kubernetes(4):kubernetes的基础单元pod
kubernetes(3):kubernetes的基础单元pod
https://www.cnblogs.com/luoahong/p/10299298.html
1 Pod简介
Pod是kubernetes的基础操作单元,也是应用运行的载体。整个kubernetes系统都是围绕pod展开的,比如如何部署pod、如何保证pod的数量、如何访问pod等。kubernetes不是直接调度容器,而是直接作用于POD,POD可以理解为容器的外壳,给容器一个抽象的封装。
POD 内可以包含多个容器,多个容器共享同一个底层网络,同一个POD内的容器只能运行在同一个node上,POD 是通过标签来识别的,因为在每次容器重启后,其IP地址将会发生改变。其标签的选择需要通过标签选择器来实现。
2 pod基本操作
|
创建 |
kubectl create –f xxx.yaml |
|
查询 |
kubectl get pod yourpodname kubectl describe pod yourpodname |
|
删除 |
kubectl delete pod yourpodname |
|
更新 |
Kubectl replace /path/to/yourNewYaml.yaml |
3 Pod与容器
在docker中,容器是最小的处理单元,增删改查的对象是容器,容器是一种虚拟化技术,容器之间是隔离的,隔离基于Linux namespaces实现的。而kubernetes中,pod包含一个或多个容器,pod可以认为是容器的延伸扩展,一个pod也是一个隔离体,而pod内部包含的一组容器又是共享的(包括POD、network、IPC、uts)。除此之外,pod中的容器可以访问共同数据卷来实现文件系统的共享。
一个pod最多和4个容器共同使用网络。
4 一个最简单的pod
4.1 编辑k8s_pod.yml文件
[root@k8s-master k8s]# ls ks8_pod.yaml [root@k8s-master k8s]# pwd /root/k8s [root@k8s-master k8s]# cat ks8_pod.yaml apiVersion: v1 #版本 kind: Pod #资源类型 metadata: #元数据(属性) name: nginx #pod名字 labels: #标签 键值对 app: web spec: #详细 containers: #容器 - name: nginx #名字 image: 192.168.0.136:5000/nginx:latest #镜像 ports: - containerPort: 80 #端口
4.2 启动pod
[root@k8s-master k8s]# kubectl create -f ks8_pod.yaml pod "nginx" created [root@k8s-master k8s]#
4.3 查看pod状态kubectl get pod
[root@k8s-master k8s]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx 0/1 ContainerCreating 0 1m
4.4 获取pod详细信息kubectl describe(排错常用命令)
[root@k8s-master k8s]# kubectl describe pod nginx Name: nginx Namespace: default Node: k8s-node-2/192.168.0.138 Start Time: Wed, 21 Aug 2019 10:15:11 +0800 Labels: app=web Status: Pending IP: Controllers: <none> Containers: nginx: Container ID: Image: 192.168.0.136:5000/nginx:latest Image ID: Port: 80/TCP State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Volume Mounts: <none> Environment Variables: <none> Conditions: Type Status Initialized True Ready False PodScheduled True No volumes. QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 2m 2m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node-2 2m 31s 4 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" 1m 6s 6 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\"" #错误是无法从registry.access.redhat.com仓库获取镜像,解决办法是更换镜像地址
4.5 解决redhat-ca.crt错误
4.5.1 搜索pod-infrastructure
#docker search pod-infrastructure [root@k8s-master k8s]# docker search pod-infrastructure INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/neurons/pod-infrastructure k8s pod 基础容器镜像 2 docker.io docker.io/tianyebj/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 2 docker.io docker.io/w564791/pod-infrastructure latest 1 docker.io docker.io/xiaotech/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 1 [OK] docker.io docker.io/092800/pod-infrastructure 0 docker.io docker.io/812557942/pod-infrastructure 0 docker.io docker.io/cnkevin/pod-infrastructure 0 docker.io docker.io/fungitive/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 docker.io docker.io/jqka/pod-infrastructure redhat pod 0 [OK] docker.io docker.io/k189189/pod-infrastructure 0 docker.io docker.io/oudi/pod-infrastructure pod-infrastructure 0 [OK] docker.io docker.io/pkcsloye/pod-infrastructure docker pull registry.access.redhat.com/rhe... 0 [OK] docker.io docker.io/shadowalker911/pod-infrastructure 0 docker.io docker.io/singlestep/pod-infrastructure 0 docker.io docker.io/statemood/pod-infrastructure Automated build from registry.access.redha... 0 [OK] docker.io docker.io/wangdjtest/pod-infrastructure pod-infrastructure:latest 0 [OK] docker.io docker.io/william198689/pod-infrastructure 0 docker.io docker.io/xiechengsheng/pod-infrastructure 0 docker.io docker.io/xielongzhiying/pod-infrastructure pod-infrastructure 0 [OK] docker.io docker.io/xplenty/rhel7-pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 docker.io docker.io/zdwork/pod-infrastructure 0 docker.io docker.io/zengshaoyong/pod-infrastructure pod-infrastructure 0 [OK] docker.io docker.io/zhanghongyang/pod-infrastructure 0 docker.io docker.io/zhangspook/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 [OK] docker.io docker.io/zm274310577/pod-infrastructure 0 [root@k8s-master k8s]#
