什么是清单

说白了清单是k8s当中用来定义pod的文件,语法格式遵循yaml语法,在yaml当中可以定义控制器类型,元数据,容器端口号等等等....,也可以针对于清单对pod进行删除等操作

为什么学习k8s清单

对于用kubectl命令的方式运行一个或者多个pod会有一定的局限性,比如我们想建立一个自主式pod,不需要任何控制器管理,又或者想定义元数据,一个pod跑多个docker容器,这些操作对于kubectl来说非常麻烦,因此我们应该学会用清单的方式定义pod

pod类型

pod可以分为2种类型:

  • 自助式pod:没有任何控制器的管控
  • 控制器pod:被控制器管控的pod

我们可以用kubectl get命令输出一个pod的配置清单,自主式pod清单定义格式如下

[root@master ~]# kubectl get pods myapp-7c468db58f-qbqhk -o yaml

apiVersion: v1

kind: Pod

metadata:

  creationTimestamp: "2019-12-08T04:40:44Z"

  generateName: myapp-7c468db58f-

  labels:

    pod-template-hash: 7c468db58f

    run: myapp

  name: myapp-7c468db58f-qbqhk

  namespace: default

  ownerReferences:

  - apiVersion: apps/v1

    blockOwnerDeletion: true

    controller: true

    kind: ReplicaSet

    name: myapp-7c468db58f

    uid: a1d7c81d-eb84-4a67-8eab-a423dc260b9f

  resourceVersion: ""

  selfLink: /api/v1/namespaces/default/pods/myapp-7c468db58f-qbqhk

  uid: 68fbd5a8-ee86--837b-730d582884b6

spec:

  containers:

  - image: ikubernetes/myapp:v1

    imagePullPolicy: IfNotPresent

    name: myapp

    resources: {}

    terminationMessagePath: /dev/termination-log

    terminationMessagePolicy: File

    volumeMounts:

    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount

      name: default-token-lxfzn

      readOnly: true

  dnsPolicy: ClusterFirst

  enableServiceLinks: true

  nodeName: node1

  priority:

  restartPolicy: Always

  schedulerName: default-scheduler

  securityContext: {}

  serviceAccount: default

  serviceAccountName: default

  terminationGracePeriodSeconds:

  tolerations:

  - effect: NoExecute

    key: node.kubernetes.io/not-ready

    operator: Exists

    tolerationSeconds:

  - effect: NoExecute

    key: node.kubernetes.io/unreachable

    operator: Exists

    tolerationSeconds:

  volumes:

  - name: default-token-lxfzn

    secret:

      defaultMode:

      secretName: default-token-lxfzn

status:

  conditions:

  - lastProbeTime: null

    lastTransitionTime: "2019-12-08T04:40:44Z"

    status: "True"

    type: Initialized

  - lastProbeTime: null

    lastTransitionTime: "2019-12-08T04:40:46Z"

    status: "True"

    type: Ready

  - lastProbeTime: null

    lastTransitionTime: "2019-12-08T04:40:46Z"

    status: "True"

    type: ContainersReady

  - lastProbeTime: null

    lastTransitionTime: "2019-12-08T04:40:44Z"

    status: "True"

    type: PodScheduled

  containerStatuses:

  - containerID: docker://4d5ddbff59f6baf604746728b65ba60e5826fbf602d0ad9aaafd594bda519bb8

    image: ikubernetes/myapp:v1

    imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513

    lastState: {}

    name: myapp

    ready: true

    restartCount:

    started: true

    state:

      running:

        startedAt: "2019-12-08T04:40:45Z"

  hostIP: 192.168.254.11

  phase: Running

  podIP: 10.244.1.35

  podIPs:

  - ip: 10.244.1.35

  qosClass: BestEffort

  startTime: "2019-12-08T04:40:44Z"

