一、名稱空間

1、切換名稱空間

[root@master pod]# kubectl create ns test
namespace/test created
[root@master pod]# kubectl get ns
NAME              STATUS   AGE
default           Active   10h
kube-node-lease   Active   10h
kube-public       Active   10h
kube-system       Active   10h
test              Active   2s
[root@master pod]# kubectl config set-context --current --namespace=kube-system
Context "kubernetes-admin@kubernetes" modified.
[root@master pod]# kubectl get pod
NAME                                      READY   STATUS    RESTARTS        AGE
calico-kube-controllers-d886b8fff-mbdz7   1/1     Running   0               6h42m
calico-node-48tnk                         1/1     Running   0               6h46m
calico-node-jq7mr                         1/1     Running   0               6h46m
calico-node-pdwcr                         1/1     Running   0               6h46m
coredns-567c556887-99cqw                  1/1     Running   1 (6h44m ago)   10h
coredns-567c556887-9sbfp                  1/1     Running   1 (6h44m ago)   10h
etcd-master                               1/1     Running   1 (6h44m ago)   10h
kube-apiserver-master                     1/1     Running   1 (6h44m ago)   10h
kube-controller-manager-master            1/1     Running   1 (6h44m ago)   10h
kube-proxy-7dl5r                          1/1     Running   1 (6h50m ago)   10h
kube-proxy-pvbrg                          1/1     Running   1 (6h44m ago)   10h
kube-proxy-xsqt9                          1/1     Running   1 (6h50m ago)   10h
kube-scheduler-master                     1/1     Running   1 (6h44m ago)   10h
[root@master pod]# kubectl config set-context --current --namespace=default
Context "kubernetes-admin@kubernetes" modified.
[root@master pod]# kubectl get pod
NAME     READY   STATUS    RESTARTS   AGE
nginx1   1/1     Running   0          8m44s

2、設(shè)置名稱空間資源限額

1. 就是不能超過這個(gè)名稱空間的限制

2. 限制這個(gè)名稱空間所有pod的類型的限制

[root@master ns]# cat test.yaml 
apiVersion: v1
kind: ResourceQuota  #這個(gè)是資源配額
metadata:
  name: mem-cpu-qutoa
  namespace: test  
spec:
  hard:  #限制資源
     requests.cpu: "2" #最少2個(gè)cpu 
     requests.memory: 2Gi 
     limits.cpu: "4"   #最大4個(gè)cpu
     limits.memory: 4Gi

#查看名稱空間詳細(xì)信息
[root@master ns]# kubectl describe ns test
Name:         test
Labels:       kubernetes.io/metadata.name=test
Annotations:  <none>
Status:       Active

Resource Quotas
  Name:            mem-cpu-qutoa
  Resource         Used  Hard
  --------         ---   ---
  limits.cpu       0     4
  limits.memory    0     4Gi
  requests.cpu     0     2
  requests.memory  0     2Gi

No LimitRange resource.

#定義了名稱空間限制的話，創(chuàng)建Pod必須設(shè)置資源限制，否則會(huì)報(bào)錯(cuò)
[root@master pod]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx1
  namespace: test
  labels:
    app: nginx-pod
spec:
 containers:
 - name: nginx01
   image: docker.io/library/nginx:1.9.1
   imagePullPolicy: IfNotPresent
   resources:  #pod資源的限制，如果不做限制的話,pod出現(xiàn)了問題的話，一直吃內(nèi)存的話，就會(huì)出現(xiàn)問題
     limits:
       memory: "2Gi"  #內(nèi)存為2g
       cpu: "2m"  #單位為毫核，1000m=1核      

二、標(biāo)簽

1. 這個(gè)非常的重要，因?yàn)楹芏嗟馁Y源類型都是靠這個(gè)標(biāo)簽進(jìn)行管理的(識(shí)別到了)

2. 服務(wù)或者控制器等都是靠這個(gè)標(biāo)簽來進(jìn)行管理的

#打上標(biāo)簽
[root@master /]# kubectl label pods nginx1 test=01
pod/nginx1 labeled
[root@master /]# kubectl get pod --show-labels 
NAME     READY   STATUS    RESTARTS   AGE   LABELS
nginx1   1/1     Running   0          45m   app=nginx-pod,test=01

