pod是k8s管理的最小單元
pod中有多個容器,現實生產環境中只有一個容器
特點:
1.最小部署單元
2.一組容器的集合
3.一個Pod中的容器共享網絡命令空間
4.Pod是短暫的
Pod容器分類:
1:infrastructure container 基礎容器(透明的過程,用戶無感知)
維護整個Pod網絡空間
node節點操作
`查看容器的網絡`
[root@node1 ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.18.148 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" #提示網絡組件鏡像會從阿里雲上進行下載
`每次創建Pod時候就會創建,與Pod對應的,對於用戶是透明的`
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
......此處省略多行
54d9e6ec3c02 registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause"
#網絡組件會被自動加載成一個組件提供出去
`結論:基礎容器在創建時,一定會去創建一個網絡容器`
2:initcontainers 初始化容器
pod在進行創建時一定會被執行當中的初始化initcontainers,在老版本中執行時不會區分前後順序(在系統進行加載時PID號數字越小,優先級別越高,越先被啓動),隨着雲平臺的改進,啓動模式改爲主機形式,分隔出的初始化容器會被優先加載,在初始化容器加載完成之後後面的業務容器才能正常接着運行
3:container 業務容器(並行啓動)
官方網站:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
示例:
Init containers in use
This example defines a simple Pod that has two init containers. The first waits for myservice
, and the second waits for mydb
. Once both init containers complete, the Pod runs the app container from its spec
section.
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox:1.28
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
- name: init-mydb
image: busybox:1.28
command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
鏡像拉取策略(image PullPolicy)
IfNotPresent:默認值,鏡像在宿主機上不存在時才拉取
Always:每次創建Pod都會重新拉取一次鏡像
Never:Pod永遠不會主動拉取這個鏡像
官方網站:https://kubernetes.io/docs/concepts/containers/images
示例:
Verify by creating a pod that uses a private image, e.g.:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: private-image-test-1
spec:
containers:
- name: uses-private-image
image: $PRIVATE_IMAGE_NAME
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
EOF
master1上操作
[root@master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-d55b94fd-kc2gl 1/1 Running 0 40h
my-nginx-d55b94fd-tkr42 1/1 Running 0 40h
nginx-6c94d899fd-8pf48 1/1 Running 0 2d15h
nginx-deployment-5477945587-f5dsm 1/1 Running 0 2d14h
nginx-deployment-5477945587-hmgd2 1/1 Running 0 2d14h
nginx-deployment-5477945587-pl2hn 1/1 Running 0 2d14h
[root@master1 ~]# kubectl edit deployment/my-nginx
......此處省略多行
spec:
containers:
- image: nginx:1.15.4
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
[root@master1 ~]# cd demo/
[root@master1 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
[root@master1 demo]# kubectl create -f pod1.yaml #進行創建
pod/mypod created
此時會出現CrashLoopBackOff創建之後又關閉的狀態提示
`失敗的狀態的原因是因爲命令啓動衝突`
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx:1.14 #同時更改一下版本nginx:1.14
imagePullPolicy: Always
#刪除最後一行的command: [ "echo", "SUCCESS" ]語句
`刪除原有的資源`
[root@master1 demo]# kubectl delete -f pod1.yaml
pod "mypod" deleted
`更新資源`
[root@master1 demo]# kubectl apply -f pod1.yaml
pod/mypod created
[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 3m26s
`查看分配節點`
[root@master1 demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 4m45s 172.17.40.5 192.168.18.145 <none>
#此時172.17.40.5段,對應的是node2節點的192.168.18.145地址
`到node2上查看指定的應用是否部署到指定節點上`
[root@node2 ~]# curl -I 172.17.40.5
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 15 Feb 2020 04:11:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes