-
k8s上对Pod的管理部分详解
目录
一.Pod结构介绍
pod中包含若干个容器,大体可以分为两大类
1.user container
用户程序所在容器,数量一般可多可少
2.pause
是每一个pod的根容器,主要是用来评估pod的健康状态和以根容器设置的IP实现pod内部通信
二.Pod工作形式介绍
主要通过yaml/json文件或kubectl run创建pod,但是pod的形式又可以分为两大类
1.自主式pod
通过命令行或run直接定义pod资源,这种情况下创建的pod在被删除后就彻底被删除了
2.控制器管理下的pod
控制器管理pod可以保障pod始终维持在指定的数量下运行,常见的pod控制器有上篇文章介绍到的deployment控制器,还有replicaset、job、cronjob、daemonset等
三.对Pod的操作介绍
1.run/apply -f/create -f运行pod
- [root@k8s-master pod]# kubectl run mynginx --image=nginx -n myns
- pod/mynginx created
- [root@k8s-master pod]# kubectl create -f tomcat.yaml
- pod/tomcat created
- [root@k8s-master pod]# kubectl apply -f httpd.yaml
- pod/httpd created
-
- [root@k8s-master pod]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- httpd 1/1 Running 0 2m20s
- mynginx 1/1 Running 0 4m33s
- tomcat 1/1 Running 0 8s
2.get查看pod信息
(1)查看所有pod
[root@k8s-master ~]# kubectl get pods -A(2)查看指定的单个/多个pod
- [root@k8s-master ~]# kubectl get pod nginx -n myns
- NAME READY STATUS RESTARTS AGE
- nginx 1/1 Running 0 9s
-
- [root@k8s-master ~]# kubectl get pod nginx nginx1 -n myns
- NAME READY STATUS RESTARTS AGE
- nginx 1/1 Running 0 97s
- nginx1 1/1 Running 0 15s
(3)查看pod同时查看其他类型资源(需要具体指定资源类型和名称)
- [root@k8s-master ~]# kubectl get pod/nginx -n myns node/k8s-node1
- NAME READY STATUS RESTARTS AGE
- pod/nginx 1/1 Running 0 104s
-
- NAME STATUS ROLES AGE VERSION
- node/k8s-node1 Ready <none> 3m6s v1.28.2
(4)同时应用多个关于pod的yaml文件时添加多个-f参数即可
(5)列出在某个节点上运行的pod
[root@k8s-master ~]# kubectl get pods --field-selector=spec.nodeName=k8s-node1(6)-w实时查看pod信息
- [root@k8s-master ~]# kubectl get pod -w nginx -n myns
- NAME READY STATUS RESTARTS AGE
- nginx 1/1 Running 0 4h16m
- [root@k8s-master ~]#
3.exec操作运行中的pod
(1)进入运行中的pod
- [root@k8s-master ~]# kubectl exec -it nginx -n myns -- /bin/bash
- root@nginx:/# ls
- bin docker-entrypoint.d home lib64 mnt root srv usr
- boot docker-entrypoint.sh lib libx32 opt run sys var
- dev etc lib32 media proc sbin tmp
-
- #不进入但执行命令
- [root@k8s-master ~]# kubectl exec -it nginx -n myns -- ls
- bin docker-entrypoint.d home lib64 mnt root srv usr
- boot docker-entrypoint.sh lib libx32 opt run sys var
- dev etc lib32 media proc sbin tmp
(2)进入pod中的容器
- [root@k8s-master ~]# kubectl exec -it nginx -c xxx -n myns -- /bin/bash
- #-c后指定容器名称
4.logs打印pod日志
- [root@k8s-master ~]# kubectl logs nginx -n myns
- /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
- /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
- /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
- 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
- 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
- /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
- /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
- /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
- /docker-entrypoint.sh: Configuration complete; ready for start up
- 2023/10/31 09:08:21 [notice] 1#1: using the "epoll" event method
- 2023/10/31 09:08:21 [notice] 1#1: nginx/1.25.3
- 2023/10/31 09:08:21 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
- 2023/10/31 09:08:21 [notice] 1#1: OS: Linux 3.10.0-1160.el7.x86_64
- 2023/10/31 09:08:21 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
- 2023/10/31 09:08:21 [notice] 1#1: start worker processes
- 2023/10/31 09:08:21 [notice] 1#1: start worker process 29
- 2023/10/31 09:08:21 [notice] 1#1: start worker process 30
- 2023/10/31 09:08:21 [notice] 1#1: start worker process 31
- 2023/10/31 09:08:21 [notice] 1#1: start worker process 32
- [root@k8s-master ~]# kubectl logs nginx -n myns -f #加-f参数持续监控
5.describe描述pod详细信息用于排错
[root@k8s-master ~]# kubectl describe pod nginx -n myns6.edit编辑运行中的pod
更改完后需要w/wq保存
[root@k8s-master ~]# kubectl edit pod nginx -n myns7.cp复制pod内的文件到master
- [root@k8s-master ~]# kubectl exec -it nginx -n myns -- cat /etc/hosts
- # Kubernetes-managed hosts file.
