五、kubernetes資源清單之Pod應用190709

1、Pod鏡像及端口

• 獲取幫助文檔

# kubectl explain pod.spec.containers
spec.containers <[]object>

• pod.spec.containers.imagePullPolicy：鏡像的拉取策略

- name <string>
  image <string>
  imagePullPolicy: <string>  #若是標籤是latest則默認值是Always，若是是其餘標籤則默認值是IfNotPresent
    Always：老是去倉庫下載，latest標籤的鏡像用
    Never：本地有就用，沒有就不用
    IfNotPresent：本地有用本地的，本地沒有去倉庫下載

• pod.spec.containers.ports：端口的暴露

ports:
  - name: http
    containerPort: 80
  - name: https
    containerPort: 443

• pod.spec.containers.command和args：至關於dockerfile中的ENTRYPOINT和CMD，將args當作參數傳遞給command；變量引用：$(VAR_NAME)；command和args的關係參考：https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

2、Pod標籤及標籤選擇器和註解

• pod標籤

metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend

# kubectl get pods --show-labels  #查看全部pod的標籤
# kubectl get pods --show-labels -L app  #顯示擁有app標籤的值
# kubectl get pods --show-labels -L app,run  #顯示多個標籤的標籤值
# kubectl get pods --show-labels -l app  #過濾擁有app標籤的pod
# kubectl get pods --show-labels -l app=myapp  #基於等值的標籤選擇器（=, ==, !=）
# kubectl get pods --show-labels -l "app in (myapp,noapp)"  #基於集合關係的標籤選擇器（in, ontin）

# kubectl label pods pod-demo release=canary  #給pod打標
# kubectl label pods pod-demo release=stable --overwrite  #修改標籤的值

• node標籤

# kubectl get nodes --show-labels  #基於nodeSelector節點選擇器
# kubectl label node node01 disktype=ssd  #給node01增長disktype=ssd的標籤

• nodeSelector

spec:
  nodeSelector:  #使其pod只能運行在擁有disktype=ssd標籤的node上
    disktype: ssd

• nodeName

spec:
  nodeName: node01  #使其pod只能運行在node01上

• annotations：與label不一樣的地方在於它不能用於挑選資源對象，僅用於爲對象提供「元數據」

metadata:
  annotations:
    dongfei.tech/created-by: "cluster admin"

# kubectl describe pods pod-demo |grep Annotations

3、Pod生命週期

一、Pod生命週期中的行爲

1. init container：初始化容器，爲主容器準備環境，能夠有多個初始化容器（串行執行）
2. main container：主容器
   1. post start：主容器啓動後執行的程序
   2. liveness probe：存活狀態監測，監測主進程是否正在運行
   3. readiness probe：就緒狀態監測，監測主進程提供的服務是否就緒
   4. pre stop：主容器結束前執行的程序

二、Pod生命週期的狀態

1. Pending：掛起狀態
2. Running：運行狀態
3. Failed：失敗狀態
4. Succeeded：成功狀態
5. Unknown：未知狀態

三、Pod重啓策略

spec:
  restartPolicy:
    Always：默認，老是重啓
    OnFailure：Pod失敗則會重啓
    Never：不會重啓

4、Pod容器存活性探測和就緒性探測

• 三種探針類型：ExecAction、TCPSocketAction、HTTPGetAction

一、存活性探測

• pods.spec.containers.livenessProbe.exec：存活性探測之exec探針

# cat liveness-exec.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: liveness-exec-pod
  namespace: default
spec:
  containers:
  - name: liveness-exec-container
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    command: ["/bin/sh", "-c","touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 3600"]
    livenessProbe:
      exec:
        command: ["test","-e","/tmp/healthy"]  #探測命令
      initialDelaySeconds: 1  #初始化延遲時間，默認0s
      periodSeconds: 3  #隔多長時間探測一次，默認10s
      failureThreshold: 3  #探測失敗3次爲失敗，默認3次
      successThreshold: 1  #探測成功1次爲成功
  restartPolicy: Always  #探測失敗時的重啓策略
# kubectl get pods -w  #監控POD狀態
# kubectl describe pods liveness-exec-pod |grep "Restart Count"  #查看Pod重啓次數

• pods.spec.containers.livenessProbe.tcpSocket：存活性探測之tcpSocket探針
• pods.spec.containers.livenessProbe.httpGet：存活性探測之httpGet探針

# cat liveness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
  name: liveness-httpget-pod
  namespace: default
spec:
  containers:
  - name: liveness-httpget-container
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    livenessProbe:
      httpGet:
        port: http
        path: /index.html
      initialDelaySeconds: 1
      periodSeconds: 3
# kubectl exec -it liveness-httpget-pod -- /bin/sh  #手動連入pod
/ # rm -f /usr/share/nginx/html/index.html  #刪除index.html文件，探測失敗會重啓

二、就緒性探測

• pods.spec.containers.readinessProbe.httpGet：就緒性探測之httpGet探針

# cat readiness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
  name: readiness-httpget-pod
  namespace: default
spec:
  containers:
  - name: readiness-httpget-container
    image: dongfeimg/myapp:v1
    imagePullPolicy: IfNotPresent
    ports:
    - name: http
      containerPort: 80
    readinessProbe:
      httpGet:
        port: http
        path: /index.html
      initialDelaySeconds: 1
      periodSeconds: 3

• 其餘參考存活性探測

5、啓動後和終止前鉤子

• pods.spec.containers.lifecycle.postStart：啓動後鉤子

# cat poststart-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: poststart-pod
  namespace: default
spec:
  containers:
  - name: busybox-httpd
    image: busybox:latest
    imagePullPolicy: IfNotPresent
    lifecycle:
      postStart:
        exec:
          command: ["mkdir","-p","/data/web/html"]  #在command命令後執行此命令
    command: ["/bin/sh","-c","sleep 3600"]

• pods.spec.containers.lifecycle.preStop：終止前鉤子