Pod--k8s最基礎的資源
我們想要的是單個容器只運行一個進程
然而有時我們需要多個進程協同工作,所以我們需要另外一種更加高級的結構將容器組合在一起---pod
Pod
-
我們來看一個最基本的pod
這個pod的image是我根據centos:7的鏡像構建的,很簡單,鏡像的Dockerfile如下:
FROM 192.168.80.84:5000/centos:7 entrypoint ["sleep"] cmd ["999"] # 一個容器必須要有一個守護進程才能夠運行起來 # 換言之,把Dockerfile中的sleep命令去掉,單純的一個centos是無法運行的
我們將這個鏡像作為pod的image運行起來:
kubectl run my-cmd --image=192.168.80.84:5000/centos_cmd:v1
使用-o yaml來看一下對應的yaml文件:
[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 # 指定apiVersion版本 kind: Pod # 對應的資源類型,這里為pod metadata: # 實例的元數據 creationTimestamp: "2021-01-13T02:36:02Z" labels: # 自動給實例打的標簽 run: my-cmd managedFields: # 為了方便內部管理的一組字段 - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: .: {} f:run: {} f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-run # 寫明該pod的啟動方式 operation: Update time: "2021-01-13T02:36:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T02:36:11Z" name: my-cmd # pod名 namespace: default # pod所處的命名空間 resourceVersion: "418695" # pod的版本數字,用於樂觀並發控制的,詳細信息請見之后的k8s核心原理 uid: 12e3b858-f79f-4378-8ea0-1103ea120c34 # pod實例的uid spec: # pod的實際說明 containers: # 定義pod中的容器,這里只有一個 - image: 192.168.80.84:5000/centos_cmd:v1 # 鏡像地址 imagePullPolicy: IfNotPresent # 鏡像的pull規則,指的是是否在創建pod的時候要pull鏡像,IdNotPresent表示本地不存在時才會去倉庫pull name: my-cmd # 容器名,即鏡像轉化為容器后的名字 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: # 掛載卷 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount # 掛載路徑 name: default-token-s9dfj # 卷名,這里掛載的其實是每個pod都會掛載的secret卷,用來進行身份驗證的 readOnly: true # 只讀 dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 # 分配到的節點,由調度器指定 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always # 指定當pod重啟時,該容器是否還會啟動,其實也就是制定該容器隨Pod的啟動而啟動 schedulerName: default-scheduler # 指定調度器,k8s中可以運行多個調度器實例,如果未指定則是默認調度器 securityContext: {} serviceAccount: default # 服務帳號 serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: # 卷 - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: # pod運行時的狀態 conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://965a9b86cc334705d3fbaac15d28ef6b0a20de8f00915c1ffdf4c025b1c29206 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: {} name: my-cmd ready: true restartCount: 0 started: true state: running: startedAt: "2021-01-13T02:36:09Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T02:36:02Z"可以發現其中的東西有些多,然而我們使用yaml文件創建pod時並不需要編寫這么多的東西,因為API server會幫我們添加其余的默認值
使用yaml文件手動創建一個pod:
apiVersion: v1 kind: Pod metadata: name: my-cmd spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 name: centos-cmd # 需要注意的是spec.containers中的name字段,這里的命名規則和pod的命名規則是一樣的,也就是如果"my_cmd"則會報錯 # 其次注意"Pod"的“P”要大寫我們來看一下這樣創建的pod的yaml文件:
kubectl create -f my-cmd.yaml,我們可以通過kubectl get pod my-cmd -o yaml來查看一下該pod[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: "2021-01-13T03:32:42Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-create # 這里的啟動方式有所不同,因為我們是通過create的方式創建的pod operation: Update time: "2021-01-13T03:32:42Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T04:39:23Z" name: my-cmd namespace: default resourceVersion: "429073" uid: 15d9f4f2-1fc8-4595-a00e-f96f52038ef9 spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 imagePullPolicy: IfNotPresent