一. 前言

Pod是Kubernetes中能够创建和部署的最小单元，是Kubernetes集群中的一个应用实例，总是部署在同一个节点Node上。Pod中包含了一个或多个容器，还包括了存储、网络等各个容器共享的资源。Pod支持多种容器环境，Docker则是最流行的容器环境。

二. 配置信息

Pod的配置信息中有几个重要部分，apiVersion、kind、metadata、spec以及status。
其中apiVersion和kind是比较固定的，status是运行时的状态，所以最重要的就是metadata和spec两个部分。

2.1. pod 样例

apiVersion: v1
kind: Pod
metadata:name: pod-test-666labels:app: podtestenv: boyi
spec:restartPolicy: Nevervolumes:- name: shared-datahostPath:path: /opt/k8s/shared-datacontainers:- name: shell-jobimage: centos:7volumeMounts:- name: shared-datamountPath: /pod-datacommand: ["/bin/sh"]args: ["-c", "cd /pod-data/ && /pod-data/entrypoint.sh"]

2.2. 概念

pod中核心分为五部分 : apiVersion、kind、metadata、spec以及status。

序号	属性名称	属性类型	是否必选	备注
1	apiVersion	String	是	版本号 : v1
2	kind	String	是	Pod
3	metadata	Object	是	元数据信息
4	spec	Object	是	Pod中容器的详细信息
5	status	–	–	任务的执行状态,不在pod中定义

2.3. metadata 常用属性

序号	属性名称	属性类型	是否必选	备注
1	metadata.name	String	是	Pod 名称
2	metadata.namespce	String	是	Pod所属namespace
3	metadata.labels[]	List	否	自定义标签列表
4	metadata.annotation[]	List	否	自定义注解列表

2.4. spec

序号	属性名称	属性类型	是否必选	备注
1	spec.containers[]	List	是	Pod中的容器列表
2	spec.containers[].name	String	是	容器的名称
3	spec.containers[].image	String	是	容器镜像名称
4	spec.containers[].imagePullPolicy	String	- -	镜像拉取策略: 可选值: Always,Never,IfNotPresent,默认值Always Always:每次都尝试重新拉取镜像 IfNotPresent: 如果本地有镜像使用本地,否则拉取远程镜像 Never: 表示仅使用本地镜像
5	spec.containers[].command[]	List	- -	容器启动命令列表,如果不指定,则使用镜像打包时使用的启动命令
6	spec.containers[].args[]	List	- -	容器启动命令参数列表
7	spec.containers[].workingDir	String	- -	容器的工作目录

8	spec.containers[].volumeMounts[]	List	- -	挂载到容器内部的存储卷配置
9	spec.containers[]…volumeMounts[].name	String	- -	引用Pod定义的共享存储卷的名称,需要使用volumes[]部分定义的共享存储卷名称
10	spec.containers[]…volumeMounts[].mountPath	String	- -	存储卷在容器内挂载的绝对路径,应少于512个字符
11	spec.containers[]…volumeMounts[].readOnly	Boolean	- -	是否为只读模式,默认读写模式

12	spec.containers[].ports[]	List	- -	容器需要暴露的端口号列表
13	spec.containers[].ports[].name	String	- -	端口的名称
14	spec.containers[].ports[].containerPort	Int	- -	容器需要监听的端口号
15	spec.containers[].ports[].hostPort	Int	- -	容器所在主机需要监听的端口号,默认与containerPort相同. 设置hostPort时,同一台宿主机将无法启动该容器的第二份副本.
16	spec.containers[].ports[].protocol	String	- -	端口协议,支持TCP和UDP,默认TCP

17	spec.containers[].env[]	List	- -	容器运行前需要设置的环境变量列表
18	spec.containers[].env[].name	String	- -	环境变量的名称
19	spec.containers[].env[].value	String	- -	环境变量的值

