%22%20d%3D%22M349.8%2C120c-0.4%2C0-0.7%2C0-1.1%2C0c-5.8%2C0.1-7.4%2C7.9-2.2%2C10.3c39.8%2C18.2%2C67.6%2C58.4%2C67.6%2C104.9%0A%09c0%2C24.2-7.4%2C47.3-21.5%2C67c-4.5%2C6.3-9.4%2C12.1-14.2%2C17.7c-14.6%2C17.1-27.2%2C31.9-27.2%2C60v52.4c0%2C16.5-4.4%2C29.1-13.3%2C38.6%0A%09c-0.1%2C0.1-0.3%2C0.3-0.4%2C0.4c-6.6%2C6.7-4.6%2C18%2C4%2C21.7c3.1%2C1.3%2C5.9%2C2.1%2C8.2%2C2.1c11.3%2C0%2C33.5-18.4%2C39-24.2c9-9.5%2C13.3-22.1%2C13.3-38.6%0A%09v-52.4c0-28.1%2C12.6-42.9%2C27.2-60c4.7-5.6%2C9.6-11.3%2C14.2-17.7c14.1-19.8%2C21.6-43.1%2C21.5-67.5C464.8%2C171%2C413.6%2C120%2C349.8%2C120z%22%3E%3C%2Fpath%3E%0A%3Cpath%20d%3D%22M349.8%2C112c-67.9%2C0-123.2%2C55.3-123.2%2C123.2c0%2C25.9%2C7.9%2C50.7%2C23%2C71.6c4.8%2C6.7%2C10%2C12.8%2C14.6%2C18.2%0A%09c14.1%2C16.6%2C25.3%2C29.7%2C25.3%2C54.9v52.4c0%2C18.6%2C5.1%2C33.1%2C15.5%2C44.1c3.9%2C4.2%2C28.9%2C26.7%2C44.9%2C26.7c16%2C0%2C40.9-22.6%2C44.8-26.7%0A%09c10.4-11%2C15.5-25.5%2C15.5-44.1v-52.4c0-0.3%2C0-0.6%2C0-1c0.1-0.5%2C0.2-1.1%2C0.2-1.6c0-0.4%2C0-0.8-0.1-1.1c1.1-22.7%2C11.8-35.4%2C25.2-51.1%0A%09l0.1-0.2c4.8-5.6%2C9.8-11.5%2C14.4-18c15-21%2C23-45.8%2C23-71.6C473.1%2C167.3%2C417.8%2C112%2C349.8%2C112z%20M437.1%2C297.5c-4.3%2C6-9%2C11.6-13.6%2C17%0A%09l-0.1%2C0.2c-13.2%2C15.5-25.7%2C30.2-28.5%2C54.6h-44.5c-4.4%2C0-8%2C3.6-8%2C8s3.6%2C8%2C8%2C8h43.9v47c0%2C0.4%2C0%2C0.8%2C0%2C1.2h-43.9c-4.4%2C0-8%2C3.6-8%2C8%0A%09s3.6%2C8%2C8%2C8H392c-1.8%2C6.3-4.8%2C11.6-8.9%2C15.9c-6.8%2C7.2-26.4%2C21.7-33.2%2C21.7c-6.8%2C0-26.5-14.6-33.2-21.7c-7.5-7.9-11.1-18.8-11.1-33.1%0A%09v-52.4c0-31.1-14.2-47.7-29.1-65.3c-4.6-5.4-9.4-11-13.8-17.1c-13.1-18.3-20-39.8-20-62.3c0-59.1%2C48.1-107.2%2C107.2-107.2%0A%09s107.2%2C48.1%2C107.2%2C107.2C457.1%2C257.7%2C450.2%2C279.3%2C437.1%2C297.5z%20M203.3%2C265.5c0%2C4.4-3.6%2C8-8%2C8h-67.8c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h67.8%0A%09C199.7%2C257.5%2C203.3%2C261.1%2C203.3%2C265.5z%20M504.7%2C120.6l-18.9%2C18.9c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3c-3.1-3.1-3.1-8.2%2C0-11.3%0A%09l18.9-18.9c3.1-3.1%2C8.2-3.1%2C11.3%2C0C507.8%2C112.4%2C507.8%2C117.5%2C504.7%2C120.6z%20M225.8%2C135c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3%0A%09l-47.9-47.9c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0l47.9%2C47.9C228.9%2C126.8%2C228.9%2C131.9%2C225.8%2C135z%20M500.8%2C407.7%0A%09c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3c-2%2C0-4.1-0.8-5.7-2.3L460%2C389.5c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0%0A%09L500.8%2C407.7z%20M341.8%2C82.6V14.8c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8v67.8c0%2C4.4-3.6%2C8-8%2C8S341.8%2C87%2C341.8%2C82.6z%22%3E%3C%2Fpath%3E%0A%3Cpath%20d%3D%22M154.6%2C440.2c-4.9-1.1-9.7%2C2-10.7%2C6.9c-1.1%2C4.9%2C2%2C9.7%2C6.9%2C10.7c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c1.7%2C0%2C3.4-0.5%2C4.9-1.4%0A%09c2-1.3%2C3.4-3.3%2C3.9-5.7c0.5-2.4%2C0.1-4.8-1.2-6.8C159%2C442.1%2C157%2C440.7%2C154.6%2C440.2z%20M275.1%2C67c-4.9-1.1-9.7%2C2-10.7%2C6.9%0A%09c-1.1%2C4.9%2C2%2C9.7%2C6.9%2C10.7c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c4.2%2C0%2C7.9-2.9%2C8.8-7.1C283.1%2C72.9%2C280%2C68.1%2C275.1%2C67z%20M41.6%2C274.3%0A%09c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c1.7%2C0%2C3.4-0.5%2C4.9-1.4c2-1.3%2C3.4-3.3%2C3.9-5.7c0.5-2.4%2C0.1-4.8-1.2-6.8c-1.3-2-3.3-3.4-5.7-3.9%0A%09c-4.9-1.1-9.7%2C2-10.7%2C6.9C33.6%2C268.4%2C36.7%2C273.3%2C41.6%2C274.3z%20M199.7%2C194.9c2-1.3%2C3.4-3.3%2C3.9-5.7c1.1-4.9-2-9.7-6.9-10.7%0A%09c-2.4-0.5-4.8-0.1-6.8%2C1.2c-2%2C1.3-3.4%2C3.3-3.9%2C5.7c-0.5%2C2.4-0.1%2C4.8%2C1.2%2C6.8c1.3%2C2%2C3.3%2C3.4%2C5.7%2C3.9c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2%0A%09C196.5%2C196.3%2C198.2%2C195.8%2C199.7%2C194.9z%20M130.3%2C394.4c0%2C4.4-3.6%2C8-8%2C8c-11.4%2C0-20.8%2C9.3-20.8%2C20.8c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8%0A%09c0-20.3%2C16.5-36.8%2C36.8-36.8C126.7%2C386.4%2C130.3%2C390%2C130.3%2C394.4z%20M80.3%2C423.2c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8c0-11.4-9.3-20.8-20.8-20.8%0A%09c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8C63.8%2C386.4%2C80.3%2C402.9%2C80.3%2C423.2z%20M80.3%2C344.4c0%2C20.3-16.5%2C36.8-36.8%2C36.8c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8%0A%09c11.4%2C0%2C20.8-9.3%2C20.8-20.8c0-4.4%2C3.6-8%2C8-8S80.3%2C340%2C80.3%2C344.4z%20M130.3%2C373.2c0%2C4.4-3.6%2C8-8%2C8c-20.3%2C0-36.8-16.5-36.8-36.8%0A%09c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8c0%2C11.4%2C9.3%2C20.8%2C20.8%2C20.8C126.7%2C365.2%2C130.3%2C368.8%2C130.3%2C373.2z%20M54.4%2C145l11.2-11.2l-11.2-11.2%0A%09c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0l11.2%2C11.2L88%2C111.4c3.1-3.1%2C8.2-3.1%2C11.3%2C0c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3l-11.2%2C11.2%0A%09L99.3%2C145c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3l-11.2-11.2l-11.2%2C11.2c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3%0A%09c-2%2C0-4.1-0.8-5.7-2.3C51.3%2C153.2%2C51.3%2C148.1%2C54.4%2C145z%20M469.4%2C54.2c0%2C4.4-3.6%2C8-8%2C8h-3.9v3.9c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8v-3.9h-3.9%0A%09c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h3.9v-3.9c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8v3.9h3.9C465.8%2C46.2%2C469.4%2C49.7%2C469.4%2C54.2z%20M234%2C358.8%0A%09c0%2C4.4-3.6%2C8-8%2C8h-3.9v3.9c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8v-3.9h-3.9c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h3.9v-3.9c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8%0A%09v3.9h3.9C230.5%2C350.8%2C234%2C354.4%2C234%2C358.8z%22%3E%3C%2Fpath%3E%0A%3Cg%3E%0A%09%3Cpath%20fill%3D%22%23F55555%22%20class%3D%22secondary-color%22%20d%3D%22M9.4%2C48.7V26.9h250v21.8H9.4z%20M259.4%2C495.1v-21.8H9.4v21.8H259.4z%22%3E%3C%2Fpath%3E%0A%09%3Cpath%20fill%3D%22%23FCCF31%22%20class%3D%22primary-color%22%20d%3D%22M197.5%2C453.7l60.9-60.9v60.9H197.5z%22%3E%3C%2Fpath%3E%0A%3C%2Fg%3E%0A%3C%2Fsvg%3E)
Kubernetes: Resourcek8s 的 pod 是最小的程序运行单位。一个 pod 可能包含多个容器,但多个容器只能运行在同一个 node,不会运行在多个 node。
为什么最小运行单位是用 pod 而不是容器?
因为容器的最佳实践是,一个容器只运行一个程序(除了这个程序本身会创建子进程)。比如一个容器往往不会同时跑多个不同的 web 服务。
但有时候你需要额外的容器来配合主容器运作,比如一个同步外部文件的程序、日志收集的程序、某种本地 agent 等等。因此 k8s 设计了 pod 这种结构,来包裹多个容器并实现容器间的网络、文件共享(通过 Volumn)等。
Pod 间的网络访问
k8s 会为集群中的 pod 生成一个软件定义的网络。每个 pod 在这个网络中会被分配一个唯一的 IP,通过这个 IP pod 间可以互相访问,即使它们在不同的 node。k8s 的 namespace 不会隔离这种访问。kubectl get pods -o wide 可以看到 pod IP。
最简单的 YAML 定义
apiVersion: v1
kind: Pod
metadata:
name: kubia-manual
spec:
containers:
- image: luksa/kubia
name: kubia
ports:
- containerPort: 8080
protocol: TCP其中 ports 部分只有文档作用,k8s 不会根据它做逻辑。
kubectl explain 命令可以描述 YAML 中的字段,如:
kubectl explain pods
kubectl explain pods.spec使用 YAML 文件创建 pod
kubectl create -f kubia-manual.yaml以 YAML / JSON 形式查看 pod
kubectl get po kubia-manual -o yaml
kubectl get po kubia-manual -o json查看 pod 日志(stdout、stderr)
# 单容器
kubectl logs kubia-manual
# 多容器用 -c 指定容器
kubectl logs kubia-manual -c kubia
# 如果前面的 pod 挂了,想看它的日志
kubectl logs kubia-manual --previousLog 可能会滚动(rotated),这里 有详细信息。
发请求到 pod 中
一种方法是创建 service 将 pod 的服务公开出来。可以使用 Kubernetes: Resource: ReplicationController 中提及的 kubectl expose 命令将 rc / deployment expose 出来。
另外一种方法是使用 kubectl port-forward,比如:
kubectl port-forward kubia-manual 8888:8080kubectl 会在本地起一个进程侦听 8888 端口,并将访问这个端口的请求转发到 kubia-manual pod 中的 8080 端口。这种方法非常适合用于调试。
Label
Label 可以用来筛选 pod:
apiVersion: v1
kind: Pod
metadata:
name: kubia-manual-v2
labels:
creation_method: manual
env: prod
spec:
containers:
- image: luksa/kubia
name: kubia
ports:
- containerPort: 8080
protocol: TCP查看 pod 的 label:
$ kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
kubia-manual 1/1 Running 0 16m <none>
kubia-manual-v2 1/1 Running 0 2m creat_method=manual,env=prod
kubia-zxzij 1/1 Running 0 1d run=kubia
$ kubectl get po -L creation_method,env
NAME READY STATUS RESTARTS AGE CREATION_METHOD ENV
kubia-manual 1/1 Running 0 16m <none> <none>
kubia-manual-v2 1/1 Running 0 2m manual prod
kubia-zxzij 1/1 Running 0 1d <none> <none>还可以:
- 修改已有 pod 的 label
- 按 label 筛选出 pod。筛选逻辑支持:
- Label 存在与否
- Label 值匹配
- 批量删除某些 label 下的 pod
Label 与 selector 是配合使用的。可以给 node 设置 label,再要求 pod 被调度到符合条件的 pod:
$ kubectl label node gke-kubia-85f6-node-0rrx gpu=true
node "gke-kubia-85f6-node-0rrx" labeled
$ kubectl get nodes -l gpu=true
NAME STATUS AGE
gke-kubia-85f6-node-0rrx Ready 1d注意下面的 nodeSelector:
apiVersion: v1
kind: Pod
metadata:
name: kubia-gpu
spec:
nodeSelector:
gpu: "true"
containers:
- image: luksa/kubia
name: kubia如果你想把 pod 调度到指定的某一个 node,可以使用 k8s 分配给每个 node 的 label kubernetes.io/hostname。但这种做法不被推荐,如果该 node 挂掉了,这个 pod 也就无法运行了。
Annotation
Annotation 类似 label 也是键值对,但是不参与筛选,而是放入较长文本被程序所使用。Label 的值能放入的文本较少。
$ kubectl get po kubia-zxzij -o yaml
apiVersion: v1
kind: pod
metadata:
annotations:
kubernetes.io/created-by: |
{"kind":"SerializedReference", "apiVersion":"v1",
"reference":{"kind":"ReplicationController", "namespace":"default", ...k8s 如何终止一个 pod
先向 pod 中的各容器发 SIGTERM,并把该 pod 从 service 对应的 pod 列表中删除。各容器主进程应该开始 graceful stop。等待一段 grace period 后(默认 15s),如果容器还没停止,k8s 会向容器发 SIGKILL 杀掉容器进程。
健康检查
k8s 通过 liveness probe 机制,让 pod 中的程序可以告知 k8s 自己是否正常。在 pod 的 spec 中可以定义:
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 15Web 服务常用的惯例是在 /health 接口中返回成功失败。好的实践是,/health 接口不止是简单返回 HTTP 200,而且应该 检查外部依赖是否正常,比如依赖的数据库等等。
Liveness probe 的检查过程应该足够 轻量。避免过多、频繁的资源浪费;不要在其中实现重试逻辑,比如检查数据库连接失败后,再检查一次。
Pod 是否可提供服务
Pod 中有 readinessProbe 机制,用于判断一个 pod 是否可以正常提供服务。Pod 只有 ready 了,service 才会把请求转到该 pod。
readinessProbe 提供的探测方式与 livenessProbe 一致。
你可能看到这种情况:
$ kubectl get po kubia-2r1qb
NAME READY STATUS RESTARTS AGE
kubia-2r1qb 0/1 Running 0 2mRunning 表示 liveness probe 通过,READY 0/1 表示 readinessProbe 没有通过。
三种 probe 的区别
见 k8s 官方文档。
简单地说:
- Startup probe 及 Liveness probe 失败时,容器会被杀掉,会根据 restart policy 做重启操作
- Readiness probe 失败时,标记 pod 为 unready(从 endpoint 列表中被移除,不再接受请求),同时会继续执行健康检查。一旦检查又通过了(也考虑
successThreshold),该 pod 又会被加入 endpoint 列表中
Managed vs Unmanaged
通过 ReplicationController 或者 Deployment 创建的 pod 为 managed。直接创建的 pod 为 unmanaged。
Unmanaged pod 在 node fail 时,k8s 不会自动帮其重新创建;managed 则会。