k8s资产清单(二)
什么是清单
说白了清单是k8s当中用来定义pod的文件,语法格式遵循yaml语法,在yaml当中可以定义控制器类型,元数据,容器端口号等等等....,也可以针对于清单对pod进行删除等操作
为什么学习k8s清单
对于用kubectl命令的方式运行一个或者多个pod会有一定的局限性,比如我们想建立一个自主式pod,不需要任何控制器管理,又或者想定义元数据,一个pod跑多个docker容器,这些操作对于kubectl来说非常麻烦,因此我们应该学会用清单的方式定义pod
pod类型
pod可以分为2种类型:
- 自助式pod:没有任何控制器的管控
- 控制器pod:被控制器管控的pod
我们可以用kubectl get命令输出一个pod的配置清单,自主式pod清单定义格式如下
- [root@master ~]# kubectl get pods myapp-7c468db58f-qbqhk -o yaml
- apiVersion: v1
- kind: Pod
- metadata:
- creationTimestamp: "2019-12-08T04:40:44Z"
- generateName: myapp-7c468db58f-
- labels:
- pod-template-hash: 7c468db58f
- run: myapp
- name: myapp-7c468db58f-qbqhk
- namespace: default
- ownerReferences:
- - apiVersion: apps/v1
- blockOwnerDeletion: true
- controller: true
- kind: ReplicaSet
- name: myapp-7c468db58f
- uid: a1d7c81d-eb84-4a67-8eab-a423dc260b9f
- resourceVersion: ""
- selfLink: /api/v1/namespaces/default/pods/myapp-7c468db58f-qbqhk
- uid: 68fbd5a8-ee86--837b-730d582884b6
- spec:
- containers:
- - image: ikubernetes/myapp:v1
- imagePullPolicy: IfNotPresent
- name: myapp
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
- name: default-token-lxfzn
- readOnly: true
- dnsPolicy: ClusterFirst
- enableServiceLinks: true
- nodeName: node1
- priority:
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: default
- serviceAccountName: default
- terminationGracePeriodSeconds:
- tolerations:
- - effect: NoExecute
- key: node.kubernetes.io/not-ready
- operator: Exists
- tolerationSeconds:
- - effect: NoExecute
- key: node.kubernetes.io/unreachable
- operator: Exists
- tolerationSeconds:
- volumes:
- - name: default-token-lxfzn
- secret:
- defaultMode:
- secretName: default-token-lxfzn
- status:
- conditions:
- - lastProbeTime: null
- lastTransitionTime: "2019-12-08T04:40:44Z"
- status: "True"
- type: Initialized
- - lastProbeTime: null
- lastTransitionTime: "2019-12-08T04:40:46Z"
- status: "True"
- type: Ready
- - lastProbeTime: null
- lastTransitionTime: "2019-12-08T04:40:46Z"
- status: "True"
- type: ContainersReady
- - lastProbeTime: null
- lastTransitionTime: "2019-12-08T04:40:44Z"
- status: "True"
- type: PodScheduled
- containerStatuses:
- - containerID: docker://4d5ddbff59f6baf604746728b65ba60e5826fbf602d0ad9aaafd594bda519bb8
- image: ikubernetes/myapp:v1
- imageID: docker-pullable://ikubernetes/myapp@sha256:9c3dc30b5219788b2b8a4b065f548b922a34479577befb54b03330999d30d513
- lastState: {}
- name: myapp
- ready: true
- restartCount:
- started: true
- state:
- running:
- startedAt: "2019-12-08T04:40:45Z"
- hostIP: 192.168.254.11
- phase: Running
- podIP: 10.244.1.35
- podIPs:
- - ip: 10.244.1.35
- qosClass: BestEffort
- startTime: "2019-12-08T04:40:44Z"
可以看到1级字段当中有apiVersion,kind,metadata,spec,status
apiVersion字段
