Day05-readinessProbe探针,startupProbe探针,Pod生命周期,静态Pod,初始化容器,rc控制器的升级和回滚,rs控制器精讲
- 0、昨日内容回顾
- 1、readinessProbe可用性检查探针之exec案例
- 2、可用性检查之httpGet案例
- 3、可用性检查之tcpSocket案例
- 4、readinessProbe和livenessProbe搭配使用案例
- 5、startupProbe启动探针和其他探针的执行优先案例
- 6、初始化容器案例:
- 7、静态Pod(了解即可)
- 8、Pod的安全上下文securityContext实战
- 9、Pod的生命周期优雅的终止案例
- 10、Pod创建流程图解
- 11、rc的升级和回滚
- 12、rs的Pod控制器实战案例
0、昨日内容回顾
- harbor认证信息使用secret的资源清单编写;- 标签管理:声明式:修改资源清单。响应式:直接编写命令行参数。- 探针(Probe):LivenessProbe:- exec- httpGet- tcpSocket- 名称空间(namespace):隔离K8S集群资源。- 控制器(rc):用于控制Pod的副本数量。- 服务(services):用于暴露K8S服务。- 对内提供Pod的服务动态发现- 对外提供统一的访问入口,进行Pod的负载均衡四种类型:- ClusterIP- NodePort- ExternalName- LoadBalancer
Pod的资源清单
apiVersion: v1
kind: Pod
metadata:name: namespace:labels:
spec:hostNetwork:imagePullSecrets:- name:restartPolicy:nodeName:volumes:- name:nfs:server:path:- name:emptyDir:{}- name:hostPath:path:- ...containers:- name:image:stdin:comannd:args:ports:env:livenessProbe:exec:httpGet:tcpSocket:...volumeMounts:resources:requests:limits:imagePullPolicy:
1、readinessProbe可用性检查探针之exec案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 02-rc-readinessProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-readinessprobelabels:school: oldboyeduclass: linux85apps: rcnamespace: default
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahehobby: k8sauther: jasonyinspec:containers:- name: linux85-execimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand: - /bin/sh- -c- touch /tmp/oldboyedu-linux85-healthy; sleep 5; rm -f /tmp/oldboyedu-linux85-healthy; sleep 600# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.readinessProbe:# 使用exec的方式去做健康检查exec:# 自定义检查的命令command:- cat- /tmp/oldboyedu-linux85-healthyfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 1successThreshold: 1timeoutSeconds: 1---apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-readinessprobenamespace: defaultlabels:apps: oldboyedu-svcclass: linux85
spec:selector:hobby: k8sauther: jasonyintype: ClusterIPports:- port: 80targetPort: 80protocol: TCPclusterIP: 10.200.100.200
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 02-rc-readinessProbe.yaml
(3)查看Pod状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 0/1 Running 0 2s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 0/1 Running 0 2s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 2s
[root@k8s231.oldboyedu.com replicationcontrollers]#
(4)查看svc的状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get svc oldboyedu-linux85-web-readinessprobe
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oldboyedu-linux85-web-readinessprobe ClusterIP 10.200.100.200 <none> 80/TCP 28s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.200
IPs: 10.200.100.200
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints:
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(5)查看ep资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get ep oldboyedu-linux85-web-readinessprobe
NAME ENDPOINTS AGE
oldboyedu-linux85-web-readinessprobe 64s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: <none>
Subsets:Addresses: <none>NotReadyAddresses: 10.100.1.80,10.100.2.61,10.100.2.62Ports:Name Port Protocol---- ---- --------<unset> 80 TCPEvents: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(6)将任意2个Pod调整为就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 0/1 Running 0 100s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 0/1 Running 0 100s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 100s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-9bjr6 -- touch /tmp/oldboyedu-linux85-healthy
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-fqltq -- touch /tmp/oldboyedu-linux85-healthy
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-9bjr6 1/1 Running 0 2m4s
oldboyedu-linux85-web-rc-readinessprobe-fqltq 1/1 Running 0 2m4s
oldboyedu-linux85-web-rc-readinessprobe-p488g 0/1 Running 0 2m4s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
(7)查看ep,svc资源状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.200
IPs: 10.200.100.200
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.2.61:80,10.100.2.62:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe
Name: oldboyedu-linux85-web-readinessprobe
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:00:16Z
Subsets:Addresses: 10.100.2.61,10.100.2.62NotReadyAddresses: 10.100.1.80Ports:Name Port Protocol---- ---- --------<unset> 80 TCPEvents: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
2、可用性检查之httpGet案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 03-rc-readinessProbe-httpGet.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-readinessprobe-httpgetlabels:school: oldboyeduclass: linux85apps: rcnamespace: default
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahehobby: k8sauther: jasonyinspec:containers:- name: linux85-execimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpine# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.readinessProbe:# 使用httpGet的方式去做健康检查httpGet:# 指定访问的端口号port: 80# 检测指定的访问路径path: /index.htmlfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 1successThreshold: 1timeoutSeconds: 1---apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-readinessprobe-httpgetnamespace: defaultlabels:apps: oldboyedu-svcclass: linux85
spec:selector:hobby: k8sauther: jasonyintype: ClusterIPports:- port: 80targetPort: 80protocol: TCPclusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 03-rc-readinessProbe-httpGet.yaml
replicationcontroller/oldboyedu-linux85-web-rc-readinessprobe-httpget created
service/oldboyedu-linux85-web-readinessprobe-httpget created
[root@k8s231.oldboyedu.com replicationcontrollers]#
(3)查看就绪状态,大概是在15s之后才是就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 1/1 Running 0 25s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 25s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 25s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.220
IPs: 10.200.100.220
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.1.83:80,10.100.2.64:80,10.100.2.65:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:31:46Z
Subsets:Addresses: 10.100.1.83,10.100.2.64,10.100.2.65NotReadyAddresses: <none>Ports:Name Port Protocol---- ---- --------<unset> 80 TCPEvents: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
(4)修改其为不就绪状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 1/1 Running 0 2m3s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 2m3s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 2m3s
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 -- rm -f /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-httpget-gtrz2 0/1 Running 0 2m29s
oldboyedu-linux85-web-rc-readinessprobe-httpget-h2nkn 1/1 Running 0 2m29s
oldboyedu-linux85-web-rc-readinessprobe-httpget-pxqkz 1/1 Running 0 2m29s
[root@k8s231.oldboyedu.com replicationcontrollers]#
(5)再次查看svc和ep状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe svc oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: <none>
Selector: auther=jasonyin,hobby=k8s
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.100.220
IPs: 10.200.100.220
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.100.2.64:80,10.100.2.65:80
Session Affinity: None
Events: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]#
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl describe ep oldboyedu-linux85-web-readinessprobe-httpget
Name: oldboyedu-linux85-web-readinessprobe-httpget
Namespace: default
Labels: apps=oldboyedu-svcclass=linux85
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2023-04-18T03:33:54Z
Subsets:Addresses: 10.100.2.64,10.100.2.65NotReadyAddresses: 10.100.1.83Ports:Name Port Protocol---- ---- --------<unset> 80 TCPEvents: <none>
[root@k8s231.oldboyedu.com replicationcontrollers]#
3、可用性检查之tcpSocket案例
(1)编写资源清单
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 04-rc-readinessProbe-tcpSocket.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-readinessprobe-tcpsocketlabels:school: oldboyeduclass: linux85apps: rcnamespace: default
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahehobby: k8sauther: jasonyinspec:containers:- name: linux85-execimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand:- /bin/sh- -c- sleep 25; nginx -g "daemon off;"# 可用性检查,周期性检查服务是否可用,从而判断容器是否就绪.readinessProbe:# 使用tcpSocket的方式去做健康检查tcpSocket:port: 80failureThreshold: 3initialDelaySeconds: 15periodSeconds: 1successThreshold: 1timeoutSeconds: 1---
apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-readinessprobe-httpgetnamespace: defaultlabels:apps: oldboyedu-svcclass: linux85
spec:selector:hobby: k8sauther: jasonyintype: ClusterIPports:- port: 80targetPort: 80protocol: TCPclusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
(2)创建并查看pod状态
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl apply -f 04-rc-readinessProbe-tcpSocket.yaml
[root@k8s231.oldboyedu.com replicationcontrollers]# kubectl get pods
4、readinessProbe和livenessProbe搭配使用案例
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 05-rc-readinessProbe-livenessProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-readinessprobe-tcpsocketlabels:school: oldboyeduclass: linux85apps: rcnamespace: default
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahehobby: k8sauther: jasonyinspec:containers:- livenessProbe:httpGet:port: 80path: /index.htmlfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 1successThreshold: 1timeoutSeconds: 1name: linux85-execimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinereadinessProbe:httpGet:port: 80path: /oldboyedu.htmlfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 3successThreshold: 1timeoutSeconds: 1---apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-readinessprobe-httpgetnamespace: defaultlabels:apps: oldboyedu-svcclass: linux85
spec:selector:hobby: k8sauther: jasonyintype: ClusterIPports:- port: 80targetPort: 80protocol: TCPclusterIP: 10.200.100.220[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 0 3s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 0/1 Running 0 3s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 3s
[root@k8s231 replicationcontrollers]# kubectl exec oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz -- rm -f /usr/share/nginx/html/index.html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (9s ago) 73s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 0/1 Running 0 73s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 73s
[root@k8s231 replicationcontrollers]# vim /tmp/oldboyedu.html
<h1>style=`color: green;`>www.oldboyedu.com</h1>
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (4m28s ago) 5m32s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 1/1 Running 0 5m32s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 0/1 Running 0 5m32s
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl cp /tmp/oldboyedu.html oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc:/usr/share/nginx/html
[root@k8s231 replicationcontrollers]# kubectl get po
NAME READY STATUS RESTARTS AGE
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-f4tgz 0/1 Running 1 (5m3s ago) 6m7s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pgr5m 1/1 Running 0 6m7s
oldboyedu-linux85-web-rc-readinessprobe-tcpsocket-pkzfc 1/1 Running 0 6m7s
5、startupProbe启动探针和其他探针的执行优先案例
[root@k8s231.oldboyedu.com replicationcontrollers]# cat 06-rc-readinessProbe-livenessProbe-startupProbe.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-probelabels:school: oldboyeduclass: linux85apps: rcnamespace: default
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahehobby: k8sauther: jasonyinspec:containers:- name: linux85-execimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpine# 判断服务是否健康,若检查不通过,将Pod直接重启。livenessProbe:httpGet:port: 80path: /huozhe.htmlfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 1successThreshold: 1timeoutSeconds: 1# 判断服务是否就绪,若检查不通过,将Pod标记为未就绪状态。readinessProbe:httpGet:port: 80path: /oldboyedu.htmlfailureThreshold: 3initialDelaySeconds: 15periodSeconds: 3successThreshold: 1timeoutSeconds: 1# 启动时做检查,若检查不通过,直接杀死容器。# startupProbe探针通过后才回去执行readinessProbe和livenessProbe哟~startupProbe:httpGet:port: 80path: /start.htmlfailureThreshold: 3initialDelaySeconds: 35periodSeconds: 3successThreshold: 1timeoutSeconds: 1---apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-readinessprobe-httpgetnamespace: defaultlabels:apps: oldboyedu-svcclass: linux85
spec:selector:hobby: k8sauther: jasonyintype: ClusterIPports:- port: 80targetPort: 80protocol: TCPclusterIP: 10.200.100.220
[root@k8s231.oldboyedu.com replicationcontrollers]#
6、初始化容器案例:
[root@k8s231.oldboyedu.com pods]# cat 17-initContainers.yaml
kind: Pod
apiVersion: v1
metadata:labels:school: oldboyeduclass: linux85name: oldboyedu-linux85-initcontainers-001
spec:volumes:- name: dataemptyDir: {}# 定义初始化容器,初始化容器要在业务容器运行之前运行。# 在Pod创建时,初始化容器仅初始化一次,当容器重启时并不会触发初始化容器。# 如果每次重启容器时需要调用特定的脚本可以参考使用容器的"postStart"字段定义哟!initContainers:- name: init-data-001image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine# command: ['/bin/bash','-c',"for i in `seq 1 5`;do echo '<h1>'$i page access time at $(date +%F_%T) '</h1>' >> /data/index.html;sleep 3;done"]command: - '/bin/sh'- '-c'- "for i in `seq 1 5`;do echo '<h1>'$i page access time at $(date +%F_%T) '</h1>' >> /data/index.html;sleep 3;done"volumeMounts:- mountPath: "/data"name: data- name: init-data-002image: harbor.oldboyedu.com/web/nginx:1.20.1-alpine# command: ['/bin/sh','-c',"/bin/chmod 644 /data/* -R"]command: - '/bin/sh'- '-c'- "/bin/chmod 604 /data/* -R"volumeMounts:- mountPath: "/data"name: datacontainers:- name: mywebimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinevolumeMounts:- mountPath: "/usr/share/nginx/html"name: data[root@k8s231.oldboyedu.com pods]#
7、静态Pod(了解即可)
vim /var/lib/kubelet/config.yaml
...
