k8s核心资源:精简版yaml示例
yaml语法及格式校验
详见:https://www.cnblogs.com/uncleyong/p/15437385.html
创建资源的三种方式
参考:https://www.cnblogs.com/uncleyong/p/15434823.html
方式一:kubectl run、ckubectl create、kubectl expose;不常用,因为如果要写很多参数不方便
kubectl run busybox --image=busybox:1.34 --command -- sleep 3600
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80 kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3 kubectl expose deploy nginx --port=80 --type=NodePort
kubectl get pod,svc
方式二:从标准输入创建
方式三:yaml资源文件
Pod
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80
kubectl get po mynginx -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 172.17.125.54/32
cni.projectcalico.org/podIPs: 172.17.125.54/32
creationTimestamp: "2021-11-26T09:10:44Z"
labels:
run: mynginx
name: mynginx
namespace: default
resourceVersion: "897494"
uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jxn9z
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node01
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-jxn9z
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
lastState: {}
name: mynginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-11-26T09:10:45Z"
hostIP: 192.168.117.162
phase: Running
podIP: 172.17.125.54
podIPs:
- ip: 172.17.125.54
qosClass: BestEffort
startTime: "2021-11-26T09:10:44Z"
tomcat-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat
namespace: default
labels:
app: mytomcat
env: dev
spec:
containers:
- name: tomcat
ports:
- containerPort: 8080
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
nginx-pod.yaml(含对应svc)
apiVersion: v1 # api版本
kind: Pod # 创建的资源类型
metadata: # 元数据
name: nginx # pod的名称
namespace: default # pod所在名称空间
labels: # 下面的标签可以多个
app: mynginx # pod的标签
spec: # pod规格
containers: # 下面的容器可以多个
- name: nginx # pod中容器的名称,用于区分一个pod多个不同容器
ports:
- containerPort: 80 # 容器暴露的端口
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 # 容器使用的镜像
imagePullPolicy: IfNotPresent # 镜像拉取策略
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mynginx
type: NodePort
创建pod:kubectl apply -f nginx-pod.yaml
查看pod:kubectl get po -l app=mynginx
(READY,右侧数字表示pod里面有多少个容器,左侧数字表示正常运行的容器)
kubectl get po -l app=mynginx -owide
(RESTARTS,pod里封装的容器的重启次数)
curl 172.17.125.34
kubectl get svc |grep nginx-pod-svc
curl 10.107.208.14:80,80是上面svc的端口
运行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.34
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
kubectl get po
域名解析:nslookup nginx-pod-svc
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: nginx-pod-svc
Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local
kubectl exec -it busybox -- sh
查看日志:kubectl logs -f nginx
http://192.168.117.161:31192/
Deployment
nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl get deploy |grep nginx
或者:kubectl get deploy -l app=nginx-deploy
查看Replicaset:kubectl get rs |grep nginx
kubectl get po -l app=nginx
Deployment(一个pod多个容器)
nginx-tomcat-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
kubectl apply -f nginx-tomcat-deploy.yaml
kubectl get po
kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh
Service
nginx-deploy-svc
nginx-deploy-svc.yaml,匹配上面的Deployment
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-deploy-svc
name: nginx-deploy-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
kubectl apply -f nginx-deploy-svc.yaml
kubectl get svc -l app=nginx-deploy-svc
curl 10.107.207.129
也可以busybox中验证
kubectl exec -it busybox -- sh
wget http://nginx-deploy-svc
cat index.html
如果是跨名称空间访问(不建议),需要加上名称空间
wget http://nginx-deploy-svc.default
tomcat-svc
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
labels:
app: tomcat-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
type: NodePort
Statefulset
无头svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None # 无头svc
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
ports:
- containerPort: 80
name: web
Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.mytomcat.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
ConfigMap
valueFrom、envFrom
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
env:
- name: ENV_NAME
value: dev
- name: USERNAME
valueFrom:
configMapKeyRef:
name: testcm
key: username
- name: AGE
valueFrom:
configMapKeyRef:
name: testcm
key: age
envFrom:
- configMapRef:
name: testcm2
文件
Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
stringData:
username: admin
password: "123456"
Volumes
emptyDir
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
volumeMounts:
- mountPath: /mnt # 这里也可以写/opt
name: share-volume
volumes:
- name: share-volume
emptyDir: {}
RBAC
RBAC是基于角色的访问控制(Role-Based Access Control)
官网参考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
其它参考:https://www.cnblogs.com/uncleyong/p/15692654.html
基于dashboard做RBAC校验:https://www.cnblogs.com/uncleyong/p/15701535.html
bak:https://www.cnblogs.com/uncleyong/p/15488243.html
原文:https://www.cnblogs.com/uncleyong/p/15571059.html
k8s核心资源:精简版yaml示例的更多相关文章
- k8s核心资源之Pod概念&入门使用讲解(三)
目录 1. k8s核心资源之Pod 1.1 什么是Pod? 1.2 Pod如何管理多个容器? 1.3 Pod网络 1.4 Pod存储 1.5 Pod工作方式 1.5.1 自主式Pod 1.5.2 控制 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- k8s核心资源之namespace与pod污点容忍度生命周期进阶篇(四)
目录 1.命名空间namespace 1.1 什么是命名空间? 1.2 namespace应用场景 1.3 namespacs常用指令 1.4 namespace资源限额 2.标签 2.1 什么是标签 ...
