Tasks
Install Tools
Install and Set Up kubectl (EN)
Install Minikube (EN)
Setup an extension API server
Administer a Cluster
Administration with kubeadm
Certificate Management with kubeadm (EN)
Upgrading kubeadm HA clusters from v1.11 to v1.12 (EN)
Upgrading kubeadm HA clusters from v1.12 to v1.13 (EN)
Upgrading kubeadm clusters from v1.10 to v1.11 (EN)
Upgrading kubeadm clusters from v1.11 to v1.12 (EN)
Upgrading kubeadm clusters from v1.12 to v1.13 (EN)
Manage Memory, CPU, and API Resources
Configure Default Memory Requests and Limits for a Namespace (EN)
Configure Default CPU Requests and Limits for a Namespace (EN)
Configure Minimum and Maximum Memory Constraints for a Namespace (EN)
Configure Minimum and Maximum CPU Constraints for a Namespace (EN)
Configure Memory and CPU Quotas for a Namespace (EN)
Configure a Pod Quota for a Namespace (EN)
Install a Network Policy Provider
Use Calico for NetworkPolicy (EN)
Use Cilium for NetworkPolicy (EN)
Use Kube-router for NetworkPolicy (EN)
Romana for NetworkPolicy (EN)
Weave Net for NetworkPolicy (EN)
Access Clusters Using the Kubernetes API (EN)
Access Services Running on Clusters (EN)
Advertise Extended Resources for a Node (EN)
Autoscale the DNS Service in a Cluster (EN)
Change the Reclaim Policy of a PersistentVolume (EN)
Change the default StorageClass (EN)
Cluster Management (EN)
Configure Multiple Schedulers (EN)
Configure Out Of Resource Handling (EN)
Configure Quotas for API Objects (EN)
Control CPU Management Policies on the Node (EN)
Customizing DNS Service (EN)
Debugging DNS Resolution (EN)
Declare Network Policy (EN)
Developing Cloud Controller Manager (EN)
Encrypting Secret Data at Rest (EN)
Guaranteed Scheduling For Critical Add-On Pods (EN)
IP Masquerade Agent User Guide (EN)
Kubernetes Cloud Controller Manager (EN)
Limit Storage Consumption (EN)
Namespaces Walkthrough (EN)
Operating etcd clusters for Kubernetes (EN)
Reconfigure a Node's Kubelet in a Live Cluster (EN)
Reserve Compute Resources for System Daemons (EN)
Safely Drain a Node while Respecting Application SLOs (EN)
Securing a Cluster (EN)
Set Kubelet parameters via a config file (EN)
Set up High-Availability Kubernetes Masters (EN)
Share a Cluster with Namespaces (EN)
Static Pods (EN)
Storage Object in Use Protection (EN)
Using CoreDNS for Service Discovery (EN)
Using a KMS provider for data encryption (EN)
Using sysctls in a Kubernetes Cluster (EN)
Configure Pods and Containers
Configure Pods and Containers
Assign Memory Resources to Containers and Pods (EN)
Assign CPU Resources to Containers and Pods (EN)
Configure Quality of Service for Pods (EN)
Assign Extended Resources to a Container (EN)
Configure a Pod to Use a Volume for Storage (EN)
Configure a Pod to Use a PersistentVolume for Storage (EN)
Configure a Pod to Use a Projected Volume for Storage (EN)
Configure a Security Context for a Pod or Container (EN)
Configure Service Accounts for Pods (EN)
Pull an Image from a Private Registry (EN)
Configure Liveness and Readiness Probes (EN)
将 Pod 分配给节点
Configure Pod Initialization (EN)
Attach Handlers to Container Lifecycle Events (EN)
