一.标签
1.概述:
标签是附加到kubernets对象(比如pod)上的键值对,标签可以在创建时附加到对象,随后也可以随时添加修改;标签不支持唯一性。
在k8s中大多数资源都是通过标签进行关联的(如pod与service)
2.标签管理
· 查看资源标签
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-env 1/1 Running 0 6s <none>
· 创建标签
1.声明式创建标签
1.1编辑资源清单
[root@master demo]# cat 08-pod-nginx.yaml
apiVersion: v1
kind: Pod
metadata:name: demo-label#资源加标签labels:learn: bilibilik8s: wage
spec:containers:- name: demo-nimage: nginx:1.20.1-alpine
1.2创建查看资源(标签)
[root@master demo]# kubectl apply -f 08-pod-nginx.yaml
pod/demo-label created
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 17s k8s=wage,learn=bilibili
2.响应式创建标签
2.1给现有pod资源加一个标签
[root@master demo]# kubectl label pods demo-label time=1255
pod/demo-label labeled
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 4m11s k8s=wage,learn=bilibili,time=1255
注:响应式创建的标签,如果重新拉取pod(删除后再创建pod),标签会消失
3.删除标签
[root@master demo]# kubectl label pods demo-label time-
pod/demo-label unlabeled
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 8m2s k8s=wage,learn=bilibili
[root@master demo]#
注:声明式创建的标签(资源清单),删除后,重新拉区,标签会重新创建
4.修改标签
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 8m2s k8s=wage,learn=bilibili
[root@master demo]# kubectl label pods demo-label k8s=kubernets --overwrite
pod/demo-label labeled
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 11m k8s=kubernets,learn=bilibili
5.通过标签删除pod
[root@master demo]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
demo-label 1/1 Running 0 11m k8s=kubernets,learn=bilibili
[root@master demo]# kubectl delete pods -l k8s
pod "demo-label" deleted
[root@master demo]# kubectl get pods -o wide
No resources found in default namespace.
二.pod镜像拉取策略
· Always:对比所有镜像来源,选择时间最新的
· Never:只使用本地镜像,本地若没有,也不会去远程仓库拉取
· IfNotPresent(默认策略):先看本地,本地有选择本地,本地没有,选择远程仓库
1.编写镜像拉取策略的资源清单
[root@master demo]# cat 09-pod-pull.yaml
apiVersion: v1
kind: Pod
metadata:name: demo-pulllabels:demo: pull
spec:containers:- name: nginximage: nginx:1.20.1-alpine#设置镜像拉取策略imagePullPolicy: IfNotPresent
[root@master demo]# kubectl apply -f 09-pod-pull.yaml
pod/demo-pull created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-pull 1/1 Running 0 12s 10.100.1.30 worker1 <none> <none>
三.pod中容器的重启策略
· Always(默认值):当容器退出时(不论什么原因),自动拉起新的容器;
· Never:当容器退出时(不论什么原因),都不会重新创建拉起新的容器;
· OnFailure:当容器“意外退出”时,才会拉起新的容器;
1.容器重启
· 编写容器重启策略的资源清单
[root@master demo]# cat 10-pod-restart.yaml
apiVersion: v1
kind: Pod
metadata:name: demo-restartlabels:demo: restart
spec:#设置容器重启策略restartPolicy: Alwayscontainers:- name: nginximage: nginx:1.20.1-alpine
· 创建查看资源
[root@master demo]# kubectl apply -f 10-pod-restart.yaml
pod/demo-restart created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-restart 1/1 Running 0 10s 10.100.2.34 worker2 <none> <none>
· 在worker节点删除容器测试是否会重新拉起容器
[root@worker2 ~]# docker ps | grep "nginx"
714d17c65cef 7f18bdc92ca5 "/docker-entrypoint.…" About a minute ago Up About a minute k8s_nginx_demo-restart_default_03b7f2a9-6a09-4259-aa71-b9e5a186dc08_0
[root@worker2 ~]# docker rm -f 714d17c65cef
714d17c65cef
[root@worker2 ~]# docker ps | grep "nginx"
d4b6f0852149 7f18bdc92ca5 "/docker-entrypoint.…" 2 seconds ago Up 2 seconds k8s_nginx_demo-restart_default_03b7f2a9-6a09-4259-aa71-b9e5a186dc08_1
· master节点查看pod状态
此时,pod的restarts从0变为1
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-restart 1/1 Running 1 113s 10.100.2.34 worker2 <none> <none>
