[k8s] Pod - HackMD

[k8s] Pod =========== ###### tags: `kubernetes` + 每個 Pod 在被建立的時候都會有一組 unique IP address + 只有在相同k8s cluster的pod才可以存取 ## command lines ```sh= k run nginx --image=nginx --port=8080 k run redis --labels='tier=db' --image=redis:alpine k run nginx --image=nginx --dry-run=client -o yaml k describe pod newpods-w5lcb k get po elephant -o yaml > xx.yaml kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup <P-O-D-I-P.default.pod> > /root/CKA/nginx.pod ``` ## definition ```yaml= apiVersion: v1 kind: Pod metadata: name: postgres labels: app: postgres spec: containers: - name: postgres image: postgres:10 ports: - containerPort: 5432 env: - name: POSTGRES_PASSWORD value: "pwd" volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {} ``` ## how do containers communicate inside the Pod? ![](https://i.imgur.com/eejZiFj.png =400x) ## Configure a Security Context for a Pod or Container ```yaml= apiVersion: v1 kind: Pod metadata: name: security-context-demo-2 spec: securityContext: runAsUser: 1000 containers: - name: sec-ctx-demo-2 image: gcr.io/google-samples/node-hello:1.0 securityContext: runAsUser: 2000 allowPrivilegeEscalation: false ``` ## types of volumes ### emptyDir 每當我們建立一個新的 Pod 物件時，Kubernetes 就會在這個 Pod 裏建立一個 `emptyDir`，==該 Pod 中所有的 container 都可以讀寫 emptyDir 中的資料==。當 Pod 從 Node 中被移除時，emptyDir 也會隨之消失，emptyDir 有以下幾個用途： + 暫時性儲存空間 ~ 例如某些應用程式運行時需要一些臨時而無需永久保存的資料夾 + 共用儲存空間 ~ 正如上述提到，同一個 Pod 中所有的 containers 都可以讀寫 emptyDir，也可以將 emptyDir 當作是這些 containers 的共用目錄 ### hostPath 在 Pod 物件上，掛載 Node 的資料夾或檔案。hostPath 的生命週期與 Node 相同，當 Pod 因某些原因而須重啟時，檔案仍保存在 Node 的檔案系統(file system)底下，直到該 Node 物件被 Kubernetes Cluster 移除，資料才會消失。 ```yaml= apiVersion: v1 kind: Pod metadata: name: apiserver spec: containers: - name: apiserver image: zxcvbnius/docker-demo imagePullPolicy: Always volumeMounts: - mountPath: /tmp name: tmp-volume volumes: - name: tmp-volume hostPath: path: /tmp type: Directory ``` + DirectoryOrCreate ~ 若 host path 指定的目錄不存在，則會新建一個目錄 + Directory ~ 指定的目錄必須存在 + FileOrCreate ~ 若 host path 指定的檔案不存在，則會新建一個檔案 + File ~ 指定的檔案必須存在 ### Cloud Storage Kubernetes 也支援 AWS EBS、Google Disk 與 Microsoft Azure Disk 等雲端硬碟類型的 Volumes ### NFS ## multiple container pods ![](https://hackmd.io/_uploads/Hylj0snV2.png =300x) ```yaml= apiVersion: v1 kind: Pod metadata: name: app namespace: elastic-stack labels: name: app spec: containers: - name: app image: kodekloud/event-simulator volumeMounts: - mountPath: /log name: log-volume - name: sidecar image: kodekloud/filebeat-configured volumeMounts: - mountPath: /var/log/event-simulator/ name: log-volume volumes: - name: log-volume hostPath: # directory location on host path: /var/log/webapp # this field is optional type: DirectoryOrCreate ``` ## init containers > specialized containers that run before app containers in a Pod ```yaml= spec: initContainers: - name: init-myservice image: busybox command: ['sleep', '20'] ``` ## reference + [Kubernetes 那些事 — Pod 篇](https://medium.com/andy-blog/kubernetes-%E9%82%A3%E4%BA%9B%E4%BA%8B-pod-%E7%AF%87-57475cec22f3)