重新认识pod
网络共享
1.POD内的容器使用Container模式共享根容器的网络
2.容器看到的网络设备信息和根容器完全相同
3.POD内的多个容器可以使用localhost进行网络通讯
4.POD内的多个容器不能绑定相同的端口
5.POD的生命周期和根容器一样,如果根容器退出了,POD就退出了
#### 启动一个nginx centos的pod
----- nginx 容器内 curl ----
[root@master kubernetes]# kubectl exec -it nginx-c7 -c nginx -- sh
/ curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
-----centos 容器内curl -----
[root@master kubernetes]# kubectl exec -it nginx-c7 -c c7 -- bash
[root@nginx-c7 /]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
----- master curl -----
[root@master kubernetes]# kubectl get pod nginx-c7 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-c7 2/2 Running 0 6m59s 10.2.3.11 node03 <none> <none>
[root@master kubernetes]# curl 10.2.3.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
------ node curl -----
[root@node01 ~]# curl 10.2.3.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
[root@node02 ~]# curl 10.2.3.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
[root@node03 empty-data]# curl 10.2.3.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
文件映射
本地映射 hostPath
将 node 上的文件或者目录映射到容器之中。
#### 利用k8s做一个关于目录映射的 mysql5.7 的资源清单
apiVersion: v1
kind: Pod
metadata:
name: mysql57
namespace: default
labels:
app: mysql57
spec:
volumes:
- name: mysql-data
hostPath:
path: /data/mysql
containers:
- name: mysql57
image: mysql:5.7
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
value: '123'
- name: MYSQL_DATABASE
value: 'wordpress'
- name: MYSQL_USER
value: 'wp_user'
- name: MYSQL_PASSWORD
value: '123'
args:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumeMounts:
- name: mysql-data
mountPath: /var/lib/mysql
- name: mysql-data
mountPath: /var/lib/mysql
### 运行
[root@master kubernetes]# kubectl apply -f mysql57.yaml
pod/mysql57 created
### 查看 详细信息
[root@master kubernetes]# kubectl get pod mysql57 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql57 1/1 Running 0 38s 10.2.1.2 node01 <none> <none>
[root@master kubernetes]# kubectl describe pod mysql57
### 进入查看
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
mysql> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| root | % |
| wp_user | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
mysql> show create database wordpress;
+-----------+--------------------------------------------------------------------------------------------------+
| Database | Create Database |
+-----------+--------------------------------------------------------------------------------------------------+
| wordpress | CREATE DATABASE `wordpress` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci */ |
+-----------+--------------------------------------------------------------------------------------------------+
mysql> show grants for wp_user@'%';
+--------------------------------------------------------+
| Grants for wp_user@% |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wp_user'@'%' |
| GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wp_user'@'%' |
+--------------------------------------------------------+
USAGE权限是一个特殊的权限,它表示用户能够连接到MySQL服务器,但无法执行任何数据库操作(如查询、更新等)。
wp_user用户对名为wordpress的数据库中的所有表拥有所有权限(ALL PRIVILEGES)
本地临时映射 emptyDir
临时映射 pod 结束 映射目录即可销毁
##### 随机的两个容器 nginx centos7
apiVersion: v1
kind: Pod
metadata:
name: nginx-c7
namespace: default
labels:
app: nginx-c7
spec:
volumes:
- name: empty-data
emptyDir: {}
containers:
- name: nginx
image: nginx:alpine
imagePullPolicy: IfNotPresent
volumeMounts:
- name: empty-data
mountOptions: /var/share/nginx/html
- name: c7
image: centos:7
imagePullPolicy: IfNotPresent
volumeMounts:
- name: empty-data
mountOptions: /opt/html
command:
- /bin/tail
- -f
- /etc/passwd
### 运行
[root@master kubernetes]# kubectl apply -f nginx.yaml
### 检查
[root@master kubernetes]# kubectl get pod nginx-c7 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-c7 2/2 Running 0 3m20s 10.2.3.10 node03 <none> <none>
[root@master kubernetes]# kubectl describe pod nginx-c7
[root@master kubernetes]# kubectl logs nginx-c7 nginx
[root@master kubernetes]# kubectl logs nginx-c7 c7
### 查看映射目录(node节点查看)
[root@node03 ~]# docker inspect k8s_c7_nginx-c7_default_1b93e360-30e1-4342-a91f-00b8122c632d_0
"Mounts": [
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data",
"Destination": "/opt/html",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
},
映射目录:/var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data
[root@node03 ~]# ll /var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data
total 0
### 测试
----- 开始前 -----
# 物理机:
[root@node03 ~]# ll /var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data
total 0
# nginx容器:
[root@master ~]# kubectl exec -it nginx-c7 -c nginx -- /bin/sh
/ # ll /var/share/ngins/html/
/bin/sh: ll: not found
# centos容器:
[root@master kubernetes]# kubectl exec -it nginx-c7 -c c7 -- bash
[root@nginx-c7 /]# ll /opt/html/
total 0
----- 物理机写入数据 ----
[root@node03 ~]# ll /var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data
total 0
[root@node03 ~]# cd /var/lib/kubelet/pods/1b93e360-30e1-4342-a91f-00b8122c632d/volumes/kubernetes.io~empty-dir/empty-data
[root@node03 empty-data]# echo lllllll > index.html
[root@node03 empty-data]# ll
total 4
-rw-r--r-- 1 root root 8 Sep 19 15:51 index.html
------ pod 查询 ----
centos容器:
[root@nginx-c7 /]# ll /opt/html/
total 4
-rw-r--r-- 1 root root 8 Sep 19 07:51 index.html
nginx容器:
[root@master kubernetes]# kubectl exec -it nginx-c7 -c nginx -- sh
/ # ls /var/share/ngins/html/
index.html