Pod--k8s最基礎的資源
我們想要的是單個容器只執行一個程式
然而有時我們需要多個程式協同工作,所以我們需要另外一種更加高階的結構將容器組合在一起---pod
Pod
-
我們來看一個最基本的pod
這個pod的image是我根據centos:7的映象構建的,很簡單,映象的Dockerfile如下:
FROM 192.168.80.84:5000/centos:7 entrypoint ["sleep"] cmd ["999"] # 一個容器必須要有一個守護程式才能夠執行起來 # 換言之,把Dockerfile中的sleep命令去掉,單純的一個centos是無法執行的
我們將這個映象作為pod的image執行起來:
kubectl run my-cmd --image=192.168.80.84:5000/centos_cmd:v1
使用-o yaml來看一下對應的yaml檔案:
[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 # 指定apiVersion版本 kind: Pod # 對應的資源型別,這裡為pod metadata: # 例項的後設資料 creationTimestamp: "2021-01-13T02:36:02Z" labels: # 自動給例項打的標籤 run: my-cmd managedFields: # 為了方便內部管理的一組欄位 - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: .: {} f:run: {} f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-run # 寫明該pod的啟動方式 operation: Update time: "2021-01-13T02:36:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T02:36:11Z" name: my-cmd # pod名 namespace: default # pod所處的名稱空間 resourceVersion: "418695" # pod的版本數字,用於樂觀併發控制的,詳細資訊請見之後的k8s核心原理 uid: 12e3b858-f79f-4378-8ea0-1103ea120c34 # pod例項的uid spec: # pod的實際說明 containers: # 定義pod中的容器,這裡只有一個 - image: 192.168.80.84:5000/centos_cmd:v1 # 映象地址 imagePullPolicy: IfNotPresent # 映象的pull規則,指的是是否在建立pod的時候要pull映象,IdNotPresent表示本地不存在時才會去倉庫pull name: my-cmd # 容器名,即映象轉化為容器後的名字 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: # 掛載卷 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount # 掛載路徑 name: default-token-s9dfj # 卷名,這裡掛載的其實是每個pod都會掛載的secret卷,用來進行身份驗證的 readOnly: true # 只讀 dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 # 分配到的節點,由排程器指定 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always # 指定當pod重啟時,該容器是否還會啟動,其實也就是制定該容器隨Pod的啟動而啟動 schedulerName: default-scheduler # 指定排程器,k8s中可以執行多個排程器例項,如果未指定則是預設排程器 securityContext: {} serviceAccount: default # 服務帳號 serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: # 卷 - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: # pod執行時的狀態 conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://965a9b86cc334705d3fbaac15d28ef6b0a20de8f00915c1ffdf4c025b1c29206 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: {} name: my-cmd ready: true restartCount: 0 started: true state: running: startedAt: "2021-01-13T02:36:09Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T02:36:02Z"可以發現其中的東西有些多,然而我們使用yaml檔案建立pod時並不需要編寫這麼多的東西,因為API server會幫我們新增其餘的預設值
使用yaml檔案手動建立一個pod:
apiVersion: v1 kind: Pod metadata: name: my-cmd spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 name: centos-cmd # 需要注意的是spec.containers中的name欄位,這裡的命名規則和pod的命名規則是一樣的,也就是如果"my_cmd"則會報錯 # 其次注意"Pod"的“P”要大寫我們來看一下這樣建立的pod的yaml檔案:
kubectl create -f my-cmd.yaml,我們可以通過kubectl get pod my-cmd -o yaml來檢視一下該pod[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: "2021-01-13T03:32:42Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-create # 這裡的啟動方式有所不同,因為我們是通過create的方式建立的pod operation: Update time: "2021-01-13T03:32:42Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T04:39:23Z" name: my-cmd namespace: default resourceVersion: "429073" uid: 15d9f4f2-1fc8-4595-a00e-f96f52038ef9 spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 imagePullPolicy: IfNotPresent