k8s-pod的容器类型
- [一、init 容器](#一、init 容器)
- [二、pause 容器](#二、pause 容器)
- [三、sidecar 容器](#三、sidecar 容器)
一、init 容器
初始化容器像常规应用容器一样,只有一点不同:初始化容器必须在应用容器启动前运行完成
yaml
[root@k8s-1 pod]# cat init.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app.kubernetes.io/name: MyApp
spec:
containers:
- name: myapp-container
image: busybox:1.28
command: ['sh', '-c', 'echo The app is running! && sleep 3600']
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
- name: init-mydb
image: busybox:1.28
command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"]由于集群中尚未创建 myservice 和 mydb 这两个 Service,导致 nslookup 失败,初始化容器会持续打印 waiting for myservice 并等待
bash
[root@k8s-1 pod]# kubectl apply -f init.yaml
pod/myapp-pod created
[root@k8s-1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 0/1 Init:0/2 0 6s创建service
yaml
[root@k8s-1 pod]# cat service.yaml
---
apiVersion: v1
kind: Service
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9376
---
apiVersion: v1
kind: Service
metadata:
name: mydb
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9377
[root@k8s-1 pod]# kubectl apply -f service.yaml
service/myservice created
service/mydb created
[root@k8s-1 pod]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d1h
mydb ClusterIP 10.99.6.65 <none> 80/TCP 18s
myservice ClusterIP 10.109.68.252 <none> 80/TCP 18s
[root@k8s-1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-pod 1/1 Running 0 7m2s初始化容器检测到服务可用后完成初始化,主容器成功启动并进入运行状态
二、pause 容器
Pause 容器(也称为 "Infra 容器")是每个 Pod 中都会最先创建的一个特殊容器,它不运行任何业务逻辑,而是作为 Pod 中所有容器的 "基础容器",负责为整个 Pod 提供共享的网络命名空间和 PID 命名空间
docker ps 中可以看到很多的 "/pause"
三、sidecar 容器
像主容器的 "副驾驶",与主容器共享 Pod 的网络和存储,提供非业务性的辅助功能,且与主容器同时启动、同时退出
yaml
[root@k8s-1 pod]# cat sidecar-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: counter
spec:
containers:
- name: count
image: busybox:1.28
args:
- /bin/sh
- -c
- >
i=0;
while true;
do
echo "$i: $(date)" >> /var/log/1.log;
echo "$(date) INFO $i" >> /var/log/2.log;
i=$((i+1));
sleep 1;
done
volumeMounts:
- name: varlog
mountPath: /var/log
volumes:
- name: varlog
emptyDir: {}创建仅包含主容器的pod
bash
[root@k8s-1 pod]# kubectl apply -f sidecar-1.yaml
pod/counter created
[root@k8s-1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter 1/1 Running 0 11s
myapp-pod 1/1 Running 0 21m
# 验证
[root@k8s-1 pod]# kubectl exec -it counter -- sh
/ # cd /var/log
/var/log # ls
1.log 2.log添加边车容器
yaml
[root@k8s-1 pod]# cat sidecar-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: counter
spec:
containers:
- name: count
image: busybox:1.28
args:
- /bin/sh
- -c
- >
i=0;
while true;
do
echo "$i: $(date)" >> /var/log/1.log;
echo "$(date) INFO $i" >> /var/log/2.log;
i=$((i+1));
sleep 1;
done
volumeMounts:
- name: varlog
mountPath: /var/log
- name: count-log-1
image: busybox:1.28
args: [/bin/sh, -c, 'tail -n+1 -F /var/log/1.log']
volumeMounts:
- name: varlog
mountPath: /var/log
- name: count-log-2
image: busybox:1.28
args: [/bin/sh, -c, 'tail -n+1 -F /var/log/2.log']
volumeMounts:
- name: varlog
mountPath: /var/log
volumes:
- name: varlog
emptyDir: {}验证功能
bash
[root@k8s-1 pod]# kubectl apply -f sidecar-2.yaml
The Pod "counter" is invalid: spec.containers: Forbidden: pod updates may not add or remove containers
[root@k8s-1 pod]# kubectl delete -f sidecar-1.yaml
pod "counter" deleted
[root@k8s-1 pod]# kubectl apply -f sidecar-2.yaml
pod/counter created
[root@k8s-1 pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter 3/3 Running 0 28s
myapp-pod 1/1 Running 0 26m
[root@k8s-1 pod]# kubectl logs counter count-log-1
0: Thu Sep 18 08:52:35 UTC 2025
1: Thu Sep 18 08:52:36 UTC 2025
2: Thu Sep 18 08:52:37 UTC 2025
3: Thu Sep 18 08:52:38 UTC 2025删除边车容器
删除整个 Pod 后,重新创建不包含该边车容器的新 Pod
或者强制删除
bash
[root@k8s-1 pod]# kubectl delete --grace-period=0 --force -f sidecar-2.yaml
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "counter" force deleted容器重启策略(restartPolicy)
Always总是重启:只要容器终止,就自动重启容器OnFailure失败时重启:仅当容器异常终止(退出码非 0)时,才重启容器Never从不重启:无论容器以何种状态终止,都不重启