#具有這個(gè)標(biāo)簽的pod進(jìn)行列出
[root@master /]# kubectl get pods -l app=nginx-pod
NAME     READY   STATUS    RESTARTS   AGE
nginx1   1/1     Running   0          48m

#查看所有名稱空間和標(biāo)簽
[root@master /]# kubectl get pods --all-namespaces --show-labels 

#查看這個(gè)鍵app對(duì)應(yīng)的值是什么
[root@master /]# kubectl get pods -L app
NAME     READY   STATUS    RESTARTS   AGE   APP
nginx1   1/1     Running   0          50m   nginx-pod

#刪除這個(gè)標(biāo)簽
[root@master ~]# kubectl label pod nginx1 app-
pod/nginx1 unlabeled
[root@master ~]# kubectl get pod --show-labels 
NAME     READY   STATUS    RESTARTS   AGE   LABELS
nginx1   1/1     Running   0          57m   test=01
s

三、親和性

1、node節(jié)點(diǎn)選擇器

就是根據(jù)主機(jī)名或者標(biāo)簽進(jìn)行pod的調(diào)度，屬于強(qiáng)制性的調(diào)度，不存在的也能進(jìn)行調(diào)度，是pending的狀態(tài)

1、nodename

[root@master pod]# cat pod1.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  namespace: test
spec:
  nodeName: node1  #調(diào)度到node1主機(jī)上面
  containers:
    - name: pod1
      image: docker.io/library/nginx
      imagePullPolicy: IfNotPresent 

[root@master pod]# kubectl get pod -n test -o wide
NAME     READY   STATUS    RESTARTS   AGE   IP               NODE    NOMINATED NODE   READINESS GATES
nginx1   1/1     Running   0          12h   10.244.104.5     node2   <none>           <none>
pod1     1/1     Running   0          34s   10.244.166.130   node1   <none>           <none>

2、nodeselector

#給主機(jī)名打上標(biāo)簽，以便進(jìn)行調(diào)度
[root@master ~]# kubectl label nodes node1 app=node1
node/node1 labeled
[root@master ~]# kubectl get nodes node1 --show-labels 
NAME    STATUS   ROLES    AGE   VERSION   LABELS
node1   Ready    <none>   23h   v1.26.0   app=node1,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1,kubernetes.io/os=linux

[root@master pod]# cat pod2.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod2
  namespace: test
spec:
  nodeSelector:  #根據(jù)主機(jī)名的標(biāo)簽進(jìn)行調(diào)度
    app: node1   #這種鍵值的形式來表現(xiàn)出來
  containers:
  - name: pod2
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent   

[root@master pod]# kubectl get pod -n test -o wide
NAME     READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
nginx1   1/1     Running   0          12h     10.244.104.5     node2   <none>           <none>
pod1     1/1     Running   0          9m28s   10.244.166.130   node1   <none>           <none>
pod2     1/1     Running   0          12s     10.244.166.131   node1   <none>           <none>

2、node親和性

1. 根據(jù)node上面的標(biāo)簽進(jìn)行調(diào)度

2. 根據(jù)的是node和pod之間的關(guān)系進(jìn)行調(diào)度的

1、軟親和性

1. 如果沒有符合條件的，就隨機(jī)選擇一個(gè)進(jìn)行調(diào)度

[root@master pod]# cat pod4.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod4
  namespace: test
spec:
  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - preference:
          matchExpressions:   #匹配節(jié)點(diǎn)上面的標(biāo)簽
          - key: app
            operator: In
            values: ["node1"]
        weight: 1   #根據(jù)權(quán)重來調(diào)度
  containers:
  - name: pod4
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

[root@master pod]# kubectl get pod -n test -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
pod3   1/1     Running   0          6m52s   10.244.166.133   node1   <none>           <none>
pod4   1/1     Running   0          40s     10.244.166.135   node1   <none>           <none>

