Make writing a habit together! This is the fourth day of my participation in the “Gold Digging Day New Plan · April More text Challenge”. Click here for more details.

Pod is the basic unit in Kubernetes, and the container itself is not allocated directly to the host, but encapsulated in a Pod object. A Pod typically represents a single application, consisting of one or more related containers that have the same lifecycle and are scheduled on the same Node as a whole, sharing the environment, storage volumes, and IP controls. Although there may be multiple containers in a Pod, in Kubernetes the Pod is the smallest unit for scheduling, scaling, and sharing resources, and managing the lifecycle.

Basic operation of Pod

Let’s start by looking at Pod creation, query, modification, and deletion.

Create a Pod

# expod.yml

apiVersion: v1
kind: Pod
metadata:
  name: expod
spec:
  containers:
  - name: expod-container
    image: busybox
    imagePullPolicy: IfNotPresent
    command: ['sh', '-c']
    args: ['echo "Hello Kubernetes!"; sleep 3600']
Copy the code

Simple template meaning:

ApiVersion indicates the API version. V1 indicates the stable version using kubernetes API.
Kind represents the resource object to be created.
Metadata represents the metadata of the resource object. You can have multiple metadata. Name indicates the name of the current resource.
Spec represents the specific Settings for the resource object. Containers is a collection of containers, and we have a simple container here. Name: Name of the container to be created. Image: indicates the image address of the container. ImagePullPolicy: indicates the download policy of an image. Always, Never, and IfNotPresent are supported. Command: a list of commands used to start a container. If this command is not configured, internal commands are used. Args: indicates the list of startup parameters

Run the command to create the Pod.

kubectl apply -f expod.yml
Copy the code

Once created, query all the pods that are currently running

kubectl get pod
Copy the code

Query the Pod

There are multiple commands to query Pod information, and the query details are different:

Query all pods in the default namespace

kubectl get pod
Copy the code

Query information about a Pod

kubectl get pod expod
Copy the code

Continuous monitoring of Pod status

kubectl get pod -w
Copy the code

More summary information is displayed

kubectl get pod -o wide
Copy the code

IP addresses and owning nodes in the cluster are displayed more than the brief information

Output Pod information in the specified format

kubectl get pod expod -o yaml
Copy the code

Displays the most detailed information, including events

kubectl describe pod expod
Copy the code

This command is the most commonly used resource information query command. The command displays comprehensive information, including basic resource information, container information, preparation, storage volume information, and related event list. If a problem occurs during resource deployment, you can use this command to query details and analyze the fault cause.

Example Query Pod logs

Kubectl logs Pod nameCopy the code

Modify the Pod

You can modify existing Pod properties using the replace command

Kubectl replace -f pod yaml fileCopy the code

“Hello Kubernetes!” “Hello Kubernetes!” Change to “Hello Kubernetes press!” .

# expod.yml

apiVersion: v1
kind: Pod
metadata:
  name: expod
spec:
  containers:
  - name: expod-container
    image: busybox
    imagePullPolicy: IfNotPresent
    command: ['sh', '-c']
    args: ['echo "Hello Kubernetes replaced!"; sleep 3600']
Copy the code

There are many properties of Pod that cannot be modified. If you must modify them, you need to add the –force parameter, which is equivalent to rebuilding Pod.

kubectl replace -f expod.yml --force
Copy the code

Take a look at the command output

Delete the Pod and create a replacement Pod for expod.

kubectl logs expod
Copy the code

You can see that the Pod information has been modified.

Delete the Pod

Removing a Pod is as simple as executing the following command:

kubectl delete pod expod
Copy the code

If we are creating from a Pod template file, it is recommended to use a template-file-based delete command.

kubectl delete -f expod.yml
Copy the code

Pod and container

As we may have seen, Pod templates are very similar to Docker-compose, but Pod templates can be configured with more and more complex parameters.

How Pod creates containers

In the Containers part of the Pod template, specify the deployment mode of the container, which will be converted into the corresponding container to run commands during the deployment process. Take our initial Pod template as an example:

apiVersion: v1
kind: Pod
metadata:
  name: expod
spec:
  containers:
  - name: expod-container
    image: busybox
    imagePullPolicy: IfNotPresent
    command: ['sh', '-c']
    args: ['echo "Hello Kubernetes!"; sleep 3600']
Copy the code

When kubernetes performs scheduling, the following command is executed:

docker run --name expod-container busybox sh -c 'echo "Hello Kubernetes!" ; sleep 3600'Copy the code

The command and args Settings override EntryPoint and CMD defined in the Docker image, respectively.

The way Pod organizes containers

Pod is a whole composed of containers and is scheduled to a Node at the same time. Containers can share resources, network environment and dependencies, and have the same life cycle.

How does a container form a Pod

Each Pod contains one or a set of closely related business containers, but there is also a special Pause container that becomes the “root container.” Pause containers are part of Kubernetes. If a group of Pause containers is mounted as a whole, it is difficult to determine whether the whole Pod is mounted. This problem can be solved by introducing a business-neutral Pause container, using it as the root container for the Pod, and its state as a proxy for the state of the entire group of containers. In addition, all containers in a Pod share the IP address of the Pause Container and its attached storage volume, which simplifies communication and data sharing between containers, similar to the Container mode of the Docker Container network.

