#云原生征文#深入万物基础-容器

网友投稿 249 2022-09-10

#云原生征文#深入万物基础-容器

深入万物基础-容器

一、思考

我们在k8s里面的容器和docker的容器有什么异同?

其实docker之前有自己的一套编排软件:docker swarm 它可以在多台主机中创建一个docker集群,但是也仅限于此了,docker在很早就放弃了这个项目。 docker machine 是配合swarm的一个预处理工具

k8s全称:kubernetes,因为中间有8个字母,所以简称k8s,是谷歌公司开发的一款容器编排工具,占据了80%以上的市场份额。

k8s的Pod是最小单位,Pod中容器的配置需要注意以下常用的 Pod里面的容器内容可以写的东西

args    <[]string>    command    <[]string>      Entrypoint array. Not executed within a shell. The docker image's      ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME)      are expanded using the container's environment. If a variable cannot be      resolved, the reference in the input string will be unchanged. The      $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).      Escaped references will never be expanded, regardless of whether the      variable exists or not. Cannot be updated. More info:​​       env    <[]Object>      容器要用的环境变量   envFrom    <[]Object>      List of sources to populate environment variables in the container. The      keys defined within a source must be a C_IDENTIFIER. All invalid keys will      be reported as an event when the container is starting. When a key exists      in multiple sources, the value associated with the last source will take      precedence. Values defined by an Env with a duplicate key will take      precedence. Cannot be updated.   image             写镜像的名字   imagePullPolicy             下载策略:          Always:总是去下载: 【默认】               先看网上有没有,有了就下载,(本机也有,docker就相当于不用下载了)         Never:总不去下载,一定保证当前Pod所在的机器有这个镜像 ;直接看本机         IfNotPresent:如果本机没有就去下载;先看本机,再看远程   lifecycle           生命周期钩子   livenessProbe          Periodic probe of container liveness. Container will be restarted if the      probe fails. Cannot be updated. More info:​​       name     -required-            容器的名字   ports    <[]Object>       端口:   readinessProbe          Periodic probe of container service readiness. Container will be removed      from service endpoints if the probe fails. Cannot be updated. More info:​​       resources          Compute Resources required by this container. Cannot be updated. More info:​​       securityContext          Security options the pod should run with. More info:      More info:​​       startupProbe          StartupProbe indicates that the Pod has successfully initialized. If      specified, no other probes are executed until this completes successfully.      If this probe fails, the Pod will be restarted, just as if the      livenessProbe failed. This can be used to provide different probe      parameters at the beginning of a Pod's lifecycle, when it might take a long      time to load data or warm a cache, than during steady-state operation. This      cannot be updated. More info:​​       stdin          Whether this container should allocate a buffer for stdin in the container      runtime. If this is not set, reads from stdin in the container will always      result in EOF. Default is false.   stdinOnce          Whether the container runtime should close the stdin channel after it has      been opened by a single attach. When stdin is true the stdin stream will      remain open across multiple attach sessions. If stdinOnce is set to true,      stdin is opened on container start, is empty until the first client      attaches to stdin, and then remains open and accepts data until the client      disconnects, at which time stdin is closed and remains closed until the      container is restarted. If this flag is false, a container processes that      reads from stdin will never receive an EOF. Default is false   terminationMessagePath          Optional: Path at which the file to which the container's termination      message will be written is mounted into the container's filesystem. Message      written is intended to be brief final status, such as an assertion failure      message. Will be truncated by the node if greater than 4096 bytes. The      total message length across all containers will be limited to 12kb.      Defaults to /dev/termination-log. Cannot be updated.   terminationMessagePolicy          Indicate how the termination message should be populated. File will use the      contents of terminationMessagePath to populate the container status message      on both success and failure. FallbackToLogsOnError will use the last chunk      of container log output if the termination message file is empty and the      container exited with an error. The log output is limited to 2048 bytes or      80 lines, whichever is smaller. Defaults to File. Cannot be updated.   tty          Whether this container should allocate a TTY for itself, also requires      'stdin' to be true. Default is false.   volumeDevices    <[]Object>      volumeDevices is the list of block devices to be used by the container.   volumeMounts    <[]Object>      Pod volumes to mount into the container's filesystem. Cannot be updated.   workingDir             指定进容器的工作目录

二、镜像

在 Kubernetes 的 Pod 中使用容器镜像之前,我们必须将其推送到一个镜像仓库(或者使用仓库中已经有的容器镜像)。在 Kubernetes 的 Pod 定义中定义容器时,必须指定容器所使用的镜像,容器中的 ​​image​​ 字段支持与 ​​docker​​ 命令一样的语法,包括私有镜像仓库和标签。

如果使用 ​​hub.dokcer.com​​ Registry 中的镜像,可以省略 registry 地址和 registry 端口。例如:​​nginx:latest​​

Kubernetes中,默认的镜像抓取策略是 ​​IfNotPresent​​,使用此策略,kubelet在发现本机有镜像的情况下,不会向镜像仓库抓取镜像。如果您期望每次启动 Pod 时,都强制从镜像仓库抓取镜像,可以尝试如下方式:

设置 container 中的imagePullPolicy 为 Always省略imagePullPolicy 字段,并使用 :latest tag 的镜像省略imagePullPolicy 字段和镜像的 tag激活AlwaysPullImages 管理控制器

docker pull redis docker.io/library/redis:latest

#这个秘钥默认在default名称空间,不能被hello名称空间共享kubectl create secret -n hello docker-registry my-aliyun \ --docker-server=registry.cn-hangzhou.aliyuncs.com \ --docker-username=lansonli \ --docker-password=lansonli123456789

apiVersion: v1kind: Podmetadata: name: foospec: containers: - name: foo image: registry.cn-zhangjiakou.aliyuncs.com/atguigudocker/atguigu-java-img:v1.0 imagePullSecrets: - name: mydocker

三、启动命令

四、环境变量

env指定即可

五、生命周期容器钩子

Kubernetes中为容器提供了两个 hook(钩子函数):

​​PostStart​​此钩子函数在容器创建后将立刻执行。但是,并不能保证该钩子函数在容器的ENTRYPOINT 之前执行。该钩子函数没有输入参数。​​PreStop​​此钩子函数在容器被 terminate(终止)之前执行,例如:

通过接口调用删除容器所在 Pod某些管理事件的发生:健康检查失败、资源紧缺等

如果容器已经被关闭或者进入了 ​​completed​​ 状态,preStop 钩子函数的调用将失败。该函数的执行是同步的,即,kubernetes 将在该函数完成执行之后才删除容器。该钩子函数没有输入参数。

apiVersion: v1kind: Podmetadata: name: lansonli-demospec: containers: - name: lansonli-demo-container image: alpine command: ["/bin/sh", "-c", "echo hello; "] volumeMounts: - name: mount1 mountPath: /app lifecycle: postStart: exec: command: ["/bin/sh", "-c", "echo world;"] preStop: exec: command: ["/bin/sh","-c","echo 66666;"]

Kubernetes 在容器启动后立刻发送postStart 事件,但是并不能确保 postStart 事件处理程序在容器的 EntryPoint 之前执行。postStart 事件处理程序相对于容器中的进程来说是异步的(同时执行),然而,Kubernetes 在管理容器时,将一直等到 postStart 事件处理程序结束之后,才会将容器的状态标记为 Running。Kubernetes 在决定关闭容器时,立刻发送preStop 事件,并且,将一直等到 preStop 事件处理程序结束或者 Pod 的 --grace-period 超时,才删除容器

六、资源限制

pods/qos/qos-pod.yaml apiVersion: v1kind: Podmetadata: name: qos-demo namespace: qos-examplespec: containers: - name: qos-demo-ctr image: nginx resources: limits: # 限制最大大小 -Xmx memory: "200Mi" cpu: "700m" # 启动默认给分配的大小 -Xms requests: memory: "200Mi" cpu: "700m"

kubectl describe 可用来排错的,查看资源的状态

【本文正在参加云原生有奖征文活动】,活动链接:https://ost./posts/12598

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

标签:工具
上一篇:client-go gin的简单整合八Service-list初步收尾
下一篇:“花钱打投”被禁,奶企综艺营销何去何从!
相关文章

 发表评论

暂时没有评论,来抢沙发吧~