2、硬親和性

[root@master pod]# cat pod3.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod3
  namespace: test
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:  #硬限制
        nodeSelectorTerms:   #根據(jù)這個(gè)node上面的標(biāo)簽來進(jìn)行調(diào)度
        - matchExpressions:
          - key: app
            operator: In
            values: ["node1"]   #調(diào)度到上面有app=node1這個(gè)標(biāo)簽的節(jié)點(diǎn)上面去
  containers:
  - name: pod3
    image: docker.io/library/nginx:1.9.1
    imagePullPolicy: IfNotPresent

3、pod親和性

1. 就是幾個(gè)pod之間有依賴的關(guān)系，就放在一起，這樣效率就快一點(diǎn)，網(wǎng)站服務(wù)和數(shù)據(jù)庫服務(wù)就需要在一起，提高效率

2. 根據(jù)正在運(yùn)行的pod上面的標(biāo)簽進(jìn)行調(diào)度

1、軟親和性

apiVersion: v1
kind: Pod
metadata:
  name: pod7
  namespace: test
spec:
  affinity:
    podAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values: ["pod4"]
          topologyKey: app
        weight: 1
  containers:
  - name: pod7
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

[root@master pod]# kubectl get pod -n test -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP               NODE    NOMINATED NODE   READINESS GATES
pod4   1/1     Running   0          24m   10.244.166.136   node1   <none>           <none>
pod5   1/1     Running   0          21m   10.244.166.137   node1   <none>           <none>
pod7   1/1     Running   0          51s   10.244.166.139   node1   <none>           <none>

2、硬親和性

[root@master pod]# cat pod5.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod5
  namespace: test
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: In
            values: ["pod4"]
        topologyKey: kubernetes.io/hostname   #這個(gè)就是拓?fù)溆?，每個(gè)節(jié)點(diǎn)的這個(gè)都不一樣。node1,node2等
  containers:
  - name: pod5
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

#關(guān)于這個(gè)topologyKey的值的選擇，一般就是節(jié)點(diǎn)上面的標(biāo)簽
apiVersion: v1
kind: Pod
metadata:
  name: pod6
  namespace: test
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: In
            values: ["pod4"]
        topologyKey: app2  #這個(gè)是node2上面的標(biāo)簽，調(diào)度到pod包含這個(gè)app=pod4這個(gè)標(biāo)簽，并且節(jié)點(diǎn)是標(biāo)簽是app2上面的節(jié)點(diǎn)上面
  containers:
  - name: pod6
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

[root@master pod]# cat pod5.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod6
  namespace: test
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: In
            values: ["pod4"]
        topologyKey: app  #調(diào)度到pod包含了app的標(biāo)簽，并且值在app節(jié)點(diǎn)上面去了
  containers:
  - name: pod6
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

# operator: DoesNotExist情況
apiVersion: v1
kind: Pod
metadata:
  name: pod6
  namespace: test
spec:
  affinity:
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: DoesNotExist 
        topologyKey: app   #調(diào)度到key不包含app并且節(jié)點(diǎn)標(biāo)簽為app的節(jié)點(diǎn)上面，還是調(diào)度到app節(jié)點(diǎn)上面去了
  containers:
  - name: pod6
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent
 

4、pod反親和性

就是當(dāng)2個(gè)都是占內(nèi)存比較高的Pod,就使用和這個(gè)反親和性進(jìn)行分開

apiVersion: v1
kind: Pod
metadata:
  name: pod8
  namespace: test
spec:
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app
            operator: In
            values: ["pod4"]
        topologyKey: kubernetes.io/hostname   #調(diào)度到不能包含app=pod4上面的節(jié)點(diǎn)，調(diào)度到node1上
  containers:
  - name: pod8
    image: docker.io/library/nginx
    imagePullPolicy: IfNotPresent

[root@master pod]# kubectl get pod -n test -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
pod4   1/1     Running   0          36m     10.244.166.136   node1   <none>           <none>
pod5   1/1     Running   0          33m     10.244.166.137   node1   <none>           <none>
pod6   1/1     Running   0          7m42s   10.244.166.140   node1   <none>           <none>
pod7   1/1     Running   0          12m     10.244.166.139   node1   <none>           <none>
pod8   1/1     Running   0          8s      10.244.104.6     node2   <none>           <none>=