20	spec.containers[].resources	Object	- -	资源限制和资源请求设置
21	spec.containers[].resources.limits	Object	- -	资源限制设置
22	spec.containers[].resources.limits.cpu	String	- -	cpu限制
23	spec.containers[].resources.limits.memory	String	- -	内存限制
24	spec.containers[].resources.requests	Object	- -	资源限制设置
25	spec.containers[].resources.requests.cpu	String	- -	容器初始化,cpu请求数量
26	spec.containers[].resources.requests.memory	String	- -	容器初始化,内存请求数量

27	spec.volumes[]	List	- -	在该Pod上定义的共享存储列表
28	spec.volumes[].name	String	- -	共享存储卷的名称,在一个Pod中每个存储卷定义一个名称, 容器定义部分的`spec.containers[]..volumeMounts[].name`将引用该共享存储卷的名称.

29	spec.volumes[].emptyDir	Object	- -	类型为emptyDir的存储卷,表示与Pod同生命周期的一个临时目录,其值为一个空对象: emptyDir:{}
30	spec.volumes[].hostPath	Object	- -	类型为hostPath的存储卷,表示Pod容器挂载的宿主机目录,通过volumes[].hostPath.path指定
31	spec.volumes[].hostPath.path	String	- -	Pod容器挂载的宿主机目录
32	spec.volumes[].secret	Object	- -	类型为secret的存储卷,表示挂载集群预定义的secret对象到容器内部
33	spec.volumes[].configMap	Object	- -	类型为configMap的存储卷,表示挂载集群预定义的configMap对象到容器内部

34	spec.volumes[].livenessProbe	Object	- -	对Pod内各容器健康检查的设置,当探测无响应几次之后,系统将自动重启该容器. 可以设置的方法包括: exec,httpGet和tcpSocket. 对一个容器仅需设置一种健康检查方法.

35	spec.volumes[].livenessProbe.exec	Object	- -	对Pod内各容器健康检查的设置, exec方式
36	spec.volumes[].livenessProbe.exec.command[]	String	- -	exec方式需要指定的命令或者脚本
37	spec.volumes[].livenessProbe.httpGet	Object	- -	对Pod内各容器健康检查的设置,httpGet方式. 需要指定path,port.
38	spec.volumes[].livenessProbe.tcpSocket	Object	- -	对Pod内各容器健康检查,tcpSocket方式.

39	spec.volumes[].livenessProbe.initialDelaySeconds	Number	- -	容器启动完成后首次探测的时间,单位s
40	spec.volumes[].livenessProbe.timeoutSeconds	Number	- -	对容器健康检查的探测等待响应的超时时间设置,单位s. 默认值1s.
41	spec.volumes[].livenessProbe.periodSeconds	Number	- -	对容器健康检查的定期探测时间设置,单位s, 默认10s探测一次

42	spec.restartPolicy	String	- -	Pod的重启策略,可选值为Always,OnFailure. 默认值为Always 1. Always: Pod一旦终止运行,无论容器是如何终止的,容器都将重启. 2.OnFailure: 只有Pod以非零退出码终止时,才重启该容器. 如果容器正常结束,则不容器.
43	spec.nodeSelector	Object	- -	设置Node的label, 以key:value格式指定,Pod将会被调度到具有这些Label的Node上.
44	spec.imagePullSecrets	Object	- -	pull镜像时使用的secret名称,以name:secretkey格式指定
45	spec.hostNetwork	Boolean	- -	是否使用主机网络模式,默认值是false. 设置为true表示容器使用宿主机网络,不再使用Docker网桥,该Pod将无法在同一台宿主机上启动第2个副本.

