k8s核心资源:精简版yaml示例
yaml语法及格式校验
详见:https://www.cnblogs.com/uncleyong/p/15437385.html
创建资源的三种方式
参考:https://www.cnblogs.com/uncleyong/p/15434823.html
方式一:kubectl run、ckubectl create、kubectl expose;不常用,因为如果要写很多参数不方便
kubectl run busybox --image=busybox:1.34 --command -- sleep 3600
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80 kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3 kubectl expose deploy nginx --port=80 --type=NodePort
kubectl get pod,svc
方式二:从标准输入创建
方式三:yaml资源文件
Pod
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80
kubectl get po mynginx -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 172.17.125.54/32
cni.projectcalico.org/podIPs: 172.17.125.54/32
creationTimestamp: "2021-11-26T09:10:44Z"
labels:
run: mynginx
name: mynginx
namespace: default
resourceVersion: "897494"
uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jxn9z
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node01
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-jxn9z
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
lastState: {}
name: mynginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-11-26T09:10:45Z"
hostIP: 192.168.117.162
phase: Running
podIP: 172.17.125.54
podIPs:
- ip: 172.17.125.54
qosClass: BestEffort
startTime: "2021-11-26T09:10:44Z"
tomcat-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat
namespace: default
labels:
app: mytomcat
env: dev
spec:
containers:
- name: tomcat
ports:
- containerPort: 8080
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
nginx-pod.yaml(含对应svc)
apiVersion: v1 # api版本
kind: Pod # 创建的资源类型
metadata: # 元数据
name: nginx # pod的名称
namespace: default # pod所在名称空间
labels: # 下面的标签可以多个
app: mynginx # pod的标签
spec: # pod规格
containers: # 下面的容器可以多个
- name: nginx # pod中容器的名称,用于区分一个pod多个不同容器
ports:
- containerPort: 80 # 容器暴露的端口
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 # 容器使用的镜像
imagePullPolicy: IfNotPresent # 镜像拉取策略
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mynginx
type: NodePort
创建pod:kubectl apply -f nginx-pod.yaml
查看pod:kubectl get po -l app=mynginx
(READY,右侧数字表示pod里面有多少个容器,左侧数字表示正常运行的容器)
kubectl get po -l app=mynginx -owide
(RESTARTS,pod里封装的容器的重启次数)
curl 172.17.125.34
kubectl get svc |grep nginx-pod-svc
curl 10.107.208.14:80,80是上面svc的端口
运行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.34
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
kubectl get po
域名解析:nslookup nginx-pod-svc
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: nginx-pod-svc
Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local
kubectl exec -it busybox -- sh
查看日志:kubectl logs -f nginx
http://192.168.117.161:31192/
Deployment
nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl get deploy |grep nginx
或者:kubectl get deploy -l app=nginx-deploy
查看Replicaset:kubectl get rs |grep nginx
kubectl get po -l app=nginx
Deployment(一个pod多个容器)
nginx-tomcat-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
kubectl apply -f nginx-tomcat-deploy.yaml
kubectl get po
kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh
Service
nginx-deploy-svc
nginx-deploy-svc.yaml,匹配上面的Deployment
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-deploy-svc
name: nginx-deploy-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
kubectl apply -f nginx-deploy-svc.yaml
kubectl get svc -l app=nginx-deploy-svc
curl 10.107.207.129
也可以busybox中验证
kubectl exec -it busybox -- sh
wget http://nginx-deploy-svc
cat index.html
如果是跨名称空间访问(不建议),需要加上名称空间
wget http://nginx-deploy-svc.default
tomcat-svc
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
labels:
app: tomcat-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
type: NodePort
Statefulset
无头svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None # 无头svc
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
ports:
- containerPort: 80
name: web
Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.mytomcat.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
ConfigMap
valueFrom、envFrom
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
env:
- name: ENV_NAME
value: dev
- name: USERNAME
valueFrom:
configMapKeyRef:
name: testcm
key: username
- name: AGE
valueFrom:
configMapKeyRef:
name: testcm
key: age
envFrom:
- configMapRef:
name: testcm2
文件
Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
stringData:
username: admin
password: "123456"
Volumes
emptyDir
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
volumeMounts:
- mountPath: /mnt # 这里也可以写/opt
name: share-volume
volumes:
- name: share-volume
emptyDir: {}
RBAC
RBAC是基于角色的访问控制(Role-Based Access Control)
官网参考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
其它参考:https://www.cnblogs.com/uncleyong/p/15692654.html
基于dashboard做RBAC校验:https://www.cnblogs.com/uncleyong/p/15701535.html
bak:https://www.cnblogs.com/uncleyong/p/15488243.html
原文:https://www.cnblogs.com/uncleyong/p/15571059.html
k8s核心资源:精简版yaml示例的更多相关文章
- k8s核心资源之Pod概念&入门使用讲解(三)
目录 1. k8s核心资源之Pod 1.1 什么是Pod? 1.2 Pod如何管理多个容器? 1.3 Pod网络 1.4 Pod存储 1.5 Pod工作方式 1.5.1 自主式Pod 1.5.2 控制 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- k8s核心资源之namespace与pod污点容忍度生命周期进阶篇(四)
目录 1.命名空间namespace 1.1 什么是命名空间? 1.2 namespace应用场景 1.3 namespacs常用指令 1.4 namespace资源限额 2.标签 2.1 什么是标签 ...