用来指定api的版本,定义的语法格式为group/version,比如我们要定义deployment控制器,那么我们的apiVersion:apps/v1,如果我们要定义自主式pod,那么需要定义apiVersion:v1,这里要注意的是k8s在不断的迭代更新中,有可能新版本中会更换,如果要获取有哪些apiVersion可以用如下命令
- [root@master ~]# kubectl api-versions
- admissionregistration.k8s.io/v1
- admissionregistration.k8s.io/v1beta1
- apiextensions.k8s.io/v1
- apiextensions.k8s.io/v1beta1
- apiregistration.k8s.io/v1
- apiregistration.k8s.io/v1beta1
- apps/v1
- authentication.k8s.io/v1
- authentication.k8s.io/v1beta1
- authorization.k8s.io/v1
- authorization.k8s.io/v1beta1
- autoscaling/v1
- autoscaling/v2beta1
- autoscaling/v2beta2
- batch/v1
- batch/v1beta1
- certificates.k8s.io/v1beta1
- coordination.k8s.io/v1
- coordination.k8s.io/v1beta1
- events.k8s.io/v1beta1
- extensions/v1beta1
- networking.k8s.io/v1
- networking.k8s.io/v1beta1
- node.k8s.io/v1beta1
- policy/v1beta1
- rbac.authorization.k8s.io/v1
- rbac.authorization.k8s.io/v1beta1
- scheduling.k8s.io/v1
- scheduling.k8s.io/v1beta1
- storage.k8s.io/v1
- storage.k8s.io/v1beta1
- v1
kind字段
kind字段主要用于绑定控制器类型,比如:我们想定义一个自助式pod,那么我们就应该定义kind:Pod,如果我们要定义一个deployment控制器管理的pod,那么我们就应该定义kind:Deployment
metadata字段
对于metadata字段为元数据,我们已经知道k8s是通过标签选择器的方式管理pod,因此,在metadata当中最重要的就是标签,我们可以在metadata当中定义名称空间,标签等,我们如果想查看metadata下可以定义哪些元数据可以使用kubectl explain pod.metadata命令来查看,如果想查看metadata子命令下的用法可以继续以点.的方式进行查看,比如:
- [root@master ~]# kubectl explain pod.metadata
- KIND: Pod
- VERSION: v1
- RESOURCE: metadata <Object>
- DESCRIPTION:
- Standard object's metadata. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- ObjectMeta is metadata that all persisted resources must have, which
- includes all objects users must create.
- FIELDS:
- annotations <map[string]string>
- Annotations is an unstructured key value map stored with a resource that
- may be set by external tools to store and retrieve arbitrary metadata. They
- are not queryable and should be preserved when modifying objects. More
- info: http://kubernetes.io/docs/user-guide/annotations
- clusterName <string>
- The name of the cluster which the object belongs to. This is used to
- distinguish resources with same name and namespace in different clusters.
- This field is not set anywhere right now and apiserver is going to ignore
- it if set in create or update request.
- creationTimestamp <string>
- CreationTimestamp is a timestamp representing the server time when this
- object was created. It is not guaranteed to be set in happens-before order
- across separate operations. Clients may not set this value. It is
- represented in RFC3339 form and is in UTC. Populated by the system.
- Read-only. Null for lists. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- deletionGracePeriodSeconds <integer>
- Number of seconds allowed for this object to gracefully terminate before it
- will be removed from the system. Only set when deletionTimestamp is also
- set. May only be shortened. Read-only.
