Table of Contents
1. Introduction to declarative resource management:
2. Declarative related commands:
1. Grammar format:
2. View the resource configuration list:
3. Explain the resource configuration list:
4. Modify the resource configuration list and apply:
4.1 Offline modification:
4.2 Online modification:
5. Delete the resource configuration list:
3. Detailed explanation of yaml file:
1. Detailed explanation of deployment.yaml file:
2. Detailed explanation of Pod yaml file:
3. Detailed explanation of Service yaml file:
4. YAML file example:
1. Write and create nginx-deployment, pod files:
2. Create service service:
5. Detailed explanation of ports in k8s:
1. port:
2.nodePort:
3. targetPort:
4. containerPort:
6. Trial operation and file template:
1. –dry-run=client trial run:
2. View the generated yaml format:
3. View the generated json format:
4. Obtain the resource configuration manifest file template:
4.1. How to view existing resource configuration:
4.2 –dry-run=client Export generated template:
4.3 Copy the resource configuration case of K8S official documents
4.4 Obtain field information according to kubectl explain command
1. Introduction to declarative resource management:
- Suitable for modification operations on resources
- The declarative resource management method relies on resource configuration manifest files to manage resources.
- The resource configuration list file has two formats: yaml (human-friendly and easy to read), json (easy to parse the API interface)
- The management of resources is defined in advance in a unified resource configuration list and then applied to the k8s cluster through declarative commands.
2. Declarative related commands:
1. Grammar format:
kubectl create/apply/delete -f xxxx.yaml
2. View the resource configuration list:
kubectl get deployment nginx -o yaml
3. Explain the resource configuration list:
kubectl explain deployment.metadata
4. Modify the resource configuration list and apply:
4.1 Offline modification:
Modify the yaml file and use kubectl apply -f xxxx.yaml file to make it effective Note: When apply does not take effect, first use delete to clear the resource, and then apply to create the resource. kubectl get service nginx -o yaml > nginx-svc.yaml vim nginx-svc.yaml #Modify port: 8080 kubectl delete -f nginx-svc.yaml kubectl apply -f nginx-svc.yaml kubectl get svc
4.2 Online modification:
Use kubectl edit service nginx directly
Edit the resource configuration list online and save and exit to take effect immediately (such as port: 888)
PS: This modification method will not modify the content of the yaml file
5. Delete resource configuration list:
Statement deletion: kubectl delete service nginx Declarative deletion: kubectl delete -f nginx-svc.yaml
3. Detailed explanation of yaml file:
1. Detailed explanation of deployment.yaml file:
apiVersion: extensions/v1beta1 #Interface version
kind: Deployment #Interface type
metadata:
name: cango-demo #Deployment name
namespace: cango-prd #namespace
labels:
app: cango-demo #tag
spec:
replicas: 3
strategy:
rollingUpdate: ##Since replicas are 3, the number of pods will be between 2-4 during the entire upgrade.
maxSurge: 1 #When rolling upgrade, 1 pod will be started first
maxUnavailable: 1 #Maximum number of Unavailable pods allowed during rolling upgrade
template:
metadata:
labels:
app: cango-demo #Template name required
sepc: #Define container template, which can contain multiple containers
containers:
- name: cango-demo #Image name
image: swr.cn-east-2.myhuaweicloud.com/cango-prd/cango-demo:0.0.1-SNAPSHOT #Mirror address
command: [ "/bin/sh","-c","cat /etc/config/path/to/special-key" ] #Start command
args: #Startup parameters
- '-storage.local.retention=$(STORAGE_RETENTION)'
- '-storage.local.memory-chunks=$(STORAGE_MEMORY_CHUNKS)'
- '-config.file=/etc/prometheus/prometheus.yml'
- '-alertmanager.url=http://alertmanager:9093/alertmanager'
- '-web.external-url=$(EXTERNAL_URL)'
#If neither command nor args are written, then Docker’s default configuration will be used.
#If command is written but args is not written, then Docker's default configuration will be ignored and only the command of the .yaml file (without any parameters) will be executed.
