深入理解Pod对象
标题:深入理解Pod对象
- Pod容器分类
- 镜像拉取策略
- 资源限制
- 重启策略
- 健康检查
- 调度约束
- 故障排查
pod
• 最小部署单元
• 一组容器的集合
• 一个Pod中的容器共享网络命名空间
• Pod是短暂的
pod分类
• Infrastructure Container:基础容器
• 维护整个Pod网络空间
• InitContainers:初始化容器
• 先于业务容器开始执行
• Containers:业务容器
• 并行启动
镜像拉取策略
• IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
• Always:每次创建 Pod 都会重新拉取一次镜像
• Never: Pod 永远不会主动拉取这个镜像
——————————————————
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers:
- name: foo
image: janedoe/awesomeapp:v1
imagePullPolicy: IfNotPresent
——————————————————
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers: - name: foo
image: janedoe/awesomeapp:v1
imagePullSecrets: - name: myregistrykey
——————————————————
标题:资源限制
Pod和Container的资源请求和限制:
• spec.containers[].resources.limits.cpu
• spec.containers[].resources.limits.memory
• spec.containers[].resources.requests.cpu
• spec.containers[].resources.requests.memory
———————————————————
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: db
image: mysql
env: - name: MYSQL_ROOT_PASSWORD
value: “password”
resources:
requests:
memory: “64Mi”
cpu: “250m”
limits:
memory: “128Mi”
cpu: “500m” - name: wp
image: wordpress
resources:
requests:
memory: “64Mi”
cpu: “250m”
limits:
memory: “128Mi”
cpu: “500m”
———————————————————
标题:重启策略(restartPolicy)
• Always:当容器终止退出后,总是重启容器,默认策略。
• OnFailure:当容器异常退出(退出状态码非0)时,才重启容器。
• Never:当容器终止退出,从不重启容器。
apiVersion: v1
kind: Pod
metadata:
name: foo
namespace: awesomeapps
spec:
containers:
- name: foo
image: janedoe/awesomeapp:v1
restartPolicy: Always
标题:健康检查(Probe)
Probe有以下两种类型:
livenessProbe
如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。
readinessProbe
如果检查失败,Kubernetes会把Pod从service endpoints中剔除。
Probe支持以下三种检查方法:
httpGet
发送HTTP请求,返回200-400范围状态码为成功。
exec
执行Shell命令返回状态码是0为成功。
tcpSocket
发起TCP Socket建立成功。
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness
name: liveness-exec
spec:
containers:
- name: liveness
image: busybox
args: - /bin/sh
- -c - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
livenessProbe:
exec:
command: - cat
- /tmp/healthy
initialDelaySeconds: 5
periodSeconds: 5
https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
标题:调度约束
• nodeName用于将Pod调度到指定的Node名称上
• nodeSelector用于将Pod调度到匹配Label的Node上
apiVersion: v1
kind: Pod
metadata:
name: pod-example
labels:
app: nginx
spec:
nodeName: 192.168.31.65
containers:
- name: nginx
image: nginx:1.15
apiVersion: v1
kind: Pod
metadata:
name: pod-example
spec:
nodeSelector:
env_role: dev
containers:
- name: nginx
image: nginx:1.15
标题:故障排查
kubectl describe TYPE/NAME
kubectl logs TYPE/NAME [-c CONTAINER]
kubectl exec POD [-c CONTAINER] – COMMAND [args…]
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/