kubernetes yaml编写指南和利用 kubectl explain解析Pod 定义

近期文章:Kubernetes 1.25 集群保姆级安装教程,使用 Containerd和Calico网络插件

在编写 YAML 文件时,常用的技巧和最佳实践

  1. 缩进和对齐:使用正确的缩进和对齐格式,以提高文件的可读性。建议使用两个空格或四个空格作为缩进,注意不要按tab键。以确保在相同层级的键值对或列表项目之间保持一致的对齐。
  2. 使用注释:在 YAML 文件中使用注释可以提供额外的说明和文档,使其他人更容易理解和阅读你的配置。使用 # 符号来添加单行注释,或使用 | 或 > 标记来添加多行注释。
  3. 大小写敏感

下面以pod入门yaml编写技巧为例,慢慢过度到namespace,deployment,statefulset等编写

通过kubectl explain查看定义资源包含哪些字段

只看常用字段

查看pod字段定义

[root@pengfei-master1 pod]#  kubectl explain pod
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.
		#Pod是可以在主机上运行的容器的集合。此资源是由客户端创建并调度到主机上
FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
		#APIVersion定义了对象,代表了一个版本,VERSION已经给出了具体版本,可以直接使用
   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
		#Kind是字符串类型的值,代表了要创建的资源。服务器可以从客户端提交的请求推断出这个资源
   metadata	<Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
		#metadata是对象,定义元数据属性信息的
   spec	<Object>
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
		#spec定义Pod的规格,里面包含容器的信息
   status	<Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
     #status表示状态,这个不可以修改,定义pod的时候也不需要定义这个字段
字段注释:

apiVersion定义了对象,代表了一个版本,VERSION已经给出了具体版本,可以直接使用

kind是字符串类型的值,代表了要创建的资源。服务器可以从客户端提交的请求推断出这个资源

metadata是对象,定义元数据属性信息的

spec定义Pod的规格,里面包含容器的信息

status表示状态,这个不可以修改,定义pod的时候也不需要定义这个字段

查看pod.metadata字段定义

[root@pengfei-master1 pod]# kubectl explain pod.metadata
KIND:     Pod
VERSION:  v1

RESOURCE: metadata <Object>
# metadata是对象<Object>,下面可以有多个字段

DESCRIPTION:
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

     ObjectMeta is metadata that all persisted resources must have, which
     includes all objects users must create.

FIELDS:
   annotations	<map[string]string>
     Annotations is an unstructured key value map stored with a resource that
     may be set by external tools to store and retrieve arbitrary metadata. They
     are not queryable and should be preserved when modifying objects. More
     info: http://kubernetes.io/docs/user-guide/annotations
		#annotations是注解,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型的
		......
   labels	<map[string]string> #创建的资源具有的标签
     Map of string keys and values that can be used to organize and categorize
     (scope and select) objects. May match selectors of replication controllers
     and services. More info: http://kubernetes.io/docs/user-guide/labels
		#labels是标签,labels是map类型,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型的
		......
   name	<string> #创建的资源的名字
     Name must be unique within a namespace. Is required when creating
     resources, although some resources may allow a client to request the
     generation of an appropriate name automatically. Name is primarily intended
     for creation idempotence and configuration definition. Cannot be updated.
     More info: http://kubernetes.io/docs/user-guide/identifiers#names
		......
   namespace	<string> #创建的资源所属的名称空间,namespaces划分了一个空间,在同一个namesace下的资源名字是唯一的,默认的名称空间是default
     Namespace defines the space within which each name must be unique. An empty
     namespace is equivalent to the "default" namespace, but "default" is the
     canonical representation. Not all objects are required to be scoped to a
     namespace - the value of this field for those objects will be empty.
     Must be a DNS_LABEL. Cannot be updated. More info:
     http://kubernetes.io/docs/user-guide/namespaces

字段注释:

annotations是注解,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型

labels创建的资源具有的标签,labels是map类型,map类型表示对应的值是key-value键值对,<string,string>表示 key和value都是String类型的

name创建的资源的名字

namespace创建的资源所属的名称空间,namespaces划分了一个空间,在同一个namesace下的资源名字是唯一的,默认的名称空间是default

pod.spec字段定义

[root@pengfei-master1 pod]# kubectl explain pod.spec
KIND:     Pod
VERSION:  v1
RESOURCE: spec <Object>
DESCRIPTION:
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
     PodSpec is a description of a pod.#Pod的spec字段是用来描述Pod的

