pod 的概念
一般来说,用户不需要直接创建 Pod。他们几乎都是使用控制器进行创建,即使对于单例的 Pod 创建也一样使用控制器,例如Deployments控制器提供集群范围的自修复以及副本数和滚动管理。 像StatefulSet这样的控制器还可以提供支持有状态的Pod。
Init容器就是做初始化工作的容器。可以有一个或多个,如果多个按照定义的顺序依次执行,只有所有的初始化容器执行完后,主容器才启动。由于一个Pod里的存储卷是共享的,所以Init Container里产生的数据可以被主容器使用到,Init Container可以在多种K8S资源里被使用到,如Deployment、DaemonSet, StatefulSet、Job等,但都是在Pod启动时,在主容器启动前执行,做初始化工作。
初始化容器启动之后,开始启动主容器,在主容器启动之前有一个post start hook(容器启动后钩子)和pre stop hook(容器结束前钩子)
postStart:该钩子在容器被创建后立刻触发,通知容器它已经被创建。如果该钩子对应的hook handler执行失败,则该容器会被杀死,并根据该容器的重启策略决定是否要重启该容器,这个钩子不需要传递任何参数
preStop:该钩子在容器被删除前触发,其所对应的hook handler必须在删除该容器的请求发送给Docker daemon之前完成。在该钩子对应的hook handler完成后不论执行的结果如何,Docker daemon会发送一个SGTERN信号量给Docker daemon来删除该容器,这个钩子不需要传递任何参数
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [root@master-1 ~] # kubectl explain pods.spec.containers.lifecycle.postStart KIND: Pod VERSION: v1 RESOURCE: postStart <Object> DESCRIPTION: PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https: //kubernetes .io /docs/concepts/containers/container-lifecycle-hooks/ #container-hooks Handler defines a specific action that should be taken FIELDS: exec <Object> One and only one of the following should be specified. Exec specifies the action to take. httpGet <Object> HTTPGet specifies the http request to perform. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | [root@master-1 ~] # kubectl explain pods.spec.containers.lifecycle.preStop KIND: Pod VERSION: v1 RESOURCE: preStop <Object> DESCRIPTION: PreStop is called immediately before a container is terminated due to an API request or management event such as liveness /startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https: //kubernetes .io /docs/concepts/containers/container-lifecycle-hooks/ #container-hooks Handler defines a specific action that should be taken FIELDS: exec <Object> One and only one of the following should be specified. Exec specifies the action to take. httpGet <Object> HTTPGet specifies the http request to perform. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported |
livenessProbe:指示容器是否正在运行。如果存活探测失败,则 kubelet 会杀死容器,并且容器将受到其重启策略的影响。如果容器不提供存活探针,则默认状态为Success。
readinessProbe:指示容器是否准备好服务请求。如果就绪探测失败,端点控制器将从与 Pod 匹配的所有Service 的端点中删除该 Pod 的 IP 地址。初始延迟之前的就绪状态默认为Failure。如果容器不提供就绪探针,则默认状态为Success
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | [root@master-1 ~] # kubectl explain pods.spec.containers.livenessProbe KIND: Pod VERSION: v1 RESOURCE: livenessProbe <Object> DESCRIPTION: Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. FIELDS: exec <Object> One and only one of the following should be specified. Exec specifies the action to take. failureThreshold <integer> Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. httpGet <Object> HTTPGet specifies the http request to perform. initialDelaySeconds <integer> Number of seconds after the container has started before liveness probes are initiated. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes periodSeconds <integer> How often ( in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold <integer> Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported timeoutSeconds <integer> Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | [root@master-1 ~] # kubectl explain pods.spec.containers.readinessProbe KIND: Pod VERSION: v1 RESOURCE: readinessProbe <Object> DESCRIPTION: Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. FIELDS: exec <Object> One and only one of the following should be specified. Exec specifies the action to take. failureThreshold <integer> Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. httpGet <Object> HTTPGet specifies the http request to perform. initialDelaySeconds <integer> Number of seconds after the container has started before liveness probes are initiated. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes periodSeconds <integer> How often ( in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. successThreshold <integer> Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. tcpSocket <Object> TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported timeoutSeconds <integer> Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle #container-probes |
