1. Pod容器的三种重启策略
注意:k8s所谓的重启容器指的是重新创建容器
cat 07-restartPolicy.yaml
apiVersion: v1
kind: Pod
metadata:name: nginx-web-imagepullpolicy-always
spec:nodeName: k8s233.oldboyedu.com## 当容器异常退出时,始终重启容器restartPolicy: Alwayscontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 imagePullPolicy: Always command:- "sleep"- "10"
---
apiVersion: v1
kind: Pod
metadata:name: nginx-web-imagepullpolicy-onfailure
spec:nodeName: k8s233.oldboyedu.com## 当容器正常退出时不会重启容器,当容器异常退出时,会重启容器restartPolicy: OnFailurecontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 imagePullPolicy: Always command:- "sleep"- "10"
---
apiVersion: v1
kind: Pod
metadata:name: nginx-web-imagepullpolicy-never
spec:nodeName: k8s233.oldboyedu.com## 当容器退出时,始终不重启容器restartPolicy: Nevercontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 imagePullPolicy: Always command:- "sleep"- "10"
2. 如何向指定的容器传递环境变量
## 编写资源清单
apiVersion: v1
kind: Pod
metadata:name: nginx-web-env
spec:nodeName: k8s233.oldboyedu.comcontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 ##像容器传递环境变量env:## 指定变量的名称- name: SCHOOL## 指定变量的值value: oldboyedu- name: CLASSvalue: linux85- name: OLDBOYEDU_POD_NAME## 不使用自定义的变量值,而是引用别处的值valueFrom: ## 值引用某个字段fieldRef:## 指定字段的路径fieldPath: "metadata.name"- name: OLDBOUEDU_NODENAMEvalueFrom:fieldRef:fieldPath: "spec.nodeName"
3. 数据持久化之emptyDir
当我们不使用存储卷的时候
##编写资源清单
apiVersion: v1
kind: Pod
metadata:name: nginx-web-volume-emptydir-001
spec:containers:- name: nginximage: harbor.oldboyedu.com/web/nginx:1.20.1-alpine
我们将nginx改为指定的内容
我们当nginx这个容器强行终止,由于容器重启策略,容器会自动重启。
此时我们看到容器重启一次
当我们再次访问nginx的时候,显然这不是我们期望的结果。所以我们用到了数据持久化
## 编写资源清单
apiVersion: v1
kind: Pod
metadata:name: nginx-web-volume-emptydir-001
spec:##定义存储卷volumes:## 指定存储卷名称- name: data01## 指定存储卷类型位emptyDir类型## 当pod被删除时,数据会被随之删除。它的作用是:1. 对容器数据进行持久化存储,当删除容器时,数据不会丢失。 2. 可以实现同一个Pod内不同容器的数据共享emptyDir: {}containers:- name: nginximage: harbor.oldboyedu.com/web/nginx:1.20.1-alpine##指定挂载点volumeMounts:## 指定存储卷名称- name: data01## 挂载目录mountPath: /usr/share/nginx/html# volumeMounts:## 指定存储卷名称- name: data01## 挂载目录mountPath: /usr/share/nginx/html- name: alpineimage: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:- name: data01mountPath: /oldboyedu-data
4. 数据持久化之hostPath
## 编写资源清单
apiVersion: v1
kind: Pod
metadata:name: volume-hostdir-002
spec:nodeName: k8s233.oldboyedu.comvolumes:- name: linux85-data## 指定类型为宿主机存储卷,该存储卷主要用于容器访问宿主机路径的需求hostPath:## 指定存储卷路径path: /oldboyedu-datacontainers:- name: linux image: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:## 指定存储卷名称- name: linux85-data## 指定挂载点mountPath: /oldboyedu-data
查看调度的节点并创建内容
到k8s233节点创建目录并写点内容
回到master节点进入容器查看是否有内容,我们将123改为456,在回到k8s233节点查看
5. 数据持久化之nfs
## 所有节点需要安装nfs相关的软件包
yum -y install nfs-utils## k8s231节点设置共享目录
mkdir -p /oldboyedu/data/kubernetes
cat > /oldboyedu/data/kubernetes <<'EOF'
/oldboyedu/data/kubernets *(rw,no_root_squash)
EOF## 设置nfs开机自启
systemctl enable --now nfs## 检测服务的挂载信息
exportfs## 在别的节点挂载nfs并测试
mount -t nfs k8s231.oldboyedu.com:/oldboyedu/data/kubernetes /mnt/
## 编写测试文件
apiVersion: v1
kind: Pod
metadata:name: volume-nfs-001
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data## 指定存储卷类型位nfs,可以跨节点共享数据nfs:## 指定nfs服务器的地址server: 10.0.0.231## 指定nfs对外暴露的地址path: /oldboyedu/data/kubernetscontainers:- name: nginximage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinevolumeMounts:- name: datamountPath: /usr/share/nginx/html
---
apiVersion: v1
kind: Pod
metadata:name: volume-nfs-002
spec:nodeName: k8s233.oldboyedu.comvolumes:- name: datanfs:server: 10.0.0.231path: /oldboyedu/data/kubernetscontainers:- name: linux image: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:- name: datamountPath: /oldboyedu-data
