kubernetes最小调度单元pod详解（一）

pod概述

Pod是Kubernetes中的最小调度单元，k8s是通过定义一个Pod的资源，然后在Pod里面运行容器，容器需要指定一个镜像，

这样就可以用来运行具体的服务。

一个Pod封装一个容器（也可以封装多个容器），Pod里的容器共享存储、网络等。也就是说，应该把整个pod看作虚拟机，

然后每个容器相当于运行在虚拟机的进程。

Pod是需要调度到k8s集群的工作节点来运行的，具体调度到哪个节点，是根据scheduler调度器实现的。

白话解释：

可以把pod看成是一个“豌豆荚”，里面有很多“豆子”（容器）。

一个豌豆荚里的豆子，它们吸收着共同的营养成分、肥料、水分等，Pod和容器的关系也是一样，

Pod里面的容器共享pod的网络、存储等。

pod相当于一个逻辑主机–比方说我们想要部署一个tomcat应用，

如果不用容器，我们可能会部署到物理机、虚拟机或者云主机上，那么出现k8s之后，我们就可以定义一个pod资源，

在pod里定义一个把tomcat容器，所以pod充当的是一个逻辑主机的角色。

1、Pod如何管理多个容器？

Pod中可以同时运行多个容器。同一个Pod中的容器会自动的分配到同一个 node 上。

同一个Pod中的容器共享资源、网络环境，它们总是被同时调度，在一个Pod中同时运行多个容器是一种比较高级的用法，

只有当你的容器需要紧密配合协作的时候才考虑用这种模式。

例如，你有一个容器作为web服务器运行，需要用到共享的volume，有另一个“sidecar”容器来从远端获取资源更新这些文件。

一些Pod有init容器和应用容器。 在应用程序容器启动之前，运行初始化容器。

管理配置文件一般用configmap，配置管理中心管理

2、Pod网络：

Pod是有IP地址的，每个pod都被分配唯一的IP地址（IP地址是靠网络插件calico、flannel、weave等分配的），

POD中的容器共享网络名称空间，包括IP地址和网络端口。 Pod内部的容器可以使用localhost相互通信。

信。

Pod中的容器也可以通过网络插件calico与其他节点的Pod通信。

[root@master01 ~ ]# kubectl get po -n kube-system -owide

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

calico-kube-controllers-58f755f869-4ljmm 1/1 Running 2 3h25m 172.31.112.132 master01

