kubernetes和docker----2.學習Pod資源
Pod--k8s最基礎的資源
咱們想要的是單個容器只運行一個進程node
然而有時咱們須要多個進程協同工做,因此咱們須要另一種更加高級的結構將容器組合在一塊兒---podnginx
Pod
-
咱們來看一個最基本的podgit
這個pod的image是我根據centos:7的鏡像構建的,很簡單,鏡像的Dockerfile以下:docker
FROM 192.168.80.84:5000/centos:7 entrypoint ["sleep"] cmd ["999"] # 一個容器必需要有一個守護進程纔可以運行起來 # 換言之,把Dockerfile中的sleep命令去掉,單純的一個centos是沒法運行的
咱們將這個鏡像做爲pod的image運行起來:shell
kubectl run my-cmd --image=192.168.80.84:5000/centos_cmd:v1centos
使用-o yaml來看一下對應的yaml文件:api
[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 # 指定apiVersion版本 kind: Pod # 對應的資源類型,這裏爲pod metadata: # 實例的元數據 creationTimestamp: "2021-01-13T02:36:02Z" labels: # 自動給實例打的標籤 run: my-cmd managedFields: # 爲了方便內部管理的一組字段 - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: .: {} f:run: {} f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-run # 寫明該pod的啓動方式 operation: Update time: "2021-01-13T02:36:02Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T02:36:11Z" name: my-cmd # pod名 namespace: default # pod所處的命名空間 resourceVersion: "418695" # pod的版本數字,用於樂觀併發控制的,詳細信息請見以後的k8s核心原理 uid: 12e3b858-f79f-4378-8ea0-1103ea120c34 # pod實例的uid spec: # pod的實際說明 containers: # 定義pod中的容器,這裏只有一個 - image: 192.168.80.84:5000/centos_cmd:v1 # 鏡像地址 imagePullPolicy: IfNotPresent # 鏡像的pull規則,指的是是否在建立pod的時候要pull鏡像,IdNotPresent表示本地不存在時纔會去倉庫pull name: my-cmd # 容器名,即鏡像轉化爲容器後的名字 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: # 掛載卷 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount # 掛載路徑 name: default-token-s9dfj # 卷名,這裏掛載的實際上是每一個pod都會掛載的secret卷,用來進行身份驗證的 readOnly: true # 只讀 dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 # 分配到的節點,由調度器指定 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always # 指定當pod重啓時,該容器是否還會啓動,其實也就是制定該容器隨Pod的啓動而啓動 schedulerName: default-scheduler # 指定調度器,k8s中能夠運行多個調度器實例,若是未指定則是默認調度器 securityContext: {} serviceAccount: default # 服務賬號 serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: # 卷 - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: # pod運行時的狀態 conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:10Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T02:36:02Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://965a9b86cc334705d3fbaac15d28ef6b0a20de8f00915c1ffdf4c025b1c29206 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: {} name: my-cmd ready: true restartCount: 0 started: true state: running: startedAt: "2021-01-13T02:36:09Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T02:36:02Z"能夠發現其中的東西有些多,然而咱們使用yaml文件建立pod時並不須要編寫這麼多的東西,由於API server會幫咱們添加其他的默認值bash
使用yaml文件手動建立一個pod:markdown
apiVersion: v1 kind: Pod metadata: name: my-cmd spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 name: centos-cmd # 須要注意的是spec.containers中的name字段,這裏的命名規則和pod的命名規則是同樣的,也就是若是"my_cmd"則會報錯 # 其次注意"Pod"的「P」要大寫咱們來看一下這樣建立的pod的yaml文件:
kubectl create -f my-cmd.yaml,咱們能夠經過kubectl get pod my-cmd -o yaml來查看一下該pod網絡[root@k8s-master01 centos]# kubectl get pod my-cmd -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: "2021-01-13T03:32:42Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:spec: f:containers: k:{"name":"my-cmd"}: .: {} f:image: {} f:imagePullPolicy: {} f:name: {} f:resources: {} f:terminationMessagePath: {} f:terminationMessagePolicy: {} f:dnsPolicy: {} f:enableServiceLinks: {} f:restartPolicy: {} f:schedulerName: {} f:securityContext: {} f:terminationGracePeriodSeconds: {} manager: kubectl-create # 這裏的啓動方式有所不一樣,由於咱們是經過create的方式建立的pod operation: Update time: "2021-01-13T03:32:42Z" - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:status: f:conditions: k:{"type":"ContainersReady"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Initialized"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} k:{"type":"Ready"}: .: {} f:lastProbeTime: {} f:lastTransitionTime: {} f:status: {} f:type: {} f:containerStatuses: {} f:hostIP: {} f:phase: {} f:podIP: {} f:podIPs: .: {} k:{"ip":"10.40.0.4"}: .: {} f:ip: {} f:startTime: {} manager: kubelet operation: Update time: "2021-01-13T04:39:23Z" name: my-cmd namespace: default resourceVersion: "429073" uid: 15d9f4f2-1fc8-4595-a00e-f96f52038ef9 spec: containers: - image: 192.168.80.84:5000/centos_cmd:v1 imagePullPolicy: IfNotPresent name: my-cmd resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-s9dfj readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true nodeName: k8s-node02 preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-s9dfj secret: defaultMode: 420 secretName: default-token-s9dfj status: conditions: - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2021-01-13T04:39:23Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2021-01-13T03:32:42Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://d7fee9118b0d5d2ccaa346d4cd97130a9f744e9bf6ee1b1ae32dfa0e583c2b41 image: 192.168.80.84:5000/centos_cmd:v1 imageID: docker-pullable://192.168.80.84:5000/centos_cmd@sha256:948479967390e7a98979d4b98beec6dfa3fc92c6ce832ece882e8b1843e0779f lastState: terminated: containerID: docker://0e6a82fe9e50924b7254fe06f131e43f3f66d8007de5524e31af38c6abd05d51 exitCode: 0 finishedAt: "2021-01-13T04:39:21Z" reason: Completed startedAt: "2021-01-13T04:22:42Z" name: my-cmd ready: true restartCount: 4 started: true state: running: startedAt: "2021-01-13T04:39:22Z" hostIP: 192.168.80.83 phase: Running podIP: 10.40.0.4 podIPs: - ip: 10.40.0.4 qosClass: BestEffort startTime: "2021-01-13T03:32:42Z" # 對一個字段的含義不清楚的話,可使用"kubectl explain"來查看某一字段的含義 -
將本地網絡中的端口轉發給pod中的端口
首先咱們可使用一個nginx鏡像:
# 我已經先將nginx:alpine的鏡像推到了本地倉庫 關於alpine版本 早先的alpine版本的鏡像還有這段註釋,可是後來大多數都給刪掉了,特此記錄 ``` postgres:<version>-alpine This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar). ```
kubectl port-forward mynginx 8000:8080
這裏設置的是端口轉發,容許咱們不經過service的方式來和某個特定的pod進行通訊
3. 中止和移除Pod
```kubectl delete <podName>```
***
### 使用標籤組織pod
> 標籤一樣是k8s資源中最重要的概念之一,不少功能的實現都須要依靠標籤選擇器
1. yaml文件中指定標籤
```yaml
apiVersion: v1
kind: Pod
metadata:
name: mynginx
labels: # 一個資源能夠分配多個標籤
app: nginx
rel: alpine
spec:
......
