【转】kubernetes 中 deployment 支持哪些键值
apiVersion: extensions/v1beta1 kind: Deploymentmetadata:
name: nginx-deployment2
namespace: hmm-test
labels:
app: nginx2
zone: us-est-coast
cluster: test-cluster1
rack: rack-22
# label的扩展, 通常label是给selector用的,具有识别的目的。有时候我们也需要添加一些非识别目的的数据(用来API检索等用)。
# annotations的数据没有label严格(长度、是都结构化等等),可以添加入:环境信息(build/release/image等)、code 信息(commit/repo)、user等等
annotations:
# 自定义字段
build: two
builder: john-doe
# init container 也是放到了annotations中
pod.beta.kubernetes.io/init-containers: '[
{
"name": "install",
"image": "busybox",
"command": ["wget", "-O", "/work-dir/index.html", "http://kubernetes.io"],
"volumeMounts": [
{
"name": "workdir",
"mountPath": "/work-dir"
}
]
},
{
"name": "init-myservice",
"image": "busybox",
"command": ["sh", "-c", "until nslookup myservice; do echo waiting for myservice; sleep 2; done;"]
},
{
"name": "init-mydb",
"image": "busybox",
"command": ["sh", "-c", "until nslookup mydb; do echo waiting for mydb; sleep 2; done;"]
}
]'
spec:
hostPID: true
hostIPC: true
hostNetwork: true
replicas: 1
selector:
matchLabels:
app: nginx2
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: nginx2
spec:
imagePullSecrets:
- name: regsecret
# 调度到满足disktype=ssd的label的一组node上
nodeSelector:
disktype: ssd
# 通过nodeName创建到1台node上
nodeName: "node01.test.k8s.qihoo.net"
# 还支持亲和性/反亲和性 与nodeSelector结合的还有一个亲和性和反亲和性的新特性(https://kubernetes.io/docs/user-guide/node-selection/),目前处于alpha阶段(支持类似正则表达式的联合判断)
containers:
- image: r.addops.cn/public/nginx:1.6.3
imagePullPolicy: IfNotPresent
name: nginx21
#The command and arguments that you define in the configuration file override the default command and arguments provided by the container image. If you define args, but do not define a command, the default command is used with your new arguments.
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
# 资源分配
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "1"
workingDir: /data/nginx
# 容器内部权限控制
# https://kubernetes.io/docs/concepts/policy/container-capabilities/
securityContext:
privileged: true
capabilities:
add:
- SYS_NICE
drop:
- KILL
# 这个主要是用来调试程序用的(在开发测试环境的DP中可使用,线上就别用了)
terminationMessagePath: /dev/termination-log
ports:
containerPort: 80
containerPort: 443
volumeMounts:
# POD中的每个container可以设置自己的内部挂载点
# 每个挂载点通过下面volumes中的name来指定把哪个volume挂载到哪里
- name: redis-storage
mountPath: /data/redis
readOnly: true
- name: hostpath-storage
mountPath: /data/test
env:
- name: DEMO_GREETING
value: "Hello from the environment"
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
官方给了探活容器内服务的方案, 目前支持命令方式和HTTP方式
命令行方式
venessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5 # container 启动5s后开始执行检测
periodSeconds: 5 # 每隔 5s种执行一次
timeoutSeconds: 1 # 超时时间,默认1s
successThreshold: 1 # 几次成功才认为是成功,默认是1
failureThreshold: 3 # 几次失败认为失败(有点报警合并的感觉)默认是3
HTTP 方式
venessProbe:
httpGet:
path: /healthz
host: hostname/ip # 默认是POD/container的IP,通常你无须设置该值。有一种场景会用到,Suppose the Container listens on 127.0.0.1 and the Pod’s hostNetwork field is true. Then host, under httpGet, should be set to 127.0.0.1. If your pod> port: 8080
httpHeaders:
- name: X-Custom-Header
value: Awesome
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 3
# container 的 HOOK 支持,可以在启停容器前做一些处理
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
preStop:
exec:
command: ["/usr/sbin/nginx","-s","quit"]
volumes:
- name: redis-storage
# emptDir生命周期与POD相同;创建在docker damon存储backend上,也支持使用RAM(emptyDir.medium设置为Memory即可)
# emptyDir一般使用在下面这3中场景中:
# 1. 适用与数据的临时存储,例如归并排序程序(用到磁盘来暂时存放和处理数据)
# 2. 从crashs恢复时需要的临时存储
# 3. 一个容器获取数据,POD内其它容器消费数据(共享数据)
emptyDir: {}
- name: hostpath-storage
hostPath:
# directory location on host
path: /data
# 对于 rbd 而言,如果设置成只读的话可以给多个使用者共享,对于RW模式而言的话,不暴增数据一致性
- name: rbd-storage
monitors:
192.168.78:6789
192.168.82:6789
192.168.83:6789
pool: kube,
image: foo,
user: admin,
keyring: /etc/ceph/keyring,
fsType: ext4,
readOnly: true
# 持久卷(要先创建persistentVolumeClaim资源)
- name: task-pv-storage
persistentVolumeClaim:
claimName: task-pv-claim
# 另外volume还提供了 secret volume的支持,用于对一些比较敏感的数据加密处理
# 例如:username+password啥的,需要先创建kind为secret的资源对象
# 在上面挂载点地方添加对应的挂载path就可以在容器内读写这些信息了
- name: secret-volume
secret:
secretName: test-secret
页:
[1]