Kubernetes(十二)Pod管理

  • A+
所属分类:Kubernetes

Pod是集群中最小单元,一般一个容器一个pod,也可多个容器一个pod

Pod管理

创建/查询/更新/删除

资源限制

调度约束

重启策略

健康检查

问题定位

编排pod.yaml

[root@k8s-master yaml]# vim /root/tools/yaml/pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx

创建查看pod

[root@k8s-master yaml]# kubectl create -f /root/tools/yaml/pod.yaml 
pod "nginx-pod" created
[root@k8s-master yaml]# kubectl get pods
NAME                                READY     STATUS    RESTARTS   AGE
nginx-deployment-67dccb759c-4s6zc   1/1       Running   0          48m
nginx-deployment-67dccb759c-7mf8c   1/1       Running   0          48m
nginx-deployment-67dccb759c-qjbg2   1/1       Running   0          48m
nginx-pod                           1/1       Running   0          17s

查看pod描述

kubectl describe pod nginx-pod

默认是在defaule命名空间,如果要查看指定的命名空间,通过-n查看

[root@k8s-master yaml]# kubectl get pods -n kube-system
NAME                                    READY     STATUS    RESTARTS   AGE
kubernetes-dashboard-7bfcdf76c4-gps5n   1/1       Running   2          6h

更新pod只能先删除,然后在创建

[root@k8s-master yaml]# kubectl delete -f pod.yaml 
pod "nginx-pod" deleted

删除完修改再次创建

[root@k8s-master yaml]# kubectl create -f pod.yaml

replace先删除再次进行创建

[root@k8s-master yaml]# kubectl replace -f pod.yaml --force
pod "nginx-pod" deleted
pod "nginx-pod" replaced

更新资源

[root@k8s-master yaml]# kubectl apply -f pod.yaml 
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
pod "nginx-pod" configured

资源限制

[root@k8s-master yaml]# vim pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

创建提示pod已存在可以删除再次创建

[root@k8s-master yaml]# kubectl create -f pod.yaml 
Error from server (AlreadyExists): error when creating "pod.yaml": pods "nginx-pod" already exists
[root@k8s-master yaml]# kubectl delete po/nginx-pod
pod "nginx-pod" deleted
[root@k8s-master yaml]# kubectl create -f pod.yaml 
pod "nginx-pod" created

查看pod信息,可以看到cpu和内存的限制

[root@k8s-master yaml]# kubectl describe pod/nginx-pod

分配在20.213 node节点

[root@k8s-master yaml]# kubectl get pods -o wide
NAME                                READY     STATUS    RESTARTS   AGE       IP            NODE
nginx-deployment-67dccb759c-4s6zc   1/1       Running   0          1h        172.17.5.2    192.168.20.213
nginx-deployment-67dccb759c-7mf8c   1/1       Running   0          1h        172.17.44.3   192.168.20.212
nginx-deployment-67dccb759c-qjbg2   1/1       Running   0          1h        172.17.44.2   192.168.20.212
nginx-pod                           1/1       Running   0          3m        172.17.5.4    192.168.20.213

在node节点可以看到具体的cpu、内存限制信息

[root@k8s-node02 ~]# docker ps
[root@k8s-node02 ~]# docker inspect cd576bd3349f

调度约束

比如node节点有测试环境和线上环境,可以在yaml编排的时候指定pod运行在某一个node节点;可以通过强制指定ip或者匹配lable 标签两种方式,如下:

Pod.spec.nodeName 强制约束Pod调度到指定Node节点上

Pod.spec.nodeSelector 通过lable-selector机制选择节点

查看node节点ip和版本信息

[root@k8s-master yaml]# kubectl get node
NAME             STATUS    ROLES     AGE       VERSION
192.168.20.212   Ready     <none>    22h       v1.12.5
192.168.20.213   Ready     <none>    22h       v1.12.5

编写yml文件,指定用nodeName的方式,绑定节点

[root@k8s-master yaml]# vim pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  nodeName: 192.168.20.213
#  nodeSelector:
#    env_role: dev
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

