k8s4部署

news2025/6/9 8:57:09

configMap

configmap概述:
  数据会存储在etcd数据库,其应用场景主要在应用程序的配置
configmap支持的类型
   (1)键值对
   (2)多行数据
pod使用configmap资源有两种常见的方式
   (1)变量注入
   (2)数据卷挂载
推荐阅读
https://kubernetes.io/docs/concepts/storage/volumes/#configmap	
https://kubernetes.io/docs/concepts/configuration/configmap/


声明式创建cm资源
[root@master231 configmaps]# cat 01-cm-demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
# 指定cm资源的数据
data:
  # 类属性键;每一个键都映射到一个简单的值,对应的键值对。
  player_initial_lives: "3"
  ui_properties_file_name: "user-interface.properties"
  school: oldboyedu
  class: linux94

  # 类文件键,对应的是多行数据,注意缩进格式
  game.properties: |      # |表示换行,一行写不下
    enemy.types=aliens,monsters
    player.maximum-lives=5    
  user-interface.properties: |
    color.good=purple
    color.bad=yellow
    allow.textmode=true  
  my.cnf: |
    [mysqld]
    datadir=/var/lib/mysql
    basedir=/usr/local/mysql
    socket=/tpm/mysql.sock
    skip-name-resolve=1
    port=3306
    [client]
    username=admin
    password=oldboyedu 

创建
root@ubuntu0:~/manifests/configmap# kubectl apply -f 01-cm-demo.yaml 
configmap/game-demo created

查看
root@ubuntu0:~/manifests/configmap# kubectl get cm 
NAME               DATA   AGE
game-demo          7      29s
kube-root-ca.crt   1      23d
root@ubuntu0:~/manifests/configmap# kubectl get cm game-demo 
NAME        DATA   AGE
game-demo   7      33s   #7代表有七个键值对


删除
root@ubuntu0:~/manifests/configmap# kubectl delete -f 01-cm-demo.yaml 
configmap "game-demo" deleted


响应式创建
root@ubuntu0:~/manifests/configmap# kubectl create configmap xp --from-literal=school=oldboyedu --from-literal=class=linux94 
configmap/xp created
root@ubuntu0:~/manifests/configmap# kubectl get cm 
NAME               DATA   AGE
kube-root-ca.crt   1      23d
xp                 2      6s
root@ubuntu0:~/manifests/configmap# kubectl get cm xp
NAME   DATA   AGE
xp     2      8s

root@ubuntu0:~/manifests/configmap# kubectl describe cm xp 
Name:         xp
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
class:
----
linux94
school:
----
oldboyedu

BinaryData
====

Events:  <none>


 基于配置文件创建cm
 [root@master231 configmaps]# ll /root/kube-flannel.yml 
-rw-r--r-- 1 root root 4406 Nov 15 17:40 /root/kube-flannel.yml
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl create configmap oldboyedu-cni --from-file=cni.yml=/root/kube-flannel.yml
configmap/oldboyedu-cni created

		3.3 查看cm资源 
[root@master231 configmaps]# kubectl get cm oldboyedu-cni 
NAME            DATA   AGE
oldboyedu-cni   1      8s
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl describe cm oldboyedu-cni 
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl get cm oldboyedu-cni -o yaml
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl get cm oldboyedu-cni -o json

		3.3 删除cm资源 
[root@master231 configmaps]# kubectl get cm
NAME                DATA   AGE
kube-root-ca.crt    1      4d16h
oldboyedu-cni       1      2m27s
oldboyedu-linux94   2      4m38s
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl delete cm oldboyedu-cni 
configmap "oldboyedu-cni" deleted
[root@master231 configmaps]# 
[root@master231 configmaps]# kubectl get cm
NAME                DATA   AGE
kube-root-ca.crt    1      4d16h
oldboyedu-linux94   2      5m9s
[root@master231 configmaps]# 

root@ubuntu0:~/manifests/configmap# kubectl get cm xp -o yaml
apiVersion: v1
data:
  class: linux94
  school: oldboyedu
kind: ConfigMap
metadata:
  creationTimestamp: "2025-05-02T10:49:39Z"
  name: xp
  namespace: default
  resourceVersion: "670826"
  uid: b129e625-7733-4b80-9d9f-55227b473f51