2.5. status

像单独的容器应用一样，Pod并不是持久运行的。Pod创建后，Kubernetes为其分配一个UID，并且通过Controller调度到Node中运行，然后Pod一直保持运行状态直到运行正常结束或者被删除。在Node发生故障时，Controller负责将其调度到其他的Node中。Kubernetes为Pod定义了几种状态，分别如下：

三. 常用的操作指令

3.1. 创建

使用配置文件的方式创建Pod。

$ kubectl create -f first-pod.yml

3.2. 查看配置

 kubectl get pod first-pod -o yaml

或者

 kubectl describe  pod az-sleep -o yaml

3.3. 查看日志

 kubectl logs first-pod

如果Pod中有多个容器，查看特定容器的日志需要指定容器名称

kubectl logs pod-name -c container-name

3.4. 标签管理

显示Pod的标签

[root@master01 ~]# kubectl get pods --show-labels
NAME        READY     STATUS    RESTARTS   AGE       LABELS
first-pod   1/1       Running   0          15m       app=bash

使用 second-pod.yml 我们再创建一个包含两个标签的Pod。

[root@master01 ~]# kubectl create -f first-pod.yml
pod/second-pod created
[root@master01 ~]# kubectl get pods --show-labels
NAME         READY     STATUS              RESTARTS   AGE       LABELS
first-pod    1/1       Running             0          17m       app=bash
second-pod   0/1       ContainerCreating   0          20s       app=bash,tir=backend

根据标签来查询Pod。

[root@master01 ~]# kubectl get pods -l tir=backend --show-labels
NAME         READY     STATUS    RESTARTS   AGE       LABELS
second-pod   1/1       Running   0          1m        app=bash,tir=backend

增加标签

[root@master01 ~]# kubectl label pod first-pod tir=frontend
pod/first-pod labeled
[root@master01 ~]# kubectl get pods --show-labels
NAME         READY     STATUS    RESTARTS   AGE       LABELS
first-pod    1/1       Running   0          24m       app=bash,tir=frontend
second-pod   1/1       Running   0          7m        app=bash,tir=backend

修改标签

[root@master01 ~]# kubectl label pod first-pod tir=unkonwn --overwrite
pod/first-pod labeled
[root@master01 ~]# kubectl get pods --show-labels
NAME         READY     STATUS    RESTARTS   AGE       LABELS
first-pod    1/1       Running   0          25m       app=bash,tir=unkonwn
second-pod   1/1       Running   0          8m        app=bash,tir=backend

可以将标签显示为列

[root@master01 ~]# kubectl get pods -L app,tir
NAME         READY     STATUS    RESTARTS   AGE       APP       TIR
first-pod    1/1       Running   0          26m       bash      unkonwn
second-pod   1/1       Running   0          9m        bash      backend

3.5. 删除pod

[root@master01 ~]# kubectl delete pods first-pod
pod "first-pod" deleted

也可以根据标签选择器删除。

[root@master01 ~]# kubectl delete pods -l tir=backend
pod "second-pod" deleted

四. 通过指令查看pod帮助信息

[root@master01 ~]# kubectl explain pod
KIND:     Pod
VERSION:  v1DESCRIPTION:Pod is a collection of containers that can run on a host. This resource iscreated by clients and scheduled onto hosts.FIELDS:apiVersion <string>APIVersion defines the versioned schema of this representation of anobject. Servers should convert recognized schemas to the latest internalvalue, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourceskind    <string>Kind is a string value representing the REST resource this objectrepresents. Servers may infer this from the endpoint the client submitsrequests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsmetadata   <Object>Standard object's metadata. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataspec   <Object>Specification of the desired behavior of the pod. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusstatus <Object>Most recently observed status of the pod. This data may not be up to date.Populated by the system. Read-only. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

查看 pod 中的kind 描述

[root@master01 ~]# kubectl explain pod.kind
KIND:     Pod
VERSION:  v1FIELD:    kind <string>DESCRIPTION:Kind is a string value representing the REST resource this objectrepresents. Servers may infer this from the endpoint the client submitsrequests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

查看 pod 中的apiVersion 描述

[root@master01 ~]# kubectl explain pod.apiVersion
KIND:     Pod
VERSION:  v1FIELD:    apiVersion <string>DESCRIPTION:APIVersion defines the versioned schema of this representation of anobject. Servers should convert recognized schemas to the latest internalvalue, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

