K8S中Pod的使用

一、概览

1、Pod资源的特点

Pod是最小部署单元,他是一组容器的集合,一个Pod中的容器共享网络命名空间,Pod是短暂的

2、Pod容器分类

1、infrastructure container 基础容器

维护整个Pod网络空间,node节点操作,查看容器的网络,每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的

cat /opt/kubernetes/cfg/kubelet

docker ps

2、initcontainers 初始化容器

先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进

3、container 业务容器

并行启动

3、镜像拉取策略(image PullPolicy)

IfNotPresent:默认值,镜像在宿主机上不存在时才拉取

Always:每次创建Pod都会重新拉取一次镜像

Never:Pod永远不会主动拉取这个镜像

4、资源限制

Pod和Container的资源请求和限制:

spec.containers[].resources.limits.cpu //cpu上限

spec.containers[].resources.limits.memory //内存上限

spec.containers[].resources.requests.cpu //创建时分配的基本CPU资源

spec.containers[].resources.requests.memory //创建时分配的基本内存资源

5、重启策略

Pod在遇到故障之后重启的动作

1:Always:当容器终止退出后,总是重启容器,默认策略

2:OnFailure:当容器异常退出(退出状态码非0)时,重启容器

3:Never:当容器终止退出,从不重启容器。

(注意:k8s中不支持重启Pod资源,只有删除重建)

6、探针检查

健康检查:又称为探针(Probe)

(注意:)规则可以同时定义

livenessProbe 如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。

ReadinessProbe 如果检查失败,kubernetes会把Pod从service endpoints中剔除。

Probe支持三种检查方法:

httpGet 发送http请求,返回200-400范围状态码为成功。

exec 执行Shell命令返回状态码是0为成功。

tcpSocket 发起TCP Socket建立成功

二、实验与使用

1、镜像拉取策略(master)

kubectl edit deployment/nginx ##查看内容如下所示

imagePullPolicy: Always

mkdir demo

cd demo/

vim pod1.yaml ##新增内容如下所示


apiVersion: v1

kind: Pod

metadata:

name: mypod

spec:

containers:

- name: nginx

image: nginx

imagePullPolicy: Always

command: [ “echo”, “SUCCESS” ]


kubectl create -f pod1.yaml

kubectl get pods

##如果查询状态为CrashLoopBackOff,删除command: [ “echo”, “SUCCESS” ],同时更改一下版本image:nginx: 1.14

kubectl delete -f pod1.yaml ##删除原有的资源

kubectl apply -f pod1.yaml ##更新资源

kubectl get pods

kubectl get pods -o wide ##查看分配节点

2、在node节点使用curl查看头部信息(node)

curl -I 172.17.31.6 ##查看各结点的nginx的版本

3、安装docker工具(harbor)

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install -y docker-ce

systemctl stop firewalld

setenforce 0

vim /etc/selinux/config

SELINUX=disabled

systemctl start docker

systemctl enable docker

cd /etc/docker/

tee /etc/docker/daemon.json <<-‘EOF’
{
“registry-mirrors”: [“https://sl6elacs.mirror.aliyuncs.com”]
}
EOF

systemctl daemon-reload ##重新加载系统参数

systemctl restart docker

vim /etc/sysctl.conf ##启用路由转发功能

net.ipv4.ip_forward=1

sysctl -p

systemctl restart network

systemctl restart docker

4、部署harbor创建私有项目(harbor)

cd /opt

cp docker-compose /usr/local/bin/

docker-compose -v ##查看版本信息

cd /opt

tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/

vim /usr/local/harbor/harbor.cfg

hostname=192.168.150.173 ##第5行,修改内容,修改为服务端地址

sh /usr/local/harbor/install.sh ##启动harbor

docker images ##查看镜像

docker ps -a ##查看容器

打开浏览器访问:http://192.168.150.133,查看管理页面,默认使用管理员用户名和密码访问

admin/Harbor12345

在网页上创建新的项目名称为:project

5、配置连接私有仓库(node)

vim /etc/docker/daemon.json

{

“registry-mirrors”: [“https://05vz3np5.mirror.aliyuncs.com”],

“insecure-registries”:[“192.168.150.133”]

}

docker login 192.168.150.133

admin

Harbor12345

docker pull tomcat ##下载Tomcat镜像进行推送

docker tag tomcat 192.168.195.80/project/tomcat ##打标签

docker push 192.168.195.80/project/tomcat ##推送成功

docker pull tomcat:8.0.52

6、编辑配置文件(master)

vim tomcat-deployment.yaml

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

 name: my-tomcat

spec:

 replicas: 2

 template:

  metadata:

   labels:

     app: my-tomcat

  spec:

   containers:

   - name: my-tomcat

     image: docker.io/tomcat:8.0.52

     ports:

   - containerPort: 80

---

apiVersion: v1

kind: Service

metadata:

 name: my-tomcat

spec:

 type: NodePort

 ports:

 - port: 8080

   targetPort: 8080

   nodePort: 31111

 selector:

   app: my-tomcat

kubectl create -f tomcat-deployment.yaml

kubectl get pods,deploy,svc

kubectl get pods

kubectl delete pod my-tomcat-57667b9d9-nklvj --force --grace-period=0 -n default ##强制删除

kubectl get pods

7、镜像打标签(node)

docker tag tomcat:8.0.52 192.168.150.133/project/tomcat ##镜像打标签

docker push 192.168.150.133/project/tomcat ##上传镜像到harbor

cat .docker/config.json |base64 -w 0 ##查看登陆凭据

ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=

8、修改配置文件(master)

vim registry-pull-secret.yaml ##编辑配置文件


apiVersion: v1

kind: Secret

metadata:

name: registry-pull-secret

data:

.dockerconfigjson:

ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=

type: kubernetes.io/dockerconfigjson


kubectl create -f registry-pull-secret.yaml ##创建secret资源

kubectl get secret ##查看secret资源

vim tomcat-deployment.yaml ##创建资源从harbor中下载镜像


apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: my-tomcat

spec:

replicas: 2

template:

metadata:

labels:

​ app: my-tomcat

spec:

imagePullSecrets:

- name: registry-pull-secret

containers:

- name: my-tomcat

​ image: 192.168.150.133/project/tomcat

​ ports:

​ - containerPort: 80

apiVersion: v1

kind: Service

metadata:

name: my-tomcat

spec:

type: NodePort

ports:

- port: 8080

targetPort: 8080

nodePort: 31111

selector:

app: my-tomcat


kubectl create -f tomcat-deployment.yaml

##可以查看到私有仓库中的镜像被下载了2次

9、编辑配置文件(master)

vim pod2.yaml

apiVersion: v1

kind: Pod

metadata:

name: frontend

spec:

containers:

- name: db

image: mysql

env:

- name: MYSQL_ROOT_PASSWORD

value: “password”

resources:

requests:

memory: “64Mi”

cpu: “250m”

limits:

memory: “128Mi”

cpu: “500m”

- name: wp

image: wordpress

resources:

requests:

memory: “64Mi”

cpu: “250m”

limits:

memory: “128Mi”

cpu: “500m”

kubectl apply -f pod2.yaml

kubectl describe pod frontend ##查看具体事件

kubectl describe nodes 192.168.150.163

kubectl get pods ##成功部署好后查看状态

kubectl describe nodes 192.168.150.179 ##查看node节点资源状态

kubectl get ns ##查看命名空间

10、查看重启策略

kubectl edit deploy

restartPolicy: Always

vim pod3.yaml


apiVersion: v1

kind: Pod

metadata:

name: foo

spec:

containers:

- name: busybox

image: busybox

args:

- /bin/sh

- -c

- sleep 30; exit 3


kubectl apply -f pod3.yaml

kubectl get pods ##查看重启次数加1

vim pod3.yaml

apiVersion: v1

kind: Pod

metadata:

name: foo

spec:

containers:

- name: busybox

image: busybox

args:

- /bin/sh

- -c

- sleep 10;exit 3

restartPolicy: Never

//跟container同一个级别

//完成状态不会进行重启

kubectl get pods

11、探针中exec方式

apiVersion: v1

kind: Pod

metadata:

 labels:

  test: liveness

 name: liveness-exec

spec:

 containers:

 - name: liveness

  image: busybox

  args:

  - /bin/sh

  - -c

  - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy;sleep 30

  livenessProbe:

   exec:

    command:

    - cat

    - /tmp/healthy

   initialDelaySeconds: 5

   periodSeconds: 5


kubectl get pods

12、探针中httpGet方式

apiVersion: v1

kind: Pod

metadata:

 labels:

  test: liveness

 name: liveness-http

spec:

 containers:

 - name: liveness

  image: k8s.gcr.io/liveness

  args:

  - /server

  livenessProbe:

   httpGet:

       path: /healthz

       port: 8080

       httpHeaders: 
       
       - name:  Custom-Header
         
         value:  Awesome

   initialDelaySeconds: 3

   periodSeconds: 3

13、探针中tcpSocket方式

apiVersion: V1
kind: Pod
metadata:
  name: goproxy
  labels:
    app: goproxy
spec:
  containers: 
  - name: goproxy
    image: k8s.gcr.io/goproxy:0.1
    ports:
    - containerPort: 8080
    readinessProbe:
      tcpSocket:
        port: 8080
      initialDelaySeconds: 5
      periodSeconds: 10
    livenessProbe:
      tcpSocket:
        port: 8080
      initialDelaySeconds: 15
      periodSeconds: 20

三、问题总结

docker pull 192.168.195.80/project/tomcat

Using default tag: latest

Error response from daemon: pull access denied for 192.168.195.80/project/tomcat, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied

//进行进项下载问题就会出现,需要登录才能下载

//问题点:缺少仓库的凭据

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