Kubernetes----资源清单配置详解(1.14.2)
文章目录一、pod.spec配置1、spec.affinity:亲和性和反亲和性配置1.1、spec.affinity.nodeAffinity1.2、spec.affinity.podAffinity1.2、spec.affinity.podAntiAffinity2、spec.containers2.1、spec.containers.ports2.2、spec.containers.env2
·
k8s资源清单配置详解
- 一、Pod资源配置
- 二、Deployment资源配置(deploy)
- 三、StatefulSet资源配置(sts)
- 三、DaemonSet资源配置(ds)
- 四、Pv资源配置
- 五、Pvc资源配置
- 六、Service资源配置(svc)
- 六、Ingress资源配置(ing)
- 七、ConfigMap资源配置(cm)
- 八、Secret资源配置
- 九、HorizontalPodAutoscaler资源配置(hpa)
- 十、LimitRanges资源配置(limits)
一、Pod资源配置
1、非Object配置
apiVersion: v1
kind: Pod
metadata:
spec:
activeDeadlineSeconds: <integer>
automountServiceAccountToken: <boolean>
dnsPolicy: <string> # 'ClusterFirst', 'Default' or 'None'
enableServiceLinks: <boolean>
hostIPC: <boolean>
hostNetwork: <boolean> # 是否使用宿主机网路,类似于--network=host
hostPID: <boolean>
hostname: <string> # 设置主机名称,类似于--hostname
nodeName: <string> #
nodeSelector: <map[string]string> # 节点标签选择器
priority: <integer>
priorityClassName: <string>
restartPolicy: <string> # 重启策略:Always, OnFailure, Never
runtimeClassName: <string>
schedulerName: <string>
serviceAccount: <string>
serviceAccountName: <string>
shareProcessNamespace: <boolean>
subdomain: <string>
terminationGracePeriodSeconds: <integer>
2、spec.affinity
2.1、spec.affinity.nodeAffinity:节点亲和性配置
spec:
affinity: <Object>
nodeAffinity: <Object>
requiredDuringSchedulingIgnoredDuringExecution: <Object>
nodeSelectorTerms: <[]Object> -required-
- matchExpressions: <[]Object>
- key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
matchFields: <[]Object> # 通过节点字段
- key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
preferredDuringSchedulingIgnoredDuringExecution: <[]Object>
- weight: <integer> -required-
preference: <Object> -required-
matchExpressions: <[]Object> # 通过节点标签
- key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
matchFields: <[]Object> # 通过节点字段
- key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
2.2、spec.affinity.podAffinity:pod亲和性配置
spec:
affinity: <Object>
podAffinity: <Object>
requiredDuringSchedulingIgnoredDuringExecution: <[]Object>
namespaces: <[]string>
topologyKey: <string> -required-
labelSelector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions:
key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
preferredDuringSchedulingIgnoredDuringExecution: <[]Object>
- weight: <integer> -required-
podAffinityTerm: <Object> -required-
namespaces: <[]string>
topologyKey: <string> -required-
labelSelector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions:
key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
2.3、spec.affinity.podAntiAffinity:pod反亲和性配置
spec:
affinity: <Object>
podAntiAffinity: <Object>
requiredDuringSchedulingIgnoredDuringExecution: <[]Object>
namespaces: <[]string>
topologyKey: <string> -required-
labelSelector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions:
key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
preferredDuringSchedulingIgnoredDuringExecution: <[]Object>
- weight: <integer> -required-
podAffinityTerm: <Object> -required-
namespaces: <[]string>
topologyKey: <string> -required-
labelSelector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions:
