zoukankan      html  css  js  c++  java
  • docker+k8s基础篇三

    Docker+K8s基础篇(三)


    •  kubernetes上的资源

      • A:k8s上的常用资源
    • Pod的配置清单

      • A:Pod上的清单定义
      • B:Pod创建资源的方法
      • C:spec下其它字段的介绍
    • Pod的生命周期

      • A:Pod的生命周期阶段
      • B:容器的两种探测(探针)
      • C:容器启动后和终止前钩子

    ♣一:kubernetes的资源

    A:k8s上的常用资源:

    1:workload(工作负载型对象):
    pod,Replicaset,Deployment,statefulSet,DaemonSet,Job,Cronjob,.....(以及各种各样的pod控制器)deployment
    2:服务发现和负载均衡:
    Service,Ingress,....
    3:配置和存储:
    Volume,CSI(K8S上的容器存储接口,用来扩展各种第三方的存储卷)
    配置相关:
    ConfigMap(配置中心类型的存储对象),Secret(主要功能和ConfigMap相似,但是用于存储敏感数据),.....
    外部信息输出给容器:
    DownwardAPI,......
    4:集群级的资源:(之前的pod资源默认都是在default名称空间里面的),但是有些资源需要在集群级内部进行定义。
    Namespace,Node,Role(角色),ClusterRole(集群角色),RoleBinding(角色绑定),ClusteRoleBinding(集群角色绑定)
    5:元数据型资源:
    HPA,PodTemplate(用于控制器创建pod的模板),LimitRange(定义资源限制)

    ♣二:Pod的配置清单

    A:Pod上的清单定义:

    我们前面都使用命令来创建pods,但是这种形式创建pods资源的时候不能人为的定义其内部的配置。

    [root@www .kube]# kubectl get pod myapp-5bc569c47d-jh6qk -o yaml  (我们可以通过查看pods资源信息的时候加上-o yaml来查看pods资源的详细信息,而这些详细信息的展示方式也是我们接下来要使用的配置清单来创建pods资源的形式。
    apiVersion: v1  api群组的名称和版本
    在实际定义中我们会使用group(组名)/version(版本)来定义的,如果没有定义组名,默认是cron(核心组)
    kind: Pod   资源类别
    metadata:    元数据
      creationTimestamp: "2019-06-23T03:39:45Z"
      generateName: myapp-5bc569c47d-
      labels:
        pod-template-hash: 5bc569c47d
        run: myapp
      name: myapp-5bc569c47d-jh6qk
      namespace: default
      ownerReferences:
      - apiVersion: apps/v1
        blockOwnerDeletion: true
        controller: true
        kind: ReplicaSet
        name: myapp-5bc569c47d
        uid: 8b17b969-9568-11e9-9101-000c291028e5
      resourceVersion: "8087"
      selfLink: /api/v1/namespaces/default/pods/myapp-5bc569c47d-jh6qk
      uid: 8b1c0e97-9568-11e9-9101-000c291028e5
    spec:    规格,定义我们要创建的资源需要满足什么规范和特性(这个字段下的内容从定义之初就已经决定了pods资源启动之后的特性)
      containers:  
      - image: ikubernetes/myapp:v1   
        imagePullPolicy: IfNotPresent
        name: myapp
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: default-token-7bd8r
          readOnly: true
      dnsPolicy: ClusterFirst
      enableServiceLinks: true
      priority: 0
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: default
      serviceAccountName: default
      terminationGracePeriodSeconds: 30
      tolerations:  容忍度(污点)
      - effect: NoExecute
        key: node.kubernetes.io/not-ready
        operator: Exists
        tolerationSeconds: 300
      - effect: NoExecute
        key: node.kubernetes.io/unreachable
        operator: Exists
        tolerationSeconds: 300
      volumes:
      - name: default-token-7bd8r
        secret:
          defaultMode: 420
          secretName: default-token-7bd8r
    status:   这个字段定义了pods资源在当前的状态,上面的spec定义初始状态,status则定义当前状态(只读),如果我们定义的spec状态和后面运行的status当前状态不统一,k8s会自动把当前状态向目标状态转移或靠拢,直到满足用户期望的状态。
      conditions:
      - lastProbeTime: null
        lastTransitionTime: "2019-06-23T03:39:45Z"
        message: '0/3 nodes are available: 3 node(s) had taints that the pod didn''t tolerate.'
        reason: Unschedulable
        status: "False"
        type: PodScheduled
      phase: Pending
      qosClass: BestEffort
    [root@www .kube]#
    kubectl get pod myapp-5bc569c47d-jh6qk -o yaml

    B:Pod创建资源的方法:

    不是所有的资源都能接受yaml格式定义的资源,例如apiservice就只能接受JSON格式的资源定义,但是JSON格式在定义起来不如yaml格式的方便,如果使用yaml格式来提供配置清单,apiservice能无损切自动的江yaml格式的清单转换成JSON格式,然后提交直到运行。

    配置清单的字段组成:

    1:apiVersion(用来定义当前属于哪个组和那个版本,这个直接关系到最终提供使用的是那个版本)
    通过命令kubectl api-versions可以查看到当前所有api的版本。

    [root@www .kube]# kubectl api-versions
        k8s将api的版本都以组的形式来划分,这样我们后面如果是对版本升级,只需要对组内的版本升级即可,避免全部版本都受到影响。而且分组之后还能在一个组里面定义多个版本,来实现多版本并存。
        admissionregistration.k8s.io/v1beta1
        apiextensions.k8s.io/v1beta1
        apiregistration.k8s.io/v1
        apiregistration.k8s.io/v1beta1
        apps/v1
        apps/v1beta1
        apps/v1beta2
        authentication.k8s.io/v1
        authentication.k8s.io/v1beta1
        authorization.k8s.io/v1
        authorization.k8s.io/v1beta1
        autoscaling/v1
        autoscaling/v2beta1
        autoscaling/v2beta2
        在各组的版本之间还分为了稳定版本(v1),稳定版表示定义好的接口在后续不会再进行变化,万一有变化也是在已有的接口上来增加新的接口。
        非稳定版本(beta),表示定义的接口还会进行变化。
        batch/v1
        batch/v1beta1
        certificates.k8s.io/v1beta1
        coordination.k8s.io/v1
        coordination.k8s.io/v1beta1
        events.k8s.io/v1beta1
        extensions/v1beta1
        networking.k8s.io/v1
        networking.k8s.io/v1beta1
        node.k8s.io/v1beta1
        policy/v1beta1
        rbac.authorization.k8s.io/v1
        rbac.authorization.k8s.io/v1beta1
        scheduling.k8s.io/v1
        scheduling.k8s.io/v1beta1
        storage.k8s.io/v1
        storage.k8s.io/v1beta1
        v1
        [root@www .kube]#
    kubectl api-versions

    2:kind(资源类别)用来定义创建的对象是属于什么类别,是pod,service,还是deployment等对象,可以按照其固定的语法格式来自定义。

    3:metadata(元数据):
    提供以下几个字段:
      creationTimestamp: "2019-06-24T12:18:48Z"
      generateName: myweb-5b59c8b9d-
      labels: (对象标签)
        pod-template-hash: 5b59c8b9d
        run: myweb
      name: myweb-5b59c8b9d-gwzz5 (pods对象的名称,同一个类别当中的pod对象名称是唯一的,不能重复)
      namespace: default (对象所属的名称空间,同一名称空间内可以重复,这个名称空间也是k8s级别的名称空间,不和容器的名称空间混淆)
      ownerReferences:
        - apiVersion: apps/v1
        blockOwnerDeletion: true
        controller: true
        kind: ReplicaSet
        name: myweb-5b59c8b9d
        uid: 37f38f64-967a-11e9-8b4b-000c291028e5
      resourceVersion: "943"
      selfLink: /api/v1/namespaces/default/pods/myweb-5b59c8b9d-gwzz5
      uid: 37f653a6-967a-11e9-8b4b-000c291028e5
      annotations(资源注解,这个需要提前定义,默认是没有的)
    通过这些标识定义了每个资源引用的path:即/api/group/version/namespaces/名称空间/资源类别/对象名称

    4:spec (这个字段最重要,因为spec是用来定义目标状态的‘disired state’,而且资源不通导致spec所嵌套的字段也各不相同,也就因为spec重要且字段不相同,k8s在内部自建了一个spec的说明用于查询)

    5:status:(当前状态,’current state‘,这个字段有kubernetes集群来生成和维护,不能自定义,属于一个只读字段)
    spec字段的定义说明:

    [root@www kubeadm]# kubectl explain pods(通过explain参数加上资源类别就能看到该资源应该怎么定义)
        KIND:     Pod
        VERSION:  v1
    
        DESCRIPTION:
             Pod is a collection of containers that can run on a host. This resource is
             created by clients and scheduled onto hosts.
    
