Pod基本概念
最小部署单元 一组容器的组合 一个Pod中的容器共享网络命名空间与存储 Pod是短暂的
Pod为亲密性应用而存在
亲密性应用场景
- 两个应用之间发生文件交互
- 两个应用要通过127.0.0.1或socket通信
- 两个应用需要发送频发的调用
Pod实现机制
共享网络
共享存储
实例,查看网络共享是怎么实现的
导出已经运行的模板
首先查看运行的pod
kubectl get pods
导出pod模板为yaml文件
kubectl get pods java-demo-b76fc7876-5qjgn -o yaml>pod.yaml
内容如下
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2019-12-24T02:23:16Z"
generateName: java-demo-b76fc7876-
labels:
app: java-demo
pod-template-hash: b76fc7876
name: java-demo-b76fc7876-5qjgn
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: java-demo-b76fc7876
uid: cda02c20-8619-44ef-adad-892ed4bc731d
resourceVersion: "735811"
selfLink: /api/v1/namespaces/default/pods/java-demo-b76fc7876-5qjgn
uid: 07a0a636-62d5-44bf-8bc6-0224fbf01cf2
spec:
containers:
- image: yueming33990/java-demo
imagePullPolicy: Always
name: java-demo
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-44pnx
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node2
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-44pnx
secret:
defaultMode: 420
secretName: default-token-44pnx
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-12-24T02:23:16Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-12-24T02:25:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-12-24T02:25:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-12-24T02:23:16Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://f73622a1a10253a36ec01521071fa5fecf5bdec83217a18403001a51b6a821a9
image: yueming33990/java-demo:latest
imageID: docker-pullable://yueming33990/java-demo@sha256:c1d14557eaa5da1604447d6ce8538aa01411c0b85fc47b512c3eadeb11b620cf
lastState: {}
name: java-demo
ready: true
restartCount: 0
state:
running:
startedAt: "2019-12-24T02:25:46Z"
hostIP: 192.168.1.13
phase: Running
podIP: 10.244.2.4
qosClass: BestEffort
startTime: "2019-12-24T02:23:16Z"
去除不需要的字段修改
apiVersion: v1
kind: Pod
metadata:
labels:
app: my-pod
name: my-pod
namespace: default
spec:
containers:
- image: nginx
name: nginx
image: nginx
- image: java-demo
name: java
image: lizhenliang/java-demo:latest
启动
kubectl apply -f pod.yaml
查看是否启动
kubectl get pods
因为yaml定义了两个容器所以启动了两个容器
进入其中一个容器
kubectl exec -it my-pod -c java bash
java是刚刚命名的名字,bash是解释器
查看进程运行了java
ps -ef
查看分配的ip
进入nginx容器 查看ip 与java里面的ip是一样的
kubectl exec -it my-pod -c nginx bash
安装ifconfig工具
apt-get update
需要更新一下才能安装ifconfig工具
apt-get install net-tools/stable
查看ip ip和mac地址都和容器java是一样的
网络使用命名空间共享
存储共享通过数据卷的方式
需要持久的数据
- 临时数据
- 日志
- 数据库data
当有状态的应用pod需要偏移时可以保证数据的持久
删除已经运行的my-pod
kubectl delete pod my-pod
编辑emtydir.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: write
image: centos
command: ["bash","-c","for i in {1..100};do echo $i >> /data/hello;sleep 1;done"]
volumeMounts:
- name: data
mountPath: /data
- name: read
image: centos
command: ["bash","-c","tail -f /data/hello"]
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
emptyDir: {}
该pod创建了两个容器,两个都是centos一个是写一个是读,写的产出数据,写到当前容器的/data/hello文件中
volumes定义一个empty 会在当前节点创建一个空目录,让两个容器都挂载该空目录,一个往空目录里面写,另外一个往空目录读取
运行
kubectl apply -f emtydir.yaml
查看是否启动
kubectl get pods
分别进入容器查看文件
kubectl exec -it my-pod -c write bash kubectl exec -it my-pod -c read bash
也可以通过查看容器read的日志查看
kubectl logs my-pod -c read
会不停地运行这个写入及输出的过程
Pod容器分类与设计模式
Infrastructure Container:基础容器
维护整个Pod网络空间
InitContainer:初始化容器
先于业务容器开始执行
Containers: 业务容器
并行启动
首先创建Infrastructure容器 再创建初始化容器 再创建业务容器
Pod Template常用功能字段解析
- 变量
- 拉取镜像
- 资源限制
- 健康检查