5、污點(diǎn)

1. 在node上面進(jìn)行打污點(diǎn)

2. kubectl explain node.spec.taints

3. 手動(dòng)打污點(diǎn)， kubectl taint nodes node1 a=b:NoSchedule

4. 污點(diǎn)三個(gè)等級(jí)

   1. NoExecute 節(jié)點(diǎn)上面的pod都移除掉，不能調(diào)度到這個(gè)節(jié)點(diǎn)上

   2. NoSchedule 節(jié)點(diǎn)上面存在的pod保留，但是新創(chuàng)建的pod不能調(diào)度到這個(gè)節(jié)點(diǎn)上面

   3. PreferNoSchedule pod不到萬不得已的情況下，才能調(diào)度到這個(gè)節(jié)點(diǎn)上面

#給node1打上一個(gè)污點(diǎn)
[root@master pod]# kubectl get pod -n test -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
pod4   1/1     Running   0          41m     10.244.166.136   node1   <none>           <none>
pod5   1/1     Running   0          37m     10.244.166.137   node1   <none>           <none>
pod6   1/1     Running   0          12m     10.244.166.140   node1   <none>           <none>
pod7   1/1     Running   0          17m     10.244.166.139   node1   <none>           <none>
pod8   1/1     Running   0          4m33s   10.244.104.6     node2   <none>           <none>

[root@master pod]# kubectl taint node node1 app=node1:NoExecute
node/node1 tainted
#發(fā)現(xiàn)這個(gè)節(jié)點(diǎn)上面的pod都銷毀了
[root@master pod]# kubectl get pod -n test -o wide
NAME   READY   STATUS    RESTARTS   AGE     IP             NODE    NOMINATED NODE   READINESS GATES
pod8   1/1     Running   0          6m21s   10.244.104.6   node2   <none>           <none>

#去除污點(diǎn)
[root@master pod]# kubectl taint node node1 app-
node/node1 untainted
[root@master pod]# kubectl describe node node1 | grep -i taint
Taints:             <none>

6、容忍度

1. 在pod上面進(jìn)行容忍度，就是會(huì)容忍node上面的污點(diǎn),從而能進(jìn)行調(diào)度

2. kubectl explain pod.spec.tolerations

#就是節(jié)點(diǎn)上面有污點(diǎn)但是pod上面有容忍度可以容忍這個(gè)污點(diǎn)來進(jìn)行調(diào)度到指定的節(jié)點(diǎn)上面去
#給node1打上污點(diǎn)
[root@master pod]# kubectl taint node node1 app=node1:NoExecute
node/node1 tainted

#進(jìn)行調(diào)度到node1上
apiVersion: v1
kind: Pod
metadata:
  name: pod10
  namespace: test
spec:
  tolerations:
  - key: "app"
    operator: Equal  #就是key和values，effect必須和node上面完全匹配才行 #exists，只要對(duì)應(yīng)的鍵是存在的，其值被自動(dòng)定義成通配符
    value: "node1"
    effect: NoExecute
  containers:
  - name: pod10
    image: docker.io/library/nginx:1.9.1  

[root@master pod]# kubectl get pod -n test -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP               NODE    NOMINATED NODE   READINESS GATES
pod10   1/1     Running   0          58s   10.244.166.142   node1   <none>           <none>
pod8    1/1     Running   0          27m   10.244.104.6     node2   <none>           <none>


apiVersion: v1
kind: Pod
metadata:
  name: pod11
  namespace: test
spec:
  tolerations:
  - key: "app"
    operator: Exists   #容忍無論app，NoExecute的值為多少,都能進(jìn)行調(diào)度
    value: ""
    effect: NoExecute
  containers:
  - name: pod11
    image: docker.io/library/nginx:1.9.1  

四：pod的生命周期

1. init容器，初始化的容器，就是必須要經(jīng)過這個(gè)階段才能運(yùn)行主容器

2. 主容器，里面有啟動(dòng)前鉤子和啟動(dòng)后鉤子

1、初始化容器

[root@master pod]# cat init.yaml 
apiVersion: v1
kind: Pod
metadata:
  name:  init-pod
  namespace: test
spec:
  initContainers:
  - name: init-pod1
    image: docker.io/library/nginx:1.9.1 
    command: ["/bin/bash","-c","touch /11.txt"]
  containers:
  - name: main-pod
    image: docker.io/library/nginx:1.9.1 

