k8s之yaml文件詳解
目錄
1. k8s支持的文件格式
Kubernetes支持YAML和JSON格式管理資源對象
JSON格式:主要用於api接口之間消息的傳遞
YAML格式:用於配置和管理,YAML是一種簡潔的非標記性語言,內容格式人性化,較易讀
2. YAML語言格式
● 大小寫敏感
● 使用縮進表示層級關系
● 不支持Tab鍵制表符縮進,只使用空格縮進
● 縮進的空格數目不重要,只要相同層級的元素左側對齊即可,通常開頭縮進兩個空格
● 符號字符后縮進一個空格,如冒號,逗號,短橫杠(-)等
● “---”表示YAML格式,一個文件的開始,用於分隔文件
● “#”表示注釋
3. 查看api資源版本標簽
kubectl api-versions
[root@master ~]# kubectl api-versions
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
apps/v1beta1
apps/v1beta2
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
如果是業務場景,一般首選使用apps/v1(apps/v1從v1.9版本開始提供API)。
在k8s v1.16版本之前使用的是extensions/v1beta1,extensions/v1beta1從v1.20版本開始不再提供Ingress資源。
帶有beta字樣的代表的是測試版本,不用在生產環境中。
4. 編寫nginx-test.yaml資源配置清單
4.1 編寫資源配置清單
[root@master ~]# mkdir /opt/test
[root@master ~]# cd !$
cd /opt/test
[root@master test]# vim nginx-test.yaml
#指定api版本標簽
apiVersion: apps/v1
#定義資源的類型/角色,deployment為副本控制器
#此處資源類型可以是Deployment、Job、Ingress、Service等
kind: Deployment
#定義資源的元數據信息,比如資源的名稱、namespace、標簽等信息
metadata:
#定義資源的名稱,在同一個namespace空間中必須是唯一的
name: nginx-test
lables:
app: nginx
#定義deployment資源需要的參數屬性,諸如是否在容器失敗時重新啟動容器的屬性
spec:
#定義副本數量
replicas: 3
#定義標簽選擇器
selector:
#定義匹配標簽
matchLabels:
#需與后面的.spec.template.metadata.labels定義的標簽保持一致
app: nginx
#定義業務模板,如果有多個副本,所有副本的屬性會按照模板的相關配置進行匹配
template:
metadata:
#定義Pod副本將使用的標簽,需與前面的.spec.selector.matchLabels定義的標簽保持一致
labels:
app: nginx
spec:
#定義容器屬性
containers:
#定義一個容器名,一個-name:定義一個容器
- name: nginx
#定義容器使用的鏡像以及版本
image: nginx:1.15.4
ports:
#定義容器對外的端口
- containerPort: 80
4.2 創建資源對象
kubectl create -f nginx-test.yaml
[root@master test]# kubectl create -f nginx-test.yaml
deployment.apps/nginx-test created
4.3 查看創建的pod資源
kubectl get pods -o wide
[root@master test]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-9b644dcd5-fdvn6 0/1 ContainerCreating 0 4s <none> node02 <none> <none>
nginx-test-9b644dcd5-j6cv7 0/1 ContainerCreating 0 4s <none> node01 <none> <none>
nginx-test-9b644dcd5-pwrt2 0/1 ContainerCreating 0 4s <none> node02 <none> <none>
5. 創建service服務對外提供訪問並測試
5.1 編寫nginx-svc-test.yaml
[root@master test]# vim nginx-svc-test.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
#此處定義的selector要與deployment所定義的selector相同
#service依靠標簽選擇器來檢索提供服務的nodes
app: nginx
5.2 創建資源對象
kubectl create -f nginx-svc-test.yaml
[root@master test]# kubectl create -f nginx-svc-test.yaml
service/nginx-svc created
5.3 查看創建的service
kubectl get svc
[root@master test]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 28h
nginx-svc NodePort 10.1.101.27 <none> 80:32421/TCP 5s
5.4 訪問測試
在瀏覽器輸入nodeIP:nodePort即可訪問
curl 192.168.122.11:32421
[root@master test]# curl 192.168.122.11:32421
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
curl 192.168.122.12:32421
[root@master test]# curl 192.168.122.12:32421
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
6. 詳解k8s中的port
● port
port是k8s集群內部訪問service的端口,即通過clusterIP:port可以從Pod所在的Node上訪問到service
● nodePort
nodePort是外部訪問k8s集群中service的端口,通過nodeIP:nodePort可以從外部訪問到某個service
● targetPort
targetPort是Pod的端口,從port或nodePort來的流量經過kube-proxy反向代理負載均衡轉發到后端Pod的targetPort上,最后進入容器。
● containerPort
containerPort是Pod內部容器的端口,targetPort映射到containerPort。
7. 試運行生成yaml模板后創建實例
7.1 --dry-run:試運行
kubectl run --dry-run打印相應的API對象而不執行創建
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run
[root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/dryrun-test created (dry run)
[root@master test]# kubectl get pod,deploy
No resources found.
