Pod作为k8s工作负载的基本单位,不论是Deployment还是job等等需要计算资源的控制器,都需要定义将被创建的pod模板,所以熟悉pod的所有字段还是很有必要的。今天就用Deployment作为例子,看一下一个完整pod模板应该是什么样子的。
Deployment大致可以分为五个字段,可以用kubectl explain deploy命令查看。前两个字段分别为apiverion和kind,就不用多说了,后三个字段是metadata,spec和k8s生成的status,容我慢慢讲来。
三大描述
metadata
此部分主要定义了pod的属性信息,注解和标签,名字,归属信息,是被哪个控制器创建的,pod-template-hash是必定存在的标签,仔细看会发现和rs的名字后面是相同的。 示例:
metadata:
creationTimestamp: "2019-05-18T05:13:16Z"
generateName: nginx-6c885545f8-
labels:
pod-template-hash: 6c885545f8
run: nginx
name: nginx-6c885545f8-gl8gc
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-6c885545f8
uid: a4dfdd64-792b-11e9-8da2-00163e132347
resourceVersion: "1178868"
selfLink: /api/v1/namespaces/default/pods/nginx-6c885545f8-gl8gc
uid: a4e0e290-792b-11e9-8da2-00163e132347
spec
终于到了pod的描述部分,最主要的containers部分就是在这里定义的,也是一个object,我们知道pod内的containers存储和网络等资源是共享的,CPU和memory也是可以隔离的,默认挂载了一个volume,也就是serviceaccount用来在内部访问APIServer所用的token,CA信息。 按种类大致分为以下几种
-
调度相关
- affinity 亲和性 分为nodeAffinity podAffinity podAntiAffinity三种
- nodeName 节点名字 默认由调度器分配
- nodeSelector 节点选择器
- schedulerName 调度器名字
- tolerations 容忍
-
生命周期
- initContainers 初始化容器
- containers 的 lifecycle 包括preStart和preStop脚本
- restartPolicy 重启策略 Always, OnFailure,Never. Default to Always
- terminationGracePeriodSeconds 优雅终止超时时间 默认30s
- containers 的 terminationMessagePolicy可以记录下pod重启的原因,方便debug,其他应该就不需要多说了。
-
网络相关
- dnsPolicy DNS策略 Defaults to “ClusterFirst”. Valid values are ‘ClusterFirstWithHostNet’, ‘ClusterFirst’, ‘Default’ or ‘None’
- hostNetwork 使用主机网络
spec:
containers:
- image: nginx:alpine
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-pl5xj
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: haha
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-pl5xj
secret:
defaultMode: 420
secretName: default-token-pl5xj
staus
顾名思义,这个字段主要就是pod的状态信息,包括健康检查状态,pod IP QOS等级等等信息。 示例:
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:12Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:13Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:13Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2019-05-18T08:10:10Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://93f6bd6fce495da06ab74b98594084dc6eaad1855536e6dbf4d9bf082e92712a
image: nginx:alpine
imageID: docker-pullable://nginx@sha256:d5e177fed5e4f264e55b19b84bdc494078a06775612a4f60963f296756ea83aa
lastState: {}
name: demo
ready: true
restartCount: 0
state:
running:
startedAt: "2019-05-18T08:10:12Z"
hostIP: 10.29.148.6
initContainerStatuses:
- containerID: docker://634d2abcc9addca6414f27e76f6f41801740eb83201bcf497c0b3f4c90087f2e
image: nginx:alpine
imageID: docker-pullable://nginx@sha256:d5e177fed5e4f264e55b19b84bdc494078a06775612a4f60963f296756ea83aa
lastState: {}
name: init-myservice
ready: true
restartCount: 0
state:
terminated:
containerID: docker://634d2abcc9addca6414f27e76f6f41801740eb83201bcf497c0b3f4c90087f2e
exitCode: 0
finishedAt: "2019-05-18T08:10:11Z"
reason: Completed
startedAt: "2019-05-18T08:10:11Z"
phase: Running
podIP: 10.244.0.158
qosClass: Burstable
startTime: "2019-05-18T08:10:10Z"
附上比较完整的deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo
spec:
selector:
matchLabels: {app: demo}
template:
metadata:
labels: {app: demo}
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: demo
image: nginx:alpine
env:
- name: "bool"
value: "true"
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
preStop:
exec:
command: ["/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done"]
readinessProbe:
livenessProbe:
httpGet:
path: /
port: 80
httpHeaders:
- name: Custom-Header
value: Awesome
initialDelaySeconds: 3
periodSeconds: 3
resources:
limits: {memory: "128Mi", cpu: "500m"}
requests: {memory: "128Mi", cpu: "10m"}
ports:
- containerPort: 80
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]
allowPrivilegeEscalation: false
# seLinuxOptions:
# level: "s0:c123,c456"
volumeMounts:
- name: metadata
mountPath: /etc/podinfo
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
dnsConfig:
nameservers:
- 8.8.8.8
hostAliases:
- hostnames:
- foo.bar
ip: 127.0.0.1
hostIPC: false
hostNetwork: false
hostname: demo
initContainers:
- name: init-myservice
image: nginx:alpine
command: ["/bin/sh","-c","echo Hello from the initContainers handler > /usr/share/init"]
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccountName: default
shareProcessNamespace: false
subdomain: ng
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
volumes:
- name: metadata
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "cpu_limit"
resourceFieldRef:
containerName: demo
resource: limits.cpu
divisor: 1m
Ref
Kubernetes: A Pod’s Life