calico-node-gmvp4 1/1 Running 1 3h25m 10.10.0.221 master02

calico-node-njbwz 1/1 Running 1 3h25m 10.10.0.220 master01

calico-node-sm486 1/1 Running 1 3h25m 10.10.0.224 node01

calico-node-zx7t5 1/1 Running 1 3h25m 10.10.0.223 master03

coredns-59d64cd4d4-6cbmv 1/1 Running 1 3h43m 172.31.112.133 master01

coredns-59d64cd4d4-mwph6 1/1 Running 1 3h43m 172.31.112.134 master01

etcd-master01 1/1 Running 1 3h43m 10.10.0.220 master01

etcd-master02 1/1 Running 1 3h39m 10.10.0.221 master02

etcd-master03 1/1 Running 1 3h37m 10.10.0.223 master03

kube-apiserver-master01 1/1 Running 1 3h43m 10.10.0.220 master01

kube-apiserver-master02 1/1 Running 1 3h39m 10.10.0.221 master02

kube-apiserver-master03 1/1 Running 1 3h37m 10.10.0.223 master03

kube-controller-manager-master01 1/1 Running 2 3h43m 10.10.0.220 master01

kube-controller-manager-master02 1/1 Running 2 3h39m 10.10.0.221 master02

kube-controller-manager-master03 1/1 Running 1 3h37m 10.10.0.223 master03

kube-proxy-9tqnz 1/1 Running 1 3h29m 10.10.0.224 node01

kube-proxy-b52wx 1/1 Running 1 3h37m 10.10.0.223 master03

kube-proxy-h6tfj 1/1 Running 1 3h43m 10.10.0.220 master01

kube-proxy-nmctj 1/1 Running 1 3h39m 10.10.0.221 master02

kube-scheduler-master01 1/1 Running 2 3h43m 10.10.0.220 master01

kube-scheduler-master02 1/1 Running 2 3h39m 10.10.0.221 master02

kube-scheduler-master03 1/1 Running 1 3h37m 10.10.0.223 master03

ready 数字解读：下面有两列数字，左右各一个数字，左边表示1表示就绪状态，右侧的1表示pod里有1个容器

3、Pod存储：

创建Pod的时候可以指定挂载的存储卷。 POD中的所有容器都可以访问共享卷，允许这些容器共享数据。

Pod只要挂载持久化数据卷，Pod重启之后数据还是会存在的。

比如创建一个 mysql pod ,当pod被删除后，持久化存储卷里面的数据还是存在的

持久化存储数据卷类型：ceph pvc Glusterfs Nfs

4、Pod工作方式：常用的有两种

在K8s中，所有的资源都可以使用一个yaml文件来创建，创建Pod也可以使用yaml配置文件。

或者使用kubectl run在命令行创建Pod（不常用）。

1、 自主式Pod：

所谓的自主式Pod，就是直接定义一个Pod资源，创建资源清单 如下：

[root@master01 ~ ]# cat pod-tomcat.yaml

apiVersion: v1

kind: Pod

metadata:

name: tomcat-test

namespace: default

labels:

app: tomcat

spec:

containers:

name: tomcat-java

ports:

containerPort: 8080

image: xianchao/tomcat-8.5-jre8:v1

imagePullPolicy: IfNotPresent 本地有镜像就从本地拉取，本地没有的话就从官方拉取

[root@master01 ~ ]# mkdir k8s-test

[root@master01 ~ ]#

[root@master01 ~ ]#

[root@master01 ~ ]# mv pod-tomcat.yaml k8s-test/

需要在worker节点导入镜像：

[root@node01 ~ ]# docker load -i xianchao-tomcat.tar.gz 
df64d3292fd6: Loading layer [==================================================>]  4.672MB/4.672MB
0c3170905795: Loading layer [==================================================>]  3.584kB/3.584kB
9bca1faaa73e: Loading layer [==================================================>]  79.44MB/79.44MB
e927085edc33: Loading layer [==================================================>]   2.56kB/2.56kB
e5f8376fd9dc: Loading layer [==================================================>]  27.08MB/27.08MB
e82a3681bb38: Loading layer [==================================================>]  2.048kB/2.048kB
Loaded image: xianchao/tomcat-8.5-jre8:v1



[root@node01 ~ ]# docker images 
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
xianchao/tomcat-8.5-jre8                                          v1         4ac473a3dd92   3 years ago     108MB

#更新资源清单文件

[root@master01 k8s-test ]# kubectl apply -f pod-tomcat.yaml

pod/tomcat-test created

#查看pod是否创建成功

[root@master01 k8s-test ]# kubectl get pods -owide -l app=tomcat

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

tomcat-test 1/1 Running 0 4m34s 172.29.55.1 node01

但是自主式Pod是存在一个问题的，假如我们不小心删除了pod：

[root@master01 k8s-test ]# kubectl delete pods tomcat-test

pod “tomcat-test” deleted

#查看pod是否还在

[root@master01 k8s-test ]# kubectl get pods -o wide -l app=tomcat

No resources found in default namespace.