创建pod

[root@k8s-master yaml]# kubectl create -f pod.yaml 
pod "nginx-pod" created

查看pod可以看到运行在20.213节点

[root@k8s-master yaml]# kubectl get pod -o wide
NAME                                READY     STATUS    RESTARTS   AGE       IP            NODE
nginx-deployment-67dccb759c-4s6zc   1/1       Running   0          2h        172.17.5.2    192.168.20.213
nginx-deployment-67dccb759c-7mf8c   1/1       Running   0          2h        172.17.44.3   192.168.20.212
nginx-deployment-67dccb759c-qjbg2   1/1       Running   0          2h        172.17.44.2   192.168.20.212
nginx-pod                           1/1       Running   0          12s       172.17.5.4    192.168.20.213

标签创建

查看默认的node节点标签

[root@k8s-master yaml]# kubectl describe node 192.168.20.213
Name:               192.168.20.213
Roles:              <none>
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    kubernetes.io/hostname=192.168.20.213
Annotations:        node.alpha.kubernetes.io/ttl=0

为20.213节点设置一个名为dev的标签

[root@k8s-master yaml]# kubectl label nodes 192.168.20.213 evn_role=dev
node "192.168.20.213" labeled

查看node的标签 dev已创建

[root@k8s-master ~]# kubectl get nodes 192.168.20.213 --show-labels
NAME             STATUS    ROLES     AGE       VERSION   LABELS
192.168.20.213   Ready     <none>    22h       v1.12.5   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,env_role=dev,kubernetes.io/hostname=192.168.20.213

如果想删除或者修改labels标签,可以通过编辑保存

[root@k8s-master ~]# kubectl edit nodes 192.168.20.213
[root@k8s-master yaml]# vim pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod2
  labels:
    app: nginx
spec:
#  nodeName: 192.168.20.213
  nodeSelector:
    env_role: dev
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
[root@k8s-master yaml]# kubectl create -f pod.yaml

看绑定的还是20.213

[root@k8s-master yaml]# kubectl get pod -o wide
NAME                                READY     STATUS    RESTARTS   AGE       IP            NODE
nginx-deployment-67dccb759c-4s6zc   1/1       Running   0          2h        172.17.5.2    192.168.20.213
nginx-deployment-67dccb759c-7mf8c   1/1       Running   0          2h        172.17.44.3   192.168.20.212
nginx-deployment-67dccb759c-qjbg2   1/1       Running   0          2h        172.17.44.2   192.168.20.212
nginx-pod                           1/1       Running   0          30m       172.17.5.4    192.168.20.213

重启策略

三种重启策略:

Always:当容器停止,总是重建容器,默认策略。

OnFailure:当容器异常退出(退出状态码非0)时,才重启容器。

Never:当容器终止退出,从不重启容器。

[root@k8s-master yaml]# vi /root/tools/yaml/pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod2
  labels:
    app: nginx
spec:
#  nodeName: 192.168.20.213
  nodeSelector:
    env_role: dev
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
  restartPolicy: OnFailure

健康检查

https://www.kubernetes.org.cn/2362.html

https://www.cnblogs.com/cocowool/p/kubernetes_container_probe.html

查看帮助文档,可以通过官方网站doc查看具体事例

[root@k8s-master yaml]# kubectl explain pods.spec.containers

提供Probe机制,有以下两种类型:

 livenessProbe

如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。

readinessProbe

如果检查失败,Kubernetes会把Pod从service endpoints中剔除。

Probe支持以下三种检查方法

httpGet

发送HTTP请求,返回200-400范围状态码为成功。

exec

执行Shell命令返回状态码是0为成功。

tcpSocket

发起TCP Socket建立成功。

[root@k8s-master yaml]# vim pod.yaml 

apiVersion: v1
kind: Pod

metadata:
  name: nginx-pod2
  labels:
    app: nginx

spec:
#  nodeName: 192.168.20.213
  nodeSelector:
    env_role: dev
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    livenessProbe:
      httpGet:
        path: /index.html
        port: 80

    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
  restartPolicy: OnFailure

创建一个pod

[root@k8s-master yaml]# kubectl create -f pod.yaml

可以看到描述信息里,有健康检测,检测nginx的首页

[root@k8s-master yaml]# kubectl describe pod/nginx-pod2|grep Livenes
    Liveness:     http-get http://:80/index.html delay=0s timeout=1s period=10s #success=1 #failure=3

