【kubernetes】污点配置、cm、secret练习
1、给node01配置污点,污点策略为不可调度,尝试将deployment管理的pod调度到node01
kubectl taint nodes 192.168.99.131 key=value:NoSchedule
apiVersion: apps/v1
kind: Deployment
metadata:
name: myjob01
namespace: default
labels:
app: myjob01
spec:
selector:
matchLabels:
app: myjob01
replicas: 1
template:
metadata:
labels:
app: myjob01
spec:
containers:
- name: myjob01
image: httpd
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- 192.168.99.131
restartPolicy: Always
2、调度一个自主式pod到node02上,给node02配置污点策略为不可调度并驱逐
kubectl run my-pod2 --image=nginx --overrides='{"spec":{"nodeName":"192.168.99.132"}}'
kubectl taint nodes 192.168.99.132 key=value:NoExecute
3、调度一个deployment构建的pod到node02上,给node02配置污点策略为不可调度并驱逐
apiVersion: apps/v1
kind: Deployment
metadata:
name: mytest3
namespace: default
labels:
app: mytest3
spec:
selector:
matchLabels:
app: mytest3
replicas: 1
template:
metadata:
labels:
app: mytest3
spec:
# initContainers:
# Init containers are exactly like regular containers, except:
# - Init containers always run to completion.
# - Each init container must complete successfully before the next one starts.
containers:
- name: mytest3
image: tomcat:8
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- 192.168.99.132
restartPolicy: Always
4、使用configMap存储一个nginx的conf文件,创建pod引用该configMap中的conf文件
# Define HTTP server block.
server {
# Define the port that Nginx will listen on.
listen 81;
# Define the server name (e.g., domain name).
server_name localhost;
# Define the root directory for this server block.
root /usr/share/nginx/html;
# Define the default index file.
index index.html index.htm;
location / {
# Serve static files.
try_files $uri $uri/ =404;
}
}
kubectl create configmap cm1 --from-file=nginx.conf
apiVersion: v1
kind: Pod
metadata:
name: mypod-cm-web
labels:
run: myapp-cm-web
spec:
volumes:
- name: web-cm
configMap:
name: cm1
containers:
- name: myapp-cm-web
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: web-cm
mountPath: /etc/nginx/conf.d/
5、创建一个configMap,以volumes的方式挂载configMap,热更新configMap中的值,测试效果
kubectl create configmap cm2 --from-file=index.html
# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
name: "nginxcm"
namespace: default
labels:
app: "nginxcm"
spec:
containers:
- name: nginxcm
image: "nginx:latest"
resources:
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: 80
volumeMounts:
- name: nginxindex
mountPath: /usr/share/nginx/html
volumes:
- name: nginxindex
configMap:
name: cm2
restartPolicy: Always
kubectl edit configmap cm2
6、创建一个docker-registry类型的secret,在下载镜像时使用该secret
docker login --username=shiinanamida registry.cn-hangzhou.aliyuncs.com
docker tag nginx:1.14 registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14
docker push registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14
kubectl create secret docker-registry myregistrykey \
--docker-server=registry.cn-hangzhou.aliyuncs.com \
--docker-username=shiinanamida \
--docker-password=*******\
--docker-email=158*****788@163.com
apiVersion: v1
kind: Pod
metadata:
name: mypod6
spec:
containers:
- name: mycontainer
image: registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14
imagePullSecrets:
- name: myregistrykey