        FIELDS:
           apiVersion   <string>
             APIVersion defines the versioned schema of this representation of an
             object. Servers should convert recognized schemas to the latest internal
             value, and may reject unrecognized values. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
    
           kind <string>
             Kind is a string value representing the REST resource this object
             represents. Servers may infer this from the endpoint the client submits
             requests to. Cannot be updated. In CamelCase. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
    
           metadata     <Object>  在相应的字段下面只要看到Object就可以知道该字段下面是要嵌套很多二级字段的,但是二级字段我们还是不知道怎么去定义。
             Standard object's metadata. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
    
           spec <Object>
             Specification of the desired behavior of the pod. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
    
           status       <Object>
             Most recently observed status of the pod. This data may not be up to date.
             Populated by the system. Read-only. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
    
        [root@www kubeadm]# kubectl explain pods.metadata 通过资源类别加上带有Object标记的字段,我们就可以看到一级字段下二级字段的内容有那些怎么去定义等
        KIND:     Pod
        VERSION:  v1
    
        RESOURCE: metadata <Object>
    
        DESCRIPTION:
             Standard object's metadata. More info:
             https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
    
             ObjectMeta is metadata that all persisted resources must have, which
             includes all objects users must create.
    
        FIELDS:
           annotations  <map[string]string>  二级字段加上map标记代表是映射字段,其字段是有k=v数据组成的json数组
             Annotations is an unstructured key value map stored with a resource that
             may be set by external tools to store and retrieve arbitrary metadata. They
             are not queryable and should be preserved when modifying objects. More
             info: http://kubernetes.io/docs/user-guide/annotations
    
           clusterName  <string>
             The name of the cluster which the object belongs to. This is used to
             distinguish resources with same name and namespace in different clusters.
             This field is not set anywhere right now and apiserver is going to ignore
             it if set in create or update request.
    
           creationTimestamp    <string>
             .........
            ownerReferences      <[]Object>  二级字段下面还可以嵌套三级字段,和上面方法一样[root@www kubeadm]# kubectl explain pods.metadata.ownerReferences,通过加上不同级别的字段名称来看下字段下的内容,而且前面的[]号代表对象列表
    
        (如果字段后面加上了-required-就代表这个字段是必选字段)
        ........
    kubectl explain pods

    自定义yaml文件:

    我们在创建yaml文件的时候可以先把上面5个一级字段写下来,然后慢慢填空来完成:
    apiVersion: v1
    kind: Pod
    metadata:
      name: pod-number 而且这个位置的名字好像不支持大写字母
      namespace: default
      labels: #这个位置可以使用{key:value,key:value.....}kv之间逗号隔开
        app: myweb 注意这个位置的名字和下面创建image的时候的名字一致
        tier: Not outside
    spec:
      containers:
      - name: myweb
      image: ikubernetes/myapp:v1
      - name: busybox #如果有多个容器,还可以多定义几个
      image: busybox:latest 因为busybox默认是启动的sh命令,我们可以给shell命令传递些参数。
      command: (["/bin/sh","-c","sleep 20"] 传递的参数可以使用[]来写,也可以用下面的形式来定义)
      - "/bin/sh"
      - "-c"
      - "echo $(date) >> /usr/share/nginx/html/index.html; sleep 5"

    [root@www TestYaml]# kubectl create -f pod-test.yaml 然后使用create参数-f去指定加载的yaml文件名
    pod/pod-number created
    [root@www TestYaml]# kubectl get pods
    NAME         READY   STATUS             RESTARTS   AGE
    pod-kk       1/1     Running            0          88s
    pod-number   1/2     CrashLoopBackOff   4          5m59s可以看到pod-number已经被创建
    kubectl create -f pod-test.yaml(从文件加载创建pods)

    我们定义了两个容器,正在运行的有一个,我们可以通过命令来查看通过yaml创建的文件的详细信息

    [root@www TestYaml]# kubectl describe pods pod-number  通过describe参数来查看pods的详细信息
    Name:               pod-number
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               www.kubernetes.node1.com/192.168.181.140  运行在哪个节点上
    Start Time:         Wed, 26 Jun 2019 21:05:36 +0800
    Labels:             app=myweb
                        tier=Not-outside
    Annotations:        <none>
    Status:             Running  可以看到名称叫myweb状态是运行中
    IP:                 10.244.1.19
    Containers:
      myweb:
        Container ID:   docker://4b213ff75852bf943adc4a4f35dfb41dd881ac10b051bd545ca00f8bdbcb9ab1
        Image:          ikubernetes/myapp:v1
        Image ID:       docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
        Port:           <none>
        Host Port:      <none>
        State:          Running
          Started:      Wed, 26 Jun 2019 21:05:41 +0800
        Ready:          True
        Restart Count:  0
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-n5fjx (ro)
      busybox:
        Container ID:  docker://e2b6b439439202e1887b3182b3155bb7e6798460be48c42edafda046ef907e8f
        Image:         busybox:latest
        Image ID:      docker-pullable://busybox@sha256:7a4d4ed96e15d6a3fe8bfedb88e95b153b93e230a96906910d57fc4a13210160
        Port:          <none>
        Host Port:     <none>
        Command:
          /bin/sh
          -c
          echo $(date) >> /usr/share/nginx/html/index.html; sleep 5
        State:          Waiting   因为我们第二个容器创建之后运行的命令是有问题的,所有状态也是显示不正常的
          Reason:       CrashLoopBackOff
        Last State:     Terminated
          Reason:       Completed
          Exit Code:    0
          Started:      Wed, 26 Jun 2019 21:27:15 +0800
          Finished:     Wed, 26 Jun 2019 21:27:20 +0800
        Ready:          False
        Restart Count:  8
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-n5fjx (ro)
    Conditions:
      Type              Status
      Initialized       True
      Ready             False
      ContainersReady   False
      PodScheduled      True
    Volumes:
      default-token-n5fjx:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-n5fjx
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:  在这个字段信息下,我们可以看到整个yaml格式创建pods的过程
      Type     Reason     Age                 From                               Message
      ----     ------     ----                ----                               -------
      Normal   Scheduled  26m                 default-scheduler                  Successfully assigned default/pod-number to www.kubernetes.node1.com
      Normal   Created    25m                 kubelet, www.kubernetes.node1.com  Created container myweb
      Normal   Pulled     25m                 kubelet, www.kubernetes.node1.com  Container image "ikubernetes/myapp:v1" already present on machine
      Normal   Started    25m                 kubelet, www.kubernetes.node1.com  Started container myweb
      Warning  Failed     25m                 kubelet, www.kubernetes.node1.com  Failed to pull image "busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/library/busybox/manifests/latest: Get https://auth.docker.io/token?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io: net/http: TLS handshake timeout
      Warning  Failed     25m (x2 over 25m)   kubelet, www.kubernetes.node1.com  Error: ErrImagePull
      Warning  Failed     25m                 kubelet, www.kubernetes.node1.com  Failed to pull image "busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout
      Warning  Failed     24m (x2 over 25m)   kubelet, www.kubernetes.node1.com  Error: ImagePullBackOff
      Normal   BackOff    24m (x2 over 25m)   kubelet, www.kubernetes.node1.com  Back-off pulling image "busybox:latest" 
      Normal   Started    24m (x2 over 24m)   kubelet, www.kubernetes.node1.com  Started container busybox
      Normal   Pulling    23m (x5 over 25m)   kubelet, www.kubernetes.node1.com  Pulling image "busybox:latest"
      Normal   Created    23m (x3 over 24m)   kubelet, www.kubernetes.node1.com  Created container busybox
      Normal   Pulled     15m (x7 over 24m)   kubelet, www.kubernetes.node1.com  Successfully pulled image "busybox:latest"
      Warning  BackOff    54s (x89 over 23m)  kubelet, www.kubernetes.node1.com  Back-off restarting failed container
    kubectl describe pods pod-number

