Read the original
In a K8S cluster, instead of a container, the cluster directly manages pods
Pod is the smallest management, creation, and planning unit in a K8S cluster
What is the Pod
A Pod contains one or more containers that need to work together and share resources, forming a single instance that provides services externally, and sharing network and storage between containers.
The English translation of Pod is “bean Pod”, which is a group in which the “beans” share the space and resources within the group, so the name is still very image.
Pause the container
Each Pod has a Pause container.
Pause is an infrastructure container that provides a variety of namespace resources for other business containers throughout the Pod
-
Different applications in the PID namespace -POD can see the process ids of other applications.
-
Multiple containers in the network namespace – Pod can access the same IP and port range.
-
Multiple containers in the IPC namespace – Pod can communicate using SystemV IPC or POSIX message queues.
-
UTS namespace – Pod multiple containers share a host name, Volumes.
Specific to www.ianlewis.org/en/almighty… Learn more.
network
Each Pod has a separate IP address, and each container in the Pod shares the Pod’s network.
So containers within a Pod can communicate with each other using localHost.
If a container in a Pod provides a service externally, the address of the service is the Pod address: the port mapped to the Pod.
storage
In a Pod, you can specify a set of Volumes as a shared storage that all containers can access and share data with.
Volumes can also be used to persist data in pods in case one of the containers restarts and loses data.
Why Pod
Instead of managing containers directly, why does K8S choose to manage containers through PODS?
-
Easier to manage a service composed of a set of containers. The state of the entire service is marked by the Pause container, which is not subject to exceptions because it is business-independent and can represent the state of the entire Pod.
-
Resolve communication issues between coupled business containers. Pods provide shared physical storage and network resources
Why not use a container with multiple services running in it?
First, it violates the one container, one service principle. If you deploy multiple services in a container, the deployment process is much simpler, but there are some problems
-
The container is still running, but the service is abnormal and the cluster cannot detect it in time
-
When a service needs to be upgraded, the entire container needs to be restarted, affecting other services (service isolation)
-
Log collection is relatively chaotic
Pod life cycle
A Pod has a PodStatus object that defines a phase field that represents the current run phase of the Pod. This field has the following values
-
The Pod is accepted by the Kubernetes system, but one or more container images have not been created. The wait time includes the time to schedule the Pod and the time to download the image through the network
-
The Pod has been bound to a node, and all containers in the Pod have been created. At least one container is running or is being started or restarted
-
All containers in the Pod were successfully terminated and will not be restarted
-
All containers in the Failed Pod have been terminated, and at least one container has been terminated because of the failure. That is, one of the containers in the Pod has an exception (which is why running multiple services in one container is not recommended)
-
Unknown The STATUS of the Pod cannot be obtained for some reason, usually because communication with the Pod host fails
The use of the Pod
The Pod is not self-healing and is expelled if the node where the Pod is located has insufficient resources or some other exception occurs
Therefore, it is generally not possible to create a separate Pod, because the Pod life cycle is short, and once the Pod is cleared of exceptions, it may be discarded and destroyed
Typically, there is a Controller to manage the pods, and the Controller provides a Pod Template to create the corresponding Pod
Pod Template
Get a Pod template from the official website. Use this to create a Pod that contains a BusyBox container
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox
command: ['sh', '-c'. 'echo Hello Kubernetes! && sleep 3600']
Copy the codeFor a brief list of Pod configurations, you can also click Pod to see how K8S defines the configuration file structure at Godoc.org
type Pod struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// A clear definition of Pod
Spec PodSpec `json:"spec,omitempty"`
// Pod status, this is not configuration item, read-only, system maintenance
Status PodStatus `json:"status,omitempty"`
}
type PodSpec struct {
// A list of volumes that can be mounted by the container
Volumes []Volume `json:"volumes,omitempty"`
// The container list of Pod initializers will be started and executed in sequence before Pod is started. Any failure to initialize containers will be regarded as a Pod startup failure and will be processed according to Pod restartPolicy
// Initializing the container list cannot currently be modified
InitContainers []Container `json:"initContainers,omitempty"`
// List of application containers
Containers []Container `json:"containers"`
// Transient container configuration
EphemeralContainers []EphemeralContainer `json:"ephemeralContainers,omitempty"`
// The container restart policy in Pod
// Values include Always, OnFailure, and Never. The default value is Always
RestartPolicy RestartPolicy `json:"restartPolicy,omitempty"`
// The waiting time before Pod is stopped, must be a non-negative integer, 0 immediately stop, default 30 seconds
/ / at the beginning of the system after send Pod SIGTERM signal timing, TerminationGracePeriodSeconds seconds after the end of the Pod
// It actually gives the Pod some buffer time to clean up before it finishes
TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
// Pods that survive for ActiveDeadlineSeconds seconds will be marked as failed and the associated container will be killed
// The value must be a positive integer
ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"`
// Set DNS policy for Pod
The values can be ClusterFirst(the Default), ClusterFirstWithHostNet, Default, or None
// This configuration will be merged with DNSConfig into the Pod DNS configuration
DNSPolicy DNSPolicy `json:"dnsPolicy,omitempty"`
// Node label selector. Setting this value enables pods to be deployed on nodes that meet the specified label requirements.
