美文网首页
创建Kubernetes manifest 指南

创建Kubernetes manifest 指南

作者: Medivh_ | 来源:发表于2022-08-01 17:33 被阅读0次

    更多关注:https://mknight.cn/

    前言

    创建编排文件,是一件复杂的事情,很多时候可能没有头绪该如何开始。所以此篇文章提供一些创建的思路。

    在定义资源时,将包含以下字段:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      ...
    spec:
      ... 
    

    以下操作均在1.20.0版本,其他版本命令或结果有所不同。

    字段详解

    apiVersion

    该字段指用于创建资源的API组和药使用的API版本。Kubernetes API被聚合到API组中,v1是要使用的apps API版本。如果想列出可用的API组及其版本,可以使用以下命令:

    ~ kubectl api-versions 
    admissionregistration.k8s.io/v1
    admissionregistration.k8s.io/v1beta1
    apiextensions.k8s.io/v1
    apiextensions.k8s.io/v1beta1
    apiregistration.k8s.io/v1
    apiregistration.k8s.io/v1beta1
    apps/v1
    authentication.k8s.io/v1
    authentication.k8s.io/v1beta1
    authorization.k8s.io/v1
    authorization.k8s.io/v1beta1
    autoscaling/v1
    autoscaling/v2beta1
    autoscaling/v2beta2
    batch/v1
    batch/v1beta1
    certificates.k8s.io/v1
    certificates.k8s.io/v1beta1
    coordination.k8s.io/v1
    coordination.k8s.io/v1beta1
    crd.projectcalico.org/v1
    discovery.k8s.io/v1beta1
    events.k8s.io/v1
    events.k8s.io/v1beta1
    extensions/v1beta1
    flowcontrol.apiserver.k8s.io/v1beta1
    networking.k8s.io/v1
    networking.k8s.io/v1beta1
    node.k8s.io/v1
    node.k8s.io/v1beta1
    policy/v1beta1
    rbac.authorization.k8s.io/v1
    rbac.authorization.k8s.io/v1beta1
    scheduling.k8s.io/v1
    scheduling.k8s.io/v1beta1
    storage.k8s.io/v1
    storage.k8s.io/v1beta1
    v1
    

    kind

    指定要创建的资源类型,比如Deployment、Pod和ReplicaSet等,可以使用以下命令查看可用的资源类型以及关联的API组:

