Init 容器的介紹
Pod能夠具有多個容器,應用運行在容器里面,但是它也可能有一個或多個先於應用容器啟動的 Init容器
Init 容器與普通的容器非常像,除了如下兩點:
c Init 容器總是運行到成功完成為止
2) 每個 Init 容器都必須在下一個 Init 容器啟動之前成功完成
如果 Pod 的 Init 容器失敗, Kubernetes 會不斷地重啟該 Pod ,直到 Init 容器成功為止。然而,如果 Pod 對應的 restartPolicy 為 Never。
Init 容器的作用
因為 Init 容器具有與應用程序容器分離的單獨鏡像,所以它們的啟動相關代碼具有如下優勢:
1)它們可以包含並運行實用工具,但是出於安全考慮,是不建議在應用程序容器鏡像中包含這些實用工具的
2) 它們可以包含使用工具和定制化代碼來安裝,但是不能出現在應用程序鏡像中。例如,創建鏡像沒必要 FROM 另一個鏡像,只需要在安裝過程中使用類似 sed 、 awk 、 python 或 dig
這樣的工具。
3) 應用程序鏡像可以分離出創建和部署的角色,而沒有必要聯合它們構建一個單獨的鏡像。
4) Init 容器使用 Linux Namespace ,所以相對應用程序容器來說具有不同的文件系統視圖。因此,它們能夠具有訪問 Secret 的權限,而應用程序容器則不能。
5) 它們必須在應用程序容器啟動之前運行完成,而應用程序容器是並行運行的,所以 Init 容器能夠提供了一種簡單的阻塞或延遲應用容器的啟動的方法,直到滿足了一組先決條件。
測試
說明:主要是在啟動Pod,有2個initc,一開始是沒有准備的,所以現象會顯示初始化0/2
init.yaml
kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - name: init-mydb image: busybox command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
[root@k8s-master mnt]# kubectl create -f init.yaml pod/myapp-pod created [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 8s [root@k8s-master mnt]# kubectl describe myapp-pod error: the server doesn't have a resource type "myapp-pod" [root@k8s-master mnt]# kubectl describe pod myapp-pod Name: myapp-pod Namespace: default Priority: 0 Node: k8s-node02/192.168.180.134 Start Time: Wed, 18 Dec 2019 22:02:57 +0800 Labels: app=myapp Annotations: <none> Status: Pending IP: 10.244.1.9 IPs: IP: 10.244.1.9 Init Containers: init-myservice: Container ID: docker://3c0e850042efab506f95737adfd3dc6ef2da9218ce51eb5eb4e94573a657fd2b Image: busybox Image ID: docker-pullable://busybox@sha256:1828edd60c5efd34b2bf5dd3282ec0cc04d47b2ff9caa0b6d4f07a21d1c08084 Port: <none> Host Port: <none> Command: sh -c until nslookup myservice; do echo waiting for myservice; sleep 2; done; State: Running Started: Wed, 18 Dec 2019 22:03:03 +0800 Ready: False Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-gx2h8 (ro) init-mydb: Container ID: Image: busybox Image ID: Port: <none> Host Port: <none> Command: sh -c until nslookup mydb; do echo waiting for mydb; sleep 2; done; State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-gx2h8 (ro) Containers: myapp-container: Container ID: Image: busybox Image ID: Port: <none> Host Port: <none> Command: sh -c echo The app is running! && sleep 3600 State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-gx2h8 (ro) Conditions: Type Status Initialized False Ready False ContainersReady False PodScheduled True Volumes: default-token-gx2h8: Type: Secret (a volume populated by a Secret) SecretName: default-token-gx2h8 Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/myapp-pod to k8s-node02 Normal Pulling 22s kubelet, k8s-node02 Pulling image "busybox" Normal Pulled 18s kubelet, k8s-node02 Successfully pulled image "busybox" Normal Created 18s kubelet, k8s-node02 Created container init-myservice Normal Started 17s kubelet, k8s-node02 Started container init-myservice
查看myservice
[root@k8s-master mnt]# kubectl logs myapp-pod -c init-myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice Server: 10.96.0.10 Address: 10.96.0.10:53 ** server can't find myservice.default.svc.cluster.local: NXDOMAIN *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer *** Can't find myservice.default.svc.cluster.local: No answer *** Can't find myservice.svc.cluster.local: No answer *** Can't find myservice.cluster.local: No answer *** Can't find myservice.localdomain: No answer waiting for myservice
myservice.yaml
[root@k8s-master mnt]# cat myservice.yaml kind: Service apiVersion: v1 metadata: name: myservice spec: ports: - protocol: TCP port: 80 targetPort: 9376 [root@k8s-master mnt]#