- deletionTimestamp <string>
- DeletionTimestamp is RFC date and time at which this resource will be
- deleted. This field is set by the server when a graceful deletion is
- requested by the user, and is not directly settable by a client. The
- resource is expected to be deleted (no longer visible from resource lists,
- and not reachable by name) after the time in this field, once the
- finalizers list is empty. As long as the finalizers list contains items,
- deletion is blocked. Once the deletionTimestamp is set, this value may not
- be unset or be set further into the future, although it may be shortened or
- the resource may be deleted prior to this time. For example, a user may
- request that a pod is deleted in seconds. The Kubelet will react by
- sending a graceful termination signal to the containers in the pod. After
- that seconds, the Kubelet will send a hard termination signal (SIGKILL)
- to the container and after cleanup, remove the pod from the API. In the
- presence of network partitions, this object may still exist after this
- timestamp, until an administrator or automated process can determine the
- resource is fully terminated. If not set, graceful deletion of the object
- has not been requested. Populated by the system when a graceful deletion is
- requested. Read-only. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- finalizers <[]string>
- Must be empty before the object is deleted from the registry. Each entry is
- an identifier for the responsible component that will remove the entry from
- the list. If the deletionTimestamp of the object is non-nil, entries in
- this list can only be removed.
- generateName <string>
- GenerateName is an optional prefix, used by the server, to generate a
- unique name ONLY IF the Name field has not been provided. If this field is
- used, the name returned to the client will be different than the name
- passed. This value will also be combined with a unique suffix. The provided
- value has the same validation rules as the Name field, and may be truncated
- by the length of the suffix required to make the value unique on the
- server. If this field is specified and the generated name exists, the
- server will NOT return a - instead, it will either return Created
- or with Reason ServerTimeout indicating a unique name could not be
- found in the time allotted, and the client should retry (optionally after
- the time indicated in the Retry-After header). Applied only if Name is not
- specified. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
- generation <integer>
- A sequence number representing a specific generation of the desired state.
- Populated by the system. Read-only.
- labels <map[string]string>
- Map of string keys and values that can be used to organize and categorize
- (scope and select) objects. May match selectors of replication controllers
- and services. More info: http://kubernetes.io/docs/user-guide/labels
- managedFields <[]Object>
- ManagedFields maps workflow-id and version to the set of fields that are
- managed by that workflow. This is mostly for internal housekeeping, and
- users typically shouldn't need to set or understand this field. A workflow
- can be the user's name, a controller's name, or the name of a specific
- apply path like "ci-cd". The set of fields is always in the version that
- the workflow used when modifying the object.
- name <string>
- Name must be unique within a namespace. Is required when creating
- resources, although some resources may allow a client to request the
- generation of an appropriate name automatically. Name is primarily intended
- for creation idempotence and configuration definition. Cannot be updated.
- More info: http://kubernetes.io/docs/user-guide/identifiers#names
- namespace <string>
- Namespace defines the space within each name must be unique. An empty
- namespace is equivalent to the "default" namespace, but "default" is the
- canonical representation. Not all objects are required to be scoped to a
- namespace - the value of this field for those objects will be empty. Must
- be a DNS_LABEL. Cannot be updated. More info:
- http://kubernetes.io/docs/user-guide/namespaces
- ownerReferences <[]Object>
- List of objects depended by this object. If ALL objects in the list have
- been deleted, this object will be garbage collected. If this object is
- managed by a controller, then an entry in this list will point to this
- controller, with the controller field set to true. There cannot be more
- than one managing controller.
- resourceVersion <string>
- An opaque value that represents the internal version of this object that
- can be used by clients to determine when objects have changed. May be used
- for optimistic concurrency, change detection, and the watch operation on a
- resource or set of resources. Clients must treat these values as opaque and
- passed unmodified back to the server. They may only be valid for a
- particular resource or set of resources. Populated by the system.
- Read-only. Value must be treated as opaque by clients and . More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
- selfLink <string>
- SelfLink is a URL representing this object. Populated by the system.
- Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20
- release and the field is planned to be removed in 1.21 release.
- uid <string>
- UID is the unique in time and space value for this object. It is typically
- generated by the server on successful creation of a resource and is not
- allowed to change on PUT operations. Populated by the system. Read-only.