那如何在声明式中引用这个key:vlaue呢
root@ubuntu0:~/manifests/configmap# cat 01-cm-demo.yaml  
apiVersion: v1
kind: ReplicationController 
metadata:
  name: xp-configmap
spec:
  replicas: 1
  selector:
    apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      nodeName: ubuntu1
      containers:
      - name: xiuxian-v1
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        env:
        - name: SCHOOL
          # 指定值从哪里来,一点定义了valueFrom字段,则不能定义value字段。
          # 换句话说,定义了valueFrom字段,则value字段必须为空,省略不写!
          valueFrom:
            # 表示数据从一个cm资源引用
            configMapKeyRef:
            # 指定cm的名称
               name: "xp"
            # 指定引用cm的KEY
               key: "school"
        - name: CLass
          valueFrom:
            configMapKeyRef:
              name: "xp"
              key: "class"
root@ubuntu0:~/manifests/configmap# kubectl apply -f 01-cm-demo.yaml 
replicationcontroller/xp-configmap created
root@ubuntu0:~/manifests/configmap# kubectl exec -it xp-configmap-vvtch -- env|grep -Ei 'school|class'
SCHOOL=oldboyedu
CLass=linux94

Pod基于存储卷引用cm资源

root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml 
apiVersion: v1
kind: ReplicationController 
metadata:
  name: xpxp
spec:
  replicas: 1
  selector: 
    apps: xpxp-v1
  template:
    metadata:
      labels:
        apps: xpxp-v1
    spec:
      nodeName: ubuntu1
      volumes:
      - name: data
       # 指定存储卷类型是cm资源
        configMap:
         # 指定cm的名称
          name: "xp"
         # 定义需要引用具体的KEY,若不定义,则默认引用所有的KEY
          items:
          # 表示引用指定的KEY
          - key: school 
          # 可以暂时理解为将来的文件名称
            path: school.txt
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        volumeMounts:
        - name: data
          mountPath: /oldboyedu

root@ubuntu0:~/manifests/configmap# kubectl apply -f 02-rc-configmaps-volumes.yaml 
replicationcontroller/xpxp created
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
xpxp-25pwf   1/1     Running   0          25m   10.100.2.19   ubuntu1   <none>           <none>
root@ubuntu0:~/manifests/configmap# kubectl exec xpxp-25pwf -- ls /oldboyedu
school.txt
root@ubuntu0:~/manifests/configmap# kubectl exec xpxp-25pwf -- more /oldboyedu/school.txt
oldboyeduroot@ubuntu0:~/manifests/configmap# "registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1"镜像的80端口修改为81端口,要求在不重新打镜像的情况下,使用cm存储卷的方式挂载。

1.找到nginx的配置文件
root@ubuntu0:~/manifests/configmap# kubectl exec -it xp-configmap-pgc6z -- sh
/ # vi /etc/nginx/nginx.conf 
/ # ls /etc/nginx/conf.d/default.conf 
/etc/nginx/conf.d/default.conf
/ # vi /etc/nginx/conf.d/default.conf 
server {                   
    listen       80;       
    listen  [::]:80;                                  
    server_name  localhost;                                                               
    location / {                     
        root   /usr/share/nginx/html;
        index  index.html index.htm;        
    }                                              
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {           
        root   /usr/share/nginx/html;                          
    }  
  }  
2.编写资源清单
 root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-cm
data:
  port.conf: |
    server {                   
        listen       81;       
        listen  [::]:81;                                  
        server_name  localhost;                                                               
        location / {                     
            root   /usr/share/nginx/html;
            index  index.html index.htm;        
        }                                              
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {           
            root   /usr/share/nginx/html;                          
        }  
      }  
---
apiVersion: v1
kind: ReplicationController 
metadata:
  name: xiuxian-cm
spec:
  replicas: 1
  selector: 
    apps: xpxp-v1
  template:
    metadata:
      labels:
        apps: xpxp-v1
    spec:
      nodeName: ubuntu1
      volumes:
      - name: data
       # 指定存储卷类型是cm资源
        configMap:
         # 指定cm的名称
          name: "game-cm"
         # 定义需要引用具体的KEY,若不定义,则默认引用所有的KEY
          items:
          # 表示引用指定的KEY
          - key: port.conf
          # 可以暂时理解为将来的文件名称
            path: default.conf
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        volumeMounts:
        - name: data
          mountPath: /etc/nginx/conf.d/
---
apiVersion: v1
kind: Service
metadata:
  name: svc-mysql
spec:
  type: NodePort
  selector:
     apps: xpxp-v1
  ports:
  - port: 80
    targetPort: 81
    nodePort: 30081
root@ubuntu0:~/manifests/configmap# kubectl apply -f 02-rc-configmaps-volumes.yaml 
configmap/game-cm created
replicationcontroller/xiuxian-cm created
service/svc-mysql created
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME               READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
xiuxian-cm-b52m2   1/1     Running   0          7s    10.100.2.21   ubuntu1   <none>           <none>
root@ubuntu0:~/manifests/configmap# kubectl describe svc 
kubernetes  svc-mysql   
root@ubuntu0:~/manifests/configmap# kubectl describe svc svc-mysql 
Name:                     svc-mysql
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 apps=xpxp-v1
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       192.168.116.228
IPs:                      192.168.116.228
Port:                     <unset>  80/TCP
TargetPort:               81/TCP
NodePort:                 <unset>  30081/TCP
Endpoints:                10.100.2.21:81
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
root@ubuntu0:~/manifests/configmap# curl 10.100.2.21:81
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <title>yinzhengjie apps v1</title>
    <style>
       div img {
          width: 900px;
          height: 600px;
          margin: 0;
       }
    </style>
  </head>

