一.系统环境
| 服务器版本 | docker软件版本 | Kubernetes(k8s)集群版本 | CPU架构 |
|---|
| CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | v1.21.9 | x86_64 |
Kubernetes集群架构:k8scloude1作为master节点,k8scloude2,k8scloude3作为worker节点
| 服务器 | 操作系统版本 | CPU架构 | 进程 | 功能描述 |
|---|
| k8scloude1/192.168.110.130 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico | k8s master节点 |
| k8scloude2/192.168.110.129 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
| k8scloude3/192.168.110.128 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
二.前言
本文介绍静态 Pod,静态 Pod 在指定的节点上由 kubelet 守护进程直接管理,不需要 API 服务器监管。
创建静态pod的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.jb51.net/article/266741.htm
三.静态pod
3.1 何为静态pod
静态 Pod 在指定的节点上由 kubelet 守护进程直接管理,不需要 API 服务器监管。 与由控制面管理的 Pod(例如,Deployment) 不同;kubelet 监视每个静态 Pod(在它失败之后重新启动)。静态 Pod 始终都会绑定到特定节点的 Kubelet 上。
kubelet 会尝试通过 Kubernetes API 服务器为每个静态 Pod 自动创建一个镜像 Pod。 这意味着节点上运行的静态 Pod 对 API 服务来说是可见的,但是不能通过 API 服务器来控制。 Pod 名称将把以连字符开头的节点主机名作为后缀。
说明:如果你在运行一个 Kubernetes 集群,并且在每个节点上都运行一个静态 Pod, 就可能需要考虑使用 DaemonSet 替代这种方式。静态 Pod 的 spec 不能引用其他 API 对象 (如:ServiceAccount、 ConfigMap、 Secret 等)。
3.2 创建静态pod
静态pod的应用场景为:1.使master能正常启动 2.如果某天我们的master崩溃了,如何让别人知道我们的服务器在维护?
目前该命名空间是没有pod运行的
| 1 2 | [root@k8scloude1 pod]# kubectl get pods
No resources found in pod namespace.
|
静态pod的创建方法为:写一个yaml文件,然后把yaml文件放在指定目录,会自动根据yaml文件创建pod。有两种方法来指定这个目录:
--pod-manifest-path
/etc/kubernetes/manifests
3.2.1 使用--pod-manifest-path指定静态pod目录
查看kubelet的配置文件位置,可以看到kubelet的配置文件在/usr/lib/systemd/system/kubelet.service
注意:我们是在k8s集群的worker节点k8scloude2上创建静态pod的
| 1 2 3 4 5 6 7 8 9 10 11 | [root@k8scloude2 ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since 六 2022-01-15 12:27:34 CST; 5h 30min ago
Docs: https://kubernetes.io/docs/
Main PID: 947 (kubelet)
Memory: 122.6M
CGroup: /system.slice/kubelet.service
└─947 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --network-plugin=cni --pod-infr...
|
修改kubelet的配置文件/usr/lib/systemd/system/kubelet.service,使用--pod-manifest-path=/etc/kubernetes/kubelet.d指定静态pod目录。
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@k8scloude2 ~]# vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
#--pod-manifest-path=/etc/kubernetes/kubelet.d表示静态pod的目录为/etc/kubernetes/kubelet.d
[root@k8scloude2 ~]# cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/kubelet.d"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
|
创建静态pod目录,并使kubelet配置文件生效
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [root@k8scloude2 ~]# mkdir /etc/kubernetes/kubelet.d
[root@k8scloude2 ~]# systemctl daemon-reload
[root@k8scloude2 ~]# systemctl restart kubelet
[root@k8scloude2 ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since 六 2022-01-15 18:02:15 CST; 6s ago
Docs: https://kubernetes.io/docs/
Main PID: 108844 (kubelet)
Memory: 30.7M
CGroup: /system.slice/kubelet.service
├─108844 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/kubelet.d --config=/var/lib/ku...
