Day03-Pod环境变量,容器重启策略,emptyDir,hostPath,nfs存储卷,资源限制及configMap,secret实战案例
- 0、昨日内容回顾:
- 1、面试题预告
- 1.1 Q1:Pod的容器的三种重启策略:(注意, K8S所谓的容器指的是重新创建容器。)
- 1.2 Q2:向容器传递环境变量的两种方式
- 1.3 Q3: 同一个Pod如何实现数据持久化?如何实现数据共享?跨节点的Pod如何实现数据共享呢?
- 1.3.1 数据持久化之emptyDir实战案例
- 1.3.2 数据持久化之hostPath实战案例
- 1.3.3 跨节点的Pod实现数据共享
- 1.3.3.1 部署nfs server
- 1.3.3.2 数据持久化之nfs实战案例
- 2、容器的资源限制实战案例
- 3、configMap概述
- 3.1 定义configMap(简称"cm")资源
- 3.2 pod基于env环境变量引入cm资源
- 3.3 pod基于存储卷的方式引入cm资源
- 3.4 课堂练习及prots的端口映射案例
- 4. secret资源的增删改查实战
- 4.1 Pod基于env引用secret资源案例
- 4.2 Pod基于存储卷引用secret资源案例
- 4.3 编写资源清单拉取私有项目镜像案例:(温馨提示,不要直接复制,小心你的环境跟我不一样哟~)
0、昨日内容回顾:
- Pod资源清单
apiVersion: v1
kind: Pod
metadata:name: ...
spec:hostNetwork: truenodeName: k8s233.oldboyedu.comcontainers:- name:image:stdin:command:args:imagePullPolicy:- name:image:...
- Pod的基础管理
创建:kubectl createkubectl apply
删除:kubectl delete
查看:kubectl get
修改:kubectl apply
- 故障排查相关指令:
kubectl describe
kubectl exec
kubectl logs
kubectl cp
1、面试题预告
Q1: Pod的容器重启策略有哪些?请简要说明?
Q2: 如何向Pod的指定容器传递环境变量?有哪些方式,请简要说明?
Q3: 同一个Pod如何实现数据持久化?如何实现数据共享?跨节点的Pod如何实现数据共享呢?
Q4: 多个Pod如何实现使用同一个配置文件?
Q5: 如何下载habor的私有项目镜像?
Q6: Pod如何实现健康检查?
1.1 Q1:Pod的容器的三种重启策略:(注意, K8S所谓的容器指的是重新创建容器。)
[root@k8s231.oldboyedu.com pods]# cat 07-nginx-restartPolicy.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-web-restartpolicy-always
spec:nodeName: k8s233.oldboyedu.com# 当容器退出时,始终重启容器。restartPolicy: Alwayscontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v0.1imagePullPolicy: Alwayscommand:- "sleep"- "10"---
apiVersion: v1
kind: Pod
metadata:name: linux85-web-restartpolicy-onfailure
spec:nodeName: k8s233.oldboyedu.com# 当容器正常退出时不会重启容器,异常退出时,会重启容器。restartPolicy: OnFailurecontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v0.1imagePullPolicy: Alwayscommand:- "sleep"- "10"---
apiVersion: v1
kind: Pod
metadata:name: linux85-web-restartpolicy-never
spec:nodeName: k8s233.oldboyedu.com# 当容器退出时,始终不重启。restartPolicy: Nevercontainers:- name: nginximage: harbor.oldboyedu.com/web/linux85-web:v0.1imagePullPolicy: Alwayscommand:- "sleep"- "10"1.2 Q2:向容器传递环境变量的两种方式
[root@k8s231.oldboyedu.com pods]# cat 08-games-env.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-game-env
spec:nodeName: k8s232.oldboyedu.comcontainers:- name: gameimage: harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.7# 向容器传递环境变量env:# 指定的变量名称- name: SCHOOL# 指定变量的值value: oldboyedu- name: CLASSvalue: linux85- name: OLDBOYEDU_POD_NAME# 不使用自定义的变量值,而是引用别处的值valueFrom:# 值引用自某个字段fieldRef:# 指定字段的路径 fieldPath: "metadata.name"- name: OLDBOYEDU_NODENAMEvalueFrom:fieldRef:fieldPath: "spec.nodeName"- name: OLDBOYEDU_HOSTIPvalueFrom:fieldRef:fieldPath: "status.hostIP"- name: OLDBOYEDU_PODIPvalueFrom:fieldRef:fieldPath: "status.podIP"[root@k8s231 pods]# kubectl explain po.spec.containers.env
KIND: Pod
VERSION: v1RESOURCE: env <[]Object>
........[root@k8s231.oldboyedu.com pods]# kubectl apply -f 08-games-env.yaml
pod/linux85-game-env created
[root@k8s231.oldboyedu.com pods]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux85-game-env 1/1 Running 0 5s 10.100.1.15 k8s232.oldboyedu.com <none> <none>