#If command is not written but args is written, then the ENTRYPOINT command line configured by Docker by default will be executed, but the parameters called are args in .yaml.
#If both command and args are written, then the Docker default configuration is ignored and the .yaml configuration is used.
imagePullPolicy: IfNotPresent #Pull if it does not exist
livenessProbe: #Indicates whether the container is in live state. If LivenessProbe fails, LivenessProbe will notify kubelet that the corresponding container is unhealthy. Then kubelet will kill the container and perform further operations according to RestarPolicy. By default, LivenessProbe is initialized to Success before the first detection. If the container does not provide LivenessProbe, it is also considered Success;
httpGet:
path: /health #If there is no heartbeat detection interface, it will be /
port: 8080
scheme: HTTP
initialDelaySeconds: 60 ##How long to delay after startup to start running detection
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health #If there is no heartbeat detection interface, it will be /
port: 8080
scheme: HTTP
initialDelaySeconds: 30 ##How long to delay after startup to start running detection
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
resources: ##CPU memory limit
requests:
cpu: 2
memory: 2048Mi
limits:
cpu: 2
memory: 2048Mi
env: ## Directly pass pod=custom Linux OS environment variables through environment variables
- name: LOCAL_KEY #Local Key
value: value
- name: CONFIG_MAP_KEY #The bureau policy can use the configuration Key of configMap.
valueFrom:
configMapKeyRef:
name: special-config #The name found in the configmap is special-config
key: special.type #Find the key whose name is under data in special-config
ports:
- name: http
containerPort: 8080 #Expose port to service
volumeMounts: #Mount disks defined in volumes
- name: log-cache
mount: /tmp/log
- name: sdb #Normal usage, the volume is destroyed following the container and a directory is mounted.
mountPath: /data/media
- name: nfs-client-root #How to directly mount the hard disk, such as mounting the following nfs directory to /mnt/nfs
mountPath: /mnt/nfs
- name: example-volume-config #Advanced usage Type 1, mount the log-script and backup-script of ConfigMap to a relative path path/to/... in the /etc/config directory, if they exist Files with the same name are overwritten directly.
mountPath: /etc/config
- name: rbd-pvc #Advanced usage step 2, mount PVC (PresistentVolumeClaim)
#Use volume to mount ConfigMap directly as a file or directory. Each key-value pair will generate a file, where key is the file name and value is the content.
volumes: # Define the disk to be mounted by volumeMounts above
- name: log-cache
emptyDir: {}
- name: sdb #Mount the directory on the host
hostPath:
path: /any/path/it/will/be/replaced
- name: example-volume-config # Used for ConfigMap file content to the specified path
configMap:
name: example-volume-config #ConfigMap name
items:
- key: log-script #Key in ConfigMap
path: path/to/log-script #Specify a relative path path/to/log-script in the directory
- key: backup-script #Key in ConfigMap
path: path/to/backup-script #Specify a relative path path/to/backup-script in the directory
- name: nfs-client-root #For mounting NFS storage type
nfs:
server: 10.42.0.55 #NFS server address
path: /opt/public #showmount -e Take a look at the path
- name: rbd-pvc #Mount PVC disk
persistentVolumeClaim:
claimName: rbd-pvc1 #Mount the applied pvc disk
2. Detailed explanation of Pod yaml file:
apiVersion: v1 #Required, version number, such as v1
kind: Pod #Required, Pod
metadata: #Required, metadata
name: string #Required, Pod name
namespace: string #Required, the namespace to which the Pod belongs
labels: #custom labels
- name: string #Custom label name
annotations: #Custom annotation list
- name: string
spec: #Required, detailed definition of the container in the Pod
containers: #Required, list of containers in the Pod
- name: string #Required, container name
image: string #Required, the image name of the container
imagePullPolicy: [Always | Never | IfNotPresent] #Policy for obtaining images: Alawys means always downloading images, IfnotPresent means using local images first, otherwise downloading images, Never means only using local images
command: [string] #Container startup command list. If not specified, use the startup command used during packaging.
