我们在 k8s 里面的容器和 docker 的容器有什么异同?
其实 docker 之前有自己的一套编排软件:docker swarm 它可以在多台主机中创建一个 docker 集群,但是也仅限于此了,docker 在很早就放弃了这个项目。docker machine 是配合 swarm 的一个预处理工具
k8s 全称:kubernetes,因为中间有 8 个字母,所以简称 k8s,是谷歌公司开发的一款容器编排工具,占据了 80%以上的市场份额。
k8s 的 Pod 是最小单位,Pod 中容器的配置需要注意以下常用的
Pod 里面的容器内容可以写的东西
args <[]string>
command <[]string> Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $, ie: $(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
env <[]Object> 容器要用的环境变量
envFrom <[]Object> List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
image
写镜像的名字 imagePullPolicy
下载策略: Always:总是去下载: 【默认】 先看网上有没有,有了就下载,(本机也有,docker 就相当于不用下载了) Never:总不去下载,一定保证当前 Pod 所在的机器有这个镜像 ;直接看本机 IfNotPresent:如果本机没有就去下载;先看本机,再看远程 lifecycle
livenessProbe
name
-required- 容器的名字 ports <[]Object> 端口:
readinessProbe
resources
securityContext
startupProbe
stdin
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. stdinOnce
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false terminationMessagePath
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. terminationMessagePolicy
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. tty
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. volumeDevices <[]Object> volumeDevices is the list of block devices to be used by the container.
volumeMounts <[]Object> Pod volumes to mount into the container's filesystem. Cannot be updated.
workingDir
指定进容器的工作目录
在 Kubernetes 的 Pod 中使用容器镜像之前,我们必须将其推送到一个镜像仓库(或者使用仓库中已经有的容器镜像)。在 Kubernetes 的 Pod 定义中定义容器时,必须指定容器所使用的镜像,容器中的 image 字段支持与 docker 命令一样的语法,包括私有镜像仓库和标签。
如果使用 hub.dokcer.com Registry 中的镜像,可以省略 registry 地址和 registry 端口。例如:nginx:latest
Kubernetes 中,默认的镜像抓取策略是 IfNotPresent,使用此策略,kubelet 在发现本机有镜像的情况下,不会向镜像仓库抓取镜像。如果您期望每次启动 Pod 时,都强制从镜像仓库抓取镜像,可以尝试如下方式:
docker pull redis docker.io/library/redis:latest
下载私有仓库镜像
#这个秘钥默认在default名称空间,不能被hello名称空间共享kubectl create secret -n hello docker-registry my-aliyun --docker-server=registry.cn-hangzhou.aliyuncs.com --docker-username=lansonli --docker-password=lansonli123456789
apiVersion: v1kind: Podmetadata: name: foospec: containers: - name: foo image: registry.cn-zhangjiakou.aliyuncs.com/atguigudocker/atguigu-java-img:v1.0 imagePullSecrets: - name: mydocker
env 指定即可
Kubernetes 中为容器提供了两个 hook(钩子函数):
apiVersion: v1kind: Podmetadata: name: lansonli-demospec: containers: - name: lansonli-demo-container image: alpine command: ["/bin/sh", "-c", "echo hello; "] volumeMounts: - name: mount1 mountPath: /app lifecycle: postStart: exec: command: ["/bin/sh", "-c", "echo world;"] preStop: exec: command: ["/bin/sh","-c","echo 66666;"]
pods/qos/qos-pod.yaml apiVersion: v1kind: Podmetadata: name: qos-demo namespace: qos-examplespec: containers: - name: qos-demo-ctr image: nginx resources: limits: # 限制最大大小 -Xmx memory: "200Mi" cpu: "700m" # 启动默认给分配的大小 -Xms requests: memory: "200Mi" cpu: "700m"
kubectl describe 可用来排错的,查看资源的状态
页面更新:2024-05-12
本站资料均由网友自行发布提供,仅用于学习交流。如有版权问题,请与我联系,QQ:4156828
© CopyRight 2008-2024 All Rights Reserved. Powered By bs178.com 闽ICP备11008920号-3
闽公网安备35020302034844号