[root@k8s231.oldboyedu.com pods]# kubectl exec linux85-game-env -- env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=linux85-game-env
SCHOOL=oldboyedu
CLASS=linux85
OLDBOYEDU_POD_NAME=linux85-game-env
OLDBOYEDU_NODENAME=k8s232.oldboyedu.com
OLDBOYEDU_HOSTIP=10.0.0.232
OLDBOYEDU_PODIP=10.100.1.15
KUBERNETES_PORT=tcp://10.200.0.1:443
KUBERNETES_PORT_443_TCP=tcp://10.200.0.1:443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_ADDR=10.200.0.1
KUBERNETES_SERVICE_HOST=10.200.0.1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_HTTPS=443
HOME=/root
[root@k8s231.oldboyedu.com pods]#
1.3 Q3: 同一个Pod如何实现数据持久化?如何实现数据共享?跨节点的Pod如何实现数据共享呢?
1.3.1 数据持久化之emptyDir实战案例
[root@k8s231.oldboyedu.com pods]# cat 09-games-volumes-emptyDir.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-volume-emptydir-001
spec:# 定义存储卷volumes:# 指定存储卷的名称- name: data01# 指定存储卷类型为emptyDir类型# 当Pod被删除时,数据会被随时删除,其有以下两个作用:# - 对容器的数据进行持久化,当删除容器时数据不会丢失;# - 可以实现同一个Pod内不同容器之间数据共享;emptyDir: {} containers:- name: webimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpine# 指定挂载点volumeMounts:# 指定存储卷的名称- name: data01# 指定容器的挂载目录mountPath: /usr/share/nginx/html- name: linuximage: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:- name: data01mountPath: /oldboyedu-data[root@k8s231 pods]# kubectl exec -it linux85-volume-emptydir-001 -- sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
50x.html index.html
/usr/share/nginx/html # echo "<h1>v0.1</h1>" > index.html
/usr/share/nginx/html #
[root@k8s231 pods]# !curl
curl 10.100.2.13
<h1>v0.1</h1>[root@k8s231 ~]# kubectl exec -it linux85-volume-emptydir-001 -c web -- sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
/usr/share/nginx/html # echo "<h1>test</h1>" > index.html
/usr/share/nginx/html #
[root@k8s231 ~]# curl 10.100.1.6
<h1>test</h1>
[root@k8s231 ~]# kubectl exec -it linux85-volume-emptydir-001 -c linux -- sh
/ # ls
bin home mnt proc sbin tmp
dev lib oldboyedu-data root srv usr
etc media opt run sys var
/ # cd oldboyedu-data/
/oldboyedu-data # ll
sh: ll: not found
/oldboyedu-data # ls
index.html
/oldboyedu-data # cat index.html
<h1>test</h1>
/oldboyedu-data # echo 111111111> index.html
sh: 3: Bad file descriptor
/oldboyedu-data # echo 111111111 > index.html
/oldboyedu-data # cat index.html
111111111
/oldboyedu-data #
[root@k8s231 ~]# curl 10.100.1.6
1111111111.3.2 数据持久化之hostPath实战案例
[root@k8s231.oldboyedu.com pods]# cat 10-games-volumes-hostPath.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-volume-hostpath-001
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data01emptyDir: {} - name: data02# 指定类型为宿主机存储卷,该存储卷只要用于容器访问宿主机路径的需求。 hostPath:# 指定存储卷的路径path: /oldboyedu-datacontainers:- name: webimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinevolumeMounts:- name: data02mountPath: /usr/share/nginx/html---apiVersion: v1
kind: Pod
metadata:name: linux85-volume-hostpath-002
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: linux85-datahostPath:path: /oldboyedu-datacontainers:- name: linuximage: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:- name: linux85-datamountPath: /oldboyedu-data-linux85
[root@k8s231.oldboyedu.com pods]#
1.3.3 跨节点的Pod实现数据共享
1.3.3.1 部署nfs server
(1)所有节点安装nfs相关软件包
