k8s pod 相关的yaml
2023年5月21日...大约 5 分钟
目录
configMap的yaml 配置
kubectl create cm squidapiVersion: v1
kind: ConfigMap
metadata:
name: cm-appvars
data:
apploglevel: info
appdatadir: /var/dataconfigMap 的yaml配置,使用文件生成
kubectl create cm squid --from-file=squid=/etc/squid/squid.confapiVersion: v1
kind: ConfigMap
metadata:
name: cm-appvars
data:
apploglevel: info
appdatadir: /var/data
[root@master ~]#
[root@master ~]# cat cm-squid.yaml
apiVersion: v1
data:
squid: "#\n# Recommended minimum configuration:\n#\n\n# Example rule allowing access
from your local networks.\n# Adapt to list your (internal) IP networks from where
browsing\n# should be allowed\nacl localnet src 10.0.0.0/8\t# RFC1918 possible
internal network\nacl localnet src 172.16.0.0/12\t# RFC1918 possible internal
network\nacl localnet src 192.168.0.0/16\t# RFC1918 possible internal network\nacl
localnet src fc00::/7 # RFC 4193 local private network range\nacl localnet
src fe80::/10 # RFC 4291 link-local (directly plugged) machines\n\nacl SSL_ports
port 443\nacl Safe_ports port 80\t\t# http\nacl Safe_ports port 21\t\t# ftp\nacl
Safe_ports port 443\t\t# https\nacl Safe_ports port 70\t\t# gopher\nacl Safe_ports
port 210\t\t# wais\nacl Safe_ports port 1025-65535\t# unregistered ports\nacl
Safe_ports port 280\t\t# http-mgmt\nacl Safe_ports port 488\t\t# gss-http\nacl
Safe_ports port 591\t\t# filemaker\nacl Safe_ports port 777\t\t# multiling http\nacl
CONNECT method CONNECT\n\n#\n# Recommended minimum Access Permission configuration:\n#\n#
Deny requests to certain unsafe ports\n\n# And finally deny all other access to
this proxy\nhttp_access allow all\n\n# Squid normally listens to port 3128\nhttp_port
3128\n\n# Uncomment and adjust the following to add a disk cache directory.\n#cache_dir
ufs /var/spool/squid 100 16 256\n\n# Leave coredumps in the first cache dir\ncoredump_dir
/var/spool/squid\n\n#\n# Add any of your own refresh_pattern entries above these.\n#\nrefresh_pattern
^ftp:\t\t1440\t20%\t10080\nrefresh_pattern ^gopher:\t1440\t0%\t1440\nrefresh_pattern
-i (/cgi-bin/|\\?) 0\t0%\t0\nrefresh_pattern .\t\t0\t20%\t4320\n"
kind: ConfigMap
metadata:
name: squid
namespace: defaultpod引用configMap
apiVersion: v1
kind: Pod
metadata:
name: cm-test-pod
spec:
containers:
- name: cm-test-pod
image: busybox
command: ["/bin/sh","-c","env | grep APP"]
env:
- name: APPLOGLEVEL
valueFrom:
configMapKeyRef:
name: cm-appvars
key: apploglevel
- name: APPDATADIR
valueFrom:
configMapKeyRef:
name: cm-appvars
key: appdatadir
restartPolicy: NeverPod使用挂载到文件的方式使用ConfigMap
apiVersion: v1
kind: Pod
metadata:
name: cm-test-app-mount
spec:
containers:
- name: cm-test-app-mount
image: minimum2scp/squid
ports:
- containerPort: 3128
volumeMounts:
- name: squid
mountPath: /etc/squid
volumes:
- name: squid
configMap:
name: squid
items:
- key: squid
path: squid.conf通过downwardAPI获取pod的信息,并以环境变量的方式写入pod的环境变量中
apiVersion: v1
kind: Pod
metadata:
name: downward-api
spec:
containers:
- name: downward-api
image: busybox
command: ["/bin/sh","-c","env"]
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP通过downwardAPI获取,并以环境变量的方式写入pod的环境变量中2
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod-container-vars
spec:
containers:
- name: test-container
image: busybox
command: ["/bin/sh","-c"]
args:
- while true; do
echo -en '\n';
printenv MY_CPU_REQUEST MY_CPU_LIMIT;
printenv MY_MEM_REQUEST MY_MEM_LIMIT;
sleep 3600;
done;
resources:
requests:
memory: "32Mi"
cpu: "125m"
limits:
memory: "64Mi"
cpu: "250m"
env:
- name: MY_CPU_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.cpu
- name: MY_CPU_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.cpu
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.memory
- name: MY_MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.memory
restartPolicy: Never通过downwardAPI获取,挂载成文件的方式
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod-volume
labels:
zone: us-est-coast
cluster: test-cluster1
rock: rock-22
annotations:
build: two
builder: john-doe
spec:
containers:
- name: test-container
image: busybox
imagePullPolicy: Never
command: ["/bin/sh","-c"]
args:
- while true; do
if [[ -e /etc/podinfo/labels ]];then
echo -en '\n\n'; cat /etc/podinfo/labels;fi;
if [[ -e /etc/podinfo/annotations ]];then
echo -en '\n\n'; cat /etc/podinfo/annotations;fi;
sleep 3600;
