configmap篇
# 使用文件创建,注--from-file=[文件] 可以多次引用
kubectl create configmap [configmap名称] --from-file=[文件]
#或者使用下面的
---
apiVersion: v1
data:
s04serverxml: |-
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxThreads="1000"
minSpareThreads="200" />
<Connector executor="tomcatThreadPool"
port="4444" protocol="HTTP/1.1"
connectionTimeout="20000"
enableLookups="false"
redirectPort="8443"
URIEncoding="UTF-8"
relaxedPathChars='[]|'
relaxedQueryChars='[]|{}^\`"<>"<>'
acceptCount="500" />
<Engine name="Catalina" defaultHost="localhost" >
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps/S04" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="/usr/local/tomcat/webapps/tomcat" reloadable="false" crossContext="true">
</Context>
</Host>
</Engine>
</Service>
</Server>
server.xml: >-
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!--
<Listener className="org.apache.catalina.core.JasperListener" />
-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxThreads="1000"
minSpareThreads="200" />
<Connector executor="tomcatThreadPool"
port="1111" protocol="HTTP/1.1"
connectionTimeout="20000"
enableLookups="false"
redirectPort="8443"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
relaxedPathChars='[]|' relaxedQueryChars='[]|{}^\`"<>"<>'
/>
<Engine name="Catalina" defaultHost="localhost" >
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps/S01" unpackWARs="true" autoDeploy="true">
<Context path="tomcat" docBase="/usr/local/tomcat/webapps/tomcat" reloadable="false" crossContext="true">
</Context>
</Host>
</Engine>
</Service>
</Server>
kind: ConfigMap
metadata:
annotations: {}
labels: {}
name: serverxml
namespace: test
ENV环境变量
#指定env环境变量会覆盖原有的容器相同的变量名称,如下为模板,需要在容器部分配置
- env:
- name: TZ
value: CST+8 #指定值
- name: ENV
valueFrom:
configMapKeyRef: #使用configmap
key: consumer.xml
name: gameser
- name: passwds
valueFrom:
secretKeyRef: #使用secret加密
key: .dockerconfigjson
name: tf
使用command 与args (此部分会覆盖原有dockerfile的命令)
- args:
- tail
- '-f'
- /dev/null
command:
- sh
- /usr/local/tomcat/bin/startup.sh
映射容器端口与docker 暴露端口性质一样
ports:
- containerPort: 8080
hostPort: 8080
name: tomcat
protocol: TCP
资源限制(CPU与内存的使用)
resources:
limits:
cpu: '2'
memory: 1Gi
requests:
cpu: '1'
memory: 50Mi
容器的三种探针模式
#存活、就绪、启动检查
#TCP篇
容器启动检查探针
startupProbe:
failureThreshold: 3 #探针进入失败状态时需要连续探测失败的最小次数。
initialDelaySeconds: 5 #在检查其运行状况之前,容器启动后需要等待多长时间。
periodSeconds: 10 #执行探测的频率(以秒为单位)。默认为10秒。最小值为1。
successThreshold: 1 #探测失败后,连续最小成功探测为成功。默认值为1。最小值为1。存活探针和启动探针内,健康阈值必须为1。
tcpSocket:
port: 8080
timeoutSeconds: 4 #等待探针完成多长时间。如果超过时间,则认为探测失败。默认为1秒。最小值为1。
容器存活检查探针
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8081
timeoutSeconds: 4
容器就绪检查探针
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8082
timeoutSeconds: 4
#command 配置
容器启动检查探针
startupProbe:
exec:
command:
- telnet
- 127.0.0.1
- '8080'
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
容器存活检查探针
livenessProbe:
exec:
command:
- telnet
- 127.0.0.1
- '8081'
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
容器就绪检查探针
readinessProbe:
exec:
command:
- telnet
- 127.0.0.1
- '8082'
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
#http 探针
容器启动检查探针
startupProbe:
failureThreshold: 3
httpGet: #此部分带HTTP Header 头部信息,可不添加
httpHeaders:
- name: testbox
value: login
path: /hello.do
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
容器存活检查探针
livenessProbe:
failureThreshold: 3
httpGet:
path: /login.do
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
容器就绪检查探针
readinessProbe:
failureThreshold: 3
httpGet:
path: /admin/hall.do
port: 8082
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
容器的安全上下文
#容器内root获得接近宿主机root权限,俗称扩大权限
securityContext:
allowPrivilegeEscalation: true #允许扩大特权,不建议开启,否则容易出现未知错误
privileged: true #扩大特权
readOnlyRootFilesystem: true #文件系统 root 只读
定义存储挂载
#定义挂载到容器内部路径
volumeMounts:
- mountPath: >- #configmap定义挂载容器路径
/usr/local/tomcat/webapps/F01/WEB-INF/classes/application.properties
name: config
subPath: application.properties
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/classes/log4j2.xml
name: config
subPath: log4j2.xml
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/classes/pulsar.properties
name: config
subPath: pulsar.properties
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/lib #定义宿主机路径挂载到容器路径
mountPropagation: HostToContainer
name: lib
- mountPath: /usr/local/tomcat/logs/ #定义NFS挂载到容器路径
name: log
- mountPath: /data #定义使用临时存储
name: list-temp
- mountPath: /tmp/passwd.txt #=定义秘钥写入容器位置
name: volume-bhryi
subPath: passwd.txt
#定义类型与外部路径
volumes:
- configMap: #configmap
defaultMode: 420
items:
- key: application.properties
path: application.properties
- key: log4j2.xml
path: log4j2.xml
- key: pulsar.properties
path: ' pulsar.properties'
name: tfback