yum -y install nfs-utils(2)k8s231节点设置共享目录
mkdir -pv /oldboyedu/data/kubernetes
cat > /etc/exports <<'EOF'
/oldboyedu/data/kubernetes *(rw,no_root_squash)
EOF(3)配置nfs服务开机自启动
systemctl enable --now nfs(4)服务端检查NFS挂载信息
exportfs(5)客户端节点手动挂载测试
mount -t nfs k8s231.oldboyedu.com:/oldboyedu/data/kubernetes /mnt/
umount /mnt
1.3.3.2 数据持久化之nfs实战案例
[root@k8s231.oldboyedu.com pods]# cat 11-nginx-alpine-volumes-nfs.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-volume-nfs-web
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data# 指定存储卷类型是nfsnfs:# 指定nfs服务器的地址server: 10.0.0.231# 指定nfs对外暴露的挂载路径path: /oldboyedu/data/kubernetes/volume-nfscontainers:- name: webimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinevolumeMounts:- name: datamountPath: /usr/share/nginx/html---apiVersion: v1
kind: Pod
metadata:name: linux85-volume-nfs-linux
spec:nodeName: k8s233.oldboyedu.comvolumes:- name: datanfs:server: 10.0.0.231path: /oldboyedu/data/kubernetes/volume-nfscontainers:- name: linuximage: harbor.oldboyedu.com/linux/alpine:lateststdin: truevolumeMounts:- name: datamountPath: /oldboyedu-data-linux85
[root@k8s231 pods]# kubectl apply -f 11-nginx-alpine-volumes-nfs.yaml
pod/linux85-volume-nfs-web created
pod/linux85-volume-nfs-linux created
[root@k8s231 pods]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux85-volume-nfs-linux 1/1 Running 0 21s 10.100.2.15 k8s233.oldboyedu.com <none> <none>
linux85-volume-nfs-web 1/1 Running 0 21s 10.100.1.9 k8s232.oldboyedu.com <none> <none>
[root@k8s231 pods]# curl 10.100.1.9
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@k8s231 pods]# echo "<h1>www.oldboyedu.com</h1>" > /oldboyedu/data/kubernetes/volume-nfs/index.html
[root@k8s231 pods]# curl 10.100.1.9
<h1>www.oldboyedu.com</h1>
[root@k8s231 pods]#
2、容器的资源限制实战案例
[root@k8s231 pods]# kubectl explain po.spec.containers.resources
KIND: Pod
VERSION: v1RESOURCE: resources <Object>DESCRIPTION:Compute Resources required by this container. Cannot be updated. More info:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ResourceRequirements describes the compute resource requirements.FIELDS:limits <map[string]string>Limits describes the maximum amount of compute resources allowed. Moreinfo:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/requests <map[string]string>Requests describes the minimum amount of compute resources required. IfRequests is omitted for a container, it defaults to Limits if that isexplicitly specified, otherwise to an implementation-defined value. Moreinfo:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[root@k8s231.oldboyedu.com pods]# cat 12-stress.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-stress-003
spec:nodeName: k8s233.oldboyedu.comcontainers:- name: stressimage: jasonyin2020/oldboyedu-linux-tools:v0.1args:- "tail"- "-f"- "/etc/hosts"# 对容器进行资源限制resources:# 期望目标节点有的资源大小,若不满足,则无法调度,Pod处于Pedding状态。# 若满足调度需求,调度到节点后也不会立刻使用requests字段的定义的资源。requests:# 要求目标节点有10G的可用内存.# memory: 10Gmemory: 256M# 指定CPU的核心数,固定单位: 1core=1000mcpu: 500m# 配置资源的使用上限limits:memory: 500Mcpu: 1.5[root@k8s231.oldboyedu.com pods]#
[root@k8s231 pods]# kubectl apply -f 12-stress.yaml # 对容器进行压测