--dry-run表示試運行,不真正執行命令(測試命令是否正確),即並不會真的創建出pod和deployment實例,去掉該參數后即可真正執行命令。
7.2 查看生成yaml格式
使用--dry-run試運行可不觸發生成命令,然后通過-o yaml可實現對其yaml資源配置清單的查看
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml
[root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
run: dryrun-test
name: dryrun-test
spec:
replicas: 3
selector:
matchLabels:
run: dryrun-test
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
name: dryrun-test
ports:
- containerPort: 80
resources: {}
status: {}
7.3 查看生成json格式
同理,可通過-o json查看該命令產生的json配置清單
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o json
[root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o json
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
{
"kind": "Deployment",
"apiVersion": "apps/v1",
"metadata": {
"name": "dryrun-test",
"creationTimestamp": null,
"labels": {
"run": "dryrun-test"
}
},
"spec": {
"replicas": 3,
"selector": {
"matchLabels": {
"run": "dryrun-test"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"run": "dryrun-test"
}
},
"spec": {
"containers": [
{
"name": "dryrun-test",
"image": "nginx",
"ports": [
{
"containerPort": 80
}
],
"resources": {}
}
]
}
},
"strategy": {}
},
"status": {}
}
7.4 yaml和json的主要區別
● YAML使用空格縮進,這是Python開發人員熟悉的領域。
● JavaScript開發人員喜歡JSON,因為它是JavaScript的一個子集,可以直接在JavaScript中解釋和編寫,同時使用簡寫方式聲明JSON,在使用沒有空格的典型變量名時,不需要鍵中的雙引號。
● 有很多解析器在YAML和JSON的所有語言中都能很好地工作。
● 在許多情況下,YAML的空白格式可以更容易查看,因為格式化需要更人性化的方法。
● 如果您的編輯器中沒有空格可見或縮進線指示符,那么YAML的空白雖然更緊湊,更容易查看,但可能難以手動編輯。
● JSON的序列化和反序列化要快得多,因為要檢查的功能明顯少於YAML,這使得更小更輕的代碼能夠處理JSON。
● 一個常見的誤解是YAML需要較少的標點符號並且比JSON更緊湊,但這完全是錯誤的。空格是不可見的,所以看起來字符較少,但是如果你計算實際的空格是必要的,以便正確解釋YAML以及正確的縮進,你會發現YAML實際上需要比JSON更多的字符。JSON不使用空格來表示層次結構或分組,並且可以通過刪除不必要的空格來輕松展平,以實現更緊湊的傳輸。
7.5 使用yaml格式導出生成模板
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml
[root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
[root@master test]# ls
dryrun-test.yaml nginx-svc-test.yaml nginx-test.yaml
7.6 刪除一些不必要的參數
[root@master test]# vim dryrun-test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
#刪除下行
creationTimestamp: null
labels:
run: dryrun-test
name: dryrun-test
spec:
replicas: 3
selector:
matchLabels:
run: dryrun-test
#刪除下行
strategy: {}
template:
metadata:
#刪除下行
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
name: dryrun-test
ports:
- containerPort: 80
#刪除下行
resources: {}
#刪除下行
status: {}
7.7 使用yaml模板創建實例
kubectl apply -f dryrun-test.yaml
[root@master test]# kubectl apply -f dryrun-test.yaml
deployment.apps/dryrun-test created
[root@master test]# kubectl get pod,deploy
NAME READY STATUS RESTARTS AGE
pod/dryrun-test-6c4ddc89bd-25lcm 1/1 Running 0 39s
pod/dryrun-test-6c4ddc89bd-bbsnm 1/1 Running 0 39s
pod/dryrun-test-6c4ddc89bd-rnmjk 1/1 Running 0 39s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.extensions/dryrun-test 3/3 3 3 39s
8. 將現有資源生成yaml模板導出並保存為文件
8.1 --expose:查看現有資源的yaml配置清單
kubectl get deploy dryrun-test --export -o yaml
[root@master test]# kubectl get deploy dryrun-test --export -o yaml
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"run":"dryrun-test"},"name":"dryrun-test","namespace":"default"},"spec":{"replicas":3,"selector":{"matchLabels":{"run":"dryrun-test"}},"template":{"metadata":{"labels":{"run":"dryrun-test"}},"spec":{"containers":[{"image":"nginx","name":"dryrun-test","ports":[{"containerPort":80}]}]}}}}
creationTimestamp: null
generation: 1
labels:
run: dryrun-test
name: dryrun-test
selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/dryrun-test
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
run: dryrun-test
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
run: dryrun-test
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: dryrun-test
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
status: {}
8.2 保存到文件中
kubectl get deploy dryrun-test --export -o yaml > export-test.yaml
[root@master test]# kubectl get deploy dryrun-test --export -o yaml > export-test.yaml
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
[root@master test]# ls
dryrun-test.yaml export-test.yaml nginx-svc-test.yaml nginx-test.yaml
9. explain:查看字段幫助信息
可一層層的查看相關資源對象的幫助信息
kubectl explain deployments.spec.template.spec.containers
[root@master test]# kubectl explain deployments.spec.template.spec.containers
KIND: Deployment
VERSION: extensions/v1beta1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
args <[]string>
Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
with a double $$, ie: $$(VAR_NAME). Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
......
kubectl explain pods.spec.containers
[root@master test]# kubectl explain pods.spec.containers
KIND: Pod
VERSION: v1
RESOURCE: containers <[]Object>
DESCRIPTION:
List of containers belonging to the pod. Containers cannot currently be
added or removed. There must be at least one container in a Pod. Cannot be
updated.
A single application container that you want to run within a pod.
FIELDS:
args <[]string>
Arguments to the entrypoint. The docker image's CMD is used if this is not
provided. Variable references $(VAR_NAME) are expanded using the
container's environment. If a variable cannot be resolved, the reference in
the input string will be unchanged. The $(VAR_NAME) syntax can be escaped
with a double $$, ie: $$(VAR_NAME). Escaped references will never be
expanded, regardless of whether the variable exists or not. Cannot be
updated. More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
......
10. 獲取資源配置清單的總結
● 沒有相關資源,使用run命令--dry-run選項
kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml
● 已有相關資源,使用get命令--export選項
kubectl get deploy dryrun-test --export -o yaml > export-test.yaml