本文适合新手刚接触kubernetes,讲解部署(Deployment) yaml的字段。
部署(Deployment)是k8s中常用的资源之一,部署是无状态的,为一般性项目应用的主体,我们可以像声明docker-compose.yaml文件一样去定义容器的属性。
k8s资源管理的方式
k8s有两种方式来管理对象:
- 命令式,即通过Kubectl指令直接操作对象。
- 声明式,通过定义资源yaml来操作对象。
两者背后最终都是通过请求k8s-apiserver实现交互。
相比命令式,声明式更具有完整性、灵活性、可维护性和扩展性。
YAML 基础
YAML是一个JSON的超集,意味着任何有效JSON文件也都是一个有效的YAML文件。
k8s上只需要掌握YAML的两种结构类型:
- Lists
- Maps
List 用 -(破折号) 来定义每一项;Map 则是一个 key:value 的键值对来表示。
k8s上的yaml语法规则
大小写敏感
使用缩进表示层级关系
缩进时不允许使用Tal键,只允许使用空格
缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
"#"表示注释,从这个字符一直到行尾,都会被解析器忽略
"---"" 为可选的分隔符
Deployment yaml常见字段解析
apiVersion: v1 #必填,版本号,例如v1
kind: Depolyment #必填
metadata: #必填,元数据
name: string #必填,Pod名称
namespace: string #必填,Pod所属的命名空间
labels: #自定义标签
- name: string #自定义标签名字<key: value>
annotations: #自定义注释列表
- name: string
spec: #必填,部署的详细定义
selector:
matchLabels:
name: string #必填,通过此标签匹配对应pod<key: value>
replicas: number #必填,副本数量
template: #必填,应用容器模版定义
metadata:
labels:
name: string #必填,遇上面matchLabels的标签相同
spec:
containers: #必填,定义容器列表
- name: string #必填,容器名称
image: string #必填,容器的镜像名称
imagePullPolicy: [Always | Never | IfNotPresent] #获取镜像的策略 Alawys表示下载镜像 IfnotPresent表示优先使用本地镜像,否则下载镜像,Nerver表示仅使用本地镜像
command: [string] #容器的启动命令列表,如不指定,使用打包时使用的启动命令
args: [string] #容器的启动命令参数列表
workingDir: string #选填,容器的工作目录
env: #容器运行前需设置的环境变量列表
- name: string #环境变量名称
value: string #环境变量的值
ports: #需要暴露的端口库号列表
- name: string #选填,端口号名称
containerPort: int #容器需要监听的端口号
hostPort: int #选填,容器所在主机需要监听的端口号,默认与Container相同
protocol: string #选填,端口协议,支持TCP和UDP,默认TCP
resources: #资源限制和请求的设置
limits: #资源限制的设置
cpu: string #Cpu的限制,单位为core数,将用于docker run --cpu-shares参数
memory: string #内存限制,单位可以为Mib/Gib,将用于docker run --memory参数
requests: #资源请求的设置
cpu: string #Cpu请求,容器启动的初始可用数量
memory: string #内存清楚,容器启动的初始可用数量
volumeMounts: #挂载到容器内部的存储卷配置
- name: string #引用pod定义的共享存储卷的名称,需用volumes[]部分定义的的卷名
mountPath: string #存储卷在容器内mount的绝对路径,应少于512字符
readOnly: boolean #是否为只读模式
livenessProbe: #对Pod内个容器健康检查的设置,当探测无响应几次后将自动重启该容器,检查方法有exec、httpGet和tcpSocket,对一个容器只需设置其中一种方法即可
exec: #对Pod容器内检查方式设置为exec方式
command: [string] #exec方式需要制定的命令或脚本
httpGet: #对Pod内个容器健康检查方法设置为HttpGet,需要制定Path、port
path: string
port: number
host: string
scheme: string
HttpHeaders:
- name: string
value: string
tcpSocket: #对Pod内个容器健康检查方式设置为tcpSocket方式
port: number
initialDelaySeconds: 0 #容器启动完成后首次探测的时间,单位为秒
timeoutSeconds: 0 #对容器健康检查探测等待响应的超时时间,单位秒,默认1秒
periodSeconds: 0 #对容器监控检查的定期探测时间设置,单位秒,默认10秒一次
successThreshold: 0
failureThreshold: 0
securityContext:
privileged:false
#Pod的重启策略,Always表示一旦不管以何种方式终止运行,kubelet都将重启,OnFailure表示只有Pod以非0退出码退出才重启,Nerver表示不再重启该Pod
restartPolicy: [Always | Never | OnFailure]
nodeSelector: obeject #设置NodeSelector表示将该Pod调度到包含这个label的node上,以key:value的格式指定
imagePullSecrets: #Pull镜像时使用的secret名称,以key:secretkey格式指定
- name: string
hostNetwork:false #是否使用主机网络模式,默认为false,如果设置为true,表示使用宿主机网络
volumes: #在该pod上定义共享存储卷列表
- name: string #共享存储卷名称 (volumes类型有很多种)
emptyDir: {} #类型为emtyDir的存储卷,与Pod同生命周期的一个临时目录。为空值
hostPath: string #类型为hostPath的存储卷,表示挂载Pod所在宿主机的目录
path: string #Pod所在宿主机的目录,将被用于同期中mount的目录
- name: string #共享存储卷名称
secret: #类型为secret的存储卷,挂载集群与定义的secre对象到容器内部
scretname: string
items:
- key: string #选择secrets定义的某个key
path: string #文件内容路径
- name: string #共享存储卷名称
configMap: #类型为configMap的存储卷,挂载预定义的configMap对象到容器内部
name: string
items:
- key: string #选择configmap定义的某个key
path: string #文件内容路径
- name: string #共享存储卷名称
persistentVolumeClaim:
claimName: string #类型为PVC的持久化存储卷
更多描述
/**
* Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
*/
"activeDeadlineSeconds"?: number;