[root@master pod]# kubectl get pod -n test -w
NAME       READY   STATUS    RESTARTS   AGE
init-pod   0/1     Pending   0          0s
init-pod   0/1     Pending   0          0s
init-pod   0/1     Init:0/1   0          0s
init-pod   0/1     Init:0/1   0          1s
init-pod   0/1     PodInitializing   0          2s
init-pod   1/1     Running           0          3s

#如果初始化錯(cuò)誤的話，會(huì)一直陷入重啟的狀態(tài)，這個(gè)跟pod的重啟策略有關(guān)
[root@master pod]# cat init.yaml 
apiVersion: v1
kind: Pod
metadata:
  name:  init-pod
  namespace: test
spec:
  initContainers:
  - name: init-pod1
    image: docker.io/library/nginx:1.9.1 
    command: ["/bin/bash","-c","qwe /11.txt"]
  containers:
  - name: main-pod
    image: docker.io/library/nginx:1.9.1 

[root@master pod]# kubectl get pod -n test -w
NAME       READY   STATUS    RESTARTS   AGE
init-pod   0/1     Pending   0          0s
init-pod   0/1     Pending   0          0s
init-pod   0/1     Init:0/1   0          0s
init-pod   0/1     Init:0/1   0          0s
init-pod   0/1     Init:0/1   0          1s
init-pod   0/1     Init:Error   0          2s
init-pod   0/1     Init:Error   1 (2s ago)   3s
init-pod   0/1     Init:CrashLoopBackOff   1 (2s ago)   4s
init-pod   0/1     Init:Error              2 (14s ago)   16s

2、啟動(dòng)前鉤子

1. 就是在主容器運(yùn)行的前，執(zhí)行這個(gè)鉤子

2. 失敗的話，會(huì)一直重啟(重啟策略決定的)，就不會(huì)運(yùn)行主容器了

3. 有三種的寫法

1、exec

[root@master pod]# cat pre.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pre-pod
  namespace: test
spec:
  containers:
  - name: pre-pod
    image: docker.io/library/nginx:1.9.1
    lifecycle:
      postStart:
         exec:
           command: ["/bin/bash","-c","touch /11.txt"]

[root@master pod]# kubectl exec -n test -ti pre-pod -- /bin/bash
root@pre-pod:/# ls
11.txt	boot  etc   lib    media  opt	root  sbin  sys  usr
bin	dev   home  lib64  mnt	  proc	run   srv   tmp  var
root@pre-pod:/# cat 11.txt 

#如果啟動(dòng)前鉤子鉤子報(bào)錯(cuò)的話，后面的主容器不會(huì)運(yùn)行了

3、啟動(dòng)后鉤子

[root@master pod]# cat pre.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pre-pod
  namespace: test
spec:
  containers:
  - name: pre-pod
    image: docker.io/library/nginx:1.9.1
    lifecycle:
      preStop:
         exec:
           command: ["/bin/bash","-c","touch /11.txt"]

4、pod重啟策略和pod的狀態(tài)

1. 用于設(shè)置pod的值

2. Always，當(dāng)容器出現(xiàn)任何狀況的話，就自動(dòng)進(jìn)行重啟，這個(gè)是默認(rèn)的值

3. OnFailure，當(dāng)容器終止運(yùn)行且退出碼不為0時(shí)，kubelet自動(dòng)重啟該容器

4. Never，不論容器的狀態(tài)如何，kubelet都不會(huì)重啟該容器

5. pod的狀態(tài)

   1、pending，請(qǐng)求創(chuàng)建Pod時(shí)，條件不滿足，調(diào)度沒有進(jìn)行完成沒有一個(gè)節(jié)點(diǎn)符合，或者是處于下載鏡像的情況