可以看到1级字段当中有apiVersion,kind,metadata,spec,status

apiVersion字段

用来指定api的版本,定义的语法格式为group/version,比如我们要定义deployment控制器,那么我们的apiVersion:apps/v1,如果我们要定义自主式pod,那么需要定义apiVersion:v1,这里要注意的是k8s在不断的迭代更新中,有可能新版本中会更换,如果要获取有哪些apiVersion可以用如下命令

[root@master ~]# kubectl api-versions

admissionregistration.k8s.io/v1

admissionregistration.k8s.io/v1beta1

apiextensions.k8s.io/v1

apiextensions.k8s.io/v1beta1

apiregistration.k8s.io/v1

apiregistration.k8s.io/v1beta1

apps/v1

authentication.k8s.io/v1

authentication.k8s.io/v1beta1

authorization.k8s.io/v1

authorization.k8s.io/v1beta1

autoscaling/v1

autoscaling/v2beta1

autoscaling/v2beta2

batch/v1

batch/v1beta1

certificates.k8s.io/v1beta1

coordination.k8s.io/v1

coordination.k8s.io/v1beta1

events.k8s.io/v1beta1

extensions/v1beta1

networking.k8s.io/v1

networking.k8s.io/v1beta1

node.k8s.io/v1beta1

policy/v1beta1

rbac.authorization.k8s.io/v1

rbac.authorization.k8s.io/v1beta1

scheduling.k8s.io/v1

scheduling.k8s.io/v1beta1

storage.k8s.io/v1

storage.k8s.io/v1beta1

v1

kind字段

kind字段主要用于绑定控制器类型,比如:我们想定义一个自助式pod,那么我们就应该定义kind:Pod,如果我们要定义一个deployment控制器管理的pod,那么我们就应该定义kind:Deployment

metadata字段

对于metadata字段为元数据,我们已经知道k8s是通过标签选择器的方式管理pod,因此,在metadata当中最重要的就是标签,我们可以在metadata当中定义名称空间,标签等,我们如果想查看metadata下可以定义哪些元数据可以使用kubectl explain pod.metadata命令来查看,如果想查看metadata子命令下的用法可以继续以点.的方式进行查看,比如:

[root@master ~]# kubectl explain pod.metadata

KIND:     Pod

VERSION:  v1

RESOURCE: metadata <Object>

DESCRIPTION:

     Standard object's metadata. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

     ObjectMeta is metadata that all persisted resources must have, which

     includes all objects users must create.

FIELDS:

   annotations  <map[string]string>

     Annotations is an unstructured key value map stored with a resource that

     may be set by external tools to store and retrieve arbitrary metadata. They

     are not queryable and should be preserved when modifying objects. More

     info: http://kubernetes.io/docs/user-guide/annotations

   clusterName  <string>

     The name of the cluster which the object belongs to. This is used to

     distinguish resources with same name and namespace in different clusters.

     This field is not set anywhere right now and apiserver is going to ignore

     it if set in create or update request.

   creationTimestamp    <string>

     CreationTimestamp is a timestamp representing the server time when this

     object was created. It is not guaranteed to be set in happens-before order

     across separate operations. Clients may not set this value. It is

     represented in RFC3339 form and is in UTC. Populated by the system.

     Read-only. Null for lists. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   deletionGracePeriodSeconds   <integer>

     Number of seconds allowed for this object to gracefully terminate before it

     will be removed from the system. Only set when deletionTimestamp is also

     set. May only be shortened. Read-only.

   deletionTimestamp    <string>

     DeletionTimestamp is RFC  date and time at which this resource will be

     deleted. This field is set by the server when a graceful deletion is

     requested by the user, and is not directly settable by a client. The

     resource is expected to be deleted (no longer visible from resource lists,

     and not reachable by name) after the time in this field, once the

     finalizers list is empty. As long as the finalizers list contains items,

     deletion is blocked. Once the deletionTimestamp is set, this value may not

     be unset or be set further into the future, although it may be shortened or

     the resource may be deleted prior to this time. For example, a user may

     request that a pod is deleted in  seconds. The Kubelet will react by

     sending a graceful termination signal to the containers in the pod. After

     that  seconds, the Kubelet will send a hard termination signal (SIGKILL)

     to the container and after cleanup, remove the pod from the API. In the

     presence of network partitions, this object may still exist after this

     timestamp, until an administrator or automated process can determine the

     resource is fully terminated. If not set, graceful deletion of the object

     has not been requested. Populated by the system when a graceful deletion is

     requested. Read-only. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   finalizers   <[]string>