  <body>
    <h1 style="color: green">凡人修仙传 v1 </h1>
    <div>
      <img src="1.jpg">
    <div>
  </body>

</html>

在进入容器内,已经发生改变了
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME               READY   STATUS    RESTARTS   AGE     IP            NODE      NOMINATED NODE   READINESS GATES
xiuxian-cm-b52m2   1/1     Running   0          2m38s   10.100.2.21   ubuntu1   <none>           <none>
root@ubuntu0:~/manifests/configmap# kubectl exec -it xiuxian-cm-b52m2 -- sh
/ # cat /etc/nginx/conf.d/default.conf 
server {                   
    listen       81;       
    listen  [::]:81;                                  
    server_name  localhost;                                                               
    location / {                     
        root   /usr/share/nginx/html;
        index  index.html index.htm;        
    }                                              
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {           
        root   /usr/share/nginx/html;                          
    }  
  }  

kubectl logs查看Pod日志

	1.实时查看日志
[root@master231 ~]# kubectl get pods -o wide
NAME                         READY   STATUS    RESTARTS   AGE     IP            NODE        NOMINATED NODE   READINESS GATES
oldboyedu-xiuxian-cm-844zl   1/1     Running   0          4m47s   10.100.1.55   worker232   <none>           <none>
[root@master231 ~]# 
[root@master231 ~]# kubectl logs -f oldboyedu-xiuxian-cm-844zl 
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/11/20 03:10:00 [notice] 1#1: using the "epoll" event method
2024/11/20 03:10:00 [notice] 1#1: nginx/1.20.1
2024/11/20 03:10:00 [notice] 1#1: built by gcc 10.2.1 20201203 (Alpine 10.2.1_pre1) 
2024/11/20 03:10:00 [notice] 1#1: OS: Linux 5.15.0-119-generic
2024/11/20 03:10:00 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 524288:524288
2024/11/20 03:10:00 [notice] 1#1: start worker processes
2024/11/20 03:10:00 [notice] 1#1: start worker process 23
2024/11/20 03:10:00 [notice] 1#1: start worker process 24
10.100.0.0 - - [20/Nov/2024:03:10:08 +0000] "GET / HTTP/1.1" 200 357 "-" "curl/7.81.0" "-"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET / HTTP/1.1" 200 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET /1.jpg HTTP/1.1" 200 233472 "http://10.0.0.231:30080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"
2024/11/20 03:10:13 [error] 24#24: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.231:30080", referrer: "http://10.0.0.231:30080/"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://10.0.0.231:30080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"


	2.查看最近5min的日志
[root@master231 ~]# kubectl logs -f --since=5m oldboyedu-xiuxian-cm-844zl 
2024/11/20 03:16:22 [error] 24#24: *4 open() "/usr/share/nginx/html/oldboyedu.html" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /oldboyedu.html HTTP/1.1", host: "10.100.1.55:81"
10.100.0.0 - - [20/Nov/2024:03:16:22 +0000] "GET /oldboyedu.html HTTP/1.1" 404 153 "-" "curl/7.81.0" "-"