    查看pods日志:

    因为我们创建busybox的是状态是有问题的,我们就可以通过命令来查看。

    [root@www TestYaml]# kubectl logs pod-number busybox  我们通过logs参数指定查看pods里面容器的日志
    /bin/sh: can't create /usr/share/nginx/html/index.html: nonexistent directory  可以看到报错内容,方便我们去查询容器的错误
    [root@www TestYaml]# curl 10.244.1.19  因为我们创建的myweb是正常运行,但是没有访问请求,我们自己访问下myweb制造访问请求
    Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
    [root@www TestYaml]# kubectl logs pod-number myweb
    10.244.0.0 - - [26/Jun/2019:13:41:35 +0000] "GET / HTTP/1.1" 200 65 "-" "curl/7.29.0" "-"   可以看到来自master在什么时间对myweb进行了访问
    kubectl logs pod-number busybox

    创建好的容器我们也可以和docker一样通过命令到容器里面去操作。

    [root@www TestYaml]# kubectl exec --help  可以使用exec命令来操作
    命令行格式
    Usage:
      kubectl exec POD [-c CONTAINER] -- COMMAND [args...] [options]
      注意command前面的--是固定格式
    [root@www TestYaml]# kubectl exec -it pod-number -c myweb -- /bin/sh 
    / #
    [root@www TestYaml]# kubectl get pods
    NAME         READY   STATUS         RESTARTS   AGE
    pod-kk       1/1     Running        0          45m
    pod-number   1/2     ErrImagePull   12         49m
    exec

    基于yaml文件删除pods。

    [root@www TestYaml]# kubectl delete -f pod-test.yaml  我们在删除pods资源的时候可以基于yaml文件定义的pods资源来删除,这样我们即使删除了pods,但是yaml文件还存在,想创建随时可以create下就能出来,无需每次都run,避免人为命令行run的时候导致的问题
    pod "pod-kk" deleted
    [root@www TestYaml]# kubectl get pods    而且在基于yaml文件删除的时候发现删除的pods不在会被自动创建了,也就是说pods不在受控制器管理了,想删除随时可以删除和创建
    NAME         READY   STATUS    RESTARTS   AGE
    pod-number   1/2     Running   13         50m
    kubectl delete -f pod-test.yaml

    我们上面只是写了一个最简单yaml,其实yaml能更好的按照我们的期许或者更加可控的形式来创建pods,yaml形式大大的弥补了pods自定义这个概念,使得最大限度上pods是按照约束和规范来创建的。
    kubectl管理资源有三种方式:
    1:命令管理法;
    2:配置清单管理法(声明式);
      配置清单式好处是不言而喻的,可以随时修改和创建,极大的规避了错误的产生。
    3:通过其它命令的配置清单管理法。
    我们上面创建的pods是没有持久存储功能的,要想完成持久存储,必须脱离k8s集群节点之外的网络存储节点,这种存储节点都是具有持久存储的节点。

    C:spec下其它字段的介绍:

    我们可以通过explain一层层的从一级字段(例如spec)往下看。

    [root@www TestYaml]# kubectl explain pods.spec.containers.imagePullPolicy
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    imagePullPolicy <string>
    
    DESCRIPTION:
         Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
         if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
         More info:
         https://kubernetes.io/docs/concepts/containers/images#updating-images
    imagePullPolicy字段定义了三种镜像获取的方式,而且当对象一旦被创建之后,改字段是不被允许的。
    Always:总是去仓库里面拖镜像,而且如果镜像标签是latest,就默认从仓库获取镜像;
    Never:总是以使用本地镜像,本地没有也不会去仓库里面拖镜像;
    IfNotPresent:当本地没有才去仓库拖镜像,除了latest之外,其它的都遵循IfNotPresent模式。
    imagePullPolicy(镜像获取方式))
    [root@www TestYaml]# kubectl explain pods.spec.containers.ports
    如果是创建的对象后面需要暴露端号出去,可以一次暴露多个端口,而且每个暴露出去的端口还可以自定义名字,最后还指明暴露的端口是什么协议
    当然我们还注意的是例如对象是nginx,默认是80端口,及时在此不指定暴露的端口,默认也是暴露服务默认的端口。
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: ports <[]Object>
    
    DESCRIPTION:
         List of ports to expose from the container. Exposing a port here gives the
         system additional information about the network connections a container
         uses, but is primarily informational. Not specifying a port here DOES NOT
         prevent that port from being exposed. Any port which is listening on the
         default "0.0.0.0" address inside a container will be accessible from the
         network. Cannot be updated.
    
         ContainerPort represents a network port in a single container.
    那从实际的角度来说指定容器端口即可containerPort
    FIELDS:
       containerPort        <integer> -required-
         Number of port to expose on the pod's IP address. This must be a valid port
         number, 0 < x < 65536.
    
       hostIP       <string>
         What host IP to bind the external port to.
    
       hostPort     <integer>
         Number of port to expose on the host. If specified, this must be a valid
         port number, 0 < x < 65536. If HostNetwork is specified, this must match
         ContainerPort. Most containers do not need this.
    
       name <string>
         If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
         named port in a pod must have a unique name. Name for the port that can be
         referred to by services.
    
       protocol     <string>
         Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".  
         没有指定协议,默认是tcp的协议
     案例:
     spec:
       containers:
       - name: myweb1
         image: ikubernetes/myapp:v2
         ports:
         - name: http
           containerPort: 80   可以一次暴露多个端口
         - name: https
           containerPort: 443
    ports(pods端口暴露)
    [root@www TestYaml]# kubectl explain pods.spec.containers.args  
    args指默认向command(命令)传递参数 
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    args <[]string>
    
    DESCRIPTION:
         Arguments to the entrypoint. The docker image's CMD is used if this is not
         provided. Variable references $(VAR_NAME) are expanded using the
         container's environment. If a variable cannot be resolved, the reference in
         the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
         with a double $$, ie: $$(VAR_NAME). Escaped references will never be
         expanded, regardless of whether the variable exists or not. Cannot be
         updated. More info:
         https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
    [root@www TestYaml]# kubectl explain pods.spec.containers.command
    command指向要运行的对象给与默认执行的命令或者程序
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    command <[]string>
    
    DESCRIPTION:
         Entrypoint array. Not executed within a shell(默认给出的命令是不会运行在shell里面的,如果想运行在sehll里面需要自己指定  ). The docker image's
         ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
         are expanded using the container's environment. If a variable cannot be
         resolved, the reference in the input string will be unchanged. The
         $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
         Escaped references will never be expanded, regardless of whether the
         variable exists or not. Cannot be updated. More info:
         https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
    args和command

