[kubernetes]9-6 深入Pod - pod相关的点点滴滴（下）

9-6 深入Pod - pod相关的点点滴滴（下）

pod的生命周期

Pending 还没有被调度 : 内存不足 匹配不到镜像 等等

ContainerCreating 初始化

Running 运行中

succeeded/failed 成功运行/失败退出

 

Ready 通过健康检查的服务 会处于ready状态

CrashLoopBackOff 没有通过健康检查的服务 crash循环补偿 pod处于等待状态

Unknown 未知状态 一般是apiserver 没有收到机器的汇报

 

 

ProjectedVolume

1 Secret

用于存放**在vpc中

2 ConfigMap

3 DownloadAPI

 

 

查看**

kubectl get secret

 

查看**的定义

kubectl get secret default-token-wfrbq -o yaml

 

查看名为dubb-demo的yaml

kubectl get pods

kubectl  get pods  dubb-demo-75f8774df7-7r6wz -o  yaml

apiVersion: v1

kind: Pod

metadata:

  creationTimestamp: "2019-12-17T16:24:49Z"

  generateName: dubb-demo-75f8774df7-

  labels:

    app: dubb-demo

    pod-template-hash: 75f8774df7

  name: dubb-demo-75f8774df7-7r6wz

  namespace: default

  ownerReferences:

  - apiVersion: apps/v1

    blockOwnerDeletion: true

    controller: true

    kind: ReplicaSet

    name: dubb-demo-75f8774df7

    uid: d3c7c8a6-ca01-4eec-8d49-f022cee9048f

  resourceVersion: "16011119"

  selfLink: /api/v1/namespaces/default/pods/dubb-demo-75f8774df7-7r6wz

  uid: f85b75e7-2594-4a35-ba22-051eeaf26f79

spec:

  affinity:

    podAntiAffinity:

      requiredDuringSchedulingIgnoredDuringExecution:

      - labelSelector:

          matchExpressions:

          - key: app

            operator: In

            values:

            - dubb-demo

        topologyKey: kubernetes.io/hostname

  containers:

  - env:

    - name: DUBBO_PORT

      value: "20881"

    image: harbor.pdabc.com/kubernetes/dubbo:v3

    imagePullPolicy: IfNotPresent

    name: dubb-demo

    ports:

    - containerPort: 20881

      hostPort: 20881

      protocol: TCP

    resources: {}

    terminationMessagePath: /dev/termination-log

    terminationMessagePolicy: File

# volume的挂载位置

    volumeMounts:

    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount

      name: default-token-wfrbq

      readOnly: true

  dnsPolicy: ClusterFirst

  enableServiceLinks: true

  hostNetwork: true

  nodeName: kubernetes-node-02

  priority: 0

  restartPolicy: Always

  schedulerName: default-scheduler

  securityContext: {}

  serviceAccount: default

  serviceAccountName: default

  terminationGracePeriodSeconds: 30

  tolerations:

  - effect: NoExecute

    key: node.kubernetes.io/not-ready

    operator: Exists

    tolerationSeconds: 300

  - effect: NoExecute

    key: node.kubernetes.io/unreachable

    operator: Exists

    tolerationSeconds: 300

  volumes:

  - name: default-token-wfrbq

    secret:

# 文件的权限

      defaultMode: 420

# secret的名字

      secretName: default-token-wfrbq

status:

  conditions:

  - lastProbeTime: null

    lastTransitionTime: "2019-12-17T16:24:49Z"

    status: "True"

    type: Initialized

  - lastProbeTime: null

    lastTransitionTime: "2019-12-17T16:24:53Z"

    status: "True"

    type: Ready

  - lastProbeTime: null

    lastTransitionTime: "2019-12-17T16:24:53Z"

    status: "True"

    type: ContainersReady

  - lastProbeTime: null

    lastTransitionTime: "2019-12-17T16:24:49Z"

    status: "True"

    type: PodScheduled

  containerStatuses:

  - containerID: docker://40ae613a15d161235663ebcb5ebca835c7aa45783883c969bd146492588eeb61

    image: harbor.pdabc.com/kubernetes/dubbo:v3

    imageID: docker-pullable://harbor.pdabc.com/kubernetes/dubbo@sha256:bce6d6719ef45f69a0ed9b24586ee896e38004a5f5232181def922048344710f

    lastState: {}

    name: dubb-demo

    ready: true

    restartCount: 0

    state:

      running:

        startedAt: "2019-12-17T16:24:52Z"

  hostIP: 192.168.10.150

  phase: Running

  podIP: 192.168.10.150

  qosClass: BestEffort

  startTime: "2019-12-17T16:24:49Z"

 

 

 

在node2上查看容器信息

docker ps |grep dubb

docker exec -it 40ae613a15d1 sh

 

cd /var/run/secrets/kubernetes.io/serviceaccount

ls -l

看到有3个文件 和secret中看到的文件名是一样的 内容是解密后的数据

 

创建自己的secret 文件 secret.yaml

可以通过以下方式来加密

echo -n jiaminxu|base64

 

apiVersion: v1

kind: Secret

metadata:

  name: dbpass

type: Opaque

data:

  username: aW1vb2M=

  passwd:  aW1vb2MxMjM=

 

创建pod-secret.yaml如下

apiVersion: v1

kind: Pod

metadata:

  name: pod-secret

spec:

  containers:

  - name: springboot-web

    image: harbor.pdabc.com/kubernetes/springboot-web:v1

    ports:

    - containerPort: 8080

    volumeMounts:

    - name: db-secret

      mountPath: /db-secret

      readOnly: true

  volumes:

  - name: db-secret

    projected:

      sources:

      - secret:

          name: dbpass

 

 

创建secret

kubectl create -f secret.yaml

 

kubectl create -f pod-secret.yaml

查看pod在哪个节点

kubectl get pods -o wide

查看容器中的文件

 

修改secret.yaml的用户为jiaminxu

并使用kubectl apply -f secret.yaml 动态更新 不需要退出容器 但是可能存在延迟

 

 

 

Configmap 存储不需要加密的数据

删除pod

kubectl delete -f pod-secret.yaml

 

创建game.properties 

enemies=aliens

lives=3

enemies.cheat=true

enemies.cheat.level=noGoodRotten

secret.code.passphrase=UUDDLRLRBABAS

secret.code.allowed=true

secret.code.lives=30

 

kubectl create configmap web-game --from-file game.properties

 

创建pod-game.yaml

 

apiVersion: v1

kind: Pod

metadata:

  name: pod-game

spec:

  containers:

  - name: web

    image: harbor.pdabc.com/kubernetes/springboot-web:v1

    ports:

    - containerPort: 8080

    volumeMounts:

    - name: game

      mountPath: /etc/config/game

      readOnly: true

  volumes:

  - name: game

    configMap:

      name: web-game

 

kubectl  create -f pod-game.yaml 

查看pod在哪个node

kubectl get pods -o wide

docker ps |grep game

docker exec -it ce80448d3cbc sh

 

 

文件mount的形式是覆盖文件夹

 

修改configmap的值 修改之后生效 再去查看容器里的值 已经发生变化

kubectl edit cm web-game

 watch -n 5 cat game.properties

 

删除pod

kubectl  delete  -f pod-game.yaml 

 

 

创建configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

  name: configs

data:

  JAVA_OPTS: -Xms1024m

  LOG_LEVEL: DEBUG

 

kubectl create -f configmap.yaml

创建 pod-env.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: pod-env

spec:

  containers:

  - name: web

    image: harbor.pdabc.com/kubernetes/springboot-web:v1

    ports:

    - containerPort: 8080

    env:

      - name: LOG_LEVEL_CONFIG

        valueFrom:

          configMapKeyRef:

            name: configs

            key: LOG_LEVEL

 

kubectl  create -f pod-env.yaml 

kubectl get pods -o wide

 

kubectl  delete  -f pod-env.yaml

 

另一种方式 通过命令的方式传入

创建pod-cmd.yaml

apiVersion: v1

kind: Pod

metadata:

  name: pod-cmd

spec:

  containers:

  - name: web

    image: harbor.pdabc.com/kubernetes/springboot-web:v1

    command: ["/bin/sh", "-c", "java -jar /springboot-web.jar -DJAVA_OPTS=$(JAVA_OPTS)"]

    ports:

    - containerPort: 8080

    env:

      - name: JAVA_OPTS

        valueFrom:

          configMapKeyRef:

            name: configs

            key: JAVA_OPTS

 

 

kubectl  create   -f pod-cmd.yaml 

kubectl get pods -o wide

 

kubectl  delete    -f pod-cmd.yaml 

 

downwardapi

用于获取pod本身的信息

创建pod-downwardapi.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: pod-downwardapi

  labels:

    app: downwardapi

    type: webapp

spec:

  containers:

  - name: web

    image: harbor.pdabc.com/kubernetes/springboot-web:v1

    ports:

    - containerPort: 8080

    volumeMounts:

      - name: podinfo

        mountPath: /etc/podinfo

  volumes:

    - name: podinfo

      projected:

        sources:

        - downwardAPI:

            items:

              - path: "labels"

                fieldRef:

                  fieldPath: metadata.labels

              - path: "name"

                fieldRef:

                  fieldPath: metadata.name

              - path: "namespace"

                fieldRef:

                  fieldPath: metadata.namespace

              - path: "cpu-request"

                resourceFieldRef:

                  containerName: web

                  resource: limits.memory

 

 

kubectl create -f pod-downwardapi.yaml 

查看容器的内容