查看 pod 中的metadata 描述

[root@master01 ~]# kubectl explain pod.metadata
KIND:     Pod
VERSION:  v1RESOURCE: metadata <Object>DESCRIPTION:Standard object's metadata. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataObjectMeta is metadata that all persisted resources must have, whichincludes all objects users must create.FIELDS:annotations   <map[string]string>Annotations is an unstructured key value map stored with a resource thatmay be set by external tools to store and retrieve arbitrary metadata. Theyare not queryable and should be preserved when modifying objects. Moreinfo: http://kubernetes.io/docs/user-guide/annotationsclusterName <string>The name of the cluster which the object belongs to. This is used todistinguish resources with same name and namespace in different clusters.This field is not set anywhere right now and apiserver is going to ignoreit if set in create or update request.creationTimestamp <string>CreationTimestamp is a timestamp representing the server time when thisobject was created. It is not guaranteed to be set in happens-before orderacross separate operations. Clients may not set this value. It isrepresented in RFC3339 form and is in UTC.Populated by the system. Read-only. Null for lists. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatadeletionGracePeriodSeconds  <integer>Number of seconds allowed for this object to gracefully terminate before itwill be removed from the system. Only set when deletionTimestamp is alsoset. May only be shortened. Read-only.deletionTimestamp   <string>DeletionTimestamp is RFC 3339 date and time at which this resource will bedeleted. This field is set by the server when a graceful deletion isrequested by the user, and is not directly settable by a client. Theresource is expected to be deleted (no longer visible from resource lists,and not reachable by name) after the time in this field, once thefinalizers list is empty. As long as the finalizers list contains items,deletion is blocked. Once the deletionTimestamp is set, this value may notbe unset or be set further into the future, although it may be shortened orthe resource may be deleted prior to this time. For example, a user mayrequest that a pod is deleted in 30 seconds. The Kubelet will react bysending a graceful termination signal to the containers in the pod. Afterthat 30 seconds, the Kubelet will send a hard termination signal (SIGKILL)to the container and after cleanup, remove the pod from the API. In thepresence of network partitions, this object may still exist after thistimestamp, until an administrator or automated process can determine theresource is fully terminated. If not set, graceful deletion of the objecthas not been requested.Populated by the system when a graceful deletion is requested. Read-only.More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatafinalizers  <[]string>Must be empty before the object is deleted from the registry. Each entry isan identifier for the responsible component that will remove the entry fromthe list. If the deletionTimestamp of the object is non-nil, entries inthis list can only be removed. Finalizers may be processed and removed inany order. Order is NOT enforced because it introduces significant risk ofstuck finalizers. finalizers is a shared field, any actor with permissioncan reorder it. If the finalizer list is processed in order, then this canlead to a situation in which the component responsible for the firstfinalizer in the list is waiting for a signal (field value, externalsystem, or other) produced by a component responsible for a finalizer laterin the list, resulting in a deadlock. Without enforced ordering finalizersare free to order amongst themselves and are not vulnerable to orderingchanges in the list.generateName <string>GenerateName is an optional prefix, used by the server, to generate aunique name ONLY IF the Name field has not been provided. If this field isused, the name returned to the client will be different than the namepassed. This value will also be combined with a unique suffix. The providedvalue has the same validation rules as the Name field, and may be truncatedby the length of the suffix required to make the value unique on theserver.If this field is specified and the generated name exists, the server willNOT return a 409 - instead, it will either return 201 Created or 500 withReason ServerTimeout indicating a unique name could not be found in thetime allotted, and the client should retry (optionally after the timeindicated in the Retry-After header).Applied only if Name is not specified. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotencygeneration    <integer>A sequence number representing a specific generation of the desired state.Populated by the system. Read-only.labels  <map[string]string>Map of string keys and values that can be used to organize and categorize(scope and select) objects. May match selectors of replication controllersand services. More info: http://kubernetes.io/docs/user-guide/labelsmanagedFields   <[]Object>ManagedFields maps workflow-id and version to the set of fields that aremanaged by that workflow. This is mostly for internal housekeeping, andusers typically shouldn't need to set or understand this field. A workflowcan be the user's name, a controller's name, or the name of a specificapply path like "ci-cd". The set of fields is always in the version thatthe workflow used when modifying the object.name    <string>Name must be unique within a namespace. Is required when creatingresources, although some resources may allow a client to request thegeneration of an appropriate name automatically. Name is primarily intendedfor creation idempotence and configuration definition. Cannot be updated.More info: http://kubernetes.io/docs/user-guide/identifiers#namesnamespace   <string>Namespace defines the space within which each name must be unique. An emptynamespace is equivalent to the "default" namespace, but "default" is thecanonical representation. Not all objects are required to be scoped to anamespace - the value of this field for those objects will be empty.Must be a DNS_LABEL. Cannot be updated. More info:http://kubernetes.io/docs/user-guide/namespacesownerReferences   <[]Object>List of objects depended by this object. If ALL objects in the list havebeen deleted, this object will be garbage collected. If this object ismanaged by a controller, then an entry in this list will point to thiscontroller, with the controller field set to true. There cannot be morethan one managing controller.resourceVersion <string>An opaque value that represents the internal version of this object thatcan be used by clients to determine when objects have changed. May be usedfor optimistic concurrency, change detection, and the watch operation on aresource or set of resources. Clients must treat these values as opaque andpassed unmodified back to the server. They may only be valid for aparticular resource or set of resources.Populated by the system. Read-only. Value must be treated as opaque byclients and . More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistencyselfLink    <string>SelfLink is a URL representing this object. Populated by the system.Read-only.DEPRECATED Kubernetes will stop propagating this field in 1.20 release andthe field is planned to be removed in 1.21 release.uid    <string>UID is the unique in time and space value for this object. It is typicallygenerated by the server on successful creation of a resource and is notallowed to change on PUT operations.Populated by the system. Read-only. More info:http://kubernetes.io/docs/user-guide/identifiers#uids

