发布一个k8s部署视频:https://edu.csdn.net/course/detail/26967
课程内容:各种k8s部署方式。包括minikube部署,kubeadm部署,kubeasz部署,rancher部署,k3s部署。包括开发测试环境部署k8s,和生产环境部署k8s。
腾讯课堂连接地址https://ke.qq.com/course/478827?taid=4373109931462251&tuin=ba64518
第二个视频发布 https://edu.csdn.net/course/detail/27109
腾讯课堂连接地址https://ke.qq.com/course/484107?tuin=ba64518
介绍主要的k8s资源的使用配置和命令。包括configmap,pod,service,replicaset,namespace,deployment,daemonset,ingress,pv,pvc,sc,role,rolebinding,clusterrole,clusterrolebinding,secret,serviceaccount,statefulset,job,cronjob,podDisruptionbudget,podSecurityPolicy,networkPolicy,resourceQuota,limitrange,endpoint,event,conponentstatus,node,apiservice,controllerRevision等。
第三个视频发布:https://edu.csdn.net/course/detail/27574
详细介绍helm命令,学习helm chart语法,编写helm chart。深入分析各项目源码,学习编写helm插件
第四个课程发布:https://edu.csdn.net/course/detail/28488
本课程将详细介绍k8s所有命令,以及命令的go源码分析,学习知其然,知其所以然
————————————————
manifest文件:
[root@master01 manifest]# cat ./*
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mysql-clusterrole-binding
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
roleRef:
kind: ClusterRole
name: mysql-clusterrole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: mysql-sa
namespace: mysql
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mysql-clusterrole
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
apiVersion: v1
data:
my.cnf: |
[mysqld]
skip-name-resolve
port=3306
innodb_file_per_table = 1
kind: ConfigMap
metadata:
name: mysql-configmap
labels:
app: "mysql"
component: "mysql"
chart: "mysql"
release: "mysql"
heritage: "helm"
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
progressDeadlineSeconds: 600
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: mysql
release: mysql
replicas: 1
template:
metadata:
labels:
app: mysql
release: mysql
spec:
tolerations:
- key: "example-key"
operator: "Exists"
effect: "NoSchedule"
serviceAccountName: mysql-sa
terminationGracePeriodSeconds: 60
containers:
- name: mysql
image: mysql:5.6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "mysql"
readinessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
livenessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
requests:
cpu: 0.2
memory: 100Mi
limits:
cpu: 0.5
memory: 500Mi
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/mysql
name: data
- name: configurations
mountPath: /etc/mysql/conf.d/
subPath: mysql.cnf
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql-nfs-pvc
- name: configurations
configMap:
name: mysql-configmap
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: mysql-hpa
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mysql
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 50
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: mysql-pdb
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
minAvailable: 1
selector:
matchLabels:
app: mysql
release: mysql
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: mysql-psp
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-nfs-pvc
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
storageClassName: mysql-sc
accessModes:
- ReadWriteMany
resources:
requests:
storage: 500Mi
apiVersion: v1
kind: ServiceAccount
metadata:
name: mysql-sa
labels:
app: mysql
chart: mysql-0.1
release: mysql
heritage: helm
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: mysql-sc
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
provisioner: fuseim.pri/ifs
reclaimPolicy: Retain
apiVersion: v1
kind: Service
metadata:
name: mysql-svc
labels:
app: "mysql"
component: "mysql"
chart: "mysql-0.1"
release: "mysql"
heritage: "Helm"
spec:
selector:
app: mysql
release: mysql
type: NodePort
ports:
- name: tcp
port: 3306
targetPort: 3306
template文件:
[root@master01 templates]# cat ./*
{{- if .Values.rbac.create}}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{include "mysql.fullname" .}}-binding
labels:{{include "mysql.labels" .|nindent 4}}
roleRef:
kind: ClusterRole
name: {{include "mysql.fullname" .}}-clusterrole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{include "mysql.fullname" .}}-sa
namespace: {{.Release.Namespace}}
{{- end}}
{{- if .Values.rbac.create}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{include "mysql.fullname" .}}-clusterrole
labels:{{include "mysql.labels" .|nindent 4}}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
{{- end}}
apiVersion: v1
data:
my.cnf: |
[mysqld]
skip-name-resolve
port=3306
innodb_file_per_table = 1
kind: ConfigMap
metadata:
name: {{include "mysql.fullname" .}}-configmap
labels:{{include "mysql.labels" .|nindent 4}}
apiVersion: {{include "deployment.apiVersion" .}}
kind: Deployment
metadata:
name: {{include "mysql.fullname" .}}
labels:{{include "mysql.labels" .|nindent 4}}
spec:
progressDeadlineSeconds: {{.Values.deployment.progressDeadlineSeconds}}
{{- if .Values.deployment.strategy}}
strategy:{{toYaml .Values.deployment.strategy|nindent 4}}
{{- end}}
revisionHistoryLimit: {{.Values.deployment.revisionHistoryLimit}}
selector:
matchLabels: {{include "mysql.selectorLabels" .|nindent 6}}
replicas: {{.Values.deployment.replicaCount}}
template:
metadata:
labels: {{include "mysql.labels" .|nindent 8}}
spec:
{{- if .Values.deployment.tolerations}}
