yaml語法及格式校驗
詳見:https://www.cnblogs.com/uncleyong/p/15437385.html
創建資源的三種方式
參考:https://www.cnblogs.com/uncleyong/p/15434823.html
方式一:kubectl run、ckubectl create、kubectl expose;不常用,因為如果要寫很多參數不方便
kubectl run busybox --image=busybox:1.34 --command -- sleep 3600 kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80 kubectl create deploy nginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --replicas=3 kubectl expose deploy nginx --port=80 --type=NodePort kubectl get pod,svc
方式二:從標准輸入創建
方式三:yaml資源文件
Pod
kubectl run mynginx --image=registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 --image-pull-policy=IfNotPresent --port=80
kubectl get po mynginx -oyaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 172.17.125.54/32
cni.projectcalico.org/podIPs: 172.17.125.54/32
creationTimestamp: "2021-11-26T09:10:44Z"
labels:
run: mynginx
name: mynginx
namespace: default
resourceVersion: "897494"
uid: d7271a91-fb48-442f-8ac6-9ce97dccf99e
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-jxn9z
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node01
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-jxn9z
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:46Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-11-26T09:10:44Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://8c772df0bad7afff0610c12051a46da2ee6b91a270763105c3d451a1bb8db9b9
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imageID: docker-pullable://registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx@sha256:2963fc49cc50883ba9af25f977a9997ff9af06b45c12d968b7985dc1e9254e4b
lastState: {}
name: mynginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2021-11-26T09:10:45Z"
hostIP: 192.168.117.162
phase: Running
podIP: 172.17.125.54
podIPs:
- ip: 172.17.125.54
qosClass: BestEffort
startTime: "2021-11-26T09:10:44Z"
tomcat-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: tomcat
namespace: default
labels:
app: mytomcat
env: dev
spec:
containers:
- name: tomcat
ports:
- containerPort: 8080
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
nginx-pod.yaml(含對應svc)
1157=14行主要內容
apiVersion: v1 # api版本
kind: Pod # 創建的資源類型
metadata: # 元數據
name: nginx # pod的名稱
namespace: default # pod所在名稱空間
labels: # 下面的標簽可以多個
app: mynginx # pod的標簽
spec: # pod規格
containers: # 下面的容器可以多個
- name: nginx # pod中容器的名稱,用於區分一個pod多個不同容器
ports:
- containerPort: 80 # 容器暴露的端口
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1 # 容器使用的鏡像
imagePullPolicy: IfNotPresent # 鏡像拉取策略
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: mynginx
type: NodePort
創建pod:kubectl apply -f nginx-pod.yaml
查看pod:kubectl get po -l app=mynginx
(READY,右側數字表示pod里面有多少個容器,左側數字表示正常運行的容器)
kubectl get po -l app=mynginx -owide
(RESTARTS,pod里封裝的容器的重啟次數)
curl 172.17.125.34
kubectl get svc |grep nginx-pod-svc
curl 10.107.208.14:80,80是上面svc的端口
運行busybox:https://www.cnblogs.com/uncleyong/p/15434823.html
cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: busybox:1.34
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
kubectl get po
域名解析:nslookup nginx-pod-svc
Server: 10.96.0.10 Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: nginx-pod-svc Address 1: 10.107.208.14 nginx-pod-svc.default.svc.cluster.local
kubectl exec -it busybox -- sh
查看日志:kubectl logs -f nginx
http://192.168.117.161:31192/
Deployment
nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl get deploy |grep nginx
或者:kubectl get deploy -l app=nginx-deploy
查看Replicaset:kubectl get rs |grep nginx
kubectl get po -l app=nginx
Deployment(一個pod多個容器)
nginx-tomcat-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
kubectl apply -f nginx-tomcat-deploy.yaml
kubectl get po
kubectl exec -it nginx-tomcat-5847497c86-x96tp -c tomcat -- sh
Service
nginx-deploy-svc
nginx-deploy-svc.yaml,匹配上面的Deployment
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-deploy-svc
name: nginx-deploy-svc
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
type: NodePort
kubectl apply -f nginx-deploy-svc.yaml
kubectl get svc -l app=nginx-deploy-svc
curl 10.107.207.129
也可以busybox中驗證
kubectl exec -it busybox -- sh
wget http://nginx-deploy-svc
cat index.html
如果是跨名稱空間訪問(不建議),需要加上名稱空間
wget http://nginx-deploy-svc.default
tomcat-svc
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
namespace: default
labels:
app: tomcat-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
type: NodePort
Statefulset
無頭svc
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
name: web
clusterIP: None # 無頭svc
selector:
app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
ports:
- containerPort: 80
name: web
Daemonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: nginx
name: nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: www.mytomcat.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tomcat-svc
port:
number: 8080
ConfigMap
valueFrom、envFrom
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-deploy
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http
containerPort: 80
env:
- name: ENV_NAME
value: dev
- name: USERNAME
valueFrom:
configMapKeyRef:
name: testcm
key: username
- name: AGE
valueFrom:
configMapKeyRef:
name: testcm
key: age
envFrom:
- configMapRef:
name: testcm2
文件
Secret
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque stringData: username: admin password: "123456"
Volumes
emptyDir(臨時目錄)
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-tomcat-deploy
name: nginx-tomcat
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-tomcat
template:
metadata:
labels:
app: nginx-tomcat
spec:
containers:
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/nginx:1.16.1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- name: http-nginx
containerPort: 80
volumeMounts:
- mountPath: /opt
name: share-volume
- image: registry.cn-chengdu.aliyuncs.com/qzcsbj/tomcat:9.0.13
imagePullPolicy: IfNotPresent
name: tomcat
ports:
- name: http-tomcat
containerPort: 8080
volumeMounts:
- mountPath: /mnt # 這里也可以寫/opt
name: share-volume
volumes:
- name: share-volume
emptyDir: {}
RBAC
RBAC是基於角色的訪問控制(Role-Based Access Control)
官網參考:https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
其它參考:https://www.cnblogs.com/uncleyong/p/15692654.html
基於dashboard做RBAC校驗:https://www.cnblogs.com/uncleyong/p/15701535.html
原文:https://www.cnblogs.com/uncleyong/p/15571059.html