1、理论基础

Pod 是可以在 Kubernetes 中创建和管理的、最小的可部署的计算单元。

Pod (就像在鲸鱼荚或者豌豆荚中)是一组(一个或多个) 容器; 这些容器共享存储、网络、以及怎样运行这些容器的声明。 Pod 中的内容总是并置(colocated)的并且一同调度,在共享的上下文中运行。 Pod 所建模的是特定于应用的“逻辑主机”,其中包含一个或多个应用容器, 这些容器是相对紧密的耦合在一起的。 在非云环境中,在相同的物理机或虚拟机上运行的应用类似于 在同一逻辑主机上运行的云应用。

除了应用容器,Pod 还可以包含在 Pod 启动期间运行的 Init 容器。 你也可以在集群中支持临时性容器 的情况外,为调试的目的注入临时性容器。

Pod 的共享上下文包括一组 Linux 名字空间、控制组(cgroup)和可能一些其他的隔离 方面,即用来隔离 Docker 容器的技术。 在 Pod 的上下文中,每个独立的应用可能会进一步实施隔离。
就 Docker 概念的术语而言,Pod 类似于共享名字空间和文件系统卷的一组 Docker 容器。

2、创建Pod

2.1 使用命令行创建Pod

  1. [root@clientvm ~]# kubectl run busybox --image=busybox -n mytest -- sleep 10000
  2. pod/busybox created
  3. [root@clientvm ~]# kubectl get pod -n mytest
  4. NAME READY STATUS RESTARTS AGE
  5. busybox 1/1 Running 0 30s
  6. labelpod 1/1 Running 0 35m
  7. labelpod-yaml 1/1 Running 0 22m

2.2 使用yaml创建Pod

  1. [root@clientvm ~]# kubectl run busybox2 --image=busybox -n mytest --dry-run=client -o yaml -- sleep 10000
  2. [root@clientvm ~]# vim busybox2.yaml
  3. [root@clientvm ~]# kubectl apply -f busybox2.yaml
  4. pod/busybox2 created
  5. [root@clientvm ~]# kubectl get pod -n mytest
  6. NAME READY STATUS RESTARTS AGE
  7. busybox 1/1 Running 0 9m52s
  8. busybox2 1/1 Running 0 40s
  9. labelpod 1/1 Running 0 45m
  10. labelpod-yaml 1/1 Running 0 31m

3、修改Pod

3.1 命令行修改

  1. [root@clientvm ~]# kubectl edit pod -n mytest busybox2
  2. ##增加一个标签
  3. labels:
  4. run: busybox2
  5. app: web
  6. [root@clientvm ~]# kubectl get -n mytest pod -l app=web
  7. NAME READY STATUS RESTARTS AGE
  8. busybox2 1/1 Running 0 6m17s

3.2 修改yaml文件

  1. [root@clientvm ~]# vim busybox2.yaml
  2. ......
  3. metadata:
  4. labels:
  5. run: busybox2
  6. app: web1
  7. [root@clientvm ~]# kubectl apply -f busybox2.yaml
  8. pod/busybox2 configured
  9. [root@clientvm ~]#
  10. [root@clientvm ~]#
  11. [root@clientvm ~]# kubectl get -n mytest pod -l app=web
  12. No resources found in mytest namespace.
  13. [root@clientvm ~]# kubectl get -n mytest pod -l app=web1
  14. NAME READY STATUS RESTARTS AGE
  15. busybox2 1/1 Running 0 8m46s

3.3 通过命令行patch修改

  1. [root@clientvm ~]# kubectl patch -n mytest pod busybox2 -p '{"metadata": {"labels": {"app": "web2"}}}'
  2. pod/busybox2 patched
  3. [root@clientvm ~]# kubectl get -n mytest pod -l app=web2
  4. NAME READY STATUS RESTARTS AGE
  5. busybox2 1/1 Running 0 11m

4、进入Pod中的容器

  1. [root@clientvm ~]# kubectl exec -n mytest -it busybox2 -- /bin/sh
  2. / # ls
  3. bin dev etc home proc root sys tmp usr var
  4. / # exit
  5. [root@clientvm ~]#

5、查看容器运行的主机

  1. [root@clientvm ~]# kubectl get -n mytest pod -o wide
  2. NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
  3. busybox 1/1 Running 0 23m 10.244.1.6 worker1.example.com <none> <none>
  4. busybox2 1/1 Running 0 14m 10.244.2.3 worker2.example.com <none> <none>
  5. [root@clientvm ~]# ssh worker2
  6. Last login: Fri Nov 27 14:22:32 2020 from 192.168.241.128
  7. [root@worker2 ~]#
  8. [root@worker2 ~]# docker ps | grep busybox2
  9. 4a3a3ae3b9f3 busybox "sleep 10000" 15 minutes ago Up 15 minutes k8s_busybox2_busybox2_mytest_9a441645-b3e2-4dc6-807b-b8235cffadbf_0
  10. 90b28e80ed25 registry.aliyuncs.com/google_containers/pause:3.2 "/pause" 15 minutes ago Up 15 minutes k8s_POD_busybox2_mytest_9a441645-b3e2-4dc6-807b-b8235cffadbf_0