    ~ kubectl api-resources | more
    NAME                              SHORTNAMES   APIVERSION                             NAMESPACED   KIND
    bindings                                       v1                                     true         Binding
    componentstatuses                 cs           v1                                     false        ComponentStatus
    configmaps                        cm           v1                                     true         ConfigMap
    endpoints                         ep           v1                                     true         Endpoints
    events                            ev           v1                                     true         Event
    limitranges                       limits       v1                                     true         LimitRange
    namespaces                        ns           v1                                     false        Namespace
    nodes                             no           v1                                     false        Node
    persistentvolumeclaims            pvc          v1                                     true         PersistentVolum
    eClaim
    persistentvolumes                 pv           v1                                     false        PersistentVolum
    e
    pods                              po           v1                                     true         Pod
    podtemplates                                   v1                                     true         PodTemplate
    replicationcontrollers            rc           v1                                     true         ReplicationCont
    roller
    resourcequotas                    quota        v1                                     true         ResourceQuota
    secrets                                        v1                                     true         Secret
    serviceaccounts                   sa           v1                                     true         ServiceAccount
    services                          svc          v1                                     true         Service
    mutatingwebhookconfigurations                  admissionregistration.k8s.io/v1        false        MutatingWebhook
    Configuration
    validatingwebhookconfigurations                admissionregistration.k8s.io/v1        false        ValidatingWebho
    okConfiguration
    customresourcedefinitions         crd,crds     apiextensions.k8s.io/v1                false        CustomResourceD
    efinition
    apiservices                                    apiregistration.k8s.io/v1              false        APIService
    controllerrevisions                            apps/v1                                true         ControllerRevis
    ion
    daemonsets                        ds           apps/v1                                true         DaemonSet
    deployments                       deploy       apps/v1                                true         Deployment
    replicasets                       rs           apps/v1                                true         ReplicaSet
    statefulsets                      sts          apps/v1                                true         StatefulSet
    tokenreviews                                   authentication.k8s.io/v1               false        TokenReview
    localsubjectaccessreviews                      authorization.k8s.io/v1                true         LocalSubjectAcc
    essReview
    selfsubjectaccessreviews                       authorization.k8s.io/v1                false        SelfSubjectAcce
    ssReview
    selfsubjectrulesreviews                        authorization.k8s.io/v1                false        SelfSubjectRule
    sReview
    subjectaccessreviews                           authorization.k8s.io/v1                false        SubjectAccessRe
    view
    horizontalpodautoscalers          hpa          autoscaling/v1                         true         HorizontalPodAu
    toscaler
    cronjobs                          cj           batch/v1beta1                          true         CronJob
    jobs                                           batch/v1                               true         Job
    certificatesigningrequests        csr          certificates.k8s.io/v1                 false        CertificateSign
    ingRequest
    leases                                         coordination.k8s.io/v1                 true         Lease
    bgpconfigurations                              crd.projectcalico.org/v1               false        BGPConfiguratio
    n
    bgppeers                                       crd.projectcalico.org/v1               false        BGPPeer
    blockaffinities                                crd.projectcalico.org/v1               false        BlockAffinity
    caliconodestatuses                             crd.projectcalico.org/v1               false        CalicoNodeStatu
    s
    clusterinformations                            crd.projectcalico.org/v1               false        ClusterInformat
    ion
    felixconfigurations                            crd.projectcalico.org/v1               false        FelixConfigurat
    ion
    globalnetworkpolicies                          crd.projectcalico.org/v1               false        GlobalNetworkPo
    licy
    globalnetworksets                              crd.projectcalico.org/v1               false        GlobalNetworkSe
    t
    hostendpoints                                  crd.projectcalico.org/v1               false        HostEndpoint
    ipamblocks                                     crd.projectcalico.org/v1               false        IPAMBlock
    ipamconfigs                                    crd.projectcalico.org/v1               false        IPAMConfig
    ipamhandles                                    crd.projectcalico.org/v1               false        IPAMHandle
    ippools                                        crd.projectcalico.org/v1               false        IPPool
    ipreservations                                 crd.projectcalico.org/v1               false        IPReservation
    kubecontrollersconfigurations                  crd.projectcalico.org/v1               false        KubeControllers
    Configuration
    networkpolicies                                crd.projectcalico.org/v1               true         NetworkPolicy
    networksets                                    crd.projectcalico.org/v1               true         NetworkSet
    endpointslices                                 discovery.k8s.io/v1beta1               true         EndpointSlice
    events                            ev           events.k8s.io/v1                       true         Event
    ingresses                         ing          extensions/v1beta1                     true         Ingress
    flowschemas                                    flowcontrol.apiserver.k8s.io/v1beta1   false        FlowSchema
    prioritylevelconfigurations                    flowcontrol.apiserver.k8s.io/v1beta1   false        PriorityLevelCo
    nfiguration
    ingressclasses                                 networking.k8s.io/v1                   false        IngressClass
    ingresses                         ing          networking.k8s.io/v1                   true         Ingress
    networkpolicies                   netpol       networking.k8s.io/v1                   true         NetworkPolicy
    runtimeclasses                                 node.k8s.io/v1                         false        RuntimeClass
    poddisruptionbudgets              pdb          policy/v1beta1                         true         PodDisruptionBu
    dget
    podsecuritypolicies               psp          policy/v1beta1                         false        PodSecurityPoli
    cy
    clusterrolebindings                            rbac.authorization.k8s.io/v1           false        ClusterRoleBind
    ing
    clusterroles                                   rbac.authorization.k8s.io/v1           false        ClusterRole
    rolebindings                                   rbac.authorization.k8s.io/v1           true         RoleBinding
    roles                                          rbac.authorization.k8s.io/v1           true         Role
    priorityclasses                   pc           scheduling.k8s.io/v1                   false        PriorityClass
    csidrivers                                     storage.k8s.io/v1                      false        CSIDriver
    csinodes                                       storage.k8s.io/v1                      false        CSINode
    storageclasses                    sc           storage.k8s.io/v1                      false        StorageClass
    volumeattachments                              storage.k8s.io/v1                      false        VolumeAttachmen
    t
    

