容器技术
ubuntu使用APT安装docker并指定版本
Helm部署与使用
Helm常用命令
从Helm仓库创建应用流程示例
Helm部署与使用
K8S中部署mysql-ha高可用集群
helm启动mysql-ha
helm几个常用仓库
Kubernetes使用helm部署Mysql-Ha
k8s入门:Helm 构建 MySQL
docker批量修改tag(批量push)
k8s之yaml文件详解
将 MySQL 通过 bitpoke/mysql-operator 部署到 k8s 内部
k8s pvc扩容:pvc创建后扩容
K8S性能分析
部署Metrics Server
Kubernetes集群搭建
kubespray 部署常见问题和优化汇总
kubernetes-sigs/kubespray at release-2.15
K8S-pod配置文件详解
KubeSphere知识库
在 Kubernetes 上最小化安装 KubeSphere
卸载 KubeSphere 和 Kubernetes
KubeSphere 应用商店
修改pod中容器的时区
k8s之Pod安全策略
Harbor 登陆失败,用户名或者密码不正确。405 Not Allowed
Docker-leanote_n1
kubesphere/kubekey
Kubernetes Static Pod (静态Pod)
kubernets kube-proxy的代理 iptables和ipvs - 30岁再次出发 - 博客园
k8s生产实践之获取客户端真实IP - SSgeek - 博客园
kube-proxy ip-tables故障解决
k8s入门:Helm 构建 MySQL
docker批量修改tag(批量push)
prometheus operator 监控redis-exporter
Helm3 安装 ElasticSearch & Kibana 7.x 版本
kubernete强力删除namespace_redis删除namespace命令
EFK (Elasticsearch + Fluentd + Kibana) 日志分析系统
k8s日志收集实战(无坑)
fluentd收集k8s集群pod日志
Elasticsearch+Fluentd+Kibana 日志收集系统的搭建
TKE/EKS之configmap,secret只读挂载
K8s基于Reloader的ConfigMap/Secret热更新
使用 Reloader 实现热部署_k8s reloader
k8s使用Reloader实现更新configmap后自动重启pod
在 Kubernetes 上对 gRPC 服务器进行健康检查 | Kubernetes
Kubernetes ( k8s ) gRPC服务 健康检查 ( livenessProbe ) 与 就绪检查 ( readinessProbe )
排查kubernetes中高磁盘占用pod
helm 安装 MongoDB 集群
helm 安装 Redis 1 主 2 从 3哨兵
【k8s】使用 Reloader 实现热部署
k8s证书过期,更新后kubelet启动失败
kubeadm证书/etcd证书过期处理
三种监控 Kubernetes 集群证书过期方案
K8s 集群(kubeadm) CA 证书过期解决方案
k8s调度、污点、容忍、不可调度、排水、数据卷挂载
5分钟搞懂K8S的污点和容忍度(理论+实战)
Kubernetes进阶-8基于Istio实现微服务治理
macvlan案例配置
快速解决Dockerhub镜像站无法访问问题
info_scan开源漏洞扫描主系统部署
本文档使用 MrDoc 发布
-
+
首页
k8s之yaml文件详解
## 1\. k8s支持的文件格式 Kubernetes支持YAML和JSON格式管理资源对象 JSON格式:主要用于api接口之间消息的传递 YAML格式:用于配置和管理,YAML是一种简洁的非标记性语言,内容格式人性化,较易读 ## 2\. YAML语言格式 ● 大小写敏感 ● 使用缩进表示层级关系 ● 不支持Tab键制表符缩进,只使用空格缩进 ● 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可,通常开头缩进两个空格 ● 符号字符后缩进一个空格,如冒号,逗号,短横杠(-)等 ● “---”表示YAML格式,一个文件的开始,用于分隔文件 ● “#”表示注释 ## 3\. 查看api资源版本标签 kubectl api-versions ``` [root@master ~]# kubectl api-versions admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 apps/v1beta1 apps/v1beta2 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 autoscaling/v2beta2 batch/v1 batch/v1beta1 certificates.k8s.io/v1beta1 coordination.k8s.io/v1 coordination.k8s.io/v1beta1 events.k8s.io/v1beta1 extensions/v1beta1 networking.k8s.io/v1 networking.k8s.io/v1beta1 node.k8s.io/v1beta1 policy/v1beta1 rbac.authorization.k8s.io/v1 rbac.authorization.k8s.io/v1beta1 scheduling.k8s.io/v1 scheduling.k8s.io/v1beta1 storage.k8s.io/v1 storage.k8s.io/v1beta1 v1 ```  如果是业务场景,一般首选使用apps/v1(apps/v1从v1.9版本开始提供API)。 在k8s v1.16版本之前使用的是extensions/v1beta1,extensions/v1beta1从v1.20版本开始不再提供Ingress资源。 带有beta字样的代表的是测试版本,不用在生产环境中。 ## 4\. 编写nginx-test.yaml资源配置清单 ### 4.1 编写资源配置清单 ``` [root@master ~]# mkdir /opt/test [root@master ~]# cd !