kubernetes基础资源清单练习--All In One
Pod 简单示例
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
version: v1
spec:
containers:
- name: app
image: a.com/library/myapp:v1
Resource Limit
Pod Limit
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- image: nginx:1.27.3
imagePullPolicy: IfNotPresent
name: auth
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "4"
memory: 2Gi
requests:
cpu: 250m
memory: 250Mi
Namespace Limit
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
namespace: spark-cluster
spec:
hard:
pods: "20"
requests.cpu: "20"
requests.memory: 100Gi
limits.cpu: "40"
limits.memory: 200Gi
LimitRange
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
spec:
limits :
- default:
memory: 50Gi
cpu: 5
defaultRequest:
memory: 1Gi
cpu: 1
type: Container
Init Container 简单示例
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: docker.io/library/busybox:1.37.0
command: ['sh', '-c', 'echo The app is Running! && sleep 3600']
initContainers:
- name: init-myservice
image: docker.io/library/busybox:1.37.0
command: ['sh', '-c', 'until nslookup myservice.default.svc.cluster.local; do echo waiting for myservice; sleep 2; done;']
- name: init-mydb
image: docker.io/library/busybox:1.37.0
command: ['sh', '-c', 'until nslookup mydb.default.svc.cluster.local; do echo waiting for mydb; sleep 2; done;']
---
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9187
---
kind: Service
apiVersion: v1
metadata:
name: mydb
spec:
ports:
- protocol: TCP
port: 80
targetPort: 9188
探针-就绪检测
apiVersion: v1
kind: Pod
metadata:
name: readiness-httpget-pod
namespace: default
spec:
containers:
- name: readiness-httpget-container
image: nginx:1.27.3
imagePullPolicy: IfNotPresent
readinessProbe:
httpGet:
port: 80
path: /
initialDelaySeconds: 1
periodSeconds: 3
探针-存活检测
livenessProbe-exec
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec-pod
namespace: default
spec:
containers:
- name: liveness-exec-container
image: docker.io/library/busybox:1.37.0
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","touch /tmp/live ;sleep 60;rm -rf /tmp/live; sleep 3600"]
livenessProbe:
exec:
command: ["test","-e","/tmp/live"]
initialDelaySeconds: 1
periodSeconds: 3
liveness-httpget
apiVersion: v1
kind: Pod
metadata:
name: liveness-httpget-pod
namespace: default
spec:
containers:
- name: liveness-httpget-container
image: nginx:1.27.3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
port: http
path: /
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 10
liveness-tcp
apiVersion: v1
kind: Pod
metadata:
name: probe-tcp
spec:
containers:
- name: nginx
image: nginx:1.27.3
livenessProbe :
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 3
tcpSocket:
port: 80
启动退出动作
apiVersion: v1
kind: Pod
metadata:
name: lifecycle-demo
spec:
containers :
- name: lifecycle--demo-container
image: nginx:1.27.3
lifecycle:
postStart:
exlsec:
command: ["/bin/sh","-c","echo Hello from the poststart handler > /usr/share/message"]
preStop:
exec:
command: ["/bin/sh","-c","echo Hello from the poststop handler > /usr/share/message"]
ReplicaSet
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels :
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.27.3
ports:
- containerPort: 80
Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.27.3
ports:
- containerPort: 80
DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: deamonset-example
labels:
app: daemonset
spec:
selector:
matchLabels:
name: deamonset-example
template:
metadata:
labels:
name: deamonset-example
spec:
containers:
- name: daemonset-example
image: docker.io/library/busybox:1.37.0
command: ["/bin/sh","-c","sleep 3600"]
Job
apiVersion: batch/v1
kind: Job
metadata :
name: job-test
spec:
template:
metadata:
name: job-test
spec:
containers:
- name: job-test
image: docker.io/library/busybox:1.37.0
command: ["/bin/sh","-c","echo 1"]
restartPolicy: Never
CronJob
apiVersion: batch/v1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template :
spec:
containers:
- name: hello
image: docker.io/library/busybox:1.37.0
args:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure
Service
ClusterIP
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: myapp
env: test
template:
metadata:
labels:
app: myapp
env: test
spec:
containers:
- name: myapp
image: nginx:1.27.3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
type: ClusterIP
selector:
app: myapp
env: test
ports:
- name: http
port: 80
targetPort: 80
Headless Service
apiVersion: v1
kind: Service
metadata:
name: myapp-headless
spec:
selector:
app: myapp
clusterIP: "None"
ports:
- port: 80
targetPort: 80
NodePort
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: myapp
env: test
template:
metadata:
labels:
app: myapp
env: test
spec:
containers:
- name: myapp
image: nginx:1.27.3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
type: NodePort
selector:
app: myapp
env: test
ports:
- name: http
port: 80
targetPort: 80
ExternalName
kind: Service
apiVersion: v1
metadata:
name: baidu
spec:
type: ExternalName
externalName: www.baidu.com
Ingress
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
spec:
replicas: 2
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: nginx:1.27.3
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
spec:
selector:
app: myapp
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myservicea
spec:
rules:
- host: myapp.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp-svc
port:
number: 80
ingressClassName: nginx
ConfigMap
env
apiVersion: v1
kind: ConfigMap
metadata:
name: env-config
namespace: default
data:
log_level: INFO
---
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: test-container
image: docker.io/library/busybox:1.37.0
command: ["/bin/sh","-c","env" ]
env:
- name: TEST_NUMBER
valueFrom:
configMapKeyRef:
name: test-config
