​ Go deep into the foundation of all things - Containers

​

One 、 reflection

We are k8s Inside the container and docker What are the similarities and differences between the containers of ？

Actually docker Before, I had my own set of editing software ：docker swarm It can create one in multiple hosts docker colony , But that's all ,docker Gave up the project very early . docker machine It's cooperation swarm A preprocessing tool for

k8s Full name ：kubernetes, Because there is 8 Letters , So for short k8s, Is a container choreography tool developed by Google , Occupy 80% Above market share .

k8s Of Pod Is the smallest unit ,Pod For the configuration of containers in, you need to pay attention to the following common

Pod The contents of the container can be written

 args    <[]string>

command    <[]string>
  Entrypoint array. Not executed within a shell. The docker image's
  ENTRYPOINT is used if this is not provided. Variable references $(VAR\_NAME)
  are expanded using the container's environment. If a variable cannot be
  resolved, the reference in the input string will be unchanged. The
  $(VAR\_NAME) syntax can be escaped with a double $$, ie: $$(VAR\_NAME).
  Escaped references will never be expanded, regardless of whether the
  variable exists or not. Cannot be updated. More info:
  https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
env    <[]Object>
   Environment variables to be used by the container 
envFrom    <[]Object>
  List of sources to populate environment variables in the container. The
  keys defined within a source must be a C\_IDENTIFIER. All invalid keys will
  be reported as an event when the container is starting. When a key exists
  in multiple sources, the value associated with the last source will take
  precedence. Values defined by an Env with a duplicate key will take
  precedence. Cannot be updated.
image    <string>
      Write the name of the image 
imagePullPolicy    <string>
      Download policy ： 
     Always： Always download ： 【 Default 】  
          Let's see if there is any on the Internet , Once you have it, download it ,（ This machine also has ,docker It is equivalent to not downloading ）
     Never： Never download , Be sure to ensure that the current Pod The machine has this image  ; Look at this machine directly 
     IfNotPresent： If this computer doesn't have it, download it ; First look at this machine , Look at the remote 
lifecycle    <Object>
    Lifecycle hook 
livenessProbe    <Object>
  Periodic probe of container liveness. Container will be restarted if the
  probe fails. Cannot be updated. More info:
  https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
name    <string> -required-
         The name of the container 
ports    <[]Object>
    port ：
readinessProbe    <Object>
  Periodic probe of container service readiness. Container will be removed
  from service endpoints if the probe fails. Cannot be updated. More info:
  https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
resources    <Object>
  Compute Resources required by this container. Cannot be updated. More info:
  https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
securityContext    <Object>
  Security options the pod should run with. More info:
  https://kubernetes.io/docs/concepts/policy/security-context/ More info:
  https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
startupProbe    <Object>
  StartupProbe indicates that the Pod has successfully initialized. If
  specified, no other probes are executed until this completes successfully.
  If this probe fails, the Pod will be restarted, just as if the
  livenessProbe failed. This can be used to provide different probe
  parameters at the beginning of a Pod's lifecycle, when it might take a long
  time to load data or warm a cache, than during steady-state operation. This
  cannot be updated. More info:
  https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
stdin    <boolean>
  Whether this container should allocate a buffer for stdin in the container
  runtime. If this is not set, reads from stdin in the container will always
  result in EOF. Default is false.
stdinOnce    <boolean>
  Whether the container runtime should close the stdin channel after it has
  been opened by a single attach. When stdin is true the stdin stream will
  remain open across multiple attach sessions. If stdinOnce is set to true,
  stdin is opened on container start, is empty until the first client
  attaches to stdin, and then remains open and accepts data until the client
  disconnects, at which time stdin is closed and remains closed until the
  container is restarted. If this flag is false, a container processes that
  reads from stdin will never receive an EOF. Default is false
terminationMessagePath    <string>
  Optional: Path at which the file to which the container's termination
  message will be written is mounted into the container's filesystem. Message
  written is intended to be brief final status, such as an assertion failure
  message. Will be truncated by the node if greater than 4096 bytes. The
  total message length across all containers will be limited to 12kb.
  Defaults to /dev/termination-log. Cannot be updated.
terminationMessagePolicy    <string>
  Indicate how the termination message should be populated. File will use the
  contents of terminationMessagePath to populate the container status message
  on both success and failure. FallbackToLogsOnError will use the last chunk
  of container log output if the termination message file is empty and the
  container exited with an error. The log output is limited to 2048 bytes or
  80 lines, whichever is smaller. Defaults to File. Cannot be updated.
tty    <boolean>
  Whether this container should allocate a TTY for itself, also requires
  'stdin' to be true. Default is false.
volumeDevices    <[]Object>
  volumeDevices is the list of block devices to be used by the container.
volumeMounts    <[]Object>
  Pod volumes to mount into the container's filesystem. Cannot be updated.
workingDir    <string>
      Specify the working directory into the container 