6、运行一次性Pod

  1. [root@clientvm ~]# kubectl run onetime --image=busybox --restart=Never -- echo hello
  2. [root@clientvm ~]# kubectl get pod
  3. NAME READY STATUS RESTARTS AGE
  4. onetime 0/1 Completed 0 24s
  5. [root@clientvm ~]# kubectl logs pod/onetime
  6. hello

7、创建多容器Pod

  1. [root@clientvm ~]# cat multi-containers.yaml
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5. labels:
  6. run: multi-container
  7. app: web1
  8. name: multi-container
  9. namespace: mytest
  10. spec:
  11. containers:
  12. - name: nginx
  13. image: nginx
  14. - name: busybox
  15. image: busybox
  16. args:
  17. - sleep
  18. - "10000"
  19. dnsPolicy: ClusterFirst
  20. restartPolicy: Always
  21. [root@clientvm ~]# kubectl apply -f multi-containers.yaml
  22. pod/multi-container created
  23. [root@clientvm ~]# kubectl get -n mytest pod
  24. NAME READY STATUS RESTARTS AGE
  25. busybox 1/1 Running 0 45m
  26. busybox2 1/1 Running 0 35m
  27. labelpod 1/1 Running 0 80m
  28. labelpod-yaml 1/1 Running 0 66m
  29. multi-container 2/2 Running 0 99s
  30. ##进入多容器Pod中的某一个容器加-c选项
  31. [root@clientvm ~]# kubectl exec -n mytest -it multi-container -c nginx -- /bin/bash
  32. root@multi-container:/# ls
  33. bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var

8、Init容器

Init 容器是一种特殊容器,在 Pod 内的应用容器启动之前运行。Init 容器可以包括一些应用镜像中不存在的实用工具和安装脚本。
每个 Pod 中可以包含多个容器, 应用运行在这些容器里面,同时 Pod 也可以有一个或多个先于应用容器启动的 Init 容器。
Init 容器与普通的容器非常像,除了如下两点:

  • 它们总是运行到完成。
  • 每个都必须在下一个启动之前成功完成。

如果 Pod 的 Init 容器失败,kubelet 会不断地重启该 Init 容器直到该容器成功为止。如果为一个 Pod 指定了多个 Init 容器,这些容器会按顺序逐个运行。 每个 Init 容器必须运行成功,下一个才能够运行。当所有的 Init 容器运行完成时, Kubernetes 才会为 Pod 初始化应用容器并像平常一样运行。

  1. [root@clientvm ~]# cat init-container.yaml
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5. name: init-pod
  6. namespace: mytest
  7. labels:
  8. app: myapp
  9. spec:
  10. containers:
  11. - name: myapp-container
  12. image: busybox:1.28
  13. command: ['sh', '-c', 'echo The app is running! && sleep 36000']
  14. initContainers:
  15. - name: init-container
  16. image: busybox:1.28
  17. command: ['sh', '-c', "echo hello"]
  1. [root@clientvm ~]# kubectl apply -f init-container.yaml
  2. pod/init-pod created
  3. [root@clientvm ~]# kubectl get pod -n mytest
  4. NAME READY STATUS RESTARTS AGE
  5. busybox 1/1 Running 0 58m
  6. busybox2 1/1 Running 0 48m
  7. init-pod 1/1 Running 0 69s
  1. [root@clientvm ~]# kubectl describe pod init-pod -n mytest
  2. ......
  3. Normal Scheduled 118s default-scheduler Successfully assigned mytest/init-pod to worker1.example.com
  4. Normal Pulling 117s kubelet Pulling image "busybox:1.28"
  5. Normal Pulled 93s kubelet Successfully pulled image "busybox:1.28" in 24.34182876s
  6. Normal Created 93s kubelet Created container init-container
  7. Normal Started 92s kubelet Started container init-container
  8. Normal Pulled 92s kubelet Container image "busybox:1.28" already present on machine
  9. Normal Created 92s kubelet Created container myapp-container
  10. Normal Started 92s kubelet Started container myapp-container
  11. [root@clientvm ~]# kubectl logs -n mytest pod/init-pod -c init-container
  12. hello
  13. [root@clientvm ~]# kubectl logs -n mytest pod/init-pod -c myapp-container
  14. The app is running!

