k8s 重启策略、健康检查、环境变量、初始化容器
Pod基本概念
Pod是Kubernetes创建和管理的最小单元,一个Pod由一个容器或多个容器组成,这些容器共享存储、网络。
Pod特点
- 一个Pod可以理解为是一个应用实例,提供服务.
- Pod中容器始终部署在一个Node上
- Pod中容器共享网络、存储资源
- Kubernetes直接管理Pod,而不是容器
Pod存在意义
Pod主要用法:
- 运行单个容器:最常见的用法,在这种情况下,可以将Pod看做是单个容器的抽象封装
- 运行多个容器:封装多个紧密耦合且需要共享资源的应用程序
如果有这些需求,你可以运行多个容器:
- 两个应用之间发生文件交互
- 两个应用需要通过127.0.0.1或者socket通信
- 两个应用需要发生频繁的调用
Pod资源共享实现机制
重启策略
- Always:当容器终止退出后,总是重启容器,默认策略(总是重启)
- OnFailure:当容器异常退出(退出状态码非0)时,才重启容器 (非正常退出,比如stop、kill)
- Never:当容器终止退出,从不重启容器(永不重启)
[root@master manifest]# cat test.yml
apiVersion: v1
kind: Pod
metadata:
name: web
spec:
containers: //一个pod多个容器
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
- name: test
image: busybox
imagePullPolicy: IfNotPresent
command: ["bin/sh","-c","sleep 450"]
restartPolicy: Never #默认的话不用修改,改为never后停止容器不会重启
[root@master manifest]# kubectl apply -f test.yml //创建pod
pod/web created
[root@master manifest]# kubectl get pod
NAME READY STATUS RESTARTS AGE
web 2/2 Running 0 92s
[root@master manifest]# kubectl get pod -o wide -w //在node2上停止其中一个,发现并不会重启
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
web 1/2 NotReady 0 4m51s 10.244.2.10 node2.example.com <none> <none>
健康检查
- livenessProbe(存活检查)︰如果检查失败,将杀死容器,根据Pod的- restartPolicy来操作
- readinessProbe(就绪检查)︰如果检查失败,Kubernetes会把Pod从service endpoints中剔除
支持的检查方式:
- httpGet:发送HTTP请求,返回200-400范围状态码为成功
- exec: 执行hell命令返回状态码是0为成功
- tcpSocket:发起TCP Socket建立成功
与重启策略相结合使用
重启策略+健康检查
//端口探测
[root@master ~]# cat test.yml
---
apiVersion: v1
kind: Pod
metadata:
name: web
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
hostPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 20 #启动容器后多少秒健康检查
periodSeconds: 10 #以后间隔多少秒检查一次
readinessProbe:
httpGet:
port: 80
initialDelaySeconds: 20
periodSeconds: 10
[root@master ~]# kubectl apply -f test.yml
pod/web created
//查看pod,发现在进行初始化
[root@master ~]# kubectl get pod
NAME READY(就绪状态) STATUS(存活状态) RESTARTS AGE
web 0/1 Running 0 18s
//等待一定时间后会进入运行
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
web 1/1 Running 0 34s
环境变量
变量值几种定义方式:
- 自定义变量值
- 变量值从Pod属性获取
- 变量值从Secrt,ConfigMap
自定义变量值
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: test
image: busybox
imagePullPolicy: IfNotPresent
command: ["bin/sh","-c","sleep 45"]
env:
- name: HN
value: tom
[root@master ~]# kubectl apply -f test.yml
pod/test created
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
test 1/1 Running 0 21s
[root@master ~]# kubectl exec -it test -- /bin/sh
/ # echo $HN
tom
变量值从Pod属性获取
[root@master ~]# cat test.yml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: test
image: busybox
imagePullPolicy: IfNotPresent
command: ["bin/sh","-c","sleep 45"]
env:
- name: HN
valueFrom:
fieldRef:
fieldPath: metadata.name
[root@master ~]# kubectl delete -f test.yml
pod "test" deleted
[root@master ~]# kubectl apply -f test.yml
pod/test created
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
test 1/1 Running 0 21s
[root@master ~]# kubectl exec -it test -- /bin/sh
/ # echo $HN
test
变量值从Secrt
[root@master ~]# cat test.yml
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: test
image: busybox
imagePullPolicy: IfNotPresent
command: ["bin/sh","-c","sleep 45"]
env:
- name: HN
valueFrom:
fieldRef:
fieldPath: spec.nodeName
[root@master ~]# kubectl apply -f test.yml
pod/test created