staticPodPath: /etc/kubernetes/manifests
温馨提示:
(1)静态Pod是由kubelet启动时通过"staticPodPath"配置参数指定路径
(2)静态Pod创建的Pod名称会自动加上kubelet节点的主机名,比如"-k8s151.oldboyedu.com",会忽略"nodeName"字段哟;
(3)静态Pod的创建并不依赖API-Server,而是直接基于kubelet所在节点来启动Pod;
(4)静态Pod的删除只需要将其从staticPodPath指定的路径移除即可;
(5)静态Pod路径仅对Pod资源类型有效,其他类型资源将不被创建哟
(6)咱们的kubeadm部署方式就是基于静态Pod部署的哟;
8、Pod的安全上下文securityContext实战
Pod的安全上下文securityContext
kubectl explain po.spec.containers.securityContext
kubectl explain po.spec.securityContext
参考案例:
(1)编写dockerfile
[root@k8s231.oldboyedu.com securityContext]# ll
total 8
-rwxr-xr-x 1 root root 235 Apr 18 15:27 build.sh
-rw-r--r-- 1 root root 497 Apr 18 15:25 Dockerfile
[root@k8s231.oldboyedu.com securityContext]#
[root@k8s231.oldboyedu.com securityContext]# cat Dockerfile
FROM centos:7LABEL school=oldboyedu \class=linux85# RUN sed -e 's|^mirrorlist=|#mirrorlist=|g' \
# -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
# -i.bak \
# /etc/yum.repos.d/CentOS-*.repoRUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repoRUN yum -y install iptables-services net-tools && rm -rf /var/cache/yumRUN useradd -u 666 oldboyeduCMD ["tail","-f","/etc/hosts"]
[root@k8s231.oldboyedu.com securityContext]#
[root@k8s231.oldboyedu.com securityContext]# cat build.sh
#!/bin/bashdocker image build -t harbor.oldboyedu.com/tools/centos7-iptabls:v0.1 .
