关于 Kubernetes中Pod的一些笔记(二)
【摘要】 钱比你想象的重要得多,超过20岁了就别整天活在梦里了,对于平凡的你来讲,钱就是你的尊严。
写在前面
- 学习
K8s,刚把Pod学完,整理笔记记忆 - 笔记主要是
Pod的一些基本操作,偏实战,理论很少: - 笔记内容包括:
- 创建
Pod的两种方式,相关镜像下载,重启机制 Pod的详细信息,日志、命令运行等、生命周期等- 初始化
Pod和静态Pod Pod的调度(选择器、指定节点、主机亲和性)- 节点的
coedon与drain - 节点的
taint(污点)及容忍污点(tolerations) - 部分地方使用了
ansible,但是不影响阅读
- 创建
钱比你想象的重要得多,超过20岁了就别整天活在梦里了,对于平凡的你来讲,钱就是你的尊严。
四、初始化Pod
所谓初始化pod,类比java中的构造概念,如果pod的创建命令类比java的构造函数的话,那么初始化容器即为构造块,java中构造块是在构造函数之前执行的一些语句块。初始化容器即为主容器构造前执行的一些语句
| 初始化规则: |
|---|
| 它们总是运行到完成。 |
| 每个都必须在下一个启动之前成功完成。 |
| 如果 Pod 的 Init 容器失败,Kubernetes 会不断地重启该 Pod,直到 Init 容器成功为止。然而,如果 Pod 对应的restartPolicy 为 Never,它不会重新启动。 |
| Init 容器支持应用容器的全部字段和特性,但不支持 Readiness Probe,因为它们必须在 Pod 就绪之前运行完成。 |
| 如果为一个 Pod 指定了多个 Init 容器,那些容器会按顺序一次运行一个。 每个 Init 容器必须运行成功,下一个才能够运行。 |
因为Init容器可能会被重启、重试或者重新执行,所以 Init 容器的代码应该是幂等的。特别地,被写到EmptyDirs 中文件的代码,应该对输出文件可能已经存在做好准备。 |
在 Pod 上使用 activeDeadlineSeconds,在容器上使用 livenessProbe,这样能够避免Init容器一直失败。 这就为 Init 容器活跃设置了一个期限。 |
在Pod中的每个app 和Init容器的名称必须唯一;与任何其它容器共享同一个名称,会在验证时抛出错误。 |
对 Init容器spec 的修改,被限制在容器 image字段中。 更改 Init 容器的image字段,等价于重启该Pod。 |
初始化容器在pod资源文件里 的initContainers里定义,和containers是同一级
通过初始化容器修改内核参数
创建初始化容器,这里我们通过初始化容器修改swap的一个内核参数为0,即使用交换分区频率为0
Alpine 操作系统是一个面向安全的轻型 Linux 发行版。它不同于通常 Linux 发行版,Alpine 采用了 musl libc 和 busybox 以减小系统的体积和运行时资源消耗,但功能上比 busybox 又完善的多,因此得到开源社区越来越多的青睐。在保持瘦身的同时,Alpine 还提供了自己的包管理工具 apk,可以通过 https://pkgs.alpinelinux.org/packages 网站上查询包信息,也可以直接通过 apk 命令直接查询和安装各种软件
YAML文件编写
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-init
name: pod-init
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod1-init
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
initContainers:
- image: alpine
name: init
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sbin/sysctl -w vm.swappiness=0"]
securityContext:
privileged: true
status: {}
查看系统默认值,运行pod
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$cat /proc/sys/vm/swappiness
30
创建初始化容器
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$kubectl apply -f pod_init.yaml
pod/pod-init created
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-init 1/1 Running 0 11m 10.244.70.54 vms83.liruilongs.github.io <none> <none>
pod创建成功验证一下
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$cd ..
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible 192.168.26.83 -m shell -a "cat /proc/sys/vm/swappiness"
192.168.26.83 | CHANGED | rc=0 >>
0
初始化容器和普通容器数据共享
配置文件编写
这里我们配置一个共享卷,然后再初始化容器里同步数据到普通的容器里。
pod_init1.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-init1
name: pod-init1
spec:
volumes:
- name: workdir
emptyDir: {}
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod1-init
resources: {}
volumeMounts:
- name: workdir
mountPath: "/2021"
dnsPolicy: ClusterFirst
restartPolicy: Always
initContainers:
- image: busybox
name: init
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /work-dir/liruilong.txt"]
volumeMounts:
- name: workdir
mountPath: "work-dir"
status: {}
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$kubectl apply -f pod_init1.yaml
pod/pod-init1 created
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$kubectl get pods pod-init1
NAME READY STATUS RESTARTS AGE
pod-init1 1/1 Running 0 30s
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create]
└─$kubectl exec -it pod-init1 /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "pod1-init" out of: pod1-init, init (init)
# ls
2021 boot docker-entrypoint.d etc lib media opt root sbin sys usr
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
# cd 2021;ls
liruilong.txt
#
五、静态pod
正常情况下,pod是在master上统一管理的,所谓静态pod就是,即不是由master上创建调度的,是属于node自身特的pod,在node上只要启动kubelet之后,就会自动的创建的pod。这里理解的话,结合java静态熟悉,静态方法理解,即的node节点初始化的时候需要创建的一些pod
比如 kubeadm的安装k8s的话,所以的服务都是通过容器的方式运行的。相比较二进制的方式方便很多,这里的话,那么涉及到master节点的相关组件在没有k8s环境时是如何运行,构建master节点的,这里就涉及到静态pod的问题。
工作节点创建 静态pod
工作节点查看kubelet 启动参数配置文件
| /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf |
|---|
--pod-manifest-path=/etc/kubernetes/kubelet.d |
 |
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/kubelet.d" |
mkdir -p /etc/kubernetes/kubelet.d |
首先需要在配置文件中添加加载静态pod 的yaml文件位置
先在本地改配置文件,使用ansible发送到node节点上,
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=/etc/kubernetes/kubelet.d"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$mkdir -p /etc/kubernetes/kubelet.d
修改配置后需要加载配置文件重启kubelet
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m copy -a "src=/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf dest=/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf force
=yes"
192.168.26.82 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "13994d828e831f4aa8760c2de36e100e7e255526",
"dest": "/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf",
"gid": 0,
"group": "root",
"md5sum": "0cfe0f899ea24596f95aa2e175f0dd08",
"mode": "0644",
"owner": "root",
"size": 946,
