K8S中Pod的使用
文章目录K8S中Pod的使用一、概览1、Pod资源的特点2、Pod容器分类3、镜像拉取策略(image PullPolicy)4、资源限制5、重启策略6、探针检查二、实验与使用1、镜像拉取策略(master)2、在node节点使用curl查看头部信息(node)3、安装docker工具(harbor)4、部署harbor创建私有项目(harbor)5、配置连接私有仓库(node)6、编辑配置文件(
文章目录
K8S中Pod的使用
一、概览
1、Pod资源的特点
Pod是最小部署单元,他是一组容器的集合,一个Pod中的容器共享网络命名空间,Pod是短暂的
2、Pod容器分类
1、infrastructure container 基础容器
维护整个Pod网络空间,node节点操作,查看容器的网络,每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
cat /opt/kubernetes/cfg/kubelet
docker ps
2、initcontainers 初始化容器
先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
3、container 业务容器
并行启动
3、镜像拉取策略(image PullPolicy)
IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod都会重新拉取一次镜像
Never:Pod永远不会主动拉取这个镜像
4、资源限制
Pod和Container的资源请求和限制:
spec.containers[].resources.limits.cpu //cpu上限
spec.containers[].resources.limits.memory //内存上限
spec.containers[].resources.requests.cpu //创建时分配的基本CPU资源
spec.containers[].resources.requests.memory //创建时分配的基本内存资源
5、重启策略
Pod在遇到故障之后重启的动作
1:Always:当容器终止退出后,总是重启容器,默认策略
2:OnFailure:当容器异常退出(退出状态码非0)时,重启容器
3:Never:当容器终止退出,从不重启容器。
(注意:k8s中不支持重启Pod资源,只有删除重建)
6、探针检查
健康检查:又称为探针(Probe)
(注意:)规则可以同时定义
livenessProbe 如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。
ReadinessProbe 如果检查失败,kubernetes会把Pod从service endpoints中剔除。
Probe支持三种检查方法:
httpGet 发送http请求,返回200-400范围状态码为成功。
exec 执行Shell命令返回状态码是0为成功。
tcpSocket 发起TCP Socket建立成功
二、实验与使用
1、镜像拉取策略(master)
kubectl edit deployment/nginx ##查看内容如下所示
imagePullPolicy: Always
mkdir demo
cd demo/
vim pod1.yaml ##新增内容如下所示
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ “echo”, “SUCCESS” ]
kubectl create -f pod1.yaml
kubectl get pods
##如果查询状态为CrashLoopBackOff,删除command: [ “echo”, “SUCCESS” ],同时更改一下版本image:nginx: 1.14
kubectl delete -f pod1.yaml ##删除原有的资源
kubectl apply -f pod1.yaml ##更新资源
kubectl get pods
kubectl get pods -o wide ##查看分配节点
2、在node节点使用curl查看头部信息(node)
curl -I 172.17.31.6 ##查看各结点的nginx的版本
3、安装docker工具(harbor)
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl stop firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled
systemctl start docker
systemctl enable docker
cd /etc/docker/
tee /etc/docker/daemon.json <<-‘EOF’
{
“registry-mirrors”: [“https://sl6elacs.mirror.aliyuncs.com”]
}
EOF
systemctl daemon-reload ##重新加载系统参数
systemctl restart docker
vim /etc/sysctl.conf ##启用路由转发功能
net.ipv4.ip_forward=1
sysctl -p
systemctl restart network
systemctl restart docker
4、部署harbor创建私有项目(harbor)
cd /opt
cp docker-compose /usr/local/bin/
docker-compose -v ##查看版本信息
cd /opt
tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
vim /usr/local/harbor/harbor.cfg
hostname=192.168.150.173 ##第5行,修改内容,修改为服务端地址
sh /usr/local/harbor/install.sh ##启动harbor
docker images ##查看镜像
docker ps -a ##查看容器
打开浏览器访问:http://192.168.150.133,查看管理页面,默认使用管理员用户名和密码访问
admin/Harbor12345
在网页上创建新的项目名称为:project
5、配置连接私有仓库(node)
vim /etc/docker/daemon.json
{
“registry-mirrors”: [“https://05vz3np5.mirror.aliyuncs.com”],
“insecure-registries”:[“192.168.150.133”]
}
docker login 192.168.150.133
admin
Harbor12345
docker pull tomcat ##下载Tomcat镜像进行推送
docker tag tomcat 192.168.195.80/project/tomcat ##打标签
docker push 192.168.195.80/project/tomcat ##推送成功
docker pull tomcat:8.0.52
6、编辑配置文件(master)
vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
containers:
- name: my-tomcat
image: docker.io/tomcat:8.0.52