$ cd /opt/test [root@master test]# vim nginx-test.yaml #指定api版本标签 apiVersion: apps/v1 #定义资源的类型/角色,deployment为副本控制器 #此处资源类型可以是Deployment、Job、Ingress、Service等 kind: Deployment #定义资源的元数据信息,比如资源的名称、namespace、标签等信息 metadata: #定义资源的名称,在同一个namespace空间中必须是唯一的 name: nginx-test lables: app: nginx #定义deployment资源需要的参数属性,诸如是否在容器失败时重新启动容器的属性 spec: #定义副本数量 replicas: 3 #定义标签选择器 selector: #定义匹配标签 matchLabels: #需与后面的.spec.template.metadata.labels定义的标签保持一致 app: nginx #定义业务模板,如果有多个副本,所有副本的属性会按照模板的相关配置进行匹配 template: metadata: #定义Pod副本将使用的标签,需与前面的.spec.selector.matchLabels定义的标签保持一致 labels: app: nginx spec: #定义容器属性 containers: #定义一个容器名,一个-name:定义一个容器 - name: nginx #定义容器使用的镜像以及版本 image: nginx:1.15.4 ports: #定义容器对外的端口 - containerPort: 80 ``` ### 4.2 创建资源对象 kubectl create -f nginx-test.yaml ``` [root@master test]# kubectl create -f nginx-test.yaml deployment.apps/nginx-test created ``` ### 4.3 查看创建的pod资源 kubectl get pods -o wide ``` [root@master test]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-test-9b644dcd5-fdvn6 0/1 ContainerCreating 0 4s <none> node02 <none> <none> nginx-test-9b644dcd5-j6cv7 0/1 ContainerCreating 0 4s <none> node01 <none> <none> nginx-test-9b644dcd5-pwrt2 0/1 ContainerCreating 0 4s <none> node02 <none> <none> ``` ## 5\. 创建service服务对外提供访问并测试 ### 5.1 编写nginx-svc-test.yaml ``` [root@master test]# vim nginx-svc-test.yaml apiVersion: v1 kind: Service metadata: name: nginx-svc labels: app: nginx spec: type: NodePort ports: - port: 80 targetPort: 80 selector: #此处定义的selector要与deployment所定义的selector相同 #service依靠标签选择器来检索提供服务的nodes app: nginx ``` ### 5.2 创建资源对象 kubectl create -f nginx-svc-test.yaml ``` [root@master test]# kubectl create -f nginx-svc-test.yaml service/nginx-svc created ``` ### 5.3 查看创建的service kubectl get svc ``` [root@master test]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 28h nginx-svc NodePort 10.1.101.27 <none> 80:32421/TCP 5s ``` ### 5.4 访问测试 在浏览器输入nodeIP:nodePort即可访问 curl 192.168.122.11:32421 ``` [root@master test]# curl 192.168.122.11:32421 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> ``` curl 192.168.122.12:32421 ``` [root@master test]# curl 192.168.122.12:32421 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> ``` ## 6\. 详解k8s中的port  ● port port是k8s集群内部访问service的端口,即通过clusterIP:port可以从Pod所在的Node上访问到service ● nodePort nodePort是外部访问k8s集群中service的端口,通过nodeIP:nodePort可以从外部访问到某个service ● targetPort targetPort是Pod的端口,从port或nodePort来的流量经过kube-proxy反向代理负载均衡转发到后端Pod的targetPort上,最后进入容器。 ● containerPort containerPort是Pod内部容器的端口,targetPort映射到containerPort。 ## 7\. 试运行生成yaml模板后创建实例 ### 7.1 --dry-run:试运行 kubectl run --dry-run打印相应的API对象而不执行创建 kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run ``` [root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/dryrun-test created (dry run) [root@master test]# kubectl get pod,deploy No resources found. ``` \--dry-run表示试运行,不真正执行命令(测试命令是否正确),即并不会真的创建出pod和deployment实例,去掉该参数后即可真正执行命令。 ### 7.2 查看生成yaml格式 使用--dry-run试运行可不触发生成命令,然后通过-o yaml可实现对其yaml资源配置清单的查看 kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml ``` [root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: run: dryrun-test name: dryrun-test spec: replicas: 3 selector: matchLabels: run: dryrun-test strategy: {} template: metadata: creationTimestamp: null labels: run: dryrun-test spec: containers: - image: nginx name: dryrun-test ports: - containerPort: 80 resources: {} status: {} ``` ### 7.3 查看生成json格式 同理,可通过-o json查看该命令产生的json配置清单 kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o json ``` [root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o json kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. { "kind": "Deployment", "apiVersion": "apps/v1", "metadata": { "name": "dryrun-test", "creationTimestamp": null, "labels": { "run": "dryrun-test" } }, "spec": { "replicas": 3, "selector": { "matchLabels": { "run": "dryrun-test" } }, "template": { "metadata": { "creationTimestamp": null, "labels": { "run": "dryrun-test" } }, "spec": { "containers": [ { "name": "dryrun-test", "image": "nginx", "ports": [ { "containerPort": 80 } ], "resources": {} } ] } }, "strategy": {} }, "status": {} } ``` ### 7.4 yaml和json的主要区别 ● YAML使用空格缩进,这是Python开发人员熟悉的领域。 ● JavaScript开发人员喜欢JSON,因为它是JavaScript的一个子集,可以直接在JavaScript中解释和编写,同时使用简写方式声明JSON,在使用没有空格的典型变量名时,不需要键中的双引号。 ● 有很多解析器在YAML和JSON的所有语言中都能很好地工作。 ● 在许多情况下,YAML的空白格式可以更容易查看,因为格式化需要更人性化的方法。 ● 如果您的编辑器中没有空格可见或缩进线指示符,那么YAML的空白虽然更紧凑,更容易查看,但可能难以手动编辑。 ● JSON的序列化和反序列化要快得多,因为要检查的功能明显少于YAML,这使得更小更轻的代码能够处理JSON。 ● 一个常见的误解是YAML需要较少的标点符号并且比JSON更紧凑,但这完全是错误的。空格是不可见的,所以看起来字符较少,但是如果你计算实际的空格是必要的,以便正确解释YAML以及正确的缩进,你会发现YAML实际上需要比JSON更多的字符。JSON不使用空格来表示层次结构或分组,并且可以通过删除不必要的空格来轻松展平,以实现更紧凑的传输。 ### 7.5 使用yaml格式导出生成模板 kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml ``` [root@master test]# kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. [root@master test]# ls dryrun-test.yaml nginx-svc-test.yaml nginx-test.yaml ``` ### 7.6 删除一些不必要的参数 ``` [root@master test]# vim dryrun-test.yaml apiVersion: apps/v1 kind: Deployment metadata: #删除下行 creationTimestamp: null labels: run: dryrun-test name: dryrun-test spec: replicas: 3 selector: matchLabels: run: dryrun-test #删除下行 strategy: {} template: metadata: #删除下行 creationTimestamp: null labels: run: dryrun-test spec: containers: - image: nginx name: dryrun-test ports: - containerPort: 80 #删除下行 resources: {} #删除下行 status: {} ``` ### 7.7 使用yaml模板创建实例 kubectl apply -f dryrun-test.yaml ``` [root@master test]# kubectl apply -f dryrun-test.yaml deployment.apps/dryrun-test created [root@master test]# kubectl get pod,deploy NAME READY STATUS RESTARTS AGE pod/dryrun-test-6c4ddc89bd-25lcm 1/1 Running 0 39s pod/dryrun-test-6c4ddc89bd-bbsnm 1/1 Running 0 39s pod/dryrun-test-6c4ddc89bd-rnmjk 1/1 Running 0 39s NAME READY UP-TO-DATE AVAILABLE AGE deployment.extensions/dryrun-test 3/3 3 3 39s ``` ## 8\. 