pod运行应用对应字段
常用字段总结
- initContainers
- hostAliases
- imagePullSecrets
- affinity
- nodeName
- nodeSelector
- tolerations
- hostNetwork
- containers
- restartPolicy
- dnsPolicy
- imagePullPolicy
- ports
- volumeMounts
- volumes
- securityContext
- startupProbe
- livenessProbe
- readinessProbe
- resources
- lifecycle
- workingDir
- command
- args
- env
- envFrom
容器镜像拉取策略
imagePullPolicy: 容器的镜像拉取策略
- IfNotPresent 本地有镜像则使用本地镜像 本地不存在则拉取镜像
- Always 每次都会尝试拉取策略
- Never: 永不拉取 如果镜像已经存在本地 kubelet 会尝试启动容器, 否则会启动失败
案例
apiVersion: v1
kind: Pod
metadata:
name: default-pod
namespace: default
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
如果你省略了 imagePullPolicy 字段,并且容器镜像的标签是:latest, imagePullPolicy 会⾃动设置为 Always。如果你省略了 imagePullPolicy 字段,并且没有指定容器镜像的标签,imagePullPolicy 会⾃动设置为 Always。 如果你省略了imagePullPolicy 字段,并且为容器镜像指定了⾮ :latest 的标签, imagePullPolicy 就会⾃动设置为 IfNotPresent。
获取私有仓库镜像
ImagePullSecrets 拉取私有仓库中的镜像
创建一个仓库认证的secret
kubectl create secret docker-
registry aliyun !"docker-username=123qq.com -
-docker-password=123456 !"docker-server registry.cn-
huhehaote.aliyuncs.com
案例
apiVersion: v1
kind: Pod
metadata:
name: default-pod
namespace: default
spec:
imagePullSecrets:
- name: aliyun
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env 为容器内部传递变量
基本实例
apiVersion: v1
kind: Pod
metadata:
name: default-pod
namespace: default
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
env:
- name: pod_name
value: "default-pod"
ports:
- containerPort: 80
改变容器的启动命令 command & args
基本示例
apiVersion: v1
kind: Pod
metadata:
name: default-pod
namespace: default
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
command:
- /bin/bash
args:
- -c
- sleep 10 ; echo success > /root/done.txt
ports:
- containerPort: 80
指定容器的工作目录 workingDir
案例
apiVersion: v1
kind: Pod
metadata:
name: default-pod
namespace: default
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
workingDir: /tmp/
command:
- /bin/bash
args:
- -c
- sleep 10 ; echo success > /root/done.txt
ports:
- containerPort: 80
服务暴露 ports
ports ⽤于暴露 pod 对外访问的端⼝,如不指定,则⽆法通过PodIP + PodPort 访问该应⽤
containerPort <integer> -required-: 填写Pod对外暴露的端⼝(0~65535)
name <string!' 为端⼝指定⼀个名称,当服务存在多个端⼝,可以通过名称区分;
protocol <string>:指定端⼝对应的协议,有TCP,UDP,SCTP,默认不写为TCP;
应用案例
apiVersion: v1
kind: Deployment
metadata:
name: default-pod
namespace: defualt
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
pod重启策略 restartPolicy
Pod 的 spec 中包含⼀个 restartPolicy 字段,⽤来设置 Pod 中所有容器的重启策略,取值有Always、OnFailure、Never。默认值是Always。
Always:当容器出现异常退出时,kubelet 会尝试重启该容器,已恢复正常状态;(默认策略)
Never:当容器退出时,kubelet 永远不会尝试重启该容器(适合Job类⼀次性任务)
OnFailure:当容器异常退出(且退出状态码⾮0时),kubelet会尝试重启容器(适合Job类⼀次性任务)
应用案例
apiVersion: v1
kind: Deployment
metadata:
name: default-pod
namespace: defualt
labels:
app: nginx
spec:
restartPolicy: Always
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
探针配置规范
spec:
containers:
- name: ...
image: ...
livenessProbe:
exec <0bject> #命令式探针
httpGet <0bject> #httpGET类型的探针
tcpSocket <0bject> #tcp Socket类型的探针 I
initialDelaySeconds <integer> #发起初次探测请求的延后时长
periodSeconds <integer> #请求周期
timeoutSeconds <integer> #超时时长
successThreshold <integer> #成功阈值
failureThreshold <integer> #失败阈值
案例
[root@k8s-master Probe]# cat liveness-exec-damo.yaml
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-demo
namespace: default
spec:
containers:
- name: demo
image: ikubernetes/demoapp:v1.0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command: ['/bin/sh','-c','[ "$(curl -s 127.0.0.1/livez)" == "OK" ]']
initialDelaySeconds: 5 #初始化等待时间5秒后探测
timeoutSeconds: 1 #超时时间
periodSeconds: 5 #每隔5秒探测一次
$ kubectl apply -f liveness-exec-damo.yaml
$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
...
liveness-exec-demo 1/1 Running 0 76s 10.244.2.84 k8s-node2 <none> <none>
...
$ curl 10.244.2.84:/livez
OK
$ curl -X POST -d 'livez=FAIL' 10.244.2.84:/livez #能过POST修改livez值
$ curl 10.244.2.84:/livez
FAIL
$ kubectl describe pod liveness-exec-demo
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m38s default-scheduler Successfully assigned default/liveness-exec-demo to k8s-node2
Warning Unhealthy 89s (x3 over 99s) kubelet Liveness probe failed: #存活检测失败 重启容器
Normal Killing 89s kubelet Container demo failed liveness probe, will be restarted
Normal Pulled 59s (x2 over 7m33s) kubelet Container image "ikubernetes/demoapp:v1.0" already present on machine
Normal Created 59s (x2 over 7m33s) kubelet Created container demo
Normal Started 59s (x2 over 7m33s) kubelet Started container demo
$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
...
liveness-exec-demo 1/1 Running 1 9m15s 10.244.2.84 k8s-node2 <none> <none> #显示容器已重启
...
容器内部调试工具
用于记录下k8s集群中用于调试dns及网络连通性的容器工具。此工具提供了基本的网络排查指令,如curl、wget、ping、traceroute、nslookup、dig。
$ cat dns_utils.yaml # yaml文件如下
apiVersion: v1
kind: Pod
metadata:
name: dnsutils
namespace: default
spec:
containers:
- name: dnsutils
image: mydlqclub/dnsutils:1.3
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
$ kubectl apply -f dns_utils.yaml # 执行yaml文件
