k8s资源对象完整示例
deployment
·
deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: devops-demo #deployment名字
namespace: devops #命名空间
spec:
selector:
matchLabels:
app: devops-demo #标签选择器,指定deployment去监控哪个rs
replicas: 1
template:
metadata:
labels:
app: devops-demo #pod的标签,与deployment的标签选择器保持一致
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: #软限制
- preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- k8s-node1
weight: 100
requiredDuringSchedulingIgnoredDuringExecution: #硬限制
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: In
values:
- dev
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: # 非强制性条件
- weight: 100 # weight 用于为节点评分,会优先选择评分最高的节点
podAffinityTerm:
labelSelector:
matchExpressions:
- key: version
operator: In
values:
- v12
# 将 pod 尽量打散在多个可用区
topologyKey: topology.kubernetes.io/zone
requiredDuringSchedulingIgnoredDuringExecution: # 强制性要求
# 注意这个没有 weight,必须满足列表中的所有条件
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- xxx
- key: version
operator: In
values:
- v12
# Pod 必须运行在不同的节点上
topologyKey: kubernetes.io/hostname
tolerations: #污点容忍
- key: "type"
operator: "Equal"
value: "dev"
effect: "NoSchedule"
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoExecute"
tolerationSeconds: 0
nodeSelector:
productLine: devops #指定pod调度到标签为productLine=devops的节点上
securityContext: #Pod级
# runAsUser: 1000 # 设定用户
# runAsGroup: 1000 # 设定用户组
runAsNonRoot: true # Pod 必须以非 root 用户运行
terminationGracePeriodSeconds: 45 #终止pod的超时时间,默认30秒,超时后则发送SIGKILL信号给Pod
containers:
- name: redis
image: redis:6.0
imagePullPolicy: Always #每次都重新拉取镜像,可选IfNotPresent、Never
ports:
- containerPort: 6379
resources:
requests:
cpu: 10m
memory: 350Mi
limits: #建议为 requests 的 1 到 2 倍
cpu: 200m
memory: 350Mi
- name: java
image: java:latest
imagePullPolicy: Always
command: ["/bin/bash","-c","touch /tmp/t1.txt"]
securityContext: #容器级
readOnlyRootFilesystem: true # 将容器层设为只读,防止容器文件被篡改。
allowPrivilegeEscalation: false # 禁止 Pod 做任何权限提升
capabilities:
drop:
- ALL #禁用所有 capabilities
livenessProbe:
exec:
command:
- ls
- /opt/app.jar
initialDelaySeconds: 5 # 第1次执行探针时,延迟5s执行
failureThreshold: 2 # 探针执行失败2次后容器状态变为失败
periodSeconds: 5 # 每5s执行一次探针
readinessProbe:
tcpSocket:
port: 8088
initialDelaySeconds: 5
periodSeconds: 10
startupProbe:
tcpSocket:
port: 8088
failureThreshold: 6
periodSeconds: 10
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- "sleep 10"
env:
- name: JAVA_OPT
value: -Xmx2048m -Xms2048m -XX:MaxMetaspaceSize=512M -XX:MetaspaceSize=1024M -XX:MaxMetaspaceFreeRatio=95 -Dfile.encoding=utf-8
resources:
requests:
memory: 4096Mi
cpu: 100m
limits:
memory: 4096Mi
cpu: "3"
volumeMounts:
- name: java-config
mountPath: "/tmp/config"
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: java-config
configMap:
name: java-cm
items:
- key: "application-dev.yml"
path: "application-dev.yml"
- name: nginx-config
configMap:
name: nginx-cm
items:
- key: "nginx.conf"
path: "nginx.conf"
service
apiVersion: v1
kind: Service
metadata:
name: devops-demo
namespace: devops-demo
spec:
type: NodePort
ports:
- name: serviceport
port: 8080
targetPort: 8080
nodePort: 31002 #指定端口
- name: redis
port: 6379
targetPort: 6379
nodePort: #不指定端口会随机分配一个端口
selector:
app: devops-demo #指定pod标签
ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
name: nginx-ingress
namespace: devops
spec:
tls: #使用https
- hosts:
- foo-bar.com
secretName: foor-bar #证书名
rules:
- host: foo-bar.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 8080
参考文章
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献44条内容
所有评论(0)