   2. running 就是已經(jīng)調(diào)度到一個(gè)節(jié)點(diǎn)上面了，里面的容器至少有一個(gè)創(chuàng)建出來了

   3. succeeded pod里面的所有容器都成功的被終止了，并且不會(huì)在重啟了

   4. Failed 里面的所有容器都已經(jīng)終止了，并且至少有一個(gè)容器是因?yàn)槭〗K止的，就是非0狀態(tài)重啟的

   5. Unknown 未知狀態(tài)，就是apiserver和kubelet出現(xiàn)了問題

   6. Evicted狀態(tài)，內(nèi)存和硬盤資源不夠

   7. CrashLoopBackOff 容器曾經(jīng)啟動(dòng)了，但是又異常退出了

   8. Error pod啟動(dòng)過程中發(fā)生了錯(cuò)誤

   9. Completed 說明pod已經(jīng)完成了工作，

#在容器里面設(shè)置一個(gè)啟動(dòng)前鉤子，鉤子會(huì)失敗，然后重啟策略設(shè)置為Never
apiVersion: v1
kind: Pod
metadata:
  name: pre-pod
  namespace: test
spec:
  restartPolicy: Never
  containers:
  - name: pre-pod
    image: docker.io/library/nginx:1.9.1
    lifecycle:
      postStart:
        exec:
          command: ["/bin/bash","-c","qwe /11.txt"]
#這個(gè)鉤子失敗了，然后pod不進(jìn)行重啟策略
[root@master pod]# kubectl get pod -n test -w
NAME      READY   STATUS    RESTARTS   AGE
pre-pod   0/1     Pending   0          0s
pre-pod   0/1     Pending   0          0s
pre-pod   0/1     ContainerCreating   0          0s
pre-pod   0/1     ContainerCreating   0          0s
pre-pod   0/1     Completed           0          2s
pre-pod   0/1     Completed           0          3s
pre-pod   0/1     Completed           0          4s

#查看詳細(xì)信息
#正常退出了
Events:
  Type     Reason               Age   From               Message
  ----     ------               ----  ----               -------
  Normal   Scheduled            12m   default-scheduler  Successfully assigned test/pre-pod to node1
  Normal   Pulled               12m   kubelet            Container image "docker.io/library/nginx:1.9.1" already present on machine
  Normal   Created              12m   kubelet            Created container pre-pod
  Normal   Started              12m   kubelet            Started container pre-pod
  Warning  FailedPostStartHook  12m   kubelet            PostStartHook failed
  Normal   Killing              12m   kubelet       s     FailedPostStartHook

五、pod健康檢查(主要就是容器里面)

1、liveness probe(存活探測(cè))

1. 用于檢測(cè)pod內(nèi)的容器是否處于運(yùn)行的狀態(tài)，當(dāng)這個(gè)探測(cè)失效時(shí)，k8s會(huì)根據(jù)這個(gè)重啟策略決定是否重啟改容器

2. 適用于在容器發(fā)生故障時(shí)進(jìn)行重啟，web程序等

3. 主要就是檢測(cè)pod是否運(yùn)行的

4. 支持三種格式，exec,tcp，httpget

5. 探測(cè)結(jié)果有三個(gè)值，Success表示通過了檢測(cè)，F(xiàn)ailure表示未通過檢測(cè)，Unknown表示檢測(cè)沒有正常的運(yùn)行

6. kubectl explain pod.spec.containers.livenessProbe

1、參數(shù)詳解

livenessProbe:
  initialDelaySeconds: #pod啟動(dòng)后首次進(jìn)行檢查的等待時(shí)間，單位為秒
  periodSeconds: #檢查的間隔時(shí)間，默認(rèn)為10秒
  timeoutSeconds： #探針執(zhí)行檢測(cè)請(qǐng)求后，等待響應(yīng)的超時(shí)時(shí)間，默認(rèn)為1秒
  successThreshold： #連續(xù)探測(cè)幾次成功，才認(rèn)為探測(cè)成功，默認(rèn)為1，在liveness中，必須為1，最小值為1
  failureThreshold： #探測(cè)失敗的重試次數(shù)，重試一定次數(shù)后將認(rèn)為失敗，在readiness探針中，Pod會(huì)被標(biāo)記未就緒，默認(rèn)為3，最小值為1

