• 欢迎访问运维搬运工网站,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站。
  • 本站一年会员:100元 ,两年会员:180元 ,永久会员:380元
  • 这世界就是,一些人总在昼夜不停地运转,而另外一些人,起床就发现世界已经变了。
  • 本博客推广的是知识付费,用赞助的方式实现博客维护,不以赚钱为目的的博客

k8s常用的资源使用-创建一个pod

k8s最小的资源单位pod

创建一个pod

[root@k8s-master ~]# mkdir -p /k8s/pod
[root@k8s-master ~]# cd /k8s/pod/

[root@k8s-master pod]# vim nginx_pod.yaml

apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec: 
containers:
- name: nginx
image: nginx:1.13
ports:
- containerPort: 80

出现如下报错

[root@k8s-master pod]# kubectl create -f nginx_pod.yaml 
Error from server (ServerTimeout): error when creating "nginx_pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

修改配置文件

[root@k8s-master pod]# vim /etc/kubernetes/apiserver

# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"


变更为

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

重启服务

[root@k8s-master pod]# systemctl restart kube-apiserver.service

重新创建pod

[root@k8s-master pod]# kubectl create -f nginx_pod.yaml 
pod "nginx" created

查看有那些pod

[root@k8s-master pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 56s

查看某个pod的状态

[root@k8s-master pod]# kubectl get pod nginx
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 2m

查看pod的详细状态

[root@k8s-master pod]# kubectl describe pod nginx
Name: nginx
Namespace: default
Node: k8s-node2/10.0.0.13
Start Time: Tue, 20 Aug 2019 13:20:03 +0800
Labels: app=web
Status: Pending
IP:
Controllers: <none>
Containers:
nginx:
Container ID:
Image: nginx:1.13
Image ID:
Port: 80/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True 
Ready False 
PodScheduled True 
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
3m 3m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node2
3m 33s 5 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

3m 5s 11 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

查看pod调度在哪一个节点上

[root@k8s-master pod]# kubectl get pod nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE
nginx 0/1 ContainerCreating 0 5m <none> k8s-node2

看看有没有下载下来

[root@k8s-master pod]# kubectl describe pod nginx
Name: nginx
Namespace: default
Node: k8s-node2/10.0.0.13
Start Time: Tue, 20 Aug 2019 13:20:03 +0800
Labels: app=web
Status: Pending
IP:
Controllers: <none>
Containers:
nginx:
Container ID:
Image: nginx:1.13
Image ID:
Port: 80/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True 
Ready False 
PodScheduled True 
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
12m 12m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node2
12m 1m 7 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

12m 2s 51 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

可以看出,在node2节点并没有下载下来镜像,手动也不能下载镜像

[root@k8s-node2 ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... 
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

手动搜索所需镜像并更换镜像地址

[root@k8s-node1 ~]# docker search pod-infrastructure
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/neurons/pod-infrastructure k8s pod 基础容器镜像 2 
docker.io docker.io/tianyebj/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 2 
docker.io docker.io/w564791/pod-infrastructure latest 1 
docker.io docker.io/xiaotech/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 1 [OK]
docker.io docker.io/092800/pod-infrastructure 0 
docker.io docker.io/812557942/pod-infrastructure 0 
docker.io docker.io/cnkevin/pod-infrastructure 0 
docker.io docker.io/fungitive/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 
docker.io docker.io/jqka/pod-infrastructure redhat pod 0 [OK]
docker.io docker.io/k189189/pod-infrastructure 0 
docker.io docker.io/oudi/pod-infrastructure pod-infrastructure 0 [OK]
docker.io docker.io/pkcsloye/pod-infrastructure docker pull registry.access.redhat.com/rhe... 0 [OK]
docker.io docker.io/shadowalker911/pod-infrastructure 0 
docker.io docker.io/singlestep/pod-infrastructure 0 
docker.io docker.io/statemood/pod-infrastructure Automated build from registry.access.redha... 0 [OK]
docker.io docker.io/wangdjtest/pod-infrastructure pod-infrastructure:latest 0 [OK]
docker.io docker.io/william198689/pod-infrastructure 0 
docker.io docker.io/xiechengsheng/pod-infrastructure 0 
docker.io docker.io/xielongzhiying/pod-infrastructure pod-infrastructure 0 [OK]
docker.io docker.io/xplenty/rhel7-pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 
docker.io docker.io/zdwork/pod-infrastructure 0 
docker.io docker.io/zengshaoyong/pod-infrastructure pod-infrastructure 0 [OK]
docker.io docker.io/zhanghongyang/pod-infrastructure 0 
docker.io docker.io/zhangspook/pod-infrastructure registry.access.redhat.com/rhel7/pod-infra... 0 [OK]
docker.io docker.io/zm274310577/pod-infrastructure 0 
[root@k8s-node1 ~]#