    在args和command和dockerfile里面的entypoint和cmd是存在一定关系的:
      当没有提供args和command的时候就运行镜像里面的entypoint和cmd;
      如果只提供了command,没有提供args,那镜像里面的entypoint和cmd都被忽略;
      当只定义了args,默认会将args当参数传递给entypoint,这个时候镜像里面的cmd将不再生效;
      当提供了args和command两种,镜像里面的entypoint和cmd就将失效了。

    标签:
    标签是k8s上一个重要的对象声明,标签具有以下特征:
      一个对象可以有多个标签,一个标签也可以贴在多个对象上;
      标签即可以在被创建的时候定义,也可以在创建之后来增加,修改和删除;
      以便于对象被创建之后,方便调度器做匹配度检查,从而达到目标对象。
    标签在定义的时候应该考虑到以下几个部分:
      1:对象的版本(稳定版,开发版,公测版,内存版)
      2:环境标签(测试版,开发版本)
      3:对象提供的功能(web服务,代理服务,数据库服务等等)
      4:分区标签(用户a,用户b等等)
      5:品控标签(月级定时追踪,周级定时追踪等等)
    标签的定义需要遵循:
      key:字母,数字,_,-,. 字符,且不能超过63个字符;
      value;其它和key相同,但是可以为空。

    [root@www TestYaml]# kubectl get pods --show-labels  通过参数--show-labels来查看对象标签
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-yy   1/1     Running   0          61m   app=myweb1,tier=Not-outside
    [root@www TestYaml]# kubectl get pods -L app   加-L参数值过滤查询对象标签的值
    NAME     READY   STATUS    RESTARTS   AGE     APP
    pod-kk   1/1     Running   1          2m57s   mypod01
    pod-yy   1/1     Running   0          66m     myweb1
    [root@www TestYaml]# kubectl get pods -l app --show-labels  -l过滤查看指包含app这个标签一类的对象
    NAME     READY   STATUS    RESTARTS   AGE    LABELS
    pod-kk   1/1     Running   1          5m6s   app=mypod01,tier=Not-outside
    pod-yy   1/1     Running   0          68m    app=myweb1,tier=Not-outside
    kubectl get pods --show-labels(查看标签))
    Usage:
      kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
    [options]
    [root@www TestYaml]# kubectl label pods pod-kk edition=beta_version
    pod/pod-kk labeled
    [root@www TestYaml]# kubectl get pods pod-kk --show-labels 可以看到新的标签已经标记完成
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-kk   1/1     Running   1          11m   app=mypod01,edition=beta_version,tier=Not-outside
    给已经创建的对象打标签
    k8s的标签选择器支持两种方式来进行选择性查询:
    等值关系的标签选择器:
    支持:=,==,!=
    [root@www TestYaml]# kubectl get pods -l app=mypod01 --show-labels 等于
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-kk   1/1     Running   1          20m   app=mypod01,edition=beta_version,tier=Not-outside
    [root@www TestYaml]# kubectl get pods -l app!=mypod01 --show-labels  不等于
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-yy   1/1     Running   0          83m   app=myweb1,tier=Not-outside
    [root@www TestYaml]# kubectl get pods -l app=mypod01,edition=beta_version --show-labels  同时满足多个条件的
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-kk   1/1     Running   1          22m   app=mypod01,edition=beta_version,tier=Not-outside
    集合关系的标签选择器:
    key in (value1,value2)
    key notin (value1,value2)
    key和!key
    [root@www TestYaml]# kubectl get pods -l "edition in (beta_version)" --show-labels
    NAME     READY   STATUS    RESTARTS   AGE   LABELS
    pod-kk   1/1     Running   1          37m   app=mypod01,edition=beta_version,tier=Not-outside
    [root@www TestYaml]#
    k8s标签选择器的查询方式

    在k8s上我们很多资源都需要通过标签和标签选择器来关联其它的资源,例如pod控制器和service,针对这种资源我们通常会使用两个字段来嵌套关联其它资源
    1:matchLabesl;直接给定键值
    2:matchExpressions;基于给定的表达式来定义使用的选择器
      {key:“KEY",operator:"OPERATOR",values:[value1,value2....]}
      表示定义的key的values值基于operator来做比较,能满足即表示满足我们的需求,否则就不能满足我们的需求
      operator表示操操作符,常用的有:In,Notin,Exists(存在),NotExists(不存在)
                      使用In,Notin后面的values必须是一个非空列表
                      Exists,NotExists的valuel必须是一个空列表
    k8s上很多资源都可以打标签,例如nodes等。

    [root@www TestYaml]# kubectl get nodes --show-labels
    NAME                        STATUS   ROLES    AGE    VERSION   LABELS
                                                                   beta.kubernetes.io是前缀,这个前缀是dns域名
    www.kubernetes.master.com   Ready    master   142m   v1.14.1   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=www.kubernetes.master.com,kubernetes.io/os=linux,node-role.kubernetes.io/master=
    www.kubernetes.node1.com    Ready    <none>   140m   v1.14.3   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=www.kubernetes.node1.com,kubernetes.io/os=linux
    www.kubernetes.node2.com    Ready    <none>   140m   v1.14.3   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=www.kubernetes.node2.com,kubernetes.io/os=linux
    [root@www TestYaml]#
    kubectl get nodes --show-labels
    nodeSelector节点选择器,可以选择pod在哪个节点上运行,这样我们可以指定该pod在哪个或者哪类节点上运行,因为我们几点资源不都是一样的,有的可能是虚拟机和云机,有的是ibm或者dell的实体机等,针对这种我们做监控也得有针对性的运行pods
    [root@www TestYaml]# kubectl explain pods.spec.nodeSelector
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    nodeSelector <map[string]string> 注意字段的类型
    
    DESCRIPTION:
         NodeSelector is a selector which must be true for the pod to fit on a node.
         Selector which must match a node's labels for the pod to be scheduled on
         that node. More info:
         https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
    spec:
       containers:
       - name: mypod01
         image: ikubernetes/myapp:v2
         ports:
         - name: http
           containerPort: 80
         - name: https
           containerPort: 443
       nodeSelector:   例如我们定义改pods只能运行在带有IBM标签的机器上,当然得事先定义带IMB的标签
           lable: IBM
    如果不想这么麻烦,我就想直接指定节点,也可以,字段是nodeName
    [root@www TestYaml]# kubectl explain pods.spec.nodeName
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    nodeName <string>
    
    DESCRIPTION:
         NodeName is a request to schedule this pod onto a specific node. If it is
         non-empty, the scheduler simply schedules this pod onto that node, assuming
         that it fits resource requirements.
    nodeSelector节点选择器
    annotations:资源注解,这个label不同的是,不能作为标签选择器的挑选机制所存在,只能为对象提供元数据,而且资源描述是没有字符限制的。当创建的大型且重要对象的适合,资源描述尤为重要。
    [root@www TestYaml]# cat pod-test.yaml
    apiVersion: v1
    kind: Pod
    metadata:
       name: pod-kk
       namespace: default
       labels:
         app: mypod01
         tier: Not-outside
       annotations:  我们定义了三个资源的描述
         creator: "Tommy"
         create_time: "2019-06-30"
         Contact_information: "baidu@163.com"
    spec:
       containers:
       - name: mypod01
         image: ikubernetes/myapp:v2
         ports:
         - name: http
           containerPort: 80
         - name: https
           containerPort: 443
       nodeSelector:
           lable: IBM
    [root@www TestYaml]# kubectl create -f pod-test.yaml
    pod/pod-kk created
    [root@www TestYaml]# kubectl describe pods pod-kk
    Name:               pod-kk
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               <none>
    Labels:             app=mypod01
                        tier=Not-outside
    Annotations:        Contact_information: baidu@163.com  可以看到Annotations的信息,但是不是安装我们定义的顺序来的,但是无关紧要。
                        create_time: 2019-06-30
                        creator: Tommy
    Status:             Pending
    IP:
    Containers:
      mypod01:
        Image:        ikubernetes/myapp:v2
        Ports:        80/TCP, 443/TCP
        Host Ports:   0/TCP, 0/TCP
        Environment:  <none>
    ..........
    annotations:资源注解

