容器列表
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
- name: myappv2
image: myapp:v2 #在这里定义两个容器
[root@server2 manifest]# kubectl create -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 1/2 Error 4 2m5s
[root@server2 manifest]# kubectl logs myapp myappv2
2020/06/26 02:57:40 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) # 这里
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)
由于myapp这个容器开起的是一个服务,所以在pod当中开启多个同样容器时,端口就会出现抢夺,其中一个容器就会一直重启,所以不能同时开启端口一样的两个容器。
# 修改:
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
- name: demo
image: busyboxplus # 这是一个交互式的终端,需要下面三个参数的支持
tty: true # 打开一个终端,需要 stdin 和stdinOnce的支持。
stdin: true
stdinOnce: true
[root@server2 manifest]# kubectl delete -f pod.yml
pod "myapp" deleted
[root@server2 manifest]# kubectl apply -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp 2/2 Running 0 10s
[root@server2 manifest]# kubectl attach myapp -c demo -it #-c指定容器,-it 交互
If you don't see a command prompt, try pressing enter.
/ #
/ # curl localhost
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
再这个容器却可以本地访问myapp:v1容器开启的端口,这时因为同一个pod中的容器共用网络。
那末对于myapp打开一个服务并没有打开一个终端的容器怎么连接哪?
[root@server2 manifest]# kubectl exec -it myapp -c myappv1 sh #exec让他打开一个shell
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
/ # netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
/ # cat /etc/hostname
myapp
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # cat index.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
关闭这些服务后,k8s会自动进行重启。
镜像拉取策略
[root@server2 manifest]# kubectl explain pod.spec.containers
imagePullPolicy <string>
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
默认总会去仓库拉取最新的,这就要求我们再更新镜像的时候打上一个最新的标签。
使用:
spec:
containers:
- name: myappv1
image: myapp:v1
- name: demo
image: busyboxplus
tty: true
stdin: true
stdinOnce: true
imagePullPolicy: IfNotPresent
在这里加上参数就行了。IfNotPresent 当我们本地没有的时候才去拉取
端口映射
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
ports:
- name: http
containerPort: 80 #端口映射,就不用再命令行中加参数了
hostPort: 80
[root@server2 manifest]# kubectl apply -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 6s 10.244.2.22 server4 <none> <none>
# 再server4上查看端口映射
[root@server4 ~]# iptables -t nat -nL| grep :80
CNI-HOSTPORT-SETMARK tcp -- 10.244.2.22 0.0.0.0/0 tcp dpt:80
CNI-HOSTPORT-SETMARK tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.244.2.22:80
使用主机网络模式
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
hostNetwork: true #默认是false
# - name: demo
# image: busyboxplus
# tty: true
# stdin: true
# stdinOnce: true
# imagePullPolicy: IfNotPresent
[root@server2 manifest]# kubectl apply -f pod.yml
kubepod/myapp created
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 5s 172.25.254.4 server4 <none> <none>
[root@server2 manifest]# curl 172.25.254.4
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
172.25.254.4 正是我们server4的ip地址,共用了网络,但是这种容器只能开启一个,不能有副本,因为ip只有一个,会冲突。
pod重启策略
restartPolicy,定义pod的重启策略,有always,onfailure,never,默认为always,就是无论容器如何终止,时中去重启它,onfailure是只有pod以非0退出码终止时,才会重启它,就是当正常退出时(0)不重启,never,将退出码报告给master,永不重启。
[root@server2 manifest]# kubectl exec -it myapp -c myappv1 sh # 交互式访问,
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
/usr/share/nginx # nginx -s stop # 关闭nginx
2020/06/26 03:58:21 [notice] 18#18: signal process started
/usr/share/nginx # command terminated with exit code 137
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 1 68s 10.244.2.23 server4 <none> <none>
## 进行了重启
现在我们加上never参数:
[root@server2 manifest]# kubectl delete -f pod.yml # 删除之前的
vim podpod "myapp" deleted
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
restartPolicy: Never # 永不重启
[root@server2 manifest]# kubectl apply -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 4s 10.244.2.24 server4 <none> <none>
[root@server2 manifest]# kubectl exec -it myapp -c myappv1 sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
/ # nginx -s stop
2020/06/26 04:01:52 [notice] 12#12: signal process started
/ # command terminated with exit code 137
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 0/1 Completed 0 20s 10.244.2.24 server4 <none> <none>
#容器就显示完成了,就不再重启
[root@server2 manifest]# kubectl get pod -o yaml |less
我们可以导出到yaml文件格式来查看具体的格式,这种方法还可以用与忘记格式时使用
resource资源限制
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
resources:
requests: # 下限
memory: 100Mi
cpu: 0.1
limits: # 上限
memory: 200Mi
cpu: 0.2
[root@server2 manifest]# kubectl apply -f pod.yml
kubec getpod/myapp created
[root@server2 manifest]# kubectl describe pod myapp
Name: myapp
Namespace: default
...