#结果是空，说明pod已经被删除了

通过上面可以看到，如果直接定义一个Pod资源，那Pod被删除，就彻底被删除了，不会再创建一个新的Pod，这在生产环境还是具有非常大风险的，

假如这个pod提供了核心业务，pod被删除后故障将非常大

我们希望当pod被删除后能生成完全一样的pod，继续提供服务

所以今后我们接触的Pod，都是控制器管理的。

通过控制器创建的pod可以指定副本数，pod创建后生成几个完全一样的pod，实现高可用

一般测试使用自主式pod，不影响业务，可以任意创建删除，资源清单文件要保存好

2、控制器管理的Pod：

常见的管理Pod的控制器：Replicaset、Deployment、Job、CronJob、Daemonset、Statefulset。

控制器管理的Pod可以确保Pod始终维持在指定的副本数运行。

如，通过Deployment管理Pod 可以对pod进行滚动更新，金丝雀发布

先上传镜像到worker节点，然后导入：

#解压镜像：

把xianchao-nginx.tar.gz上传到node01节点

[root@node01 ~ ]# docker load -i xianchao-nginx.tar.gz 
7e718b9c0c8c: Loading layer [==================================================>]  72.52MB/72.52MB
4dc529e519c4: Loading layer [==================================================>]  64.81MB/64.81MB
23c959acc3d0: Loading layer [==================================================>]  3.072kB/3.072kB
15aac1be5f02: Loading layer [==================================================>]  4.096kB/4.096kB
974e9faf62f1: Loading layer [==================================================>]  3.584kB/3.584kB
64ee8c6d0de0: Loading layer [==================================================>]  7.168kB/7.168kB
Loaded image: xianchao/nginx:v1

#创建一个资源清单文件

[root@master01 k8s-pod ]# vim nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test
  labels:
    app: nginx-deploy
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: my-nginx
        image: xianchao/nginx:v1
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8088

#更新资源清单文件

[root@master01 pod-test ]# kubectl apply -f nginx-deploy.yaml

deployment.apps/nginx-test created

#查看Deployment

[root@master01 pod-test ]# kubectl get deploy -l app=nginx-deploy

NAME READY UP-TO-DATE AVAILABLE AGE

nginx-test 2/2 2 2 6m23s

创建deployment的同时，会自动创建replicaset，replicaset的名字是deploy的名字加随机数组成

#查看Replicaset

[root@master01 pod-test ]# kubectl get rs -l app=nginx

NAME DESIRED CURRENT READY AGE

nginx-test-64b444bff5 2 2 2 3h13m

#查看pod ，pods的名字是由replicaset的名字加上随机数组成

[root@master01 pod-test ]# kubectl get pod -l app=nginx -owide

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

nginx-test-64b444bff5-pl8bv 1/1 Running 0 3h16m 172.29.55.2 node01

nginx-test-64b444bff5-qzzqq 1/1 Running 0 3h16m 172.29.55.3 node01

#删除nginx-test-64b444bff5-pl8bv这个pod

[root@master01 pod-test ]# kubectl delete pods nginx-test-64b444bff5-pl8bv

pod “nginx-test-64b444bff5-pl8bv” deleted

再次查看又生成一个pod

[root@master01 pod-test ]# kubectl get pods

NAME READY STATUS RESTARTS AGE

nginx-test-64b444bff5-d97f9 1/1 Running 0 18s

nginx-test-64b444bff5-qzzqq 1/1 Running 0 3h23m

通过上面可以发现通过deployment管理的pod，可以确保pod始终维持在指定副本数量

5、如何创建一个Pod资源：

K8s创建Pod流程

Pod是Kubernetes中最基本的部署调度单元，可以包含container，逻辑上表示某种应用的一个实例。

例如一个web站点应用由前端、后端及数据库构建而成，

这三个组件将运行在各自的容器中，那么我们可以创建包含三个container的pod。

使用kubectl命令创建pod资源，kubectl apply 或kubectl run

master节点：kubectl -> kube-api -> kubelet -> CRI容器环境初始化

第一步：

客户端提交创建Pod的请求，可以通过调用API Server的Rest API接口，也可以通过kubectl命令行工具。

如kubectl apply -f filename.yaml(资源清单文件)

第二步：

apiserver接收到pod创建请求后，会将yaml中的属性信息(metadata)写入etcd。

第三步：

apiserver触发watch机制准备创建pod，信息转发给调度器scheduler，调度器使用调度算法选择node，

调度器将node信息给apiserver，apiserver将绑定的node信息写入etcd

调度器用一组规则过滤掉不符合要求的主机。比如Pod指定了所需要的资源量，那么可用资源比Pod需要的资源量少的主机会被过滤掉。

scheduler 查看 k8s api ，类似于通知机制。

首先判断：pod.spec.Node == null?