4.5.2 下载并上传到私有仓库
[root@k8s-master k8s]# docker pull docker.io/neurons/pod-infrastructure Using default tag: latest Trying to pull repository docker.io/neurons/pod-infrastructure ... manifest for docker.io/neurons/pod-infrastructure:latest not found [root@k8s-master k8s]# docker pull docker.io/tianyebj/pod-infrastructure Using default tag: latest Trying to pull repository docker.io/tianyebj/pod-infrastructure ... latest: Pulling from docker.io/tianyebj/pod-infrastructure 7bd78273b666: Pull complete c196631bd9ac: Pull complete 3c917e6a9e1a: Pull complete Digest: sha256:73cc48728e707b74f99d17b4e802d836e22d373aee901fdcaa781b056cdabf5c Status: Downloaded newer image for docker.io/tianyebj/pod-infrastructure:latest [root@k8s-master k8s]# docker images|grep pod-infrastructure docker.io/tianyebj/pod-infrastructure latest 34d3450d733b 2 years ago 205 MB [root@k8s-master k8s]# docker tag docker.io/tianyebj/pod-infrastructure 192.168.0.136:5000/pod-infrastructure:latest [root@k8s-master k8s]# docker push 192.168.0.136:5000/pod-infrastructure:latest The push refers to a repository [192.168.0.136:5000/pod-infrastructure] ba3d4cbbb261: Pushed 0a081b45cb84: Pushed df9d2808b9a9: Pushed latest: digest: sha256:a378b2d7a92231ffb07fdd9dbd2a52c3c439f19c8d675a0d8d9ab74950b15a1b size: 948 [root@k8s-master k8s]#
4.5.3 修改密钥镜像的地址并重启kubelet
vim /etc/kubernetes/kubelet 修改内容如下: KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.0.136:5000/pod-infrastructure:latest" systemctl restart kubelet.service
4.6 再次查看pod详细信息
[root@k8s-master ~]# kubectl describe pod nginx Name: nginx Namespace: default Node: k8s-node-2/192.168.0.138 Start Time: Wed, 21 Aug 2019 10:15:11 +0800 Labels: app=web Status: Running IP: 172.16.14.2 Controllers: <none> Containers: nginx: Container ID: docker://75b336cf6418dc7a1cd4f0f28d76945c72b346a722c7dd665b35f64646ae585e Image: 192.168.0.136:5000/nginx:latest Image ID: docker-pullable://192.168.0.136:5000/nginx@sha256:099019968725f0fc12c4b69b289a347ae74cc56da0f0ef56e8eb8e0134fc7911 Port: 80/TCP State: Running Started: Wed, 21 Aug 2019 12:08:27 +0800 Ready: True Restart Count: 0 Volume Mounts: <none> Environment Variables: <none> Conditions: Type Status Initialized True Ready True PodScheduled True No volumes. QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 1h 11m 15 {kubelet k8s-node-2} spec.containers{nginx} Warning Failed Failed to pull image "192.168.0.136:5000/nginx:latest": Error while pulling image: Get http://192.168.0.136:5000/v1/repositories/nginx/images: dial tcp 192.168.0.136:5000: connect: connection refused 1h 11m 15 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "nginx" with ErrImagePull: "Error while pulling image: Get http://192.168.0.136:5000/v1/repositories/nginx/images: dial tcp 192.168.0.136:5000: connect: connection refused" 1h 6m 7 {kubelet k8s-node-2} spec.containers{nginx} Warning Failed Failed to pull image "192.168.0.136:5000/nginx:latest": Error: image nginx:latest not found 1h 6m 7 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "nginx" with ErrImagePull: "Error: image nginx:latest not found" 1h 1m 404 {kubelet k8s-node-2} spec.containers{nginx} Normal BackOff Back-off pulling image "192.168.0.136:5000/nginx:latest" 1h 1m 404 {kubelet k8s-node-2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "nginx" with ImagePullBackOff: "Back-off pulling image \"192.168.0.136:5000/nginx:latest\"" 1h 1m 23 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulling pulling image "192.168.0.136:5000/nginx:latest" 21s 21s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Pulled Successfully pulled image "192.168.0.136:5000/nginx:latest" 1h 20s 2 {kubelet k8s-node-2} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy. 19s 19s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Created Created container with docker id 75b336cf6418; Security:[seccomp=unconfined] 14s 14s 1 {kubelet k8s-node-2} spec.containers{nginx} Normal Started Started container with docker id 75b336cf6418