2、exec格式

[root@master pod]# cat liveness.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: live1
  namespace: test
spec:
  containers:
  - name: live1
    image: docker.io/library/nginx:1.9.1
    livenessProbe:
      exec:
        command: ["/bin/bash","-c","touch /11.txt"]
      failureThreshold: 3  #失敗三次就認(rèn)定為失敗
      initialDelaySeconds: 3  #進(jìn)行探測(cè)的時(shí)候，等待三秒
      periodSeconds: 5   #檢查的時(shí)間間隔為10s
      successThreshold: 1 #必須為1，有1次成功即可
      timeoutSeconds: 10  #執(zhí)行請(qǐng)求后，等待的時(shí)間為10s

[root@master pod]# kubectl get pod -n test -w
NAME      READY   STATUS      RESTARTS   AGE
pre-pod   0/1     Completed   0          4h45m
live1     0/1     Pending     0          0s
live1     0/1     Pending     0          0s
live1     0/1     ContainerCreating   0          0s
live1     0/1     ContainerCreating   0          1s
live1     1/1     Running             0          2s
live1     1/1     Running             0          30s

3、httpget格式

#格式說明
httpGet:
  scheme： #用于連接host的協(xié)議，默認(rèn)為http
  host：  #要連接的主機(jī)名，默認(rèn)為pod的ip，就是容器里面的主機(jī)名
  port：  #容器上要訪問端口號(hào)或名稱
  path:   #http服務(wù)器上的訪問url
  httpHeaders：   #自定義http請(qǐng)求headers，允許重復(fù)

[root@master pod]# cat liveness.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: live1
  namespace: test
spec:
  containers:
  - name: live1
    image: docker.io/library/nginx:1.9.1
    livenessProbe:
      httpGet:
        port: 80
        scheme: HTTP
        path: /index.html   #就是在容器內(nèi)部curl localhost:80/index.html檢測(cè)
      failureThreshold: 3    #返回了一個(gè)成功的 HTTP 響應(yīng)（狀態(tài)碼在 200-399 之間)就是成功的
      initialDelaySeconds: 3
      periodSeconds: 5
      successThreshold: 1 
      timeoutSeconds: 10
#可以運(yùn)行
live1     0/1     ContainerCreating   0          0s
live1     0/1     ContainerCreating   0          1s
live1     1/1     Running             0          2s
live1     1/1     Running             0          42s

4、tcp方式健康檢查

[root@master pod]# cat liveness.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: live1
  namespace: test
spec:
  containers:
  - name: live1
    image: docker.io/library/nginx:1.9.1
    livenessProbe:
      tcpSocket:
        port: 80   #發(fā)送一個(gè)探針，嘗試連接容器80端口
      failureThreshold: 3
      initialDelaySeconds: 3
      periodSeconds: 5
      successThreshold: 1 
      timeoutSeconds: 10

2、readiness probe(就緒性探測(cè))

1. 就是pod里面的容器運(yùn)行了，但是提供服務(wù)的程序，需要讀取這個(gè)網(wǎng)頁的配置文件，才能提供服務(wù)

2. 所以的話需要這個(gè)就緒性探測(cè)，服務(wù)器起來了，就能提供這個(gè)服務(wù)了

3. 防止Pod起來了，但是里面的服務(wù)是假的服務(wù)這種情況

4. 也支持三種

[root@master pod]# cat liveness.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: live1
  namespace: test
spec:
  containers:
  - name: live1
    image: docker.io/library/nginx:1.9.1
    readinessProbe:
      httpGet:
        port: 80   #發(fā)送一個(gè)請(qǐng)求
      failureThreshold: 3
      initialDelaySeconds: 3
      periodSeconds: 5
      successThreshold: 1 
      timeoutSeconds: 10

#在檢測(cè)的時(shí)候的等待幾秒鐘
[root@master pod]# kubectl get pod -n test -w
NAME      READY   STATUS      RESTARTS   AGE
pre-pod   0/1     Completed   0          5h11m
live1     0/1     Pending     0          0s
live1     0/1     Pending     0          0s
live1     0/1     ContainerCreating   0          0s
live1     0/1     ContainerCreating   0          0s
live1     0/1     Running             0          1s
live1     1/1     Running             0          5s