name: config
- hostPath: #挂载到宿主机路径
path: /data/tf_lib/F01_lib
type: DirectoryOrCreate
name: lib
- name: log
nfs: #定义NFS使用路径
path: /data/log/tf/F01
server: 192.168.168.86
- emptyDir: {} #定义临时目录,重启数据丢弃
name: list-temp
- name: volume-bhryi
secret: #定义使用秘钥加密
defaultMode: 420
items:
- key: .dockerconfigjson
path: passwd.txt
secretName: tf
#滚动更新与重新创建更新
#滚动更新
spec: #spec位置参数
minReadySeconds: 60 #Kubernetes在等待设置的时间后才进行升级,如果没有设置该值,Kubernetes会假设该容器启动起来后就提供服务了,如果没有设置该值,在某些极端情况下可能会造成服务服务正常运行
progressDeadlineSeconds: 120 #判定Deployment是否卡主存在异常,建议该值调整为默认600秒
revisionHistoryLimit: 5 #历史副本,方便回滚
strategy: #滚动更新
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
#重新创建更新
spec:
minReadySeconds: 60
progressDeadlineSeconds: 120
revisionHistoryLimit: 5
strategy:
type: Recreate
容忍污点
#对一个节点设置污点:
kubectl taint node k8s-node01 key=value:NoSchedule
# 容忍的 key、value 和对应 effect 也必须和污点 taints 保持一致
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/node01
operator: Exists
#容忍 tolerations 的 key 和要污点 taints 的 key 一致,且设置的 effect 也相同,不需要设置 value
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/node01
operator: Equal
设置容器内部绑定的hosts
hostAliases:
- hostnames:
- node02
ip: 192.168.168.2
设置容器内部sysctl参数
securityContext:
seLinuxOptions: {}
sysctls:
- name: vm.max_map_count
value: '262144'
- name: kernel.msgmax
value: '65536'
#创建deployment模板
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: #注解
www.garafana.com/displayName: 测试
www.garafana.com/workload: test
labels: #定义标签
www.garafana.com/layer: web
www.garafana.com/name: test
name: test
namespace: tf
spec:
minReadySeconds: 60
progressDeadlineSeconds: 120
replicas: 0 #定义副本,默认创建不启动
revisionHistoryLimit: 5
selector:
matchLabels: #寻找标签
www.garafana.com/layer: web
www.garafana.com/name: test
strategy: #滚动更新策略
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
www.garafana.com/layer: web
www.garafana.com/name: test
spec:
automountServiceAccountToken: true
containers:
- args:
- tail
- '-f'
- /dev/null
command:
- sh
- /usr/local/tomcat/bin/startup.sh
env:
- name: TZ
value: CST+8
- name: ENV
valueFrom:
configMapKeyRef:
key: consumer.xml
name: gameser
- name: passwds
valueFrom:
secretKeyRef:
key: .dockerconfigjson
name: tf
image: 'www.garafana.com/test:V1.1.1'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /login.do
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
name: tf-tfback
ports:
- containerPort: 8080
hostPort: 8080
name: tomcat
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /admin/hall.do
port: 8082
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
resources:
limits:
cpu: '2'
memory: 1Gi
requests:
cpu: '1'
memory: 50Mi
securityContext:
privileged: true
startupProbe:
failureThreshold: 3
httpGet:
httpHeaders:
- name: testbox
value: login
path: /hello.do
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 4
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: >-
/usr/local/tomcat/webapps/F01/WEB-INF/classes/application.properties
name: config
subPath: application.properties
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/classes/log4j2.xml
name: config
subPath: log4j2.xml
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/classes/pulsar.properties
name: config
subPath: pulsar.properties
- mountPath: /usr/local/tomcat/webapps/F01/WEB-INF/lib
mountPropagation: HostToContainer
name: lib
- mountPath: /usr/local/tomcat/logs/
name: log
- mountPath: /data
name: list-temp
- mountPath: /tmp/passwd.txt
name: volume-bhryi
subPath: passwd.txt
workingDir: /usr/local/tomcat/
dnsPolicy: ClusterFirst
hostAliases:
- hostnames:
- node02
ip: 192.168.168.2
imagePullSecrets:
- name: tf
nodeSelector:
Node: Test
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
seLinuxOptions: {}
sysctls:
- name: vm.max_map_count
value: '262144'
- name: kernel.msgmax
value: '65536'
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
volumes:
- configMap:
defaultMode: 420
items:
- key: application.properties
path: application.properties
- key: log4j2.xml
path: log4j2.xml
- key: pulsar.properties
path: ' pulsar.properties'
name: tfback
name: config
- hostPath:
path: /data/tf_lib/F01_lib
type: DirectoryOrCreate
name: lib
- name: log
nfs:
path: /data/log/tf/F01
server: 192.168.168.86
- emptyDir: {}
name: list-temp
- name: volume-bhryi
secret:
defaultMode: 420
items:
- key: .dockerconfigjson
path: passwd.txt
secretName: tf
---
apiVersion: v1
kind: Service
metadata:
annotations:
www.garafana.com/workload: test
labels:
www.garafana.com/layer: web
www.garafana.com/name: test
name: test
namespace: tf
spec:
ports:
- name: port
port: 9001
protocol: TCP
targetPort: 9001
selector:
www.garafana.com/layer: web
www.garafana.com/name: test
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP