概述
该文档记录将Daemonset资源暴露端口到宿主机时操作的注意事项,基于1.26版本
操作
- daemonset yaml中指定需要暴露的端口,containerport为容器服务端口,hostport为宿主机端口,两个端口号必须要保持一致
ports:
- name: http
containerPort: 9256
hostPort: 9256
protocol: TCP
- 要开启 hostNetwork 功能,让 POD 能够使用宿主机的网络,这个配置与 containers 配置同级
hostNetwork: true
示例
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/instance: process-exporter-gray
env: gray
name: process-exporter
name: process-exporter
namespace: gray
spec:
minReadySeconds: 10
revisionHistoryLimit: 10
selector:
matchLabels:
env: gray
name: process-exporter
template:
metadata:
creationTimestamp: null
labels:
env: gray
name: process-exporter
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cronjob
operator: In
values:
- 'true'
containers:
- env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: >-
test/process-exporter:v0.8.2
imagePullPolicy: Always
name: process-exporter
ports:
- containerPort: 9256
hostPort: 9256
name: http
protocol: TCP
resources:
limits:
cpu: '1'
memory: 2Gi
requests:
cpu: 200m
memory: 1Gi
securityContext:
capabilities:
add:
- SYS_PTRACE
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/proc
name: proc
readOnly: true
- mountPath: /app/conf
name: process-exporter-config
dnsPolicy: ClusterFirst
hostNetwork: true
imagePullSecrets:
- name: gray-reg-secret
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
key: cronjob
operator: Equal
value: 'true'
volumes:
- hostPath:
path: /proc
type: ''
name: proc
- configMap:
defaultMode: 420
name: process-exporter-configmap
name: process-exporter-config
