k8s中pod及核心组件
张育鑫(Taylor Zhang)
https://www.linkedin.com/in/yxzh/
Content
Pod 的yaml定义
如何解决config分发问题?
场景:一个集群内多个服务共享一个网关,如何配置?
ConfigMap
思考:如果是db secret等sensitive data呢?
Secret
Secret kind:https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
Container states
Container Restart Policy
State | Meaning |
Running | The Running status indicates that a container is executing without issues. |
Waiting | If a container is not in either the Running or Terminated state, it is Waiting. |
Terminated | A container in the Terminated state began execution and then either ran to completion or failed for some reason. |
容器探针 container probes
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
Probe type | Last entire container life time? | After failure | Usage |
LivenessProbe | Yes | The container get killed | 判断容器的存活状态,是否运行正常 |
ReadinessProbe | Yes | Pod’s Endpoint is removed | 判断容器是否就绪,是否可以接收流量处理请求 |
StartupProbe | No | The container get killed | 判断容器是否启动成功。(成功前会disable liveness and readiness probe) |
Probe Check Mechanisms
exec
在容器中执行一个命令
返回码 == 0
TCPSocketAction
通过容器的ip地址和port进行TCP检查
能否建立TCP链接
HTTPGetAction
通过ip和port及路径调用http get
返回码 >=200 && <400
Through grpc call. An alpha feature
Need to implement GRPC Health Checking Protocol
Status of the response == SERVING
Pod readiness
Pod with 1 container
Pod with multiple containers
| PodScheduled | Initialized | Containers Ready | Ready |
Pod Scheduled | Y | Y | Y | Y |
Init container | | Y | Y | Y |
Other containers | | | Y | Y |
Readiness Gates | | | | Y |
Pod Phase 生命周期
Phase | Description |
Pending | The Pod has been accepted by the Kubernetes cluster, but one or more of the containers has not been set up and made ready to run. This includes time a Pod spends waiting to be scheduled as well as the time spent downloading container images over the network. |
Running | The Pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. |
Succeeded | All containers in the Pod have terminated in success, and will not be restarted. |
Failed | All containers in the Pod have terminated, and at least one container has terminated in failure. That is, the container either exited with non-zero status or was terminated by the system. |
Unknown | For some reason the state of the Pod could not be obtained. This phase typically occurs due to an error in communicating with the node where the Pod should be running. |
Pod 及container状态转化事例
容器数 | Pod phase | event | Pod结果状态 | ||
Always | RestartPolicy=OnFailure | Never | |||
1 container | Running | 容器正常退出 | Running | Succeeded | Succeeded |
1 container | Running | 容器异常退出 | Running | Running | Failed |
2 containers | Running | 1容器异常退出 | Running | Running | Running |
2 containers | Running | 容器OOM | Running | Running | Failed |
Pod调度策略
Pod应该在哪个节点创建?怎么创建? label & selector
Deployment or Replication Controller:全自动调度
自动创建并维持3个pod
NodeSelector:定向调度
NodeAffinity:Node亲和性调度
topology Key
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
kubernetes.io/hostname
topology.kubernetes.io/region
topology.kubernetes.io/zone
PodAffinity:Pod亲和性与互斥调度
PodAffinity:Pod亲和性与互斥调度
Taints & Tolerations:污点和容忍
场景
Pod Priority Preemption:Pod优先级调度