k8s核心资源:精简版yaml示例
yaml语法及格式校验
详见:https://www.cnblogs.com/uncleyong/p/15437385.html
创建资源的三种方式
参考:https://www.cnblogs.com/uncleyong/p/15434823.html
方式一:kubectl run、ckubectl create、kubectl expose;不常用,因为如果要写很多参数不方便
kubectl run busybox --image=busybox:1.34 --command -- sleep 3600
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80 kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3 kubectl expose deploy nginx --port=80 --type=NodePort
kubectl get pod,svc
方式二:从标准输入创建
方式三:yaml资源文件
Pod
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80
kubectl get po mynginx -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 172.17.125.54/32
cni.projectcalico.org/podIPs: 172.17.125.54/32
creationTimestamp: "2021-11-26T09:10:44Z"
labels:
run: mynginx
name: mynginx
namespace: default
resourceVersion: "897494"
uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jxn9z
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node01
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-jxn9z
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
lastState: {}
name: mynginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-11-26T09:10:45Z"
hostIP: 192.168.117.162
phase: Running
podIP: 172.17.125.54
podIPs:
- ip: 172.17.125.54
qosClass: BestEffort
startTime: "2021-11-26T09:10:44Z"
tomcat-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat
namespace: default
labels:
app: mytomcat
env: dev
spec:
containers:
- name: tomcat
ports:
- containerPort: 8080
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
nginx-pod.yaml(含对应svc)
apiVersion: v1 # api版本
kind: Pod # 创建的资源类型
metadata: # 元数据
name: nginx # pod的名称
namespace: default # pod所在名称空间
labels: # 下面的标签可以多个
app: mynginx # pod的标签
spec: # pod规格
containers: # 下面的容器可以多个
- name: nginx # pod中容器的名称,用于区分一个pod多个不同容器
ports:
- containerPort: 80 # 容器暴露的端口
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 # 容器使用的镜像
imagePullPolicy: IfNotPresent # 镜像拉取策略
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mynginx
type: NodePort
创建pod:kubectl apply -f nginx-pod.yaml
查看pod:kubectl get po -l app=mynginx
(READY,右侧数字表示pod里面有多少个容器,左侧数字表示正常运行的容器)
kubectl get po -l app=mynginx -owide
(RESTARTS,pod里封装的容器的重启次数)
curl 172.17.125.34
kubectl get svc |grep nginx-pod-svc
curl 10.107.208.14:80,80是上面svc的端口
运行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.34
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
kubectl get po
域名解析:nslookup nginx-pod-svc
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: nginx-pod-svc
Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local
kubectl exec -it busybox -- sh
查看日志:kubectl logs -f nginx
http://192.168.117.161:31192/
Deployment
nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl get deploy |grep nginx
或者:kubectl get deploy -l app=nginx-deploy
查看Replicaset:kubectl get rs |grep nginx
kubectl get po -l app=nginx
Deployment(一个pod多个容器)
nginx-tomcat-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
kubectl apply -f nginx-tomcat-deploy.yaml
kubectl get po
kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh
Service
nginx-deploy-svc
nginx-deploy-svc.yaml,匹配上面的Deployment
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-deploy-svc
name: nginx-deploy-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
kubectl apply -f nginx-deploy-svc.yaml
kubectl get svc -l app=nginx-deploy-svc
curl 10.107.207.129
也可以busybox中验证
kubectl exec -it busybox -- sh
wget http://nginx-deploy-svc
cat index.html
如果是跨名称空间访问(不建议),需要加上名称空间
wget http://nginx-deploy-svc.default
tomcat-svc
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
labels:
app: tomcat-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
type: NodePort
Statefulset
无头svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None # 无头svc
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
ports:
- containerPort: 80
name: web
Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.mytomcat.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
ConfigMap
valueFrom、envFrom
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
env:
- name: ENV_NAME
value: dev
- name: USERNAME
valueFrom:
configMapKeyRef:
name: testcm
key: username
- name: AGE
valueFrom:
configMapKeyRef:
name: testcm
key: age
envFrom:
- configMapRef:
name: testcm2
文件
Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
stringData:
username: admin
password: "123456"
Volumes
emptyDir
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
volumeMounts:
- mountPath: /mnt # 这里也可以写/opt
name: share-volume
volumes:
- name: share-volume
emptyDir: {}
RBAC
RBAC是基于角色的访问控制(Role-Based Access Control)
官网参考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
其它参考:https://www.cnblogs.com/uncleyong/p/15692654.html
基于dashboard做RBAC校验:https://www.cnblogs.com/uncleyong/p/15701535.html
bak:https://www.cnblogs.com/uncleyong/p/15488243.html
原文:https://www.cnblogs.com/uncleyong/p/15571059.html
k8s核心资源:精简版yaml示例的更多相关文章
- k8s核心资源之Pod概念&入门使用讲解(三)
目录 1. k8s核心资源之Pod 1.1 什么是Pod? 1.2 Pod如何管理多个容器? 1.3 Pod网络 1.4 Pod存储 1.5 Pod工作方式 1.5.1 自主式Pod 1.5.2 控制 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- k8s核心资源之namespace与pod污点容忍度生命周期进阶篇(四)
目录 1.命名空间namespace 1.1 什么是命名空间? 1.2 namespace应用场景 1.3 namespacs常用指令 1.4 namespace资源限额 2.标签 2.1 什么是标签 ...