4.7 再次查看pod状态
[root@k8s-master ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx 1/1 Running 0 1h 172.16.14.2 k8s-node-2 [root@k8s-master ~]#
4.8 测试pod容器
[root@k8s-master ~]# curl 172.16.14.2 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
5 pod网络类型是container
5.1 Nginx没有IP地址
[root@k8s-node2 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 75b336cf6418 192.168.0.136:5000/nginx:latest "nginx -g 'daemon ..." About an hour ago Up About an hour k8s_nginx.ce4d03ec_nginx_default_7b8de990-c3b9-11e9-93ab-000c2951f5dd_edeb5dfc 01549ff0cf31 192.168.0.136:5000/pod-infrastructure:latest "/pod" 3 hours ago Up 3 hours k8s_POD.ae540292_nginx_default_7b8de990-c3b9-11e9-93ab-000c2951f5dd_cbbb45e2 [root@k8s-node2 ~]# docker inspect 75b336cf6418| tail -22 "NetworkSettings": { "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": null, "SandboxKey": "", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "", "Networks": {} }
5.2 访问的IP实际是pod-infrastructure容器的ip
[root@k8s-node2 ~]# docker inspect 01549ff0cf31| tail -22 "IPPrefixLen": 24, "IPv6Gateway": "", "MacAddress": "02:42:ac:10:0e:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "91b2a8f0e6bc27e794c236206658ff980174af5af50f5c8960da2920d3936eca", "EndpointID": "32d012474893339123e7ce707d89528831a50fd05374bb773fe5abab050b1e81", "Gateway": "172.16.14.1", "IPAddress": "172.16.14.2", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:10:0e:02" } } [root@k8s-node2 ~]# curl -I 172.16.14.2 HTTP/1.1 200 OK Server: nginx/1.17.3 Date: Wed, 21 Aug 2019 05:39:23 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT Connection: keep-alive ETag: "5d5279b8-264" Accept-Ranges: bytes [root@k8s-node2 ~]#
5.3 原理
原理:Nginx只提供web服务,pod-infrastructure的基础容器提供IP,实现k8s负载均衡、服务自愈等高级功能。
5.4 一个pod两个容器nginx+redis(端口不冲突即可)
[root@k8s-master k8s]# cat ks8_pod.yaml apiVersion: v1 #版本 kind: Pod #资源类型 metadata: #元数据(属性) name: test1 #pod名字 labels: #标签 键值对 app: web spec: #详细 containers: #容器 - name: nginx #名字 image: 192.168.0.136:5000/nginx:latest #镜像 ports: - containerPort: 80 #端口 - name: redis #名字 image: redis:latest #镜像 ports: - containerPort: 6379 #端口 [root@k8s-master k8s]# [root@k8s-master k8s]# kubectl create -f ks8_pod.yaml pod "test1" created [root@k8s-master k8s]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE nginx 1/1 Running 0 5h 172.16.14.2 k8s-node-2 test1 2/2 Running 0 6m 172.16.73.2 k8s-node-1 #访问Nginx和Redis,共用一个ip [root@k8s-master k8s]# [root@k8s-master k8s]# curl -I 172.16.73.2 HTTP/1.1 200 OK Server: nginx/1.17.3 Date: Wed, 21 Aug 2019 07:33:13 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 13 Aug 2019 08:50:00 GMT Connection: keep-alive ETag: "5d5279b8-264" Accept-Ranges: bytes [root@k8s-master k8s]# telnet 172.16.73.2 6379 Trying 172.16.73.2... Connected to 172.16.73.2. Escape character is '^]'. ^] telnet> quit Connection closed. [root@k8s-master k8s]# #node1节点上有3个容器 Nginx+ Redis + pod [root@k8s-node1 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 243e7ce30fb5 192.168.0.136:5000/nginx:latest "nginx -g 'daemon ..." 3 minutes ago Up 3 minutes k8s_nginx.ce4d03ec_test1_default_e98f661d-c3e4-11e9-9d88-000c2951f5dd_a624b79f 9b31be42c4bc redis:latest "docker-entrypoint..." 3 minutes ago Up 3 minutes k8s_redis.e23a0086_test1_default_e98f661d-c3e4-11e9-9d88-000c2951f5dd_d4d7db10 40809c1fa637 192.168.0.136:5000/pod-infrastructure:latest "/pod" 4 minutes ago Up 4 minutes k8s_POD.c73825ae_test1_default_e98f661d-c3e4-11e9-9d88-000c2951f5dd_432f6da0 [root@k8s-node1 ~]#