    使用api-versionapi-resources命令可以找到可用资源与资源类型关联的API组以及API组版本。根据此信息填写apiVersion:kind:字段。

    如果想了解某种资源类型的用途,可以使用kubectl explain命令:

    ~ kubectl explain --api-version=apps/v1 deployment
    KIND:     Deployment
    VERSION:  apps/v1
    
    DESCRIPTION:
         Deployment enables declarative updates for Pods and ReplicaSets.
    
    FIELDS:
       apiVersion   <string>
         APIVersion defines the versioned schema of this representation of an
         object. Servers should convert recognized schemas to the latest internal
         value, and may reject unrecognized values. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
    
       kind <string>
         Kind is a string value representing the REST resource this object
         represents. Servers may infer this from the endpoint the client submits
         requests to. Cannot be updated. In CamelCase. More info:
         https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    
       metadata <Object>
         Standard object metadata.
    
       spec <Object>
         Specification of the desired behavior of the Deployment.
    
       status   <Object>
         Most recently observed status of the Deployment.
    

    metadata

    用于唯一标识Kubernetes集群中的资源,可以为资源命名、分配标签、注解和指定命名空间等。

    $ kubectl explain deployment.metadata | more
    KIND:     Deployment
    VERSION:  apps/v1
    
    RESOURCE: metadata <Object>
    
    DESCRIPTION:
         Standard object metadata.
                                                                                                                                                 
         ObjectMeta is metadata that all persisted resources must have, which
         includes all objects users must create.
    
    FIELDS:
       annotations  <map[string]string>
         Annotations is an unstructured key value map stored with a resource that
         may be set by external tools to store and retrieve arbitrary metadata. They
         are not queryable and should be preserved when modifying objects. More
         info: http://kubernetes.io/docs/user-guide/annotations
    ...
    

    spec

    可以定义要使用的容器镜像、副本数量、selector条件、存活或就绪探针的定义等。查看具体信息可以使用以下命令:

    ~ kubectl explain deployment.spec | more
    KIND:     Deployment
    VERSION:  apps/v1
    
    RESOURCE: spec <Object>
    
    DESCRIPTION:
         Specification of the desired behavior of the Deployment.
    
         DeploymentSpec is the specification of the desired behavior of the
         Deployment.
    
    FIELDS:
       minReadySeconds  <integer>
         Minimum number of seconds for which a newly created pod should be ready
         without any of its container crashing, for it to be considered available.
         Defaults to 0 (pod will be considered available as soon as it is ready)
    
       paused   <boolean>
         Indicates that the deployment is paused.
    
       progressDeadlineSeconds  <integer>
         The maximum time in seconds for a deployment to make progress before it is
         considered to be failed. The deployment controller will continue to process
         failed deployments and a condition with a ProgressDeadlineExceeded reason
         will be surfaced in the deployment status. Note that progress will not be
         estimated during the time a deployment is paused. Defaults to 600s.
    
       replicas <integer>
         Number of desired pods. This is a pointer to distinguish between explicit
         zero and not specified. Defaults to 1.
    
       revisionHistoryLimit <integer>
         The number of old ReplicaSets to retain to allow rollback. This is a
         pointer to distinguish between explicit zero and not specified. Defaults to
         10.
    
       selector <Object> -required-
         Label selector for pods. Existing ReplicaSets whose pods are selected by
         this will be the ones affected by this deployment. It must match the pod
         template's labels.
    