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
test 1/1 Running 0 17s
[root@master ~]# kubectl exec -it test -- /bin/sh
/ # echo $HN
node1
init Container(初始化容器)
初始化容器
- Init Container:用于初始化工作,执行完就结束(一次性任务)
- 支持大部分应用容器配置,但不支持健康检查
- 优先应用容器执行
应用场景:
- 环境检查:例如确保应用容器依赖的服务启动后再启动应用容器
- 初始化配置:例如给应用容器准备配置文件
[root@master manifest]# cat test.yml
---
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: default
spec:
initContainers:
- name: download
image: busybox
imagePullPolicy: IfNotPresent
volumeMounts:
- name: data
mountPath: /tmp
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
hostPort: 80
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html
volumes:
- name: data
hostPath:
path: /var/www/html
//创建存储卷映射目录
[root@node1 ~]# mkdir /var/www/html/ -p
[root@node1 ~]# cd /var/www/html/
[root@node1 html]# echo "hello world" > index.html
[root@node2 ~]# mkdir /var/www/html/ -p
[root@node2 ~]# cd /var/www/html/
[root@node2 html]# echo "123" > index.html
[root@master manifest]# kubectl apply -f test.yml
pod/web created
[root@master manifest]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
web 1/1 Running 0 21s 10.244.2.11 node2.example.com <none> <none>
[root@master manifest]# curl 10.244.2.11
123
//pod详细信息
[root@master manifest]# kubectl describe pod web
Name: web
Namespace: default
Priority: 0
Node: node2.example.com/192.168.237.141
Start Time: Thu, 23 Dec 2021 11:15:45 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.2.11
IPs:
IP: 10.244.2.11
Init Containers:
download:
Container ID: docker://ee2cad1f98d7cc104a0a9e8463d5dc3d4790693de38df6c5b0454bb08d76338a
Image: busybox
Image ID: docker-pullable://busybox@sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Port: <none>
Host Port: <none>
State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 23 Dec 2021 11:15:46 +0800
Finished: Thu, 23 Dec 2021 11:15:46 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/tmp from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-r4pr2 (ro)
Containers:
nginx:
Container ID: docker://3ccb5aaf458a5b7e6afe4c60a24ea8314690261e342525d0be6f92341723df90
Image: nginx
Image ID: docker-pullable://nginx@sha256:1f105601bfded0fa298d8c5efd5569f4ed3bf53dc7f4c41c691c29999550f6a3
Port: 80/TCP
Host Port: 80/TCP
State: Running
Started: Thu, 23 Dec 2021 11:15:47 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/usr/share/nginx/html from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-r4pr2 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
data:
Type: HostPath (bare host directory volume)
Path: /var/www/html
HostPathType:
default-token-r4pr2:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-r4pr2
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 74s default-scheduler Successfully assigned default/web to node2.example.com
Normal Pulled 73s kubelet Container image "busybox" already present on machine
Normal Created 73s kubelet Created container download
Normal Started 73s kubelet Started container download
Normal Pulled 73s kubelet Container image "nginx" already present on machine
Normal Created 72s kubelet Created container nginx
Normal Started 72s kubelet Started container nginx
Pod中会有这几种类型的容器
- Infrastructure Container:基础容器
维护整个Pod网络空间 - lnitContainers:初始化容器
先于业务容器开始执行 - Containers:业务容器
并行启动