Day05-readinessProbe探针,startupProbe探针,Pod生命周期,静态Pod,初始化容器,rc控制器的升级和回滚,rs控制器精讲
(2)静态Pod创建的Pod名称会自动加上kubelet节点的主机名,比如"-k8s151.oldboyedu.com",会忽略"nodeName"字段哟;(3)静态Pod的创建并不依赖API-Server,而是直接基于kubelet所在节点来启动Pod;(4)静态Pod的删除只需要将其从staticPodPath指定的路径移除即可;(5)静态Pod路径仅对Pod资源类型有效,其他类型资源将不被创
·
Day05-readinessProbe探针,startupProbe探针,Pod生命周期,静态Pod,初始化容器,rc控制器的升级和回滚,rs控制器精讲
0、昨日内容回顾
- harbor认证信息使用secret的资源清单编写;
- 标签管理:
声明式:
修改资源清单。
响应式:
直接编写命令行参数。
- 探针(Probe):
LivenessProbe:
- exec
- httpGet
- tcpSocket
- 名称空间(namespace):
隔离K8S集群资源。
- 控制器(rc):
用于控制Pod的副本数量。
- 服务(services):
用于暴露K8S服务。
- 对内提供Pod的服务动态发现
- 对外提供统一的访问入口,进行Pod的负载均衡
四种类型:
- ClusterIP
- NodePort
- ExternalName
- LoadBalancer
Pod的资源清单
apiVersion: v1
kind: Pod
metadata:
name:
namespace:
labels:
spec:
hostNetwork:
imagePullSecrets:
- name:
restartPolicy:
nodeName:
volumes:
- name:
nfs:
server:
path:
- name:
emptyDir:{}
- name:
hostPath:
path:
- ...
containers:
- name:
image:
stdin:
comannd:
args:
ports:
env:
livenessProbe:
exec:
httpGet:
tcpSocket:
...
volumeMounts:
resources:
requests:
limits:
imagePullPolicy:
1、readinessProbe可用性检查探针之exec案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 02-rc-readinessProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-readinessprobe
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
command:
- /bin/sh
- -c
- touch /tmp/oldboyedu-linux85-healthy; sleep 5; rm -f /tmp/oldboyedu-linux85-healthy; sleep 600
# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.
readinessProbe:
# 使用exec的方式去做健康检查
exec:
# 自定义检查的命令
command:
- cat
- /tmp/oldboyedu-linux85-healthy
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-readinessprobe
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
selector:
hobby: k8s
auther: jasonyin
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
clusterIP: 10.200.100.200
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 02-rc-readinessProbe.yaml
(3)查看Pod状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 0/1 Running 0 2s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 0/1 Running 0 2s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 2s
[root@k8s231.oldboyedu.com replicationcontrollers]#
(4)查看svc的状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get svc oldboyedu-linux85-web-readinessprobe
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux85-web-readinessprobe ClusterIP 10.200.100.200 <none> 80/TCP 28s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.200
IPs: 10.200.100.200
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints:
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(5)查看ep资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get ep oldboyedu-linux85-web-readinessprobe
NAME ENDPOINTS AGE
oldboyedu-linux85-web-readinessprobe 64s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Subsets:
Addresses: <none>
NotReadyAddresses: 10.100.1.80,10.100.2.61,10.100.2.62
Ports:
Name Port Protocol
---- ---- --------
<unset> 80 TCP
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(6)将任意2个Pod调整为就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 0/1 Running 0 100s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 0/1 Running 0 100s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 100s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-9bjr6 -- touch /tmp/oldboyedu-linux85-healthy
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-fqltq -- touch /tmp/oldboyedu-linux85-healthy
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 1/1 Running 0 2m4s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 1/1 Running 0 2m4s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 2m4s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
(7)查看ep,svc资源状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.200
IPs: 10.200.100.200
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.2.61:80,10.100.2.62:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:00:16Z
Subsets:
Addresses: 10.100.2.61,10.100.2.62
NotReadyAddresses: 10.100.1.80
Ports:
Name Port Protocol
---- ---- --------
<unset> 80 TCP
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
2、可用性检查之httpGet案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 03-rc-readinessProbe-httpGet.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-readinessprobe-httpget
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.