	3.查看指定容器的日志(一般情况下是一个Pod有多个容器时才会使用)
[root@master231 ~]# kubectl logs -c c1 -f --since=5m oldboyedu-xiuxian-cm-844zl 
2024/11/20 03:16:22 [error] 24#24: *4 open() "/usr/share/nginx/html/oldboyedu.html" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /oldboyedu.html HTTP/1.1", host: "10.100.1.55:81"
10.100.0.0 - - [20/Nov/2024:03:16:22 +0000] "GET /oldboyedu.html HTTP/1.1" 404 153 "-" "curl/7.81.0" "-"

cm资源存储nginx主配置文件值subPath案例

root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-cm
data:
  main.conf: |
    user  nginx;
    worker_processes  auto;
    error_log  /var/log/nginx/error.log notice;
    pid        /var/run/nginx.pid;
    
    events {
        worker_connections  1024;
    }
    
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
    
        log_format oldboyedu_nginx_json '{"@timestamp":"$time_iso8601",'
                                  '"host":"$server_addr",'
                                  '"clientip":"$remote_addr",'
                                  '"SendBytes":$body_bytes_sent,'
                                  '"responsetime":$request_time,'
                                  '"upstreamtime":"$upstream_response_time",'
                                  '"upstreamhost":"$upstream_addr",'
                                  '"http_host":"$host",'
                                  '"uri":"$uri",'
                                  '"domain":"$host",'
                                  '"xff":"$http_x_forwarded_for",'
                                  '"referer":"$http_referer",'
                                  '"tcp_xff":"$proxy_protocol_addr",'
                                  '"http_user_agent":"$http_user_agent",'
                                  '"status":"$status"}';
    
        access_log  /var/log/nginx/access.log  oldboyedu_nginx_json;
    
        sendfile        on;
        keepalive_timeout  65;
        include /etc/nginx/conf.d/*.conf;
    }
  port.conf: |
    server {                   
        listen       81;       
        listen  [::]:81;                                  
        server_name  localhost;                                                               
        location / {                     
            root   /usr/share/nginx/html;
            index  index.html index.htm;        
        }                                              
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {           
            root   /usr/share/nginx/html;                          
        }  
      }  
---
apiVersion: v1
kind: ReplicationController 
metadata:
  name: xiuxian-cm
spec:
  replicas: 1
  selector: 
    apps: xpxp-v1
  template:
    metadata:
      labels:
        apps: xpxp-v1
    spec:
      nodeName: ubuntu1
      volumes:
      - name: data
       # 指定存储卷类型是cm资源
        configMap:
         # 指定cm的名称
          name: "game-cm"
         # 定义需要引用具体的KEY,若不定义,则默认引用所有的KEY
          items:
          # 表示引用指定的KEY
          - key: port.conf
          # 可以暂时理解为将来的文件名称
            path: default.conf
      - name: data1
        configMap:
          name: "game-cm"
          items:
          - key: main.conf
            path: nginx.conf 
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        volumeMounts:
        - name: data
          mountPath: /etc/nginx/conf.d/
        - name: data1
          mountPath: /etc/nginx/nginx.conf
        # 当subPath的值和cm的items的path值相同时,则mountPath表示的是文件而不是目录
          subPath: nginx.conf
---
apiVersion: v1
kind: Service
metadata:
  name: svc-mysql
spec:
  type: NodePort
  selector:
     apps: xpxp-v1
  ports:
  - port: 80
    targetPort: 81
    nodePort: 30081

root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME               READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
xiuxian-cm-8q45n   1/1     Running   0          7s    10.100.2.22   ubuntu1   <none>           <none>
root@ubuntu0:~/manifests/configmap# curl 10.100.2.22:81
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8"/>
    <title>yinzhengjie apps v1</title>
    <style>
       div img {
          width: 900px;
          height: 600px;
          margin: 0;
       }
    </style>
  </head>

  <body>
    <h1 style="color: green">凡人修仙传 v1 </h1>
    <div>
      <img src="1.jpg">
    <div>
  </body>

</html>


k8s部署mysql主从

root@ubuntu0:~/manifests/ReplicationController# cat 05-nfs-mysql.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
# 指定cm资源的数据
data:
  master.cnf: |
    [mysqld]
    # 二进制日志
    log-bin=mysqllog-bin
    server_id=111
    skip-host-cache
    skip-name-resolve
    datadir=/var/lib/mysql
    socket=/var/run/mysqld/mysqld.sock
    secure-file-priv=/var/lib/mysql-files
    user=mysql
    pid-file=/var/run/mysqld/mysqld.pid
    
    [client]
    socket=/var/run/mysqld/mysqld.sock 
    !includedir /etc/mysql/conf.d/
  slave.cnf: |
    [mysqld]
    log-bin=mysqllog-bin
    server_id=222
    skip-host-cache
    skip-name-resolve
    datadir=/var/lib/mysql
    socket=/var/run/mysqld/mysqld.sock
    secure-file-priv=/var/lib/mysql-files
    user=mysql
    pid-file=/var/run/mysqld/mysqld.pid
    