四.pod的优雅终止
在pod的删除时,系统会自动延迟30s,为了给pod处理未处理完的请求
1.编辑资源清单
[root@master demo]# cat 11-pod-stop.yaml
apiVersion: v1
kind: Pod
metadata:name: demo-stoplabels:demo: stop
spec:#pod优雅终止字段,定义延时kill信号的时间,给pod处理未完成的请求时间;#缓期多少秒时间执行;若不设置,默认是30s;terminationGracePeriodSeconds: 5containers:- name: demo-nginximage: nginx:1.20.1-alpine#定义容器的生命周期(容器启动做什么动作,容器停止前做什么动作)lifecycle:#容器启动前做什么postStart:exec:command:- "sh"- "-c"- "echo \"postStart at $(date +%F_%T)\" >> /poststart.log"#容器停止前做什么preStop:exec:command:- "sh"- "-c"- "echo \"prestop at $(date +%F_%T)\" >> /prestop.log"
2.创建查看资源
[root@master demo]# kubectl apply -f 11-pod-stop.yaml
pod/demo-stop created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-stop 1/1 Running 0 9s 10.100.1.31 worker1 <none> <none>
3.进入容器查看是否完成容器启动前置动作
[root@master demo]# kubectl exec demo-stop -it -- sh
/ # ls
bin etc mnt root sys
dev home opt run tmp
docker-entrypoint.d lib poststart.log sbin usr
docker-entrypoint.sh media proc srv var
/ # cat poststart.log
postStart at 2024-07-14_05:32:59
/ # exit
五.pod中容器的资源限制
给pod设置固定的硬件使用限制,例如cpu、磁盘、内存
CPU资源单位:Kubernetes将1CPU以1000m来表示,CPU的最小资源单位为m,1m表示千分之一CPU。通常一个容器使用的CPU配额为100m~ 300m。
1.编辑资源清单
[root@master demo]# cat 12-pod-resources.yaml
apiVersion: v1
kind: Pod
metadata:name: demo-reslabels:demo: res
spec:containers:- name: demoimage: nginx:1.20.1-alpine#设置资源限制resources:#最大资源的使用限制;最多就能用这么多的资源;limits:#2c;cpu: 2000m#限制内存memory: 40M#期望资源限制;需要宿主机预留的资源,我可以不用,但是你必须要有requests:#1ccpu: 1000m#限制内存memory: 20M
2.创建查看资源
[root@master demo]# kubectl apply -f 12-pod-resources.yaml
pod/demo-res created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-res 1/1 Running 0 8s 10.100.2.35 worker2 <none> <none>
3.查看容器的资源大小是否为设置阈值
[root@worker2 ~]# docker ps | grep demo
0a1df97e8497 7f18bdc92ca5 "/docker-entrypoint.…" 35 seconds ago Up 35 seconds k8s_demodemo-res_default_a8af141d-f1cd-4474-95d1-eb3405413cfe_0
4c204b53ce98 registry.aliyuncs.com/google_containers/pause:3.6 "/pause" 36 seconds ago Up 35 seconds k8s_POD_demo-res_default_a8af141d-f1cd-4474-95d1-eb3405413cfe_0
[root@worker2 ~]# docker stats 0a1df97e8497
六.容器类型
· 基础架构容器【pause】:运行pod中的容器时,提供容器的网络名称空间
· 初始化容器【initContainers】:
完成一些业务容器运行前的操作,如执行命令,如果初始化容器没有创建成功,将一直重启,业务容器也就无法创建出来;
它可以延后业务容器的启动时间;
1.基础架构容器pause
查看基础架构容器
[root@worker2 ~]# docker ps | grep pause
2.初始化容器initContainers
· 编辑带有初始化容器的pod资源清单
[root@master demo]# cat 13-pod-init.yaml
apiVersion: v1
kind: Pod
metadata:name: m12
spec:#声明初始化容器initContainers:- name: init-demo1image: alpine#在初始化容器中执行命令command:- "sleep"- "5"- name: init-demo2image: alpine#在初始化容器中执行命令 command:- "sleep"- "5"#业务容器containers:- name: demoinitimage: alpine#给容器一个标准输入,也就是守护进程stdin: true
·创建查看资源
[root@master demo]# kubectl apply -f 13-pod-init.yaml
pod/m12 created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m12 0/1 Init:0/2 0 12s <none> worker1 <none> <none>
·查看状态
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m12 0/1 Init:0/2 0 24s 10.100.1.32 worker1 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m12 0/1 Init:1/2 0 27s 10.100.1.32 worker1 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m12 0/1 PodInitializing 0 52s 10.100.1.32 worker1 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m12 1/1 Running 0 63s 10.100.1.32 worker1 <none> <none>
七.pod中容器的守护进程