readinessProbe:
# 使用httpGet的方式去做健康检查
httpGet:
# 指定访问的端口号
port: 80
# 检测指定的访问路径
path: /index.html
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-readinessprobe-httpget
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
selector:
hobby: k8s
auther: jasonyin
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
clusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 03-rc-readinessProbe-httpGet.yaml
replicationcontroller/oldboyedu-linux85-web-rc-readinessprobe-httpget created
service/oldboyedu-linux85-web-readinessprobe-httpget created
[root@k8s231.oldboyedu.com replicationcontrollers]#
(3)查看就绪状态,大概是在15s之后才是就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 1/1 Running 0 25s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 25s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 25s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.220
IPs: 10.200.100.220
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.1.83:80,10.100.2.64:80,10.100.2.65:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:31:46Z
Subsets:
Addresses: 10.100.1.83,10.100.2.64,10.100.2.65
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 80 TCP
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(4)修改其为不就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 1/1 Running 0 2m3s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 2m3s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 2m3s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 -- rm -f /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 0/1 Running 0 2m29s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 2m29s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 2m29s
[root@k8s231.oldboyedu.com replicationcontrollers]#
(5)再次查看svc和ep状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.220
IPs: 10.200.100.220
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.2.64:80,10.100.2.65:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svc
class=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:33:54Z
Subsets:
Addresses: 10.100.2.64,10.100.2.65
NotReadyAddresses: 10.100.1.83
Ports:
Name Port Protocol
---- ---- --------
<unset> 80 TCP
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
3、可用性检查之tcpSocket案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 04-rc-readinessProbe-tcpSocket.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-readinessprobe-tcpsocket
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
command:
- /bin/sh
- -c
- sleep 25; nginx -g "daemon off;"
# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.
readinessProbe:
# 使用tcpSocket的方式去做健康检查
tcpSocket:
port: 80
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-readinessprobe-httpget
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
selector:
hobby: k8s
auther: jasonyin
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
clusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建并查看pod状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 04-rc-readinessProbe-tcpSocket.yaml
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
4、readinessProbe和livenessProbe搭配使用案例
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 05-rc-readinessProbe-livenessProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-readinessprobe-tcpsocket
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- livenessProbe:
httpGet:
port: 80
path: /index.html
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
readinessProbe:
httpGet:
port: 80
path: /oldboyedu.html
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-readinessprobe-httpget
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
selector:
hobby: k8s
auther: jasonyin
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
clusterIP: 10.200.100.220
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 0 3s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 0/1 Running 0 3s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 3s
[root@k8s231 replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz -- rm -f /usr/share/nginx/html/index.html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (9s ago) 73s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 0/1 Running 0 73s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 73s
[root@k8s231 replicationcontrollers]# vim /tmp/oldboyedu.html
<h1>style=`color: green;`>www.oldboyedu.com</h1>
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (4m28s ago) 5m32s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 1/1 Running 0 5m32s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 5m32s
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (5m3s ago) 6m7s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 1/1 Running 0 6m7s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 1/1 Running 0 6m7s
5、startupProbe启动探针和其他探针的执行优先案例
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 06-rc-readinessProbe-livenessProbe-startupProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-probe
labels:
school: oldboyedu
class: linux85
apps: rc
namespace: default
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
hobby: k8s
auther: jasonyin
spec:
containers:
- name: linux85-exec
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
# 判断服务是否健康,若检查不通过,将Pod直接重启。
livenessProbe:
httpGet:
port: 80
path: /huozhe.html
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
# 判断服务是否就绪,若检查不通过,将Pod标记为未就绪状态。
readinessProbe:
httpGet:
port: 80
path: /oldboyedu.html
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
# 启动时做检查,若检查不通过,直接杀死容器。
# startupProbe探针通过后才回去执行readinessProbe和livenessProbe哟~
startupProbe:
httpGet:
port: 80
path: /start.html
failureThreshold: 3
initialDelaySeconds: 35
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-readinessprobe-httpget
namespace: default
labels:
apps: oldboyedu-svc
class: linux85
spec:
selector:
hobby: k8s
auther: jasonyin
type: ClusterIP
ports:
- port: 80
targetPort: 80
protocol: TCP
clusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
6、初始化容器案例:
[root@k8s231.oldboyedu.com pods]# cat 17-initContainers.yaml
kind: Pod
apiVersion: v1
metadata:
labels:
school: oldboyedu
class: linux85
name: oldboyedu-linux85-initcontainers-001
spec:
volumes:
- name: data
emptyDir: {}
# 定义初始化容器,初始化容器要在业务容器运行之前运行。
# 在Pod创建时,初始化容器仅初始化一次,当容器重启时并不会触发初始化容器。
# 如果每次重启容器时需要调用特定的脚本可以参考使用容器的"postStart"字段定义哟!
initContainers:
- name: init-data-001
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
# command: ['/bin/bash','-c',"for i in `seq 1 5`;do echo '<h1>'$i page access time at $(date +%F_%T) '</h1>' >> /data/index.html;sleep 3;done"]
command:
- '/bin/sh'
- '-c'
- "for i in `seq 1 5`;do echo '<h1>'$i page access time at $(date +%F_%T) '</h1>' >> /data/index.html;sleep 3;done"
volumeMounts:
- mountPath: "/data"
name: data
- name: init-data-002
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
# command: ['/bin/sh','-c',"/bin/chmod 644 /data/* -R"]
command:
- '/bin/sh'
- '-c'
- "/bin/chmod 604 /data/* -R"
volumeMounts:
- mountPath: "/data"
name: data
containers:
- name: myweb
image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: data
[root@k8s231.oldboyedu.com pods]#
7、静态Pod(了解即可)
vim /var/lib/kubelet/config.yaml
...
staticPodPath: /etc/kubernetes/manifests
温馨提示:
(1)静态Pod是由kubelet启动时通过"staticPodPath"配置参数指定路径
(2)静态Pod创建的Pod名称会自动加上kubelet节点的主机名,比如"-k8s151.oldboyedu.com",会忽略"nodeName"字段哟;
(3)静态Pod的创建并不依赖API-Server,而是直接基于kubelet所在节点来启动Pod;
(4)静态Pod的删除只需要将其从staticPodPath指定的路径移除即可;
(5)静态Pod路径仅对Pod资源类型有效,其他类型资源将不被创建哟
(6)咱们的kubeadm部署方式就是基于静态Pod部署的哟;
8、Pod的安全上下文securityContext实战
Pod的安全上下文securityContext
kubectl explain po.spec.containers.securityContext
kubectl explain po.spec.securityContext
参考案例:
(1)编写dockerfile
[root@k8s231.oldboyedu.com securityContext]# ll
total 8
-rwxr-xr-x 1 root root 235 Apr 18 15:27 build.sh
-rw-r--r-- 1 root root 497 Apr 18 15:25 Dockerfile
[root@k8s231.oldboyedu.com securityContext]#
[root@k8s231.oldboyedu.com securityContext]# cat Dockerfile
FROM centos:7
LABEL school=oldboyedu \
class=linux85
# RUN sed -e 's|^mirrorlist=|#mirrorlist=|g' \
# -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
# -i.bak \
# /etc/yum.repos.d/CentOS-*.repo
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
RUN yum -y install iptables-services net-tools && rm -rf /var/cache/yum
RUN useradd -u 666 oldboyedu
CMD ["tail","-f","/etc/hosts"]
[root@k8s231.oldboyedu.com securityContext]#
[root@k8s231.oldboyedu.com securityContext]# cat build.sh
#!/bin/bash
docker image build -t harbor.oldboyedu.com/tools/centos7-iptabls:v0.1 .
