1.Kubernetes基础
Kubernetes是谷歌以Borg为前身,基于谷歌15年生产环境经验的基础上开源的一个项目,Kubernetes致力于提供跨主机集群的自动部署、扩展、高可用以及运行应用程序容器的平台。
1.1 Master节点:整个集群的控制中枢
- Kube-APIServer:集群的控制中枢,各个模块之间信息交互都需要经过Kube-APIServer,同时它也是集群管理、资源配置、整个集群安全机制的入口。
- Controller-Manager:集群的状态管理器,保证Pod或其他资源达到期望值,也是需要和APIServer进行通信,在需要的时候创建、更新或删除它所管理的资源。
- Scheduler:集群的调度中心,它会根据指定的一系列条件,选择一个或一批最佳的节点,然后部署我们的Pod。
- Etcd:键值数据库,报错一些集群的信息,一般生产环境中建议部署三个以上节点(奇数个)。
1.2 Node:工作节点
Worker、node节点、minion节点
-
Kubelet:负责监听节点上Pod的状态,同时负责上报节点和节点上面Pod的状态,负责与Master节点通信,并管理节点上面的Pod。
-
Kube-proxy:负责Pod之间的通信和负载均衡,将指定的流量分发到后端正确的机器上。
-
查看Kube-proxy工作模式:
[root@k8s-master01 ~]# ss -ntulp|grep kube-proxy tcp LISTEN 0 16384 *:30005 *:* users:(("kube-proxy",pid=942,fd=10)) tcp LISTEN 0 16384 127.0.0.1:10249 *:* users:(("kube-proxy",pid=942,fd=19)) tcp LISTEN 0 16384 [::]:10256 [::]:* users:(("kube-proxy",pid=942,fd=13)) [root@k8s-master01 ~]# curl 127.0.0.1:10249/proxyMode ipvs- Ipvs:监听Master节点增加和删除service以及endpoint的消息,调用Netlink接口创建相应的IPVS规则。通过IPVS规则,将流量转发至相应的Pod上。
[root@k8s-master01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.31.3.101:30005 rr-> 192.170.21.197:8443 Masq 1 0 0 TCP 192.162.55.64:30005 rr-> 192.170.21.197:8443 Masq 1 0 0 TCP 10.96.0.1:443 rr-> 172.31.3.101:6443 Masq 1 1 0 -> 172.31.3.102:6443 Masq 1 0 0 -> 172.31.3.103:6443 Masq 1 0 0 TCP 10.96.0.10:53 rr-> 192.162.55.75:53 Masq 1 0 0 TCP 10.96.0.10:9153 rr-> 192.162.55.75:9153 Masq 1 0 0 TCP 10.100.201.10:443 rr-> 192.169.111.133:4443 Masq 1 2 0 TCP 10.108.99.183:443 rr-> 192.170.21.197:8443 Masq 1 0 0 TCP 10.110.144.192:8000 rr-> 192.171.30.69:8000 Masq 1 0 0 TCP 127.0.0.1:30005 rr-> 192.170.21.197:8443 Masq 1 0 0 TCP 172.17.0.1:30005 rr-> 192.170.21.197:8443 Masq 1 0 0 UDP 10.96.0.10:53 rr-> 192.162.55.75:53 Masq 1 0 0 [root@k8s-master01 ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.110.144.192 <none> 8000/TCP 6d1h kubernetes-dashboard NodePort 10.108.99.183 <none> 443:30005/TCP 6d1h[root@k8s-master01 ~]# kubectl get pod -n kubernetes-dashboard -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dashboard-metrics-scraper-6bcc9cb649-5wrkg 1/1 Running 4 6d1h 192.171.30.69 k8s-master02.example.local <none> <none> kubernetes-dashboard-6c9dd9dbf5-zn2r9 1/1 Running 8 6d1h 192.170.21.197 k8s-node03.example.local <none> <none>- Iptables:监听Master节点增加和删除service以及endpoint的消息,对于每一个Service,他都会场景一个iptables规则,将service的clusterIP代理到后端对应的Pod。
1.3 其他组件
- Calico:符合CNI标准的网络插件,给每个Pod生成一个唯一的IP地址,并且把每个节点当做一个路由器。Cilium
- CoreDNS:用于Kubernetes集群内部Service的解析,可以让Pod把Service名称解析成IP地址,然后通过Service的IP地址进行连接到对应的应用上。
- Docker:容器引擎,负责对容器的管理。
2.kubernetes资源 namespace隔离性
[root@k8s-master01 ~]# kubectl get ns
NAME STATUS AGE
default Active 6d1h
kube-node-lease Active 6d1h
kube-public Active 6d1h
kube-system Active 6d1h
kubernetes-dashboard Active 6d1h[root@k8s-master01 ~]# kubectl get pod
No resources found in default namespace.[root@k8s-master01 ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-54856f58d-d2w69 1/1 Running 4 6d1h