name: my-cmd resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-s9dfj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://d7fee9118b0d5d2ccaa346d4cd97130a9f744e9bf6ee1b1ae32dfa0e583c2b41 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: terminated: containerID: docker://0e6a82fe9e50924b7254fe06f131e43f3f66d8007de5524e31af38c6abd05d51 exitCode: 0 finishedAt: "2021-01-13T04:39:21Z" reason: Completed startedAt: "2021-01-13T04:22:42Z" name: my-cmd ready: true restartCount: 4 started: true state: running: startedAt: "2021-01-13T04:39:22Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T03:32:42Z" # 對一個字段的含義不清楚的話,可以使用"kubectl explain"來查看某一字段的含義 -
將本地網絡中的端口轉發給pod中的端口
首先我們可以使用一個nginx鏡像:
# 我已經先將nginx:alpine的鏡像推到了本地倉庫 關於alpine版本 早先的alpine版本的鏡像還有這段注釋,但是后來大多數都給刪掉了,特此記錄 ``` postgres:<version>-alpine This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar). ```
kubectl port-forward mynginx 8000:8080
這里設置的是端口轉發,允許我們不通過service的方式來和某個特定的pod進行通信
3. 停止和移除Pod
```kubectl delete <podName>```
***
### 使用標簽組織pod
> 標簽同樣是k8s資源中最重要的概念之一,很多功能的實現都需要依靠標簽選擇器
1. yaml文件中指定標簽
```yaml
apiVersion: v1
kind: Pod
metadata:
name: mynginx
labels: # 一個資源可以分配多個標簽
app: nginx
rel: alpine
spec:
......
-
查看資源時顯示標簽
正常查看資源時是不顯示標簽的,通過-o wide我們可以看到pod所在的節點和pod的ip,而通過“--show labels”參數,我們可以看到資源的標簽
[root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 0 11s app=nginx,rel=alpine # 這里是剛才我所打標簽的pod # 可能會發現我前面還有三個帶標簽的pod,這三個pod不是我使用這種方法創建的 # 實際上這三個pod是我創建的一個rs創建的 # 所以說標簽在k8s管理資源中的用處很大 -
查看指定標簽
我們可能只對一些標簽感興趣,那么我們可以通過“-L <標簽鍵名>”來只顯示指定標簽
[root@k8s-master01 centos]# kubectl get po -L app NAME READY STATUS RESTARTS AGE APP getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h getname my-cmd-labels 1/1 Running 0 6m46s nginx -
修改現有標簽
# 使用 kubectl label <resourceName> <instanceName> <labelKey>=<labelValue>,<labelKey>=<labelValue> 來添加新的標簽 [root@k8s-master01 centos]# kubectl label po my-cmd-labels node=node1 pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 0 11m app=nginx,node=node1,rel=alpine # 發現已經增加了新標簽 # 需要修改舊標簽,要添加“--overwrite”參數 [root@k8s-master01 centos]# kubectl label po my-cmd-labels rel=stable --overwrite pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> my-cmd-labels 1/1 Running 0 13m app=nginx,node=node1,rel=stable # 發現rel標簽已經重寫完成 -
使用標簽選擇器列出期望Pod
我們可不可以只顯示特定標簽的pod呢
# 我們可以使用"-l"參數,來使用標簽選擇器 [root@k8s-master01 centos]# kubectl get po -l rel=stable --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 20m app=nginx,node=node1,rel=stable 標簽選擇器當然不會只能根據特定的標簽對來篩選資源 # 我們可以光指定標簽的key,這樣就會顯示所有包含該標簽的資源 [root@k8s-master01 centos]# kubectl get po -l app --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 1 24m app=nginx,node=node1,rel=stable # 我們可以使用!=或!來篩選不包含某標簽或某標簽對的資源 # 需要注意的是,當你在篩選器中使用符號時,你應該在兩邊加上引號,否則shell無法理解你想要做什么 [root@k8s-master01 centos]# kubectl get po -l '!node' --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 [root@k8s-master01 centos]# kubectl get po -l "app!=getname" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 27m app=nginx,node=node1,rel=stable # 我們還可以使用in ()和 notin()來對標簽對進行更復雜的篩選 [root@k8s-master01 centos]# kubectl get po -l "app in (nginx)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 30m app=nginx,node=node1,rel=stable [root@k8s-master01 centos]# kubectl get po -l "app notin (getname)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 31m app=nginx,node=node1,rel=stable # 關於一次篩選多個條件,使用“,”分割 [root@k8s-master01 centos]# kubectl get po -l app=nginx,node=node1 --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 32m app=nginx,node=node1,rel=stable
使用標簽選擇器將pod調度到指定node
