[k8s] kubelet单组件启动静态pod

kubelet单组件启动静态pod

无需k8s其他组件,单独下载kubelet的二进制,可以启动静态pod.

静态pod不受api管理,kubectl get po可以看到,但是kubectl delete pod 删除后,出去pending状态, 节点容器并没有删除,要想删除,去节点操作kubelet相对应的目录文件

静态pod创建有2中方法: 最常用的配置文件方法,还有http方法.

配置文件形式

- 获取pause镜像787k
docker pull lanny/gcr.io_google_containers_pause-amd64:3.0
docker tag lanny/gcr.io_google_containers_pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0

- 启动kubelet
mkdir -p /root/k8s/manifests
kubelet --allow-privileged=true --pod-manifest-path=/root/k8s/manifests --cluster-dns=10.254.0.2 --cluster-domain=cluster.local --v=2

- manifests静态pod目录下新建busybox-count.yml
[root@n1 ~]# cat /root/k8s/manifests/busybox-count.yml
apiVersion: v1
kind: Pod
metadata:
name: counter
spec:
containers:
- name: count
image: busybox
args: [/bin/sh, -c,
'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']

- 自动启动成功
[root@n1 ~]# docker ps -a
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS               NAMES
bf0d15b72b5e        busybox                                    "/bin/sh -c 'i=0; ..."   4 minutes ago       Up 4 minutes                            k8s_count_counter-n1.ma.com_default_0f4803e09eeb6a864cc007da1ad165f3_0
92d6592d972f        gcr.io/google_containers/pause-amd64:3.0   "/pause"                 4 minutes ago       Up 4 minutes                            k8s_POD_counter-n1.ma.com_default_0f4803e09eeb6a864cc007da1ad165f3_0

- kubelet退出后,pod依旧running
- docker rm容器后,这个容器exit状态,kubelet会重新runing一个容器

- busybox+pause=pod 共享ip协议栈(IP+mac一样)
- pause的ip和mac
[root@n1 ~]# docker inspect 92d6592d972f|grep -i ipaddr
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",

[root@n1 ~]# docker inspect 92d6592d972f|grep -i mac
"MacAddress": "02:42:ac:11:00:02",
"MacAddress": "02:42:ac:11:00:02",

- busybox的ip和mac
[root@n1 ~]# docker exec bf0d15b72b5e ip ad
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
- kubelet启动参数里的dns和域会被注入进去.
[root@n1 ~]# docker exec -it bf0d15b72b5e sh
/ # cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

/ # cat /etc/hosts
172.17.0.2  counter-n1.ma.com
/ #

docker的dns设置

/usr/bin/dockerd --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 --iptables=false --dns 10.233.0.3 --dns 114.114.114.114 --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2

docker run -it --rm busybox
/ # cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local
nameserver 10.233.0.3
nameserver 114.114.114.114

http方式

kubelet会定期向这个url请求yaml,来更新pod

--manifest-url string                                                                                       URL for accessing the container manifest