key: <string> -required-
operator: <string> -required- # 设置键值关系(In, NotIn, Exists, DoesNotExist)
values: <[]string>
- value1
- value2
3、spec.containers:容器配置
spec:
containers: <[]Object> # 容器配置
- name: <string> -required- # 容器名、DNS_LABEL
image: <string> # 镜像名称
imagePullPolicy: <string> # 镜像拉取策略,Always、Never、IfNotPresent
command: ["/bin/sh"] # 类似于dockerfile中的entrypiont
args: ["-c", "while true; do echo hello; sleep 10;done"] # 类似于dockerfile中的cmd
stdin: <boolean>
stdinOnce: <boolean>
terminationMessagePath: <string>
terminationMessagePolicy: <string>
tty: <boolean>
workingDir: <string>
```持续更新
### 3.1、spec.containers.ports:容器端口号配置
```yaml
spec:
containers: <[]Object>
ports: <[]Object> # 端口配置
- name: <string> # 定义端口名
containerPort: <integer> -required- # 容器暴露的端口
protocol: <string> # 端口协议,UDP, TCP, or SCTP
hostIP: <string> # 指定要绑定的主机IP
hostPort: <integer> # 指定主机开放的端口
3.2、spec.containers.env:环境变量设置
spec:持续更新
containers: <[]Object>
env: <[]Object> #环境变量配置
- name: <string> -required- # 环境变量名称,如:MYSQL_ROOT_PASSWORD
value: <string> # 设置环境变量的值
valueFrom: <Object>
configMapKeyRef: <Object> # 指定从configmap的键名获取
name: <string> # configmap名称
key: <string> -required- # configmap资源清单下data字段下的键名
optional: <boolean>
fieldRef: <Object>
apiVersion: <string>
fieldPath: <string> -required-
resourceFieldRef: <Object>
containerName: <string>
divisor: <string>
resource: <string> -required-
secretKeyRef: <Object> # 指定从Secret的键名获取
name: <string> # Secret名称
key: <string> -required- # Secret资源清单下data字段下的键名
optional: <boolean>
envFrom: <[]Object>
- configMapRef: <Object> # 指定从configmap资源获取
name: <string> # 指定configmap名称
optional: <boolean>
secretRef: <Object> # 指定从Secret资源获取
name: <string> # 指定Secret名称
optional: <boolean>
prefix: <string>
3.3、spec.containers.volumeMounts:容器内部存储卷挂载配置
spec:持续更新
containers: <[]Object>
volumeMounts: <[]Object> # 容器挂载卷配置
- name: <string> -required- # 设置挂载卷名称
mountPath: <string> -required- # 设置挂载存储卷的路径
readOnly: <boolean> # 是否只读,默认为false
mountPropagation: <string>
subPath: <string>
subPathExpr: <string>
3.4、spec.containers.livenessProbe:存活状态检测
spec:
containers: <[]Object>
livenessProbe: <Object> # 存活探针
exec: <Object>
command: <[]string>
httpGet: <Object>
port: <string> -required-
path: <string>
host: <string>
httpHeaders: <[]Object>
name: <string> -required-
value: <string> -required-
scheme: <string>
tcpSocket: <Object> # TCPSocket指定涉及TCP端口的操作
port: <string> -required- # 容器暴露的端口
host: <string> # 默认pod的IP
initialDelaySeconds: <integer> # 设置多少秒后开始探测
failureThreshold: <integer> # 设置连续探测多少次失败后,标记为失败,默认三次
successThreshold: <integer> # 设置失败后探测的最小连续成功次数,默认为1
timeoutSeconds: <integer> # 设置探测超时的秒数,默认1s
periodSeconds: <integer> # 设置执行探测的频率(以秒为单位),默认1s
3.5、spec.containers.readinessProbe:就绪状态检测
spec:
containers: <[]Object>
readinessProbe: <Object> # 就绪探针
exec: <Object>
command: <[]string>
httpGet: <Object>
port: <string> -required-
path: <string>
host: <string>
httpHeaders: <[]Object>
name: <string> -required-
value: <string> -required-
scheme: <string>
tcpSocket: <Object> # TCPSocket指定涉及TCP端口的操作持续更新
port: <string> -required- # 容器暴露的端口
host: <string> # 默认pod的IP
initialDelaySeconds: <integer> # 设置多少秒后开始探测
failureThreshold: <integer> # 设置连续探测多少次失败后,标记为失败,默认三次
successThreshold: <integer> # 设置失败后探测的最小连续成功次数,默认为1
timeoutSeconds: <integer> # 设置探测超时的秒数,默认1s
periodSeconds: <integer> # 设置执行探测的频率(以秒为单位),默认1s
3.6、spec.containers.resources:资源限制
spec:
containers: <[]Object>
resources: <Object> # 资源配置
requests: <map[string]string> # 要求分配的最小资源
memory: "1024Mi" # Mi,Gi
cpu: "500m" # 500m代表0.5CPU
limits: <map[string]string> # 能够分配的最大资源
memory:
cpu:
3.7、spec.containers.lifecycle
spec:
containers: <[]Object>
lifecycle: <Object>
postStart: <Object>
exec: <Object>
command: <[]string>
httpGet: <Object>持续更新
port: <string> -required-
path: <string>
host: <string>
httpHeaders: <[]Object>
name: <string> -required-
value: <string> -required-
scheme: <string>
tcpSocket: <Object>
port: <string> -required- # 容器暴露的端口
host: <string> # 默认pod的IP
preStop: <Object>
exec: <Object>
command: <[]string>
httpGet: <Object>
port: <string> -required-
path: <string>
host: <string>
httpHeaders: <[]Object>持续更新
name: <string> -required-
value: <string> -required-
scheme: <string>
tcpSocket: <Object>
port: <string> -required- # 容器暴露的端口
host: <string> # 默认pod的IP
3.8、spec.containers.volumeDevices
spec:
containers: <[]Object>
volumeDevices: <[]Object>
- name: <string> -required-
devicePath: <string> -required-
4、spec.volumes:数据存储卷配置
4.1、spec.volumes.emptyDir:使用emptyDir存储
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
emptyDir: <Object>
medium: <string>
sizeLimit: <string>
4.2、spec.volumes.hostPath:使用宿主机路径存储
spec:持续更新
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
hostPath: <Object> #设置挂载宿主机路径
path: <string> -required-
type: <string> #类型:DirectoryOrCreate、Directory、FileOrCreate、File、Socket、CharDevice、BlockDevice
4.3、spec.volumes.nfs:使用nfs网络存储
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
nfs: <Object> #设置NFS服务器
server: <string> -required- #设置NFS服务器地址
path: <string> -required- #设置NFS服务器路径(该路径必须存在)持续更新
readOnly: <boolean> #设置是否只读
4.4、spec.volumes.configMap:使用configmap存储
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
configMap: <Object>
name: <string> #configmap名称
defaultMode: <integer> #权限设置0~0777,默认0664
optional: <boolean> #指定是否必须定义configmap或其keys
items: <[]Object>
- key: <string> -required-
path: <string> -required-
mode: <integer>
4.5、spec.volumes.secret:使用Secret存储
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
secret: <Object>
secretName: <string>
defaultMode: <integer> #权限设置0~0777,默认0664
optional: <boolean> #指定是否必须定义configmap或其keys
4.6、spec.volumes.persistentVolumeClaim:使用pvc存储
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
persistentVolumeClaim: <Object>
claimName: <string> -required- #pvc名称
readOnly: <boolean>
4.7、spec.volumes.storageos
spec:
volumes: <[]Object> #数据卷配置
- name: <string> -required- #设置卷名称,与volumeMounts名称对应
storageos: <Object>
volumeName: <string>
volumeNamespace: <string>
fsType: <string>
secretRef: <Object>
name: <string>
5、spec.tolerations:污点容忍度配置
spec:
tolerations: <[]Object>
effect: <string> # NoSchedule, PreferNoSchedule, NoExecute
key: <string>
value: <string>
operator: <string> # Exists, Equal
tolerationSeconds: <integer>
6、spec.securityContext
spec:
securityContext: <Object>
fsGroup: <boolean>
runAsGroup: <boolean>