更改镜像地址

[root@k8s-node2 ~]# vim /etc/kubernetes/kubelet 

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"


改为

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

 

重启生效

[root@k8s-node2 ~]# systemctl restart kubelet.service

 

再次查看,提示已下载并创建容器

[root@k8s-master pod]# kubectl describe pod nginx
Name: nginx
Namespace: default
Node: k8s-node2/10.0.0.13
Start Time: Tue, 20 Aug 2019 13:20:03 +0800
Labels: app=web
Status: Running
IP: 172.16.53.2
Controllers: <none>
Containers:
nginx:
Container ID: docker://ccfca78ef659ff13ec111142b9252f0edff5d507db3e5e7ed12df2b461bd2764
Image: nginx:1.13
Image ID: docker-pullable://docker.io/nginx@sha256:b1d09e9718890e6ebbbd2bc319ef1611559e30ce1b6f56b2e3b479d9da51dc35
Port: 80/TCP
State: Running
Started: Tue, 20 Aug 2019 13:50:52 +0800
Ready: True
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True 
Ready True 
PodScheduled True 
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
33m 33m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node2
33m 12m 9 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

32m 8m 105 {kubelet k8s-node2} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

2m 2m 1 {kubelet k8s-node2} spec.containers{nginx} Normal Pulling pulling image "nginx:1.13"
2m 2m 2 {kubelet k8s-node2} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
2m 2m 1 {kubelet k8s-node2} spec.containers{nginx} Normal Pulled Successfully pulled image "nginx:1.13"
2m 2m 1 {kubelet k8s-node2} spec.containers{nginx} Normal Created Created container with docker id ccfca78ef659; Security:[seccomp=unconfined]
2m 2m 1 {kubelet k8s-node2} spec.containers{nginx} Normal Started Started container with docker id ccfca78ef659
[root@k8s-master pod]#

查看运行的容器

[root@k8s-node2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ccfca78ef659 nginx:1.13 "nginx -g 'daemon ..." 3 minutes ago Up 3 minutes k8s_nginx.78d00b5_nginx_default_2a4eb76f-c30a-11e9-ab18-00163e12aced_52c3b86a
3e24329cade6 docker.io/tianyebj/pod-infrastructure:latest "/pod" 4 minutes ago Up 4 minutes k8s_POD.b8a70607_nginx_default_2a4eb76f-c30a-11e9-ab18-00163e12aced_1a73d010

再次查看状态

[root@k8s-master pod]# kubectl get pod nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE
nginx 1/1 Running 0 35m 172.16.53.2 k8s-node2

发现容器已经跑起来了

创建私有镜像仓库,测试使用registry,建议使用Harbor

[root@k8s-master ~]# docker pull docker.io/registry

启动私有仓库

[root@k8s-master ~]# docker run -d -p 5000:5000 docker.io/registry:latest
cd80097ea154391bb4dbd787c2ad801f4233c08a21ba7b4b163eca4138b70158
[root@k8s-master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cd80097ea154 docker.io/registry:latest "/entrypoint.sh /e..." 5 seconds ago Up 4 seconds 0.0.0.0:5000->5000/tcp heuristic_bardeen
[root@k8s-master ~]#

