前言
pod是k8s的最小部署單元 ,是一組容器的集合,一個pod中的容器共享網絡命名空間,pod的壽命是短暫的
pod容器分類
1、infrastructure container 基礎容器
- 用來維護整個pod的網絡空間
- 查看容器的網絡(在node節點查看)
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.7.102 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
- 每次創建pod的時候就會創建,與pod對應的,對於用戶是透明的
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6beba77cbbc4 784cf2722f44 "/dashboard --insecu…" 24 hours ago Up 24 hours k8s_kubernetes-dashboard_kubernetes-dashboard-7dffbccd68-j4fqz_kube-system_87e9c168-905f-11ea-80d3-000c29535012_4
8b8426b7697a registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause" 24 hours ago Up 24 hours k8s_POD_kubernetes-dashboard-7dffbccd68-j4fqz_kube-system_87e9c168-905f-11ea-80d3-000c29535012_3
2、initcontainers 初始化容器
- 先於業務容器開始執行,原先pod中容器是並行開啓,現在進行了改進
3、container 業務容器
- 並行啓動
鏡像的拉取策略
- ifNoRresent:默認值,鏡像在宿主機上不存在時纔會被拉取
- Always:每次創建pod都會重新拉取一次鏡像
- Never:pod永遠不會主動拉取鏡像
[root@localhost demo]# kubectl run nginx --image=nginx
[root@localhost demo]# kubectl edit deployment/nginx
省略部分內容
spec:
containers:
- image: nginx
imagePullPolicy: Always //此處可以看到創建pod資源使用的拉取策略是always
name: nginx
創建拉取策略爲always的pod資源
[root@localhost demo]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx:1.14
imagePullPolicy: Always
[root@localhost demo]# kubectl create -f pod.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 55s
#如果上面的狀態爲CrashLoopBackOff,檢查yaml文件的格式或者檢查master與node之間的連接是否有問題
#查看pod分配的節點
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 4m8s 172.17.94.2 192.168.7.103 <none>
#在node節點使用curl查看頭部信息
[root@localhost ~]# curl -I 172.17.94.2
HTTP/1.1 200 OK
Server: nginx/1.14.2 //此處顯示版本爲1.14
Date: Thu, 21 May 2020 02:27:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
部署harbor創建私有項目
- harbor部署請參考----Docker–Harbor私有鏡像倉庫搭建
- 私有倉庫創建完成後創建一個項目
在node節點配置連接私有倉庫
[root@localhost ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.7.106"], //注意此處的逗號要添加
"registry-mirrors": ["https://syy5204b.mirror.aliyuncs.com"]
}
#重啓docker服務
[root@localhost ~]# systemctl restart docker
#登陸harbor私有倉庫
[root@localhost ~]# docker login 192.168.7.106
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#下載Tomcat鏡像進行推送
[root@localhost ~]# docker pull tomcat
#打標籤,推送鏡像到私有倉庫
[root@localhost ~]# docker tag tomcat:latest 192.168.7.106/my-project/tomcat
[root@localhost ~]# docker push 192.168.7.106/my-project/tomcat
#推送完成後刪除本地的打標籤鏡像,做後續驗證 使用
[root@localhost ~]# docker rmi 192.168.7.106/my-project/tomcat:latest
創建pod資源,通過私有倉庫下載鏡像
#在node節點查看登陸憑據
[root@localhost ~]# cat .docker/config.json | base64 -w 0
ewoJImF1dGhzIjoge30sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy44IChsaW51eCkiCgl9Cn0=
#創建secret資源
[root@localhost demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
#下面插入上面查看到的登陸憑據
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjcuMTA2IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjggKGxpbnV4KSIKCX0KfQ==
type: kubernetes.io/dockerconfigjson
[root@localhost demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-9gtsc kubernetes.io/service-account-token 3 21d
registry-pull-secret kubernetes.io/dockerconfigjson 1 23s
#創建資源從harbor倉庫中下載鏡像
[root@localhost demo]# vim tomcat.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2 //創建的副本數爲2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets: //選擇登陸下載鏡像的驗證
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.7.106/my-project/tomcat //添加鏡像
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
[root@localhost demo]# kubectl create -f tomcat.yaml
deployment.extensions/my-tomcat created
service/my-tomcat created
#查看pod資源及發佈的映射端口
[root@localhost demo]# kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
pod/my-tomcat-bd6957b58-n44c9 1/1 Running 0 110s
pod/my-tomcat-bd6957b58-xs6xf 1/1 Running 0 110s
pod/mypod 1/1 Running 0 33m
pod/nginx-dbddb74b8-4dn2m 1/1 Running 0 50m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 21d
service/my-tomcat NodePort 10.0.0.236 <none> 8080:31111/TCP 110s