若为null，表示这个Pod请求是新来的，需要创建；因此先进行调度计算，找到最“闲”的node。

然后将信息在etcd数据库中更新分配结果：pod.spec.Node = nodeA (设置一个具体的节点)

ps:同样上述操作的各种信息也要写到etcd数据库中

第四步：

apiserver又通过watch机制，调用kubelet，指定pod信息，调用Docker API创建并启动pod内的容器。

第五步：

创建完成之后反馈给kubelet, kubelet又将pod的状态信息给apiserver,

apiserver又将pod的状态信息写入etcd。

1、资源清单YAML文件书写技巧:

yaml文件最好要表示要起的应用是什么

[root@master01 pod-test ]# vim pod-tomcat.yaml

apiVersion: v1 #指定api版本

kind: Pod #创建的资源

metadata:

name: tomcat-test #pod名称

namespace: default #pod所在的名称空间

labels:

app: tomcat #pod的标签

spec:

containers:

name: tomcat-java #pod里的容器的名字

ports:

containerPort: 8080 #容器暴露的端口

image: xianchao/tomcat-8.5-jre8:v1 #容器使用的镜像

imagePullPolicy: IfNotPresent #镜像拉取策略

apiVersion版本有很多：

[root@master01 pod-test ]# kubectl api-versions

admissionregistration.k8s.io/v1

admissionregistration.k8s.io/v1beta1

apiextensions.k8s.io/v1

apiextensions.k8s.io/v1beta1

apiregistration.k8s.io/v1

apiregistration.k8s.io/v1beta1

apps/v1

authentication.k8s.io/v1

authentication.k8s.io/v1beta1

authorization.k8s.io/v1

authorization.k8s.io/v1beta1

autoscaling/v1

autoscaling/v2beta1

autoscaling/v2beta2

batch/v1

batch/v1beta1

certificates.k8s.io/v1

certificates.k8s.io/v1beta1

coordination.k8s.io/v1

coordination.k8s.io/v1beta1

crd.projectcalico.org/v1

discovery.k8s.io/v1

discovery.k8s.io/v1beta1

events.k8s.io/v1

events.k8s.io/v1beta1

extensions/v1beta1

flowcontrol.apiserver.k8s.io/v1beta1

networking.k8s.io/v1

networking.k8s.io/v1beta1

node.k8s.io/v1

node.k8s.io/v1beta1

policy/v1

policy/v1beta1

rbac.authorization.k8s.io/v1

rbac.authorization.k8s.io/v1beta1

scheduling.k8s.io/v1

scheduling.k8s.io/v1beta1

storage.k8s.io/v1

storage.k8s.io/v1beta1

v1 核心板

Pod资源清单编写技巧：

通过kubectl explain 查看定义Pod资源包含哪些字段。

创建什么资源，就可以通过explain查看所属的api版本，和kind

[root@master01 pod-test ]# kubectl explain pod

KIND: Pod

VERSION: v1

DESCRIPTION:

Pod is a collection of containers that can run on a host. This resource is

created by clients and scheduled onto hosts.

FIELDS:

apiVersion [APIVersion定义了对象,代表了一个版本。]

APIVersion defines the versioned schema of this representation of an

object. Servers should convert recognized schemas to the latest internal

value, and may reject unrecognized values. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind [Kind是字符串类型的值，代表了要创建的资源。服务器可以从客户端提交的请求推断出这个资源。]

Kind is a string value representing the REST resource this object

represents. Servers may infer this from the endpoint the client submits

requests to. Cannot be updated. In CamelCase. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata [metadata是对象，定义元数据属性信息的]

Standard object’s metadata. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec [spec制定了定义Pod的规格，里面包含容器的信息，端口号，镜像等都是在spec里面定义的]

Specification of the desired behavior of the pod. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status [status表示状态，这个不可以修改，定义pod的时候也不需要定义这个字段]

Most recently observed status of the pod. This data may not be up to date.

Populated by the system. Read-only. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

#查看pod.metadata字段如何定义：

[root@master01 pod-test ]# kubectl explain pod.metadata

KIND: Pod

VERSION: v1

RESOURCE: metadata

DESCRIPTION:

Standard object’s metadata. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

 ObjectMeta is metadata that all persisted resources must have, which
 includes all objects users must create.