tolerations:{{toYaml .Values.deployment.tolerations|nindent 8}}
{{- end}}
serviceAccountName: {{include "mysql.serviceAccountName" .}}
terminationGracePeriodSeconds: {{.Values.deployment.terminationGracePeriodSeconds}}
containers:
- name: mysql
image: {{.Values.deployment.image.repository}}:{{.Values.deployment.image.tag}}
imagePullPolicy: {{.Values.deployment.image.pullPolicy}}
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: {{.Values.deployment.mysql_root_password|quote}}
{{- if .Values.deployment.readinessProbe}}
readinessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: {{.Values.deployment.readinessProbe.initialDelaySeconds}}
periodSeconds: {{.Values.deployment.readinessProbe.periodSeconds}}
timeoutSeconds: {{.Values.deployment.readinessProbe.timeoutSeconds}}
successThreshold: {{.Values.deployment.readinessProbe.successThreshold}}
failureThreshold: {{.Values.deployment.readinessProbe.failureThreshold}}
{{- end}}
{{- if .Values.deployment.livenessProbe}}
livenessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: {{.Values.deployment.livenessProbe.initialDelaySeconds}}
periodSeconds: {{.Values.deployment.livenessProbe.periodSeconds}}
timeoutSeconds: {{.Values.deployment.livenessProbe.timeoutSeconds}}
successThreshold: {{.Values.deployment.livenessProbe.successThreshold}}
failureThreshold: {{.Values.deployment.livenessProbe.failureThreshold}}
{{- end}}
{{- if .Values.deployment.resources}}
resources:{{toYaml .Values.deployment.resources|nindent 10}}
{{- end}}
{{- if .Values.deployment.securityContext}}
securityContext:{{toYaml .Values.deployment.securityContext|nindent 10}}
{{- end}}
volumeMounts:
- mountPath: /var/lib/mysql
name: data
- name: configurations
mountPath: /etc/mysql/conf.d/
subPath: mysql.cnf
volumes:
- name: data
persistentVolumeClaim:
claimName: {{include "mysql.fullname" .}}-pvc
- name: configurations
configMap:
name: {{include "mysql.fullname" .}}-configmap
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "mysql.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mysql.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mysql.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "mysql.labels" -}}
helm.sh/chart: {{ include "mysql.chart" . }}
{{ include "mysql.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "mysql.selectorLabels" -}}
app.kubernetes.io/name: {{ include "mysql.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "mysql.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "mysql.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{- if .Values.hpa.create}}
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: {{include "mysql.fullname" .}}-hpa
labels:{{include "mysql.labels" .|nindent 4}}
spec:
scaleTargetRef:
apiVersion: {{include "deployment.apiVersion" .}}
kind: Deployment
name: {{include "mysql.fullname" .}}
minReplicas: {{.Values.hpa.minReplicas}}
maxReplicas: {{.Values.hpa.maxReplicas}}
targetCPUUtilizationPercentage: {{.Values.hpa.targetCPUUtilizationPercentage}}
{{- end}}
1. Get the application URL by running these commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mysql.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mysql.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mysql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mysql.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}
{{- if and .Values.pdb.create (or (gt (.Values.deployment.replicaCount|int) 1) .Values.hpa.create )}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{include "mysql.fullname" .}}-pdb
labels: {{include "mysql.labels" .|nindent 4}}
spec:
minAvailable: {{.Values.pdb.minAvailable}}
selector:
matchLabels:{{include "mysql.selectorLabels" .|nindent 6}}
{{- end}}
{{- if .Values.psp.create}}
apiVersion: {{include "podSecurityPolicy.apiVersion" .}}
kind: PodSecurityPolicy
metadata:
name: {{include "mysql.fullname" .}}-psp
labels: {{include "mysql.labels" .|nindent 4}}
spec:
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
{{- end}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{include "mysql.fullname" .}}-pvc
labels: {{include "mysql.labels" .|nindent 4}}
spec:
storageClassName: {{include "mysql.fullname" .}}-sc
accessModes:{{toYaml .Values.pvc.accessModes|nindent 2}}
resources:
requests:
storage: {{.Values.pvc.storage}}
{{- if .Values.serviceAccount.create}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{include "mysql.fullname" .}}-sa
labels: {{include "mysql.labels" .|nindent 4}}
{{- end}}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{include "mysql.fullname" .}}-sc
labels: {{include "mysql.labels" .|nindent 4}}
provisioner: {{.Values.sc.provisioner}}
reclaimPolicy: {{.Values.sc.reclaimPolicy}}
apiVersion: v1
kind: Service
metadata:
name: {{include "mysql.fullname" .}}-svc
labels: {{include "mysql.labels" .|nindent 4}}
spec:
selector:{{include "mysql.selectorLabels" .|nindent 4}}
{{- if eq .Values.service.type "NodePort"}}
type: NodePort
ports:
- name: tcp
port: 3306
targetPort: 3306
{{- if .Values.service.nodePort}}
nodePort: {{.Values.service.nodePort}}
{{- end}}
{{- else if eq .Values.service.type "ClusterIP"}}
ports:
- name: tcp
port: 3306
targetPort: 3306
{{- end}}