KUBERNETES04_下载策略私有仓库下载envcommand生命周期容器钩子资源限制
Posted 所得皆惊喜
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了KUBERNETES04_下载策略私有仓库下载envcommand生命周期容器钩子资源限制相关的知识,希望对你有一定的参考价值。
文章目录
①. 下载策略imagePullPolicy
-
①. Always:总是去下载:(默认)
先看网上有没有,有了就下载,(本机也有,docker就相当于不用下载了) -
②. Never:总不去下载,一定保证当前Pod所在的机器有这个镜像;直接看本机
-
③. IfNotPresent:如果本机没有就去下载;先看本机,再看远程
[root@k8s-master k8syaml]# kubectl explain pod.spec.containers.imagePullPolicy
KIND: Pod
VERSION: v1
FIELD: imagePullPolicy <string>
DESCRIPTION:
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
kind: Pod
apiVersion: v1
metadata:
name: my-nginx-labels
namespace: hello # 在hello命名空间下创建pod
labels:
name: tangzhi
spec: # 指定规格信息
containers: # 指定要启动一个什么样的容器
- image: nginx #指定镜像
name: my-nginx #容器的名字
imagePullPolicy: Always
②. 私有仓库下载
- ①. 在Pod上指定ImagePullSecrets
[root@k8s-master k8syaml]# kubectl explain pod.spec.imagePullSecrets
KIND: Pod
VERSION: v1
RESOURCE: imagePullSecrets <[]Object>
DESCRIPTION:
ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
FIELDS:
name <string>
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- ②. 创建一个secret
kubectl create secret docker-registry my-aliyun -n hello \\
--docker-server=registry.cn-hangzhou.aliyuncs.com \\ #私人仓库的地址、ip也可以填写
--docker-username=forsumlove \\ # 账号
--docker-password=lfy11223344 # 密码
- ③. 具体的yaml文件如下
apiVersion: v1
kind: Pod
metadata:
name: my-container-test1
namespace: hello
labels:
name: "tangzhi"
age: 25
spec:
imagePullSecrets:
- name: my-aliyun
containers:
- image: registry.cn-hangzhou.aliyuncs.com/lfy/java-devops-demo:v1.0
name: my-container-01
imagePullPolicy: Always
- image: nginx
name: my-mynginx-01
③. env、command
- ①. env指定环境变量,这里以一个部署mysql为例
kind: Pod
apiVersion: v1
metadata:
name: my-mysql
namespace: hello
labels:
name: tangzhi
spec: # 指定规格信息
containers: # 指定要启动一个什么样的容器
## docker run -e = env --name=name -v=volumeMounts -w /usr/ /bin/bash
- image: mysql:5.7.34 #指定镜像
name: mysql #容器的名字 数据就在容器里面 docker run mysql.
# ports: #指定容器暴露哪些端口 -p
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
- name: MYSQL_DATABASE
value: "tang"
workingDir: "/usr/" # Dockerfiel WORKDIR
#volumeMounts: 挂载
[root@k8s-master k8syaml]# kubectl explain pod.spec.containers.command
KIND: Pod
VERSION: v1
FIELD: command <[]string>
DESCRIPTION:
Entrypoint array. Not executed within a shell. The docker image's
ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container's environment. If a variable cannot be
resolved, the reference in the input string will be unchanged. The
$(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
Escaped references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
kind: Pod
apiVersion: v1
metadata:
name: my-command-test
namespace: hello
spec: # 指定规格信息
containers: # 指定要启动一个什么样的容器
- image: nginx #指定镜像。默认会启动一个nginx容器
name: command-test
command: # 以这里为准 ## redis 主节点 redis 启动命令
- /bin/sh
- -c
- "echo $(msg);"
env:
- name: msg
value: "hello msg" ## Dockerfile CMD 能用到
# 直接覆盖容器的默认命令 Dockerfile ENTRYPOINT CMD 指定容器的启动命令
④. 生命周期容器钩子
-
①. Kubernetes中为容器提供了两个hook(钩子函数)
-
②. PostStart:此钩子函数在容器创建后将立刻执行。但是,并不能保证该钩子函数在容器ENTRYPOINT之前执行。该钩子函数没有输入参数
-
③. PreStop:此钩子函数在容器被terminate(终止)之前执行,例如
- 通过接口调用删除容器所在Pod
- 某些管理事件的发生:健康检查失败、资源紧缺等
- 如果容器已经被关闭或者进入了completed状态,preStop钩子函数的调用将失败。该函数的执行是同步的,即kubernetes将在该函数完成执行之后才删除容器。该钩子函数没有输入参数
-
④. Kubernetes在容器启动后立刻发送postStart事件,但是并不能确保postStart事件处理程序在容器的EntryPoint之前执行。postStart事件处理程序相对于容器中的进程来说是异步的(同时执行),然而,Kubernetes在管理容器时,将一直等到postStart事件处理程序结束之后,才会将容器的状态标记为Running。
-
⑤. Kubernetes在决定关闭容器时,立刻发送preStop事件,并且,将一直等到preStop事件处理程序
结束或者Pod的–grace-period超时,才删除容器 -
⑥. yaml文件如下
apiVersion: v1
kind: Pod
metadata:
name: lifestyle-test
namespace: hello
labels:
name: lifestyle-test-labels
spec: # 指定规格信息
containers: # 指定要启动一个什么样的容器
- image: nginx #指定镜像。默认会启动一个nginx容器
name: command-test-lifecycle
lifecycle:
postStart:
httpGet:
host: "11.168.235.192"
path: "/"
port: "80"
scheme: "HTTP"
preStop:
httpGet:
host: "11.168.235.192"
path: "/"
port: "80"
scheme: "HTTP"
⑤. 资源限制
- ①. 查看具体的使用步骤:
[root@k8s-master k8syaml]# kubectl explain pod.spec.containers.resources
KIND: Pod
VERSION: v1
RESOURCE: resources <Object>
DESCRIPTION:
Compute Resources required by this container. Cannot be updated. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
ResourceRequirements describes the compute resource requirements.
FIELDS:
limits <map[string]string>
Limits describes the maximum amount of compute resources allowed. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
requests <map[string]string>
Requests describes the minimum amount of compute resources required. If
Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value. More
info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
apiVersion: v1
kind: Pod
metadata:
name: qos-demo
namespace: qos-example
spec:
containers:
- name: qos-demo-ctr
image: nginx
resources:
limits: # 限制最大大小 -Xmx
memory: "200Mi"
cpu: "700m"
# 启动默认给分配的大小 -Xms
requests:
memory: "200Mi"
cpu: "700m"
以上是关于KUBERNETES04_下载策略私有仓库下载envcommand生命周期容器钩子资源限制的主要内容,如果未能解决你的问题,请参考以下文章