Configure a Pod to Use a ConfigMap (EN)
Share Process Namespace between Containers in a Pod (EN)
Translate a Docker Compose File to Kubernetes Resources (EN)
给容器分配非透明整型资源
Accessing Clusters
Inject Data Into Applications
Inject Data Into Applications
为容器设置启动时要执行的命令及其入参
为容器设置环境变量
使用 PodPreset 将信息注入 Pods
使用 Secret 安全地分发凭证
通过文件将Pod信息呈现给容器
通过环境变量将Pod信息呈现给容器
Run Applications
Run a Stateless Application Using a Deployment (EN)
Run a Single-Instance Stateful Application (EN)
Run a Replicated Stateful Application (EN)
Update API Objects in Place Using kubectl patch (EN)
Scale a StatefulSet (EN)
Delete a StatefulSet (EN)
Force Delete StatefulSet Pods (EN)
Perform Rolling Update Using a Replication Controller (EN)
Horizontal Pod Autoscaler (EN)
Horizontal Pod Autoscaler Walkthrough (EN)
Specifying a Disruption Budget for your Application (EN)
Use Port Forwarding to Access Applications in a Cluster
Run Jobs
Run Jobs
Running Automated Tasks with a CronJob
Parallel Processing using Expansions (EN)
Coarse Parallel Processing Using a Work Queue (EN)
使用工作队列进行精细的并行处理
Provide Load-Balanced Access to an Application in a Cluster
Access Applications in a Cluster
Web UI (Dashboard) (EN)
Accessing Clusters (EN)
Configure Access to Multiple Clusters (EN)
Use Port Forwarding to Access Applications in a Cluster (EN)
Use a Service to Access an Application in a Cluster (EN)
Connect a Front End to a Back End Using a Service (EN)
Create an External Load Balancer (EN)
Configure Your Cloud Provider's Firewalls (EN)
List All Container Images Running in a Cluster (EN)
Set up Ingress on Minikube with the NGINX Ingress Controller (EN)
Communicate Between Containers in the Same Pod Using a Shared Volume (EN)
Configure DNS for a Cluster (EN)
Use a Service to Access an Application in a Cluster
删除 StatefulSet
Monitor, Log, and Debug
Monitor, Log, and Debug
Application Introspection and Debugging (EN)
Auditing
Core metrics pipeline (EN)
Debug Init Containers (EN)
Debug Services (EN)
Debugging Kubernetes nodes with crictl (EN)
Determine the Reason for Pod Failure (EN)
Developing and debugging services locally (EN)
Events in Stackdriver (EN)
Get a Shell to a Running Container (EN)
Logging Using Elasticsearch and Kibana (EN)
Logging Using Stackdriver (EN)
Monitor Node Health (EN)
Tools for Monitoring Resources (EN)
Troubleshooting (EN)
应用故障排查
调试Pods和Replication Controllers
调试StatefulSet
集群故障排查
Create an External Load Balancer
Extend Kubernetes
Use Custom Resources
Extend the Kubernetes API with CustomResourceDefinitions (EN)
Versions of CustomResourceDefinitions (EN)
Configure the Aggregation Layer (EN)
Setup an Extension API Server (EN)
Use an HTTP Proxy to Access the Kubernetes API (EN)
配置你的云平台防火墙
TLS
Certificate Rotation (EN)
Manage TLS Certificates in a Cluster (EN)
List All Container Images Running in a Cluster
Federation - Run an App on Multiple Clusters
Federation - Run an App on Multiple Clusters
Set up Cluster Federation with Kubefed (EN)
Set up CoreDNS as DNS provider for Cluster Federation (EN)
Set up placement policies in Federation (EN)
Cross-cluster Service Discovery using Federated Services (EN)