└─108999 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/kubelet.d --config=/var/lib/ku...
|
进入静态pod的目录,然后创建pod yaml文件
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@k8scloude2 ~]# cd /etc/kubernetes/kubelet.d/
[root@k8scloude2 kubelet.d]# ls
[root@k8scloude2 kubelet.d]# vim pod.yaml
[root@k8scloude2 kubelet.d]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod
name: pod
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod
resources: {}
ports:
- name: http
containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
|
在k8s集群的master节点上查看pod,在master上可以看到该pod,由于pod.yaml没有指定namespace,默认在default下,可以看到Pod 名称(pod-k8scloude2)是以连字符开头的节点主机名作为后缀。
| 1 2 3 | [root@k8scloude1 pod]# kubectl get pods -n default -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-k8scloude2 1/1 Running 0 109s 10.244.112.153 k8scloude2 <none> <none>
|
当把这个pod.yaml文件从静态pod目录移走,pod就消失了
| 1 2 3 4 5 | [root@k8scloude2 kubelet.d]# mv pod.yaml ~/
[root@k8scloude2 kubelet.d]# ls
#当把这个yaml文件移走,pod消失
[root@k8scloude1 pod]# kubectl get pods -n default -o wide
No resources found in default namespace.
|
现在指定静态pod的namespace为pod
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [root@k8scloude2 kubelet.d]# vim pod.yaml
#namespace: pod:指定pod的命名空间
[root@k8scloude2 kubelet.d]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod
name: pod
namespace: pod
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod
resources: {}
ports:
- name: http
containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
[root@k8scloude2 kubelet.d]# ls
pod.yaml
|
查看pod
| 1 2 3 | [root@k8scloude1 pod]# kubectl get pods -n pod
NAME READY STATUS RESTARTS AGE
pod-k8scloude2 1/1 Running 0 6s
|
3.2.2 静态pod默认目录/etc/kubernetes/manifests
注意:进行这一步的时候,先还原kubelet配置文件/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
查看配置文件,可以发现静态pod默认目录为/etc/kubernetes/manifests
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@k8scloude2 kubelet.d]# cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
[root@k8scloude2 kubelet.d]# ls /var/lib/kubelet/config.yaml
/var/lib/kubelet/config.yaml
[root@k8scloude2 kubelet.d]# cat /var/lib/kubelet/config.yaml | grep manifest
staticPodPath: /etc/kubernetes/manifests
#默认的静态pod的目录为 ls /etc/kubernetes/manifests
[root@k8scloude2 kubelet.d]# ls /etc/kubernetes/manifests
|
在默认的静态pod目录/etc/kubernetes/manifests/下创建pod yaml文件
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | #namespace: pod:指定pod的命名空间
[root@k8scloude2 kubelet.d]# vim ~/pod.yaml
[root@k8scloude2 kubelet.d]# cat ~/pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod
name: pod
namespace: pod
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod
resources: {}
ports:
- name: http
containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
[root@k8scloude2 kubelet.d]# cp ~/pod.yaml /etc/kubernetes/manifests/
|
可以发现,静态pod已经创建了
| 1 2 3 | [root@k8scloude1 pod]# kubectl get pods -n pod
NAME READY STATUS RESTARTS AGE
pod-k8scloude2 1/1 Running 0 6s
|
删除yaml文件,静态pod消失
| 1 2 3 4 5 | #删除yaml文件
[root@k8scloude2 kubelet.d]# rm -rf /etc/kubernetes/manifests/pod.yaml
#pod消失
[root@k8scloude1 pod]# kubectl get pods -n pod
No resources found in pod namespace.
|
前面几步,静态pod是在k8s集群的worker节点上做的,现在在k8s集群的master节点上做。
注意:如果在/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf里添加了--pod-manifest-path=/etc/kubernetes/kubelet.d,则相应的/etc/kubernetes/manifests/下的yaml文件也要移动到/etc/kubernetes/kubelet.d目录下,不然k8s集群的master节点启动不起来。
可以看到k8s集群的master节点有很多静态pod。
| 1 2 | [root@k8scloude1 pod]# ls /etc/kubernetes/manifests/
etcd.yaml kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yaml
|
0
0
已为社区贡献5条内容
所有评论(0)