    ♣三:Pod的生命周期

    A:Pod的生命周期阶段:

    一个pods的生命周期需要经历一下几个阶段:
      1:pod被创建到运行为一个阶段;
      2:pods在被创建之后到运行为容器之前有一段的空闲时间,这个时间有可能需要给容器做一些环境的初始化。
      3:当pods被运维为容器的最开始,容器本身需要最环境的初始化,例如容器如果是nginx,nginx需要对html路径下的文件按照顺序加载等等,当然容器有开始就有结束,结束的时候对容器产生的数     据进行处理;
      4:容器在运行的过程中我们需要对容器做监控,存活性状态检测。
    pod的生命周期按照状态来划分可以分为一下几个部分:
      1:Pending(挂起),pods为什么会挂起,pods运行的时候是按照yaml文件来运行的,当节点环境不能满足pods运行就会处于挂起,也代表调度尚未完成;
      2:Running(运行)
      3:Failed(失败)
      4:Succeeded(成功)
      5:Unknown(未知状态)
      等等状态
    pods创建的过程:
    当用户创建pods的时候,这个请求会传递给apiservice,apisevice接收到请求之后会保存在etcd当中,接下来apiservice会请求scheduler来进行调度,如果调度成功了会将调度的结果保存在etcd的poids资源状态信息当中,
    被调度的节点上的kubelet会得到这个保存的状态知道有一个新任务给到自己了,kubelet拿到清单之后并启动运行这个pods,pods创建的状态对由kubelet发送给apiservice保存在etcd当中。
    pod生命周期中的重要行为,初始化容器,容器探测。
    pod的重启:

    [root@www TestYaml]# kubectl explain pods.spec.restartPolicy 
    restartPolicy用来给重启容器,当探测到容器挂了,restartPolicy会提供三种选项给用户,Always(总是重启),OnFailure(只有正常终止的才重启),Never(从不重启)
    KIND:     Pod
    VERSION:  v1
    
    FIELD:    restartPolicy <string>
    
    DESCRIPTION:
         Restart policy for all containers within the pod. One of Always, OnFailure,
         Never. Default to Always. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
    restartPolicy

    pods的重启不是我们常规理解的一旦服务退出就立马重启,周而复始的重启,因为每一次重启都会消耗我们的硬件资源的,如果不能合理处理这种情况,可能我们机器硬件资源就用完了,影响到其他的程序,所以pods的重启是第一次挂了立马重启,
    当第二次挂了是延时重启,每一次重启就要在上一次时间上翻倍,直到最大时长300秒,到300秒一会代表pods每一次重启都需要300秒。当pods节点没有挂或者pods没有被删除,就一直会在此节点上重启。
    pod的终止:
    pod的终止需要遵循平滑终止的策略,主要是为了保证我们的数据不会丢失,当用户或者外在因素终止了pods,pods首先会想其内部的容器发起终止信号,让pods中的容器自然终止,这个终止是有时间限制的,例如10秒,10秒没有终止,就会发起kill信号。
    这个宽限的时间默认是30秒,也可以自行定义。

    B:容器的两种探测(探针)

    liveness probe(存活性探测)和readiness probe(就绪性探测)
    容器的探测和我们生活常见的探测一样,在容器里面安装一些传感器或者探针等,来获取一些数据来作为容器是否存活或者就绪的标准,目前k8s上对两种状态的探测方式是一样的。
    三种探测(探针)类型:
    1:ExecAction
    2:TCPSocketAction(tcp套接字探测)
    3:HTTPGetAction(如果对象是http服务,我们直接发送http的请求即可达到探测目的)
    上述三种针对两种不同的状态又分为了存活性探针或者就绪性探针,还有这个探测是用来探测容器的,不是pods。

    [root@www home]# kubectl explain pod.spec.containers.livenessProbe
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: livenessProbe <Object>
    
    DESCRIPTION:
         Periodic probe of container liveness. Container will be restarted if the
         probe fails. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
         Probe describes a health check to be performed against a container to
         determine whether it is alive or ready to receive traffic.
    
    FIELDS:
       exec <Object>  第一种
         One and only one of the following should be specified. Exec specifies the
         action to take.
    
       failureThreshold     <integer>  指定探测的多少次都是失败的,才认为是失败的
         Minimum consecutive failures for the probe to be considered failed after
         having succeeded. Defaults to 3(默认是3此). Minimum value is 1.(最少是一次)
    
       httpGet      <Object> 第二种
         HTTPGet specifies the http request to perform.
    
       initialDelaySeconds  <integer>  在docker容器在启动的时候立即做探测,这个时候可能主程序还没有启动完成,这个时候探测结果有可能是失败造成误伤,在多长时间之后进行探测
         Number of seconds after the container has started before liveness probes  默认是容器一旦启动就立马探测
         are initiated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
       periodSeconds        <integer>  指定探测次数之后间隔多长时间来进行探测
         How often (in seconds) to perform the probe. Default to 10 (默认是10秒探测一次)seconds. Minimum
         value is 1.
    
       successThreshold     <integer>
         Minimum consecutive successes for the probe to be considered successful
         after having failed. Defaults to 1. Must be 1 for liveness. Minimum value
         is 1.
    
       tcpSocket    <Object>第三种
         TCPSocket specifies an action involving a TCP port. TCP hooks not yet
         supported
    
       timeoutSeconds       <integer>  指定探测间隔时间之后超时多长时间
         Number of seconds after which the probe times out. Defaults to 1(默认是1秒) second.
         Minimum value is 1. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
         上面三种探针,我们一次创建指需要定义一个足以
    livenessProbe(存活性探针)
    [root@www home]# kubectl explain pod.spec.containers.readinessProbe
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: readinessProbe <Object>  探测方式和livenessProbe一样的,但是需要分清楚两者之间的属性,程序存活不代表程序就是就绪的
    
    DESCRIPTION:
         Periodic probe of container service readiness. Container will be removed
         from service endpoints if the probe fails. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
         Probe describes a health check to be performed against a container to
         determine whether it is alive or ready to receive traffic.
    
    FIELDS:
       exec <Object>
         One and only one of the following should be specified. Exec specifies the
         action to take.
    
       failureThreshold     <integer>
         Minimum consecutive failures for the probe to be considered failed after
         having succeeded. Defaults to 3. Minimum value is 1.
    
       httpGet      <Object>
         HTTPGet specifies the http request to perform.
    
       initialDelaySeconds  <integer>
         Number of seconds after the container has started before liveness probes
         are initiated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
       periodSeconds        <integer>
         How often (in seconds) to perform the probe. Default to 10 seconds. Minimum
         value is 1.
    
       successThreshold     <integer>
         Minimum consecutive successes for the probe to be considered successful
         after having failed. Defaults to 1. Must be 1 for liveness. Minimum value
         is 1.
    
       tcpSocket    <Object>
         TCPSocket specifies an action involving a TCP port. TCP hooks not yet
         supported
    
       timeoutSeconds       <integer>
         Number of seconds after which the probe times out. Defaults to 1 second.
         Minimum value is 1. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    readinessProbe(就绪性探针)

    除了上述两种,k8s还提供了生命周期的探测。

    [root@www home]# kubectl explain pod.spec.containers.lifecycle
    这个什么周期是用来定义容器启动前和终止后的钩子参数的
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: lifecycle <Object>
    
    DESCRIPTION:
         Actions that the management system should take in response to container
         lifecycle events. Cannot be updated.
    
         Lifecycle describes actions that the management system should take in
         response to container lifecycle events. For the PostStart and PreStop
         lifecycle handlers, management of the container blocks until the action is
         complete, unless the container process fails, in which case the handler is
         aborted.
    