[root@k8s231 pods]# kubectl exec -it linux85-stress-001 -- sh
(1).CPU压力测试 ----> 产生4个cpu进程1分钟后停止运行(注意观察CPU的使用率,尽管我指定了4颗CPU,但应该不会超过200%)
/usr/local/stress # stress -c 4 --verbose --timeout 1m(2).Memory压力测试 ---> 产生5个work工作经常,并且每个工作经常占用200000000 Bytes(即200MB),且不释放内存,但不会超过1G的使用空间。
/usr/local/stress # stress -m 5 --vm-bytes 200000000 --vm-keep --verbose# 查看容器压测结果
[root@k8s233 ~]# docker stats d94975678c05
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
d94975678c05 k8s_stress_linux85-stress-001_default_81fbd533-9440-4c34-8f66-7d1357985182_0 0.00% 56KiB / 3.839GiB 0.00% 0B / 0B 156kB / 0B 1
3、configMap概述
configmap数据会存储在etcd数据库,其应用场景主要在于应用程序配置。
configMap支持的数据类型:
(1)键值对;
(2)多行数据;
Pod使用configmap资源有两种常见的方式:
(1)变量注入;
(2)数据卷挂载
推荐阅读:
https://kubernetes.io/docs/concepts/storage/volumes/#configmap
https://kubernetes.io/docs/concepts/configuration/configmap/
3.1 定义configMap(简称"cm")资源
[root@k8s231.oldboyedu.com configMap]# cat 01-config-demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: linux85-config
# 定义cm资源的数据
data:# 定义单行数据school: oldboyeduclass: linux85# 定义多行数据my.cfg: |datadir: "/var/lib/mysql"basedir: "/usr/share/mysql"socket: "/tmp/mysql.sock"student.info: |pengbing: "大长腿,熬夜,六味地黄丸"wumingkun: "彭斌,Linux"qinhongbin: "欧美,日韩,国产"liwenxuan: "拍小电影,小皮鞭"wanglei: "演小电影,大皮鞭"[root@k8s231.oldboyedu.com configMap]# kubectl apply -f 01-config-demo.yaml
configmap/linux85-config created
3.2 pod基于env环境变量引入cm资源
[root@k8s231.oldboyedu.com configMap]# cat 02-cm-env.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-game-cm-env
spec:nodeName: k8s232.oldboyedu.comcontainers:- name: gameimage: harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.7env:- name: OLDBOYEDU_LINUX85_SCHOOLvalueFrom:# 指定引用的configMap资源configMapKeyRef:# 指定configMap的名称name: linux85-config# 指定configMap的KEYkey: school- name: OLDBOYEDU_LINUX85_CLASSvalueFrom:configMapKeyRef:name: linux85-configkey: class- name: OLDBOYEDU_LINUX85_mycfgvalueFrom:configMapKeyRef:name: linux85-configkey: my.cfg- name: OLDBOYEDU_LINUX85_studentinfovalueFrom:configMapKeyRef:name: linux85-configkey: student.info
[root@k8s231.oldboyedu.com configMap]#
[root@k8s231.oldboyedu.com configMap]# kubectl apply -f 02-cm-env.yaml
[root@k8s231.oldboyedu.com configMap]#
[root@k8s231.oldboyedu.com configMap]# kubectl exec linux85-game-cm-env -- env
3.3 pod基于存储卷的方式引入cm资源
[root@k8s231.oldboyedu.com configMap]# cat 03-cm-volumes.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-volume-cm-008
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data# 指定存储卷的类型为configMapconfigMap:# 指定configMap的名称name: linux85-config# 引用configMap的keyitems:# 指定key的名称- key: student.info# 可以暂时理解为指定文件的名称path: oldboyedu-linux85-student.infocontainers:- name: webimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand: ["tail","-f","/etc/hosts"]volumeMounts:- name: datamountPath: /etc/nginx/nginx.conf# 当subPath的值和configMap.items.path相同时,mountPath的挂载点是一个文件而非目录!subPath: oldboyedu-linux85-student.info
[root@k8s231.oldboyedu.com configMap]#
[root@k8s231.oldboyedu.com configMap]# kubectl apply -f 03-cm-volumes.yaml
课堂练习:
请将"harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.1"的nginx的配置文件使用cm资源创建并挂载!
