp
env: dev
spec:
nodeSelector:
disk: ceph
containers:
- name: pod-test
ports:
- containerPort: 80
image: nginx:latest
imagePullPolicy: IfNotPresent
[root@k8s-master1 pod]# kubectl apply -f demo-pod.yaml
pod/pod-test created
[root@k8s-master1 pod]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-test 1/1 Running 0 4s 10.244.169.132 k8s-node2 <none> <none>
三、资源注解
除了标签之外,Pod与其他各种资源还能使用资源注解。与标签类似,注解也是“键值”类型的数据,但是它不能用于标签及挑选kubernetes对象,仅可用于为资源提供“元数据”信息。
1. 查看资源注解
使用“kubectl describe” 或“kubectl get -o yaml” 命令均可显示资源注解信息。
[root@k8s-master1 ~]# kubectl describe pods pod-test
Name: pod-test
Namespace: default
Priority: 0
Node: k8s-node1/10.0.0.132
Start Time: Tue, 30 Aug 2022 00:01:33 +0800
Labels: app=myapp
env=dev
Annotations: cni.projectcalico.org/podIP: 10.244.36.89/32
cni.projectcalico.org/podIPs: 10.244.36.89/32
Status: Running
IP: 10.244.36.89
IPs:
IP: 10.244.36.89
“kubectl get pod name -o yaml” 命令显示资源注解信息
[root@k8s-master1 ~]# kubectl get pod pod-test -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 10.244.36.89/32
cni.projectcalico.org/podIPs: 10.244.36.89/32
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"myapp","env":"dev"},"name":"pod-test","namespace":"default"},"spec":{"containers":[{"image":"nginx:latest","imagePullPolicy":"IfNotPresent","name":"pod-test","ports":[{"containerPort":80}]}],"restartPolicy":"Always"}}
creationTimestamp: "2022-08-29T16:01:33Z"
labels:
app: myapp
env: dev
2. 管理资源注解
annotations可在资源创建时使用“metadata.annotation” 字段指定,也可以随时按需在活动资源上使用"kubectl annotate"命令添加。例如,为pod-test重新进行注解:
[root@k8s-master1 ~]# kubectl annotate pods pod-test ilinux.io\create-by="cluster admin"
pod/pod-test annotated
[root@k8s-master1 ~]# kubectl describe pods pod-test
Name: pod-test
Namespace: default
Priority: 0
Node: k8s-node1/10.0.0.132
Start Time: Tue, 30 Aug 2022 00:01:33 +0800
Labels: app=myapp
env=dev
Annotations: cni.projectcalico.org/podIP: 10.244.36.89/32
cni.projectcalico.org/podIPs: 10.244.36.89/32
ilinux.iocreate-by: cluster admin
Status: Running
IP: 10.244.36.89
IPs:
IP: 10.244.36.89