runAsNonRoot: <boolean>
runAsUser: <boolean>
supplementalGroups: <[]integer>
seLinuxOptions: <Object>
level: <string>
role: <string>
type: <string>
user: <string>
sysctls: <[]Object>
name: <string> -required-
value: <string> -required-
二、Deployment资源配置(deploy)
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
spec:
minReadySeconds: <integer> # 设置pod准备就绪的最小秒数
paused: <boolean> # 表示部署已暂停并且deploy控制器不会处理该部署
progressDeadlineSeconds: <integer>
replicas: <integer> # pod的副本数量
revisionHistoryLimit: <integer> # 设置保留的历史版本个数,默认是10
rollbackTo: <Object>
revision: <integer> # 设置回滚的版本,设置为0则回滚到上一个版本
selector: <Object> # pod标签选择器,匹配pod标签,默认使用pods的标签
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions: <[]Object>
operator: <string> -required- #设定标签键与一组值的关系,In, NotIn, Exists and DoesNotExist
key: <string> -required-
values: <[]string>
strategy: <Object> # 将现有pod替换为新pod的部署策略
rollingUpdate: <Object> # 滚动更新配置参数,仅当类型为RollingUpdate
maxSurge: <string> # 滚动更新过程产生的最大pod数量,可以是个数,也可以是百分比
maxUnavailable: <string> #
type: <string> #部署类型,Recreate,RollingUpdate
template: <Object> -required- # 同pod配置
三、StatefulSet资源配置(sts)
apiVersion: apps/v1
kind: StatefulSet
metadata:
spec:
podManagementPolicy: <string> # pod更新替换策略,OrderedReady(默认)、Parallel
replicas: <integer> # 副本数
revisionHistoryLimit: <integer> # 历史版本
serviceName: <string> -required- # 设置headless服务名
selector: <Object> -required- # 标签选择器
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions: <[]Object>
operator: <string> -required- #设定标签键与一组值的关系,In, NotIn, Exists and DoesNotExist
key: <string> -required-
values: <[]string>
template: <Object> -required- # 同pod配置
updateStrategy: <Object>
rollingUpdate: <Object>
partition: <integer> # 默认为0
type: <string> # 默认RollingUpdate
volumeClaimTemplates: <[]Object>
- apiVersion: <string>
kind: <string>
metadata: <Object>
spec: <Object>
accessModes: <[]string>
resources: <Object> # 参考链接:https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
limits: <map[string]string>
requests: <map[string]string>
storage: 5Gi
dataSource: <Object>
apiGroup: <string>
kind: <string> -required-
name: <string> -required-
selector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions: <[]Object>
operator: <string> -required- #设定标签键与一组值的关系,In, NotIn, Exists and DoesNotExist
key: <string> -required-
values: <[]string>
storageClassName: <string>
volumeMode: <string>
volumeName: <string>
三、DaemonSet资源配置(ds)
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
spec:
minReadySeconds: <integer>
revisionHistoryLimit: <integer>
selector: <Object>
template: <Object> -required-
templateGeneration: <integer> #已过时
updateStrategy: <Object>
四、Pv资源配置
1、标配
apiVersion: v1
kind: PersistentVolume
metadata:
spec:
accessModes: <[]string> # 访问模式
persistentVolumeReclaimPolicy: <string> # pv空间释放时处理机制
storageClassName: <string> # 当前 PY 所属的 StorageClass 的名称
capacity: <map[string]string>
storage: 5Gi #容量设置
2、spec.nfs
spec:
nfs: <Object>
server: <string> -required- # nfs服务器地址
path: <string> -required- # nfs服务器存储路径设置
readOnly: <boolean> # 是否只读
3、spec.hostPath
spec:
hostPath: <Object>
path: <string> -required-
type: <string> # 参考链接:https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