1.创建资源清单,拉取alpine最小linux系统
[root@master demo]# cat 14-pod-dae.yaml
apiVersion: v1
kind: Pod
metadata:name: m-alpine
spec:containers:- name: c1image: alpine
2.创建查看资源
查看pod资源,发现,启动后会结束,因为没有守护进程
[root@master demo]# kubectl apply -f 14-pod-dae.yaml
pod/m-alpine created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m-alpine 0/1 ContainerCreating 0 7s <none> worker1 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m-alpine 0/1 Completed 0 19s 10.100.1.33 worker1 <none> <none>
3.修改资源清单,加入标准输入stdin
[root@master demo]# cat 14-pod-dae.yaml
apiVersion: v1
kind: Pod
metadata:name: m-alpine
spec:containers:- name: c1image: alpinestdin: true
4,再次查看pod
[root@master demo]# kubectl apply -f 14-pod-dae.yaml
pod/m-alpine created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m-alpine 0/1 ContainerCreating 0 7s <none> worker2 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m-alpine 0/1 ContainerCreating 0 17s <none> worker2 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
m-alpine 1/1 Running 0 18s 10.100.2.36 worker2 <none> <none>
5.命令方式守护进程
·command
1.编辑资源清单
[root@master demo]# cat 14-pod-dae.yaml
apiVersion: v1
kind: Pod
metadata:name: demo
spec:containers:- name: c1image: alpinecommand:- "tail"- "-f"- "/etc/hosts"
2.创建查看资源
[root@master demo]# kubectl apply -f 14-pod-dae.yaml
pod/demo created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 0/1 ContainerCreating 0 6s <none> worker2 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 1/1 Running 0 19s 10.100.2.37 worker2 <none> <none>
·args
1.编辑资源清单
[root@master demo]# cat 14-pod-dae.yaml
apiVersion: v1
kind: Pod
metadata:name: demo
spec:containers:- name: c1image: alpineargs:- "tail"- "-f"- "/etc/hosts"
2.创建查看资源
[root@master demo]# kubectl apply -f 14-pod-dae.yaml
pod/demo created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 0/1 ContainerCreating 0 5s <none> worker2 <none> <none>
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 1/1 Running 0 83s 10.100.2.38 worker2 <none> <none>
· command与args结合(Dockerfile的命令讲解)
args可以当做command的参数进行命令执行;
跟docker中的守护进程命令一样;command就类似于ENTRYPOINT;args就类似于CMD;
[root@master pod]# cat 14-pod-dae.yaml apiVersion: v1
kind: Pod
metadata:name: demo
spec:containers:- name: c1image: alpinecommand:- "tail"- "-f"args:- "/etc/hosts"
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 1/1 Running 0 83s 10.100.2.38 worker2 <none> <none>
八.pod排障之二-日志查询
1.查看pod
[root@master demo]# cat 14-pod-dae.yaml
apiVersion: v1
kind: Pod
metadata:name: demo
spec:containers:- name: demoimage: nginx:1.20.1-alpine[root@master demo]# kubectl apply -f 14-pod-dae.yaml
pod/demo created
[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo 1/1 Running 0 6s 10.100.2.39 worker2 <none> <none>
2.模拟循环访问pod
while true ;
do curl 10.100.2.39; sleep 0.5
done3.查看pod日志
[root@master demo]# kubectl logs -f demo
4.面试题
如果pod中容器发生重启,如何查看重启前的容器的log日志信息?
· 模拟容器重启
[root@worker2 ~]# docker ps | grep demo
[root@worker2 ~]# docker kill ad9a8501d12c
ad9a8501d12c
· 验证是否重新拉起容器
· 查看容器重启前,上一个容器的日志信息
-p
[root@master demo]# kubectl logs -p demo
九.进入pod容器exec与cp命令
#进入pod中容器kubectl exec pod名称 -it -- sh#拷贝容器中数据到宿主机(默认pod中第一个容器)kubectl cp pod名称:/root/demo.txt ./#拷贝宿主机数据到容器kubectl cp ./a.log pod名称:/mnt/#指定容器拷贝kubectl cp -c 容器名 pod名称:/root/demo.txt ./#pod外部执行命令[root@master pod]# kubectl exec demo -it -- ifconfig