- k8s核心资源之:标签(label)
简介 label是标签的意思,一对 key/value ,被关联到对象上,k8s中的资源对象大都可以打上标签,如Node.Pod.Service 等 一个资源可以绑定任意多个label,k8s 通过 ...
- K8S(02)管理核心资源的三种基本方法
系列文章说明 本系列文章,可以基本算是 老男孩2019年王硕的K8S周末班课程 笔记,根据视频来看本笔记最好,否则有些地方会看不明白 需要视频可以联系我 管理k8s核心资源的三种基本方法: 目录 系列 ...
- K8s容器资源限制
在K8s中定义Pod中运行容器有两个维度的限制: 1. 资源需求:即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod. 如: Pod运行至少需要2G内存,1核CPU 2. 资源限额: ...
- 从零开始入门 K8s| 阿里技术专家详解 K8s 核心概念
作者| 阿里巴巴资深技术专家.CNCF 9个 TCO 之一 李响 一.什么是 Kubernetes Kubernetes,从官方网站上可以看到,它是一个工业级的容器编排平台.Kubernetes 这个 ...
- k8s之资源限制以及探针检查
k8s之资源限制以及探针检查 一.资源限制 1. 资源限制的使用 当定义Pod时可以选择性地为每个容器设定所需要的资源数量.最常见的可设定资源是CPU和内存大小,以及其他类型的资源. 2. reuqe ...
- Vue精简版风格指南
前面的话 Vue官网的风格指南按照优先级(依次为必要.强烈推荐.推荐.谨慎使用)分类,且代码间隔较大,不易查询.本文按照类型分类,并对部分示例或解释进行缩减,是Vue风格指南的精简版 组件名称 [组件 ...
随机推荐
- MATLAB绘图入门
%%%1.运算符:(1).% mean() -->平均值 1.对于一个数组,mean(数组名)则返回均值2.对于一个矩阵,mean(数组名,1或2) 1代表返回矩阵每列的平均值 2代表返回矩阵每 ...
- 《剑指offer》面试题50. 第一个只出现一次的字符
问题描述 在字符串 s 中找出第一个只出现一次的字符.如果没有,返回一个单空格. 示例: s = "abaccdeff" 返回 "b" s = "&q ...
- 极客大挑战2019 http
极客大挑战 http referer 请求头 xff 1.查看源码,发现secret.php 2.提示要把来源改成Sycsecret.buuoj.cn,抓包,添加Referer Referer:htt ...
- 问题记录——BigDecimal保留两位小数及格式化成百分比
1.函数总结 BigDecimal.setScale()方法用于格式化小数点 setScale(1)表示保留一位小数,默认用四舍五入方式 setScale(1,BigDecimal.ROUND_DOW ...
- mate10碎屏机当成小电脑使用尝试
1.屏碎了修起来300-400,自己动手至少也要260以上买个屏幕钱. 手机图案锁屏也不知道密码,给我手机的亲戚忘了.当年手机被车压弯了. 对着恢复教程,盲屏幕猜着按还原了. 2.之后一路从8代系统更 ...
- hbase region, store, storefile和列簇,的关系
先来一张大图. Hbase上Regionserver的内存分为两个部分,一部分作为Memstore,主要用来写:另外一部分作为BlockCache,主要用于读数据:这里主要介绍写数据的部分,即Mems ...
- 近期Android学习
近5天没有更新博客,因为这几天略微放下了python的学习,android这边连带项目比较急迫,先花大约1个星期的时间把重心放在Android,但python肯定还会坚持下去,毕竟连着学了那么久了. ...
- 微服务架构 | 5.1 使用 Netflix Hystrix 断路器
目录 前言 1. Hystrix 基础知识 1.1 Hystrix 断路器强调调用 1.2 两大类别的 Hystrix 实现 1.3 舱壁策略 1.4 Hystrix 在远程资源调用失败时的决策过程 ...
- Arduino+ESP32 之 SD卡读写
背景知识: ESP32有两种使用SD卡的方法,一种是使用SPI接口访问SD卡,另一种是使用SDMMC接口访问SD卡 . Arduino core for the ESP32中SPI方式占用4个IO口, ...
- list概述
1.list概述 list 是一种双向链表.list 的设计更加复杂一点,好处是每次插入或删除一个元素,就配置或释放一个元素,list 对于空间的运用有绝对的精准,一点也不浪费.而且对于任何位置的元素 ...