FIELDS:

annotations  # annotations是注解，map类型表示对应的值是key-value键值对，表示 key和value都是String类型的

Annotations is an unstructured key value map stored with a resource that

may be set by external tools to store and retrieve arbitrary metadata. They

are not queryable and should be preserved when modifying objects. More

info: http://kubernetes.io/docs/user-guide/annotations

“metadata”: {

“annotations”: {

“key1” : “value1”,

“key2” : “value2”

}

}

用Annotation来记录的信息包括：
build信息、release信息、Docker镜像信息等，例如时间戳、release id号、镜像hash值、docker registry地址等；
日志库、监控库、分析库等资源库的地址信息；
程序调试工具信息，例如工具名称、版本号等；
团队的联系信息，例如电话号码、负责人名称、网址等。

clusterName

The name of the cluster which the object belongs to. This is used to

distinguish resources with same name and namespace in different clusters.

This field is not set anywhere right now and apiserver is going to ignore

it if set in create or update request.

#对象所属群集的名称。这是用来区分不同集群中具有相同名称和命名空间的资源。
此字段现在未设置在任何位置，apiserver将忽略它，如果设置了就使用设置的值

creationTimestamp

CreationTimestamp is a timestamp representing the server time when this

object was created. It is not guaranteed to be set in happens-before order

across separate operations. Clients may not set this value. It isrepresented in RFC3339 form and is in UTC.

 Populated by the system. Read-only. Null for lists. More info:
 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds 删除之前允许运行多长时间，过多少秒删除。默认删除时间是30秒

Number of seconds allowed for this object to gracefully terminate before it

will be removed from the system. Only set when deletionTimestamp is also

set. May only be shortened. Read-only.

在Kubernetes中提供了grace-period，在Pod删除时此选项会起作用，会延迟一定时长才进行删除，

缺省未设定的情况下会等待30s中之后删除。

删除pod时，可以手动设置删除等待时间：

time -p kubectl delete pod testbox --force --grace-period=0 快速删除pod

time -p 监控命令执行时间

deletionTimestamp

DeletionTimestamp is RFC 3339 date and time at which this resource will be

deleted. This field is set by the server when a graceful deletion is

requested by the user, and is not directly settable by a client. The

resource is expected to be deleted (no longer visible from resource lists,

and not reachable by name) after the time in this field, once the

finalizers list is empty. As long as the finalizers list contains items,

deletion is blocked. Once the deletionTimestamp is set, this value may not

be unset or be set further into the future, although it may be shortened or

the resource may be deleted prior to this time. For example, a user may

request that a pod is deleted in 30 seconds. The Kubelet will react by

sending a graceful termination signal to the containers in the pod. After

that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)

to the container and after cleanup, remove the pod from the API. In the

presence of network partitions, this object may still exist after this

timestamp, until an administrator or automated process can determine the

resource is fully terminated. If not set, graceful deletion of the object

has not been requested.

 Populated by the system when a graceful deletion is requested. Read-only.
 More info:
 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

Must be empty before the object is deleted from the registry. Each entry is

an identifier for the responsible component that will remove the entry from

the list. If the deletionTimestamp of the object is non-nil, entries in

this list can only be removed. Finalizers may be processed and removed in

any order. Order is NOT enforced because it introduces significant risk of

stuck finalizers. finalizers is a shared field, any actor with permission

can reorder it. If the finalizer list is processed in order, then this can

lead to a situation in which the component responsible for the first

finalizer in the list is waiting for a signal (field value, external

system, or other) produced by a component responsible for a finalizer later

in the list, resulting in a deadlock. Without enforced ordering finalizers

are free to order amongst themselves and are not vulnerable to ordering

changes in the list.

generateName

GenerateName is an optional prefix, used by the server, to generate a

unique name ONLY IF the Name field has not been provided. If this field is

used, the name returned to the client will be different than the name

passed. This value will also be combined with a unique suffix. The provided

value has the same validation rules as the Name field, and may be truncated

by the length of the suffix required to make the value unique on the

server.