查看 pod 中的spec 描述

[root@master01 ~]# kubectl explain pod.spec
KIND:     Pod
VERSION:  v1RESOURCE: spec <Object>DESCRIPTION:Specification of the desired behavior of the pod. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusPodSpec is a description of a pod.FIELDS:activeDeadlineSeconds  <integer>Optional duration in seconds the pod may be active on the node relative toStartTime before the system will actively try to mark it failed and killassociated containers. Value must be a positive integer.affinity   <Object>If specified, the pod's scheduling constraintsautomountServiceAccountToken   <boolean>AutomountServiceAccountToken indicates whether a service account tokenshould be automatically mounted.containers <[]Object> -required-List of containers belonging to the pod. Containers cannot currently beadded or removed. There must be at least one container in a Pod. Cannot beupdated.dnsConfig   <Object>Specifies the DNS parameters of a pod. Parameters specified here will bemerged to the generated DNS configuration based on DNSPolicy.dnsPolicy    <string>Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNSparameters given in DNSConfig will be merged with the policy selected withDNSPolicy. To have DNS options set along with hostNetwork, you have tospecify DNS policy explicitly to 'ClusterFirstWithHostNet'.enableServiceLinks  <boolean>EnableServiceLinks indicates whether information about services should beinjected into pod's environment variables, matching the syntax of Dockerlinks. Optional: Defaults to true.ephemeralContainers  <[]Object>List of ephemeral containers run in this pod. Ephemeral containers may berun in an existing pod to perform user-initiated actions such as debugging.This list cannot be specified when creating a pod, and it cannot bemodified by updating the pod spec. In order to add an ephemeral containerto an existing pod, use the pod's ephemeralcontainers subresource. Thisfield is alpha-level and is only honored by servers that enable theEphemeralContainers feature.hostAliases  <[]Object>HostAliases is an optional list of hosts and IPs that will be injected intothe pod's hosts file if specified. This is only valid for non-hostNetworkpods.hostIPC   <boolean>Use the host's ipc namespace. Optional: Default to false.hostNetwork    <boolean>Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false.hostPID  <boolean>Use the host's pid namespace. Optional: Default to false.hostname   <string>Specifies the hostname of the Pod If not specified, the pod's hostname willbe set to a system-defined value.imagePullSecrets <[]Object>ImagePullSecrets is an optional list of references to secrets in the samenamespace to use for pulling any of the images used by this PodSpec. Ifspecified, these secrets will be passed to individual pullerimplementations for them to use. For example, in the case of docker, onlyDockerConfig type secrets are honored. More info:https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-podinitContainers  <[]Object>List of initialization containers belonging to the pod. Init containers areexecuted in order prior to containers being started. If any init containerfails, the pod is considered to have failed and is handled according to itsrestartPolicy. The name for an init container or normal container must beunique among all containers. Init containers may not have Lifecycleactions, Readiness probes, Liveness probes, or Startup probes. TheresourceRequirements of an init container are taken into account duringscheduling by finding the highest request/limit for each resource type, andthen using the max of of that value or the sum of the normal containers.Limits are applied to init containers in a similar fashion. Init containerscannot currently be added or removed. Cannot be updated. More info:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/nodeName   <string>NodeName is a request to schedule this pod onto a specific node. If it isnon-empty, the scheduler simply schedules this pod onto that node, assumingthat it fits resource requirements.nodeSelector   <map[string]string>NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled onthat node. More info:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/overhead    <map[string]string>Overhead represents the resource overhead associated with running a pod fora given RuntimeClass. This field will be autopopulated at admission time bythe RuntimeClass admission controller. If the RuntimeClass admissioncontroller is enabled, overhead must not be set in Pod create requests. TheRuntimeClass admission controller will reject Pod create requests whichhave the overhead already set. If RuntimeClass is