calico-node-bn7xh 1/1 Running 4 6d1h
calico-node-ljzsg 1/1 Running 4 6d1h
calico-node-qf6s4 1/1 Running 4 6d1h
calico-node-qjt8d 1/1 Running 5 6d1h
calico-node-scqhn 1/1 Running 4 6d1h
calico-node-tgl59 1/1 Running 4 6d1h
coredns-847c895554-9dv47 1/1 Running 4 6d1h
metrics-server-58bcbdcdcd-wxgjq 1/1 Running 26 5d21h#clusterrole 没有namespace隔离性
[root@k8s-master01 ~]# kubectl get clusterrole
NAME CREATED AT
admin 2022-02-11T07:40:26Z
calico-kube-controllers 2022-02-11T07:43:07Z
calico-node 2022-02-11T07:43:07Z
cluster-admin 2022-02-11T07:40:26Z
edit 2022-02-11T07:40:26Z
kubernetes-dashboard 2022-02-11T07:46:15Z
system:aggregate-to-admin 2022-02-11T07:40:26Z
system:aggregate-to-edit 2022-02-11T07:40:26Z
system:aggregate-to-view 2022-02-11T07:40:26Z
system:aggregated-metrics-reader 2022-02-11T07:44:56Z
system:auth-delegator 2022-02-11T07:40:26Z
system:basic-user 2022-02-11T07:40:26Z
system:certificates.k8s.io:certificatesigningrequests:nodeclient 2022-02-11T07:40:26Z
system:certificates.k8s.io:certificatesigningrequests:selfnodeclient 2022-02-11T07:40:26Z
system:certificates.k8s.io:kube-apiserver-client-approver 2022-02-11T07:40:26Z
system:certificates.k8s.io:kube-apiserver-client-kubelet-approver 2022-02-11T07:40:26Z
system:certificates.k8s.io:kubelet-serving-approver 2022-02-11T07:40:26Z
system:certificates.k8s.io:legacy-unknown-approver 2022-02-11T07:40:26Z
system:controller:attachdetach-controller 2022-02-11T07:40:26Z
system:controller:certificate-controller 2022-02-11T07:40:27Z
system:controller:clusterrole-aggregation-controller 2022-02-11T07:40:26Z
system:controller:cronjob-controller 2022-02-11T07:40:26Z
system:controller:daemon-set-controller 2022-02-11T07:40:26Z
system:controller:deployment-controller 2022-02-11T07:40:26Z
system:controller:disruption-controller 2022-02-11T07:40:26Z
system:controller:endpoint-controller 2022-02-11T07:40:26Z
system:controller:endpointslice-controller 2022-02-11T07:40:26Z
system:controller:endpointslicemirroring-controller 2022-02-11T07:40:26Z
system:controller:expand-controller 2022-02-11T07:40:26Z
system:controller:generic-garbage-collector 2022-02-11T07:40:26Z
system:controller:horizontal-pod-autoscaler 2022-02-11T07:40:26Z
system:controller:job-controller 2022-02-11T07:40:26Z
system:controller:namespace-controller 2022-02-11T07:40:26Z
system:controller:node-controller 2022-02-11T07:40:26Z
system:controller:persistent-volume-binder 2022-02-11T07:40:26Z
system:controller:pod-garbage-collector 2022-02-11T07:40:26Z
system:controller:pv-protection-controller 2022-02-11T07:40:27Z
system:controller:pvc-protection-controller 2022-02-11T07:40:27Z
system:controller:replicaset-controller 2022-02-11T07:40:26Z
system:controller:replication-controller 2022-02-11T07:40:26Z
system:controller:resourcequota-controller 2022-02-11T07:40:26Z
system:controller:root-ca-cert-publisher 2022-02-11T07:40:27Z
system:controller:route-controller 2022-02-11T07:40:26Z
system:controller:service-account-controller 2022-02-11T07:40:27Z
