Kubernetes Pod深入:多容器与生命周期
Kubernetes Pod深入:多容器与生命周期
Pod设计模式
Sidecar模式
Sidecar容器与主容器共享网络和存储,提供辅助功能:
# sidecar-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: app-with-logging
spec:
containers:
- name: app
image: myapp:1.0
volumeMounts:
- name: log-volume
mountPath: /var/log/app
- name: log-agent
image: fluentd:latest
volumeMounts:
- name: log-volume
mountPath: /var/log/app
- name: fluentd-config
mountPath: /fluentd/etc
volumes:
- name: log-volume
emptyDir: {}
- name: fluentd-config
configMap:
name: fluentd-config
Init Container
Init容器在主容器启动前运行:
# init-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: app-with-init
spec:
initContainers:
- name: init-db
image: busybox:1.36
command: ['sh', '-c', 'until nslookup mysql-service; do echo waiting for mysql; sleep 2; done']
- name: init-config
image: busybox:1.36
command: ['sh', '-c', 'wget -O /config/app.yaml http://config-server/config']
volumeMounts:
- name: config-volume
mountPath: /config
containers:
- name: app
image: myapp:1.0
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
emptyDir: {}
Pod生命周期
生命周期钩子
# lifecycle-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: app-with-lifecycle
spec:
containers:
- name: app
image: myapp:1.0
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo 'App started' > /var/log/lifecycle.log"]
preStop:
exec:
command: ["/bin/sh", "-c", "nginx -s quit; sleep 5"]
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 15
periodSeconds: 10
startupProbe:
httpGet:
path: /health
port: 8080
failureThreshold: 30
periodSeconds: 10
探针类型
# 就绪探针(Readiness)
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# 存活探针(Liveness)
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 15
periodSeconds: 20
# 启动探针(Startup)
startupProbe:
exec:
command:
- cat
- /tmp/healthy
failureThreshold: 30
periodSeconds: 10
Pod调度
节点选择器
apiVersion: v1
kind: Pod
metadata:
name: gpu-pod
spec:
nodeSelector:
accelerator: nvidia-tesla-k80
containers:
- name: gpu-app
image: myapp:gpu
亲和性
apiVersion: v1
kind: Pod
metadata:
name: app-with-affinity
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: zone
operator: In
values:
- zone1
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- web
topologyKey: kubernetes.io/hostname
containers:
- name: app
image: myapp:1.0
污点与容忍
apiVersion: v1
kind: Pod
metadata:
name: pod-with-toleration
spec:
tolerations:
- key: "dedicated"
operator: "Equal"
value: "special-user"
effect: "NoSchedule"
containers:
- name: app
image: myapp:1.0
资源管理
apiVersion: v1
kind: Pod
metadata:
name: resource-pod
spec:
containers:
- name: app
image: myapp:1.0
resources:
requests:
memory: "256Mi"
cpu: "500m"
ephemeral-storage: "1Gi"
limits:
memory: "512Mi"
cpu: "1000m"
ephemeral-storage: "2Gi"
Pod模板示例
# 完整的Pod模板
apiVersion: v1
kind: Pod
metadata:
name: production-app
labels:
app: myapp
version: v1
environment: production
spec:
restartPolicy: Always
terminationGracePeriodSeconds: 30
containers:
- name: app
image: myapp:1.0:latest
ports:
- containerPort: 8080
name: http
env:
- name: APP_ENV
value: "production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
volumeMounts:
- name: config
mountPath: /app/config
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
volumes:
- name: config
configMap:
name: app-config
调试技巧
# 查看Pod状态
kubectl get pods -o wide
kubectl get pods -o yaml
# 查看Pod日志
kubectl logs <pod-name>
kubectl logs <pod-name> -c <container-name>
kubectl logs <pod-name> --previous
# 进入Pod
kubectl exec -it <pod-name> -- sh
kubectl exec -it <pod-name> -c <container-name> -- sh
# 端口转发
kubectl port-forward <pod-name> 8080:80
总结
Pod是Kubernetes中最核心的概念。理解Pod的设计模式、生命周期和调度策略,是编写高质量Kubernetes应用的基础。