3、startProbe(啟動(dòng)探測(cè))

1. 探測(cè)容器中的應(yīng)用是否已經(jīng)啟動(dòng)，如果提供了這個(gè)啟動(dòng)探測(cè)，則禁用所有其他的探測(cè)，直到他成功為止

2. 如果啟動(dòng)探測(cè)失敗的話，kubelet將殺死容器，容器服從其重啟策略進(jìn)行重啟，如果容器沒有提供啟動(dòng)探測(cè)，則默認(rèn)為狀態(tài)為success

3. 可以自定義在pod啟動(dòng)是是否執(zhí)行這些檢測(cè)，如果不設(shè)置的，則檢測(cè)結(jié)果均默認(rèn)為通過，如果設(shè)置，則順序?yàn)?startupProbe > readinessProbe > livenessProbe。后面的2個(gè)探針沒有啟動(dòng)的順序

4. 這個(gè)優(yōu)先級(jí)是最高的，先執(zhí)行這個(gè)，在執(zhí)行后面的探針

5. 作用: 用于確定容器是否已經(jīng)啟動(dòng)并且可以接收流量。與就緒探針不同，啟動(dòng)探針只有在容器啟動(dòng)時(shí)進(jìn)行一次檢查

apiVersion: v1
kind: Pod
metadata:
  name: start1
  namespace: test
spec:
  containers:
  - name: start1
    image: docker.io/library/nginx:1.9.1
    startupProbe:
      exec:     #檢測(cè)nginx是否啟動(dòng)了
        command: ["/bin/bash","-c","ps -aux|grep nginx"]

[root@master ~]# kubectl get pod -n test -w
NAME      READY   STATUS      RESTARTS   AGE
live1     1/1     Running     0          17h
pre-pod   0/1     Completed   0          22h
start1    0/1     Pending     0          1s
start1    0/1     Pending     0          1s
start1    0/1     ContainerCreating   0          1s
start1    0/1     ContainerCreating   0          1s
start1    0/1     Running             0          2s
start1    0/1     Running             0          11s
start1    0/1     Running             0          11s
start1    1/1     Running             0          12s

4、三種方式一起使用

apiVersion: v1
kind: Service
metadata:
  name: springboot
  labels:
    app: springboot
spec:
  type: NodePort
  ports:
  - name: server
    port: 8080
    targetPort: 8080
    nodePort: 31180
  - name: management
    port: 8081
    targetPort: 8081
    nodePort: 31181
  selector:
    app: springboot
---
apiVersion: v1
kind: Pod
metadata:
  name: springboot-live
  labels:
    app: springboot
spec:
  containers:
  - name: springboot
    image: mydlqclub/springboot-helloworld:0.0.1
    imagePullPolicy: IfNotPresent
    ports:
    - name: server
      containerPort: 8080
    - name: management
      containerPort: 8081
    readinessProbe:   #這個(gè)是就緒性探針，里面的服務(wù)是否啟動(dòng)的
      initialDelaySeconds: 20    
      periodSeconds: 5          
      timeoutSeconds: 10   
      httpGet:
        scheme: HTTP
        port: 8081
        path: /actuator/health
    livenessProbe:   #存貨行探測(cè)，容器是否啟動(dòng)
      initialDelaySeconds: 20   
      periodSeconds: 5          
      timeoutSeconds: 10   
      httpGet:
        scheme: HTTP
        port: 8081
        path: /actuator/health
    startupProbe:   #啟動(dòng)探針，先執(zhí)行這個(gè)探針
      initialDelaySeconds: 20     #檢測(cè)之前等待幾秒鐘
      periodSeconds: 5            #每個(gè)5秒進(jìn)行檢測(cè)
      timeoutSeconds: 10       #發(fā)出請(qǐng)求后，超過10秒為超時(shí)
      httpGet:
        scheme: HTTP
        port: 8081
        path: /actuator/health
#如果容器出現(xiàn)了，問題，就根據(jù)重啟策略進(jìn)行操作