容器的分类
1. Infrastructure Container:基础容器 维护整个Pod网络空间
2. InitContainers:初始化容器 先于业务容器开始执行
3.Containers:业务容器 并行启动
#########################################################
镜像拉取策略
1.IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
2.Always:每次创建 Pod 都会重新拉取一次镜像
3.Never: Pod 永远不会主动拉取这个镜像
apiVersion: v1 kind: Pod metadata: name: foo namespace: awesomeapps spec: containers: - name: foo image: janedoe/awesomeapp:v1 imagePullPolicy: IfNotPresent apiVersion: v1 kind: Pod metadata: name: foo namespace: awesomeapps spec: containers: - name: foo image: janedoe/awesomeapp:v1 imagePullSecrets: - name: myregistrykey
######################################################
重启策略(restartPolicy)
Always:当容器终止退出后,总是重启容器,默认策略。
OnFailure:当容器异常退出(退出状态码非0)时,才重启容器。
Never::当容器终止推出,从不重启容器。
apiVersion: v1 kind: Pod metadata: name: foo namespace: awesomeapps spec: containers: - name: foo image: janedoe/awesomeapp:v1 restartPolicy: Always
#################################################################
资源限制
Pod和Container的资源请求和限制:
• spec.containers[].resources.limits.cpu
• spec.containers[].resources.limits.memory
• spec.containers[].resources.requests.cpu
• spec.containers[].resources.requests.memory
apiVersion: v1 kind: Pod metadata: name: frontend spec: containers: - name: db image: mysql env: - name: MYSQL_ROOT_PASSWORD value: "password" resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: wp image: wordpress resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
健康检查(Probe)
Probe有以下两种类型:
livenessProbe
如果检查失败,将杀死容器,根据Pod的restartPolicy来操作。
readinessProbe
如果检查失败,Kubernetes会把Pod从service endpoints中剔除。
Probe支持以下三种检查方法:
httpGet
发送HTTP请求,返回200-400范围状态码为成功。
exec
执行Shell命令返回状态码是0为成功。
tcpSocket
发起TCP Socket建立成功。
apiVersion: v1 kind: Pod metadata: labels: test: liveness name: liveness-exec spec: containers: - name: liveness image: k8s.gcr.io/busybox args: - /bin/sh - -c - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600 livenessProbe: exec: command: - cat - /tmp/healthy initialDelaySeconds: 5 periodSeconds: 5
调度约束
nodeName用于将Pod调度到指定的Node名称上
nodeSelector用于将Pod调度到匹配Label的Node上
apiVersion: v1 kind: Pod metadata: name: pod-example labels: app: nginx spec: nodeName: 10.23.215.244 containers: - name: nginx image: nginx:1.15 apiVersion: v1 kind: Pod metadata: name: pod-example spec: nodeSelector: env_role: dev containers: - name: nginx image: nginx:1.15