    [client]
    socket=/var/run/mysqld/mysqld.sock 
    !includedir /etc/mysql/conf.d/
---
apiVersion: v1
kind: ReplicationController 
metadata:
  name: mysql-master
spec:
  replicas: 1
  selector:
    apps: v1 
  template:
    spec:
      nodeName: ubuntu1
      volumes:
      - name: data
        nfs:
          server: ubuntu0
          path: /oldboyedu/data/nfs-server/master-lib 
      - name: data1
        configMap:
          name: "game-demo"
          items:
          - key: master.cnf
            path: my.cnf 
      containers:
      - name: mysql-v1
        image: mysql:5.7.29
        ports:
        - containerPort: 3306
          name: mysqlport
        env:
        - name: MYSQL_ALLOW_EMPTY_PASSWORD
          value: "yes"
        - name: MYSQL_USER
          value: linux94
        - name: MYSQL_PASSWORD
          value: 'oldboyedu'
        volumeMounts:
        - name: data
          mountPath: /var/lib/mysql
        - name: data1
          mountPath: /etc/my.cnf
          subPath: my.cnf
        args:
        - --character-set-server=utf8
        - --collation-server=utf8_bin
        - --default-authentication-plugin=mysql_native_password
    metadata:
      labels:
        apps: v1  
---
apiVersion: v1
kind: Service
metadata:
  name: svc-mysql
spec:
  selector:
     apps: v1
  ports:
  - port: 3306 
    name: mysqlport
---

apiVersion: v1
kind: ReplicationController 
metadata:
  name: mysql-slave
spec:
  replicas: 1
  selector:
    apps: v2
  template:
    spec:
      nodeName: ubuntu1
      volumes:
      - name: data
        nfs:
          server: ubuntu0
          path: /oldboyedu/data/nfs-server/slave-lib 
      - name: data1
        configMap:
          name: "game-demo"
          items:
          - key: slave.cnf
            path: my.cnf 
      containers:
      - name: mysql-v2
        image: mysql:5.7.29
        env:
        - name: MYSQL_ALLOW_EMPTY_PASSWORD
          value: "yes"
        - name: MYSQL_MASTER_HOST
          value: 'svc-mysql'
        ports:
        - containerPort: 3306
        volumeMounts:
        - name: data
          mountPath: /var/lib/mysql
        - name: data1
          mountPath: /etc/my.cnf
          subPath: my.cnf
    metadata:
      labels:
        apps: v2  
---
apiVersion: v1
kind: Service
metadata:
  name: svc-slave
spec:
  selector:
     apps: v2
  ports:
  - port: 3306

进入主数据库查看
root@ubuntu0:~/manifests/ReplicationController# kubectl exec -it mysql-master-4zxp6 -- mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.29-log MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

授权用户访问
mysql> GRANT Replication slave ON *.* TO linux94;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW MASTER STATUS\G
*************************** 1. row ***************************
             File: mysqllog-bin.000004
         Position: 353
     Binlog_Do_DB: 
 Binlog_Ignore_DB: 
Executed_Gtid_Set: 
1 row in set (0.00 sec)

mysql> SHOW GRANTS FOR linux94;
+-------------------------------------------------+
| Grants for linux94@%                            |
+-------------------------------------------------+
| GRANT REPLICATION SLAVE ON *.* TO 'linux94'@'%' |
+-------------------------------------------------+



从库配置
mysql> CHANGE MASTER TO MASTER_HOST='svc-mysql',MASTER_USER='linux94',MASTER_PASSWORD='oldboyedu',MASTER_PORT=3306,MASTER_LOG_FILE='mysqllog-bin.000004',MASTER_LOG_POS=353,MASTER_CONNECT_RETRY=3;
Query OK, 0 rows affected, 2 warnings (0.04 sec)

mysql> STOP SLAVE;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> START SLAVE;
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW SLAVE STATUS\G
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: svc-mysql
                  Master_User: linux94
                  Master_Port: 3306
                Connect_Retry: 3
              Master_Log_File: mysqllog-bin.000004
          Read_Master_Log_Pos: 353
               Relay_Log_File: mysql-slave-2pgsd-relay-bin.000002
                Relay_Log_Pos: 323
        Relay_Master_Log_File: mysqllog-bin.000004
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes

secret概述

与ConfigMap类似,区别在于secret存储敏感数据,所有的数据都需要经过base64进行编码。
使用secret主要存储的是凭据信息。


参考链接:
	https://kubernetes.io/zh/docs/concepts/configuration/secret/#secret-types

secret资源声明式两种创建方式
		2.1 方式一: 基于stringData方式(推荐)
root@ubuntu0:~/manifests/secret# cat 01-secrets-stringData.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: user-info
stringData:
  username: admin
  password: "1"

  my.cnf: |
    [mysqld]
    basedir=/oldboyedu/softwares/mysql80
    port=3306
    datadir=/oldboyedu/data/mysql80
    socket=/tmp/mysql80.sock
root@ubuntu0:~/manifests/secret# kubectl apply -f 01-secrets-stringData.yaml 
secret/user-info created
root@ubuntu0:~/manifests/secret# kubectl get secrets -o wide