system:controller:service-controller 2022-02-11T07:40:27Z
system:controller:statefulset-controller 2022-02-11T07:40:27Z
system:controller:ttl-controller 2022-02-11T07:40:27Z
system:coredns 2022-02-11T07:44:17Z
system:discovery 2022-02-11T07:40:26Z
system:heapster 2022-02-11T07:40:26Z
system:kube-aggregator 2022-02-11T07:40:26Z
system:kube-apiserver-to-kubelet 2022-02-11T07:40:33Z
system:kube-controller-manager 2022-02-11T07:40:26Z
system:kube-dns 2022-02-11T07:40:26Z
system:kube-scheduler 2022-02-11T07:40:26Z
system:kubelet-api-admin 2022-02-11T07:40:26Z
system:metrics-server 2022-02-11T07:44:56Z
system:monitoring 2022-02-11T07:40:26Z
system:node 2022-02-11T07:40:26Z
system:node-bootstrapper 2022-02-11T07:40:26Z
system:node-problem-detector 2022-02-11T07:40:26Z
system:node-proxier 2022-02-11T07:40:26Z
system:persistent-volume-provisioner 2022-02-11T07:40:26Z
system:public-info-viewer 2022-02-11T07:40:26Z
system:service-account-issuer-discovery 2022-02-11T07:40:26Z
system:volume-scheduler 2022-02-11T07:40:26Z
view 2022-02-11T07:40:26#clusterrolebindings 没有namespace隔离性
[root@k8s-master01 ~]# kubectl get clusterrolebindings
NAME ROLE AGE
admin-user ClusterRole/cluster-admin 6d1h
calico-kube-controllers ClusterRole/calico-kube-controllers 6d1h
calico-node ClusterRole/calico-node 6d1h
cluster-admin ClusterRole/cluster-admin 6d1h
kubelet-bootstrap ClusterRole/system:node-bootstrapper 6d1h
kubernetes-dashboard ClusterRole/kubernetes-dashboard 6d1h
metrics-server:system:auth-delegator ClusterRole/system:auth-delegator 6d1h
node-autoapprove-bootstrap ClusterRole/system:certificates.k8s.io:certificatesigningrequests:nodeclient 6d1h
node-autoapprove-certificate-rotation ClusterRole/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient 6d1h
system:basic-user ClusterRole/system:basic-user 6d1h
system:controller:attachdetach-controller ClusterRole/system:controller:attachdetach-controller 6d1h
system:controller:certificate-controller ClusterRole/system:controller:certificate-controller 6d1h
system:controller:clusterrole-aggregation-controller ClusterRole/system:controller:clusterrole-aggregation-controller 6d1h
system:controller:cronjob-controller ClusterRole/system:controller:cronjob-controller 6d1h
system:controller:daemon-set-controller ClusterRole/system:controller:daemon-set-controller 6d1h
system:controller:deployment-controller ClusterRole/system:controller:deployment-controller 6d1h
system:controller:disruption-controller ClusterRole/system:controller:disruption-controller 6d1h
system:controller:endpoint-controller ClusterRole/system:controller:endpoint-controller 6d1h
system:controller:endpointslice-controller ClusterRole/system:controller:endpointslice-controller 6d1h
system:controller:endpointslicemirroring-controller ClusterRole/system:controller:endpointslicemirroring-controller 6d1h
system:controller:expand-controller ClusterRole/system:controller:expand-controller 6d1h