-
查看資源時顯示標籤
正常查看資源時是不顯示標籤的,經過-o wide咱們能夠看到pod所在的節點和pod的ip,而經過「--show labels」參數,咱們能夠看到資源的標籤
[root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 0 11s app=nginx,rel=alpine # 這裏是剛纔我所打標籤的pod # 可能會發現我前面還有三個帶標籤的pod,這三個pod不是我使用這種方法建立的 # 實際上這三個pod是我建立的一個rs建立的 # 因此說標籤在k8s管理資源中的用處很大
-
查看指定標籤
咱們可能只對一些標籤感興趣,那麼咱們能夠經過「-L <標籤鍵名>」來只顯示指定標籤
[root@k8s-master01 centos]# kubectl get po -L app NAME READY STATUS RESTARTS AGE APP getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h getname getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h getname my-cmd-labels 1/1 Running 0 6m46s nginx
-
修改現有標籤
# 使用 kubectl label <resourceName> <instanceName> <labelKey>=<labelValue>,<labelKey>=<labelValue> 來添加新的標籤 [root@k8s-master01 centos]# kubectl label po my-cmd-labels node=node1 pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 0 11m app=nginx,node=node1,rel=alpine # 發現已經增長了新標籤 # 須要修改舊標籤,要添加「--overwrite」參數 [root@k8s-master01 centos]# kubectl label po my-cmd-labels rel=stable --overwrite pod/my-cmd-labels labeled [root@k8s-master01 centos]# kubectl get po --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> my-cmd-labels 1/1 Running 0 13m app=nginx,node=node1,rel=stable # 發現rel標籤已經重寫完成
-
使用標籤選擇器列出指望Pod
咱們可不能夠只顯示特定標籤的pod呢
# 咱們可使用"-l"參數,來使用標籤選擇器 [root@k8s-master01 centos]# kubectl get po -l rel=stable --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 20m app=nginx,node=node1,rel=stable 標籤選擇器固然不會只能根據特定的標籤對來篩選資源 # 咱們能夠光指定標籤的key,這樣就會顯示全部包含該標籤的資源 [root@k8s-master01 centos]# kubectl get po -l app --show-labels NAME READY STATUS RESTARTS AGE LABELS getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 my-cmd-labels 1/1 Running 1 24m app=nginx,node=node1,rel=stable # 咱們可使用!=或!來篩選不包含某標籤或某標籤對的資源 # 須要注意的是,當你在篩選器中使用符號時,你應該在兩邊加上引號,不然shell沒法理解你想要作什麼 [root@k8s-master01 centos]# kubectl get po -l '!node' --show-labels NAME READY STATUS RESTARTS AGE LABELS fortune-env 2/2 Running 8 7d4h <none> getname-deploy-68bd4cc6b4-j7gxz 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-pt2cb 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 getname-deploy-68bd4cc6b4-srqfn 1/1 Running 4 6d21h app=getname,pod-template-hash=68bd4cc6b4 [root@k8s-master01 centos]# kubectl get po -l "app!=getname" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 27m app=nginx,node=node1,rel=stable # 咱們還可使用in ()和 notin()來對標籤對進行更復雜的篩選 [root@k8s-master01 centos]# kubectl get po -l "app in (nginx)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 30m app=nginx,node=node1,rel=stable [root@k8s-master01 centos]# kubectl get po -l "app notin (getname)" --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 31m app=nginx,node=node1,rel=stable # 關於一次篩選多個條件,使用「,」分割 [root@k8s-master01 centos]# kubectl get po -l app=nginx,node=node1 --show-labels NAME READY STATUS RESTARTS AGE LABELS my-cmd-labels 1/1 Running 1 32m app=nginx,node=node1,rel=stable
使用標籤選擇器將pod調度到指定node
上一節中寫了能夠給資源打標籤,而k8s中節點一樣也是一種資源,咱們能夠經過給節點打標籤的方式將pod運行到指定節點上
# 先給節點打上標籤 [root@k8s-master01 centos]# kubectl label node k8s-node01 node=node1 node/k8s-node01 labeled [root@k8s-master01 centos]# kubectl label node k8s-node02 node=node2 node/k8s-node02 labeled # 來查看一下 [root@k8s-master01 centos]# kubectl get node -L node NAME STATUS ROLES AGE VERSION NODE k8s-master01 Ready control-plane,master 18d v1.20.1 k8s-node01 Ready <none> 18d v1.20.1 node1 k8s-node02 Ready <none> 18d v1.20.1 node2 # 如今節點已經成功給兩個node打上標籤了
接下來咱們來編輯yaml文件,來將pod分配到指定節點上
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node1
spec:
nodeSelector: # 在這裏設置一個節點選擇器
node: "node1" # 只會被分配到節點標籤含有「node=node1」的節點上
containers:
- name: my-cmd-node1
image: 192.168.80.84:5000/centos_cmd:v1
--- # 在一個yaml文件中可使用「---」來一次建立多個資源
apiVersion: v1
kind: Pod
metadata:
name: my-cmd-node2
spec:
nodeSelector:
node: "node2"
containers:
- name: my-cmd-node2
image: 192.168.80.84:5000/centos_cmd:v1
來看一下執行結果
[root@k8s-master01 centos]# kubectl get po -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES my-cmd-node1 1/1 Running 0 12s 10.32.0.8 k8s-node01 <none> <none> my-cmd-node2 1/1 Running 0 12s 10.40.0.6 k8s-node02 <none> <none> # 發現預設的pod確實分配到了指望的node上
關於命名空間
命名空間是一種在資源之上更高層面的做用域
這樣能夠容許咱們屢次使用相同的資源名稱,也能夠將一些系統層面的資源和用戶層面的相隔離
-
查看命名空間
命名空間也是一種資源,咱們一樣可使用get來查看
# 可使用ns來簡寫namespace [root@k8s-master01 centos]# kubectl get ns NAME STATUS AGE default Active 18d kube-node-lease Active 18d kube-public Active 18d kube-system Active 18d # 可使用"-n <namespaceName>"來指定命名空間 [root@k8s-master01 centos]# kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE coredns-7f89b7bc75-9z9g8 1/1 Running 13 18d coredns-7f89b7bc75-dmhjl 1/1 Running 13 18d etcd-k8s-master01 1/1 Running 26 18d kube-apiserver-k8s-master01 1/1 Running 26 18d kube-controller-manager-k8s-master01 1/1 Running 30 18d kube-proxy-s2rmh 1/1 Running 13 18d kube-proxy-wq2kz 1/1 Running 13 18d kube-proxy-wvcgk 1/1 Running 24 18d kube-scheduler-k8s-master01 1/1 Running 26 18d weave-net-9lhgf 2/2 Running 37 18d weave-net-dhv26 2/2 Running 36 18d weave-net-q95gm 2/2 Running 65 18d # 這裏其實也能夠看出k8s原理中的一條,即: # k8s中只用node的kubelet以實際進程的方式存在,其餘的都是以pod的形式存在 # 這裏能夠看到 etcd、apiserver、proxy、schedule、controller等
-
建立命名空間
既可使用命令
kubectl create namespace <namespaceName>來建立一個命名空間也能夠經過編寫yaml文件的方式
apiVersion: v1 kind: Namespace metadata: name: custom-namespace # 而後使用kubectl create -f 來建立 -
指定命名空間建立對象
默認狀況下咱們是在default中建立資源的,經過「-n
」來指定命名空間 -
使用標籤選擇器刪除pod
# 仍然是經過"-l"來指定標籤選擇器 kubectl delete pod -l "app=nginx"
-
刪除整個命名空間
kubectl delete ns <namespaceName>刪除命名空間後,會刪除其內的全部資源
-
刪除全部pod,保留命名空間
kubectl delete po -all -ns <namespaceName> -
刪除命名空間內的全部資源,保留命名空間
kubectl delete all -all -ns <namespaceName>
相關文章
- 1. Kubernetes Pod 資源限制
- 2. Kubernetes--Pod資源管理
- 3. Kubernetes-核心資源之Pod
- 4. Kubernetes學習之路(二十二)之Pod資源調度
- 5. 【Kubernetes】——pod資源深度解析
- 6. 【kubernetes/k8s概念】pod 資源 request 與 limit
- 7. Kubernetes學習資源彙總
- 8. kubernetes快速入門-資源清單及初識pod資源
- 9. kubernetes的調度 資源管理(QoS, Pod親和度, 資源優先級)
- 10. kubernetes調度之pod優先級和資源搶佔
- 更多相關文章...
- • Docker 資源彙總 - Docker教程
- • 您已經學習了 XML Schema,下一步學習什麼呢? - XML Schema 教程
- • 適用於PHP初學者的學習線路和建議
- • Tomcat學習筆記(史上最全tomcat學習筆記)
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
歡迎關注本站公眾號,獲取更多信息
相關文章