将现有资源生成yaml模板导出并保存为文件 ### 8.1 --expose:查看现有资源的yaml配置清单 kubectl get deploy dryrun-test --export -o yaml ``` [root@master test]# kubectl get deploy dryrun-test --export -o yaml Flag --export has been deprecated, This flag is deprecated and will be removed in future. apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"run":"dryrun-test"},"name":"dryrun-test","namespace":"default"},"spec":{"replicas":3,"selector":{"matchLabels":{"run":"dryrun-test"}},"template":{"metadata":{"labels":{"run":"dryrun-test"}},"spec":{"containers":[{"image":"nginx","name":"dryrun-test","ports":[{"containerPort":80}]}]}}}} creationTimestamp: null generation: 1 labels: run: dryrun-test name: dryrun-test selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/dryrun-test spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: run: dryrun-test strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: run: dryrun-test spec: containers: - image: nginx imagePullPolicy: Always name: dryrun-test ports: - containerPort: 80 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 status: {} ``` ### 8.2 保存到文件中 kubectl get deploy dryrun-test --export -o yaml > export-test.yaml ``` [root@master test]# kubectl get deploy dryrun-test --export -o yaml > export-test.yaml Flag --export has been deprecated, This flag is deprecated and will be removed in future. [root@master test]# ls dryrun-test.yaml export-test.yaml nginx-svc-test.yaml nginx-test.yaml ``` ## 9\. explain:查看字段帮助信息 可一层层的查看相关资源对象的帮助信息 kubectl explain deployments.spec.template.spec.containers ``` [root@master test]# kubectl explain deployments.spec.template.spec.containers KIND: Deployment VERSION: extensions/v1beta1 RESOURCE: containers <[]Object> DESCRIPTION: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. A single application container that you want to run within a pod. FIELDS: args <[]string> Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell ...... ``` kubectl explain pods.spec.containers ``` [root@master test]# kubectl explain pods.spec.containers KIND: Pod VERSION: v1 RESOURCE: containers <[]Object> DESCRIPTION: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. A single application container that you want to run within a pod. FIELDS: args <[]string> Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell ...... ``` ## 10\. 获取资源配置清单的总结 ● 没有相关资源,使用run命令--dry-run选项 kubectl run dryrun-test --image=nginx --port=80 --replicas=3 --dry-run -o yaml > dryrun-test.yaml ● 已有相关资源,使用get命令--export选项 kubectl get deploy dryrun-test --export -o yaml > export-test.yaml
adouk
2023年1月13日 16:30
转发文档
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
Markdown文件
分享
链接
类型
密码
更新密码