       strategy <Object>
         The deployment strategy to use to replace existin
    

    获取模板

    ~ kubectl create deployment nginx --image=nginx -o yaml --dry-run=client
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      strategy: {}
      template:
        metadata:
          creationTimestamp: null
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx
            name: nginx
            resources: {}
    status: {}
    

    或者ingress

    ~ kubectl create ingress my-ingress --rule=host/path=app1:80 -o yaml --dry-run=client
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      creationTimestamp: null
      name: my-ingress
    spec:
      rules:
      - host: host
        http:
          paths:
          - backend:
              service:
                name: app1
                port:
                  number: 80
            path: /path
            pathType: Exact
    status:
      loadBalancer: {}
    

    还可以使用 kubectl explain 添加--rescursive参数,可以获取各个字段的分层视图:

    ~ kubectl explain deployment.spec.template.spec.containers.livenessProbe --recursive | more
    KIND:     Deployment
    VERSION:  apps/v1
    
    RESOURCE: livenessProbe <Object>
    
    DESCRIPTION:
         Periodic probe of container liveness. Container will be restarted if the
         probe fails. Cannot be updated. More info:
         https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
    
         Probe describes a health check to be performed against a container to
         determine whether it is alive or ready to receive traffic.
    
    FIELDS:
       exec <Object>
          command   <[]string>
       failureThreshold <integer>
       httpGet  <Object>
          host  <string>
          httpHeaders   <[]Object>
             name   <string>
             value  <string>
          path  <string>
          port  <string>
          scheme    <string>
       initialDelaySeconds  <integer>
       periodSeconds    <integer>
       successThreshold <integer>
       tcpSocket    <Object>
          host  <string>
          port  <string>
       timeoutSeconds   <integer>
    

    如果想进一步了解更详细的信息,可以继续拼接:

    [root@k8s-node-217 ~]# kubectl explain deployment.spec.template.spec.containers.lifecycle
    KIND:     Deployment
    VERSION:  apps/v1
    
    RESOURCE: lifecycle <Object>
    
    DESCRIPTION:
         Actions that the management system should take in response to container
         lifecycle events. Cannot be updated.
    
         Lifecycle describes actions that the management system should take in
         response to container lifecycle events. For the PostStart and PreStop
         lifecycle handlers, management of the container blocks until the action is
         complete, unless the container process fails, in which case the handler is
         aborted.
    
    FIELDS:
       postStart    <Object>
         PostStart is called immediately after a container is created. If the
         handler fails, the container is terminated and restarted according to its
         restart policy. Other management of the container blocks until the hook
         completes. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    
       preStop  <Object>
         PreStop is called immediately before a container is terminated due to an
         API request or management event such as liveness/startup probe failure,
         preemption, resource contention, etc. The handler is not called if the
         container crashes or exits. The reason for termination is passed to the
         handler. The Pod's termination grace period countdown begins before the
         PreStop hooked is executed. Regardless of the outcome of the handler, the
         container will eventually terminate within the Pod's termination grace
         period. Other management of the container blocks until the hook completes
         or until the termination grace period is reached. More info:
         https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
    

    总结

    组成

    整个编排文件分为四个字段或者四部分:

    1. apiVersion API组及版本
    2. kind 资源类型
    3. metadata 资源注解
    4. spec 定义和管理资源

    常用命令

    # 获取API 版本
    kubectl api-versions
    # 获取资源类型和API版本
    kubectl api-resources
    # 获取资源详情
    kubectl explain --api-version=apps/v1 replicaset
    # 根据资源创建基础模板
    kubectl create deployment nginx --image=nginx -o yaml --dry-run=client
    # 获取资源详情
    kubectl explain deployment.spec.selector.matchExpressions.operator
    

    相关文章

      网友评论

          本文标题:创建Kubernetes manifest 指南

          本文链接:https://www.haomeiwen.com/subject/rusjwrtx.html