     Must be empty before the object is deleted from the registry. Each entry is

     an identifier for the responsible component that will remove the entry from

     the list. If the deletionTimestamp of the object is non-nil, entries in

     this list can only be removed.

   generateName <string>

     GenerateName is an optional prefix, used by the server, to generate a

     unique name ONLY IF the Name field has not been provided. If this field is

     used, the name returned to the client will be different than the name

     passed. This value will also be combined with a unique suffix. The provided

     value has the same validation rules as the Name field, and may be truncated

     by the length of the suffix required to make the value unique on the

     server. If this field is specified and the generated name exists, the

     server will NOT return a  - instead, it will either return  Created

     or  with Reason ServerTimeout indicating a unique name could not be

     found in the time allotted, and the client should retry (optionally after

     the time indicated in the Retry-After header). Applied only if Name is not

     specified. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

   generation   <integer>

     A sequence number representing a specific generation of the desired state.

     Populated by the system. Read-only.

   labels       <map[string]string>

     Map of string keys and values that can be used to organize and categorize

     (scope and select) objects. May match selectors of replication controllers

     and services. More info: http://kubernetes.io/docs/user-guide/labels

   managedFields        <[]Object>

     ManagedFields maps workflow-id and version to the set of fields that are

     managed by that workflow. This is mostly for internal housekeeping, and

     users typically shouldn't need to set or understand this field. A workflow

     can be the user's name, a controller's name, or the name of a specific

     apply path like "ci-cd". The set of fields is always in the version that

     the workflow used when modifying the object.

   name <string>

     Name must be unique within a namespace. Is required when creating

     resources, although some resources may allow a client to request the

     generation of an appropriate name automatically. Name is primarily intended

     for creation idempotence and configuration definition. Cannot be updated.

     More info: http://kubernetes.io/docs/user-guide/identifiers#names

   namespace    <string>

     Namespace defines the space within each name must be unique. An empty

     namespace is equivalent to the "default" namespace, but "default" is the

     canonical representation. Not all objects are required to be scoped to a

     namespace - the value of this field for those objects will be empty. Must

     be a DNS_LABEL. Cannot be updated. More info:

     http://kubernetes.io/docs/user-guide/namespaces

   ownerReferences      <[]Object>

     List of objects depended by this object. If ALL objects in the list have

     been deleted, this object will be garbage collected. If this object is

     managed by a controller, then an entry in this list will point to this

     controller, with the controller field set to true. There cannot be more

     than one managing controller.

   resourceVersion      <string>

     An opaque value that represents the internal version of this object that

     can be used by clients to determine when objects have changed. May be used

     for optimistic concurrency, change detection, and the watch operation on a

     resource or set of resources. Clients must treat these values as opaque and

     passed unmodified back to the server. They may only be valid for a

     particular resource or set of resources. Populated by the system.

     Read-only. Value must be treated as opaque by clients and . More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

   selfLink     <string>

     SelfLink is a URL representing this object. Populated by the system.

     Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20

     release and the field is planned to be removed in 1.21 release.

   uid  <string>

     UID is the unique in time and space value for this object. It is typically

     generated by the server on successful creation of a resource and is not

     allowed to change on PUT operations. Populated by the system. Read-only.