上一節中寫了可以給資源打標簽,而k8s中節點同樣也是一種資源,我們可以通過給節點打標簽的方式將pod運行到指定節點上
# 先給節點打上標簽
[root@k8s-master01 centos]# kubectl label node k8s-node01 node=node1
node/k8s-node01 labeled
[root@k8s-master01 centos]# kubectl label node k8s-node02 node=node2
node/k8s-node02 labeled
# 來查看一下
[root@k8s-master01 centos]# kubectl get node -L node
NAME STATUS ROLES AGE VERSION NODE
k8s-master01 Ready control-plane,master 18d v1.20.1
k8s-node01 Ready <none> 18d v1.20.1 node1
k8s-node02 Ready <none> 18d v1.20.1 node2
# 現在節點已經成功給兩個node打上標簽了
接下來我們來編輯yaml文件,來將pod分配到指定節點上
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node1
spec:
nodeSelector: # 在這里設置一個節點選擇器
node: "node1" # 只會被分配到節點標簽含有“node=node1”的節點上
containers:
- name: my-cmd-node1
image: 192.168.80.84:5000/centos_cmd:v1
--- # 在一個yaml文件中可以使用“---”來一次創建多個資源
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node2
spec:
nodeSelector:
node: "node2"
containers:
- name: my-cmd-node2
image: 192.168.80.84:5000/centos_cmd:v1
來看一下執行結果
[root@k8s-master01 centos]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-cmd-node1 1/1 Running 0 12s 10.32.0.8 k8s-node01 <none> <none>
my-cmd-node2 1/1 Running 0 12s 10.40.0.6 k8s-node02 <none> <none>
# 發現預設的pod確實分配到了期望的node上
關於命名空間
命名空間是一種在資源之上更高層面的作用域
這樣可以允許我們多次使用相同的資源名稱,也可以將一些系統層面的資源和用戶層面的相隔離
-
查看命名空間
命名空間也是一種資源,我們同樣可以使用get來查看
# 可以使用ns來簡寫namespace [root@k8s-master01 centos]# kubectl get ns NAME STATUS AGE default Active 18d kube-node-lease Active 18d kube-public Active 18d kube-system Active 18d # 可以使用"-n <namespaceName>"來指定命名空間 [root@k8s-master01 centos]# kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE coredns-7f89b7bc75-9z9g8 1/1 Running 13 18d coredns-7f89b7bc75-dmhjl 1/1 Running 13 18d etcd-k8s-master01 1/1 Running 26 18d kube-apiserver-k8s-master01 1/1 Running 26 18d kube-controller-manager-k8s-master01 1/1 Running 30 18d kube-proxy-s2rmh 1/1 Running 13 18d kube-proxy-wq2kz 1/1 Running 13 18d kube-proxy-wvcgk 1/1 Running 24 18d kube-scheduler-k8s-master01 1/1 Running 26 18d weave-net-9lhgf 2/2 Running 37 18d weave-net-dhv26 2/2 Running 36 18d weave-net-q95gm 2/2 Running 65 18d # 這里其實也可以看出k8s原理中的一條,即: # k8s中只用node的kubelet以實際進程的方式存在,其他的都是以pod的形式存在 # 這里可以看到 etcd、apiserver、proxy、schedule、controller等 -
創建命名空間
既可以使用命令
kubectl create namespace <namespaceName>來創建一個命名空間也可以通過編寫yaml文件的方式
apiVersion: v1 kind: Namespace metadata: name: custom-namespace # 然后使用kubectl create -f 來創建 -
指定命名空間創建對象
默認情況下我們是在default中創建資源的,通過“-n
”來指定命名空間 -
使用標簽選擇器刪除pod
# 仍然是通過"-l"來指定標簽選擇器 kubectl delete pod -l "app=nginx" -
刪除整個命名空間
kubectl delete ns <namespaceName>刪除命名空間后,會刪除其內的所有資源
-
刪除所有pod,保留命名空間
kubectl delete po -all -ns <namespaceName> -
刪除命名空間內的所有資源,保留命名空間
kubectl delete all -all -ns <namespaceName>