args: [string] # Container startup command parameter list
workingDir: string #The working directory of the container
volumeMounts: #Storage volume configuration mounted inside the container
- name: string #Refer to the name of the shared storage volume defined by the pod. You need to use the volume name defined in the volumes[] part.
mountPath: string #The absolute path of the storage volume to be mounted in the container, which should be less than 512 characters.
readOnly: boolean #Whether it is read-only mode
ports: #List of port library numbers that need to be exposed
- name: string #Port number name
containerPort: int #The port number that the container needs to listen to
hostPort: int #The port number that the host where the container is located needs to listen to, the default is the same as Container
protocol: string #Port protocol, supports TCP and UDP, defaults to TCP
env: #List of environment variables that need to be set before the container is run
- name: string #Environment variable name
value: string #The value of the environment variable
resources: #Resource limits and request settings
limits: #Settings of resource limits
cpu: string #Cpu limit, unit is core number, will be used for docker run --cpu-shares parameter
memory: string #Memory limit, the unit can be Mib/Gib, will be used for docker run --memory parameter
requests: #Resource request settings
cpu: string #Cpu request, the initial number available for container startup
memory: string #The memory is clear, the initial amount available for container startup
livenessProbe: #Set the health check of a container in a Pod. When the detection fails to respond for several times, the container will be automatically restarted. The check methods include exec, httpGet and tcpSocket. You only need to set one of these methods for a container.
exec: #Set the inspection mode in the Pod container to exec mode
command: [string] #The command or script that needs to be formulated in exec mode
httpGet: #Set the health check method of each container in the Pod to HttpGet, and you need to specify Path and port.
path: string
port: number
host: string
scheme: string
HttpHeaders:
- name: string
value: string
tcpSocket: #Set the health check method of each container in the Pod to tcpSocket method
port: number
initialDelaySeconds: 0 #The first detection time after the container is started, in seconds
timeoutSeconds: 0 #Timeout time for container health check detection to wait for response, unit seconds, default 1 second
periodSeconds: 0 #Setting the periodic detection time for container monitoring and inspection, in seconds, the default is once every 10 seconds
successThreshold: 0
failureThreshold: 0
securityContext:
privileged:false
restartPolicy: [Always | Never | OnFailure] #Pod's restart policy. Always means that once the kubelet is terminated no matter how it is run, the kubelet will restart. OnFailure means that the pod will only be restarted if it exits with a non-0 exit code. Never means that the pod will not be restarted. Pod
nodeSelector: obeject #Setting NodeSelector means scheduling the Pod to the node containing this label, specified in the key: value format
imagePullSecrets: #The secret name used when pulling the image, specified in key: secretkey format
- name: string
hostNetwork:false #Whether to use the host network mode, the default is false, if set to true, it means using the host network
volumes: #Define a list of shared storage volumes on this pod
- name: string #Shared storage volume name (there are many types of volumes)
emptyDir: {} #Storage volume of type emtyDir, a temporary directory with the same life cycle as the Pod. is a null value
hostPath: string #Storage volume of type hostPath, indicating the directory of the host where the Pod is mounted.
path: string #The directory of the host where the Pod is located will be used for the mount directory in the same period.
secret: #Storage volume of type secret, mount the cluster and defined secret objects into the container
scretname: string
items:
- key: string
path: string
configMap: #Storage volume of type configMap, mount the predefined configMap object inside the container
name: string
items:
- key: string
3. Detailed explanation of Service yaml file:
apiVersion: v1
Kind: Service
matadata: #metadata
name: string #service name
namespace: string #namespace
labels: #Custom label attribute list
- name: string
annotations: #Custom annotation attribute list
- name: string
spec: #Detailed description
selector: [] #label selector configuration, Pods with label labels will be selected as management
#scope
type: string #The type of service, specifies the access method of service, the default is
#clusterIp
clusterIP: string #Virtual service address
sessionAffinity: string #Whether session is supported
ports: #service needs to expose the port list
- name: string #Port name
protocol: string #Port protocol, supports TCP and UDP, defaults to TCP
port: int #The port number that the service listens to
targetPort: int #The port number that needs to be forwarded to the backend Pod
nodePort: int #When type = NodePort, specify the port number mapped to the physical machine
status: #When spce.type=LoadBalancer, set the address of the external load balancer
loadBalancer: #External load balancer
ingress: #External load balancer
ip: string #The IP address value of the external load balancer
hostname: string #Hostname of the external load balancer
4. Yaml file example:
1. Write and create nginx-deployment, pod file:
vim nginx-deployment.yaml
apiVersion: apps/v1 #Specify the api version label
kind: Deployment #Define the type/role of the resource. Deployment is the copy controller. The resource type here can be Deployment, Job, Ingress, Service, etc.
