Docker&Kubernetes ❀ Kubernetes集群资源Pod资源配置清单
Posted 无糖可乐没有灵魂
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker&Kubernetes ❀ Kubernetes集群资源Pod资源配置清单相关的知识,希望对你有一定的参考价值。
文章目录
1、Pod结构
每个Pod中都可以包含一个或多个容器,这些容器可以分为两类:
- 用户程序所在的容器,数量可多可少;
- Pause容器,这是每个Pod都会有的一个根容器,它的作用有两个:
- 以Pause容器,评估整个Pod的健康状态;
- 可以在根容器上设置IP地址,其他容器都此IP(Pod IP),以实现Pod内部的网络通信;
这里是Pod内部的通讯,Pod的之间的通讯采用虚拟二层网络技术来实现,当前使用的环境为Calico;
Pod执行方式即为YAML文件的配置与调度,此章节主要研究 pod.spec.containers 的相关属性;
[root@master ~]# kubectl explain pod.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object> #数组,代表可以有多个容器
FIELDS:
name <[]string> #容器名称
image <[]string> #容器镜像
imagePullPolicy <[]string> #镜像拉取策略
commadn <[]string> #容器的启动命令列表,不指定,使用打包时的启动命令
args <[]string> #容器的启动命令所需参数
env <[]Object> #容器环境变量配置
ports #容器需要暴露的端口列表
resources <[]Object> #资源限制和资源请求的设置
2、资源配置清单
配置YAML文件
[root@master ~]# cat pod-base.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-base
namespace: dev
labels:
user: test
spec:
containers:
- name: nginx
image: nginx #用1.17.1版本的nginx创建容器,nginx是一个轻量级的web服务
- name: busybox
image: busybox #用1.30版本的busybox创建容器,busybox是一个小巧的linux命令合集
调用YAML文件
[root@master ~]# kubectl apply -f pod-base.yaml
pod/pod-base created
查看Pod信息
[root@master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-base 1/2 CrashLoopBackOff 2 (29s ago) 2m48s
# READY:1/2 表示Pod中有两个容器,一个准备就绪,一个未就绪
# STATUS:CrashLoopBackOff :容器状态
# RESTARTS:重启次数,由于存在故障容器,Pod会一直尝试重启故障容器
查看详细信息
[root@master ~]# kubectl describe pod pod-base -n dev
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 4m25s default-scheduler Successfully assigned dev/pod-base to node2.kubernetes
Normal Pulling 3m44s kubelet Pulling image "nginx"
Normal Pulling 3m21s kubelet Pulling image "nginx"
Normal Started 2m58s kubelet Started container nginx
Normal Pulled 2m58s kubelet Successfully pulled image "nginx" in 23.687762085s
Normal Created 2m58s kubelet Created container nginx
Normal Pulled 2m40s kubelet Successfully pulled image "busybox" in 17.473883177s
Normal Pulled 2m38s kubelet Successfully pulled image "busybox" in 1.855415799s
Normal Pulled 2m21s kubelet Successfully pulled image "busybox" in 1.927431855s
Normal Pulling 113s (x4 over 2m58s) kubelet Pulling image "busybox"
Normal Started 97s (x4 over 2m40s) kubelet Started container busybox
Warning BackOff 97s (x5 over 2m36s) kubelet Back-off restarting failed container #警告,退出重新启动的容器
Normal Created 97s (x4 over 2m40s) kubelet Created container busybox
Normal Pulled 97s kubelet Successfully pulled image "busybox" in 15.484121613s
3、Pod镜像拉取
3.1 镜像拉取命令操作
配置YAML文件
[root@master ~]# cat pod-imagepullpolicy.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-imagepullpolicy
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.3
imagePullPolicy: Never #设置拉取镜像规则为Never
- name: busybox
image: busybox:1.13.0
调用YAML文件
[root@master ~]# kubectl apply -f pod-imagepullpolicy.yaml
pod/pod-imagepullpolicy created
查看Pod,发现状态为ErrImagePull
[root@master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-base 1/2 CrashLoopBackOff 9 (3m18s ago) 27m
pod-imagepullpolicy 0/2 ErrImagePull 0 2m33s
查看Pod详细信息
[root@master ~]# kubectl describe pod pod-imagepullpolicy -n dev
~
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m14s default-scheduler Successfully assigned dev/pod-imagepullpolicy to node1.kubernetes
Normal SandboxChanged 2m51s kubelet Pod sandbox changed, it will be killed and re-created.
Normal BackOff 2m49s (x3 over 2m51s) kubelet Back-off pulling image "busybox:1.13.0"
Warning Failed 2m49s (x3 over 2m51s) kubelet Error: ImagePullBackOff
Normal Pulling 2m35s (x2 over 3m13s) kubelet Pulling image "busybox:1.13.0"
Warning Failed 2m (x2 over 2m52s) kubelet Failed to pull image "busybox:1.13.0": rpc error: code = Unknown desc = Error response from daemon: manifest for busybox:1.13.0 not found: manifest unknown: manifest unknown
Warning Failed 2m (x2 over 2m52s) kubelet Error: ErrImagePull
Warning ErrImageNeverPull 106s (x6 over 3m13s) kubelet Container image "nginx:1.17.3" is not present with pull policy of Never #告警,容器镜像nginx:1.17.3没有被拉取是因为Never策略限制
Warning Failed 106s (x6 over 3m13s) kubelet Error: ErrImageNeverPull
帮助查询命令
[root@master ~]# kubectl explain pod.spec.containers | grep -A 5 imagePullPolicy
imagePullPolicy <string>
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
3.1.2 imagePullPolicy
用于设置拉取镜像规则,主要有下面三种拉取策略:
- Always:总是从远程创库拉取镜像;
- IfNotPresent:本地有则使用本地镜像,本地没有则从远程仓库拉取镜像;
- Never:只使用本地镜像,不使用远程仓库拉取镜像,本地没有镜像直接报错;
3.2 镜像拉取策略:
- 如果镜像规定了tag版本,则默认使用IfNotPresent;
- 如果没有定义tag版本(下载latest最终版本),则默认为Always;
远程镜像下载路径在部署Kubernetes的过程有配置,URL为:https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
4、Pod启动命令
前面的Pod中一直有一个问题没有解决,那就是busybox容器没有成功运行,busybox并不是一个程序,而是一个类似工具的集合,Kubernetes集群启动后,会自动关系没有进程的容器,这样就会导致busybox无法正常启动,Pod一直处于重启失败过程(此现象在Docker中也会出现,如直接运行centos系统,若不定义进程,也会自动关闭)
在Kubernetes中使用command的配置来解决上述容器自动关闭问题,command可以使得容器后台执行命令或服务使得容器不会由于无进程或服务而自动关闭;
4.1 启动命令操作
[root@master ~]# cat pod-command.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-command
namespace: dev
spec:
containers:
- name: nginx
image: nginx
- name: busybox #容器名称
image: busybox #容器镜像名称
command: ["/bin/sh","-c","touch /tmp/hello.txt; while true; do /bin/echo $(date +%T) >> /tmp/hello.txt; sleep 3; done;"]
# "/bin/sh","-c", 使用sh执行命令
# "touch /tmp/hello.txt 创建一个文件
# while true; do /bin/echo $(data +%T) >> /tmp/hello.txt; sleep 3; done;" 每隔3s向文件中写入当前时间
调用YAML文件
[root@master ~]# kubectl apply -f pod-command.yaml
pod/pod-command created
查看Pod信息,pod-command的容器状态为running
[root@master ~]# kubectl get pod -n dev
NAME READY STATUS RESTARTS AGE
pod-base 1/2 CrashLoopBackOff 12 (4m12s ago) 44m
pod-command 2/2 Running 0 103s
pod-imagepullpolicy 0/2 ImagePullBackOff 0 19m
验证busybox内hello.txt是否含有时间
#进入Pod(同Docker)
[root@master ~]# kubectl exec pod-command -n dev -it -c busybox /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # tail -f /tmp/hello.txt
15:00:31
15:00:34
15:00:37
^C
/ # exit
进入Pod命令格式
kubectl exec [pod_name] -n [namespace] -it -c [container_name] /bin/sh [command]
4.2 注意事项
通过上面的实验发现command已经可以完成启动命令和传递参数的功能,还需要引入args主要是为了覆盖Dockerfile中的ENTRYPOINT功能(容器启动时执行的命令,不会被docker run覆盖参数,会追加执行)
- 如果command和args均没有写入,那么用Dockerfile的ENTRYPOINT命令;
- 如果command写入,args没写入,那么Dockerfile默认的配置会被忽略,选择执行输入的command;
- 如果command没写入,args写入,那么Dockerfile中配置的ENTRYPOINT命令就会被执行,使用当前args的参数;
- 如果command和args都被写入,那么Dockerfile的配置被忽略,执行command命令并追加args参数;
5、Pod环境变量
此方式不推荐使用,主要作为了解即可,推荐将环境变量键值对配置在单独存储的文件中;
[root@master ~]# cat pod-env.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-env
namespace: dev
spec:
containers:
- name: nginx
image: nginx
- name: busybox
image: busybox
command: ["/bin/sh","-c","touch /tmp/hello.txt; while true; do /bin/echo $(date +%T) >> /tmp/hello.txt; sleep 3; done;"]
env: #配置环境变量,主要为键值对
- name: "username"
value: "admin"
- name: "password"
value: "123456"
调用YAML文件
[root@master ~]# kubectl apply -f pod-env.yaml
pod/pod-env created
验证键值对是否生效
[root@master ~]# kubectl exec pod-env -n dev -it -c busybox /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # echo $username
admin
/ # echo $password
123456
/ # exit
6、Pod端口设置
查看ports支持的子选项:
[root@master ~]# kubectl explain pod.spec.containers.ports
KIND: Pod
VERSION: v1
RESOURCE: ports <[]Object>
FIELDS:
containerPort <integer> #容器需要监听的端口 1-65535
hostIP <string> #容器将外部端口绑定到某个主机IP地址(一般忽略此配置)
hostPort <integer> #容器需要在主机上公开的端口,如果设置,主机端口有且只能使用一次(一般忽略此配置)
name <string> #容器端口名称,pod中唯一
protocol <string> #端口协议,UDP、TCP、SCTP中选择一种,默认为TCP
配置YAML文件
[root@master ~]# cat pod-ports.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-ports
namespace: dev
spec:
containers:
- name: nginx
image: nginx
ports: #容器暴露端口列表配置
- name: nginx-port
containerPort: 80
protocol: TCP
调用YAML文件
[root@master ~]# kubectl apply -f pod-ports.yaml
pod/pod-ports created
验证所配置端口是否暴露
[root@master ~]# kubectl get pod pod-ports -n dev -o yaml
~
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
name: nginx-port
protocol: TCP
#访问对应的nginx服务
[root@master ~]# kubectl get pod pod-ports -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-ports 1/1 Running 0 2m35s 10.244.112.19 node1.k8s <none> <none>
[root@master ~]# curl http://10.244.112.19:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html color-scheme: light dark;
body width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
7、Pod资源配额
容器中的程序要运行,是需要占用一定资源的,如CPU、内存、磁盘等,如果不对某个容器的资源做限制,那么它就可以占用大量资源,导致其他容器无法运行,针对这些情况,Kubernetes提供了对内存和CPU资源进行配额限制机制,主要通过resource选项实现,参数如下:
limits:用于限制运行时容器的最大占用资源,当容器占用资源超过limits时会被终止,并进行重启;
requests:用于设置容器需要的最小资源,如果资源不足,容器无法正常启动,会产生报错;
[root@master ~]# cat pod-resources.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-resources
namespace: dev
spec:
containers:
- name: nginx
image: nginx
resources: #资源限制配置,目前Kubernetes只支持对CPU于内存的限制
limits: #资源限制上限
cpu: "2" #限制CPU核数,单位为core,可以为整数或小数
memory: "10G" #限制内存,单位可以使用G、M或Gi、Mi
requests: #资源限制下限
cpu: "1"
memory: "1G"
调用YAML文件
[root@master ~]# kubectl apply -f pod-resources.yaml
pod/pod-resources created
将资源上限取消,下限设置为物理机内存高值,查看创建报错
#删除前面已经调用的YAML文件
[root@master ~]# kubectl delete -f pod-resources.yaml
pod "pod-resources" deleted
#查看目前服务器所用核数
[root@master ~]# cat /proc/cpuinfo | grep -w processor | wc -l
8
#修改资源限制下限为16c(高于目前8c)
[root@master ~]# cat pod-resources.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-resources
namespace: dev
spec:
containers:
- name: nginx
image: nginx
resources:
requests:
cpu: "16" #CPU配额为16c(高于目前8c)
memory: "1G"
#调用修改后的YAML文件
[root@master ~]# kubectl apply -f pod-resources.yaml
pod/pod-resources created
#调用后查看报错
[root@master ~]# kubectl describe pod pod-resources -n dev
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 29s default-scheduler 0/3 nodes are available: 1 node(s) had taint node-role.kubernetes.io/master: , that the pod didn't tolerate, 2 Insufficient cpu. #提示CPU不足
以上是关于Docker&Kubernetes ❀ Kubernetes集群资源Pod资源配置清单的主要内容,如果未能解决你的问题,请参考以下文章
Docker&Kubernetes ❀ Kubernetes集群安装部署过程与常见的错误解决方法
Docker&Kubernetes ❀ Kubernetes集群安装部署过程与常见的错误解决方法
Docker&Kubernetes ❀ Kubernetes集群实践与部署笔记知识点梳理
Docker&Kubernetes ❀ Docker 容器技术笔记链接梳理