Administer Federation Control Plane
Federated Cluster (EN)
Federated ConfigMap (EN)
Federated DaemonSet (EN)
Federated Deployment (EN)
Federated Events (EN)
Federated Horizontal Pod Autoscalers (HPA) (EN)
Federated Ingress (EN)
Federated Jobs (EN)
Federated Namespaces (EN)
Federated ReplicaSets (EN)
Federated Secrets (EN)
Configure DNS for a Cluster
Manage Cluster Daemons
Perform a Rollback on a DaemonSet (EN)
Perform a Rolling Update on a DaemonSet (EN)
Install Service Catalog
Install Service Catalog using Helm (EN)
Install Service Catalog using SC (EN)
Federation - Run an App on Multiple Clusters
Federation - Run an App on Multiple Clusters
Administer-clusters
Administration with kubeadm
Certificate Management with kubeadm (EN)
Upgrading kubeadm HA clusters from v1.11 to v1.12 (EN)
Upgrading kubeadm HA clusters from v1.12 to v1.13 (EN)
Upgrading kubeadm clusters from v1.10 to v1.11 (EN)
Upgrading kubeadm clusters from v1.11 to v1.12 (EN)
Upgrading kubeadm clusters from v1.12 to v1.13 (EN)
Manage Memory, CPU, and API Resources
Manage Memory, CPU, and API Resources
Configure Default Memory Requests and Limits for a Namespace
Configure Default CPU Requests and Limits for a Namespace
Configure Minimum and Maximum Memory Constraints for a Namespace
Configure Minimum and Maximum CPU Constraints for a Namespace
Configure Memory and CPU Quotas for a Namespace
Configure a Pod Quota for a Namespace (EN)
Install a Network Policy Provider
Install a Network Policy Provider
使用 Calico 作为 NetworkPolicy
使用 Cilium 作为 NetworkPolicy
使用 Kube-router 作为 NetworkPolicy
使用 Romana 作为 NetworkPolicy
使用 Weave Net 作为 NetworkPolicy
Access Clusters Using the Kubernetes API (EN)
Advertise Extended Resources for a Node (EN)
Autoscale the DNS Service in a Cluster (EN)
Configure Multiple Schedulers (EN)
Configure Out Of Resource Handling (EN)
Configure Quotas for API Objects (EN)
Debugging DNS Resolution (EN)
Developing Cloud Controller Manager (EN)
Encrypting Secret Data at Rest
IP Masquerade Agent User Guide (EN)
Kubernetes Cloud Controller Manager (EN)
Limit Storage Consumption (EN)
Namespaces Walkthrough (EN)
Operating etcd clusters for Kubernetes (EN)
Reconfigure a Node's Kubelet in a Live Cluster (EN)
Reserve Compute Resources for System Daemons (EN)
Safely Drain a Node while Respecting Application SLOs (EN)
Securing a Cluster (EN)
Set up High-Availability Kubernetes Masters (EN)
Share a Cluster with Namespaces (EN)
Storage Object in Use Protection (EN)
Using CoreDNS for Service Discovery (EN)
Using a KMS provider for data encryption (EN)
使用 Calico 来提供 NetworkPolicy
使用 Romana 来提供 NetworkPolicy
使用 Weave 网络来提供 NetworkPolicy
关键插件 Pod 的调度保证
在 Kubernetes 中配置私有 DNS 和上游域名服务器
在 Kubernetes 集群中使用 sysctl
声明网络策略
将 kubeadm 集群在 v1.8 版本到 v1.9 版本之间升级/降级
应用资源配额和限额
控制节点上的CPU管理策略
改变默认 StorageClass
更改 PersistentVolume 的回收策略
设置 Pod CPU 和内存限制
访问集群上运行的服务
通过配置文件设置 Kubelet 参数
配置命名空间下pod总数
集群管理
静态Pods
Extend kubectl with plugins (EN)
使用 Service 把前端连接到后端
使用Deployment运行一个无状态应用
同 Pod 内的容器使用共享卷通信
基于Replication Controller执行滚动升级
对 DaemonSet 执行回滚
弹缩StatefulSet
管理巨页(HugePages)
证书轮换
调度 GPU
运行一个单实例有状态应用
配置对多集群的访问