key: test.number
- name: TEST_NAME
valueFrom:
configMapKeyRef:
name: test-config
key: test.name
envFrom:
- configMapRef:
name: env-config
restartPolicy: Never
volume
apiVersion: v1
kind: configMap
metadata:
name: special-config
data:
special.how: very
special.type: charm
---
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: nginx:1.27.3
command: ["/bin/sh","-c","cat /etc/config/special.how" ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: special-config
restartPolicy: Never
Secret
Opaque
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: cXdlamtxd2plawo=
username: YWRtaW4K
挂载到 volume
apiVersion: v1
kind: Pod
metadata:
labels:
name: secret-test
name: secret-test
spec:
volumes:
- name: secrets
secret:
secretName: mysecret
containers:
- image: nginx:1.27.3
name: db
volumeMounts:
- name: secrets
mountPath: "/etc/secrets"
readOnly: true
导出到 环境变量
apiVersion: apps/v1
kind: Deployment
metadata:
name: pod-deployment
spec:
replicas: 2
selector:
matchLabels:
app: pod-deployment
template:
metadata:
labels:
app: pod-deployment
spec:
containers:
- name: pod-1
image: nginx:1.27.3
ports:
- containerPort: 80
env:
- name: TEST_USER
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: TEST_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
dockerconfigjson
apiVersion: v1
kind: Pod
metadata :
name: test
spec:
containers:
- name: test
image: myharbor.com/testapp:v1
imagePullsecrets:
- name: myregistrykey
Volume
emptyDir
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes :
- name: cache-volume
emptyDir: {}
hostPath
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-conthiner
volumeMounts:
- mountPath: /test-pod
name: test-volume
volumes :
- name: test-volume
hostPath:
path: /data
type: Directory
PV
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfspv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: /nfsdata
server: 192.168.31.151
---
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: "None"
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
selector:
matchLabels:
app: nginx
serviceName: "nginx"
replicas: 1
template:
metadata:
labels :
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.27.3
ports:
- containerPort: 80
name: web
volumeMounts:
- name : www
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "nfs"
resources:
requests:
storage: 1Gi
affinity
nodeAffinity
requiredDuringSchedulingIgnoredDuringExecution
apiVersion: v1
kind: Pod
metadata:
name: affinity
labels :
app: node-affinity-pod
spec:
containers:
- name: with-node-affinity
image: nginx:1.27.3
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: NotIn
values:
- rockylinux9
preferredDuringSchedulingIgnoredDuringExecution
apiVersion: v1
kind: Pod
metadata:
name: affinity
labels :
app: node-affinity-pod
spec:
containers:
- name: with-node-affinity
image: nginx:1.27.3
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- rockylinux9
融合 硬策略 和 软策略
apiVersion: v1
kind: Pod
metadata:
name: affinity
labels :
app: node-affinity-pod
spec:
containers:
- name: with-node-affinity
image: nginx:1.27.3
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: NotIn
values:
- rockylinux9
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- centos7
podAffinity
apiVersion: v1
kind: Pod
metadata:
name: pod-1
labels:
app: pod-1
spec:
containers:
- name: pod-1
image: nginx:1.27.3
---
apiVersion: v1
kind: Pod
metadata:
name: pod-2
labels:
app: pod-2
spec:
containers:
- name: pod-2
image: nginx:1.27.3
affinity:
podAffinity:
requiredDuringschedulingIgnoredDuringExecution:
- labelselector:
matchExpressions:
- key: app
operator: NotIn
values:
- pod-1
topologyKey: kubernetes.io/hostname
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- centos7
topologyKey: kubernetes.io/hostname
Toleration
apiVersion: v1
kind: Pod
metadata:
name: pod-1
labels:
app: pod-1
spec:
containers:
- name: pod-1
image: nginx:1.27.3
tolerations:
- key: "test"
operator: "Equal"
value: "qqaab"
effect: "NoSchedule"
tolerationSeconds: 3600
nodeName
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeName: centos7
containers:
- name: nginx
image: nginx:1.27.3
ports:
- containerPort: 80
nodeSelector
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
osType: rockylinux9
containers:
- name: nginx
image: nginx:1.27.3
ports:
- containerPort: 80
RABC
指定namespace管理员
cat /home/devuser/.kube/devuser-csr.json
{
"CN": "devuser",
"hosts": [],
"keys": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Xiamen",
"L": "Xiamen",
"O": "k8s",
"OU": "System"
}
]
}
# 下载证书生成工具
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/local/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/local/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/local/bin/cfssl-certinfo
cd /etc/kubernetes/pki/
cfssl gencert -ca=ca.crt -ca-key=ca.key -profile=kubernetes /home/devuser/.kube/devuser-csr.json | cfssljson -bare devuser
# 设置集群参数
export KUBE_APISERVER="https://192.168.31.45:6443"
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true
--server=${KUBE_APISERVER} --kubeconfig=devuser.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials devuser --client-certificate=/etc/kubernetes/pki/devuser.pem --client-key=/etc/kubernetes/ssl/devuser-key.pem --embed-certs=true --kubeconfig=devuser.kubeconfig
# 设置上下文参数
kubectl create namespace dev
kubectl config set-context kubernetes
--cluster=kubernetes
--user=devuser
--namespace=dev
--kubeconfig=devuser.kubeconfig
#设置默认上下文
kubectl config use-context kubernetes --kubeconfig=config
cp -f ./devuser.kubeconfig /home/devuser/.kube/config
kubectl create rolebinding devuser-admin-binding --clusterrole=admin --user=devuser --namespace=dev
本文来自博客园,作者:ヾ(o◕∀◕)ノヾ,转载请注明原文链接:https://www.cnblogs.com/Jupiter-blog/p/18647424
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏
· Manus爆火,是硬核还是营销?