    FIELDS:
       postStart    <Object>
         PostStart is called immediately after a container is created. If the
         handler fails, the container is terminated and restarted according to its
         restart policy. Other management of the container blocks until the hook
         completes. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    
       preStop      <Object>
         PreStop is called immediately before a container is terminated due to an
         API request or management event such as liveness probe failure, preemption,
         resource contention, etc. The handler is not called if the container
         crashes or exits. The reason for termination is passed to the handler. The
         Pod's termination grace period countdown begins before the PreStop hooked
         is executed. Regardless of the outcome of the handler, the container will
         eventually terminate within the Pod's termination grace period. Other
         management of the container blocks until the hook completes or until the
         termination grace period is reached. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    exec说明:
    lifecycle(生命周期探测)
    [root@www TestYaml]# kubectl explain pod.spec.containers.livenessProbe.exec
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: exec <Object>
    
    DESCRIPTION:
         One and only one of the following should be specified. Exec specifies the
         action to take.
    
         ExecAction describes a "run in container" action.
    
    FIELDS:要想使用exec命令必须是容器里面程序拥有并且能执行的命令才可以
       command      <[]string>  
         Command is the command line to execute inside the container, the working
         directory for the command is root ('/') in the container's filesystem. The
         command is simply exec'd, it is not run inside a shell, so traditional
         shell instructions ('|', etc) won't work. To use a shell, you need to
         explicitly call out to that shell. Exit status of 0 is treated as
         live/healthy and non-zero is unhealthy.
    livenessProbe.exec
    [root@www TestYaml]# cat pod-test.yaml
    apiVersion: v1
    kind: Pod
    metadata:
       name: busybox-test
       namespace: default
    spec:
       containers:
       - name: busybox-test-pod
         image: busybox:latest
         command: ["bin/sh","-c","touch /home/busybox; sleep 20; mv /home/busybox /tmp/; sleep 1200"] 我们给定命令让对象启动为容器之后执行的命令
         livenessProbe:
           exec:  使用exec加上命令对这个容器运行之后创建的文件进行命令的探测
             command: ["test","-e","/home/busybox"]  
           initialDelaySeconds: 3  在容器启动后3秒才开始探测
           periodSeconds: 4 每隔4秒探测一次
    [root@www TestYaml]# kubectl create -f pod-test.yaml
    pod/busybox-test created
    [root@www TestYaml]# kubectl get pods -w
    NAME           READY   STATUS    RESTARTS   AGE
    busybox-test   1/1     Running   0          46s  可以看到pods开始是running的
    pod-kk         0/1     Pending   0          19m
    [root@www TestYaml]# kubectl describe pods busybox-test
    Name:               busybox-test
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               www.kubernetes.node1.com/192.168.181.140
    Start Time:         Mon, 01 Jul 2019 21:01:03 +0800
    Labels:             <none>
    Annotations:        <none>
    Status:             Running   容器状态是running和实际的状态相符
    IP:                 10.244.1.22
    Containers:
      busybox-test-pod:
        Container ID:  docker://dce312cf24767a597ee177cf65d83686d1cf0a12a638708eb2810e78a18ab0de
        Image:         busybox:latest
        Image ID:      docker-pullable://busybox@sha256:7a4d4ed96e15d6a3fe8bfedb88e95b153b93e230a96906910d57fc4a13210160
        Port:          <none>
        Host Port:     <none>
        Command:
          bin/sh
          -c
          touch /home/busybox; sleep 20; mv /home/busybox /tmp/; sleep 1200
        State:          Waiting
          Reason:       CrashLoopBackOff
        Last State:     Terminated  但是看到最近一次的状态是结束的
          Reason:       Error   原因是错误
          Exit Code:    137    退出的代码是137
          Started:      Mon, 01 Jul 2019 21:19:55 +0800   启动的时间 
          Finished:     Mon, 01 Jul 2019 21:20:57 +0800   完成的时间
        Ready:          False
        Restart Count:  9  已经帮忙重启了9次
        Liveness:       exec [test -e /home/busybox] delay=3s timeout=1s period=4s #success=1 #failure=3  可以看到详细的探测过程
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-npzp7 (ro)
    Conditions:
      Type              Status
      Initialized       True
      Ready             False
      ContainersReady   False
      PodScheduled      True
    Volumes:
      default-token-npzp7:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-npzp7
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type     Reason     Age                  From                               Message
      ----     ------     ----                 ----                               -------
      Normal   Scheduled  20m                  default-scheduler                  Successfully assigned default/busybox-test to www.kubernetes.node1.com
      Normal   Pulled     17m (x3 over 20m)    kubelet, www.kubernetes.node1.com  Successfully pulled image "busybox:latest"
      Normal   Created    17m (x3 over 20m)    kubelet, www.kubernetes.node1.com  Created container busybox-test-pod
      Normal   Started    17m (x3 over 20m)    kubelet, www.kubernetes.node1.com  Started container busybox-test-pod
      Warning  Unhealthy  17m (x9 over 19m)    kubelet, www.kubernetes.node1.com  Liveness probe failed:
      Normal   Killing    17m (x3 over 19m)    kubelet, www.kubernetes.node1.com  Container busybox-test-pod failed liveness probe, will be restarted
      Normal   Pulling    9m57s (x8 over 20m)  kubelet, www.kubernetes.node1.com  Pulling image "busybox:latest"
      Warning  BackOff    21s (x36 over 12m)   kubelet, www.kubernetes.node1.com  Back-off restarting failed container
    [root@www TestYaml]# kubectl get pods -w
    NAME           READY   STATUS         RESTARTS   AGE
    busybox-test   0/1     ErrImagePull   9          26m
    pod-kk         0/1     Pending        0          44m
    busybox-test   1/1     Running        10         26m
    可以看到RESTARTS的数字在变化,说明一直在帮忙重启,标记的重启次数。
    [root@www TestYaml]# kubectl get pods -w
    NAME           READY   STATUS         RESTARTS   AGE
    busybox-test   0/1     ErrImagePull   9          26m
    pod-kk         0/1     Pending        0          44m
    busybox-test   1/1     Running        10         26m
    busybox-test   0/1     ErrImagePull   10         27m
    busybox-test   0/1     CrashLoopBackOff   10         27m
    重启10次之后直接显示容器挂了
    livenessProbe.exec(案例)
    [root@www TestYaml]# kubectl explain pod.spec.containers.livenessProbe.tcpSocket
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: tcpSocket <Object>
    
    DESCRIPTION:
         TCPSocket specifies an action involving a TCP port. TCP hooks not yet
         supported
    
         TCPSocketAction describes an action based on opening a socket
    
    FIELDS:
       host <string>  必须要指定主机地址
         Optional: Host name to connect to, defaults to the pod IP.
    
       port <string> -required-  必须指定从服务的那个端口来进行探测
         Number or name of the port to access on the container. Number must be in
         the range 1 to 65535. Name must be an IANA_SVC_NAME.
    tcpSocket探测
    httpGet探测
    [root@www TestYaml]# kubectl explain pod.spec.containers.livenessProbe.httpGet  如果对象是一个http服务,你们可以直接使用httpGet来探测
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: httpGet <Object>
    
    DESCRIPTION:
         HTTPGet specifies the http request to perform.
    
         HTTPGetAction describes an action based on HTTP Get requests.
    