     More info: http://kubernetes.io/docs/user-guide/identifiers#uids

labels:标签选择器,labels的值决定service控制器关联pod的重要选项

namespace:名称空间,默认为default名称空间

name:这里是自主式pod名称,如果是控制器pod,这里是控制器名称

annotations:资源注解,这里跟labels很像,都是键值对,但是不同点是,不能用于挑选资源对象,仅用于“元数据”,在特定场景下注解是“必不可少的”,这一点要注意

spec字段

spec字段是非常重要的字段,用来定义期望容器达到的状态,在spec字段当中可以定义多个容器,容器的名称,容器的镜像,拖取容器镜像的方式,暴露的端口号,存储卷,容器个数等。也就是说真正定义pod是在spec字段当中定义的,spec字段当中有哪些字段可以定义如下:

[root@master ~]# kubectl explain pod.spec

KIND:     Pod

VERSION:  v1

RESOURCE: spec <Object>

DESCRIPTION:

     Specification of the desired behavior of the pod. More info:

     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

     PodSpec is a description of a pod.

FIELDS:

   activeDeadlineSeconds        <integer>

     Optional duration in seconds the pod may be active on the node relative to

     StartTime before the system will actively try to mark it failed and kill

     associated containers. Value must be a positive integer.

   affinity     <Object>

     If specified, the pod's scheduling constraints

   automountServiceAccountToken <boolean>

     AutomountServiceAccountToken indicates whether a service account token

     should be automatically mounted.

   containers   <[]Object> -required-

     List of containers belonging to the pod. Containers cannot currently be

     added or removed. There must be at least one container in a Pod. Cannot be

     updated.

   dnsConfig    <Object>

     Specifies the DNS parameters of a pod. Parameters specified here will be

     merged to the generated DNS configuration based on DNSPolicy.

   dnsPolicy    <string>

     Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are

     'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS

     parameters given in DNSConfig will be merged with the policy selected with

     DNSPolicy. To have DNS options set along with hostNetwork, you have to

     specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

   enableServiceLinks   <boolean>

     EnableServiceLinks indicates whether information about services should be

     injected into pod's environment variables, matching the syntax of Docker

     links. Optional: Defaults to true.

   ephemeralContainers  <[]Object>

     List of ephemeral containers run in this pod. Ephemeral containers may be

     run in an existing pod to perform user-initiated actions such as debugging.

     This list cannot be specified when creating a pod, and it cannot be

     modified by updating the pod spec. In order to add an ephemeral container

     to an existing pod, use the pod's ephemeralcontainers subresource. This

     field is alpha-level and is only honored by servers that enable the

     EphemeralContainers feature.

   hostAliases  <[]Object>

     HostAliases is an optional list of hosts and IPs that will be injected into

     the pod's hosts file if specified. This is only valid for non-hostNetwork

     pods.

   hostIPC      <boolean>

     Use the host's ipc namespace. Optional: Default to false.

   hostNetwork  <boolean>

     Host networking requested for this pod. Use the host's network namespace.

     If this option is set, the ports that will be used must be specified.

     Default to false.

   hostPID      <boolean>

     Use the host's pid namespace. Optional: Default to false.

   hostname     <string>

     Specifies the hostname of the Pod If not specified, the pod's hostname will

     be set to a system-defined value.

   imagePullSecrets     <[]Object>

     ImagePullSecrets is an optional list of references to secrets in the same

     namespace to use for pulling any of the images used by this PodSpec. If

     specified, these secrets will be passed to individual puller

     implementations for them to use. For example, in the case of docker, only

     DockerConfig type secrets are honored. More info:

     https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

   initContainers       <[]Object>

     List of initialization containers belonging to the pod. Init containers are

     executed in order prior to containers being started. If any init container

     fails, the pod is considered to have failed and is handled according to its

     restartPolicy. The name for an init container or normal container must be

     unique among all containers. Init containers may not have Lifecycle

     actions, Readiness probes, Liveness probes, or Startup probes. The

     resourceRequirements of an init container are taken into account during

     scheduling by finding the highest request/limit for each resource type, and

     then using the max of of that value or the sum of the normal containers.

     Limits are applied to init containers in a similar fashion. Init containers

     cannot currently be added or removed. Cannot be updated. More info:

     https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

   nodeName     <string>

     NodeName is a request to schedule this pod onto a specific node. If it is

     non-empty, the scheduler simply schedules this pod onto that node, assuming

     that it fits resource requirements.

   nodeSelector <map[string]string>

     NodeSelector is a selector which must be true for the pod to fit on a node.