Limits:
cpu: 200m
memory: 200Mi
Requests:
cpu: 100m
memory: 100Mi
...
结点选择器
nodeSelector,定义node的label过滤标签,以key:value格式指定。
[root@server2 manifest]# kubectl get node --show-labels
NAME STATUS ROLES AGE VERSION LABELS
...
server4 Ready <none> 7d15h v1.18.3 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,
kubernetes.io/hostname=server4,kubernetes.io/os=linux
[root@server2 manifest]# vim pod.yml
kind: Pod
metadata:
name: myapp
# namespace: default
# labels:
spec:
containers:
- name: myappv1
image: myapp:v1
resources:
requests:
memory: 100Mi
cpu: 0.1
limits:
memory: 200Mi
cpu: 0.2
- [ ] nodeSelector:
kubernetes.io/hostname: server4 选择server4的标签
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 4s 10.244.2.25 server4 <none> <none>
是在server4上.
[root@server2 manifest]# vim pod.yml
- [ ] nodeSelector:
kubernetes.io/hostname: server3 改为server3的标签
[root@server2 manifest]# kubectl apply -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp 1/1 Running 0 3s 10.244.1.48 server3 <none> <none>
就运行在server3上了
运行命令
指定容器的启动命令。
apiVersion: v1
kind: Pod
metadata:
name: pod-example
spec:
containers:
- name: ubuntu
image: ubuntu:trusty
command: ["echo"]
args: ["Hello World"] # 加上这两个参数就行了,也可以都写到command中,用,隔开。
打标签
[root@server2 manifest]# vim pod.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp
labels:
wo: myapp
spec:
containers:
- name: myappv1
image: myapp:v1
[root@server2 manifest]# kubectl apply -f pod.yml
pod/myapp created
[root@server2 manifest]# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
myapp 1/1 Running 0 14s wo=myapp
[root@server2 manifest]# kubectl get pod -l wo # 过滤包含wo的标签
NAME READY STATUS RESTARTS AGE
myapp 1/1 Running 0 90s
[root@server2 manifest]# kubectl get pod -L wo
NAME READY STATUS RESTARTS AGE WO
myapp 1/1 Running 0 2m myapp
[root@server2 manifest]# kubectl label pod myapp version=v1 #打新的标签
pod/myapp labeled
[root@server2 manifest]# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
myapp 1/1 Running 0 4m39s version=v1,wo=myapp
[root@server2 manifest]# kubectl label pod myapp version=v2 --overwrite #更改标签
pod/myapp labeled
[root@server2 manifest]# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
myapp 1/1 Running 0 5m56s version=v2,wo=myapp
[root@server2 manifest]# kubectl label pod myapp wo=ni --overwrite
pod/myapp labeled
[root@server2 manifest]# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
myapp 1/1 Running 0 6m8s version=v2,wo=ni