Pod基本概念
Pod是Kubernetes创建和管理的最小单元,一个Pod由一个容器或多个容器组成,这些容器共享存储、网络。
Pod特点:
- 一个Pod可以理解为是一个应用实例,提供服务
- Pod中容器始终部署在一个Node上
- Pod中容器共享网络、存储资源
- Kubernetes直接管理Pod,而不是容器
Pod存在的意义
Pod主要用法:
- 运行单个容器:最常见的用法,在这种情况下,可以将Pod看做是单个容器的抽象封装
- 运行多个容器:封装多个紧密耦合且需要共享资源的应用程序
如果有这些需求,你可以运行多个容器:
- 两个应用之间发生文件交互
- 两个应用需要通过127.0.0.1或者socket通信
- 两个应用需要发生频繁的调用
Pod资源共享实现机制
共享网络:将业务容器网络加入到“负责网络的容器”实现网络共享
共享网络:容器通过数据卷共享数据
Pod管理命令
- 创建pod:
- kubectl apply -f pod.yaml
- 或者使用命令 kubectl run nginx --image=nginx
- 查看pod:
- kubectl get pods
- kubectl describe pod<pod名称>
- 查看日志:
- kubectl logs <pod名称>[-c CONTAINER]
- kubectl logs <pod名称>[-c CONTAINER]
- 进入容器终端:
- kubectl exec <pod名称>[-c CONTAINER] --bash
- 删除pod:
- kubectl delete <pod名称>定义pod
apiVersion:v1
kind:Pod
metadata:
name:my-pod
spec:
containers:
- name:container1
image:nginx
- name: container2
image:centos
重启策略+健康检查(应用自修复)
重启策略:
- Always:当容器终止退出后,总是重启容器,默认策略。
- OnFailure:当容器异常退出(退出状态码非O)时,才重启容器。
- Never:当容器终止退出,从不重启容器。
健康检查类型:
- livenessProbe (存活检查)︰如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。
- readinessProbe (就绪检查)∶如果检查失败,Kubernetes会把Pod从service endpoints中剔除。
支持的检查方法:
- httpGet:发送HTTP请求,返回200-400范围状态码为成功。
- exec:执行Shell命令返回状态是0为成功。
- tcpSocket:发起TCP Socke建立成功。
示例:端口探测
apiVersion: v1
kind: Pod
metadata:
name: probe-demo
namespace: demo
spec
containers:
- name: web
image: nginx
ports:
- containerPort: 8o
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds:30
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 8o
initialDelaySeconds: 30
periodSeconds: 10
执行shell指令
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
HTTP请求
livenessProbe:
httpGet:
path: /healthy
port: 8080
httpHeaders:
- name:Custon-Header
value: Awesome
环境变量
变量值几种定义方式:
- 自定义变量值
- 变量值从Pod属性获取
- 变量值从Secret、ConfigMap获取
apiVersion: v1
kind: Pod
metadata:
name: pod-envars
spec:
containers:
- name: test
image: busybox
command: [ "sh". "-c","sleep 36000"]
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name:MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podlP
- name:ABC
value: "123456"
Init Container
Init Container:顾名思义,用于初始化工作,执行完就结束,可以理解为一次性任务。
- 支持大部分应用容器配置,但不支持健康检查
- 优先应用容器执行
应用场景:
- 环境检查:例如确保应用容器依赖的服务启动后再启动应用容器
- 初始化配置:例如给应用容器准备配置文件
部署一个web网站,网站程序没有打到镜像中,而是希望从代码仓库中动态拉取放到应用容器中。
apiVersion: v1
kind: Pod
metadata:
name: init-demo
spec:
initContainers:
- name: download
image: busybox
command:
- wget-"-O"
- "/opt/index.html"- http://www.ctnrs.com
volumeMounts:
- name: wwwroot
mountPath: "/opt"
containers:
- name: nginx
image: nginx
port:
- containerPort: 80
volumeMounts:
- name: wwwroot
mountPath: /usr/share/nginx/html
volumes:
- name: wwwroot
emptyDir: {}
通过资源定义方式创建一个haproxy的pod进行负载均衡
要能够在浏览器上看到负载均衡的效果,要求要用到健康检查、初始化容器、环境变量
[root@master ~]# vim Dockerfile
FROM busybox
RUN mkdir /data && echo 'hello,this is a test page > /data/index.html
CMD ["/bin/httpd","-f","-h","/data"]
[root@master ~]# docker build -t bravealove1/httpd:v0.1
Successfully built 8adfcb109338
Successfully tagged aimmi/httpd:v0.1
[root@master ~]# vim Dockerfile
FROM busybox
RUN mkdir /data && echo 'hello,this is a test page 2' > /data/index.html
CMD ["/bin/httpd","-f","-h","/data"]
[root@master ~]# docker build -t aimmi/httpd:v0.2 .
Successfully built 9a5188dcf431
Successfully tagged bravealove1/httpd:v0.2
[root@master ~]# vim web.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web1
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: web1
template:
metadata:
labels:
app: web1
spec:
containers:
- image: aimmi/httpd:v0.1
imagePullPolicy: IfNotPresent
name: web1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: web2
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: web2
template:
metadata:
labels:
app: web2
spec:
containers:
- image: aimmi/httpd:v0.2
imagePullPolicy: IfNotPresent
name: web2
---
apiVersion: v1
kind: Service
metadata:
name: web1
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: web1
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
name: web2
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: web2
type: NodePort
[root@master ~]# kubectl apply -f web.yaml
deployment.apps/web1 created
deployment.apps/web2 created
service/web1 created
service/web2 created
[root@master ~]# vim haproxy.yaml
---
apiVersion: apps/v1
kind: Pod
metadata:
name: haproxy
namespace: default
labels:
app: haproxy
spec:
restartPolicy: OnFailure
initContainers:
- name: cfgfile
volumeMounts:
- name: haproxyconfigfile
mountPath: /tmp
containers:
- image: bravealove1/haproxy:latest
imagePullPolicy: IfNotPresent
name: haproxy
env:
- name: RSIP
value: "web1 web2 "
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 30
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: haproxy
type: NodePort
[root@master ~]# kubectl apply -f haproxy.yml
deployment.apps/haproxy created
service/haproxy created