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
kubectl create -f tomcat-deployment.yaml
kubectl get pods,deploy,svc
kubectl get pods
kubectl delete pod my-tomcat-57667b9d9-nklvj --force --grace-period=0 -n default ##强制删除
kubectl get pods
7、镜像打标签(node)
docker tag tomcat:8.0.52 192.168.150.133/project/tomcat ##镜像打标签
docker push 192.168.150.133/project/tomcat ##上传镜像到harbor
cat .docker/config.json |base64 -w 0 ##查看登陆凭据
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
8、修改配置文件(master)
vim registry-pull-secret.yaml ##编辑配置文件
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson:
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson
kubectl create -f registry-pull-secret.yaml ##创建secret资源
kubectl get secret ##查看secret资源
vim tomcat-deployment.yaml ##创建资源从harbor中下载镜像
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.150.133/project/tomcat
ports:
- containerPort: 80
—
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
kubectl create -f tomcat-deployment.yaml
##可以查看到私有仓库中的镜像被下载了2次
9、编辑配置文件(master)
vim pod2.yaml
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: db
image: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: “password”
resources:
requests:
memory: “64Mi”
cpu: “250m”
limits:
memory: “128Mi”
cpu: “500m”
- name: wp
image: wordpress
resources:
requests:
memory: “64Mi”
cpu: “250m”
limits:
memory: “128Mi”
cpu: “500m”
kubectl apply -f pod2.yaml
kubectl describe pod frontend ##查看具体事件
kubectl describe nodes 192.168.150.163
kubectl get pods ##成功部署好后查看状态
kubectl describe nodes 192.168.150.179 ##查看node节点资源状态
kubectl get ns ##查看命名空间
10、查看重启策略
kubectl edit deploy
restartPolicy: Always
vim pod3.yaml
apiVersion: v1
kind: Pod
metadata:
name: foo
spec:
containers:
- name: busybox
image: busybox
args:
- /bin/sh
- -c
- sleep 30; exit 3
kubectl apply -f pod3.yaml
kubectl get pods ##查看重启次数加1
vim pod3.yaml
apiVersion: v1
kind: Pod
metadata:
name: foo
spec:
containers:
- name: busybox
image: busybox
args:
- /bin/sh
- -c
- sleep 10;exit 3
restartPolicy: Never
//跟container同一个级别
//完成状态不会进行重启
kubectl get pods
11、探针中exec方式
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness
name: liveness-exec
spec:
containers:
- name: liveness
image: busybox
args:
- /bin/sh
- -c
- touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy;sleep 30
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5
periodSeconds: 5
kubectl get pods
12、探针中httpGet方式
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness
name: liveness-http
spec:
containers:
- name: liveness
image: k8s.gcr.io/liveness
args:
- /server
livenessProbe:
httpGet:
path: /healthz
port: 8080
httpHeaders:
- name: Custom-Header
value: Awesome
initialDelaySeconds: 3
periodSeconds: 3
13、探针中tcpSocket方式
apiVersion: V1
kind: Pod
metadata:
name: goproxy
labels:
app: goproxy
spec:
containers:
- name: goproxy
image: k8s.gcr.io/goproxy:0.1
ports:
- containerPort: 8080
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 15
periodSeconds: 20
三、问题总结
docker pull 192.168.195.80/project/tomcat
Using default tag: latest
Error response from daemon: pull access denied for 192.168.195.80/project/tomcat, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied
//进行进项下载问题就会出现,需要登录才能下载
//问题点:缺少仓库的凭据
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)