pod 和pod控制器
Pod
pod 是k8s 调度的最小单元,一个pod中可以运行一个或多个容器。Pod (就像在鲸鱼荚或者豌豆荚中)是一组(一个或多个) 容器; 这些容器共享存储、网络、以及怎样运行这些容器的声明。
Pod资源配置清单
apiVersion: v1
kind: Pod
metadata:
name: test-pod
namespace: default
labels:
app: test-pod
spec:
dnsPolicy: ClusterFirst
hostNetwork: false
#imagePullSecrets: harbor # 私有仓库拉取镜像使用的秘钥
serviceAccountName: default
terminationGracePeriodSeconds: 30 # 如果是0 表示立马杀死pod
securityContext: # pod 权限相关的内容
runAsUser: 0
restartPolicy: Always #Always、OnFailure 和 Never。默认值是 Always
#####################################################################################
volumes:
- name: sys
hostPath:
path: /sys
#####################################################################################
# https://www.cnblogs.com/wangend/p/15159358.html
tolerations: # 容忍所有污点
- operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: NotIn
values:
- "ssd"
#####################################################################################
containers:
- name: test-pod
image: nginx
imagePullPolicy: IfNotPresent
env:
- name: test
value: AA
ports:
- name: http
protocol: TCP
hostPort: 80
containerPort: 80
command: #如果指定覆盖 docker image 中的 ENTRYPOINT 指令
- sh
- -c
args:
- "nginx -g \"daemon off;\"" # 如果指定覆盖docker image 中的CMD 指令
#####################################################################################
# https://www.cnblogs.com/wangend/p/15257691.html
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
#####################################################################################
# https://www.cnblogs.com/wangend/p/15257663.html
livenessProbe:
httpGet:
path: /
port: 80
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 2
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /
port: 80
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 2
successThreshold: 1
timeoutSeconds: 3
#####################################################################################
volumeMounts:
- name: sys
mountPath: /sys
workingDir: /tmp
lifecycle:
# 容器启动时执行的命令
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
#容器停止前执行的命令
preStop:
exec:
command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
spec 中未知指令
topologySpreadConstraints:
静态Pod
直接由特定节点上的 kubelet 守护进程管理, 不需要API 服务器看到它们
Replicaset
pod控制器之 replicaset 控制一组符合selector的pod 副本
资源配置清单
apiVersion: apps/v1
kind: ReplicaSet
metadta:
name: test
namespace: detfault
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
参考 pod.spec的参数
pod控制器之 deployment 声明了pods的创建模板 和replicasets的更新策略
资源配置清单
apiVersion: apps/v1
kind: Deployment
metdata:
name: test
namespace: detfault
spec:
replicas: 1
selector:
matchLabels:
app: nginx
#####相比较ReplicaSet.spec 多出了更新策略
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
####################################
template:
metadata:
labels:
app: nginx
spec:
参考 pod.spec的参数
DaemontSet
pod控制器之 DaemontSet,确保每一个符合调度要求的节点运行一个pod副本
应用场景
- 需要在每个节点运行的存储资源
- 日志收集
- 节点监控
资源配置清单
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: test
namespace: default
spec:
updateStrategy: # Deployment 是 strategy
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
参考 pod.spec的参数
StatefulSet
pod控制器之 StatefulSet,管理一组具有一致身份的 Pod
- 基于pvc存储
- 删除statefulset不会删除管理的pod,因此删除前需scale 为0
- 使用headless server
- 基于滚动更新可能需要人工干预修复集群状态
资源配置清单
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: test
namespace: default
spec:
updateStrategy:
rollingUpdate:
partition: 1 #仅更新分区号大于等于1的
serviceName:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
lables:
app: nginx
spec:
参考 pod.spec的参数
volumeClaimTemplates:
和pvc的指令一致
pod控制器之 Job,执行单一任务
资源配置清单
- apiVersion: batch/v1
- kind: Job
- metadata:{name:"test",namespace:"detfault",labels:{},annotations:
- spec
- status
下面重点学习spec
template
Job 中 Pod 的 RestartPolicy 只能设置为 Never 或 OnFailure 之一
#kubectl create job test --image=alpine --dry-run=client -oyaml -- sh -c 'echo "scale=5;$*a(1)"|bc -l -q'
apiVersion: batch/v1
kind: Job
metadata:
name: test
namespace: default
spec:
activeDeadlineSeconds: 300 # 任务执行时长超过300秒将被终止
backoffLimit: 6 # 连续执行失败6次标记任务失败
completions: 3 # 指定这个任务运行3次
parallelism: 1 # 并行运行的pod 数量,默认为1
template:
metadata:
labels:
app: test1
spec:
restartPolicy: Never
containers:
- name: test
image: busybox
command: ["sh","-c","echo $((100+11))"]
pod控制器之 CronJob
资源配置清单
- apiVersion: batch/v1
- kind: Job
- metadata:{name:"test",namespace:"detfault",labels:{},annotations:
- spec
- status
下面重点学习spec
jobTemplate
schedule
spec:
schedule: "*/1 * * * *"
# kubectl create cronjob test --image=alpine --schedule='*/5 * * * *' --dry-run=client -oyaml -- sh -c 'echo "scale=5;$*a(1)"|bc -l -q'
apiVersion: batch/v1
kind: CronJob
metadata:
name: test
namespace: default
spec:
schedule: "*/5 * * * *"
jobTemplate: # 指定job的行为
spec:
template: # 指定 pod的行为
spec:
restartPolicy: OnFailure
containers:
- name: test
image: busybox
command: ["sh","-c","echo $((100+11))"]