9、Sidecar Pod

sidecarPod用于处理与app容器相关联的一些文件,如日志、web内容等。
image.pngimage.png

  1. [root@clientvm ~]# cat sidecar-pod.yaml
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5. name: sidecar-container-demo
  6. spec:
  7. containers:
  8. - image: busybox
  9. imagePullPolicy: IfNotPresent
  10. command: ["/bin/sh"]
  11. args: ["-c", "while true; do echo echo $(date -u) 'Hi I am from Sidecar container' >> /var/log/index.html; sleep 5;done"]
  12. name: sidecar-container
  13. lifecycle:
  14. postStart:
  15. exec:
  16. command: ["/bin/sh", "-c", "sleep 20"]
  17. resources: {}
  18. volumeMounts:
  19. - name: var-logs
  20. mountPath: /var/log
  21. - image: nginx
  22. imagePullPolicy: IfNotPresent
  23. name: main-container
  24. resources: {}
  25. ports:
  26. - containerPort: 80
  27. volumeMounts:
  28. - name: var-logs
  29. mountPath: /usr/share/nginx/html
  30. dnsPolicy: Default
  31. volumes:
  32. - name: var-logs
  33. emptyDir: {}
  1. [root@clientvm ~]# kubectl apply -f sidecar-pod.yaml -n mytest
  2. pod/sidecar-container-demo created
  3. [root@clientvm ~]# kubectl get pod -n mytest -o wide
  4. NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
  5. sidecar-container-demo 2/2 Running 0 16s 10.244.2.77 worker2.example.com <none> <none>
  6. [root@master ~]# curl 10.244.2.77
  7. echo Tue Dec 15 04:01:21 UTC 2020 Hi I am from Sidecar container
  8. echo Tue Dec 15 04:01:26 UTC 2020 Hi I am from Sidecar container
  9. echo Tue Dec 15 04:01:31 UTC 2020 Hi I am from Sidecar container
  10. echo Tue Dec 15 04:01:36 UTC 2020 Hi I am from Sidecar container
  11. echo Tue Dec 15 04:01:41 UTC 2020 Hi I am from Sidecar container
  12. echo Tue Dec 15 04:01:46 UTC 2020 Hi I am from Sidecar container
  13. echo Tue Dec 15 04:01:51 UTC 2020 Hi I am from Sidecar container
  14. echo Tue Dec 15 04:01:57 UTC 2020 Hi I am from Sidecar container
  15. echo Tue Dec 15 04:02:02 UTC 2020 Hi I am from Sidecar container
  16. echo Tue Dec 15 04:02:07 UTC 2020 Hi I am from Sidecar container
  17. echo Tue Dec 15 04:02:12 UTC 2020 Hi I am from Sidecar container

10、静态Pod

静态 Pod 在指定的节点上由 kubelet 守护进程直接管理,不需要 API 服务器 监管。kubelet 监视每个静态 Pod(在它崩溃之后重新启动)。静态 Pod 永远都会绑定到一个指定节点上的 Kubelet

10.1 启用静态Pod方法一

声明文件是标准的 Pod 定义文件,以 JSON 或者 YAML 格式存储在指定目录。路径设置在 Kubelet 配置文件staticPodPath: <目录> 字段,kubelet 会定期的扫描这个文件夹下的 YAML/JSON 文件来创建/删除静态 Pod。 在1.19版本中,默认已经启用。
如下:

  1. [root@worker2 ~]# grep static /var/lib/kubelet/config.yaml
  2. staticPodPath: /etc/kubernetes/manifests

10.2 启用静态Pod方法二

也可以配置这个节点上的 kubelet,使用这个参数执行 --pod-manifest-path=/YOUR/PATH
这个配置文件的位置根据OS不同和K8S版本不同略有差异
如下:

  1. 查找文件位置

    1. [root@worker2 ~]# find / -name "*kubeadm.conf"
    2. /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
    1. [root@master manifests]# systemctl status kubelet.service
    2. kubelet.service - kubelet: The Kubernetes Node Agent
    3. Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
    4. Drop-In: /usr/lib/systemd/system/kubelet.service.d
    5. └─10-kubeadm.conf
    6. Active: active (running) since Sun 2021-03-21 08:45:57 +08; 42min ago
  2. 修改,增加自定义路径

https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/

  1. [root@worker2 ~]# vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

image.png

  1. 重启服务

10.3 创建Pod yaml文件

  1. [root@worker2 ~]# cd /etc/kubernetes/manifests/
  2. [root@worker2 manifests]# vim static-pod.yaml
  3. [root@worker2 manifests]# cat static-pod.yaml
  4. apiVersion: v1
  5. kind: Pod
  6. metadata:
  7. name: static-pod
  8. namespace: mytest
  9. labels:
  10. role: myrole
  11. spec:
  12. containers:
  13. - name: web
  14. image: nginx

10.4 观察Pod创建

  1. [root@clientvm ~]# kubectl get pod -n mytest -o wide
  2. NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
  3. busybox 1/1 Running 0 90m 10.244.1.6 worker1.example.com <none> <none>
  4. busybox2 1/1 Running 0 80m 10.244.2.3 worker2.example.com <none> <none>
  5. init-pod 1/1 Running 0 33m 10.244.1.8 worker1.example.com <none> <none>
  6. labelpod 1/1 Running 0 125m 10.244.2.2 worker2.example.com <none> <none>
  7. labelpod-yaml 1/1 Running 0 111m 10.244.1.3 worker1.example.com <none> <none>
  8. multi-container 2/2 Running 0 46m 10.244.2.5 worker2.example.com <none> <none>
  9. static-pod-worker2.example.com 1/1 Running 0 71s 10.244.2.6 worker2.example.com <none> <none>