- More info: http://kubernetes.io/docs/user-guide/identifiers#uids
labels:标签选择器,labels的值决定service控制器关联pod的重要选项
namespace:名称空间,默认为default名称空间
name:这里是自主式pod名称,如果是控制器pod,这里是控制器名称
annotations:资源注解,这里跟labels很像,都是键值对,但是不同点是,不能用于挑选资源对象,仅用于“元数据”,在特定场景下注解是“必不可少的”,这一点要注意
spec字段
spec字段是非常重要的字段,用来定义期望容器达到的状态,在spec字段当中可以定义多个容器,容器的名称,容器的镜像,拖取容器镜像的方式,暴露的端口号,存储卷,容器个数等。也就是说真正定义pod是在spec字段当中定义的,spec字段当中有哪些字段可以定义如下:
- [root@master ~]# kubectl explain pod.spec
- KIND: Pod
- VERSION: v1
- RESOURCE: spec <Object>
- DESCRIPTION:
- Specification of the desired behavior of the pod. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- PodSpec is a description of a pod.
- FIELDS:
- activeDeadlineSeconds <integer>
- Optional duration in seconds the pod may be active on the node relative to
- StartTime before the system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- affinity <Object>
- If specified, the pod's scheduling constraints
- automountServiceAccountToken <boolean>
- AutomountServiceAccountToken indicates whether a service account token
- should be automatically mounted.
- containers <[]Object> -required-
- List of containers belonging to the pod. Containers cannot currently be
- added or removed. There must be at least one container in a Pod. Cannot be
- updated.
- dnsConfig <Object>
- Specifies the DNS parameters of a pod. Parameters specified here will be
- merged to the generated DNS configuration based on DNSPolicy.
- dnsPolicy <string>
- Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are
- 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS
- parameters given in DNSConfig will be merged with the policy selected with
- DNSPolicy. To have DNS options set along with hostNetwork, you have to
- specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- enableServiceLinks <boolean>
- EnableServiceLinks indicates whether information about services should be
- injected into pod's environment variables, matching the syntax of Docker
- links. Optional: Defaults to true.
- ephemeralContainers <[]Object>
- List of ephemeral containers run in this pod. Ephemeral containers may be
- run in an existing pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod, and it cannot be
- modified by updating the pod spec. In order to add an ephemeral container
- to an existing pod, use the pod's ephemeralcontainers subresource. This
- field is alpha-level and is only honored by servers that enable the
- EphemeralContainers feature.
- hostAliases <[]Object>
- HostAliases is an optional list of hosts and IPs that will be injected into
- the pod's hosts file if specified. This is only valid for non-hostNetwork
- pods.
- hostIPC <boolean>
- Use the host's ipc namespace. Optional: Default to false.
- hostNetwork <boolean>
- Host networking requested for this pod. Use the host's network namespace.
- If this option is set, the ports that will be used must be specified.
- Default to false.
- hostPID <boolean>
- Use the host's pid namespace. Optional: Default to false.
- hostname <string>
- Specifies the hostname of the Pod If not specified, the pod's hostname will
- be set to a system-defined value.
- imagePullSecrets <[]Object>
- ImagePullSecrets is an optional list of references to secrets in the same
- namespace to use for pulling any of the images used by this PodSpec. If
- specified, these secrets will be passed to individual puller
- implementations for them to use. For example, in the case of docker, only
- DockerConfig type secrets are honored. More info:
- https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- initContainers <[]Object>
- List of initialization containers belonging to the pod. Init containers are
- executed in order prior to containers being started. If any init container
- fails, the pod is considered to have failed and is handled according to its
- restartPolicy. The name for an init container or normal container must be
- unique among all containers. Init containers may not have Lifecycle
- actions, Readiness probes, Liveness probes, or Startup probes. The
- resourceRequirements of an init container are taken into account during
- scheduling by finding the highest request/limit for each resource type, and
- then using the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion. Init containers
- cannot currently be added or removed. Cannot be updated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- nodeName <string>
- NodeName is a request to schedule this pod onto a specific node. If it is
- non-empty, the scheduler simply schedules this pod onto that node, assuming
- that it fits resource requirements.