3.4 课堂练习及prots的端口映射案例
[root@k8s231.oldboyedu.com configMap]# cat 04-cm-ketanglianxi.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-games-ketanglianxi-002
spec:# hostNetwork: truenodeName: k8s232.oldboyedu.comvolumes:- name: dataconfigMap:name: oldboyedu-linux85-gamesitems:- key: nginx.confpath: nginx.confcontainers:- name: gameimage: harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.1volumeMounts:- name: datamountPath: /usr/local/nginx/conf/nginx.confsubPath: nginx.conf# 指定容器的端口映射相关字段ports:# 指定容器的端口号- containerPort: 80# 绑定主机的IP地址hostIP: "0.0.0.0"# 指定绑定的端口号hostPort: 88# 给该端口起一个别名,要求唯一name: game# 指定容器的协议protocol: TCP---apiVersion: v1
kind: ConfigMap
metadata:name: oldboyedu-linux85-games
data:nginx.conf: |worker_processes 1;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;root /usr/local/nginx/html/bird/;server_name game01.oldboyedu.com;}server {listen 80;root /usr/local/nginx/html/pinshu/;server_name game03.oldboyedu.com;}server {listen 80;root /usr/local/nginx/html/tanke/;server_name game05.oldboyedu.com;}server {listen 80;root /usr/local/nginx/html/pingtai/;server_name game02.oldboyedu.com;}server {listen 80;root /usr/local/nginx/html/chengbao/;server_name game04.oldboyedu.com;}}[root@k8s231 configMap]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
linux85-game-cm-env 1/1 Running 1 (14m ago) 3d 10.100.1.14 k8s232.oldboyedu.com <none> <none>
linux85-games-ketanglianxi-002 1/1 Running 0 11s 10.100.1.15 k8s232.oldboyedu.com <none> <none>
linux85-volume-cm-008 1/1 Running 1 (14m ago) 2d23h 10.100.1.13 k8s232.oldboyedu.com <none> <none>
[root@k8s232 ~]# iptables-save |grep 88
-A CNI-DN-d3271470de13d7612fb59 -s 10.100.1.0/24 -p tcp -m tcp --dport 88 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3271470de13d7612fb59 -s 127.0.0.1/32 -p tcp -m tcp --dport 88 -j CNI-HOSTPORT-SETMARK
-A CNI-DN-d3271470de13d7612fb59 -p tcp -m tcp --dport 88 -j DNAT --to-destination 10.100.1.15:80
-A CNI-HOSTPORT-DNAT -p tcp -m comment --comment "dnat name: \"cbr0\" id: \"13446eea55742ce95f7e3228c024946a01a5d3d54ccd4bc0a9fd91a2a824f01c\"" -m multiport --dports 88 -j CNI-DN-d3271470de13d7612fb59
4. secret资源的增删改查实战
[root@k8s231 ~]# echo elastic | base64
ZWxhc3RpYwo=
[root@k8s231 ~]# echo oldboyedu | base64
b2xkYm95ZWR1Cg==
[root@k8s231 ~]# echo oldboyedu | base64 |base64 -d
oldboyedu[root@k8s231.oldboyedu.com secret]# kubectl get secrets es-https
NAME TYPE DATA AGE
es-https Opaque 2 44s
[root@k8s231.oldboyedu.com secret]# kubectl apply -f 01-secret-demo.yaml
secret/es-https configured
[root@k8s231.oldboyedu.com secret]# kubectl get secrets es-https
NAME TYPE DATA AGE
es-https Opaque 3 49s
[root@k8s231.oldboyedu.com secret]# cat 01-secret-demo.yaml
apiVersion: v1
kind: Secret
metadata:name: es-https
data:username: ZWxhc3RpYwo=password: b2xkYm95ZWR1Cg==hostip: MTAuMC4wLjI1MAo=[root@k8s231 secret]# kubectl get secrets es-https -o yaml
apiVersion: v1
data:password: b2xkYm95ZWR1Cg==username: ZWxhc3RpYwo=
kind: Secret