name: my-cmd resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-s9dfj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://d7fee9118b0d5d2ccaa346d4cd97130a9f744e9bf6ee1b1ae32dfa0e583c2b41 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: terminated: containerID: docker://0e6a82fe9e50924b7254fe06f131e43f3f66d8007de5524e31af38c6abd05d51 exitCode: 0 finishedAt: "2021-01-13T04:39:21Z" reason: Completed startedAt: "2021-01-13T04:22:42Z" name: my-cmd ready: true restartCount: 4 started: true state: running: startedAt: "2021-01-13T04:39:22Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T03:32:42Z" # 對一個欄位的含義不清楚的話,可以使用"kubectl explain"來檢視某一欄位的含義 -
將本地網路中的埠轉發給pod中的埠
首先我們可以使用一個nginx映象:
# 我已經先將nginx:alpine的映象推到了本地倉庫 關於alpine版本 早先的alpine版本的映象還有這段註釋,但是後來大多數都給刪掉了,特此記錄 ``` postgres:<version>-alpine This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar). ```
kubectl port-forward mynginx 8000:8080
這裡設定的是埠轉發,允許我們不通過service的方式來和某個特定的pod進行通訊
3. 停止和移除Pod
```kubectl delete <podName>```
***
### 使用標籤組織pod
> 標籤同樣是k8s資源中最重要的概念之一,很多功能的實現都需要依靠標籤選擇器
1. yaml檔案中指定標籤
```yaml
apiVersion: v1
kind: Pod
metadata:
name: mynginx
labels: # 一個資源可以分配多個標籤
app: nginx
rel: alpine
spec:
......
-
檢視資源時顯示標籤
正常檢視資源時是不顯示標籤的,通過-o wide我們可以看到pod所在的節點和pod的ip,而通過“--show labels”引數,我們可以看到資源的標籤
[root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 0 11s app=nginx,rel=alpine # 這裡是剛才我所打標籤的pod # 可能會發現我前面還有三個帶標籤的pod,這三個pod不是我使用這種方法建立的 # 實際上這三個pod是我建立的一個rs建立的 # 所以說標籤在k8s管理資源中的用處很大 -
檢視指定標籤
我們可能只對一些標籤感興趣,那麼我們可以通過“-L <標籤鍵名>”來只顯示指定標籤
[root@k8s-master01 centos]# kubectl get po -L app NAME READY STATUS RESTARTS AGE APP getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h getname my-cmd-labels 1/1 Running 0 6m46s nginx -
修改現有標籤
# 使用 kubectl label <resourceName> <instanceName> <labelKey>=<labelValue>,<labelKey>=<labelValue> 來新增新的標籤 [root@k8s-master01 centos]# kubectl label po my-cmd-labels node=node1 pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 0 11m app=nginx,node=node1,rel=alpine # 發現已經增加了新標籤 # 需要修改舊標籤,要新增“--overwrite”引數 [root@k8s-master01 centos]# kubectl label po my-cmd-labels rel=stable --overwrite pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> my-cmd-labels 1/1 Running 0 13m app=nginx,node=node1,rel=stable # 發現rel標籤已經重寫完成 -
使用標籤選擇器列出期望Pod
我們可不可以只顯示特定標籤的pod呢
# 我們可以使用"-l"引數,來使用標籤選擇器 [root@k8s-master01 centos]# kubectl get po -l rel=stable --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 20m app=nginx,node=node1,rel=stable 標籤選擇器當然不會只能根據特定的標籤對來篩選資源 # 我們可以光指定標籤的key,這樣就會顯示所有包含該標籤的資源 [root@k8s-master01 centos]# kubectl get po -l app --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 1 24m app=nginx,node=node1,rel=stable # 我們可以使用!=或!來篩選不包含某標籤或某標籤對的資源 # 需要注意的是,當你在篩選器中使用符號時,你應該在兩邊加上引號,否則shell無法理解你想要做什麼 [root@k8s-master01 centos]# kubectl get po -l '!node' --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 [root@k8s-master01 centos]# kubectl get po -l "app!=getname" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 27m app=nginx,node=node1,rel=stable # 我們還可以使用in ()和 notin()來對標籤對進行更復雜的篩選 [root@k8s-master01 centos]# kubectl get po -l "app in (nginx)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 30m app=nginx,node=node1,rel=stable [root@k8s-master01 centos]# kubectl get po -l "app notin (getname)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 31m app=nginx,node=node1,rel=stable # 關於一次篩選多個條件,使用“,”分割 [root@k8s-master01 centos]# kubectl get po -l app=nginx,node=node1 --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 32m app=nginx,node=node1,rel=stable
使用標籤選擇器將pod排程到指定node
