pod作为k8s工作负载的具体实现,不论是deployment还是job或者是其他,都需要定义将被创建的pod模板,今天就来看一下pod相关的描述规范。
pod属于k8s的core资源组,。前两个字段分别为apiverion和kind,后三个字段是metadata,spec和k8s生成的status。

metadata

此部分主要定义了pod的属性信息,注解和标签,名字,归属信息,是被哪个控制器创建的,pod-template-hash是必定存在的标签,仔细看会发现和rs的名字后面是相同的。
示例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
metadata:
creationTimestamp: "2019-05-18T05:13:16Z"
generateName: nginx-6c885545f8-
labels:
pod-template-hash: 6c885545f8
run: nginx
name: nginx-6c885545f8-gl8gc
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-6c885545f8
uid: a4dfdd64-792b-11e9-8da2-00163e132347
resourceVersion: "1178868"
selfLink: /api/v1/namespaces/default/pods/nginx-6c885545f8-gl8gc
uid: a4e0e290-792b-11e9-8da2-00163e132347

spec

终于到了pod的描述部分,最主要的containers部分就是在这里定义的,也是一个object,我们知道pod内的containers存储和网络等资源是共享的,CPU和memory也是可以隔离的,默认挂载了一个volume,也就是serviceaccount用来在内部访问APIServer所用的token,CA信息。
按种类大致分为以下几种

  • 调度相关
    affinity 亲和性 分为nodeAffinity podAffinity podAntiAffinity三种
    nodeName 节点名字 默认由调度器分配
    nodeSelector 节点选择器
    schedulerName 调度器名字
    tolerations 容忍

  • 生命周期
    initContainers 初始化容器
    containers 的 lifecycle 包括preStart和preStop脚本
    restartPolicy 重启策略 Always, OnFailure,Never. Default to Always
    terminationGracePeriodSeconds 优雅终止超时时间 默认30s
    containers 的 terminationMessagePolicy可以记录下pod重启的原因,方便debug,其他应该就不需要多说了。

  • 网络相关
    dnsPolicy DNS策略 Defaults to “ClusterFirst”. Valid values are ‘ClusterFirstWithHostNet’, ‘ClusterFirst’, ‘Default’ or ‘None’
    hostNetwork 使用主机网络

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    spec:
    containers:
    - image: nginx:alpine
    imagePullPolicy: IfNotPresent
    name: nginx
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: FallbackToLogsOnError
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
    name: default-token-pl5xj
    readOnly: true
    dnsPolicy: ClusterFirst
    enableServiceLinks: true
    nodeName: haha
    priority: 0
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:
    - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
    volumes:
    - name: default-token-pl5xj
    secret:
    defaultMode: 420
    secretName: default-token-pl5xj

staus

顾名思义,这个字段主要就是pod的状态信息,包括健康检查状态,pod IP QOS等级等等信息。
示例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:12Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:13Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:13Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:10Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://93f6bd6fce495da06ab74b98594084dc6eaad1855536e6dbf4d9bf082e92712a
image: nginx:alpine
imageID: docker-pullable://nginx@sha256:d5e177fed5e4f264e55b19b84bdc494078a06775612a4f60963f296756ea83aa
lastState: {}
name: demo
ready: true
restartCount: 0
state:
running:
startedAt: "2019-05-18T08:10:12Z"
hostIP: 10.29.148.6
initContainerStatuses:
- containerID: docker://634d2abcc9addca6414f27e76f6f41801740eb83201bcf497c0b3f4c90087f2e
image: nginx:alpine
imageID: docker-pullable://nginx@sha256:d5e177fed5e4f264e55b19b84bdc494078a06775612a4f60963f296756ea83aa
lastState: {}
name: init-myservice
ready: true
restartCount: 0
state:
terminated:
containerID: docker://634d2abcc9addca6414f27e76f6f41801740eb83201bcf497c0b3f4c90087f2e
exitCode: 0
finishedAt: "2019-05-18T08:10:11Z"
reason: Completed
startedAt: "2019-05-18T08:10:11Z"
phase: Running
podIP: 10.244.0.158
qosClass: Burstable
startTime: "2019-05-18T08:10:10Z"

附上比较完整的deploy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo
spec:
selector:
matchLabels: {app: demo}
template:
metadata:
labels: {app: demo}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: demo
image: nginx:alpine
env:
- name: "bool"
value: "true"
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
preStop:
exec:
command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
readinessProbe:
livenessProbe:
httpGet:
path: /
port: 80
httpHeaders:
- name: Custom-Header
value: Awesome
initialDelaySeconds: 3
periodSeconds: 3
resources:
limits: {memory: "128Mi", cpu: "500m"}
requests: {memory: "128Mi", cpu: "10m"}
ports:
- containerPort: 80
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]
allowPrivilegeEscalation: false
# seLinuxOptions:
# level: "s0:c123,c456"
volumeMounts:
- name: metadata
mountPath: /etc/podinfo
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
dnsConfig:
nameservers:
- 8.8.8.8
hostAliases:
- hostnames:
- foo.bar
ip: 127.0.0.1
hostIPC: false
hostNetwork: false
hostname: demo
initContainers:
- name: init-myservice
image: nginx:alpine
command: ["/bin/sh","-c","echo Hello from the initContainers handler > /usr/share/init"]
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccountName: default
shareProcessNamespace: false
subdomain: ng
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
volumes:
- name: metadata
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "cpu_limit"
resourceFieldRef:
containerName: demo
resource: limits.cpu
divisor: 1m

https://blog.openshift.com/kubernetes-pods-life/