FIELDS:
	 affinity	<Object>#定义亲和性的
   automountServiceAccountToken	<boolean>
   containers	<[]Object> -required-#是对象列表,用来定义容器的,是必须字段。表示下面有很多对象,对象列表下面的内容用 - 连接。

字段注释:

affinity定义pod亲和性的

containers是对象列表,用来定义容器的,是必须字段。表示下面有很多对象,对象列表下面的内容用 – 连接。

pod.spec.containers字段定义

[root@pengfei-master1 pod]# kubectl explain pod.spec.containers
KIND:     Pod
VERSION:  v1

RESOURCE: containers <[]Object>

DESCRIPTION:
     List of containers belonging to the pod. Containers cannot currently be
     added or removed. There must be at least one container in a Pod. Cannot be
     updated.

     A single application container that you want to run within a pod.
		#container是定义在pod里面的,一个pod至少要有一个容器
FIELDS:
   ......

   env	<[]Object>
     List of environment variables to set in the container. Cannot be updated.

   image	<string> #image是用来指定容器需要的镜像的
     Container image name. More info:
     https://kubernetes.io/docs/concepts/containers/images This field is
     optional to allow higher level config management to default or override
     container images in workload controllers like Deployments and StatefulSets.

   imagePullPolicy	<string>
     Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always
     if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.
     More info:
     https://kubernetes.io/docs/concepts/containers/images#updating-images
		#镜像拉取策略,pod是要调度到node节点的,那pod启动需要镜像,可以根据这个字段设置镜像拉取策略,支持如下三种:
		#Always:不管本地是否存在镜像,都要重新拉取镜像
		#Never: 从不拉取镜像
		#IfNotPresent:如果本地存在,使用本地的镜像,本地不存在,从官方拉取镜像
     Possible enum values:
     - `"Always"` means that kubelet always attempts to pull the latest image.
     Container will fail If the pull fails.
     - `"IfNotPresent"` means that kubelet pulls if the image isn't present on
     disk. Container will fail if the image isn't present and the pull fails. 
     - `"Never"` means that kubelet never pulls an image, but only uses a local
     image. Container will fail if the image isn't present 

   ......
   name	<string> -required- #name是必须字段,用来指定容器名字的
     Name of the container specified as a DNS_LABEL. Each container in a pod
     must have a unique name (DNS_LABEL). Cannot be updated.

   ports	<[]Object> #port是端口,属于对象列表
     List of ports to expose from the container. Not specifying a port here DOES
     NOT prevent that port from being exposed. Any port which is listening on
     the default "0.0.0.0" address inside a container will be accessible from
     the network. Modifying this array with strategic merge patch may corrupt
     the data. For more information See
     https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.

字段注释:

container是定义在pod里面的,一个pod至少要有一个容器

image是用来指定容器需要的镜像的

imagePullPolicy镜像拉取策略,pod是要调度到node节点的,那pod启动需要镜像,可以根据这个字段设置镜像拉取策略,支持三种:Always:不管本地是否存在镜像,都要重新拉取镜像 ;Never: 从不拉取镜像 IfNotPresent:如果本地存在,使用本地的镜像,本地不存在,从官方拉取镜像

pod.spec.container.ports字段定义

KIND:     Pod
VERSION:  v1

RESOURCE: ports <[]Object> #对象列表下面的内容用 - 连接

DESCRIPTION:
     List of ports to expose from the container. Not specifying a port here DOES
     NOT prevent that port from being exposed. Any port which is listening on
     the default "0.0.0.0" address inside a container will be accessible from
     the network. Modifying this array with strategic merge patch may corrupt
     the data. For more information See
     https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.

     ContainerPort represents a network port in a single container.