- nodeSelector <map[string]string>
- NodeSelector is a selector which must be true for the pod to fit on a node.
- Selector which must match a node's labels for the pod to be scheduled on
- that node. More info:
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- overhead <map[string]string>
- Overhead represents the resource overhead associated with running a pod for
- a given RuntimeClass. This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass admission
- controller is enabled, overhead must not be set in Pod create requests. The
- RuntimeClass admission controller will reject Pod create requests which
- have the overhead already set. If RuntimeClass is configured and selected
- in the PodSpec, Overhead will be set to the value defined in the
- corresponding RuntimeClass, otherwise it will remain unset and treated as
- zero. More info:
- https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This
- field is alpha-level as of Kubernetes v1., and is only honored by servers
- that enable the PodOverhead feature.
- preemptionPolicy <string>
- PreemptionPolicy is the Policy for preempting pods with lower priority. One
- of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
- This field is alpha-level and is only honored by servers that enable the
- NonPreemptingPriority feature.
- priority <integer>
- The priority value. Various system components use this field to find the
- priority of the pod. When Priority Admission Controller is enabled, it
- prevents users from setting this field. The admission controller populates
- this field from PriorityClassName. The higher the value, the higher the
- priority.
- priorityClassName <string>
- If specified, indicates the pod's priority. "system-node-critical" and
- "system-cluster-critical" are two special keywords which indicate the
- highest priorities with the former being the highest priority. Any other
- name must be defined by creating a PriorityClass object with that name. If
- not specified, the pod priority will be default or zero if there is no
- default.
- readinessGates <[]Object>
- If specified, all readiness gates will be evaluated for pod readiness. A
- pod is ready when all its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More info:
- https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
- restartPolicy <string>
- Restart policy for all containers within the pod. One of Always, OnFailure,
- Never. Default to Always. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- runtimeClassName <string>
- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,
- which should be used to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or empty, the "legacy"
- RuntimeClass will be used, which is an implicit class with an empty
- definition that uses the default runtime handler. More info:
- https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a
- beta feature as of Kubernetes v1..
- schedulerName <string>
- If specified, the pod will be dispatched by specified scheduler. If not
- specified, the pod will be dispatched by default scheduler.
- securityContext <Object>
- SecurityContext holds pod-level security attributes and common container
- settings. Optional: Defaults to empty. See type description for default
- values of each field.
- serviceAccount <string>
- DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
- Deprecated: Use serviceAccountName instead.
- serviceAccountName <string>
- ServiceAccountName is the name of the ServiceAccount to use to run this
- pod. More info:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- shareProcessNamespace <boolean>
- Share a single process namespace between all of the containers in a pod.
- When this is set containers will be able to view and signal processes from
- other containers in the same pod, and the first process in each container
- will not be assigned PID . HostPID and ShareProcessNamespace cannot both
- be set. Optional: Default to false. This field is beta-level and may be
- disabled with the PodShareProcessNamespace feature.
- subdomain <string>
- If specified, the fully qualified Pod hostname will be
- "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not
- specified, the pod will not have a domainname at all.
- terminationGracePeriodSeconds <integer>
- Optional duration in seconds the pod needs to terminate gracefully. May be
- decreased in delete request. Value must be non-negative integer. The value
- zero indicates delete immediately. If this value is nil, the default grace
- period will be used instead. The grace period is the duration in seconds
- after the processes running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with a kill signal. Set
- this value longer than the expected cleanup time for your process. Defaults
- to seconds.
- tolerations <[]Object>
- If specified, the pod's tolerations.
- topologySpreadConstraints <[]Object>
- TopologySpreadConstraints describes how a group of pods ought to spread
- across topology domains. Scheduler will schedule pods in a way which abides
- by the constraints. This field is alpha-level and is only honored by
- clusters that enables the EvenPodsSpread feature. All
- topologySpreadConstraints are ANDed.
- volumes <[]Object>
- List of volumes that can be mounted by containers belonging to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes
status字段
status字段是反映着当前pod的状态,而status当中的数据会无限接近于spec定义所期望的状态,从而满足用户需要,一般而言,status由k8s自行管理,无需人为操作
定义一个简单的自主式pod如下:
- [root@master ~]# cat demo-pod.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- labels:
- app: os
- namespace: default
- name: busybox
- spec:
- nodeName: node2
- containers:
- - name: myos
- image: busybox
- imagePullPolicy: Always
- command:
- - "/bin/sh"
- - "-c"
- - "sleep 3600"
- ports:
- - containerPort:
- - name: myweb
- image: nginx
- imagePullPolicy: Always
- ports:
- - containerPort:
针对此yaml文件运行pod如下:
- [root@master ~]# kubectl create -f demo-pod.yaml
- pod/busybox created
- [root@master ~]# kubectl get pods --show-labels
- NAME READY STATUS RESTARTS AGE LABELS
- busybox / Running 24s app=os
针对于一个pod两个容器,如何进入到容器的交互界面呢?-c指定容器名称,如下:
- [root@master ~]# kubectl exec -it busybox -c myweb -- /bin/sh
- # exit
- [root@master ~]# kubectl exec -it busybox -c myos -- /bin/sh
- / # ifconfig -a
- eth0 Link encap:Ethernet HWaddr ::D6:CD:0B:
- inet addr:10.244.2.32 Bcast:0.0.0.0 Mask:255.255.255.0
- UP BROADCAST RUNNING MULTICAST MTU: Metric:
- RX packets: errors: dropped: overruns: frame:
- TX packets: errors: dropped: overruns: carrier:
- collisions: txqueuelen:
- RX bytes: (690.0 B) TX bytes: (42.0 B)
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- UP LOOPBACK RUNNING MTU: Metric:
- RX packets: errors: dropped: overruns: frame:
- TX packets: errors: dropped: overruns: carrier:
- collisions: txqueuelen:
- RX bytes: (0.0 B) TX bytes: (0.0 B)
删除pod
- [root@master ~]# kubectl delete pod busybox
- pod "busybox" deleted
- 或者
- [root@master ~]# kubectl delete -f demo-pod.yaml
- pod "busybox" deleted
探针
为什么要有探针,因为探针可以探测pod当中的容器是否正常运行,我们知道容器启动,业务程序未必正常,因此,我们可以用livenessProbe探针来探测业务是否正常,而对于我们新建的pod如果不做就绪性探测,会被前端的service立刻关联,这样有可能导致部分客户端无法正常访问,所欲对于k8s探针主要分为两种,
- 一种为存活性探测(livenessProbe)
- 一种为就绪性探测(readinessProbe)
两者探测手段有三种:
- ExecAction
- TCPSocketAction
- HttpGetAction
livenessProbe
例1:ExecAction
- [root@master ~]# cat livenessprobe-exec.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- name: livenessprobe-pod
- namespace: default
- labels:
- app: liveness
- spec:
- containers:
- - name: livenessprobe-container
- image: busybox
- imagePullPolicy: IfNotPresent
- command: ["/bin/sh","-c","touch /tmp/test.txt;sleep 20; rm -rf /tmp/test.txt;sleep 3600"]
- livenessProbe:
- exec:
- command: ["test","-e","/tmp/test.txt"]
- initialDelaySeconds:
- periodSeconds:
- failureThreshold:
- 验证:可以看到由于文件被删除已经crash了,并且重启了6次
- [root@master ~]# kubectl get pods
- NAME READY STATUS RESTARTS AGE
- livenessprobe-pod / CrashLoopBackOff 6 10m
例2:HttpGetAction
- [root@master ~]# cat livenessprobe-gethttp.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- name: livenessprobe-gethttp-pod
- namespace: default
- labels:
- app: liveness-gethttp
- spec:
- containers:
- - name: livenessprobe-gethttp-container
- image: nginx
- imagePullPolicy: IfNotPresent
- livenessProbe:
- initialDelaySeconds:
- periodSeconds:
- failureThreshold:
- httpGet:
- port:
- path: /index.html
- 容器跑起来之后删除/usr/share/nginx/html/index.html文件,然后稍等片刻
- 验证:可以看到容器被重启了一次然后就一直正常运行
- [root@master ~]# kubectl get pods
- NAME READY STATUS RESTARTS AGE
- livenessprobe-gethttp-pod / Running 14m
readinessProbe
- [root@master ~]# cat readinessprobe-gethttp.yaml
- apiVersion: v1
- kind: Pod
- metadata:
- name: livenessprobe-gethttp-pod
- namespace: default
- labels:
- app: liveness-gethttp
- spec:
- containers:
- - name: livenessprobe-gethttp-container
- image: nginx
- imagePullPolicy: IfNotPresent
- readinessProbe:
- initialDelaySeconds:
- periodSeconds:
- failureThreshold:
- httpGet:
- port:
- path: /index.html
- 验证:
1.连入容器删除index.html文件- [root@master ~]# kubectl exec -it livenessprobe-gethttp-pod -- /bin/bash
- root@livenessprobe-gethttp-pod:/# cd /usr/share/nginx/html/
- root@livenessprobe-gethttp-pod:/usr/share/nginx/html# ls
- 50x.html index.html
- root@livenessprobe-gethttp-pod:/usr/share/nginx/html# rm -rf index.html
- root@livenessprobe-gethttp-pod:/usr/share/nginx/html# exit
2.查看pod状态- [root@master ~]# kubectl get pods -o wide -w
- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
- livenessprobe-gethttp-pod / Running 6s 10.244.1.38 node1 <none> <none>
- livenessprobe-gethttp-pod / Running 24s 10.244.1.38 node1 <none> <none>
- 3.随后我们在在容器里创建出index.html文件,然后在观察pod
- [root@master ~]# kubectl get pods -o wide -w
- NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
- livenessprobe-gethttp-pod / Running 6s 10.244.1.38 node1 <none> <none>
- livenessprobe-gethttp-pod / Running 24s 10.244.1.38 node1 <none> <none>
- livenessprobe-gethttp-pod / Running 2m48s 10.244.1.38 node1 <none> <none>
k8s资产清单(二)的更多相关文章
- gitlab-ci + k8s 之k8s (二)
k8s用自己话说,就是一种容器编排工具,部署好应用,再创建绑定应用的服务,就可以实现的服务访问了.这个理论还是得去看重点谈理论的文章,此处我们只记录本项目部署过程. 背景介绍 之前已实现gitlab- ...
- Docker & k8s 系列二:本机k8s环境搭建
本篇将会讲解k8s是什么?本机k8s环境搭建,部署一个pod并演示几个kubectl命令,k8s dashboard安装. k8s是什么 k8s是kubernetes的简写,它是一个全新的基于容器技术 ...
- Kubernetes【K8S】(二):搭建Kubernetes环境
系统初始化 设置系统时区 # 设置系统时区为 亚洲/上海 [root@k8s-master01 ~]# timedatectl set-timezone Asia/Shanghai # 设置当前得UT ...
- 学习k8s(二)
kubernetes-国内拉取gcr.io\quay.io镜像方法 方法1: https://hub.docker.com/r/ibmcom/ 例如: gcr.io/google_containers ...
- k8s资料转载
K8S入门(二) kubeadmin单机部署 (kubernetes)k8s入门.yum单机版安装.kuberctl指令.k8s服务实例. kubernetes---CentOS7安装kubernet ...
- K8S+GitLab-自动化分布式部署ASP.NET Core(三) 更新镜像版本并部署到K8S上
一.介绍 前一篇,介绍了ASP.NET Core部署到K8S上,下面介绍我们在发布新一版本中怎么通过Gitlab CI自动给镜像打版本并部署到K8S上. 二.我们通过GitLab CI/CD 变量 不 ...
- k8s使用ceph作为后端存储挂载
一.在ceph集群上操作: 1.创建池(主要使用存储类来进行持久卷的挂载,其他的挂载方式不好使也太麻烦):ceph osd pool create k8s 64 二.在k8s上操作: 1.安装客户端( ...
- K8S+GitLab+.net core-自动化分布式部署-3
K8S+GitLab-自动化分布式部署ASP.NET Core(三) 更新镜像版本并部署到K8S上 一.介绍 前一篇,介绍了ASP.NET Core部署到K8S上,下面介绍我们在发布新一版本中怎么 ...
- python安装二进制k8s 1.11.0 一个master、一个node 查看node节点是主机名---apiserver无法启动,后来改了脚本应该可以
一.脚本说明: 本实验中master.node.etcd都是单体. 安装顺序为:先安装test1节点主要组件,然后开始安装test2节点,最后回头把test1节点加入集群中,这样做目的是理解以后扩容都 ...
随机推荐
- springboot项目创建,及运行
1. File --> new --> spring Initializr(选择jdk,和默认的url)-->next-->通过dubbo调用的服务可以直接下一步,也可以选择w ...
- Jenkins自动化部署入门详细教程
大纲 1.背景 在实际开发中,我们经常要一边开发一边测试,当然这里说的测试并不是程序员对自己代码的单元测试,而是同组程序员将代码提交后,由测试人员测试: 或者前后端分离后,经常会修改接口,然后重新部署 ...
- Ride to Office
[题目描述] 起点与终点相隔4500米.现Charley需要从起点骑车到终点.但是,他有个习惯,沿途需要有人陪伴,即以相同的速度,与另外一个人一起骑.而当他遇到以更快的速度骑车的人时,他会以相应的速度 ...
- 线性代数笔记24——微分方程和exp(At)
原文:https://mp.weixin.qq.com/s/COpYKxQDMhqJRuMK2raMKQ 微分方程指含有未知函数及其导数的关系式,解微分方程就是找出未知函数.未知函数是一元函数的,叫常 ...
- Codeforces Round #601 (Div. 2)
传送门 A. Changing Volume 签到. Code /* * Author: heyuhhh * Created Time: 2019/11/19 22:37:33 */ #include ...
- MYSQL 命令导出事件、存储过程、触发器
普通导出某个数据库 mysqldump -u username -p passowrd databasename > file.sql 顺便导出事件 使用 –events 参数 mysqldum ...
- 史上最详细配置HTTPS
HTTP(超文本传输协议),是一个基于请求与响应,无状态的,应用层的协议,常基于TCP/IP协议传输数据,互联网上应用最为广泛的一种网络协议,所有的WWW文件都必须遵守这个标准.设计HTTP的初衷是为 ...
- 2019 SDN上机第6次作业
2019 SDN上机第6次作业 1.实验拓扑 (1)实验拓扑 (2)使用Python脚本完成拓扑搭建 from mininet.topo import Topo from mininet.net im ...
- WPF 精修篇 附加属性
原文:WPF 精修篇 附加属性 微软把DLL都开源了 今天看了一下 很多WPF实现内容都在里面 https://referencesource.microsoft.com/ 说附加属性 附加属性 是 ...
- js的事件循环(Event Loop)
(本文从掘金小册整理) 首先介绍一下几个概念 进程与线程 相信大家经常会听到 JS 是单线程执行的,但是你是否疑惑过什么是线程? 讲到线程,那么肯定也得说一下进程.本质上来说,两个名词都是 CPU 工 ...