容器与镜像
容器运行时接口(CRI)
Kubelet运行在每个节点(Node)上,用于管理和维护Pod和容器的状态。
容器运行时接口(CRI)是kubelet 和容器运行时之间通信的主要协议。它将 Kubelet 与容器运行时解耦,理论上,实现了CRI接口的容器引擎,都可以作为kubernetes的容器运行时。
Docker没有实现(CRI)接口,Kubernetes使用dockershim来兼容docker。
自V1.24版本起,Dockershim 已从 Kubernetes 项目中移除。
crictl是一个兼容CRI的容器运行时命令,他的用法跟docker命令一样,可以用来检查和调试底层的运行时容器。
crictl pull mysql:5.7-debian crictl images
在一些局域网环境下,我们没法通过互联网拉取镜像,可以手动的导出、导入镜像。ss
crictl命令没有导出、导入镜像的功能。
需要使用ctr命令导出、导入镜像,它是containerd的命令行接口。
POD使用
可能遇到的情况
如果创建完查看一直是0/1,需要查看是否打开服务器,如果都打开了,等待一下,可能是首次创建或网速不好
需要查看集群分配的服务器是否打开---k8s3
如果搭建了集群,一定要开启所有集群后在创建,否则分配到未打开的服务器,会卡在那里,先创建后打开服务器发现还是卡着,这时删除pod,然后重新创建。
pod指令
kubectl run mynginx --image=nginx #在容器中执行,exit退出 kubectl exec mynginx -it -- /bin/bash # -it 交互模式 # --rm 退出后删除容器,多用于执行一次性任务或使用客户端 kubectl run mynginx --image=nginx -it --rm -- /bin/bash # 查看Pod kubectl get pod # 描述 kubectl describe pod mynginx # 查看Pod的运行日志 kubectl logs mynginx # 显示pod的IP和运行节点信息 kubectl get pod -owide # 动态查看,ctrl+c终止 kubectl get pod --watch # 删除 kubectl delete pod mynginx # 强制删除 kubectl delete pod mynginx --force
pod讲解
临时进入客户端或者临时pod--busybox_百度百科
# 创建pod [root@k8s ~]# kubectl run mynginx --image=nginx pod/mynginx created # 查看Pod [root@k8s ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mynginx 1/1 Running 0 31m # 查看Pod -owide [root@k8s ~]# kubectl get pod -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mynginx 1/1 Running 0 87s 10.42.1.4 k8s3 <none> <none> # 查看详细信息 [root@k8s ~]# kubectl describe pod mynginx Name: mynginx Namespace: default Priority: 0 Service Account: default Node: k8s3/192.168.80.17 Start Time: Fri, 09 Dec 2022 11:42:50 +0800 Labels: run=mynginx Annotations: <none> Status: Running IP: 10.42.1.4 IPs: IP: 10.42.1.4 Containers: mynginx: Container ID: containerd://bc81af72d17d1a325f91aa4b8aba9df2e0df4b39586815143326940cbbd2f863 Image: nginx Image ID: docker.io/library/nginx@sha256:ab589a3c466e347b1c0573be23356676df90cd7ce2dbf6ec332a5f0a8b5e59db Port: <none> Host Port: <none> State: Running Started: Fri, 09 Dec 2022 11:42:53 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-8wqhf (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-8wqhf: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 16s default-scheduler Successfully assigned default/mynginx to k8s3 Normal Pulling 17s kubelet Pulling image "nginx" Normal Pulled 14s kubelet Successfully pulled image "nginx" in 2.970890083s Normal Created 14s kubelet Created container mynginx Normal Started 14s kubelet Started container mynginx # 查看日志 [root@k8s ~]# kubectl logs mynginx /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2022/12/09 03:42:53 [notice] 1#1: using the "epoll" event method 2022/12/09 03:42:53 [notice] 1#1: nginx/1.23.2 2022/12/09 03:42:53 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2022/12/09 03:42:53 [notice] 1#1: OS: Linux 3.10.0-957.el7.x86_64 2022/12/09 03:42:53 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2022/12/09 03:42:53 [notice] 1#1: start worker processes 2022/12/09 03:42:53 [notice] 1#1: start worker process 29 2022/12/09 03:42:53 [notice] 1#1: start worker process 30 2022/12/09 03:42:53 [notice] 1#1: start worker process 31 2022/12/09 03:42:53 [notice] 1#1: start worker process 32 2022/12/09 03:42:53 [notice] 1#1: start worker process 33 2022/12/09 03:42:53 [notice] 1#1: start worker process 34 2022/12/09 03:42:53 [notice] 1#1: start worker process 35 2022/12/09 03:42:53 [notice] 1#1: start worker process 36 # 使用Pod的ip+pod里面运行容器的端口 [root@k8s ~]# curl 10.42.1.4 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> #在容器中执行,exit退出 [root@k8s ~]# kubectl exec mynginx -it -- /bin/bash root@mynginx:/# curl localhost <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> # 一次性任务或使用客户端,ping百度成功,ping主机成功 # -it 交互模式 # --rm 退出后删除容器,多用于执行一次性任务或使用客户端 [root@k8s ~]# kubectl run mytest --image=busybox -it --rm If you dont see a command prompt, try pressing enter. / # curl localhost sh: curl: not found / # ping baidu.com PING baidu.com (39.156.66.10): 56 data bytes 64 bytes from 39.156.66.10: seq=0 ttl=127 time=20.054 ms 64 bytes from 39.156.66.10: seq=1 ttl=127 time=20.618 ms 64 bytes from 39.156.66.10: seq=2 ttl=127 time=20.949 ms ^C --- baidu.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 20.054/20.540/20.949 ms / # ping 192.168.0.15 PING 192.168.0.15 (192.168.0.15): 56 data bytes ^C --- 192.168.0.15 ping statistics --- 10 packets transmitted, 0 packets received, 100% packet loss / # ping 192.168.80.15 PING 192.168.80.15 (192.168.80.15): 56 data bytes 64 bytes from 192.168.80.15: seq=0 ttl=63 time=0.469 ms 64 bytes from 192.168.80.15: seq=1 ttl=63 time=0.712 ms 64 bytes from 192.168.80.15: seq=2 ttl=63 time=0.486 ms ^C --- 192.168.80.15 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.469/0.555/0.712 ms / # exit Session ended, resume using 'kubectl attach mytest -c mytest -i -t' command when the pod is running pod "mytest" deleted # 查看pod,没有刚才的临时pod [root@k8s ~]# kubectl get pod NAME READY STATUS RESTARTS AGE mynginx 1/1 Running 0 14m # 删除 [root@k8s ~]# kubectl delete pod mynginx pod "mynginx" deleted [root@k8s ~]# kubectl get pod No resources found in default namespace. # 强制删除 kubectl delete pod mynginx --force