    FIELDS:
       host <string>
         Host name to connect to, defaults to the pod IP. You probably want to set
         "Host" in httpHeaders instead.
    
       httpHeaders  <[]Object>
         Custom headers to set in the request. HTTP allows repeated headers.
    
       path <string>   直接像执行地址和端口的url发起请求,如果返回码是200,301,302都是代表正常,其它代表错误
         Path to access on the HTTP server.
    
       port <string> -required-   
         Name or number of the port to access on the container. Number must be in
         the range 1 to 65535. Name must be an IANA_SVC_NAME.如果定义暴露的端口有指定名称,可以通过命令来访问也行
    
       scheme       <string>
         Scheme to use for connecting to the host. Defaults to HTTP.
    httpGet探测
    [root@www TestYaml]# cat http-test-pod.yaml
    apiVersion: v1
    kind: Pod
    metadata:
       name: http-test
       namespace: default
    spec:
       containers:
       - name: http-test-pod
         image: ikubernetes/myapp:v1
         ports:
         - name: myhttp
           containerPort: 80
         livenessProbe:
           httpGet:
             port: myhttp
             path: /index.html
           initialDelaySeconds: 3
           periodSeconds: 4
    [root@www TestYaml]# kubectl get pods
    NAME           READY   STATUS             RESTARTS   AGE
    busybox-test   0/1     CrashLoopBackOff   13         43m
    http-test      1/1     Running            0          12s
    pod-kk         0/1     Pending            0          61m
    [root@www TestYaml]# kubectl describe pods http-test
    Name:               http-test
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               www.kubernetes.node2.com/192.168.181.146
    Start Time:         Mon, 01 Jul 2019 21:44:04 +0800
    Labels:             <none>
    Annotations:        <none>
    Status:             Running 
    IP:                 10.244.2.6
    Containers:
      http-test-pod:
        Container ID:   docker://67693dafae6c8b5f84bd344df045dbab0d5600fac67f42bfe00d06f1bfbc8b63
        Image:          ikubernetes/myapp:v1
        Image ID:       docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
        Port:           80/TCP
        Host Port:      0/TCP
        State:          Running
          Started:      Mon, 01 Jul 2019 21:44:09 +0800
        Ready:          True
        Restart Count:  0
        Liveness:       http-get http://:myhttp/index.html delay=3s timeout=1s period=4s #success=1 #failure=3  可以看到整个探测的方式和详细的参数和参数值
                        是通过httpget的形式不断去的访问index.html这个url
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-npzp7 (ro)
    Conditions:
      Type              Status
      Initialized       True
      Ready             True
      ContainersReady   True
      PodScheduled      True
    Volumes:
      default-token-npzp7:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-npzp7
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type    Reason     Age   From                               Message
      ----    ------     ----  ----                               -------
      Normal  Scheduled  81s   default-scheduler                  Successfully assigned default/http-test to www.kubernetes.node2.com
      Normal  Pulled     77s   kubelet, www.kubernetes.node2.com  Container image "ikubernetes/myapp:v1" already present on machine
      Normal  Created    77s   kubelet, www.kubernetes.node2.com  Created container http-test-pod
      Normal  Started    76s   kubelet, www.kubernetes.node2.com  Started container http-test-pod
    我们手动进入容器把index.html文件改名字然后在查看
    [root@www TestYaml]# kubectl exec -it http-test -- /bin/sh
    / # cd /usr/share/nginx/html/
    /usr/share/nginx/html # ls
    50x.html    index.html
    /usr/share/nginx/html # mv index.html index.html.bak
    /usr/share/nginx/html # ls
    50x.html        index.html.bak
    /usr/share/nginx/html #
    [root@www TestYaml]# kubectl describe pods http-test
    Name:               http-test
    Namespace:          default
    Priority:           0
    PriorityClassName:  <none>
    Node:               www.kubernetes.node2.com/192.168.181.146
    Start Time:         Mon, 01 Jul 2019 21:44:04 +0800
    Labels:             <none>
    Annotations:        <none>
    Status:             Running
    IP:                 10.244.2.6
    Containers:
      http-test-pod:
        Container ID:   docker://850776a64342adae194fa117c6d53ca8baf1a672b33346169de8d687a16fd729
        Image:          ikubernetes/myapp:v1
        Image ID:       docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
        Port:           80/TCP
        Host Port:      0/TCP
        State:          Running
          Started:      Mon, 01 Jul 2019 21:49:41 +0800
        Last State:     Terminated
          Reason:       Completed
          Exit Code:    0
          Started:      Mon, 01 Jul 2019 21:44:09 +0800
          Finished:     Mon, 01 Jul 2019 21:49:40 +0800
        Ready:          True
        Restart Count:  1  可以看到已经在帮忙重启了一次
        Liveness:       http-get http://:myhttp/index.html delay=3s timeout=1s period=4s #success=1 #failure=3
        Environment:    <none>
        Mounts:
          /var/run/secrets/kubernetes.io/serviceaccount from default-token-npzp7 (ro)
    Conditions:
      Type              Status
      Initialized       True
      Ready             True
      ContainersReady   True
      PodScheduled      True
    Volumes:
      default-token-npzp7:
        Type:        Secret (a volume populated by a Secret)
        SecretName:  default-token-npzp7
        Optional:    false
    QoS Class:       BestEffort
    Node-Selectors:  <none>
    Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                     node.kubernetes.io/unreachable:NoExecute for 300s
    Events:
      Type     Reason     Age                  From                               Message
      ----     ------     ----                 ----                               -------
      Normal   Scheduled  6m3s                 default-scheduler                  Successfully assigned default/http-test to www.kubernetes.node2.com
      Warning  Unhealthy  27s (x3 over 35s)    kubelet, www.kubernetes.node2.com  Liveness probe failed: HTTP probe failed with statuscode: 404
      Normal   Killing    27s                  kubelet, www.kubernetes.node2.com  Container http-test-pod failed liveness probe, will be restarted
      Normal   Pulled     26s (x2 over 5m59s)  kubelet, www.kubernetes.node2.com  Container image "ikubernetes/myapp:v1" already present on machine
      Normal   Created    26s (x2 over 5m59s)  kubelet, www.kubernetes.node2.com  Created container http-test-pod
      Normal   Started    26s (x2 over 5m58s)  kubelet, www.kubernetes.node2.com  Started container http-test-pod
    [root@www TestYaml]# kubectl exec -it http-test -- /bin/sh
    / # cd /usr/share/nginx/html/
    /usr/share/nginx/html # ls
    50x.html    index.html
    /usr/share/nginx/html #
    因为我们创建的容器在重启整个环境会被重置,重置之后index.html文件又因为环境的重置恢复了
    [root@www TestYaml]# kubectl exec -it http-test -- /bin/sh
    ........
     Last State:     Terminated
          Reason:       Completed
          Exit Code:    0
          Started:      Mon, 01 Jul 2019 21:44:09 +0800
          Finished:     Mon, 01 Jul 2019 21:49:40 +0800
        Ready:          True
        Restart Count:  1
        Liveness:       http-get http://:myhttp/index.html delay=3s timeout=1s period=4s #success=1 #failure=3
        Environment:    <none>
    [root@www TestYaml]# kubectl get pods
    NAME           READY   STATUS             RESTARTS   AGE
    busybox-test   0/1     CrashLoopBackOff   15         53m
    http-test      1/1     Running            1          10m  可以看到重启的次数为1次
    pod-kk         0/1     Pending            0          71m
    [root@www TestYaml]# kubectl logs http-test http-test-pod
    10.244.2.1 - - [01/Jul/2019:13:49:44 +0000] "GET /index.html HTTP/1.1" 200 65 "-" "kube-probe/1.14" "-"
    10.244.2.1 - - [01/Jul/2019:13:49:48 +0000] "GET /index.html HTTP/1.1" 200 65 "-" "kube-probe/1.14" "-"
    10.244.2.1 - - [01/Jul/2019:13:49:52 +0000] "GET /index.html HTTP/1.1" 200 65 "-" "kube-probe/1.14" "-"
    ......
    [root@www TestYaml]# kubectl logs http-test http-test-pod | wc -l
    110  已经探测了110次了
    [root@www TestYaml]# kubectl logs http-test http-test-pod  我们再删除一次index.html,可以看到日志也提示了index.html文件不存在
    2019/07/01 13:58:24 [error] 6#6: *131 open() "/usr/share/nginx/html/index.html" failed (2: No such file or directory), client: 10.244.2.1, server: localhost, request: "GET /index.html HTTP/1.1", host: "10.244.2.6:80"
    10.244.2.1 - - [01/Jul/2019:13:58:24 +0000] "GET /index.html HTTP/1.1" 404 169 "-" "kube-probe/1.14" "-"
    .....
    重启之后又立马恢复正常
    httpGet探测(案例)