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","data":{"password":"b2xkYm95ZWR1Cg==","username":"ZWxhc3RpYwo="},"kind":"Secret","metadata":{"annotations":{},"name":"es-https","namespace":"default"}}creationTimestamp: "2024-06-17T07:25:27Z"name: es-httpsnamespace: defaultresourceVersion: "127717"uid: 0c1619a6-2511-46d2-9f17-a709483ea16f
type: Opaque[root@k8s231.oldboyedu.com secret]# kubectl delete -f 01-secret-demo.yaml
secret "es-https" deleted
[root@k8s231.oldboyedu.com secret]# 与ConfigMap类似,区别在于secret存储敏感数据,所有的数据都需要经过base64进行编码。
使用secret主要存储的是凭据信息。参考链接:
https://kubernetes.io/zh/docs/concepts/configuration/secret/#secret-types
4.1 Pod基于env引用secret资源案例
[root@k8s231.oldboyedu.com secret]# cat 02-secret-env.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-game-secret-001
spec:nodeName: k8s232.oldboyedu.comcontainers:- name: gameimage: harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.7env:- name: OLDBOYEDU_LINUX85_USERNAMEvalueFrom:# 指定引用的secret资源secretKeyRef:# 指定secret的名称name: es-https# 指定secret的KEYkey: username- name: OLDBOYEDU_LINUX85_PASSWORDvalueFrom:secretKeyRef:name: es-httpskey: password- name: OLDBOYEDU_LINUX85_HOSTIPvalueFrom:secretKeyRef:name: es-httpskey: hostip[root@k8s231.oldboyedu.com secret]# kubectl apply -f 02-secret-env.yaml
pod/linux85-game-secret-001 created
[root@k8s231.oldboyedu.com secret]# kubectl get pods
NAME READY STATUS RESTARTS AGE
linux85-game-secret-001 1/1 Running 0 2s
[root@k8s231.oldboyedu.com secret]# kubectl exec linux85-game-secret-001 -- env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=linux85-game-secret-001
OLDBOYEDU_LINUX85_HOSTIP=10.0.0.250OLDBOYEDU_LINUX85_USERNAME=elasticOLDBOYEDU_LINUX85_PASSWORD=oldboyeduKUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT=tcp://10.200.0.1:443
KUBERNETES_PORT_443_TCP=tcp://10.200.0.1:443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_ADDR=10.200.0.1
KUBERNETES_SERVICE_HOST=10.200.0.1
HOME=/root
4.2 Pod基于存储卷引用secret资源案例
[root@k8s231.oldboyedu.com secret]# cat 03-secret-volumes.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-volume-secret-003
spec:nodeName: k8s232.oldboyedu.comvolumes:- name: data# 指定存储卷的类型为secretsecret:# 指定secret的名称secretName: es-httpsitems:- key: usernamepath: username.info- key: passwordpath: password.info- key: hostippath: hostip.infocontainers:- name: webimage: harbor.oldboyedu.com/web/nginx:1.20.1-alpinecommand: ["tail","-f","/etc/hosts"]volumeMounts:- name: data# mountPath: /oldboyedu-datamountPath: /etc/nginx/nginx.confsubPath: username.info- name: datamountPath: /etc/nginx/password.confsubPath: password.info- name: datamountPath: /etc/nginx/hostip.confsubPath: hostip.info
[root@k8s231.oldboyedu.com secret]#
[root@k8s231.oldboyedu.com secret]# kubectl apply -f 03-secret-volumes.yaml
pod/linux85-volume-secret-003 configured
[root@k8s231 secret]# kubectl exec -it linux85-volume-secret-003 -- sh
/ # ls
bin home proc sys
dev lib root tmp
docker-entrypoint.d media run usr
docker-entrypoint.sh mnt sbin var