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// The name of the ServiceAccount used by this Pod
ServiceAccountName string `json:"serviceAccountName,omitempty"`
// The ServiceAccount credentials are automatically mounted
AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"`
// The name of the node to be scheduled to
NodeName string `json:"nodeName,omitempty"`
// Whether to use the host network namespace Defaults to false
HostNetwork bool `json:"hostNetwork,omitempty"`
// Whether to use the PID namespace of Host The default value is false
HostPID bool `json:"hostPID,omitempty"`
// Whether to use the Host IPC namespace Defaults to false
HostIPC bool `json:"hostIPC,omitempty"`
// Share the Process namespace between all containers and pods by default false
// When set to true, the container can view and send new ids to other processes in the same Pod, and the PID of the first process in the container will not be 1
// Both HostPID and HostPID cannot be true
ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty"`
// Controls the general configuration of the pod-level security property and container. Default is null
SecurityContext *PodSecurityContext `json:"securityContext,omitempty"`
/ / look at https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty"`
// Pod host name. The default value is system defined
Hostname string `json:"hostname,omitempty"`
// If defined, the full hostname value for Pod will be
.
.< Pod namespace>.
// Otherwise there will be no domain section
Subdomain string `json:"subdomain,omitempty"`
// Pod affinity configuration, through which nodes can be scheduled to the specified environment
Affinity *Affinity `json:"affinity,omitempty"`
// The name of the scheduler. The default scheduler is used
SchedulerName string `json:"schedulerName,omitempty"`
// Pod tolerance configuration, can tolerate node stains, through this configuration can schedule nodes to the specified environment
Tolerations []Toleration `json:"tolerations,omitempty"`
// Add additional hosts configuration for Pod
HostAliases []HostAlias `json:"hostAliases,omitempty"`
// Weight type name, which can be configured to use the corresponding PriorityClass
// System-node-critical and system-cluster-critical are two special values that define the highest weights
// If no weight class is found for this value, 0 is used by default
PriorityClassName string `json:"priorityClassName,omitempty"`
// Weight value, which determines whether to deploy the Pod first during Pod scheduling
// When using the PriorityAdmission controller, this value cannot be assigned by the user and will be obtained from the PriorityClass corresponding to PriorityClassName
Priority *int32 `json:"priority,omitempty"`
// The DNS configuration will be merged into the generated DNS configuration. The configuration will be based on DNSPolicy.
DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"`
// Pod is ready to determine the list
// Pod will be ready when all containers are ready and all conditional states defined here are True
ReadinessGates []PodReadinessGate `json:"readinessGates,omitempty"`
// Set the name of RuntimeClass, which defaults to Legacy
/ / see https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md for more information
RuntimeClassName *string `json:"runtimeClassName,omitempty"`
// Pod is created to inject some service information into Pod in the form of environment variables
Kubectl exec
-- printenv
// If the service environment variable is not needed, it can be disabled by setting this value to false, which is true by default
EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"`
// whether the flag preempts low-priority pods,
// Values PreemptLowerPriority(default) and Never indicate that low-priority pods will be preempted and low-priority pods will not be preempted, respectively
PreemptionPolicy *PreemptionPolicy `json:"preemptionPolicy,omitempty"`
Kubernetes v1.16 alpha
// When this value is set, scheduling pods takes into account the cost of pods in addition to the resources requested by the container
In addition to priority and resource usage, the cost of pods is also taken into account when expelling other pods
/ / see https://kubernetes.io/docs/concepts/configuration/pod-overhead/ for details
Overhead ResourceList `json:"overhead,omitempty"`
// Pod topology constraint configuration
/ / see https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ for details
TopologySpreadConstraints []TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
}
Copy the code