 If this field is specified and the generated name exists, the server will
 NOT return a 409 - instead, it will either return 201 Created or 500 with
 Reason ServerTimeout indicating a unique name could not be found in the
 time allotted, and the client should retry (optionally after the time
 indicated in the Retry-After header).

 Applied only if Name is not specified. More info:
 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

A sequence number representing a specific generation of the desired state.

Populated by the system. Read-only.

labels  #创建的资源具有的标签

Map of string keys and values that can be used to organize and categorize

(scope and select) objects. May match selectors of replication controllers

and services. More info: http://kubernetes.io/docs/user-guide/labels

#labels是标签，labels是map类型，map类型表示对应的值是key-value键值对，
<string,string>表示 key和value都是String类型的

managedFields <[]Object>

ManagedFields maps workflow-id and version to the set of fields that are

managed by that workflow. This is mostly for internal housekeeping, and

users typically shouldn’t need to set or understand this field. A workflow

can be the user’s name, a controller’s name, or the name of a specific

apply path like “ci-cd”. The set of fields is always in the version that

the workflow used when modifying the object.

name #创建的资源的名字

Name must be unique within a namespace. Is required when creating

resources, although some resources may allow a client to request the

generation of an appropriate name automatically. Name is primarily intended

for creation idempotence and configuration definition. Cannot be updated.

More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace #创建的资源所属的名称空间

Namespace defines the space within which each name must be unique. An empty

namespace is equivalent to the “default” namespace, but “default” is the

canonical representation. Not all objects are required to be scoped to a

namespace - the value of this field for those objects will be empty.

 Must be a DNS_LABEL. Cannot be updated. More info:
 http://kubernetes.io/docs/user-guide/namespaces
 
 # namespaces划分了一个空间，在同一个namesace下的资源名字是唯一的，默认的名称空间是default。

ownerReferences <[]Object>

List of objects depended by this object. If ALL objects in the list have

been deleted, this object will be garbage collected. If this object is

managed by a controller, then an entry in this list will point to this

controller, with the controller field set to true. There cannot be more

than one managing controller.

resourceVersion

An opaque value that represents the internal version of this object that

can be used by clients to determine when objects have changed. May be used

for optimistic concurrency, change detection, and the watch operation on a

resource or set of resources. Clients must treat these values as opaque and

passed unmodified back to the server. They may only be valid for a

particular resource or set of resources.

 Populated by the system. Read-only. Value must be treated as opaque by
 clients and . More info:
 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

SelfLink is a URL representing this object. Populated by the system.

Read-only.

 DEPRECATED Kubernetes will stop propagating this field in 1.20 release and
 the field is planned to be removed in 1.21 release.

uid

UID is the unique in time and space value for this object. It is typically

generated by the server on successful creation of a resource and is not

allowed to change on PUT operations.

 Populated by the system. Read-only. More info:
 http://kubernetes.io/docs/user-guide/identifiers#uids

#查看pod.spec字段如何定义

[root@master01 pod-test ]# kubectl explain pod.spec

KIND: Pod

VERSION: v1

RESOURCE: spec

DESCRIPTION:

Specification of the desired behavior of the pod. More info:

https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

 PodSpec is a description of a pod.
 
 #Pod的spec字段是用来描述Pod的

FIELDS:

activeDeadlineSeconds #表示Pod可以运行的最长时间，达到设置的值后，Pod会自动停止。

Optional duration in seconds the pod may be active on the node relative to

StartTime before the system will actively try to mark it failed and kill

associated containers. Value must be a positive integer.

affinity #定义亲和性的

If specified, the pod’s scheduling constraints

automountServiceAccountToken

AutomountServiceAccountToken indicates whether a service account token

should be automatically mounted.

containers <[]Object> -required-

List of containers belonging to the pod. Containers cannot currently be

added or removed. There must be at least one container in a Pod. Cannot be

updated.

#containers是对象列表，用来定义容器的，是必须字段。对象列表 表示下面有很多对象，对象列表下面的内容用 - 连接。
spec:
   containers:
     - name:  tomcat-java      #pod里的容器的名字
       ports:
       - containerPort: 8080   #容器暴露的端口

kubernetes最小调度单元pod详解（二）:https://developer.aliyun.com/article/1495566