    就绪性探测逻辑和存活性探测类似,其实我们在get pods的时候也能看到容器的大致情况
    [root@www TestYaml]# kubectl get pods
    NAME    READY    STATUS    RESTARTS   AGE
    busybox-test  0/1    CrashLoopBackOff   17       61m
    http-test    1/1       Running               2      18m
    pod-kk           0/1        Pending                0      80m
    在READY下面展示的0/1,其中前面的代表几个容器已经就绪的,后面代表这个pods里面有几个容器。但是这个前面的1是容器一启动就代表就绪,但是实际上大多数情况下不代表实际的情况,所以需要去调整这个探测的时间。

                                                                    

    如上图所示,当service在调度的时候只要满足名称为web-pod条件的pod就会被自由调度,这个时候正好起了一个web-pod-003的pods,里面跑的容器和001和002一样,如果我们设置的yaml文件是容器启动就代表就绪,那此时有新用户的请求进来被service
    调度到003上,但是因为003上的容器内部的nginx和java都需要做启动前环境检测,nginx加载java文件等操作,这个操作也是会消耗时间,假如消耗时长为5秒,那这5秒之内将会有很多用户的请求将得不到内容,此种也算作生产事故。由此可见我们设定
    探测时间也变得尤为重要。

    [root@www TestYaml]# cat readiness.http-get.yaml
    apiVersion: v1
    kind: Pod
    metadata:
       name: readiness-http-test
       namespace: default
    spec:
       containers:
       - name: readiness-http-test-pod
         image: ikubernetes/myapp:v1
         ports:
         - name: http
           containerPort: 80
         readinessProbe:
           httpGet:
             port: http
             path: /index.html
           initialDelaySeconds: 3
           periodSeconds: 4[root@www TestYaml]# kubectl get pods
    NAME                  READY   STATUS    RESTARTS   AGE
    readiness-http-test   1/1     Running   0          12s
    [root@www TestYaml]# kubectl exec -it readiness-http-test -- /bin/sh
    / # cd /usr/share/nginx/html/
    /usr/share/nginx/html # rm -rf index.html  删掉主页文件
    /usr/share/nginx/html # ls
    50x.html
    /usr/share/nginx/html #
    [root@www ~]# kubectl get pods -w
    NAME                  READY   STATUS    RESTARTS   AGE
    readiness-http-test   1/1     Running   0          119s
    readiness-http-test   0/1     Running   0          2m38s  可以看到显示未就绪状态了
    
    /usr/share/nginx/html # netstat -anptu | grep 80 而此时我们的nginx还是运行的状态
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1/nginx: master pro
    tcp        0      0 10.244.1.23:80          10.244.1.1:37590        TIME_WAIT   -
    tcp        0      0 10.244.1.23:80          10.244.1.1:37586        TIME_WAIT   -
    /usr/share/nginx/html # touch index.html  我们手动touch一个index文件
    /usr/share/nginx/html # ls
    50x.html    index.html
    /usr/share/nginx/html #
    
    [root@www ~]# kubectl get pods -w
    NAME                  READY   STATUS    RESTARTS   AGE
    readiness-http-test   1/1     Running   0          119s
    readiness-http-test   0/1     Running   0          2m38s
    readiness-http-test   1/1     Running   0          6m2s   可以看到又变成就绪的状态了
    readinessProbe(就绪性探针案例)

    C:容器启动后和终止前钩子

    postStart启动后钩子

    preStop终止前钩子

    [root@www TestYaml]# kubectl explain pods.spec.containers.lifecycle
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: lifecycle <Object>
    
    DESCRIPTION:
         Actions that the management system should take in response to container
         lifecycle events. Cannot be updated.
    
         Lifecycle describes actions that the management system should take in
         response to container lifecycle events. For the PostStart and PreStop
         lifecycle handlers, management of the container blocks until the action is
         complete, unless the container process fails, in which case the handler is
         aborted.
    
    FIELDS:
       postStart    <Object>  支持启动后
         PostStart is called immediately after a container is created. If the
         handler fails, the container is terminated and restarted according to its
         restart policy. Other management of the container blocks until the hook
         completes. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    
       preStop      <Object>终止前
         PreStop is called immediately before a container is terminated due to an
         API request or management event such as liveness probe failure, preemption,
         resource contention, etc. The handler is not called if the container
         crashes or exits. The reason for termination is passed to the handler. The
         Pod's termination grace period countdown begins before the PreStop hooked
         is executed. Regardless of the outcome of the handler, the container will
         eventually terminate within the Pod's termination grace period. Other
         management of the container blocks until the hook completes or until the
         termination grace period is reached. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    [root@www TestYaml]# kubectl explain pods.spec.containers.lifecycle.postStart
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: postStart <Object>
    
    DESCRIPTION:
         PostStart is called immediately after a container is created. If the
         handler fails, the container is terminated and restarted according to its
         restart policy. Other management of the container blocks until the hook
         completes. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    
         Handler defines a specific action that should be taken
    
    FIELDS:
       exec <Object>
         One and only one of the following should be specified. Exec specifies the
         action to take.
    
       httpGet      <Object>
         HTTPGet specifies the http request to perform.
    
       tcpSocket    <Object>
         TCPSocket specifies an action involving a TCP port. TCP hooks not yet
         supported
    
    [root@www TestYaml]#
    
    [root@www TestYaml]# kubectl explain pods.spec.containers.lifecycle.preStop
    KIND:     Pod
    VERSION:  v1
    
    RESOURCE: preStop <Object>  终止前
    
    DESCRIPTION:
         PreStop is called immediately before a container is terminated due to an
         API request or management event such as liveness probe failure, preemption,
         resource contention, etc. The handler is not called if the container
         crashes or exits. The reason for termination is passed to the handler. The
         Pod's termination grace period countdown begins before the PreStop hooked
         is executed. Regardless of the outcome of the handler, the container will
         eventually terminate within the Pod's termination grace period. Other
         management of the container blocks until the hook completes or until the
         termination grace period is reached. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    
         Handler defines a specific action that should be taken
    
    FIELDS:
       exec <Object>  可以看到三种方式和上面的探针一样,其功能也类似
         One and only one of the following should be specified. Exec specifies the
         action to take.
    
       httpGet      <Object>
         HTTPGet specifies the http request to perform.
    
       tcpSocket    <Object>
         TCPSocket specifies an action involving a TCP port. TCP hooks not yet
         supported
    lifecycle

    两者都是容器的两个极端点运行之前需要执行一些命令或者操作之后才能运行和终止容器,如果这些命令和操作执行失败了,容器会终止并重启,这个重启就取决于重启策略。

  • 相关阅读:
    网站微信扫码登陆总结以及在小程序登陆两者关联和关系,vue以及uniapp
    微信扫码登陆在chrome浏览器失败,浏览器禁止重定向
    element-ui多个表单如何同时验证
    vscode中react代码提示插件
    echarts主题全局颜色定义、自定义折线颜色--彩色折线图echarts
    vue本地储存加密
    Echarts多条折线图 y轴数值与实际值不符解决方法
    vue中swiper@5.3.6使用,
    解决 swiper设置loop为true时,echarts图表不显示
    vue+nginx配置,以及nginx配置跨域
  • 原文地址:https://www.cnblogs.com/ppc-srever/p/11073171.html
Copyright © 2011-2022 走看看