kubernetes Pod-05 容器初始化

容器初始化

在很多应用场景中，应用在启动之前丢需要进行如下的初始化操作

• 等待其他组件正确运行（例如数据库或者某个后台服务）
• 基于环境变量或配置模板生成配置文件
• 从远程数据库获取本地配置，或者将自身注册到某个中央数据库中
• 下载相关依赖包，或者对系统进行一些预配置操作

init C（初始化容器） 运行一次就结束，并且只有成功了才能继续执行下一个容器。 init C 和 其他容器区别：

• init container的运行方式与应用容器不同，它们必须先于应用容器执行完成，当设置了多个init container时，将按顺序逐个运行，并且只有前一个init container运行成功后才能运行后一个init container。当所有init container都成功运行后，kubernetes才会初始化pod的各种信息，并开始创建和运行应用容器。 在init container的定义中也可以设置资源限制、volume的使用和安全策略等等。但资源限制的设置与应用容器不同：

  • 如果多个init container都定义了资源请求/资源限制，则取最大的值作为所有init container的资源请求值/资源限制值。
  • pod的有效资源请求值/资源限制值取以下二者中的较大值：
    • 所有应用容器的资源请求值/限制值之和
    • init container的有效资源请求值/限制值
  • 调度算法将基于pod的有效资源请求值/限制值进行计算，也就是说init container可以为初始化操作预留系统资源，即使后续应用容器无须使用这些资源。
  • pod的有效QoS等级适用于init container和应用容器。
  • 资源配额和限制将根据pod的有效资源请求/限制，与调度机制一致。

• init container不能设置readinessProbe探针，因为必须在它们成功运行以后才能继续运行pod中定义的普通容器。将pod重启时，init container将会重新运行，常见的pod重启场景如下：

  • init container的镜像被更新时，init container将重新运行，导致pod重启，仅更新应用容器的镜像只会使得应用容器被重启。
  • pod的infrastructure容器更新时，pod将会重启。
  • 或pod中的所有应用容器都终止了，并且RestartPolicy=Always时，则pod将会重启

通过初始化容器为Nginx创建index.html主页文件。设置共享的Volume以供Nginx访问init C 设置的index.html

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  annotations:
spec:
  initContainers:
  - name: install
    image: busybox
    command:
    - wget
    - "-O"
    - "/work-dir/index.html"
    - http://kubernetes.io
    volumeMounts:
    - name: workdir
      mountPath: "/work-dir"
  containers:
  - name: nginx
    image: nginx
    ports:
    - containerPort: 80
    volumeMounts:
    - name: workdir
      mountPath: /usr/share/nginx/html
  dnsPolicy: Default
  volumes:
  - name: workdir
    emptyDir: {}

创建并查看结果

# 创建
kubectl apply -f 25.yaml
# 创建后马上看结果，可以看到init C还没有完成
[root@master1 pod]# kubectl get pod
NAME                     READY   STATUS      RESTARTS   AGE
nginx                    0/1     Init:0/1    0          8s
# 等初始化容器成功后，再查看， 创建成功
[root@master1 pod]# kubectl get pod
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          105s

查看详情

[root@master1 pod]# kubectl describe pod nginx
Name:         nginx
Namespace:    pod-ns
Priority:     0
Node:         node1/192.168.40.182
Start Time:   Mon, 18 Mar 2024 09:36:28 -0400
Labels:       <none>
Annotations:  cni.projectcalico.org/podIP: 10.244.166.159/32
              cni.projectcalico.org/podIPs: 10.244.166.159/32
Status:       Running
IP:           10.244.166.159
IPs:
  IP:  10.244.166.159
Init Containers:
  install:
    Container ID:  docker://52e8ade73bce8b916868afbe5f7029188a3ebb43044f01033f63ff52a32800d0
    Image:         busybox
    Image ID:      docker-pullable://busybox@sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
    Port:          <none>
    Host Port:     <none>
    Command:
      wget
      -O
      /work-dir/index.html
      http://kubernetes.io
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Mon, 18 Mar 2024 09:36:45 -0400
      Finished:     Mon, 18 Mar 2024 09:36:53 -0400
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9p2fw (ro)
      /work-dir from workdir (rw)
Containers:
  nginx:
    Container ID:   docker://af3ef01f84ccafcf005b3fc155dff1893a4212eae79e470bbe3d807fa38e5c54
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 18 Mar 2024 09:37:09 -0400
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /usr/share/nginx/html from workdir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9p2fw (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  workdir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  default-token-9p2fw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-9p2fw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  6m44s  default-scheduler  Successfully assigned pod-ns/nginx to node1
  Normal  Pulling    6m44s  kubelet            Pulling image "busybox"
  Normal  Pulled     6m28s  kubelet            Successfully pulled image "busybox" in 15.84749033s
  Normal  Created    6m28s  kubelet            Created container install
  Normal  Started    6m28s  kubelet            Started container install
  Normal  Pulling    6m19s  kubelet            Pulling image "nginx"
  Normal  Pulled     6m4s   kubelet            Successfully pulled image "nginx" in 15.695593204s
  Normal  Created    6m4s   kubelet            Created container nginx
  Normal  Started    6m4s   kubelet            Started container nginx

查看事件，先创建install容器，也就是init C容器，成功后再创建nginx容器。

进入容器查看详情

[root@master1 pod]# kubectl exec -it nginx -c nginx /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx:/# more /usr/share/nginx/html/index.html
<!doctype html><html lang=en class=no-js><head class=live-site><meta name=robots content="index, follow"><link rel=alternate hreflang=zh-cn href=https://kubernetes.io/zh-cn/><link rel=alternate
hreflang=fr href=https://kubernetes.io/fr/><link rel=alternate hreflang=de href=https://kubernetes.io/de/><link rel=alternate hreflang=hi href=https://kubernetes.io/hi/><link rel=alternate hrefl
ang=id href=https://kubernetes.io/id/><link rel=alternate hreflang=it href=https://kubernetes.io/it/><link rel=alternate hreflang=ja href=https://kubernetes.io/ja/><link rel=alternate hreflang=k
o href=https://kubernetes.io/ko/><link rel=alternate hreflang=pl href=https://kubernetes.io/pl/><link rel=alternate hreflang=pt-br href=https://kubernetes.io/pt-br/><link rel=alternate hreflang=
ru href=https://kubernetes.io/ru/><link rel=alternate hreflang=es href=https://kubernetes.io/es/><link rel=alternate hreflang=uk href=https://kubernetes.io/uk/><link rel=alternate hreflang=vi hr
ef=https://kubernetes.io/vi/><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=generator content="Hugo 0.121.2"><link rel=alternate
 type=application/rss+xml href=https://kubernetes.io/feed.xml><link rel="shortcut icon" type=image/png href=/images/favicon.png><link rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180
.png sizes=180x180><link rel=manifest href=/manifest.webmanifest><link rel=apple-touch-icon href=/images/kubernetes-192x192.png><title>Kubernetes</title><meta property="og:title" content="Produc
tion-Grade Container Orchestration">
......
</body></html>