configured and selectedin the PodSpec, Overhead will be set to the value defined in thecorresponding RuntimeClass, otherwise it will remain unset and treated aszero. More info:https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdThis field is beta-level as of Kubernetes v1.18, and is only honored byservers that enable the PodOverhead feature.preemptionPolicy  <string>PreemptionPolicy is the Policy for preempting pods with lower priority. Oneof Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.This field is beta-level, gated by the NonPreemptingPriority feature-gate.priority   <integer>The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName. The higher the value, the higher thepriority.priorityClassName    <string>If specified, indicates the pod's priority. "system-node-critical" and"system-cluster-critical" are two special keywords which indicate thehighest priorities with the former being the highest priority. Any othername must be defined by creating a PriorityClass object with that name. Ifnot specified, the pod priority will be default or zero if there is nodefault.readinessGates    <[]Object>If specified, all readiness gates will be evaluated for pod readiness. Apod is ready when all its containers are ready AND all conditions specifiedin the readiness gates have status equal to "True" More info:https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gatesrestartPolicy <string>Restart policy for all containers within the pod. One of Always, OnFailure,Never. Default to Always. More info:https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policyruntimeClassName   <string>RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group,which should be used to run this pod. If no RuntimeClass resource matchesthe named class, the pod will not be run. If unset or empty, the "legacy"RuntimeClass will be used, which is an implicit class with an emptydefinition that uses the default runtime handler. More info:https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is abeta feature as of Kubernetes v1.14.schedulerName   <string>If specified, the pod will be dispatched by specified scheduler. If notspecified, the pod will be dispatched by default scheduler.securityContext <Object>SecurityContext holds pod-level security attributes and common containersettings. Optional: Defaults to empty. See type description for defaultvalues of each field.serviceAccount    <string>DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.serviceAccountName  <string>ServiceAccountName is the name of the ServiceAccount to use to run thispod. More info:https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/setHostnameAsFQDN    <boolean>If true the pod's hostname will be configured as the pod's FQDN, ratherthan the leaf name (the default). In Linux containers, this means settingthe FQDN in the hostname field of the kernel (the nodename field of structutsname). In Windows containers, this means setting the registry value ofhostname for the registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters toFQDN. If a pod does not have FQDN, this has no effect. Default to false.shareProcessNamespace  <boolean>Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes fromother containers in the same pod, and the first process in each containerwill not be assigned PID 1. HostPID and ShareProcessNamespace cannot bothbe set. Optional: Default to false.subdomain <string>If specified, the fully qualified Pod hostname will be"<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If notspecified, the pod will not have a domainname at all.terminationGracePeriodSeconds   <integer>Optional duration in seconds the pod needs to terminate gracefully. May bedecreased in delete request. Value must be non-negative integer. The valuezero indicates stop immediately via the kill signal (no opportunity to shutdown). If this value is nil, the default grace period will be used instead.The grace period is the duration in seconds after the processes running inthe pod are sent a termination signal and the time when the processes areforcibly halted with a kill signal. Set this value longer than the expectedcleanup time for your process. Defaults to 30 seconds.tolerations    <[]Object>If specified, the pod's tolerations.topologySpreadConstraints  <[]Object>TopologySpreadConstraints describes how a group of pods ought to spreadacross topology domains. Scheduler will schedule pods in a way which abidesby the constraints. All topologySpreadConstraints are ANDed.volumes   <[]Object>List of volumes that can be mounted by containers belonging to the pod.More info: https://kubernetes.io/docs/concepts/storage/volumes