[root@k8s-master mnt]# vim myservice.yaml [root@k8s-master mnt]# kubectl create -f myservice.yaml service/myservice created [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m23s [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m25s [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m27s [root@k8s-master mnt]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10h myservice ClusterIP 10.102.35.5 <none> 80/TCP 49s [root@k8s-master mnt]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-58cc8c89f4-pzbrd 1/1 Running 23 10h coredns-58cc8c89f4-vmhl2 1/1 Running 23 10h etcd-k8s-master 1/1 Running 4 10h kube-apiserver-k8s-master 1/1 Running 4 10h kube-controller-manager-k8s-master 1/1 Running 21 10h kube-flannel-ds-amd64-c4fs4 1/1 Running 2 9h kube-flannel-ds-amd64-ct6mc 1/1 Running 2 9h kube-flannel-ds-amd64-mtzz9 1/1 Running 5 9h kube-proxy-9bdql 1/1 Running 2 9h kube-proxy-cv8lk 1/1 Running 2 9h kube-proxy-h8jk8 1/1 Running 4 10h kube-scheduler-k8s-master 1/1 Running 21 10h [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:1/2 0 5m58s [root@k8s-master mnt]# vim myservice.yaml [root@k8s-master mnt]# kubectl create -f myservice.yaml service/myservice created [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m23s [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m25s [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:0/2 0 4m27s [root@k8s-master mnt]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10h myservice ClusterIP 10.102.35.5 <none> 80/TCP 49s [root@k8s-master mnt]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-58cc8c89f4-pzbrd 1/1 Running 23 10h coredns-58cc8c89f4-vmhl2 1/1 Running 23 10h etcd-k8s-master 1/1 Running 4 10h kube-apiserver-k8s-master 1/1 Running 4 10h kube-controller-manager-k8s-master 1/1 Running 21 10h kube-flannel-ds-amd64-c4fs4 1/1 Running 2 9h kube-flannel-ds-amd64-ct6mc 1/1 Running 2 9h kube-flannel-ds-amd64-mtzz9 1/1 Running 5 9h kube-proxy-9bdql 1/1 Running 2 9h kube-proxy-cv8lk 1/1 Running 2 9h kube-proxy-h8jk8 1/1 Running 4 10h kube-scheduler-k8s-master 1/1 Running 21 10h [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:1/2 0 5m58s
現象:發現變成1/2了
[root@k8s-master mnt]# cat mydb.yaml kind: Service apiVersion: v1 metadata: name: mydb spec: ports: - protocol: TCP port: 80 targetPort: 9377 [root@k8s-master mnt]#
[root@k8s-master mnt]# vim mydb.yaml [root@k8s-master mnt]# kubectl create -f mydb.yaml service/mydb created [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:1/2 0 11m [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 0/1 Init:1/2 0 11m [root@k8s-master mnt]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-pod 1/1 Running 0 12m [root@k8s-master mnt]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10h mydb ClusterIP 10.104.158.92 <none> 80/TCP 3m24s myservice ClusterIP 10.102.35.5 <none> 80/TCP 10m [root@k8s-master mnt]#
現象:myapp-pod起來了
說明
- 在 Pod 啟動過程中, Init 容器會按順序在網絡和數據卷初始化之后啟動。每個容器必須在下一個容器啟動之前成功退出
- 如果由於運行時或失敗退出,將導致容器啟動失敗,它會根據 Pod 的 restartPolicy 指定的策略進行重試。然而,如果 Pod 的 restartPolicy 設置為 Always , Init 容器失敗時會使用RestartPolicy 策略
- 在所有的 Init 容器沒有成功之前, Pod 將不會變成 Ready 狀態。 Init 容器的端口將不會在Service 中進行聚集。 正在初始化中的 Pod 處於 Pending 狀態,但應該會將 Initializing 狀態設置為 true
- 如果 Pod 重啟,所有 Init 容器必須重新執行
- 對 Init 容器 spec 的修改被限制在容器 image 字段,修改其他字段都不會生效。更改 Init容器的 image 字段,等價於重啟該 Pod
- Init 容器具有應用容器的所有字段。除了 readinessProbe ,因為 Init 容器無法定義不同於完成( completion )的就緒( readiness )之外的其他狀態。這會在驗證過程中強制
- 在 Pod 中的每個 app 和 Init 容器的名稱必須唯一;與任何其它容器共享同一個名稱,會在驗證時拋出錯誤