docker login -u admin -p 1 harbor.oldboyedu.com
docker image push harbor.oldboyedu.com/tools/centos7-iptabls:v0.1
docker logout harbor.oldboyedu.com
[root@k8s231.oldboyedu.com securityContext]#
(2)部署pod测试
[root@k8s231.oldboyedu.com pods]# cat 18-pod-securityContext.yaml
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-linux85-securitycontext-004
spec:
containers:
- name: c1
image: harbor.oldboyedu.com/tools/centos7-iptabls:v0.1
# args:
# - tail
# - -f
# - /etc/hosts
# 配置Pod的安全相关属性
securityContext:
# 配置容器为特权容器,若配置了特权容器,可能对capabilities测试有影响哟!
#privileged: true
# 自定义LINUX内核特性
# 推荐阅读:
# https://man7.org/linux/man-pages/man7/capabilities.7.html
# https://docs.docker.com/compose/compose-file/compose-file-v3/#cap_add-cap_drop
capabilities:
# 添加所有的Linux内核功能
add:
- ALL
# 移除指定Linux内核特性
drop:
# 代表禁用网络管理的配置,
# - NET_ADMIN
# 代表禁用UID和GID,表示你无法使用chown命令哟
# 比如执行"useradd oldboyedu"时会创建"/home/oldboyedu"目录,并执行chown修改目录权限为"oldboyedu"用户,此时你会发现可以创建用户成功,但无法修改"/home/oldboyedu"目录的属主和属组。
- CHOWN
# # 代表禁用chroot命令
- SYS_CHROOT
# 如果容器的进程以root身份运行,则禁止容器启动!
# runAsNonRoot: true
# 指定运行程序的用户UID,注意,该用户的UID必须存在!
# runAsUser: 666
[root@k8s231.oldboyedu.com pods]#
9、Pod的生命周期优雅的终止案例
[root@k8s231.oldboyedu.com pods]# cat 19-pods-lifecycle-postStart-preStop.yaml
apiVersion: v1
kind: Pod
metadata:
name: oldboyedu-linux85-lifecycle-001
spec:
nodeName: k8s232.oldboyedu.com
volumes:
- name: data
hostPath:
path: /oldboyedu-linux85
# 在pod优雅终止时,定义延迟发送kill信号的时间,此时间可用于pod处理完未处理的请求等状况。
# 默认单位是秒,若不设置默认值为30s。
terminationGracePeriodSeconds: 60
containers:
- name: myweb
image: harbor.oldboyedu.com/tools/centos7-iptabls:v0.1
stdin: true
volumeMounts:
- name: data
mountPath: /data
# 定义Pod的生命周期。
lifecycle:
# Pod启动之后做的事情
postStart:
exec:
command:
- "/bin/bash"
- "-c"
- "echo \"postStart at $(date +%F_%T)\" >> /data/postStart.log"
# Pod停止之前做的事情
preStop:
exec:
command:
- "/bin/bash"
- "-c"
- "echo \"preStop at $(date +%F_%T)\" >> /data/preStop.log"
[root@k8s231.oldboyedu.com pods]#
10、Pod创建流程图解
11、rc的升级和回滚
docker镜像准备:
[root@k8s231.oldboyedu.com web]# ll
total 16
-rw-r--r-- 1 root root 168 Apr 18 17:07 apps-v1
-rw-r--r-- 1 root root 168 Apr 18 17:08 apps-v2
-rw-r--r-- 1 root root 168 Apr 18 17:08 apps-v3
-rwxr-xr-x 1 root root 437 Apr 18 17:11 build.sh
drwxr-xr-x 2 root root 36 Apr 18 17:06 code
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v1
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpine
LABEL school=oldboyedu \
class=linux85 \
auther=JasonYin
COPY code/v1 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v2
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpine
LABEL school=oldboyedu \
class=linux85 \
auther=JasonYin
COPY code/v2 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v3
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpine
LABEL school=oldboyedu \
class=linux85 \
auther=JasonYin
COPY code/v3 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat build.sh
#!/bin/bash
docker build -f apps-v1 -t harbor.oldboyedu.com/update/apps:v1 .
docker build -f apps-v2 -t harbor.oldboyedu.com/update/apps:v2 .
docker build -f apps-v3 -t harbor.oldboyedu.com/update/apps:v3 .
