遇一山,过一山,处处有风景;只要勇敢向前,一路尽是繁花盛开。 | (点击查看→)【测试干货】python/java自动化、持续集成、性能、测开、简历、笔试面试等

k8s核心资源:精简版yaml示例

yaml语法及格式校验

详见:https://www.cnblogs.com/uncleyong/p/15437385.html

 

创建资源的三种方式

参考:https://www.cnblogs.com/uncleyong/p/15434823.html

方式一:kubectl run、ckubectl create、kubectl expose;不常用,因为如果要写很多参数不方便

kubectl run busybox --image=busybox:1.34 --command -- sleep 3600
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1  --image-pull-policy=IfNotPresent  --port=80

kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3

kubectl expose deploy nginx --port=80 --type=NodePort
kubectl get pod,svc

 

方式二:从标准输入创建

方式三:yaml资源文件

 

Pod

kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1  --image-pull-policy=IfNotPresent  --port=80

 

kubectl get po mynginx -oyaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    cni.projectcalico.org/podIP: 172.17.125.54/32
    cni.projectcalico.org/podIPs: 172.17.125.54/32
  creationTimestamp: "2021-11-26T09:10:44Z"
  labels:
    run: mynginx
  name: mynginx
  namespace: default
  resourceVersion: "897494"
  uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
  containers:
  - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
    imagePullPolicy: IfNotPresent
    name: mynginx
    ports:
    - containerPort: 80
      protocol: TCP
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-jxn9z
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: k8s-node01
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: kube-api-access-jxn9z
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2021-11-26T09:10:44Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2021-11-26T09:10:46Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2021-11-26T09:10:46Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2021-11-26T09:10:44Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
    image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
    imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
    lastState: {}
    name: mynginx
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2021-11-26T09:10:45Z"
  hostIP: 192.168.117.162
  phase: Running
  podIP: 172.17.125.54
  podIPs:
  - ip: 172.17.125.54
  qosClass: BestEffort
  startTime: "2021-11-26T09:10:44Z"

 

tomcat-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: tomcat
  namespace: default
  labels:
    app: mytomcat
    env: dev
spec:
  containers: 
  - name:  tomcat
    ports:
    - containerPort: 8080
    image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
    imagePullPolicy: IfNotPresent

 

nginx-pod.yaml(含对应svc)

1157=14行主要内容

apiVersion: v1  # api版本
kind: Pod  # 创建的资源类型
metadata:  # 元数据
  name: nginx  # pod的名称
  namespace: default  # pod所在名称空间
  labels:  # 下面的标签可以多个
    app: mynginx  # pod的标签
spec:  # pod规格
  containers:  # 下面的容器可以多个
  - name: nginx  # pod中容器的名称,用于区分一个pod多个不同容器
    ports:
    - containerPort: 80  # 容器暴露的端口
    image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1  # 容器使用的镜像
    imagePullPolicy: IfNotPresent  # 镜像拉取策略
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-pod-svc
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: mynginx
  type: NodePort

  

创建pod:kubectl apply -f nginx-pod.yaml

查看pod:kubectl get po -l app=mynginx

(READY,右侧数字表示pod里面有多少个容器,左侧数字表示正常运行的容器)

 

kubectl get po -l app=mynginx -owide

(RESTARTS,pod里封装的容器的重启次数)

 

curl 172.17.125.34

 

kubectl get svc |grep nginx-pod-svc

 

curl 10.107.208.14:80,80是上面svc的端口

 

运行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html

cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox:1.34
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always
EOF

 

kubectl get po

 

域名解析:nslookup nginx-pod-svc

Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      nginx-pod-svc
Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local

 

kubectl exec -it busybox -- sh

 

查看日志:kubectl logs -f nginx

 

http://192.168.117.161:31192/

 

Deployment

nginx-deploy.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - name: http
          containerPort: 80

 

kubectl apply -f nginx-deploy.yaml

 

kubectl get deploy |grep nginx

 

或者:kubectl get deploy -l app=nginx-deploy

 

查看Replicaset:kubectl get rs |grep nginx

 

kubectl get po -l app=nginx

 

Deployment(一个pod多个容器)

nginx-tomcat-deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-tomcat-deploy
  name: nginx-tomcat
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx-tomcat
  template:
    metadata:
      labels:
        app: nginx-tomcat
    spec:
      containers:
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - name: http-nginx
          containerPort: 80
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
        imagePullPolicy: IfNotPresent
        name: tomcat
        ports:
        - name: http-tomcat
          containerPort: 8080

 

kubectl apply -f nginx-tomcat-deploy.yaml

kubectl get po

kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh

 

 

Service

nginx-deploy-svc

nginx-deploy-svc.yaml,匹配上面的Deployment

apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-deploy-svc
  name: nginx-deploy-svc
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: nginx
  type: NodePort

 

kubectl apply -f nginx-deploy-svc.yaml

kubectl get svc -l app=nginx-deploy-svc

 

curl 10.107.207.129

 

也可以busybox中验证

kubectl exec -it busybox -- sh

wget http://nginx-deploy-svc

cat index.html

 

如果是跨名称空间访问(不建议),需要加上名称空间

wget http://nginx-deploy-svc.default

 

tomcat-svc

apiVersion: v1
kind: Service
metadata:
  name: tomcat-svc
  namespace: default
  labels:
    app: tomcat-svc
spec:
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080 
  selector: 
    app: tomcat
  type: NodePort

 

Statefulset

无头svc

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None  # 无头svc
  selector:
    app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx" 
  replicas: 2
  selector: 
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        ports:
        - containerPort: 80
          name: web

 

Daemonset

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        imagePullPolicy: IfNotPresent
        name: nginx

 

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-tomcat
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: www.mytomcat.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: tomcat-svc
            port:
              number: 8080

  

 

ConfigMap

valueFrom、envFrom

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - name: http
          containerPort: 80
        env:
        - name: ENV_NAME
          value: dev
        - name: USERNAME
          valueFrom:
            configMapKeyRef:
              name: testcm
              key: username
        - name: AGE
          valueFrom:
            configMapKeyRef:
              name: testcm
              key: age
        envFrom:
        - configMapRef:
            name: testcm2

 

文件

 

 

Secret

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
stringData:
  username: admin
  password: "123456"

 

Volumes

emptyDir(临时目录)

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-tomcat-deploy
  name: nginx-tomcat
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-tomcat
  template:
    metadata:
      labels:
        app: nginx-tomcat
    spec:
      containers:
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - name: http-nginx
          containerPort: 80
        volumeMounts:
        - mountPath: /opt
          name: share-volume
      - image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
        imagePullPolicy: IfNotPresent
        name: tomcat
        ports:
        - name: http-tomcat
          containerPort: 8080
        volumeMounts:
        - mountPath: /mnt  # 这里也可以写/opt
          name: share-volume
      volumes:
      - name: share-volume
        emptyDir: {}

  

RBAC

RBAC是基于角色的访问控制(Role-Based Access Control)

官网参考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/

其它参考:https://www.cnblogs.com/uncleyong/p/15692654.html

基于dashboard做RBAC校验:https://www.cnblogs.com/uncleyong/p/15701535.html

 

【bak】

原文:https://www.cnblogs.com/uncleyong/p/15571059.html

 

posted @ 2021-11-25 22:03  全栈测试笔记  阅读(3059)  评论(0编辑  收藏  举报
浏览器标题切换
浏览器标题切换end