/**
* If specified, the pod's scheduling constraints
*/
"affinity"?: IIoK8sApiCoreV1Affinity;
/**
* AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
*/
"automountServiceAccountToken"?: boolean;
/**
* List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
*/
"containers": Array<IIoK8sApiCoreV1Container>;
/**
* Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
*/
"dnsConfig"?: IIoK8sApiCoreV1PodDNSConfig;
/**
* Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
*/
"dnsPolicy"?: string;
/**
* EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
*/
"enableServiceLinks"?: boolean;
/**
* List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.
*/
"ephemeralContainers"?: Array<IIoK8sApiCoreV1EphemeralContainer>;
/**
* HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
*/
"hostAliases"?: Array<IIoK8sApiCoreV1HostAlias>;
/**
* Use the host's ipc namespace. Optional: Default to false.
*/
"hostIPC"?: boolean;
/**
* Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
*/
"hostNetwork"?: boolean;
/**
* Use the host's pid namespace. Optional: Default to false.
*/
"hostPID"?: boolean;
/**
* Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
*/
"hostname"?: string;
/**
* ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
*/
"imagePullSecrets"?: Array<IIoK8sApiCoreV1LocalObjectReference>;
/**
* List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
*/
"initContainers"?: Array<IIoK8sApiCoreV1Container>;
/**
* NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
*/
"nodeName"?: string;
/**
* NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
*/
"nodeSelector"?: {
[key: string]: string;
};
/**
* Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.
*/
"overhead"?: {
[key: string]: IIoK8sApimachineryPkgApiResourceQuantity;
};
/**
* PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.
*/
"preemptionPolicy"?: string;
/**
* The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
*/
"priority"?: number;
/**
* If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
*/
"priorityClassName"?: string;
/**
* If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True"
*/
"readinessGates"?: Array<IIoK8sApiCoreV1PodReadinessGate>;
/**
* Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
*/
"restartPolicy"?: string;
/**
* RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler.
*/
"runtimeClassName"?: string;
/**
* If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
*/
"schedulerName"?: string;
/**
* SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.
*/
"securityContext"?: IIoK8sApiCoreV1PodSecurityContext;
/**
* DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
*/
"serviceAccount"?: string;
/**
* ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
*/
"serviceAccountName"?: string;
/**
* Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
*/
"shareProcessNamespace"?: boolean;
/**
* If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
*/
"subdomain"?: string;
/**
* Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
*/
"terminationGracePeriodSeconds"?: number;
/**
* If specified, the pod's tolerations.
*/
"tolerations"?: Array<IIoK8sApiCoreV1Toleration>;
/**
* TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is only honored by clusters that enable the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.
*/
"topologySpreadConstraints"?: Array<IIoK8sApiCoreV1TopologySpreadConstraint>;
/**
* List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
*/
"volumes"?: Array<IIoK8sApiCoreV1Volume>;