6.容器的资源限制
## 编写资源清单
cat 12-nginx-resource.yaml
apiVersion: v1
kind: Pod
metadata:name: stress-002
spec:containers:- name: stressimage: jasonyin2020/oldboyedu-linux-tools:v0.1args:- "tail"- "-f"- "/etc/hosts"##对容器镜像资源限制resources:## 期望目标节点有的资源大小requests:## 要求目标节点有10G的可用内存memory: 256M## 指定cpu的核心数固定单位1core=1000mcpu: 500m##配置资源的使用上限limits:memory: 500Mcpu: 1
7. configMap的资源定义及增删改查
1. configMap数据会存储到etcd数据库中,其应用场景主要在于应用程序配置。
2. configMap支持的数据类型:
(1).键值对
(2).多行数据
3. Pod使用configMap资源有两种常见方式:
(1).变量注入
(2).数据卷挂载
定义configMap(简称cm)资源
## 编写资源清单
apiVersion: v1
kind: ConfigMap
metadata:name: config-demo
##定义cm资源的数据
data:school: oldboyeduclass: linux85## 定义多行数据my.cfg: |datadir: "/var/lib/mysql"basedir: "/usr/share/mysql"socket: "/tmp/mysql.socket"student.info: |xingzhibang: "xulingyan"xinghui: "linux"xulingyan: "xingzhibang"
8. Pod基于env环境变量引入cm资源
## 编写资源清单
cat 02-cm-env.yaml
apiVersion: v1
kind: Pod
metadata:name: nginx-web-env
spec:nodeName: k8s233.oldboyedu.comcontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 env:- name: SCHOOL_LINUX_SCOHHLvalueFrom:configMapKeyRef:## 指定configmap的keykey: school##指定config的名称name: config-demo- name: SCHOOL_LINUX_CLASSvalueFrom:configMapKeyRef:name: config-demokey: class- name: SCHOOL_LINUX_mycfgvalueFrom:configMapKeyRef:name: config-demokey: my.cfg- name: SCHOOL_LINUX_studentinfovalueFrom:configMapKeyRef:name: config-demokey: student.info
查看环境变量
9. Pod基于存储卷的方式引入cm资源
##编写资源清单
cat 03-cm-volumes.yaml
apiVersion: v1
kind: Pod
metadata:name: volume-cm-003
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data## 指定存储据的类型为configmapconfigMap:##指定configmap的名称name: config-demo##引用conconfigmap的keyitems:##指定key名称- key: student.info## 可以理解为指定文件的名称path: oldboylinux-student.infocontainers:- name: nginximage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand:- "tail"- "-f"- "/etc/hosts"volumeMounts:- name: datamountPath: /etc/nginx/nginx.conf## 当subPath的值和configMap.items.path相同时,mountPath的挂载点是一个文件而非是目录了subPath: oldboylinux-student.info
10. port的端口映射
cat 04-games-001.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-games
spec:nodeName: k8s232.oldboylinux.comvolumes:- name: dataconfigMap:name: oldboyedu-linux85items:- key: nginx.confpath: nginx.confcontainers:- name: gameimages: harbor.oldboyedu.com/oldboy-edu-games/jasonyyin2020/oldboyedu-games:v0.1volumeMounts:- name: datamountPath: /usr/local/nginx/conf/nginx.confsubPath: nginx.conf## 指定容器的端口映射相关字段ports: # 指定容器的端口号- containerPort: 80# 绑定主机的IP地址hostIP: "0.0.0.0"# 指定绑定的端口号hostPort: 88## 给该端口起一个名字name: game
11. secret资源的增删改查
cat 01-secret-demo.yaml
apiVersion: v1
kind: Secret
metadata:name: es-https
data:dataname: ZWxhc3RpYwo=password: b2xkYm95ZWR1Cg==
只显示字节,不显示具体内容
12. Pod基于env环境变量引入secret资源
cat 02-secret-env.yaml
apiVersion: v1
kind: Pod
metadata:name: nginx-web-secret
spec:nodeName: k8s233.oldboyedu.comcontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v1 env:- name: SCHOOL_LINUX_DATANAMEvalueFrom:## 指定引用的secret资源secretKeyRef:## 指定secret的名称name: es-https## 指定secret的KEYkey: dataname- name: SCHOOL_LINUX-PASSWORDvalueFrom:secretKeyRef:name: es-httpskey: password
13. Pod基于存储卷引用secret资源
cat 03-secret-volumes.yaml
apiVersion: v1
kind: Pod
metadata:name: volume-secret-004
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data## 指定存储据的类型为secretsecret:##指定secret的名称secretName: es-https##引用secret的keyitems:##指定secret名称- key: dataname## 可以暂时理解为指定文件的名称path: dataname.info- key: passwordpath: passwordcontainers:- name: nginximage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand:- "tail"- "-f"- "/etc/hosts"volumeMounts:- name: datamountPath: /oldboyedu-data# subPath: oldboylinux-student.info