Pod

Last modified by Bin Chen on 2020/09/04 04:05

1.1 Concept

1.1.1 Multi-container POD

At times you may need two services to work together such as a web server and a logging service, but you'd still like them to be developed and deployed separately and you only need the two functionality to work together. Then you need multi container pod.

1.1.1.1 Multi-container PODs Design Patterns

There are 3 common patterns, when it comes to designing multi-container PODs. The first and what we just saw with the logging service example is known as a side car pattern. The others are the adapter and the ambassador pattern.

1.1.1.2 InitContainer

When a POD is first created the initContainer is run, and the process in the initContainer must run to a completion before the real container hosting the application starts.

You can configure multiple such initContainers as well, like how we did for multi-pod containers. In that case each init container is run one at a time in sequential order.

If any of the initContainers fail to complete, Kubernetes restarts the Pod repeatedly until the Init Container succeeds.

apiVersion: v1

kind: Pod

metadata:

name: myapp-pod

labels:

app: myapp

spec:

containers:

- name: myapp-container

image: busybox:1.28

command: ['sh', '-c', 'echo The app is running! && sleep 3600']

initContainers:

- name: init-myservice

image: busybox:1.28

command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']

- name: init-mydb

image: busybox:1.28

command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']

Reference:

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

https://www.udemy.com/certified-kubernetes-administrator-with-practice-tests/learn/lecture/15030046#overview

1.2 Configuration

1.2.1 Container

1.2.1.1 Arguments

新建 Microsoft Word 文档_html_9308a30aa8785639.png

1.2.1.2 Env Variables

新建 Microsoft Word 文档_html_7b367cbff5519b52.png 新建 Microsoft Word 文档_html_127ff9490ff023cc.png

1.2.2 Security Context

In the securityContext, you can define the user to run the container and capabilities.

新建 Microsoft Word 文档_html_51aa52829ccb617a.png 新建 Microsoft Word 文档_html_6ee5f48badf41e80.png

You may choose to configure the security settings at a container level or at a pod level.

  • If you configure it at a pod level the settings will carry over to all the containers within the pod.
  • If you can figure it at both the pod and the container the settings on the container will override the settings on the pod
  • Capabilities can only be configured at container level.

1.3 Edit

Remember, you CANNOT edit specifications of an existing POD other than the below.

  • spec.containers[*].image
  • spec.initContainers[*].image
  • spec.activeDeadlineSeconds
  • spec.tolerations

But if you really want to, you have 2 options:

1.3.1 Edit directly

kubectl edit pod <pod name>

1.3.2 Edit by recreating with YAML

kubectl get pod webapp -o yaml > my-new-pod.yaml

vi my-new-pod.yaml

kubectl delete pod webapp

kubectl create -f my-new-pod.yaml

1.4 Network

Kubernetes assumes that pods can communicate with other pods, regardless of which host they land on. We give every pod its own cluster-private-IP address. This means that containers within a Pod can all reach each other’s ports on localhost, and all pods in a cluster can see each other without NAT. And you can also reach any port from any other pod or node in your cluster using the pot cluster IP.

Tags:
Created by Bin Chen on 2020/09/04 04:05
    

Need help?

If you need help with XWiki you can contact:

京ICP备19054609号-1

京公网安备 11010502039855号