查看 pod 中的status 描述

[root@master01 ~]# kubectl explain pod.status
KIND:     Pod
VERSION:  v1RESOURCE: status <Object>DESCRIPTION:Most recently observed status of the pod. This data may not be up to date.Populated by the system. Read-only. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusPodStatus represents information about the status of a pod. Status maytrail the actual state of a system, especially if the node that hosts thepod cannot contact the control plane.FIELDS:conditions <[]Object>Current service state of pod. More info:https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionscontainerStatuses    <[]Object>The list has one entry per container in the manifest. Each entry iscurrently the output of `docker inspect`. More info:https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-statusephemeralContainerStatuses    <[]Object>Status for any ephemeral containers that have run in this pod. This fieldis alpha-level and is only populated by servers that enable theEphemeralContainers feature.hostIP  <string>IP address of the host to which the pod is assigned. Empty if not yetscheduled.initContainerStatuses  <[]Object>The list has one entry per init container in the manifest. The most recentsuccessful init container will have ready = true, the most recently startedcontainer will have startTime set. More info:https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-statusmessage <string>A human readable message indicating details about why the pod is in thiscondition.nominatedNodeName   <string>nominatedNodeName is set only when this pod preempts other pods on thenode, but it cannot be scheduled right away as preemption victims receivetheir graceful termination periods. This field does not guarantee that thepod will be scheduled on this node. Scheduler may decide to place the podelsewhere if other nodes become available sooner. Scheduler may also decideto give the resources on this node to a higher priority pod that is createdafter preemption. As a result, this field may be different thanPodSpec.nodeName when the pod is scheduled.phase   <string>The phase of a Pod is a simple, high-level summary of where the Pod is inits lifecycle. The conditions array, the reason and message fields, and theindividual container status arrays contain more detail about the pod'sstatus. There are five possible phase values:Pending: The pod has been accepted by the Kubernetes system, but one ormore of the container images has not been created. This includes timebefore being scheduled as well as time spent downloading images over thenetwork, which could take a while. Running: The pod has been bound to anode, and all of the containers have been created. At least one containeris still running, or is in the process of starting or restarting.Succeeded: All containers in the pod have terminated in success, and willnot be restarted. Failed: All containers in the pod have terminated, and atleast one container has terminated in failure. The container either exitedwith non-zero status or was terminated by the system. Unknown: For somereason the state of the pod could not be obtained, typically due to anerror in communicating with the host of the pod.More info:https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phasepodIP <string>IP address allocated to the pod. Routable at least within the cluster.Empty if not yet allocated.podIPs   <[]Object>podIPs holds the IP addresses allocated to the pod. If this field isspecified, the 0th entry must match the podIP field. Pods may be allocatedat most 1 value for each of IPv4 and IPv6. This list is empty if no IPshave been allocated yet.qosClass   <string>The Quality of Service (QOS) classification assigned to the pod based onresource requirements See PodQOSClass type for available QOS classes Moreinfo:https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.mdreason   <string>A brief CamelCase message indicating details about why the pod is in thisstate. e.g. 'Evicted'startTime <string>RFC 3339 date and time at which the object was acknowledged by the Kubelet.This is before the Kubelet pulled the container image(s) for the pod.