system:controller:generic-garbage-collector ClusterRole/system:controller:generic-garbage-collector 6d1h
system:controller:horizontal-pod-autoscaler ClusterRole/system:controller:horizontal-pod-autoscaler 6d1h
system:controller:job-controller ClusterRole/system:controller:job-controller 6d1h
system:controller:namespace-controller ClusterRole/system:controller:namespace-controller 6d1h
system:controller:node-controller ClusterRole/system:controller:node-controller 6d1h
system:controller:persistent-volume-binder ClusterRole/system:controller:persistent-volume-binder 6d1h
system:controller:pod-garbage-collector ClusterRole/system:controller:pod-garbage-collector 6d1h
system:controller:pv-protection-controller ClusterRole/system:controller:pv-protection-controller 6d1h
system:controller:pvc-protection-controller ClusterRole/system:controller:pvc-protection-controller 6d1h
system:controller:replicaset-controller ClusterRole/system:controller:replicaset-controller 6d1h
system:controller:replication-controller ClusterRole/system:controller:replication-controller 6d1h
system:controller:resourcequota-controller ClusterRole/system:controller:resourcequota-controller 6d1h
system:controller:root-ca-cert-publisher ClusterRole/system:controller:root-ca-cert-publisher 6d1h
system:controller:route-controller ClusterRole/system:controller:route-controller 6d1h
system:controller:service-account-controller ClusterRole/system:controller:service-account-controller 6d1h
system:controller:service-controller ClusterRole/system:controller:service-controller 6d1h
system:controller:statefulset-controller ClusterRole/system:controller:statefulset-controller 6d1h
system:controller:ttl-controller ClusterRole/system:controller:ttl-controller 6d1h
system:coredns ClusterRole/system:coredns 6d1h
system:discovery ClusterRole/system:discovery 6d1h
system:kube-apiserver ClusterRole/system:kube-apiserver-to-kubelet 6d1h
system:kube-controller-manager ClusterRole/system:kube-controller-manager 6d1h
system:kube-dns ClusterRole/system:kube-dns 6d1h
system:kube-proxy ClusterRole/system:node-proxier 6d1h
system:kube-scheduler ClusterRole/system:kube-scheduler 6d1h
system:metrics-server ClusterRole/system:metrics-server 6d1h
system:monitoring ClusterRole/system:monitoring 6d1h
system:node ClusterRole/system:node 6d1h
system:node-proxier ClusterRole/system:node-proxier 6d1h
system:public-info-viewer ClusterRole/system:public-info-viewer 6d1h
system:service-account-issuer-discovery ClusterRole/system:service-account-issuer-discovery 6d1h
system:volume-scheduler ClusterRole/system:volume-scheduler 6d1h#storageclasses 没有namespace隔离性
[root@k8s-master01 ~]# kubectl get storageclasses
No resources found#ingressclasses 没有namespace隔离性
[root@k8s-master01 ~]# kubectl get ingressclasses
No resources found#secrets 有namespace隔离性
[root@k8s-master01 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-pspln kubernetes.io/service-account-token 3 6d2h