NAME                  TYPE                                  DATA   AGE
default-token-hszqs   kubernetes.io/service-account-token   3      26d
user-info             Opaque                                3      7s
root@ubuntu0:~/manifests/secret# kubectl get secrets -o wide user-info
NAME        TYPE     DATA   AGE
user-info   Opaque   3      46s
root@ubuntu0:~/manifests/secret# kubectl describe secrets  user-info 
Name:         user-info
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
my.cnf:    113 bytes
password:  1 bytes
username:  5 bytes
root@ubuntu0:~/manifests/secret#  kubectl get secrets user-info -o yaml
apiVersion: v1
data:
  my.cnf: W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsODAuc29jawo=
  password: MQ==
  username: YWRtaW4=
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"name":"user-info","namespace":"default"},"stringData":{"my.cnf":"[mysqld]\nbasedir=/oldboyedu/softwares/mysql80\nport=3306\ndatadir=/oldboyedu/data/mysql80\nsocket=/tmp/mysql80.sock\n","password":"1","username":"admin"}}
  creationTimestamp: "2025-05-05T02:16:24Z"
  name: user-info
  namespace: default
  resourceVersion: "815355"
  uid: 90653274-1030-4208-a555-032c6484029f
type: Opaque

解密:
root@ubuntu0:~/manifests/secret# echo 'W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsO
DAuc29jawo='|base64 -d
[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock
root@ubuntu0:~/manifests/secret# echo 'MQ=='|base64 -d
1root@ubuntu0:~/manifests/secret# echo 'MQ=='|base64 -d|more
1


方式二: 基于方式(不推荐,编写时容易出错)
root@ubuntu0:~/manifests/secret# echo linux94 | base64 
bGludXg5NAo=
root@ubuntu0:~/manifests/secret#  echo oldboyedu | base64 
b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# cat 02-secrets-data.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: admin
data:
  # KEY无需做任何操作,VALUE进行BASE64手动编码
  username: bGludXg5NAo=
  password: b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# echo linux94 | base64 
bGludXg5NAo=
root@ubuntu0:~/manifests/secret#  echo oldboyedu | base64 
b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# cat 02-secrets-data.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: admin
data:
  # KEY无需做任何操作,VALUE进行BASE64手动编码
  username: bGludXg5NAo=
  password: b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# kubectl apply -f 02-secrets-data.yaml 
secret/admin created
root@ubuntu0:~/manifests/secret# kubectl get secrets admin 
NAME    TYPE     DATA   AGE
admin   Opaque   2      6s
root@ubuntu0:~/manifests/secret# kubectl get secrets admin -o yaml
apiVersion: v1
data:
  password: b2xkYm95ZWR1Cg==
  username: bGludXg5NAo=
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"password":"b2xkYm95ZWR1Cg==","username":"bGludXg5NAo="},"kind":"Secret","metadata":{"annotations":{},"name":"admin","namespace":"default"}}
  creationTimestamp: "2025-05-05T02:21:09Z"
  name: admin
  namespace: default
  resourceVersion: "815756"
  uid: 4e62f0f6-1940-43f7-b81c-16278cda898d
type: Opaque