Edit This Page

静态Pods

如果你正在运行Kubernetes集群并且使用静态pods在每个节点上起一个pod,那么最好使用DaemonSet!

*静态pods*直接由特定节点上的kubelet进程来管理,不通过主控节点上的API服务器。静态pod不关联任何replication controller,它由kubelet进程自己来监控,当pod崩溃时重启该pod。对于静态pod没有健康检查。静态pod始终绑定在某一个kubelet,并且始终运行在同一个节点上。

Kubelet自动为每一个静态pod在Kubernetes的API服务器上创建一个镜像Pod(Mirror Pod),因此可以在API服务器查询到该pod,但是不被API服务器控制(例如不能删除)。

静态pod创建

静态pod有两种创建方式:用配置文件或者通过HTTP。

配置文件

配置文件就是放在特定目录下的标准的JSON或YAML格式的pod定义文件。用kubelet --pod-manifest-path=<the directory>来启动kubelet进程,kubelet将会周期扫描这个目录,根据这个目录下出现或消失的YAML/JSON文件来创建或删除静态pod。

下面例子用静态pod的方式启动一个nginx的Web服务器:

  1. 选择一个节点来运行静态pod。这个例子中就是my-node1

    [joe@host ~] $ ssh my-node1

  2. 选择一个目录,例如/etc/kubelet.d,把web服务器的pod定义文件放在这个目录下,例如/etc/kubelet.d/static-web.yaml:

    [root@my-node1 ~] $ mkdir /etc/kubelet.d/
[root@my-node1 ~] $ cat <<EOF >/etc/kubelet.d/static-web.yaml
apiVersion: v1
kind: Pod
metadata:
  name: static-web
  labels:
    role: myrole
spec:
  containers:
    - name: web
      image: nginx
      ports:
        - name: web
          containerPort: 80
          protocol: TCP
EOF

3.配置节点上的kubelet使用这个目录,kubelet启动时增加--pod-manifest-path=/etc/kubelet.d/参数。如果是Fedora系统,在Kubelet配置文件/etc/kubernetes/kubelet中添加下面这行:

```
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
```

如果是其它Linux发行版或者其它Kubernetes安装方式,配置方法可能会不一样。

  1. 重启kubelet。如果是Fedora系统,就是:

    [root@my-node1 ~] $ systemctl restart kubelet

通过HTTP创建静态Pods

Kubelet周期地从–manifest-url=参数指定的地址下载文件,并且把它翻译成JSON/YAML格式的pod定义。此后的操作方式与–pod-manifest-path=相同,kubelet会不时地重新下载该文件,当文件变化时对应地终止或启动静态pod(如下)。

静态pods的动作行为

kubelet启动时,由--pod-manifest-path= or --manifest-url=参数指定的目录下定义的所有pod都会自动创建,例如,我们示例中的static-web。 (可能要花些时间拉取nginx镜像,耐心等待…)

[joe@my-node1 ~] $ docker ps
CONTAINER ID IMAGE         COMMAND  CREATED        STATUS         PORTS     NAMES
f6d05272b57e nginx:latest  "nginx"  8 minutes ago  Up 8 minutes             k8s_web.6f802af4_static-web-fk-node1_default_67e24ed9466ba55986d120c867395f3c_378e5f3c

如果我们查看Kubernetes的API服务器(运行在主机 my-master),可以看到这里创建了一个新的镜像Pod:

[joe@host ~] $ ssh my-master
[joe@my-master ~] $ kubectl get pods
NAME                       READY     STATUS    RESTARTS   AGE
static-web-my-node1        1/1       Running   0          2m

静态pod的标签会传递给镜像Pod,可以用来过滤或筛选。

需要注意的是,我们不能通过API服务器来删除静态pod(例如,通过 kubectl 命令),kebelet不会删除它。

[joe@my-master ~] $ kubectl delete pod static-web-my-node1
pods/static-web-my-node1
[joe@my-master ~] $ kubectl get pods
NAME                       READY     STATUS    RESTARTS   AGE
static-web-my-node1        1/1       Running   0          12s

返回my-node1主机,我们尝试手动终止容器,可以看到kubelet很快就会自动重启容器。

[joe@host ~] $ ssh my-node1
[joe@my-node1 ~] $ docker stop f6d05272b57e
[joe@my-node1 ~] $ sleep 20
[joe@my-node1 ~] $ docker ps
CONTAINER ID        IMAGE         COMMAND                CREATED       ...
5b920cbaf8b1        nginx:latest  "nginx -g 'daemon of   2 seconds ago ...

静态pods的动态增加和删除

运行中的kubelet周期扫描配置的目录(我们这个例子中就是/etc/kubelet.d)下文件的变化,当这个目录中有文件出现或消失时创建或删除pods。

[joe@my-node1 ~] $ mv /etc/kubelet.d/static-web.yaml /tmp
[joe@my-node1 ~] $ sleep 20
[joe@my-node1 ~] $ docker ps
// no nginx container is running
[joe@my-node1 ~] $ mv /tmp/static-web.yaml  /etc/kubelet.d/
[joe@my-node1 ~] $ sleep 20
[joe@my-node1 ~] $ docker ps
CONTAINER ID        IMAGE         COMMAND                CREATED           ...
e7a62e3427f1        nginx:latest  "nginx -g 'daemon of   27 seconds ago

反馈