[root@k8s-master01 ~]# kubectl get secrets -n kube-system
NAME TYPE DATA AGE
admin-user-token-pjktc kubernetes.io/service-account-token 3 6d1h
attachdetach-controller-token-z64rj kubernetes.io/service-account-token 3 6d2h
bootstrap-signer-token-4bmz5 kubernetes.io/service-account-token 3 6d2h
bootstrap-token-c8ad9c bootstrap.kubernetes.io/token 6 6d2h
calico-etcd-secrets Opaque 3 6d1h
calico-kube-controllers-token-gd788 kubernetes.io/service-account-token 3 6d1h
calico-node-token-rk6hb kubernetes.io/service-account-token 3 6d1h
certificate-controller-token-pwzzq kubernetes.io/service-account-token 3 6d2h
clusterrole-aggregation-controller-token-9vvtk kubernetes.io/service-account-token 3 6d2h
coredns-token-6cm2z kubernetes.io/service-account-token 3 6d1h
cronjob-controller-token-db2k8 kubernetes.io/service-account-token 3 6d2h
daemon-set-controller-token-rs4nf kubernetes.io/service-account-token 3 6d2h
default-token-fn8zr kubernetes.io/service-account-token 3 6d2h
deployment-controller-token-wq522 kubernetes.io/service-account-token 3 6d2h
disruption-controller-token-sg68n kubernetes.io/service-account-token 3 6d2h
endpoint-controller-token-rvrlm kubernetes.io/service-account-token 3 6d2h
endpointslice-controller-token-zvrpj kubernetes.io/service-account-token 3 6d2h
endpointslicemirroring-controller-token-4tq8j kubernetes.io/service-account-token 3 6d2h
expand-controller-token-pclt9 kubernetes.io/service-account-token 3 6d2h
generic-garbage-collector-token-67tbc kubernetes.io/service-account-token 3 6d2h
horizontal-pod-autoscaler-token-hlc9q kubernetes.io/service-account-token 3 6d2h
job-controller-token-kzfpw kubernetes.io/service-account-token 3 6d2h
kube-proxy-token-7nbwb kubernetes.io/service-account-token 3 6d2h
metrics-server-token-qsjzj kubernetes.io/service-account-token 3 6d1h
namespace-controller-token-tgt86 kubernetes.io/service-account-token 3 6d2h
node-controller-token-gx5hd kubernetes.io/service-account-token 3 6d2h
persistent-volume-binder-token-7l585 kubernetes.io/service-account-token 3 6d2h
pod-garbage-collector-token-zx28m kubernetes.io/service-account-token 3 6d2h
pv-protection-controller-token-n6l4t kubernetes.io/service-account-token 3 6d2h
pvc-protection-controller-token-gclzz kubernetes.io/service-account-token 3 6d2h
replicaset-controller-token-c6wjj kubernetes.io/service-account-token 3 6d2h
replication-controller-token-57svl kubernetes.io/service-account-token 3 6d2h
resourcequota-controller-token-frfgw kubernetes.io/service-account-token 3 6d2h
root-ca-cert-publisher-token-l7dvv kubernetes.io/service-account-token 3 6d2h
service-account-controller-token-c6bh9 kubernetes.io/service-account-token 3 6d2h
service-controller-token-n6nhq kubernetes.io/service-account-token 3 6d2h
statefulset-controller-token-xlnx7 kubernetes.io/service-account-token 3 6d2h
token-cleaner-token-nzb4p kubernetes.io/service-account-token 3 6d2h
ttl-controller-token-vb7pj kubernetes.io/service-account-token 3 6d2h
3.什么是Pod?
Pod是Kubernetes中最小的单元,它由一组、一个或多个容器组成,每个Pod还包含了一个Pause容器,Pause容器是Pod的父容器,主要负责僵尸进程的回收管理,通过Pause容器可以使同一个Pod里面的多个容器共享存储、网络、PID、IPC等。
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
4.定义一个Pod
apiVersion: v1 # 必选,API的版本号
kind: Pod # 必选,类型Pod
metadata: # 必选,元数据name: nginx # 必选,符合RFC 1035规范的Pod名称#namespace: default # 可选,Pod所在的命名空间,不指定默认为default,可以使用-n 指定namespace labels: # 可选,标签选择器,一般用于过滤和区分Podapp: nginxrole: frontend # 可以写多个annotations: # 可选,注释列表,可以写多个app: nginx
spec: # 必选,用于定义容器的详细信息initContainers: # 初始化容器,在容器启动之前执行的一些初始化操作- command:- sh- -c- echo "I am InitContainer for init some configuration"image: busyboximagePullPolicy: IfNotPresentname: init-containercontainers: # 必选,容器列表- name: nginx # 必选,符合RFC 1035规范的容器名称image: nginx:latest # 必选,容器所用的镜像的地址imagePullPolicy: Always # 可选,镜像拉取策略,IfNotPresent:如果宿主机有这个镜像,那就不需要拉取了,Always:总是拉取,Never:不管是否存在都不拉取command: # 可选,容器启动执行的命令,command相当于docker里的ENTRYPOINT,args相当于docker里的CMD- nginx - -g- "daemon off;"workingDir: /usr/share/nginx/html # 可选,容器的工作目录volumeMounts: # 可选,存储卷配置,可以配置多个- name: webroot # 存储卷名称mountPath: /usr/share/nginx/html # 挂载目录readOnly: true # 只读ports: # 可选,容器需要暴露的端口号列表- name: http # 端口名称containerPort: 80 # 端口号protocol: TCP # 端口协议,默认TCPenv: # 可选,环境变量配置列表- name: TZ # 变量名value: Asia/Shanghai # 变量的值- name: LANGvalue: en_US.utf8resources: # 可选,资源限制和资源请求限制limits: # 最大限制设置cpu: 1000mmemory: 1024Mirequests: # 启动所需的资源cpu: 100mmemory: 512Mi
# startupProbe: # 可选,检测容器内进程是否完成启动。注意三种检查方式同时只能使用一种。
# httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。
# path: /api/successStart # 检查路径
# port: 80readinessProbe: # 可选,健康检查。注意三种检查方式同时只能使用一种。httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。path: / # 检查路径port: 80 # 监控端口livenessProbe: # 可选,健康检查#exec: # 执行容器命令检测方式#command: #- cat#- /health#httpGet: # httpGet检测方式# path: /_health # 检查路径# port: 8080# httpHeaders: # 检查的请求头# - name: end-user# value: Jason tcpSocket: # 端口检测方式port: 80initialDelaySeconds: 60 # 初始化时间timeoutSeconds: 2 # 超时时间periodSeconds: 5 # 检测间隔successThreshold: 1 # 检查成功为1次表示就绪failureThreshold: 2 # 检测失败2次表示未就绪lifecycle:postStart: # 容器创建完成后执行的指令, 可以是exec httpGet TCPSocketexec:command:- sh- -c- 'mkdir /data/ 'preStop:httpGet: path: /port: 80# exec:# command:# - sh# - -c# - sleep 9restartPolicy: Always # 可选,默认为Always:容器故障或者没有启动成功,那就自动重启该容器,Onfailure:容器以不为0的状态码终止,自动重启该容器,Never:无论何种状态,都不会重启#nodeSelector: # 可选,指定Node节点# region: subnet7imagePullSecrets: # 可选,拉取镜像使用的secret,可以配置多个- name: default-dockercfg-86258hostNetwork: false # 可选,是否为主机模式,如是,会占用主机端口volumes: # 共享存储卷列表- name: webroot # 名称,与上述对应emptyDir: {} # 挂载目录#hostPath: # 挂载本机目录# path: /etc/hosts
[root@k8s-master01 ~]# vim pod.yaml
apiVersion: v1 # 必选,API的版本号
kind: Pod # 必选,类型Pod
metadata: # 必选,元数据name: nginx # 必选,符合RFC 1035规范的Pod名称# namespace: default # 可选,Pod所在的命名空间,不指定默认为default,可以使用-n 指定namespace labels: # 可选,标签选择器,一般用于过滤和区分Podapp: nginxrole: frontend # 可以写多个annotations: # 可选,注释列表,可以写多个app: nginx
spec: # 必选,用于定义容器的详细信息