- 127.0.0.1 localhost
- ::1 localhost ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- fe00::0 ip6-mcastprefix
- fe00::1 ip6-allnodes
- fe00::2 ip6-allrouters
- 10.244.36.65 nginx
- [root@k8s-master ~]# kubectl cp nginx:etc/hosts -n myns /root/myhosts #“:”后不需要指示“/”号,master的目标路径需要是一个文件而不是一个目录(此处的/root/myhosts)
- [root@k8s-master ~]# cat myhosts
- # Kubernetes-managed hosts file.
- 127.0.0.1 localhost
- ::1 localhost ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- fe00::0 ip6-mcastprefix
- fe00::1 ip6-allnodes
- fe00::2 ip6-allrouters
- 10.244.36.65 nginx
9.delete删除pod
(1)通过delete pod进行删除
- [root@k8s-master pod]# kubectl get pod mynginx -n myns --show-labels
- NAME READY STATUS RESTARTS AGE LABELS
- mynginx 1/1 Running 0 37m run=nginx,user=sulibao
- [root@k8s-master pod]# kubectl delete pod mynginx -n myns
- pod "mynginx" deleted
(2)若是通过文件创建的pod,可以通过delete -f进行删除
- [root@k8s-master pod]# kubectl delete -f nginx.yaml
- pod "mynginx" deleted
(3)若是拥有标签的pod,可以通过匹配标签进行删除
- [root@k8s-master pod]# kubectl delete pods -l run=nginx -n myns
- pod "mynginx" deleted
10.扩展使用kubectl命令插件
(1)必须是“kubectl-自定义名称”格式命名
- [root@k8s-master ~]# vim /usr/local/bin/kubectl-pwd #放在/usr/local/bin下
- [root@k8s-master ~]# cat /usr/local/bin/kubectl-pwd
- #!/bin/bash
- pwd
- [root@k8s-master ~]# chmod +x /usr/local/bin/kubectl-pwd #一定要加上执行权限
- [root@k8s-master ~]# kubectl pwd
- /root
- [root@k8s-master pod]# kubectl pwd pod httpd -n myns
- /root/pod
(2)kubectl plugin list查看已安装插件列表
- [root@k8s-master ~]# kubectl plugin list
- /usr/local/bin/kubectl-pwd
(3)rm直接删除该文件即可卸载插件
- [root@k8s-master ~]# rm -f /usr/local/bin/kubectl-pwd
- [root@k8s-master ~]# kubectl plugin list
- error: unable to find any kubectl plugins in your PATH
四.pod的yaml文件配置定义解析
- [root@k8s-master ~]# kubectl explain pod.spec
- #可以以此形式来一层一层获取可配置项
- apiVersion: v1
- #必选项,版本号,如V1
- kind: Pod
- #必选项,资源类型,pod等
- metadata:
- #必选项,元数据部分
- name: xxx
- #Pod名称
- namespace: xxx
- #Pod所属的命名空间,默认为"default"
- labels:
- #自定义标签列表
- - name: xxx
- #自定义标签内容
- spec:
- #必选项,Pod中容器的详细定义
- containers:
- #必选项,Pod中容器列表
- - name: xxx
- #必选项,容器名称
- image: xxx
- #必选项,容器的镜像名称
- imagePullPolicy: [ Always|Never|IfNotPresent ]
- #获取镜像的策略,tag为latest默认always,tag为具体版本号,默认IfNotPresent。always表示每次都尝试重新拉取镜像;ifNotPresent表示如果本地有那个镜像就使用本地的,不存在时才拉取;Nerver表示仅使用本地有的镜像,绝不拉取,本地没有时报错
- command: [xxx]
- #容器的启动命令列表,如不指定则使用打包时使用的启动命令
- args: [xxx]
- #容器的启动命令给定参数列表
- workingDir: xxx
- #容器的工作目录
- volumeMounts:
- #挂载到容器内部的存储卷配置
- - name: xxx
- #引用pod定义的共享存储卷的名称,需用volumes[]部分定义的的卷名
- mountPath: xxx
- #存储卷在容器内mount的绝对路径,应少于512字符
- readOnly: xxx
- #布尔值,是否为只读模式
- ports:
- #需要暴露的端口库号列表
- - name: xxx
- #端口的名称
- containerPort: xxx
- #容器需要监听的端口号
- hostPort: xxx
- #容器所在主机需要监听的端口号,默认与Container相同
- protocol: xxx
- #端口协议,支持TCP和UDP,默认TCP
- env:
- #容器运行前需设置的环境变量列表
- - name: xxx
- #环境变量名称
- value: xxx
- #环境变量的值
- resources:
- #资源限制和请求的设置
- limits:
- #资源限制的设置
