k8s核心资源:精简版yaml示例
yaml语法及格式校验
详见:https://www.cnblogs.com/uncleyong/p/15437385.html
创建资源的三种方式
参考:https://www.cnblogs.com/uncleyong/p/15434823.html
方式一:kubectl run、ckubectl create、kubectl expose;不常用,因为如果要写很多参数不方便
kubectl run busybox --image=busybox:1.34 --command -- sleep 3600
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80 kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3 kubectl expose deploy nginx --port=80 --type=NodePort
kubectl get pod,svc
方式二:从标准输入创建
方式三:yaml资源文件
Pod
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80
kubectl get po mynginx -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 172.17.125.54/32
cni.projectcalico.org/podIPs: 172.17.125.54/32
creationTimestamp: "2021-11-26T09:10:44Z"
labels:
run: mynginx
name: mynginx
namespace: default
resourceVersion: "897494"
uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jxn9z
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node01
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-jxn9z
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
lastState: {}
name: mynginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-11-26T09:10:45Z"
hostIP: 192.168.117.162
phase: Running
podIP: 172.17.125.54
podIPs:
- ip: 172.17.125.54
qosClass: BestEffort
startTime: "2021-11-26T09:10:44Z"
tomcat-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat
namespace: default
labels:
app: mytomcat
env: dev
spec:
containers:
- name: tomcat
ports:
- containerPort: 8080
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
nginx-pod.yaml(含对应svc)
apiVersion: v1 # api版本
kind: Pod # 创建的资源类型
metadata: # 元数据
name: nginx # pod的名称
namespace: default # pod所在名称空间
labels: # 下面的标签可以多个
app: mynginx # pod的标签
spec: # pod规格
containers: # 下面的容器可以多个
- name: nginx # pod中容器的名称,用于区分一个pod多个不同容器
ports:
- containerPort: 80 # 容器暴露的端口
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 # 容器使用的镜像
imagePullPolicy: IfNotPresent # 镜像拉取策略
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mynginx
type: NodePort
创建pod:kubectl apply -f nginx-pod.yaml
查看pod:kubectl get po -l app=mynginx
(READY,右侧数字表示pod里面有多少个容器,左侧数字表示正常运行的容器)
kubectl get po -l app=mynginx -owide
(RESTARTS,pod里封装的容器的重启次数)
curl 172.17.125.34
kubectl get svc |grep nginx-pod-svc
curl 10.107.208.14:80,80是上面svc的端口
运行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.34
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
kubectl get po
域名解析:nslookup nginx-pod-svc
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: nginx-pod-svc
Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local
kubectl exec -it busybox -- sh
查看日志:kubectl logs -f nginx
http://192.168.117.161:31192/
Deployment
nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl get deploy |grep nginx
或者:kubectl get deploy -l app=nginx-deploy
查看Replicaset:kubectl get rs |grep nginx
kubectl get po -l app=nginx
Deployment(一个pod多个容器)
nginx-tomcat-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
kubectl apply -f nginx-tomcat-deploy.yaml
kubectl get po
kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh
Service
nginx-deploy-svc
nginx-deploy-svc.yaml,匹配上面的Deployment
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-deploy-svc
name: nginx-deploy-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
kubectl apply -f nginx-deploy-svc.yaml
kubectl get svc -l app=nginx-deploy-svc
curl 10.107.207.129
也可以busybox中验证
kubectl exec -it busybox -- sh
wget http://nginx-deploy-svc
cat index.html
如果是跨名称空间访问(不建议),需要加上名称空间
wget http://nginx-deploy-svc.default
tomcat-svc
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
labels:
app: tomcat-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
type: NodePort
Statefulset
无头svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None # 无头svc
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
ports:
- containerPort: 80
name: web
Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.mytomcat.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
ConfigMap
valueFrom、envFrom
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
env:
- name: ENV_NAME
value: dev
- name: USERNAME
valueFrom:
configMapKeyRef:
name: testcm
key: username
- name: AGE
valueFrom:
configMapKeyRef:
name: testcm
key: age
envFrom:
- configMapRef:
name: testcm2
文件
Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
stringData:
username: admin
password: "123456"
Volumes
emptyDir
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
volumeMounts:
- mountPath: /mnt # 这里也可以写/opt
name: share-volume
volumes:
- name: share-volume
emptyDir: {}
RBAC
RBAC是基于角色的访问控制(Role-Based Access Control)
官网参考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
其它参考:https://www.cnblogs.com/uncleyong/p/15692654.html
基于dashboard做RBAC校验:https://www.cnblogs.com/uncleyong/p/15701535.html
bak:https://www.cnblogs.com/uncleyong/p/15488243.html
原文:https://www.cnblogs.com/uncleyong/p/15571059.html
k8s核心资源:精简版yaml示例的更多相关文章
- k8s核心资源之Pod概念&入门使用讲解(三)
目录 1. k8s核心资源之Pod 1.1 什么是Pod? 1.2 Pod如何管理多个容器? 1.3 Pod网络 1.4 Pod存储 1.5 Pod工作方式 1.5.1 自主式Pod 1.5.2 控制 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- k8s核心资源之namespace与pod污点容忍度生命周期进阶篇(四)
目录 1.命名空间namespace 1.1 什么是命名空间? 1.2 namespace应用场景 1.3 namespacs常用指令 1.4 namespace资源限额 2.标签 2.1 什么是标签 ...