"src": "/root/.ansible/tmp/ansible-tmp-1637403640.92-32296-63660481173900/source",
"state": "file",
"uid": 0
}
192.168.26.83 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "13994d828e831f4aa8760c2de36e100e7e255526",
"dest": "/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf",
"gid": 0,
"group": "root",
"md5sum": "0cfe0f899ea24596f95aa2e175f0dd08",
"mode": "0644",
"owner": "root",
"size": 946,
"src": "/root/.ansible/tmp/ansible-tmp-1637403640.89-32297-164984088437265/source",
"state": "file",
"uid": 0
}
创建配置文件文件夹
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "mkdir -p /etc/kubernetes/kubelet.d"
192.168.26.83 | CHANGED | rc=0 >>
192.168.26.82 | CHANGED | rc=0 >>
加载配置文件
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "systemctl daemon-reload"
192.168.26.82 | CHANGED | rc=0 >>
192.168.26.83 | CHANGED | rc=0 >>
重启kubelet
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "systemctl restart kubelet"
192.168.26.83 | CHANGED | rc=0 >>
192.168.26.82 | CHANGED | rc=0 >>
现在我们需要到Node的/etc/kubernetes/kubelet.d里创建一个yaml文件,然后根据这个yaml文件,创建一个pod,这样创建出来的node,是不会接受master的管理的。我们同样使用ansible的方式来处理
配置文件编写
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat static-pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-static
name: pod-static
namespeace: default
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod-demo
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
default名称空间里创建两个静态pod
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m copy -a "src=./static-pod.yaml dest=/etc/kubernetes/kubelet.d/static-pod.yaml"
192.168.26.83 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "9b059b0acb4cd99272809d1785926092816f8771",
"dest": "/etc/kubernetes/kubelet.d/static-pod.yaml",
"gid": 0,
"group": "root",
"md5sum": "41515d4c5c116404cff9289690cdcc20",
"mode": "0644",
"owner": "root",
"size": 302,
"src": "/root/.ansible/tmp/ansible-tmp-1637474358.05-72240-139405051351544/source",
"state": "file",
"uid": 0
}
192.168.26.82 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "9b059b0acb4cd99272809d1785926092816f8771",
"dest": "/etc/kubernetes/kubelet.d/static-pod.yaml",
"gid": 0,
"group": "root",
"md5sum": "41515d4c5c116404cff9289690cdcc20",
"mode": "0644",
"owner": "root",
"size": 302,
"src": "/root/.ansible/tmp/ansible-tmp-1637474357.94-72238-185516913523170/source",
"state": "file",
"uid": 0
}
node检查一下,配置文件
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a " cat /etc/kubernetes/kubelet.d/static-pod.yaml"
192.168.26.83 | CHANGED | rc=0 >>
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-static
name: pod-static
namespeace: default
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod-demo
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
192.168.26.82 | CHANGED | rc=0 >>
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-static
name: pod-static
namespeace: default
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: pod-demo
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
查看静态pod
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get pod -n default
NAME READY STATUS RESTARTS AGE
pod-static-vms82.liruilongs.github.io 1/1 Running 0 8m17s
pod-static-vms83.liruilongs.github.io 1/1 Running 0 9m3s
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "rm -rf /etc/kubernetes/kubelet.d/static-pod.yaml"
master 节点创建pod
这里我们换一种方式创建一个pod,通过 KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml中定义的静态pod位置的方式创建pod
这里需要注意的是如果master节点是使用 --pod-manifest-path=/etc/kubernetes/kubelet.d的方式的话,k8s就会无法启动,因为--pod-manifest-path会覆盖staticPodPath: /etc/kubernetes/manifests。
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf "
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$grep static /var/lib/kubelet/config.yaml
staticPodPath: /etc/kubernetes/manifests
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
/etc/kubernetes/manifests/ 里面放着k8s环境需要的一些静态pod组件
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ls -l /etc/kubernetes/manifests/
总用量 16
-rw------- 1 root root 2284 10月 19 00:09 etcd.yaml
-rw------- 1 root root 3372 10月 19 00:10 kube-apiserver.yaml
-rw------- 1 root root 2893 10月 19 00:10 kube-controller-manager.yaml
-rw------- 1 root root 1479 10月 19 00:10 kube-scheduler.yaml
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
直接copy之前的配置文件在master节点创建静态pod,并检查
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cp static-pod.yaml /etc/kubernetes/manifests/static-pod.yaml
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get pods -n default
NAME READY STATUS RESTARTS AGE
pod-static-vms81.liruilongs.github.io 1/1 Running 0 13s
pod-static-vms82.liruilongs.github.io 1/1 Running 0 34m
pod-static-vms83.liruilongs.github.io 1/1 Running 0 35m
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$rm -rf /etc/kubernetes/manifests/static-pod.yaml
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)