     Selector which must match a node's labels for the pod to be scheduled on

     that node. More info:

     https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

   overhead     <map[string]string>

     Overhead represents the resource overhead associated with running a pod for

     a given RuntimeClass. This field will be autopopulated at admission time by

     the RuntimeClass admission controller. If the RuntimeClass admission

     controller is enabled, overhead must not be set in Pod create requests. The

     RuntimeClass admission controller will reject Pod create requests which

     have the overhead already set. If RuntimeClass is configured and selected

     in the PodSpec, Overhead will be set to the value defined in the

     corresponding RuntimeClass, otherwise it will remain unset and treated as

     zero. More info:

     https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This

     field is alpha-level as of Kubernetes v1., and is only honored by servers

     that enable the PodOverhead feature.

   preemptionPolicy     <string>

     PreemptionPolicy is the Policy for preempting pods with lower priority. One

     of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.

     This field is alpha-level and is only honored by servers that enable the

     NonPreemptingPriority feature.

   priority     <integer>

     The priority value. Various system components use this field to find the

     priority of the pod. When Priority Admission Controller is enabled, it

     prevents users from setting this field. The admission controller populates

     this field from PriorityClassName. The higher the value, the higher the

     priority.

   priorityClassName    <string>

     If specified, indicates the pod's priority. "system-node-critical" and

     "system-cluster-critical" are two special keywords which indicate the

     highest priorities with the former being the highest priority. Any other

     name must be defined by creating a PriorityClass object with that name. If

     not specified, the pod priority will be default or zero if there is no

     default.

   readinessGates       <[]Object>

     If specified, all readiness gates will be evaluated for pod readiness. A

     pod is ready when all its containers are ready AND all conditions specified

     in the readiness gates have status equal to "True" More info:

     https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

   restartPolicy        <string>

     Restart policy for all containers within the pod. One of Always, OnFailure,

     Never. Default to Always. More info:

     https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

   runtimeClassName     <string>

     RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,

     which should be used to run this pod. If no RuntimeClass resource matches

     the named class, the pod will not be run. If unset or empty, the "legacy"

     RuntimeClass will be used, which is an implicit class with an empty

     definition that uses the default runtime handler. More info:

     https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a

     beta feature as of Kubernetes v1..

   schedulerName        <string>

     If specified, the pod will be dispatched by specified scheduler. If not

     specified, the pod will be dispatched by default scheduler.

   securityContext      <Object>

     SecurityContext holds pod-level security attributes and common container

     settings. Optional: Defaults to empty. See type description for default

     values of each field.

   serviceAccount       <string>

     DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.

     Deprecated: Use serviceAccountName instead.

   serviceAccountName   <string>

     ServiceAccountName is the name of the ServiceAccount to use to run this

     pod. More info:

     https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

   shareProcessNamespace        <boolean>

     Share a single process namespace between all of the containers in a pod.

     When this is set containers will be able to view and signal processes from

     other containers in the same pod, and the first process in each container

     will not be assigned PID . HostPID and ShareProcessNamespace cannot both

     be set. Optional: Default to false. This field is beta-level and may be

     disabled with the PodShareProcessNamespace feature.

   subdomain    <string>

     If specified, the fully qualified Pod hostname will be

     "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not

     specified, the pod will not have a domainname at all.

   terminationGracePeriodSeconds        <integer>

     Optional duration in seconds the pod needs to terminate gracefully. May be

     decreased in delete request. Value must be non-negative integer. The value

     zero indicates delete immediately. If this value is nil, the default grace

     period will be used instead. The grace period is the duration in seconds

     after the processes running in the pod are sent a termination signal and

     the time when the processes are forcibly halted with a kill signal. Set

     this value longer than the expected cleanup time for your process. Defaults

     to  seconds.

   tolerations  <[]Object>

     If specified, the pod's tolerations.

   topologySpreadConstraints    <[]Object>

     TopologySpreadConstraints describes how a group of pods ought to spread

     across topology domains. Scheduler will schedule pods in a way which abides

     by the constraints. This field is alpha-level and is only honored by

     clusters that enables the EvenPodsSpread feature. All

     topologySpreadConstraints are ANDed.

   volumes      <[]Object>

     List of volumes that can be mounted by containers belonging to the pod.