- k8s核心资源之:标签(label)
简介 label是标签的意思,一对 key/value ,被关联到对象上,k8s中的资源对象大都可以打上标签,如Node.Pod.Service 等 一个资源可以绑定任意多个label,k8s 通过 ...
- K8S(02)管理核心资源的三种基本方法
系列文章说明 本系列文章,可以基本算是 老男孩2019年王硕的K8S周末班课程 笔记,根据视频来看本笔记最好,否则有些地方会看不明白 需要视频可以联系我 管理k8s核心资源的三种基本方法: 目录 系列 ...
- K8s容器资源限制
在K8s中定义Pod中运行容器有两个维度的限制: 1. 资源需求:即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod. 如: Pod运行至少需要2G内存,1核CPU 2. 资源限额: ...
- 从零开始入门 K8s| 阿里技术专家详解 K8s 核心概念
作者| 阿里巴巴资深技术专家.CNCF 9个 TCO 之一 李响 一.什么是 Kubernetes Kubernetes,从官方网站上可以看到,它是一个工业级的容器编排平台.Kubernetes 这个 ...
- k8s之资源限制以及探针检查
k8s之资源限制以及探针检查 一.资源限制 1. 资源限制的使用 当定义Pod时可以选择性地为每个容器设定所需要的资源数量.最常见的可设定资源是CPU和内存大小,以及其他类型的资源. 2. reuqe ...
- Vue精简版风格指南
前面的话 Vue官网的风格指南按照优先级(依次为必要.强烈推荐.推荐.谨慎使用)分类,且代码间隔较大,不易查询.本文按照类型分类,并对部分示例或解释进行缩减,是Vue风格指南的精简版 组件名称 [组件 ...
随机推荐
- 华为联运游戏审核驳回:在未安装或需更新HMS Core的手机上,提示安装,点击取消后,游戏卡屏(集成的6.1.0.301版本游戏SDK)
问题描述 更新游戏SDK到6.1.0.301版本之后,游戏包被审核驳回:在未安装或需更新华为移动服务版本(HMS Core)的手机上,提示安装华为移动服务(HMS Core),点击取消,游戏卡屏.修改 ...
- Android开发-主要的dialog
dialog是弹出式窗口,点击后会以窗口的形式弹出 主要有添加备注,日历选择等,通过设置事件监听,将dialog弹出来 package com.example.Utils.fragment; impo ...
- JavaScript之ES6常用新特性
参考:https://www.jianshu.com/p/ac1787f6c50f 变量声明:const 与 let const:常量,必须初始化值 let:变量 格式:const 变量A = & ...
- 初识 oracle!
/** * 一.oracle的简介? * 1.是一个关系型数据库,强大! * * 软件名 开发商 用途 * * oracle oracle 专门的软件公司 收费!1.连接的用户数,2.服务器的cpu的 ...
- 如何在 VS Code 中为 Java 类生成序列化版本号
前言 IDEA 提供自动生成序列化版本号的功能,其实 VS Code 也可以,只是默认关闭了这个功能,下面就来看看如何开启这个功能吧. 配置过程 首先需要保证 VS Code 上安装了提供 Java ...
- 【第十三期】B站后端开发实习生一、二面经
写在最前:非科班渣硕去年转码一年,不是什么大佬,纯小白(go语言开发). 一面(大概70min) 首先是自我介绍.(比较传统,就是描述下自己的技术栈) 线程和进程的关系. 线程之间如何进行通信. 死锁 ...
- 使用Maven导入MySQL驱动包遇到的问题
问题描述 今天在使用Maven导入MySQL数据库驱动包依赖后,直接运行项目,出现错误. java.sql.SQLException: No suitable driver found for jdb ...
- ARC和MRC兼容和转换
1.ARC模式下如何兼容非ARC的类 转变为非ARC -fno-objc-arc 转变为ARC的, -f-objc-arc (不常用) 2.如何将MRC转换为ARC
- Sping高质量博文链接集合
1. Spring事务传播行为详解 https://segmentfault.com/a/1190000013341344
- MySQL MHA 高可用集群部署及故障切换
MySQL MHA 高可用集群部署及故障切换 1.概念 2.搭建MySQL + MHA 1.概念: a)MHA概念 : MHA(MasterHigh Availability)是一套优秀的MySQL高 ...