上传镜像到私有仓库,先打tag

[root@k8s-node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 5a3221f0137b 4 days ago 126 MB
nginx latest 5a3221f0137b 4 days ago 126 MB
busybox latest db8ee88ad75f 4 weeks ago 1.22 MB
docker.io/busybox latest db8ee88ad75f 4 weeks ago 1.22 MB
docker.io/nginx 1.13 ae513a47849c 15 months ago 109 MB
docker.io/tianyebj/pod-infrastructure latest 34d3450d733b 2 years ago 205 MB
[root@k8s-node2 ~]# docker tag docker.io/tianyebj/pod-infrastructure:latest 10.0.0.11:5000/pod-infrastructure:latest
[root@k8s-node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 5a3221f0137b 4 days ago 126 MB
nginx latest 5a3221f0137b 4 days ago 126 MB
busybox latest db8ee88ad75f 4 weeks ago 1.22 MB
docker.io/busybox latest db8ee88ad75f 4 weeks ago 1.22 MB
docker.io/nginx 1.13 ae513a47849c 15 months ago 109 MB
10.0.0.11:5000/pod-infrastructure latest 34d3450d733b 2 years ago 205 MB
docker.io/tianyebj/pod-infrastructure latest 34d3450d733b 2 years ago 205 MB

上传镜像

[root@k8s-node2 ~]# docker push 10.0.0.11:5000/pod-infrastructure:latest
The push refers to a repository [10.0.0.11:5000/pod-infrastructure]
Get https://10.0.0.11:5000/v1/_ping: http: server gave HTTP response to HTTPS client

解决方法如下

[root@k8s-node2 ~]# cd /etc/docker/
[root@k8s-node2 docker]# vim daemon.json


{ "insecure-registries":["10.0.0.11:5000"]}

重启docker

[root@k8s-node2 docker]# systemctl restart docker

再次上传

[root@k8s-node2 docker]# docker push 10.0.0.11:5000/pod-infrastructure:latest
The push refers to a repository [10.0.0.11:5000/pod-infrastructure]
ba3d4cbbb261: Pushed 
0a081b45cb84: Pushed 
df9d2808b9a9: Pushed 
latest: digest: sha256:a378b2d7a92231ffb07fdd9dbd2a52c3c439f19c8d675a0d8d9ab74950b15a1b size: 948

所有节点修改成使用私有仓库

[root@k8s-node1 ~]# vim /etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'

node2修改

[root@k8s-node2 ~]# vim /etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000'

 

为了让节点从私有节点push镜像,修改如下配置文件。

[root@k8s-node1 ~]# vim /etc/kubernetes/kubelet 

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/pod-infrastructure:latest"

重启服务

[root@k8s-node1 ~]# systemctl restart kubelet.service

master和node节点都修改如上配置

 vim /etc/sysconfig/docker
 vim /etc/kubernetes/kubelet

设置pod从私有仓库拉取镜像

[root@k8s-master pod]# pwd
/k8s/pod
[root@k8s-master pod]# vim nginx_pod.yaml 

apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.0.11:5000/nginx:1.13
ports:
- containerPort: 80

重启服务

[root@k8s-master pod]# systemctl restart kubelet.service

再次查看pod

[root@k8s-master pod]# kubectl create -f nginx_pod.yaml
pod "test" created
[root@k8s-master pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 11m
test 1/1 Running 0 18s

查看容器的IP地址

[root@k8s-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1823b91bea07 10.0.0.11:5000/nginx:1.13 "nginx -g 'daemon ..." 3 hours ago Up 3 hours k8s_nginx.91390390_test_default_9355d942-c328-11e9-ab18-00163e12aced_20282e3f
2f28b2e3d9a3 10.0.0.11:5000/pod-infrastructure:latest "/pod" 3 hours ago Up 3 hours k8s_POD.177f01b0_test_default_9355d942-c328-11e9-ab18-00163e12aced_4b54b2d8

查看IP

[root@k8s-node1 ~]# docker inspect 2f28b2e3d9a3|grep -i IPAddress 
"SecondaryIPAddresses": null,
"IPAddress": "172.16.39.2",
"IPAddress": "172.16.39.2",

运维搬运工 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:k8s常用的资源使用-创建一个pod
喜欢 (0)
[扫描二维码]
分享 (0)
大自然搬运工
关于作者:
不是路不平,而是你不行。到底行不行,看你停不停。只要你不停,早晚都能行。
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址