1 2 3 | [root@master-1 ~] # kubectl get pods chenxi-dev NAME READY STATUS RESTARTS AGE chenxi-dev (成功的容器个数)1 /1 (pod容器个数) Running 0 73m |
1 2 3 4 5 6 7 8 9 10 | [root@master-1 ~] # kubectl explain pods.spec.restartPolicy KIND: Pod VERSION: v1 FIELD: restartPolicy <string> DESCRIPTION: Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https: //kubernetes .io /docs/concepts/workloads/pods/pod-lifecycle/ #restart-policy |
1 2 3 4 5 6 | [root@master-1 ~] # kubectl get ns NAME STATUS AGE default Active 2d15h kube-node-lease Active 2d15h kube-public Active 2d15h kube-system Active 2d15h |
pod label
标签其实就一对 key/value ,被关联到对象上,比如Pod,标签的使用我们倾向于能够标示对象的特殊特点,并且对用户而言是有意义的(就是一眼就看出了这个Pod是干什么的),标签可以用来划分特定组的对象(比如版本,服务类型等),标签可以在创建一个对象的时候直接给与,也可以在后期随时修改,每一个对象可以拥有多个标签,但是,key值必须是唯一的
1 2 3 4 | [root@master-1 ~] # kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS chenxi-dev 1 /1 Running 0 84m dev=chenxi demo-pod 2 /2 Running 50 2d2h app=myapp, env =dev |
1 2 3 4 | [root@master-1 ~] # kubectl get pods -l dev --show-labels NAME READY STATUS RESTARTS AGE LABELS chenxi-dev 1 /1 Running 0 86m dev=chenxi 查看拥有dev这个标签的资源对象,并且把标签显示出来 |
1 2 3 4 5 6 7 8 9 | [root@master-1 ~] # kubectl label pods chenxi-dev release=new pod /chenxi-dev labeled 您在 /var/spool/mail/root 中有新邮件 [root@master-1 ~] # kubectl get pods -l dev --show-labels NAME READY STATUS RESTARTS AGE LABELS chenxi-dev 1 /1 Running 0 90m dev=chenxi,release=new [root@master-1 ~] # kubectl get pods -l release --show-labels NAME READY STATUS RESTARTS AGE LABELS chenxi-dev 1 /1 Running 0 90m dev=chenxi,release=new |
environment = production tier != frontend
第一个选择所有键等于 environment 值为 production 的资源。后一种选择所有键为 tier 值不等于 frontend 的资源,和那些没有键为 tier 的label的资源。
要过滤所有处于 production 但不是 frontend 的资源,可以使用逗号操作符, environment=production,tier!=frontend 。
基于集合的label条件允许用一组值来过滤键。支持三种操作符: in , notin ,和 exists(仅针对于key符号) 。例如:
environment in (production, qa)
tier notin (frontend, backend)
第一个例子,选择所有键等于 environment ,且value等于 production 或者 qa 的资源。 第二个例子,选择所有键等于tier且值是除了frontend 和 backend 之外的资源,和那些没有label的键是 tier 的资源。 类似的,逗号操作符相当于一个AND操作符。因而要使用一个 partition 键(不管值是什么),并且 environment 不是 qa 过滤资源可以用 partition,environment notin (qa) 。
基于集合的选择器是一个相等性的宽泛的形式,因为 environment=production 相当于environment in (production) ,与 != and notin 类似。
基于集合的条件可以与基于相等性 的条件混合。例如, partition in (customerA,customerB),environment != qa 。
node label
1 2 3 | [root@master-1 ~] # kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS node-1 Ready <none> 2d15h v1.20.7 beta.kubernetes.io /arch =amd64,beta.kubernetes.io /os =linux,kubernetes.io /arch =amd64,kubernetes.io /hostname =node-1,kubernetes.io /os =linux |
1 2 3 | [root@master-1 ~] # kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS node-1 Ready <none> 2d15h v1.20.7 beta.kubernetes.io /arch =amd64,beta.kubernetes.io /os =linux,kubernetes.io /arch =amd64,kubernetes.io /hostname =node-1,kubernetes.io /os =linux,node011=chenxi |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | [root@master-1 ~] # kubectl explain pods.spec.nodeSelector KIND: Pod VERSION: v1 FIELD: nodeSelector <map[string]string> DESCRIPTION: NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https: //kubernetes .io /docs/concepts/configuration/assign-pod-node/ #这个node011是我们给node-1节点打的标签,在上面已经操作过 cat pod.yaml 看到完整的文件如下: apiVersion: v1 kind: Pod metadata: name: web namespace: default labels: web1: tomcat spec: containers: - name: tomcat1 image: tomcat:8.5-jre8-alpine nodeSelector: node011:haha kubectl delete -f pod.yaml kubectl apply -f pod.yaml kubectl get pods -o wide |