- k8s核心资源之:标签(label)
简介 label是标签的意思,一对 key/value ,被关联到对象上,k8s中的资源对象大都可以打上标签,如Node.Pod.Service 等 一个资源可以绑定任意多个label,k8s 通过 ...
- K8S(02)管理核心资源的三种基本方法
系列文章说明 本系列文章,可以基本算是 老男孩2019年王硕的K8S周末班课程 笔记,根据视频来看本笔记最好,否则有些地方会看不明白 需要视频可以联系我 管理k8s核心资源的三种基本方法: 目录 系列 ...
- K8s容器资源限制
在K8s中定义Pod中运行容器有两个维度的限制: 1. 资源需求:即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod. 如: Pod运行至少需要2G内存,1核CPU 2. 资源限额: ...
- 从零开始入门 K8s| 阿里技术专家详解 K8s 核心概念
作者| 阿里巴巴资深技术专家.CNCF 9个 TCO 之一 李响 一.什么是 Kubernetes Kubernetes,从官方网站上可以看到,它是一个工业级的容器编排平台.Kubernetes 这个 ...
- k8s之资源限制以及探针检查
k8s之资源限制以及探针检查 一.资源限制 1. 资源限制的使用 当定义Pod时可以选择性地为每个容器设定所需要的资源数量.最常见的可设定资源是CPU和内存大小,以及其他类型的资源. 2. reuqe ...
- Vue精简版风格指南
前面的话 Vue官网的风格指南按照优先级(依次为必要.强烈推荐.推荐.谨慎使用)分类,且代码间隔较大,不易查询.本文按照类型分类,并对部分示例或解释进行缩减,是Vue风格指南的精简版 组件名称 [组件 ...
随机推荐
- winform 中心旋转 图片旋转
//设置左上角到中心点 g.TranslateTransform(int.Parse(x), int.Parse(y)); //旋转角度 g.RotateTransform(int.Parse(&qu ...
- 【刷题-LeetCode】202. Happy Number
Happy Number Write an algorithm to determine if a number n is "happy". A happy number is a ...
- manjaro20WPS缺少字体
宋体等 sudo pacman -S ttf-wps-fonts Ariel和Times New Roman https://askubuntu.com/questions/651441/how-to ...
- gin框架中集成casbin-权限管理
概念 权限管理几乎是每个系统或者服务都会直接或者间接涉及的部分. 权限管理保障了资源(大部分时候就是数据)的安全, 权限管理一般都是和业务强关联, 每当有新的业务或者业务变化时, 不能将精力完全放在业 ...
- gin中如何自定义中间件
package main import ( "fmt" "github.com/gin-gonic/gin" ) func main() { // 新建一个没有 ...
- java接口应用
1 package face_09; 2 /* 3 * 笔记本电脑使用. 4 * 为了扩展笔记本的功能,但日后出现什么功能设备不知道. 5 * 6 * 定义了一个规则,只要日后出现的设备都符合这个规则 ...
- Windows 下如何查看文件夹被哪个进程所占用
- 人工智能与智能系统1->机器人学1 | 位置与姿态描述
寒假有几项学习计划,其中有一些是为了一些任务而学,最主要的任务是我要在2021_v4的基础上编写2022_v1的大援代码,为此顺便学习一下机器人学的知识(下学期也有这方面的老黄的课程),看看能不能在结 ...
- Arduino+ESP32 之 SD卡读写
背景知识: ESP32有两种使用SD卡的方法,一种是使用SPI接口访问SD卡,另一种是使用SDMMC接口访问SD卡 . Arduino core for the ESP32中SPI方式占用4个IO口, ...
- java多线程中同步的问题?
一.通过模拟网络延迟,解决同步的问题. package com.zxf.demo; public class G01 implements Runnable{ private int num=10; ...