- k8s核心资源之:标签(label)
简介 label是标签的意思,一对 key/value ,被关联到对象上,k8s中的资源对象大都可以打上标签,如Node.Pod.Service 等 一个资源可以绑定任意多个label,k8s 通过 ...
- K8S(02)管理核心资源的三种基本方法
系列文章说明 本系列文章,可以基本算是 老男孩2019年王硕的K8S周末班课程 笔记,根据视频来看本笔记最好,否则有些地方会看不明白 需要视频可以联系我 管理k8s核心资源的三种基本方法: 目录 系列 ...
- K8s容器资源限制
在K8s中定义Pod中运行容器有两个维度的限制: 1. 资源需求:即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod. 如: Pod运行至少需要2G内存,1核CPU 2. 资源限额: ...
- 从零开始入门 K8s| 阿里技术专家详解 K8s 核心概念
作者| 阿里巴巴资深技术专家.CNCF 9个 TCO 之一 李响 一.什么是 Kubernetes Kubernetes,从官方网站上可以看到,它是一个工业级的容器编排平台.Kubernetes 这个 ...
- k8s之资源限制以及探针检查
k8s之资源限制以及探针检查 一.资源限制 1. 资源限制的使用 当定义Pod时可以选择性地为每个容器设定所需要的资源数量.最常见的可设定资源是CPU和内存大小,以及其他类型的资源. 2. reuqe ...
- Vue精简版风格指南
前面的话 Vue官网的风格指南按照优先级(依次为必要.强烈推荐.推荐.谨慎使用)分类,且代码间隔较大,不易查询.本文按照类型分类,并对部分示例或解释进行缩减,是Vue风格指南的精简版 组件名称 [组件 ...
随机推荐
- 新手如何入门linux,linux原来还可以这么学
前言 在这个只有cangls和小白两人的小房间中,展开了一次关于学习方法的讨论. 小白:cangls啊,我想请教一个问题,您是如何记住那么多linux命令的. cangls:我啊,别人都看我的小电影, ...
- atan2(y,x)和pow(x,y)
atan2(y,x): 函数atan2(y, x)是4象限反正切,求的是y/x的反正切,其返回值为[-π,+π]之间的一个数.它的取值不仅取决于正切值y/x,还取决于点 (x, y) 落入哪个象限: ...
- http头文件
http 文件头详解 HTTP(HyperTextTransferProtocol)是超文本传输协议的缩写, 它用于传送WWW方式的数据,关于HTTP协议的详细内容请参考RFC2616.HTTP协议采 ...
- python15day
昨日回顾 装饰器:完美的呈现了开放封闭原则.本质:闭包. def wrapper(f): def inner(*args,**kwargs): '''在执行被装饰函数之前,想写什么代码写什么代码''' ...
- Kubernetes的Resource和Dashboard(十三)
一.Resource和Dashboard 1.1.Resource 因为K8S的最小操作单元是Pod,所以这里主要讨论的是Pod的资源 官网:https://kubernetes.io/docs/co ...
- linux 常用命令。
/* Linux常用命令? 1 查看 ls 展示当前目录下的可见文件 ls -a 展示当前目录下所有的文件(包括隐藏的文件) ls -l(ll) ...
- vite搭建vue项目-集成别名@、router、vuex、scss就是这样简单
为什么要使用vite 当我们开始构建越来越大型的应用时, 需要处理的 JavaScript 代码量也呈指数级增长. 包含数千个模块的大型项目相当普遍. 这个时候我们会遇见性能瓶颈 使用 JavaScr ...
- 汉字编码(【Unicode】 【UTF-8】 【Unicode与UTF-8之间的转换】 【汉字 Unicode 编码范围】【中文标点Unicode码】【GBK编码】【批量获取汉字UNICODE码】)
Unicode与UTF-8互转(C语言实现):http://blog.csdn.net/tge7618291/article/details/7599902 汉字 Unicode 编码范围:http: ...
- 设置鼠标光标与页面favicon
鼠标光标 body{cursor: url('http://image.XXXX.com/ii.png'),default;} 2. favicon <link rel="shortc ...
- homestead 入坑安装
1.在使用 Homestead 之前,需要先安装 Virtual Box.VMWare.Parallels 或 Hyper-V (四选一,我们通常选择 VirtualBox,因为只有它是免费的)以及 ...