You can log in to the corresponding Node machine to view the container information for the Pod you started creating.

kubectl get pod -o wide
Copy the code

After logging in to k8S-node2, run the docker ps command to view the details:

You can see that there are three pause containers, two of which are Flannel and Proxy containers, and one of which is our ExPOD container, which together with another ExPOD container forms a Pod.

Containers in PODS share two resources – storage and networking.

storage

In Pod, we can specify one or more storage volumes that are accessible to all containers in Pod. Storage volumes can be temporary or persistent.

network

In a Kubernetes cluster, each Pod is assigned a unique IP address, and containers in pods share a network namespace, including IP addresses and network ports. Containers within a Pod can communicate with each other via localhost. We can compare the difference between Docker and Kubernetes in cyberspace.

Docker’s cyberspace

As can be seen from the figure, containers are connected through docker0 network card, and each container has an independent internal network address

Kubernetes’ cyberspace

As you can see from the figure, all containers in the Pod share a network address

How do PODS communicate with each other

The communication between PODS is mainly divided into two cases:

Communication between pods on the same Node

All pods on the same Node use the same bridge (Docker0) to connect to each other, which is equivalent to the Docker network space, but based on pods. Each Pod has a global IP address. Different pods in the same Node are connected to the same Docker0 bridge through veth. Their IP addresses are dynamically obtained from the Docker0 bridge and associated with the same Docker0 bridge. Address segments are the same, so they can communicate directly with each other.

Pod communication between different nodes

To communicate between pods of different nodes, first ensure that pods have globally unique IP addresses in a Kubernetes cluster. And because the Pod on a Node communicates with the outside through the Docker bridge, this function can be realized by configuring the Docker bridge on different nodes into different IP address segments. Flannel can configure the Docker bridge by modifying the startup parameter BIP of Docker. In this way, the Docker bridge of the machines in the cluster can get a globally unique IP address segment, and the containers created on the machines can also have globally unique IP addresses.

Communication between pods across nodes

When we set up the Kubernetes cluster, we created a Kube-Flannel container on each Node machine. This uses the Flannel virtual network card on each Node machine to take over the container and communicate with each host. When the container of one Node visits the container of another Node, Data on the source node is routed from the Docker0 network bridge to the Flannel0 network card, and data on the destination node is routed from the Flannel0 network card to the Docker0 network card, and then forwarded to the target container. Flannel replanned the container cluster network to ensure global uniqueness of container IP addresses and enable containers on different machines to communicate with each other using Intranet IP addresses. Flannel assigns only subnet addresses. Therefore, IP addresses for containers are dynamically allocated within the subnet.

Because the Pod IP address itself is a virtual IP address, only machines inside the Kubernetes cluster (Master and Node) and other pods can directly access this IP address. Machines outside the cluster cannot directly access the Pod IP address. We created an Nginx Pod:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: exnginx
    image: nginx
    imagePullPolicy: IfNotPresent
    ports:
    - name: nginxport
      containerPort: 80
Copy the code

Run the following command to query the following IP addresses:

[root@k8s-master]# kubectl apply -f exnginx.yml
[root@k8s-master]# kubectl get pod -o wide
Copy the code

All machines and pods in the cluster have access to this virtual address and the port exposed by the containerPort

[root @ k8s - master] # curl http://10.244.1.6Copy the code

At the same time, we see that we have two pods, one on Node1 and one on Node2, and the Pod IP address on Node2 is 10.244.2.6, and the Pod IP address on Node1 is 10.244.1.6. Run the ifconfig flannel.1 command to check the cluster subnet segment.

k8s-node1

K8s-node2

To enable machines outside the cluster to access services provided by pods, we’ll cover Service and Ingress later to publish services.

The Pod life cycle

The state of the Pod

Once a Pod is created on a cluster node, it will first enter the Pending state. As long as all containers in the Pod are started and Running properly, the Pod will then enter the Running state. If the Pod is terminated and all containers terminate with a status code of 0, The Pod will enter the Succeeded state.

There are three reasons for the Failed state.

When a container fails to run, the Pod will change from Pending to Failed.
The Pod is in the Running state. If a container in the Pod is suddenly damaged or the status code is not 0 upon exit, the Pod will enter the Failed state from Running.
When the Pod is required to shut down normally, the Pod will enter the Failed state as long as a container exit status code is not 0.

The Pod restart policy

There is a spec module in the Pod configuration template file that has a field called restartPolicy with values of Always, OnFailure, and Never. Kubelet restarts the Node using restartPolicy. Kubelet restarts the exited container with an incremental delay (10s, 20s, 40s…). Try a reboot with an upper limit of 5 minutes. The cumulative value of the delay is reset after a successful run of 10 minutes. Once a Pod is bound to one node, it will never be rebound to another node.

The impact of the restart policy on the Pod status is as follows:

Suppose there is a running Pod containing a container that exits successfully.