docker login -u admin -p 1 harbor.oldboyedu.com
docker image push harbor.oldboyedu.com/tools/centos7-iptabls:v0.1
docker logout harbor.oldboyedu.com
[root@k8s231.oldboyedu.com securityContext]#
(2)部署pod测试
[root@k8s231.oldboyedu.com pods]# cat 18-pod-securityContext.yaml
apiVersion: v1
kind: Pod
metadata:name: oldboyedu-linux85-securitycontext-004
spec:containers:- name: c1image: harbor.oldboyedu.com/tools/centos7-iptabls:v0.1# args:# - tail# - -f# - /etc/hosts# 配置Pod的安全相关属性securityContext:# 配置容器为特权容器,若配置了特权容器,可能对capabilities测试有影响哟!#privileged: true# 自定义LINUX内核特性# 推荐阅读:# https://man7.org/linux/man-pages/man7/capabilities.7.html# https://docs.docker.com/compose/compose-file/compose-file-v3/#cap_add-cap_dropcapabilities:# 添加所有的Linux内核功能add:- ALL# 移除指定Linux内核特性drop:# 代表禁用网络管理的配置,# - NET_ADMIN# 代表禁用UID和GID,表示你无法使用chown命令哟# 比如执行"useradd oldboyedu"时会创建"/home/oldboyedu"目录,并执行chown修改目录权限为"oldboyedu"用户,此时你会发现可以创建用户成功,但无法修改"/home/oldboyedu"目录的属主和属组。- CHOWN# # 代表禁用chroot命令- SYS_CHROOT# 如果容器的进程以root身份运行,则禁止容器启动!# runAsNonRoot: true# 指定运行程序的用户UID,注意,该用户的UID必须存在!# runAsUser: 666
[root@k8s231.oldboyedu.com pods]#
9、Pod的生命周期优雅的终止案例
[root@k8s231.oldboyedu.com pods]# cat 19-pods-lifecycle-postStart-preStop.yaml
apiVersion: v1
kind: Pod
metadata:name: oldboyedu-linux85-lifecycle-001
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: datahostPath:path: /oldboyedu-linux85# 在pod优雅终止时,定义延迟发送kill信号的时间,此时间可用于pod处理完未处理的请求等状况。# 默认单位是秒,若不设置默认值为30s。terminationGracePeriodSeconds: 60containers:- name: mywebimage: harbor.oldboyedu.com/tools/centos7-iptabls:v0.1stdin: truevolumeMounts:- name: datamountPath: /data# 定义Pod的生命周期。lifecycle:# Pod启动之后做的事情postStart:exec:command: - "/bin/bash"- "-c"- "echo \"postStart at $(date +%F_%T)\" >> /data/postStart.log"# Pod停止之前做的事情preStop:exec:command: - "/bin/bash"- "-c"- "echo \"preStop at $(date +%F_%T)\" >> /data/preStop.log"
[root@k8s231.oldboyedu.com pods]#
10、Pod创建流程图解
11、rc的升级和回滚
docker镜像准备:
[root@k8s231.oldboyedu.com web]# ll
total 16
-rw-r--r-- 1 root root 168 Apr 18 17:07 apps-v1
-rw-r--r-- 1 root root 168 Apr 18 17:08 apps-v2
-rw-r--r-- 1 root root 168 Apr 18 17:08 apps-v3
-rwxr-xr-x 1 root root 437 Apr 18 17:11 build.sh
drwxr-xr-x 2 root root 36 Apr 18 17:06 code
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v1
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpineLABEL school=oldboyedu \class=linux85 \auther=JasonYinCOPY code/v1 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v2
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpineLABEL school=oldboyedu \class=linux85 \auther=JasonYinCOPY code/v2 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat apps-v3
FROM harbor.oldboyedu.com/web/nginx:1.20.1-alpineLABEL school=oldboyedu \class=linux85 \auther=JasonYinCOPY code/v3 /usr/share/nginx/html/index.html
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat build.sh
#!/bin/bashdocker build -f apps-v1 -t harbor.oldboyedu.com/update/apps:v1 .
docker build -f apps-v2 -t harbor.oldboyedu.com/update/apps:v2 .
docker build -f apps-v3 -t harbor.oldboyedu.com/update/apps:v3 .docker login -u admin -p 1 harbor.oldboyedu.com
docker push harbor.oldboyedu.com/update/apps:v1
docker push harbor.oldboyedu.com/update/apps:v2
docker push harbor.oldboyedu.com/update/apps:v3
docker logout harbor.oldboyedu.com
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v1
<h1 style='color: green;'>www.oldboyedu.com v0.1</h1>
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v2
<h1 style='color: green;'>www.oldboyedu.com v0.2</h1>
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]#
[root@k8s231.oldboyedu.com web]# cat code/v3
<h1 style='color: green;'>www.oldboyedu.com v0.3</h1>
[root@k8s231.oldboyedu.com web]#
rc的升级和回滚:
[root@k8s231.oldboyedu.com update]# cat 01-apps-old.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-linux85-web-rc-old
spec:replicas: 3selector:classroom: jiaoshi05address: oldboyedu-shahetemplate:metadata:labels:classroom: jiaoshi05address: oldboyedu-shahespec:containers:- name: appsimage: harbor.oldboyedu.com/update/apps:v1#image: harbor.oldboyedu.com/update/apps:v2---apiVersion: v1
kind: Service
metadata:name: oldboyedu-linux85-web-rc
spec:selector:classroom: jiaoshi05address: oldboyedu-shaheports:- port: 80targetPort: 80[root@k8s231.oldboyedu.com update]# for i in `seq 100`;do curl 10.200.239.166;sleep 0.5;done1.23版本不能使用“rolling-update”,如果想要升级或回滚可以按照以下方式进行:- 修改rc资源的清单并使用apply使之生效;- 删除Pod资源,rc控制器会自动拉起Pod,此时新拉起的Pod会根据上一步修改的镜像来启动- 综上所述,给用户看出来的效果就是像是更新;
12、rs的Pod控制器实战案例
[root@k8s231.oldboyedu.com replicasets]# cat 02-rs-matchExpressions-nginx.yaml
apiVersion: apps/v1
kind: ReplicaSet
metadata:name: oldboyedu-linux85-rs
spec:# 指定创建Pod的副本数量,默认值为1.replicas: 5# 定义标签选择器,rs资源基于标签选择器关联对应的Pod哟~selector:# 基于表达式匹配matchExpressions:- key: apps# values:# - haha# - xixi# - hehe# - oldboyedu-web# 当operator的值为In或者NotIn时,values的值不能为空。# - In:# key的值必须在values定义的数组内。# - NotIn:# key的值必须不在values定义的数组内。# operator: In# operator: NotIn# 当operator的值为Exists或者DoesNotExist时,values的值必须为空.# - Exists:# 只要存在key即可。# - DoesNotExist:# 只要不存在指定的key即可。# operator: Existsoperator: DoesNotExist# 定义Pod资源创建的模板template:metadata:labels:# apps: oldboyedu-webschool: oldboyeduclass: linux85spec:containers:- name: webimage: harbor.oldboyedu.com/update/apps:v1
[root@k8s231.oldboyedu.com replicasets]#
测试Pod
[root@k8s231.oldboyedu.com replicasets]# cat /tmp/rs.yaml
apiVersion: v1
kind: Pod
metadata:labels:apps: xixiname: oldboyedu-linux85-rs-001
spec:containers:- image: harbor.oldboyedu.com/update/apps:v1name: web---
apiVersion: v1
kind: Pod
metadata:labels:apps: hahaname: oldboyedu-linux85-rs-002
spec:containers:- image: harbor.oldboyedu.com/update/apps:v1name: web---
apiVersion: v1
kind: Pod
metadata:labels:apps: hehename: oldboyedu-linux85-rs-003
spec:containers:- image: harbor.oldboyedu.com/update/apps:v1name: web---
apiVersion: v1
kind: Pod
metadata:labels:apps: piapianame: oldboyedu-linux85-rs-004
spec:containers:- image: harbor.oldboyedu.com/update/apps:v1name: web---
[root@k8s231.oldboyedu.com replicasets]#
今日内容回顾:
livenessProbe: 检查失败时重启容器。
readinessProbe: 检查失败时标记为未就绪状态。
startupProbe: 检查失败将会杀死容器,再次期间不进行readinessProbe和livenessProbe的检查。
Pod的优雅终止
lifecycle:
postStart:
preStop
初始化容器initContianers
Pod创建的流程图解
replicasets: 副本控制器,相比于rc资源功能更加强大。
pod的安全上下文。
静态Pod。
今日作业:
(1)完成课堂的所有练习并整理思维导图;
(2)将昨日作业使用rs资源改写;
![[数据集][目标检测]躺坐站识别检测数据集VOC+YOLO格式9488张3类别](https://i-blog.csdnimg.cn/direct/5a6665d6dfe14248b321a442cacf2325.png)
![[C++]TinyWebServer](https://i-blog.csdnimg.cn/direct/69cf44a9d44c406bb513ddd20d220bb5.png)