Two 、 Mirror image

stay Kubernetes Of Pod Before using container mirroring in , We have to push it to a mirror warehouse （ Or use the existing container image in the warehouse ）. stay Kubernetes Of Pod When defining a container in a definition , The mirror image used by the container must be specified , In container image Field support and docker The same syntax as the command , Including private image warehouse and label .

If you use hub.dokcer.com Registry In the mirror , It can be omitted registry Address and registry port . for example ：nginx:latest

Kubernetes in , The default image capture strategy is IfNotPresent, Use this policy ,kubelet When the local computer is found to have an image , No image will be captured from the image warehouse . If you expect every startup Pod when , Are forced to grab images from the image warehouse , Try the following ：

• Set up container Medium imagePullPolicy by Always

• Omit imagePullPolicy Field , And use :latest tag Mirror image

• Omit imagePullPolicy Fields and mirrored tag

• Activate AlwaysPullImages Management controller

docker pull redis 
docker.io/library/redis:latest

​

Download private warehouse image

# The secret key defaults to default The name space , Can not be hello Namespace sharing 
kubectl create secret -n hello docker-registry my-aliyun \
  --docker-server=registry.cn-hangzhou.aliyuncs.com \
  --docker-username=lansonli \
  --docker-password=lansonli123456789

​

apiVersion: v1
kind: Pod
metadata:
  name: foo
spec:
  containers:
    - name: foo
      image: registry.cn-zhangjiakou.aliyuncs.com/atguigudocker/atguigu-java-img:v1.0
  imagePullSecrets:
    - name: mydocker

​

3、 ... and 、 Start command

Four 、 environment variable

env Just specify

5、 ... and 、 Lifecycle container hooks

Kubernetes Two... Are provided for containers in hook（ Hook function ）：

• PostStart This hook function will execute immediately after the container is created . however , There is no guarantee that the hook function is in the container ENTRYPOINT Before execution . The hook function has no input parameters .

• PreStop This hook function is used in the container terminate（ End ） Before execution , for example ：

  • Delete the container through interface call Pod

  • The occurrence of certain management events ： Health check failed 、 Shortage of resources, etc

If the container has been closed or entered completed state ,preStop The call to the hook function will fail . The execution of this function is synchronous , namely ,kubernetes The container... Will not be deleted until the function completes execution . The hook function has no input parameters .

apiVersion: v1
kind: Pod
metadata:
  name: lansonli-demo
spec:
  containers:
  - name: lansonli-demo-container
    image: alpine
    command: ["/bin/sh", "-c", "echo hello; "]
    volumeMounts:
       - name: mount1
         mountPath: /app
    lifecycle:
      postStart:
        exec:
          command: ["/bin/sh", "-c", "echo world;"]
      preStop:
        exec:
          command: ["/bin/sh","-c","echo 66666;"]

​

• Kubernetes Send... Immediately after the container starts postStart event , But it doesn't guarantee postStart The event handler is in the container EntryPoint Before execution .postStart Event handlers are asynchronous relative to the processes in the container （ At the same time ）, However ,Kubernetes When managing containers , Will wait until postStart After the end of the event handler , Will mark the status of the container as Running.

• Kubernetes When deciding to close the container , Send it now preStop event , also , Will wait until preStop The event handler ends or Pod Of --grace-period Overtime , Just delete the container

6、 ... and 、 Resource constraints

pods/qos/qos-pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: qos-demo
  namespace: qos-example
spec:
  containers:
  - name: qos-demo-ctr
    image: nginx
    resources:
      limits:  #  Limit the maximum size    -Xmx
        memory: "200Mi"
        cpu: "700m" 
        #  Start the default assigned size    -Xms
      requests:
        memory: "200Mi"
        cpu: "700m"

​

kubectl describe Can be used to troubleshoot , View the status of resources