- cpu: xxx
- #cpu的限制,单位为core数,将用于docker run --cpu-shares参数
- memory: xxx
- #内存限制,单位可以为Mib/Gib,将用于docker run --memory参数
- requests:
- #资源请求的设置
- cpu: xxx
- #cpu请求,容器启动的初始可用数量
- memory: xxx
- #内存请求,容器启动的初始可用数量
- lifecycle:
- #生命周期钩子
- postStart:
- #容器启动后立即执行此钩子,如果执行失败,会根据重启策略进行重启
- preStop:
- #容器终止前执行此钩子,无论结果如何,容器都会终止
- livenessProbe:
- #对Pod内各容器健康检查的设置,当探测无响应几次后将自动重启该容器
- exec:
- #对Pod容器内检查方式设置为exec方式
- command: [xxx]
- #exec方式需要制定的命令或脚本
- httpGet:
- #对Pod内个容器健康检查方法设置为HttpGet,需要制定Path、port
- path: xxx
- port: xxx
- host: xxx
- scheme: xxx
- HttpHeaders:
- - name: xxx
- value: xxx
- tcpSocket:
- #对Pod内个容器健康检查方式设置为tcpSocket方式
- port: number
- initialDelaySeconds: 0
- #容器启动完成后首次探测的时间,单位为秒
- timeoutSeconds: 0
- #对容器健康检查探测等待响应的超时时间,单位秒,默认1秒
- periodSeconds: 0
- #对容器监控检查的定期探测时间设置,单位秒,默认10秒一次
- successThreshold: 0
- failureThreshold: 0
- securityContext:
- privileged: false
- restartPolicy: [Always | Never | OnFailure]
- #Pod的重启策略
- nodeName:
- #设置NodeName表示将该Pod调度到指定到名称的node节点上
- nodeSelector: xxx
- #设置NodeSelector表示将该Pod调度到包含这个label的node上
- imagePullSecrets:
- #Pull镜像时使用的secret名称,以key:secretkey格式指定
- - name: xxx
- hostNetwork: false
- #是否使用主机网络模式,默认为false,如果设置为true,表示使用宿主机网络
- volumes:
- #在该pod上定义共享存储卷列表
- - name: string
- #共享存储卷名称 (volumes类型有很多种)
- emptyDir: {}
- #类型为emtyDir的存储卷,与Pod同生命周期的一个临时目录。为空值
- hostPath: xxx
- #类型为hostPath的存储卷,表示挂载Pod所在宿主机的目录
- path: xxx
- #Pod所在宿主机的目录,将被用于同期中mount的目录
- secret:
- #类型为secret的存储卷,挂载集群与定义的secret对象到容器内部
- scretname: xxx
- items:
- - key: xxx
- path: xxx
- configMap:
- #类型为configMap的存储卷,挂载预定义的configMap对象到容器内部
- name: xxx
- items:
- - key: xxx
- path: xxx
五.Pod对容器的封装
1.对单个容器的封装
- apiVersion: v1
- kind: Pod
- metadata:
- name: httpd
- labels:
- run: httpd
- namespace: myns
- spec:
- containers:
- - name: httpd
- image: httpd
- ports:
- - containerPort: 80
2.对多个容器封装并绑定为一个Pod
- apiVersion: v1
- kind: Pod
- metadata:
- name: two-containers
- namespace: myns
- labels:
- name: tc
- spec:
- containers:
- - name: first-container
- image: nginx
- ports:
- - containerPort: 80
- - name: second-container
- image: busybox
- command: ["/bin/sh", "-c", "while true; do echo 'Hello from the second container' > /shared-data/index.html; sleep 10; done"]
- volumeMounts:
- - name: shared-data
- mountPath: /shared-data
- ports:
- - containerPort: 8080
- volumes:
- - name: shared-data
- emptyDir: {}
六.静态Pod管理
1.配置文件方式
(1)首先找到你的kubelet的service位置
- [root@k8s-master ~]# rpm -ql kubelet
- /etc/kubernetes/manifests
- /etc/sysconfig/kubelet
- /usr/bin/kubelet
- /usr/lib/systemd/system/kubelet.service #
(2)到该目录下查看是否有conf文件
- [root@k8s-master ~]# ll /usr/lib/systemd/system/kubelet.service.d/
- total 4
- -rw-r--r-- 1 root root 1009 Nov 11 11:03 10-kubeadm.conf
- [root@k8s-master ~]# vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
(3)旧版本应该会有,我的Kubernetes v1.28.2没有行命令,手动添加
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