# initContainers: # 初始化容器,在容器启动之前执行的一些初始化操作
# - command:
# - sh
# - -c
# - echo "I am InitContainer for init some configuration"
# image: busybox
# imagePullPolicy: IfNotPresent
# name: init-containercontainers: # 必选,容器列表- name: nginx # 必选,符合RFC 1035规范的容器名称image: nginx:1.15.2 # 必选,容器所用的镜像的地址imagePullPolicy: IfNotPresent # 可选,镜像拉取策略, IfNotPresent: 如果宿主机有这个镜像,那就不需要拉取了. Always: 总是拉取, Never: 不管是否存储都不拉去command: # 可选,容器启动执行的命令 ENTRYPOINT, arg --> cmd- nginx - -g- "daemon off;"workingDir: /usr/share/nginx/html # 可选,容器的工作目录
# volumeMounts: # 可选,存储卷配置,可以配置多个
# - name: webroot # 存储卷名称
# mountPath: /usr/share/nginx/html # 挂载目录
# readOnly: true # 只读ports: # 可选,容器需要暴露的端口号列表- name: http # 端口名称containerPort: 80 # 端口号protocol: TCP # 端口协议,默认TCPenv: # 可选,环境变量配置列表- name: TZ # 变量名value: Asia/Shanghai # 变量的值- name: LANGvalue: en_US.utf8
# resources: # 可选,资源限制和资源请求限制
# limits: # 最大限制设置
# cpu: 1000m
# memory: 1024Mi
# requests: # 启动所需的资源
# cpu: 100m
# memory: 512Mi
# startupProbe: # 可选,检测容器内进程是否完成启动。注意三种检查方式同时只能使用一种。
# httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。
# path: /api/successStart # 检查路径
# port: 80
# readinessProbe: # 可选,健康检查。注意三种检查方式同时只能使用一种。
# httpGet: # httpGet检测方式,生产环境建议使用httpGet实现接口级健康检查,健康检查由应用程序提供。
# path: / # 检查路径
# port: 80 # 监控端口
# livenessProbe: # 可选,健康检查#exec: # 执行容器命令检测方式#command: #- cat#- /health#httpGet: # httpGet检测方式# path: /_health # 检查路径# port: 8080# httpHeaders: # 检查的请求头# - name: end-user# value: Jason
# tcpSocket: # 端口检测方式
# port: 80
# initialDelaySeconds: 60 # 初始化时间
# timeoutSeconds: 2 # 超时时间
# periodSeconds: 5 # 检测间隔
# successThreshold: 1 # 检查成功为1次表示就绪
# failureThreshold: 2 # 检测失败2次表示未就绪
# lifecycle:
# postStart: # 容器创建完成后执行的指令, 可以是exec httpGet TCPSocket
# exec:
# command:
# - sh
# - -c
# - 'mkdir /data/ '
# preStop:
# httpGet:
# path: /
# port: 80# exec:# command:# - sh# - -c# - sleep 9restartPolicy: Always # 可选,默认为Always,容器故障或者没有启动成功,那就自动该容器,Onfailure: 容器以不为0的状态终止,自动重启该容器, Never:无论何种状态,都不会重启#nodeSelector: # 可选,指定Node节点# region: subnet7
# imagePullSecrets: # 可选,拉取镜像使用的secret,可以配置多个
# - name: default-dockercfg-86258
# hostNetwork: false # 可选,是否为主机模式,如是,会占用主机端口
# volumes: # 共享存储卷列表
# - name: webroot # 名称,与上述对应
# emptyDir: {} # 挂载目录
# #hostPath: # 挂载本机目录
# # path: /etc/hosts[root@k8s-master01 ~]# kubectl create -f pod.yaml
pod/nginx created[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 39s
[root@k8s-master01 ~]# kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 0/1 ContainerCreating 0 49s app=nginx,role=frontend[root@k8s-master01 ~]# kubectl create ns ns-name
namespace/ns-name created
[root@k8s-master01 ~]# kubectl create -f pod.yaml -n ns-name
pod/nginx created
[root@k8s-master01 ~]# kubectl get pod -n ns-name
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 8s[root@k8s-master01 ~]# kubectl delete pod nginx
pod "nginx" deleted
[root@k8s-master01 ~]# kubectl delete pod nginx -n ns-name
pod "nginx" deleted
