Bootstrap

【kubernetes】污点配置、cm、secret练习

1、给node01配置污点,污点策略为不可调度,尝试将deployment管理的pod调度到node01

kubectl taint nodes 192.168.99.131 key=value:NoSchedule
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myjob01
  namespace: default
  labels:
    app: myjob01
spec:
  selector:
    matchLabels:
      app: myjob01
  replicas: 1
  template:
    metadata:
      labels:
        app: myjob01
    spec:
      containers:
      - name: myjob01
        image: httpd
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 100Mi
    affinity:
        nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
            - key: kubernetes.io/hostname
                operator: In
                values:
                - 192.168.99.131

      restartPolicy: Always

请添加图片描述

2、调度一个自主式pod到node02上,给node02配置污点策略为不可调度并驱逐

kubectl run my-pod2 --image=nginx --overrides='{"spec":{"nodeName":"192.168.99.132"}}'
kubectl taint nodes 192.168.99.132 key=value:NoExecute

请添加图片描述

3、调度一个deployment构建的pod到node02上,给node02配置污点策略为不可调度并驱逐

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mytest3
  namespace: default
  labels:
    app: mytest3
spec:
  selector:
    matchLabels:
      app: mytest3
  replicas: 1
  template:
    metadata:
      labels:
        app: mytest3
    spec:
      # initContainers:
      # Init containers are exactly like regular containers, except:
      # - Init containers always run to completion.
      # - Each init container must complete successfully before the next one starts.
      containers:
      - name: mytest3
        image: tomcat:8
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 100Mi
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/hostname
                operator: In
                values:
                - 192.168.99.132
      restartPolicy: Always

在这里插入图片描述

4、使用configMap存储一个nginx的conf文件,创建pod引用该configMap中的conf文件


# Define HTTP server block.
server {
    # Define the port that Nginx will listen on.
    listen 81;
    # Define the server name (e.g., domain name).
    server_name localhost;

    # Define the root directory for this server block.
    root /usr/share/nginx/html;
    # Define the default index file.
    index index.html index.htm;
    location / {
        # Serve static files.
        try_files $uri $uri/ =404;
    }
}
kubectl create configmap cm1 --from-file=nginx.conf
apiVersion: v1
kind: Pod
metadata:
  name: mypod-cm-web
  labels:
    run: myapp-cm-web
spec:
  volumes:
  - name: web-cm
    configMap:
      name: cm1
  containers:
  - name: myapp-cm-web
    image: nginx
    ports:
    - containerPort: 80
    volumeMounts:
    - name: web-cm
      mountPath: /etc/nginx/conf.d/

在这里插入图片描述

5、创建一个configMap,以volumes的方式挂载configMap,热更新configMap中的值,测试效果

kubectl create configmap cm2 --from-file=index.html

# https://kubernetes.io/docs/concepts/workloads/pods/
apiVersion: v1
kind: Pod
metadata:
  name: "nginxcm"
  namespace: default
  labels:
    app: "nginxcm"
spec:
  containers:
  - name: nginxcm
    image: "nginx:latest"
    resources:
      limits:
        cpu: 200m
        memory: 500Mi
      requests:
        cpu: 100m
        memory: 200Mi
    ports:
    - containerPort: 80
    volumeMounts:
    - name: nginxindex
      mountPath: /usr/share/nginx/html
  volumes:
  - name: nginxindex
    configMap:
      name: cm2
  restartPolicy: Always

在这里插入图片描述

kubectl edit configmap cm2 

在这里插入图片描述
在这里插入图片描述

6、创建一个docker-registry类型的secret,在下载镜像时使用该secret

 docker login --username=shiinanamida registry.cn-hangzhou.aliyuncs.com    
 docker tag nginx:1.14 registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14      
 docker push registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14       
kubectl create secret docker-registry myregistrykey \
    --docker-server=registry.cn-hangzhou.aliyuncs.com \
    --docker-username=shiinanamida \
    --docker-password=*******\
    --docker-email=158*****[email protected]
apiVersion: v1
kind: Pod
metadata:
  name: mypod6
spec:
  containers:
  - name: mycontainer
    image: registry.cn-hangzhou.aliyuncs.com/shiina_space/shiina:nginx1.14
  imagePullSecrets:
  - name: myregistrykey

在这里插入图片描述

;