这行命令中指定了mainifest-path为/etc/kubernetes/manifests,那么我们在这个目录中去创建一个pod的yaml文件,重启kubelet服务,不需要apply此文件就会自动创建该pod
- # Note: This dropin only works with kubeadm and kubelet v1.11+
- [Service]
- Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
- Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
- Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
- # This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
- EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
- # This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
- # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
- EnvironmentFile=-/etc/sysconfig/kubelet
- ExecStart=
- ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
(4)验证是否成功
- [root@k8s-master ~]# cat /etc/kubernetes/manifests/static.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- name: myweb
- namespace: myns
- labels:
- name: my-web
- spec:
- containers:
- - name: myhttpd
- image: httpd
- ports:
- - name: web
- containerPort: 80
- [root@k8s-master manifests]# systemctl daemon-reload #重载并重启
- [root@k8s-master manifests]# systemctl restart kubelet.service
- [root@k8s-master ~]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- myweb-k8s-master 1/1 Running 0 2m41s
(5)删除时注意事项
直接删除该静态pod只会让其呈现为pending状态,需要删除该yaml文件
- [root@k8s-master ~]# kubectl delete pod myweb-k8s-master -n myns
- pod "myweb-k8s-master" deleted
- [root@k8s-master ~]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- myweb-k8s-master 0/1 Pending 0 3s
- [root@k8s-master ~]# rm -rf /etc/kubernetes/manifests/static.yaml
- [root@k8s-master ~]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- myweb-k8s-master 0/1 Completed 0 80s
- [root@k8s-master ~]# kubectl get pods -n myns
- No resources found in myns namespace.
2.http方式
使用“--manifest-url”参数来指定1url地址(不常用的方式),但是可以配合第一种方式使用,就cd到启动配置的mainifest-path下,使用wget把url内的配置文件下载下来即立即创建(配置文件有误的情况不会创建)
- [root@k8s-master manifests]# wget http://47.115.228.189/web.yaml
- --2023-11-11 17:10:02-- http://47.115.228.189/web.yaml
- Connecting to 47.115.228.189:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 185 [application/octet-stream]
- Saving to: ‘web.yaml’
- 100%[========================================================================================>] 185 --.-K/s in 0s
- 2023-11-11 17:10:02 (50.0 MB/s) - ‘web.yaml’ saved [185/185]
- [root@k8s-master manifests]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- myweb-k8s-master 0/1 ContainerCreating 0 7s
- [root@k8s-master manifests]# kubectl get pods -n myns
- NAME READY STATUS RESTARTS AGE
- myweb-k8s-master 1/1 Running 0 2m45s
-
相关阅读:
Python学习DAY14_文档处理_Excel
[2024年]-flink面试真题(三)
[数据结构-线性表1.1] 数组 (.NET源码学习)
Go语言学习之路(二)
聊聊接口设计的36个小技巧
MySQL访问和配置
Vue3 企业级优雅实战 - 组件库框架 - 8 搭建组件库 cli
linux下安装python3.8(有坑)
无涯教程-JavaScript - CONFIDENCE.NORM函数
面试题-React(十六):理解Redux及其工作原理
- 原文地址:https://blog.csdn.net/weixin_64334766/article/details/134351912