4、spec.storageos
spec:
storageos: <Object>
fsType: <string> # "ext4", "xfs", "ntfs",未指定默认为ext4
readOnly: <boolean>
volumeName: <string>
volumeNamespace: <string>
secretRef: <Object>
apiVersion: <string>
kind: <string>
name: <string>
namespace: <string>
fieldPath: <string>
resourceVersion: <string>
uid: <string>
五、Pvc资源配置
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
spec:
accessModes: <[]string>
storageClassName: <string>
volumeMode: <string>
volumeName: <string>
resources: <Object> # 参考链接:https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
limits: <map[string]string>
requests: <map[string]string>
storage: 5Gi
dataSource: <Object>
apiGroup: <string>
kind: <string> -required-
name: <string> -required-
selector: <Object>
matchLabels: <map[string]string>
key1: value1
key2: value2
matchExpressions: <[]Object>
operator: <string> -required- #设定标签键与一组值的关系,In, NotIn, Exists and DoesNotExist
key: <string> -required-
values: <[]string>
六、Service资源配置(svc)
apiVersion: v1
kind: Service
metadata:
spec:
clusterIP: <string>
externalIPs: <[]string>
externalName: <string>
externalTrafficPolicy: <string>
healthCheckNodePort: <integer>
loadBalancerIP: <string>
loadBalancerSourceRanges: <[]string>
ports: <[]Object>
publishNotReadyAddresses: <boolean>
selector: <map[string]string>
key: value
sessionAffinity: <string>
sessionAffinityConfig: <Object>
clientIP: <Object>
timeoutSeconds: <integer>
type: <string> # ExternalName, ClusterIP, NodePort, LoadBalancer
六、Ingress资源配置(ing)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
spec:
backend: <Object>
serviceName: <string> -required-
servicePort: <string> -required-
rules: <[]Object>
host: <string>
http: <Object>
paths: <[]Object> -required-
backend: <Object> -required-
serviceName: <string> -required-
servicePort: <string> -required-
path: <string>
tls: <[]Object>
hosts: <[]string>
secretName: <string>
七、ConfigMap资源配置(cm)
apiVersion: v1
kind: ConfigMap
metadata:
binaryData: <map[string]string>
data: <map[string]string>
八、Secret资源配置
apiVersion: v1
kind: Secret
metadata:
data: <map[string]string>
stringData: <map[string]string>
type: <string>
九、HorizontalPodAutoscaler资源配置(hpa)
kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [options]
spec:
maxReplicas: <integer> -required- # 最大副本数
minReplicas: <integer> # 最小副本数,默认为1
targetCPUUtilizationPercentage: <integer> #
scaleTargetRef: <Object> -required- #设置指定资源类型
apiVersion: <string>
kind: <string> -required-
name: <string> -required-
十、LimitRanges资源配置(limits)
LimitRange 在名称空间中限制 Limits/Requests 的比例。如果指定了 LimitRange 对象的 spec.limits.maxLimitRequestRatio 字段,名称空间中的 Pod/容器的 request 和 limit 都不能为 0,且 limit 除以 request 的结果必须小于或等于 LimitRange 的 spec.limits.maxLimitRequestRatio
apiVersion: v1
kind: LimitRange
metadata:
name: <string>
namespace: <string>
labels: <map[string]string>
spec:
limits:
- default: <map[string]string>
defaultRequest: <map[string]string>
max: <map[string]string>
memory: xxxMi
cpu: xxxm
maxLimitRequestRatio: <map[string]string>
memory: 2 # 限定了命名空间中任何Pod的最大内存限定(limit)不能超过最小内存的请求(request)的两倍
min: <map[string]string>
memory: xxxMi
cpu: xxxm
type: Container
```
开源、云原生的融合云平台
更多推荐
2
0- 0
已为社区贡献8条内容
所有评论(0)