     More info: https://kubernetes.io/docs/concepts/storage/volumes

status字段

status字段是反映着当前pod的状态,而status当中的数据会无限接近于spec定义所期望的状态,从而满足用户需要,一般而言,status由k8s自行管理,无需人为操作

定义一个简单的自主式pod如下:

[root@master ~]# cat demo-pod.yaml

apiVersion: v1

kind: Pod

metadata:

  labels:

    app: os

  namespace: default

  name: busybox

spec:

  nodeName: node2

  containers:

  - name: myos

    image: busybox

    imagePullPolicy: Always

    command:

    - "/bin/sh"

    - "-c"

    - "sleep 3600"

    ports:

    - containerPort:

  - name: myweb

    image: nginx

    imagePullPolicy: Always

    ports:

    - containerPort:

针对此yaml文件运行pod如下:

[root@master ~]# kubectl create -f demo-pod.yaml

pod/busybox created

[root@master ~]# kubectl get pods --show-labels

NAME                     READY   STATUS    RESTARTS   AGE     LABELS

busybox                  /     Running             24s     app=os

针对于一个pod两个容器,如何进入到容器的交互界面呢?-c指定容器名称,如下:

[root@master ~]# kubectl exec -it busybox -c myweb -- /bin/sh

# exit

[root@master ~]# kubectl exec -it busybox -c myos -- /bin/sh

/ # ifconfig -a

eth0      Link encap:Ethernet  HWaddr ::D6:CD:0B:

          inet addr:10.244.2.32  Bcast:0.0.0.0  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:  Metric:

          RX packets: errors: dropped: overruns: frame:

          TX packets: errors: dropped: overruns: carrier:

          collisions: txqueuelen:

          RX bytes: (690.0 B)  TX bytes: (42.0 B)

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:  Metric:

          RX packets: errors: dropped: overruns: frame:

          TX packets: errors: dropped: overruns: carrier:

          collisions: txqueuelen:

          RX bytes: (0.0 B)  TX bytes: (0.0 B)

删除pod

[root@master ~]# kubectl delete pod busybox

pod "busybox" deleted

或者

[root@master ~]# kubectl delete -f demo-pod.yaml

pod "busybox" deleted

探针

为什么要有探针,因为探针可以探测pod当中的容器是否正常运行,我们知道容器启动,业务程序未必正常,因此,我们可以用livenessProbe探针来探测业务是否正常,而对于我们新建的pod如果不做就绪性探测,会被前端的service立刻关联,这样有可能导致部分客户端无法正常访问,所欲对于k8s探针主要分为两种,

  • 一种为存活性探测(livenessProbe)
  • 一种为就绪性探测(readinessProbe)

两者探测手段有三种:

  • ExecAction
  • TCPSocketAction
  • HttpGetAction

livenessProbe

例1:ExecAction

[root@master ~]# cat livenessprobe-exec.yaml

apiVersion: v1

kind: Pod

metadata:

  name: livenessprobe-pod

  namespace: default

  labels:

    app: liveness

spec:

  containers:

  - name: livenessprobe-container

    image: busybox

    imagePullPolicy: IfNotPresent

    command: ["/bin/sh","-c","touch /tmp/test.txt;sleep 20; rm -rf /tmp/test.txt;sleep 3600"]

    livenessProbe:

      exec:

        command: ["test","-e","/tmp/test.txt"]

      initialDelaySeconds:

      periodSeconds:

      failureThreshold: 