上一節中寫了可以給資源打標籤,而k8s中節點同樣也是一種資源,我們可以通過給節點打標籤的方式將pod執行到指定節點上
# 先給節點打上標籤
[root@k8s-master01 centos]# kubectl label node k8s-node01 node=node1
node/k8s-node01 labeled
[root@k8s-master01 centos]# kubectl label node k8s-node02 node=node2
node/k8s-node02 labeled
# 來檢視一下
[root@k8s-master01 centos]# kubectl get node -L node
NAME STATUS ROLES AGE VERSION NODE
k8s-master01 Ready control-plane,master 18d v1.20.1
k8s-node01 Ready <none> 18d v1.20.1 node1
k8s-node02 Ready <none> 18d v1.20.1 node2
# 現在節點已經成功給兩個node打上標籤了
接下來我們來編輯yaml檔案,來將pod分配到指定節點上
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node1
spec:
nodeSelector: # 在這裡設定一個節點選擇器
node: "node1" # 只會被分配到節點標籤含有“node=node1”的節點上
containers:
- name: my-cmd-node1
image: 192.168.80.84:5000/centos_cmd:v1
--- # 在一個yaml檔案中可以使用“---”來一次建立多個資源
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node2
spec:
nodeSelector:
node: "node2"
containers:
- name: my-cmd-node2
image: 192.168.80.84:5000/centos_cmd:v1
來看一下執行結果
[root@k8s-master01 centos]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-cmd-node1 1/1 Running 0 12s 10.32.0.8 k8s-node01 <none> <none>
my-cmd-node2 1/1 Running 0 12s 10.40.0.6 k8s-node02 <none> <none>
# 發現預設的pod確實分配到了期望的node上
關於名稱空間
名稱空間是一種在資源之上更高層面的作用域
這樣可以允許我們多次使用相同的資源名稱,也可以將一些系統層面的資源和使用者層面的相隔離
-
檢視名稱空間
名稱空間也是一種資源,我們同樣可以使用get來檢視
# 可以使用ns來簡寫namespace [root@k8s-master01 centos]# kubectl get ns NAME STATUS AGE default Active 18d kube-node-lease Active 18d kube-public Active 18d kube-system Active 18d # 可以使用"-n <namespaceName>"來指定名稱空間 [root@k8s-master01 centos]# kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE coredns-7f89b7bc75-9z9g8 1/1 Running 13 18d coredns-7f89b7bc75-dmhjl 1/1 Running 13 18d etcd-k8s-master01 1/1 Running 26 18d kube-apiserver-k8s-master01 1/1 Running 26 18d kube-controller-manager-k8s-master01 1/1 Running 30 18d kube-proxy-s2rmh 1/1 Running 13 18d kube-proxy-wq2kz 1/1 Running 13 18d kube-proxy-wvcgk 1/1 Running 24 18d kube-scheduler-k8s-master01 1/1 Running 26 18d weave-net-9lhgf 2/2 Running 37 18d weave-net-dhv26 2/2 Running 36 18d weave-net-q95gm 2/2 Running 65 18d # 這裡其實也可以看出k8s原理中的一條,即: # k8s中只用node的kubelet以實際程式的方式存在,其他的都是以pod的形式存在 # 這裡可以看到 etcd、apiserver、proxy、schedule、controller等 -
建立名稱空間
既可以使用命令
kubectl create namespace <namespaceName>來建立一個名稱空間也可以通過編寫yaml檔案的方式
apiVersion: v1 kind: Namespace metadata: name: custom-namespace # 然後使用kubectl create -f 來建立 -
指定名稱空間建立物件
預設情況下我們是在default中建立資源的,通過“-n
”來指定名稱空間 -
使用標籤選擇器刪除pod
# 仍然是通過"-l"來指定標籤選擇器 kubectl delete pod -l "app=nginx" -
刪除整個名稱空間
kubectl delete ns <namespaceName>刪除名稱空間後,會刪除其內的所有資源
-
刪除所有pod,保留名稱空間
kubectl delete po -all -ns <namespaceName> -
刪除名稱空間內的所有資源,保留名稱空間
kubectl delete all -all -ns <namespaceName>