docker login -u admin -p 1 harbor.oldboyedu.com
docker push harbor.oldboyedu.com/update/apps:v1
docker push harbor.oldboyedu.com/update/apps:v2
docker push harbor.oldboyedu.com/update/apps:v3
docker logout harbor.oldboyedu.com
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v1
<h1 style='color: green;'>www.oldboyedu.com v0.1</h1>
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v2
<h1 style='color: green;'>www.oldboyedu.com v0.2</h1>
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v3
<h1 style='color: green;'>www.oldboyedu.com v0.3</h1>
[root@k8s231.oldboyedu.com web]#
rc的升级和回滚:
[root@k8s231.oldboyedu.com update]# cat 01-apps-old.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: oldboyedu-linux85-web-rc-old
spec:
replicas: 3
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
template:
metadata:
labels:
classroom: jiaoshi05
address: oldboyedu-shahe
spec:
containers:
- name: apps
image: harbor.oldboyedu.com/update/apps:v1
#image: harbor.oldboyedu.com/update/apps:v2
---
apiVersion: v1
kind: Service
metadata:
name: oldboyedu-linux85-web-rc
spec:
selector:
classroom: jiaoshi05
address: oldboyedu-shahe
ports:
- port: 80
targetPort: 80
[root@k8s231.oldboyedu.com update]# for i in `seq 100`;do curl 10.200.239.166;sleep 0.5;done
1.23版本不能使用“rolling-update”,如果想要升级或回滚可以按照以下方式进行:
- 修改rc资源的清单并使用apply使之生效;
- 删除Pod资源,rc控制器会自动拉起Pod,此时新拉起的Pod会根据上一步修改的镜像来启动
- 综上所述,给用户看出来的效果就是像是更新;
12、rs的Pod控制器实战案例
[root@k8s231.oldboyedu.com replicasets]# cat 02-rs-matchExpressions-nginx.yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: oldboyedu-linux85-rs
spec:
# 指定创建Pod的副本数量,默认值为1.
replicas: 5
# 定义标签选择器,rs资源基于标签选择器关联对应的Pod哟~
selector:
# 基于表达式匹配
matchExpressions:
- key: apps
# values:
# - haha
# - xixi
# - hehe
# - oldboyedu-web
# 当operator的值为In或者NotIn时,values的值不能为空。
# - In:
# key的值必须在values定义的数组内。
# - NotIn:
# key的值必须不在values定义的数组内。
# operator: In
# operator: NotIn
# 当operator的值为Exists或者DoesNotExist时,values的值必须为空.
# - Exists:
# 只要存在key即可。
# - DoesNotExist:
# 只要不存在指定的key即可。
# operator: Exists
operator: DoesNotExist
# 定义Pod资源创建的模板
template:
metadata:
labels:
# apps: oldboyedu-web
school: oldboyedu
class: linux85
spec:
containers:
- name: web
image: harbor.oldboyedu.com/update/apps:v1
[root@k8s231.oldboyedu.com replicasets]#
测试Pod
[root@k8s231.oldboyedu.com replicasets]# cat /tmp/rs.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
apps: xixi
name: oldboyedu-linux85-rs-001
spec:
containers:
- image: harbor.oldboyedu.com/update/apps:v1
name: web
---
apiVersion: v1
kind: Pod
metadata:
labels:
apps: haha
name: oldboyedu-linux85-rs-002
spec:
containers:
- image: harbor.oldboyedu.com/update/apps:v1
name: web
---
apiVersion: v1
kind: Pod
metadata:
labels:
apps: hehe
name: oldboyedu-linux85-rs-003
spec:
containers:
- image: harbor.oldboyedu.com/update/apps:v1
name: web
---
apiVersion: v1
kind: Pod
metadata:
labels:
apps: piapia
name: oldboyedu-linux85-rs-004
spec:
containers:
- image: harbor.oldboyedu.com/update/apps:v1
name: web
---
[root@k8s231.oldboyedu.com replicasets]#
今日内容回顾:
livenessProbe: 检查失败时重启容器。
readinessProbe: 检查失败时标记为未就绪状态。
startupProbe: 检查失败将会杀死容器,再次期间不进行readinessProbe和livenessProbe的检查。
Pod的优雅终止
lifecycle:
postStart:
preStop
初始化容器initContianers
Pod创建的流程图解
replicasets: 副本控制器,相比于rc资源功能更加强大。
pod的安全上下文。
静态Pod。
今日作业:
(1)完成课堂的所有练习并整理思维导图;
(2)将昨日作业使用rs资源改写;
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
22
0- 0
已为社区贡献11条内容
所有评论(0)