验证:可以看到由于文件被删除已经crash了,并且重启了6次

[root@master ~]# kubectl get pods

NAME                        READY   STATUS             RESTARTS   AGE

livenessprobe-pod           /     CrashLoopBackOff   6          10m

例2:HttpGetAction

[root@master ~]# cat livenessprobe-gethttp.yaml

apiVersion: v1

kind: Pod

metadata:

  name: livenessprobe-gethttp-pod

  namespace: default

  labels:

    app: liveness-gethttp

spec:

  containers:

  - name: livenessprobe-gethttp-container

    image: nginx

    imagePullPolicy: IfNotPresent

    livenessProbe:

      initialDelaySeconds:

      periodSeconds:

      failureThreshold:

      httpGet:

        port:

        path: /index.html

容器跑起来之后删除/usr/share/nginx/html/index.html文件,然后稍等片刻

验证:可以看到容器被重启了一次然后就一直正常运行

[root@master ~]# kubectl get pods

NAME                        READY   STATUS             RESTARTS   AGE

livenessprobe-gethttp-pod   /     Running                      14m

readinessProbe

[root@master ~]# cat readinessprobe-gethttp.yaml

apiVersion: v1

kind: Pod

metadata:

  name: livenessprobe-gethttp-pod

  namespace: default

  labels:

    app: liveness-gethttp

spec:

  containers:

  - name: livenessprobe-gethttp-container

    image: nginx

    imagePullPolicy: IfNotPresent

    readinessProbe:

      initialDelaySeconds:

      periodSeconds:

      failureThreshold:

      httpGet:

        port:

        path: /index.html

验证:
1.连入容器删除index.html文件

[root@master ~]# kubectl exec -it livenessprobe-gethttp-pod -- /bin/bash

root@livenessprobe-gethttp-pod:/# cd /usr/share/nginx/html/

root@livenessprobe-gethttp-pod:/usr/share/nginx/html# ls

50x.html  index.html

root@livenessprobe-gethttp-pod:/usr/share/nginx/html# rm -rf index.html

root@livenessprobe-gethttp-pod:/usr/share/nginx/html# exit
2.查看pod状态

[root@master ~]# kubectl get pods -o wide -w

NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES

livenessprobe-gethttp-pod   /     Running             6s    10.244.1.38   node1   <none>           <none>

livenessprobe-gethttp-pod   /     Running             24s   10.244.1.38   node1   <none>           <none>

3.随后我们在在容器里创建出index.html文件,然后在观察pod

[root@master ~]# kubectl get pods -o wide -w

NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES

livenessprobe-gethttp-pod   /     Running             6s    10.244.1.38   node1   <none>           <none>

livenessprobe-gethttp-pod   /     Running             24s   10.244.1.38   node1   <none>           <none>

livenessprobe-gethttp-pod   /     Running             2m48s   10.244.1.38   node1   <none>           <none>

k8s资产清单(二)的更多相关文章

  1. gitlab-ci + k8s 之k8s (二)

    k8s用自己话说,就是一种容器编排工具,部署好应用,再创建绑定应用的服务,就可以实现的服务访问了.这个理论还是得去看重点谈理论的文章,此处我们只记录本项目部署过程. 背景介绍 之前已实现gitlab- ...

  2. Docker & k8s 系列二:本机k8s环境搭建

    本篇将会讲解k8s是什么?本机k8s环境搭建,部署一个pod并演示几个kubectl命令,k8s dashboard安装. k8s是什么 k8s是kubernetes的简写,它是一个全新的基于容器技术 ...

  3. Kubernetes【K8S】(二):搭建Kubernetes环境

    系统初始化 设置系统时区 # 设置系统时区为 亚洲/上海 [root@k8s-master01 ~]# timedatectl set-timezone Asia/Shanghai # 设置当前得UT ...

  4. 学习k8s(二)

    kubernetes-国内拉取gcr.io\quay.io镜像方法 方法1: https://hub.docker.com/r/ibmcom/ 例如: gcr.io/google_containers ...