done;
volumeMounts:
- name: podinfo
mountPath: /etc/podinfo
volumes:
- name: podinfo
downwardAPI:
items:
- path: "labels"
fieldRef:
fieldPath: metadata.labels
- path: "annotations"
fieldRef:
fieldPath: metadata.annotations一个pod多个容器,挂载同一个文件
apiVersion: v1
kind: Pod
metadata:
name: volume-pod
spec:
containers:
- name: tomcat
image: tomcat
ports:
- containerPort: 8080
volumeMounts:
- name: app-logs
mountPath: /usr/local/tomcat/logs
- name: busybox
image: busybox
command: ["sh","-c","tail -f /logs/catalina*.log"]
volumeMounts:
- name: app-logs
mountPath: /logs
volumes:
- name: app-logs
emptyDir: {}一个pod多个容器,使用localhost+端口访问同pod下的其他机器
apiVersion: v1
kind: Pod
metadata:
name: redis-php
labels:
name: redis-php
spec:
containers:
- name: frontend
image: kubeguide/guestbook-php-frontend:localredis
ports:
- containerPort: 80
- name: redis
image: kubeguide/redis-master
ports:
- containerPort: 6379pod-livenessprobe基于exec-command的方式进行健康检查
apiVersion: v1
kind: Pod
metadata:
name: livenessprobe-exec
labels:
liveness: exec
spec:
containers:
- name: livenessprobe-exec
image: busybox
args:
- /bin/sh
- -c
- echo ok >/tmp/health; sleep 10; rm -rf /tmp/health; sleep 600
livenessProbe:
exec:
command:
- cat
- /tmp/health
initialDelaySeconds: 15
timeoutSeconds: 1pod-livenessprobe基于tcp端口探测进行健康检查
apiVersion: v1
kind: Pod
metadata:
name: livenessprobe-tcp
labels:
liveness: tcp
spec:
containers:
- name: livenessprobe-tcp
image: nginx
ports:
- containerPort: 80
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 30
timeoutSeconds: 1pod-livenessprobe基于httpGet方法端口探测进行健康检查
apiVersion: v1
kind: Pod
metadata:
name: livenessprobe-http
labels:
liveness: httpget
spec:
containers:
- name: livenessprobe-http
image: nginx
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /_status/healthz
port: 80
initialDelaySeconds: 30
timeoutSeconds: 1Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80NodeSelector
apiVersion: v1
kind: ReplicationController
metadata:
name: redis-master
labels:
name: redis-master
spec:
replicas: 1
selector:
name: redis-master
template:
metadata:
labels:
name: redis-master
spec:
containers:
- name: master
image: kubeguide/redis-master
ports:
- containerPort: 6379
nodeSelector:
zone: hangzhouNode亲和性&&互斥NodeAffinity
requiredDuringSchedulingIgnoredDuringExceution 强制运行,硬限制
preferredDuringSchedulingIgnoredDruingExceution 尽量运行,软限制
pod 和node 通用选项apiVersion: v1
kind: Pod
metadata:
name: with-node-affinity
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: disk-type
operator: In
values:
- ssd
containers:
- name: with-node-affinity
image: registry.cn-hangzhou.aliyuncs.com/google_containers/pause:2.0PodAffinity
apiVersion: v1
kind: Pod
metadata:
name: pod-affinity
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: security
operator: In
values:
- S1
topologyKey: kubernetes.io/hostname
containers:
- name: with-node-affinity
image: registry.cn-hangzhou.aliyuncs.com/google_containers/pause:2.0Pod的互斥性调度
apiVersion: v1
kind: Pod
metadata:
name: anti-affinity
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: securyty
operator: In
values:
- S1
topologyKey: faulure-domain.beta.kubernetes.io/zone
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- nginx
topologyKey: kubernetes.io/hostname
containers:
- name: anti-affinity
image: registry.cn-hangzhou.aliyuncs.com/google_containers/pause:2.0fluentd-ds.yaml fluentd 的DaemonSet配置
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-cloud-logging
namespace: kube-system
labels:
k8s-app: fluentd-cloud-logging
spec:
selector:
matchLabels:
k8s-app: fluentd-cloud-logging
template:
metadata:
namespace: kube-system
labels:
k8s-app: fluentd-cloud-logging
spec:
containers:
- name: fluentd-cloud-logging
image: registry.cn-hangzhou.aliyuncs.com/google_containers/fluentd-elasticsearch:1.17
resources:
limits:
cpu: 100m
memory: 200Mi
env:
- name: fluentd-cloud-logging
value: -q
volumeMounts:
- name: varlog
mountPath: /var/log
readOnly: false
- name: containers
mountPath: /var/lib/docker/containers
readOnly: false
volumes:
- name: containers
hostPath:
path: /var/lig/docker/containers
- name: varlog
hostPath:
path: /var/logcron.yaml 定时任务
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date;echo Hello from the Kubernetes cluster
restartPolicy: OnFailure贡献者
changelichangyangccm@163.com