通过日志,可以看到有请求不断在请求nginx ,10秒一次

[root@k8s-master yaml]# kubectl logs pod/nginx-pod2 -f
172.17.5.1 - - [23/Jan/2019:09:45:23 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:45:33 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:45:43 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:45:53 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:03 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:13 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:23 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:33 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:43 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"
172.17.5.1 - - [23/Jan/2019:09:46:53 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "kube-probe/1.12" "-"

进入容器,删除index.html页面

[root@k8s-master yaml]# kubectl exec -it nginx-pod2 bash
root@nginx-pod:/# cd /usr/share/nginx/html
root@nginx-pod:/usr/share/nginx/html# rm index.html

查看状态events事件,检测状态404,又重新创建容器,并且启动新容器

[root@k8s-master yaml]# kubectl describe pod/nginx-pod2
Events:
  Type     Reason     Age               From                     Message
  ----     ------     ----              ----                     -------
  Normal   Scheduled  9m                default-scheduler        Successfully assigned default/nginx-pod2 to 192.168.20.213
  Warning  Unhealthy  5s (x3 over 25s)  kubelet, 192.168.20.213  Liveness probe failed: HTTP probe failed with statuscode: 404
  Normal   Pulling    4s (x2 over 9m)   kubelet, 192.168.20.213  pulling image "nginx"
  Normal   Killing    4s                kubelet, 192.168.20.213  Killing container with id docker://nginx:Container failed liveness probe.. Container will be killed and recreated.
  Normal   Pulled     2s (x2 over 9m)   kubelet, 192.168.20.213  Successfully pulled image "nginx"
  Normal   Created    2s (x2 over 9m)   kubelet, 192.168.20.213  Created container
  Normal   Started    1s (x2 over 9m)   kubelet, 192.168.20.213  Started container

可以发现restarts 变成了1

[root@k8s-master yaml]# kubectl get pod
NAME                                READY     STATUS    RESTARTS   AGE
nginx-deployment-67dccb759c-4s6zc   1/1       Running   0          3h
nginx-deployment-67dccb759c-7mf8c   1/1       Running   0          3h
nginx-deployment-67dccb759c-qjbg2   1/1       Running   0          3h
nginx-pod                           1/1       Running   0          1h
nginx-pod2                          1/1       Running   1          11m

HTTP Health Check 编排

apiVersion: v1
kind: Pod
metadata:
  labels:
    test: liveness
    app: httpd
  name: liveness-http
spec:
  containers:
  - name: liveness
    image: docker.io/httpd
    ports:
    - containerPort: 80
    livenessProbe:
      httpGet:
        path: /index.html
        port: 80
        httpHeaders:
        - name: X-Custom-Header
          value: Awesome
      initialDelaySeconds: 5
      periodSeconds: 5

TCP Socket Health Check 编排

apiVersion: v1
kind: Pod
metadata:
  labels:
    test: liveness
    app: node
  name: liveness-tcp
spec:
  containers:
  - name: goproxy
    image: docker.io/googlecontainer/goproxy:0.1
    ports:
    - containerPort: 8080
    readinessProbe:
      tcpSocket:
        port: 8080
      initialDelaySeconds: 5
      periodSeconds: 10
    livenessProbe:
      tcpSocket:
        port: 8080
      initialDelaySeconds: 15
      periodSeconds: 20

Container Exec Health Check 编排

apiVersion: v1
kind: Pod
metadata:
  labels:
    test: liveness
  name: liveness-exec
spec:
  containers:
  - name: liveness
    image: docker.io/alpine
    args:
    - /bin/sh
    - -c
    - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
    livenessProbe:
      exec:
        command:
        - cat
        - /tmp/healthy
      initialDelaySeconds: 5
      periodSeconds: 5

initialDelaySeconds: 检查开始执行的时间,以容器启动完成为起点计算

periodSeconds: 检查执行的周期,默认为10秒,最小为1秒

timeoutSeconds: 检查超时的时间,默认为1秒,最小为1秒

successThreshold: 从上次检查失败后重新认定检查成功的检查次数阈值(必须是连续成功),默认为1

failureThreshold: 从上次检查成功后认定检查失败的检查次数阈值(必须是连续失败),默认为1

httpGet的属性

host: 主机名或IP

scheme: 链接类型,HTTP或HTTPS,默认为HTTP

path: 请求路径

httpHeaders:自定义请求头

port: 请求端口

YaLei

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: