08-Pod的基础管理中篇(环境变量·重启策略·镜像下载策略·资源限制)

一、资源清单的环境变量env

环境变量以mysql镜像为案例进行解读

1.手动拉取mysql镜像

目的只是为了节约时间,在worker232节点拉取

[root@worker232 ~]# docker pull mysql:8.0.36-oracle

2.使用--dry-run=client获取资源清单模板

[root@master231 ~]# kubectl run mysqldb --image=mysql:8.0.36-oracle -o yaml  --dry-run=client
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: mysqldb
  name: mysqldb
spec:
  containers:
  - image: mysql:8.0.36-oracle
    name: mysqldb
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[root@master231 mytest]# kubectl run mysqldb --image=mysql:8.0.36-oracle -o yaml  --dry-run=client > 01-env-mysql.yaml

3.查看环境变量编写方式

#环境变量应当属于spec(用户期望资源运行的状态)中对容器的操作,查看容器中是否有env
[root@master231 mytest]# kubectl explain po.spec.containers | grep -i -w  'env' 
   env	<[]Object>
     precedence. Values defined by an Env with a duplicate key will take
     
#查看env的详细编写规则
[root@master231 mytest]# kubectl explain po.spec.containers.env
#要在容器中设置的环境变量列表
DESCRIPTION:
     List of environment variables to set in the container. Cannot be updated.
………………
FIELDS:
#字符串name为必填项,环境变量的名称
   name	<string> -required-
     Name of the environment variable. Must be a C_IDENTIFIER.
#字符串value,环境变量的值
   value	<string>
………………

4.编写资源清单

[root@master231 mytest]# cat 01-env-mysql.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: mysqldb-env
spec:
  containers:
  - image: mysql:8.0.36-oracle
    name: db01
    env:
      # 指定环境变量的名称
    - name: MYSQL_DATABASE
      # 指定环境变量的值
      value: wordpress
    - name: MYSQL_ALLOW_EMPTY_PASSWORD
      value: "yes"
    - name: MYSQL_USER
      value: admin
    - name: MYSQL_PASSWORD
      value: dingzhiyan
    # 向容器传参
    args:
    - --character-set-server=utf8 
    - --collation-server=utf8_bin
    - --default-authentication-plugin=mysql_native_password

5.创建资源

[root@master231 mytest]# kubectl apply -f 01-env-mysql.yaml 
pod/mysqldb-env created
[root@master231 mytest]# kubectl get pods -o wide 
NAME          READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
mysqldb-env   1/1     Running   0          62s   10.100.203.172   worker232   <none>           <none>

6.访问测试

[root@master231 mytest]# kubectl exec -it mysqldb-env  -- mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.36 MySQL Community Server - GPL
……………………
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wordpress          |
+--------------------+
5 rows in set (0.00 sec)

二、资源清单的hostNetwork

hostNetwork以WordPress镜像为案例进行解读

1.作用

​ 用于控制 Pod 是否使用宿主机的网络命名空间,当 Pod 的 hostNetwork 设置为 true 时,Pod 将使用宿主机的网络配置。

2.获取资源清单模板,查看hostNetwork编写方式

模板获取方式略
[root@master231 mytest]# kubectl explain po.spec
…………
#该变量为布尔值,默认为false
   hostNetwork	<boolean>
     Host networking requested for this pod. Use the host's network namespace.
     If this option is set, the ports that will be used must be specified.
     Default to false.
………………

3.编写资源清单

[root@master231 mytest]# vim 02-hostNetwork-wp.yaml
apiVersion: v1
kind: Pod
metadata:
  name: hostNetwork-wp
spec:
  # 表示不为Pod分片网络名称空间,而是和宿主机共用相同的网络名称空间
  hostNetwork: true
  nodeName: worker233
  containers:
  - image: wordpress:6.7.1-php8.1-apache
  name: wp-6.7.1
    env:
    # 使用四中创建好的数据库IP及其他信息
    - name: WORDPRESS_DB_HOST
      value: 10.100.203.172
    - name: WORDPRESS_DB_NAME
      value: wordpress
    - name: WORDPRESS_DB_USER
      value: admin
    - name: WORDPRESS_DB_PASSWORD
      value: dingzhiyan

4.创建资源,查看清单验证

[root@master231 mytest]# kubectl apply -f 02-hostNetwork-wp.yaml 
pod/wp-6.7.1 created

#查看wp-6.7.1的IP地址,的确是使用的宿主机IP
[root@master231 mytest]# kubectl get pods -o wide 
NAME          READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
mysqldb-env   1/1     Running   0          16m   10.100.203.172   worker232   <none>           <none>
wp-6.7.1      1/1     Running   0          29s   10.0.0.233       worker233   <none>           <none>

5.访问wordpress的WebUI

http://10.0.0.233/

三、Pod的重启策略

1.Pod的三种重启策略

​ Pod重启策略对所有容器生效,设定当容器退出时是否需要重新创建容器。

**官方有效的重启策略有三种: **

  • Always

    当容器退出时,始终重新创建新的容器。默认就是ALways。

  • OnFailure

    当容器异常退出时,才会重新创建新的容器。

  • Never:

    当容器退出时,始终不重新创建容器

[root@master231 mytest]# kubectl explain po.spec.restartPolicy
KIND:     Pod
VERSION:  v1

FIELD:    restartPolicy <string>

DESCRIPTION:
     Restart policy for all containers within the pod. One of Always, OnFailure,
     Never. Default to Always. More info:
#官方详细说明
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

2.测试always示例(默认)

当容器退出时,始终重新创建新的容器。默认就是ALways。

2.1 编写资源清单

[root@master231 mytest]# cat 03-restartPolicy-always-Pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: restartpolicy-always
spec: 
  # 指定重启策略
  restartPolicy: Always
  containers:
  # 使用了一个很小的猜测是镜像
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    name: xiuxian
    command:
    - sleep 
    - "10"

2.2 创建资源

[root@master231 mytest]# kubectl apply -f 03-restartPolicy-always-Pod.yaml 
pod/restartpolicy-always created

[root@master231 mytest]# kubectl get pods -o wide 
NAME                   READY   STATUS             RESTARTS      AGE    IP               NODE        NOMINATED NODE   READINESS GATES
restartpolicy-always   0/1     CrashLoopBackOff   3 (51s ago)   2m9s   10.100.203.173   worker232   <none>           <none>

2.3 测试验证

3.测试Never示例

当容器退出时,始终不重新创建容器

3.1 编写资源清单

[root@master231 mytest]# cat 04--restartPolicy-never-Pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: restartpolicy-never
spec: 
  # 指定重启策略
  restartPolicy: Never
  containers:
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    name: xiuxian
    command:
    - sleep 
    - "7"

3.2 创建资源

[root@master231 mytest]# kubectl apply -f 04--restartPolicy-never-Pod.yaml 
pod/restartpolicy-always created

3.3 测试验证

#在sleep结束前,容器正常运行
[root@master231 pods]# kubectl get pods -o wide
NAME                      READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
restartpolicy-never   1/1     Running   0          4s    10.100.203.142   worker232   <none>           <none>
#sleep结束后,容器停止,并且永不会重启
[root@master231 mytest]# kubectl get pods -o wide 
NAME                   READY   STATUS      RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
restartpolicy-never   0/1     Completed   0          29s   10.100.203.174   worker232   <none>           <none>

4.测试OnFailure示例

当容器异常退出时,才会重新创建新的容器。

4.1 编写资源清单

[root@master231 mytest]# cat 05-restartPolicy-OnFailure-Pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: restartpolicy-OnFailure
spec: 
  # 指定重启策略
  restartPolicy: OnFailure
  containers:
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    name: xiuxian
    command:
    - sleep 
    - "10"

4.2 创建资源

[root@master231 mytest]# kubectl  apply -f 05-restartPolicy-OnFailure-Pod.yaml 
pod/restartpolicy-onfailure created

4.3测试验证

#sleep结束前正常运行
[root@master231 mytest]# kubectl get pods -o wide 
NAME                      READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
restartpolicy-onfailure   1/1     Running   0          3s    10.100.203.175   worker232   <none>           <none>

#查看节点上的生成运行的两个容器
[root@worker232 ~]# docker ps | grep restartpolicy-onfailure
90480cdcd724   f28fd43be4ad                                        "sleep 99999999"         33 seconds ago   Up 32 seconds             k8s_xiuxian_restartpolicy-onfailure_default_5825cd22-dfc9-4043-8c66-5bc256f7e05a_0
74ef697a6b4c   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 33 seconds ago   Up 33 seconds             k8s_POD_restartpolicy-onfailure_default_5825cd22-dfc9-4043-8c66-5bc256f7e05a_0

#杀死其中一个
[root@worker232 ~]# docker kill 90480cdcd724
90480cdcd724

#容器会自动重启
[root@master231 mytest]# kubectl get pods -o wide 
NAME                      READY   STATUS    RESTARTS      AGE   IP               NODE        NOMINATED NODE   READINESS GATES
restartpolicy-onfailure   1/1     Running   1 (20s ago)   66s   10.100.203.176   worker232   <none>           <none>

四、容器的镜像下载策略

1.三种下载策略

就是在容器启动前,镜像的获取方式

官方有三种拉取策略:

  • Always

    如果本地没有镜像,则始终会去远程仓库拉取镜像

    如果本地有镜像,则会对比本地的镜像摘要信息和远程仓库的摘要信息,若相同,则使用本地缓存镜像,若不同,则拉取镜像。

  • Never

    如果本地没有镜像,则报错,不会拉取镜像

    如果本地有镜像,则会尝试启动。

  • IfNotPresent

    如果本地没有镜像,则会拉取镜像

    如果本地有镜像,则会尝试启动

2.默认的拉取策略

默认的拉取策略根据用户镜像的标签而定

  • 当镜像的标签为"latest"则默认策略为ALways
  • 当镜像的标签非"latest"则默认的拉取策略为"IfNotPresent"

3.在资源清单中的编写方式

[root@master231 mytest]# kubectl explain po.spec.containers.imagePullPolicy
KIND:     Pod
VERSION:  v1

FIELD:    imagePullPolicy <string>

DESCRIPTION:
     Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
     if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
     More info:
     https://kubernetes.io/docs/concepts/containers/images#updating-images

4.验证Never策略

4.1 编写资源清单

[root@master231 mytest]# vim 06-imagePullPolicy-never-Pod.yaml
apiVersion: v1
kind: Pod
metadata:
#这里使用了一个本地没有的镜像资源
  name: xiuxian-imagepullpolicy
spec:
  nodeName: worker233
  containers:
  - image: dezyan/gametest:gametest
    name: xiuxian
    imagePullPolicy: Never

[root@master231 mytest]# kubectl apply -f 06-imagePullPolicy-never-Pod.yaml 
pod/xiuxian-imagepullpolicy created

4.2 查看列表状态验证

[root@master231 mytest]# kubectl get pods -o wide 
NAME                      READY   STATUS              RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
xiuxian-imagepullpolicy   0/1     ErrImageNeverPull   0          53s   10.100.140.100   worker233   <none>           <none>

5.验证IfNotPresent策略

5.1 编写资源清单

[root@master231 mytest]# vim 07-imagePullPolicy-ifNotPresent-Pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: xiuxian-imagepullpolicy
spec:
  nodeName: worker233
  containers:
#这里使用了一个本地有的资源
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    name: xiuxian
    imagePullPolicy: IfNotPresent
    
[root@master231 mytest]# kubectl apply -f  07-imagePullPolicy-ifNotPresent-Pod.yaml
pod/xiuxian-imagepullpolicy created

5.2 查看列表状态验证

6.验证Always

6.1 编写资源清单

[root@master231 mytest]# vim 07-imagePullPolicy-ifNotPresent-Pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: xiuxian-imagepullpolicy
spec:
  nodeName: worker233
  containers:
#这里使用了一个本地有的资源但是标签不同,会去仓库拉取
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2
    name: xiuxian
    imagePullPolicy: Always

6.2 查看列表状态验证

五、Pod的资源限制resources

1.资源限制是干什么的

资源限制目的是为了限制容器的资源使用上限或者期望资源。

  • requests

    表示期望调度节点拥有的空闲资源

    但实际调度后并不会立刻使用这些资源

  • limits

    表示使用资源的上限。

注意:

​ 如果不定义requests字段,则默认和limits相同

​ 如果不定义resource字段,则默认和宿主机的资源相同。

2.编写资源清单

[root@master231 pods]# cat 08-pods-resources.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: xiuxian-resources
spec:
  nodeName: worker233
  containers:
  - image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    name: c1
    # 配置资源限制,如果不定义,则默认是宿主机的所有资源。
    resources:
      # 期望资源,如果不定义,则默认和limits相同。
      requests:
         cpu: 0.5
         memory: 1Gi
      # 使用资源的上限
      limits:
         cpu: 1.5
         memory: 2Gi
    command:
    - tail
    - -f
    - /etc/hosts
    imagePullPolicy: IfNotPresent

3.压力测试

[root@master231 pods]# kubectl apply -f  08-pods-resources.yaml 
pod/xiuxian-resources created

[root@master231 pods]# kubectl exec -it xiuxian-resources -- sh
/usr/local/stress # 
/usr/local/stress # stress  -m 10 --vm-bytes 200000000 --vm-keep --verbose

4.观察压力测试效果

[root@worker233 ~]# docker ps -a | grep xiuxian-resources
...
[root@worker233 ~]# docker stats  <容器的ID>
posted @ 2025-04-09 09:20  丁志岩  阅读(41)  评论(0)    收藏  举报