引用:
https://kubernetes.io/zh/docs/concepts/workloads/pods/
https://www.cnblogs.com/cocowool/p/kubernetes_pod_detail.html

K8S 之 Pod定义梳理相关推荐

万字长文：K8s 创建 pod 时，背后到底发生了什么？
本文基于 2019 年的一篇文章What happens when ... Kubernetes edition![1]梳理了 K8s 创建 pod(及其 deployment/replicaset) ...
k8s查看pod的yaml文件_【大强哥-k8s从入门到放弃04】Yaml语法解析
依然小福利[Python-零基础入门]2020感谢走进我的生命,Python!(已更新至206集)_哔哩哔哩 (゜-゜)つロ干杯~-bilibiliwww.bilibili.com 一.K8S名称 ...
k8s 查看pod流量_Kubernetes K8S之Pod生命周期与探针检测
K8S中Pod的生命周期与ExecAction.TCPSocketAction和HTTPGetAction探针检测主机配置规划 Pod容器生命周期 Pause容器说明每个Pod里运行着一个特殊的被 ...
k8s查看pod的yaml文件_每天5分钟｜轻松掌握开发工作中必会的k8s-yaml配置说明和常用命令...
在 K8S 中,创建资源有两种方式: 方式一:使用kubectl 命令行,在输入kubectl命令的时候,填上对应的参数优点:方便快捷,一行命令搞定缺点:一行命令太多参数,可读性差,不利于维护方 ...
K8S之pod生命周期
K8S之pod生命周期 Pod的生命周期是通过Replication Controller来管理的.Pod的生命周期过程包括:通过模板进行定义,然后分配到一个Node上运行,在Pod所含容器运行结束后 ...
k8s之pod和pod探针
k8s之pod和探针什么是Pod Pod是Kubernetes中最小的单元,它由一组.一个或多个容器组成,每个Pod还包含了一个Pause容器,Pause容器是Pod的父容器,主要负责僵尸进程的回收 ...
k8s添加pod，k8常用命令,k8s删除pod
一添加pod测试创建deployment kubectl create deployment nginx(pod名称)–image=nginx 创建后查看:kubectl get deployme ...
关于K8s中Pod调度[选择器,指定节点,主机亲和性]方式和节点[coedon,drain,taint]标记的Demo
写在前面嗯,整理K8s中pod调度相关笔记,这里分享给小伙伴博文内容涉及: kube-scheduler组件的简述 Pod的调度(选择器.指定节点.主机亲和性)方式节点的coedon与drain ...
【博客523】k8s修改pod的内核参数以优化服务网络性能
k8s修改pod的内核参数以优化服务网络性能 1.面对高并发场景: TIME_WAIT 连接复用如果短连接并发量较高,它所在 netns 中 TIME_WAIT 状态的连接就比较多,而 TIME_W ...

K8S 之 Pod定义梳理