FIELDS:
   containerPort	<integer> -required-  #containerPort是必须字段, pod中的容器需要暴露的端口
     Number of port to expose on the pod's IP address. This must be a valid port
     number, 0 < x < 65536.

   hostIP	<string>#将容器中的服务暴露到宿主机的端口上时,可以指定绑定的宿主机 IP。
     What host IP to bind the external port to.

   hostPort	<integer> #容器中的服务在宿主机上映射的端口
     Number of port to expose on the host. If specified, this must be a valid
     port number, 0 < x < 65536. If HostNetwork is specified, this must match
     ContainerPort. Most containers do not need this.

   name	<string> #端口的名字
     If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
     named port in a pod must have a unique name. Name for the port that can be
     referred to by services.

   protocol	<string> #端口协议,默认TCP
     Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
     Possible enum values:
     - `"SCTP"` is the SCTP protocol.
     - `"TCP"` is the TCP protocol.
     - `"UDP"` is the UDP protocol.

字段注释:

ports对象列表下面的内容用 – 连接

containerPort是必须字段, pod中的容器需要暴露的端口

hostIP将容器中的服务暴露到宿主机的端口上时,可以指定绑定的宿主机 IP。

hostPort容器中的服务在宿主机上映射的端口

name#端口的名字

protocol端口协议,默认TCP

案例1:

创建一个nginx pod

打开两个终端,一个编写yaml文件,另一个使用kubectl explain查看帮助,注意缩进和对其,我这里空2个格

apiVersion: v1
kind: Pod
metadata:
  labels:
    app: nginx
  name: nginx-test
spec:
  containers:
  - name: nginx #注意-后面空了1个
    image: nginx #没有指定nginx版本,将拉取最新版
    imagePullPolicy: IfNotPresent #自动拉取策略
    ports:
    - containerPort: 80  #字段容器端口,注意-后面空了1个

创建pod

[root@pengfei-master1 pod]# kubectl apply -f pod_frist.yaml 
pod/nginx-test created 

查看创建的pod

[root@pengfei-master1 pod]# kubectl get pod
NAME                               READY   STATUS    RESTARTS      AGE
nginx-test                         1/1     Running   0             43s
获取指定 Pod 的详细信息
[root@pengfei-master1 pod]# kubectl describe pod nginx-test
Name:             nginx-test
Namespace:        default #默认名称空间
Priority:         0
Service Account:  default
Node:             pengfei-node2/192.168.5.134 #pod被调度到了node2节点
Start Time:       Thu, 06 Jul 2023 10:57:22 +0800
Labels:           app=nginx #pod具有的标签
Annotations:      cni.projectcalico.org/containerID: 3588b4476bb5ce118f9e6346b5672a1952cd912419ba8b67f1313e4b3b54fd45
                  cni.projectcalico.org/podIP: 10.244.225.123/32
                  cni.projectcalico.org/podIPs: 10.244.225.123/32
Status:           Running #pod的状态
IP:               10.244.225.123 #calico网络插件分配的pod ip 
IPs:
  IP:  10.244.225.123
Containers: #容器信息
  nginx:
    Container ID:   containerd://75f6deabbedfd2bcf54e5d014b88754b15ac1698fecf02b8a9fdb0d8312eae9c
    Image:          nginx
    Image ID:       docker.io/library/nginx@sha256:b8f2383a95879e1ae064940d9a200f67a6c79e710ed82ac42263397367e7cc4e
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 06 Jul 2023 10:57:32 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rtb86 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kube-api-access-rtb86:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  3m16s  default-scheduler  Successfully assigned default/nginx-test to pengfei-node2#调度成功
  Normal  Pulled     3m6s   kubelet            Container image "nginx" already present on machine#镜像本地存在
  Normal  Created    3m6s   kubelet            Created container nginx #容器创建成功
  Normal  Started    3m5s   kubelet            Started container nginx#容器启动成功

查看pod日志

[root@pengfei-master1 pod]# kubectl logs -f nginx-test 

更新pod

修改镜像image: nginx:1.14.2

[root@pengfei-master1 pod]# kubectl apply -f pod_frist.yaml 
[root@pengfei-master1 pod]# kubectl describe pod nginx-test

删除pod

[root@pengfei-master1 pod]# kubectl delete -f pod_frist.yaml

其他资源

[root@pengfei-master1 pod]# kubectl explain deployment
[root@pengfei-master1 pod]# kubectl explain namespace
#查看方式同pod

explain官方文档https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain

Comments

No comments yet. Why don’t you start the discussion?

发表评论