一、Pod镜像及端口
# kubectl explain pod.spec.containers
spec.containers <[]object>
- pod.spec.containers.imagePullPolicy:镜像的拉取策略
- name <string>
image <string>
imagePullPolicy: <string> #如果标签是latest则默认值是Always,如果是其他标签则默认值是IfNotPresent
Always:总是去仓库下载,latest标签的镜像用
Never:本地有就用,没有就不用
IfNotPresent:本地有用本地的,本地没有去仓库下载
- pod.spec.containers.ports:端口的暴露
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
二、Pod标签及标签选择器和注解
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
# kubectl get pods --show-labels #查看所有pod的标签
# kubectl get pods --show-labels -L app #显示拥有app标签的值
# kubectl get pods --show-labels -L app,run #显示多个标签的标签值
# kubectl get pods --show-labels -l app #过滤拥有app标签的pod
# kubectl get pods --show-labels -l app=myapp #基于等值的标签选择器(=, ==, !=)
# kubectl get pods --show-labels -l "app in (myapp,noapp)" #基于集合关系的标签选择器(in, ontin)
# kubectl label pods pod-demo release=canary #给pod打标
# kubectl label pods pod-demo release=stable --overwrite #修改标签的值
# kubectl get nodes --show-labels #基于nodeSelector节点选择器
# kubectl label node node01 disktype=ssd #给node01增加disktype=ssd的标签
spec:
nodeSelector: #使其pod只能运行在拥有disktype=ssd标签的node上
disktype: ssd
spec:
nodeName: node01 #使其pod只能运行在node01上
- annotations:与label不同的地方在于它不能用于挑选资源对象,仅用于为对象提供“元数据”
metadata:
annotations:
dongfei.tech/created-by: "cluster admin"
# kubectl describe pods pod-demo |grep Annotations
三、Pod生命周期
1、Pod生命周期中的行为
- init container:初始化容器,为主容器准备环境,可以有多个初始化容器(串行执行)
- main container:主容器
- post start:主容器启动后执行的程序
- liveness probe:存活状态监测,监测主进程是否正在运行
- readiness probe:就绪状态监测,监测主进程提供的服务是否就绪
- pre stop:主容器结束前执行的程序
2、Pod生命周期的状态
- Pending:挂起状态
- Running:运行状态
- Failed:失败状态
- Succeeded:成功状态
- Unknown:未知状态
3、Pod重启策略
spec:
restartPolicy:
Always:默认,总是重启
OnFailure:Pod失败则会重启
Never:不会重启
四、Pod容器存活性探测和就绪性探测
- 三种探针类型:ExecAction、TCPSocketAction、HTTPGetAction
1、存活性探测
- pods.spec.containers.livenessProbe.exec:存活性探测之exec探针
# cat liveness-exec.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c","touch /tmp/healthy; sleep 10; rm -rf /tmp/healthy; sleep 3600"]
livenessProbe:
exec:
command: ["test","-e","/tmp/healthy"] #探测命令
initialDelaySeconds: 1 #初始化延迟时间,默认0s
periodSeconds: 3 #隔多长时间探测一次,默认10s
failureThreshold: 3 #探测失败3次为失败,默认3次
successThreshold: 1 #探测成功1次为成功
restartPolicy: Always #探测失败时的重启策略
# kubectl get pods -w #监控POD状态
# kubectl describe pods liveness-exec-pod |grep "Restart Count" #查看Pod重启次数
- pods.spec.containers.livenessProbe.tcpSocket:存活性探测之tcpSocket探针
- pods.spec.containers.livenessProbe.httpGet:存活性探测之httpGet探针
# cat liveness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: dongfeimg/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
# kubectl exec -it liveness-httpget-pod -- /bin/sh #手动连入pod
/ # rm -f /usr/share/nginx/html/index.html #删除index.html文件,探测失败会重启
2、就绪性探测
- pods.spec.containers.readinessProbe.httpGet:就绪性探测之httpGet探针
# cat readiness-httpget.yaml
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: dongfeimg/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
readinessProbe:
httpGet:
port: http
path: /index.html
initialDelaySeconds: 1
periodSeconds: 3
五、启动后和终止前钩子
- pods.spec.containers.lifecycle.postStart:启动后钩子
# cat poststart-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: poststart-pod
namespace: default
spec:
containers:
- name: busybox-httpd
image: busybox:latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["mkdir","-p","/data/web/html"] #在command命令后执行此命令
command: ["/bin/sh","-c","sleep 3600"]
- pods.spec.containers.lifecycle.preStop:终止前钩子