  5. k8s资料转载

    K8S入门(二) kubeadmin单机部署 (kubernetes)k8s入门.yum单机版安装.kuberctl指令.k8s服务实例. kubernetes---CentOS7安装kubernet ...

  6. K8S+GitLab-自动化分布式部署ASP.NET Core(三) 更新镜像版本并部署到K8S上

    一.介绍 前一篇,介绍了ASP.NET Core部署到K8S上,下面介绍我们在发布新一版本中怎么通过Gitlab CI自动给镜像打版本并部署到K8S上. 二.我们通过GitLab CI/CD 变量 不 ...

  7. k8s使用ceph作为后端存储挂载

    一.在ceph集群上操作: 1.创建池(主要使用存储类来进行持久卷的挂载,其他的挂载方式不好使也太麻烦):ceph osd pool create k8s 64 二.在k8s上操作: 1.安装客户端( ...

  8. K8S+GitLab+.net core-自动化分布式部署-3

    K8S+GitLab-自动化分布式部署ASP.NET Core(三) 更新镜像版本并部署到K8S上   一.介绍 前一篇,介绍了ASP.NET Core部署到K8S上,下面介绍我们在发布新一版本中怎么 ...

  9. python安装二进制k8s 1.11.0 一个master、一个node 查看node节点是主机名---apiserver无法启动,后来改了脚本应该可以

    一.脚本说明: 本实验中master.node.etcd都是单体. 安装顺序为:先安装test1节点主要组件,然后开始安装test2节点,最后回头把test1节点加入集群中,这样做目的是理解以后扩容都 ...

随机推荐

  1. SAP系统邮件功能配置

    相信SAP顾问或多或少都会接到用户要求SAP系统能够定时发送邮件的功能,定时将用户需要的信息已邮件的方式发送给固定的人员. 下面就来讲一下SAP发送邮件应该如何配置: 1.RZ10做配置: is/SM ...

  2. [转]VB.net中 excel 的range方法

    本文转自:https://blog.csdn.net/bigheadsheep/article/details/7711235 第五章 Range对象基本操作应用示例(1)Range对象可能是VBA代 ...

  3. React Native适配IPhoneX系列设备之<SafeAreaView />

    SafeAreaView的目的是在一个“安全”的可视区域内渲染内容.具体来说就是因为目前有 iPhone X 这样的带有“刘海”的全面屏设备,所以需要避免内容渲染到不可见的“刘海”范围内.本组件目前仅 ...

  4. 使用adb命令操控Android手机(adb命令)

    1) 手机连接电脑之前 首先,查看安卓手机是否已经连接上电脑 adb devices 让adb一直查找安卓设备,找到后才停止 adb wait-for-device 2) 手机连接电脑后的操作 2.0 ...

  5. Android进阶之绘制-自定义View完全掌握(二)

    这是自定义View系列的第二篇博客,我们继续来学习关于自定义View的知识. 今天我们来实现一下广告条案例. 我们要实现的是这样的一个效果. 要想实现这样的效果,我们可以借助ViewPager控件,然 ...

  6. MVC、MVP与MVVM架构模式

    MVC(Model View Controller): View 层是界面,Model 层是业务逻辑,Controller 层用来调度 View 层和 Model 层, 将用户界面和业务逻辑合理的组织 ...

  7. 004 C/C++ 数据类型_类型别名

    #include "stdio.h" #include "stdlib.h" //这里定义了一个结构体. struct MyStruct1 { int a; f ...

  8. Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

    docker pull nginx 遇到这个问题 Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: ...

  9. Sql Server 判断表是否存在方法总结

    #使用场景: 1.在创建表之前,需要先判断该表是否已经存在: 2.在删除表之前,需要先判断该表是否已经存在: #方法总结: 1.判断实体表是否存在的方法: 1).方法一: * from sysObje ...

  10. PHP递归函数return返回null的问题

    前段时间在写递归函数的时候碰到个问题,返回值一直为null,这里记录一下. 写个小例子: /** * @param $i * @return mixed */ function recursion($ ...