metadata: #Define the metadata information of the resource, such as resource name, namespace, label and other information
name: nginx-deployment #Define the name of the resource, which must be unique in the same namespace
labels: #Define Deployment resource labels
app: nginx
spec: #Define the parameter attributes required by the deployment resource, such as whether to restart the container when the container fails.
replicas: 3 #Define the number of replicas
selector: #Define label selector
matchLabels: #Define matching labels
app: nginx #Need to be consistent with the labels defined by .spec.template.metadata.labels
template: #Define the business template. If there are multiple copies, the attributes of all copies will be matched according to the relevant configuration of the template.
metadata:
labels: #Define the labels that the Pod copy will use, which must be consistent with the labels defined by .spec.selector.matchLabels
app: nginx
spec:
containers: #Define container properties
- name: nginx #Define a container name, a - name: define a container
image: nginx:1.15.4 #Define the image and version used by the container
ports:
- containerPort: 80 #Define the external port of the container
//Create resource object
kubectl create -f nginx-deployment.yaml
//View the created pod resources
kubectl get pods -o wide
2. Create service service:
apiVersion: v1
Kind: Service
metadata:
name: nginx-service
labels:
app: nginx
spec:
ports:
- port: 80
targetPort: 80
nodePort: 30001 #Specify the port opened by the node in NodePort mode (30000~32767)
selector:
app: nginx #The label is selected as nginx
type: NodePort
//Create resource object
kubectl apply -f nginx-service.yaml
//View the created service
kubectl get svc
5. Detailed explanation of port in k8s:
1. port:
port is the port used to access the service within the k8s cluster, that is, the service can be accessed from the Node where the Pod is located through clusterIP: port
2. nodePort:
nodePort is the port for external access to the service in the k8s cluster. A service can be accessed from the outside through nodeIP: nodePort.
3. targetPort:
targetPort is the port of the Pod. Traffic from the port or nodePort is forwarded to the targetPort of the backend Pod through the kube-proxy reverse proxy load balancing, and finally enters the container.
4. containerPort:
containerPort is the port of the container inside the Pod, and targetPort is mapped to containerPort.
6. Trial operation and file template:
1. –dry-run=client trial run:
kubectl run nginx-test --image=nginx --port=80 --dry-run=client kubectl create deployment nginx-deploy --image=nginx --port=80 --replicas=3 --dry-run=client
2. View the generated yaml format:
kubectl run nginx-test --image=nginx --port=80 --dry-run=client -o yaml kubectl create deployment nginx-deploy --image=nginx --port=80 --replicas=3 --dry-run=client -o yaml
3. View the generated json format:
kubectl run nginx-test --image=nginx --port=80 --dry-run=client -o json kubectl create deployment nginx-deploy --image=nginx --port=80 --replicas=3 --dry-run=client -o json
4. Get the resource configuration list file template:
4.1. How to view existing resource configuration:
kubectl get svc nginx-service -o yaml > my-svc.yaml or kubectl edit svc nginx-service #Copy the configuration and paste it into a new file
4.2 –dry-run=client Export the generated template:
//Export the generated template using yaml format, modify it and delete some unnecessary parameters kubectl run nginx-test --image=nginx --port=80 --dry-run=client -o yaml > nginx-test.yaml kubectl create deployment nginx-deploy --image=nginx --port=80 --replicas=3 --dry-run=client -o yaml > nginx-deploy.yaml
4.3 Copy the resource configuration case of K8S official documents
4.4 Obtain field information according to kubectl explain command
kubectl explain svc