etc opt srv
/ # cd /etc/nginx/
/etc/nginx # ll
sh: ll: not found
/etc/nginx # ls
conf.d fastcgi_params mime.types nginx.conf scgi_params
fastcgi.conf hostip.conf modules password.conf uwsgi_params
/etc/nginx # cat nginx.conf
elastic
/etc/nginx # cat password.conf
oldboyedu
/etc/nginx # cat hostip.conf
10.0.0.250
/etc/nginx #
harbor用户信息:
username: linux85
password: Linux85@2023
基于命令行的方式创建harbor认证信息:
kubectl create secret docker-registry linux85 --docker-username=linux85 --docker-password=Linux85@2023 --docker-email=linux85@oldboyedu.com --docker-server=harbor.oldboyedu.com
[root@k8s231 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-2m5sn kubernetes.io/service-account-token 3 5d6h
es-https Opaque 3 47m
linux85 kubernetes.io/dockerconfigjson 1 16s
获取habor认证信息的资源清单
kubectl get secrets linux85 -o yaml
[root@k8s231 ~]# kubectl get secrets linux85 -o yaml
apiVersion: v1
data:.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODUiLCJwYXNzd29yZCI6IkxpbnV4ODVAMjAyMyIsImVtYWlsIjoibGludXg4NUBvbGRib3llZHUuY29tIiwiYXV0aCI6ImJHbHVkWGc0TlRwTWFXNTFlRGcxUURJd01qTT0ifX19
kind: Secret
metadata:creationTimestamp: "2024-06-17T08:18:32Z"name: linux85namespace: defaultresourceVersion: "132322"uid: e685a3df-2439-4ffc-85af-5def618d46bd
type: kubernetes.io/dockerconfigjson
[root@k8s231 secret]# kubectl get secrets linux85 -o yaml >> 04-imagePullSecret.yaml
4.3 编写资源清单拉取私有项目镜像案例:(温馨提示,不要直接复制,小心你的环境跟我不一样哟~)
[root@k8s231.oldboyedu.com secret]# cat 04-imagePullSecret.yaml
apiVersion: v1
kind: Pod
metadata:name: linux85-imagepullsecret-002
spec:nodeName: k8s232.oldboyedu.com# 指定拉取镜像的secret验证信息imagePullSecrets:- name: linux85containers:- name: linuximage: harbor.oldboyedu.com/linux85/jasonyin2020/oldboyedu-linux-tools:v0.1stdin: true---apiVersion: v1
data:.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iub2xkYm95ZWR1LmNvbSI6eyJ1c2VybmFtZSI6ImxpbnV4ODUiLCJwYXNzd29yZCI6IkxpbnV4ODVAMjAyMyIsImVtYWlsIjoibGludXg4NUBvbGRib3llZHUuY29tIiwiYXV0aCI6ImJHbHVkWGc0TlRwTWFXNTFlRGcxUURJd01qTT0ifX19
kind: Secret
metadata:name: linux85
type: kubernetes.io/dockerconfigjson
周末作业:
(1)完成课堂的所有练习并完善思维导图;
(2)将"harbor.oldboyedu.com/oldboyedu-games/jasonyin2020/oldboyedu-games:v0.1"镜像拆分成5个游戏镜像,要求如下:
- 创建habor私有仓库:
仓库名称: homework
用户名: linux85-homework
密码: Linux85@2023 - 镜像名称:
harbor.oldboyedu.com/homework/oldboyedu-games:bird
harbor.oldboyedu.com/homework/oldboyedu-games:pinshu
harbor.oldboyedu.com/homework/oldboyedu-games:tanke
harbor.oldboyedu.com/homework/oldboyedu-games:pingtai
harbor.oldboyedu.com/homework/oldboyedu-games:chengbao - 将镜像批量推送到harbor仓库,如果可以的话请使用docker-compose实现批量编译并批量推送。
- 将上述5个镜像使用同一个文件实现5个Pod的部署,要求对每个容器的内存资源限制为200M,CPU为0.5核心。
作业提示: 本案例会使用到Pod,secret,configMap等资源。
扩展作业:
(1)各组用以下方式部署K8S集群;
kind:
一组。
minikube:
二组。
KubeSphere:
三组。
rancher:
四组。
kuboard:
五组。
kubeasz:
六组。
(2)将上面的基础作业使用各组自己搭建的K8S环境在实现一次。
(3)使用kubeadm部署K8S 1.27版本。在将上面的基础作业使用各组自己搭建的K8S环境在实现一次。
)
--标准库查询存在算法)
: C语言哪些数据类型适合位运算操作?)
c++调用minist训练的onnx模型)
SPI总线详解及RC522-NFC刷卡模块实战含源码)
)