响应式创建secrets常用选项

root@ubuntu0:~/manifests/secret# kubectl create secret generic test01 --from-literal=SCHOOL=oldboyedu --from-literal=class=linux94
secret/test01 created
root@ubuntu0:~/manifests/secret# kubectl create secret generic test02 --from-file=stringData=01-secrets-stringData.yaml --from-file=Data=02-secrets-data.yaml
secret/test02 created
root@ubuntu0:~/manifests/secret#  kubectl get secrets test01  test02 
NAME     TYPE     DATA   AGE
test01   Opaque   2      20s
test02   Opaque   2      9s
root@ubuntu0:~/manifests/secret# kubectl get secrets test01  test02  -o yaml
apiVersion: v1
items:
- apiVersion: v1
  data:
    SCHOOL: b2xkYm95ZWR1
    class: bGludXg5NA==
  kind: Secret
  metadata:
    creationTimestamp: "2025-05-05T02:39:39Z"
    name: test01
    namespace: default
    resourceVersion: "817317"
    uid: 9255edec-24db-4490-a8b3-d0951b21c470
  type: Opaque
- apiVersion: v1
  data:
    Data: YXBpVmVyc2lvbjogdjEKa2luZDogU2VjcmV0Cm1ldGFkYXRhOgogIG5hbWU6IGFkbWluCmRhdGE6CiAgIyBLRVnml6DpnIDlgZrku7vkvZXmk43kvZzvvIxWQUxVRei/m+ihjEJBU0U2NOaJi+WKqOe8lueggQogIHVzZXJuYW1lOiBiR2x1ZFhnNU5Bbz0KICBwYXNzd29yZDogYjJ4a1ltOTVaV1IxQ2c9PQo=
    stringData: YXBpVmVyc2lvbjogdjEKa2luZDogU2VjcmV0Cm1ldGFkYXRhOgogIG5hbWU6IHVzZXItaW5mbwpzdHJpbmdEYXRhOgogIHVzZXJuYW1lOiBhZG1pbgogIHBhc3N3b3JkOiAiMSIKCiAgbXkuY25mOiB8CiAgICBbbXlzcWxkXQogICAgYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCiAgICBwb3J0PTMzMDYKICAgIGRhdGFkaXI9L29sZGJveWVkdS9kYXRhL215c3FsODAKICAgIHNvY2tldD0vdG1wL215c3FsODAuc29jawo=
  kind: Secret
  metadata:
    creationTimestamp: "2025-05-05T02:39:50Z"
    name: test02
    namespace: default
    resourceVersion: "817332"
    uid: b1476fdd-5182-426d-a784-7ee5b16342c1
  type: Opaque
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
root@ubuntu0:~/manifests/secret#  kubectl delete secrets test01  test02 
secret "test01" deleted
secret "test02" deleted


Pod引用secrets的两种方式

基于环境变量引入
   1.先查看一下user-info的变量
root@ubuntu0:~/manifests/secret# kubectl get secrets user-info 
NAME        TYPE     DATA   AGE
user-info   Opaque   3      4d21h
root@ubuntu0:~/manifests/secret# kubectl get secrets user-info -o yaml
apiVersion: v1
data:
  my.cnf: W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsODAuc29jawo=
  password: MQ==
  username: YWRtaW4=
kind: Secret

   2.基于环境变量引入
   root@ubuntu0:~/manifests/secret# cat 04-secret-env.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: secret-env
spec:
  replicas: 1
  selector:
    apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      nodeName: ubuntu1
      containers:
      - name: xp
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        env:
        - name: env_username
          valueFrom:
          #表示值从一个secrets资源中引用
            secretKeyRef:
          # 指定secrets资源的名称
              name: user-info
           # 引用secrets的key
              key: username
        - name: env_mycnf
          valueFrom:
          #表示值从一个secrets资源中引用
            secretKeyRef:
          # 指定secrets资源的名称
              name: user-info
           # 引用secrets的key
              key: my.cnf
root@ubuntu0:~/manifests/secret# kubectl apply -f 04-secret-env.yaml 
replicationcontroller/secret-env created
root@ubuntu0:~/manifests/secret# kubectl get pods -o wide
NAME                 READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
mysql-master-4zxp6   1/1     Running   0          5d    10.100.2.30   ubuntu1   <none>           <none>
mysql-slave-2pgsd    1/1     Running   0          5d    10.100.2.29   ubuntu1   <none>           <none>
secret-env-78xjs     1/1     Running   0          29s   10.100.2.32   ubuntu1   <none>           <none>
查看环境变量,他会自动的解密
root@ubuntu0:~/manifests/secret# kubectl exec -it secret-env-78xjs -- env
env_username=admin
env_mycnf=[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock

 基于存储卷的方式引用
root@ubuntu0:~/manifests/secret# cat 03-secret.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: oldboyedu-rc-nfs-v1
spec:
  replicas: 1
  selector:
    apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      nodeName: ubuntu1
      volumes:
       - name: data
      #表示存储卷的类型是secret
         secret: 
       # 指定secret的名称
           secretName: user-info
       # 指定要引用的键值对
           items:
       # 指定secrets的KEY 
           - key: username
      # 暂时理解为将来在Pod容器挂载时的文件名称
             path: username.txt
           - key: password
             path: password.txt
           - key: my.cnf
             path: my.cnf
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 
        volumeMounts:
        - name: data
          mountPath: /oldboyedu

root@ubuntu0:~/manifests/secret# kubectl get pods -o wide
NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
mysql-master-4zxp6          1/1     Running   0          5d    10.100.2.30   ubuntu1   <none>           <none>
mysql-slave-2pgsd           1/1     Running   0          5d    10.100.2.29   ubuntu1   <none>           <none>
oldboyedu-rc-nfs-v1-5cx5d   1/1     Running   0          8s    10.100.2.33   ubuntu1   <none>           <none>
root@ubuntu0:~/manifests/secret# kubectl exec -it oldboyedu-rc-nfs-v1-5cx5d -- sh
/ # ls -l /oldboyedu/
total 0
lrwxrwxrwx    1 root     root            13 May 10 00:42 my.cnf -> ..data/my.cnf
lrwxrwxrwx    1 root     root            19 May 10 00:42 password.txt -> ..data/password.txt
lrwxrwxrwx    1 root     root            19 May 10 00:42 username.txt -> ..data/username.txt
/ # cat /oldboyedu/my.cnf 
[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock


基于响应式secret实现harbor登录认证案例

1.响应式创建harbor的认证信息
[root@master231 case-demo]# kubectl create secret docker-registry oldboyedu-harbor --docker-username=admin --docker-password=1 --docker-email=admin@oldboyedu.com --docker-server=harbor.oldboyedu.com
secret/oldboyedu-harbor created
[root@master231 case-demo]# kubectl get secrets oldboyedu-harbor 
NAME               TYPE                             DATA   AGE
oldboyedu-harbor   kubernetes.io/dockerconfigjson   1      9s

2.创建测试 
[root@master231 case-demo]# cat 16-rc-secrets-private-harbor-registry.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: oldboyedu-private-harbor
spec:
  replicas: 3
  selector:
    apps: linux
  template:
    spec:
      # 镜像拉取的认证凭据
      imagePullSecrets:
        # 指定访问harbor的认证信息
      - name: oldboyedu-harbor
      containers:
      - name: c1
        image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
        imagePullPolicy: Always
        stdin: true
    metadata:
      labels:
        apps: linux
[root@master231 case-demo]# 
[root@master231 case-demo]# kubectl apply -f 16-rc-secrets-private-harbor-registry.yaml 
replicationcontroller/oldboyedu-private-harbor created
[root@master231 case-demo]# 
[root@master231 case-demo]# kubectl get pods -o wide
NAME                             READY   STATUS        RESTARTS   AGE   IP             NODE        NOMINATED NODE   READINESS GATES
oldboyedu-private-harbor-f7hmj   1/1     Running       0          4s    10.100.1.64    worker232   <none>           <none>
oldboyedu-private-harbor-gkmtm   1/1     Running       0          4s    10.100.2.120   worker233   <none>           <none>
oldboyedu-private-harbor-pmf5q   1/1     Running       0          4s    10.100.2.119   worker233   <none>           <none>
[root@master231 case-demo]# 


基于声明式secret实现harbor登录认证案例

1.harbor创建用户名和密码 
  用户名称: linux94 
  密码: Linux@2024
  邮箱: linux94@oldboyedu.com 

2.对认证信息进行base64编码
  [root@master231 case-demo]# echo -n linux94:Linux@2024 | base64 
  bGludXg5NDpMaW51eEAyMDI0
  [root@master231 case-demo]#
3.得到最终的认证信息:
  {"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}} 

4.编写资源清单
[root@master231 case-demo]# cat 16-rc-secrets-private-harbor-registry.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: linux94-harbor
stringData:
  .dockerconfigjson: '{"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}}'
type: kubernetes.io/dockerconfigjson

---

apiVersion: v1
kind: ReplicationController
metadata:
  name: oldboyedu-private-harbor
spec:
  replicas: 3
  selector:
    apps: linux
  template:
    spec:
      # 镜像拉取的认证凭据
      imagePullSecrets:
        # 指定访问harbor的认证信息
      - name: linux94-harbor
      containers:
      - name: c1
        image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
        imagePullPolicy: Always
        stdin: true
    metadata:
      labels:
        apps: linux
[root@master231 case-demo]# 
[root@master231 case-demo]# kubectl apply -f 16-rc-secrets-private-harbor-registry.yaml
secret/linux94-harbor created
replicationcontroller/oldboyedu-private-harbor created
[root@master231 case-demo]# 
[root@master231 case-demo]# kubectl get pods -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP             NODE        NOMINATED NODE   READINESS GATES
oldboyedu-private-harbor-6kf6t   1/1     Running   0          3s    10.100.2.124   worker233   <none>           <none>
oldboyedu-private-harbor-prqnv   1/1     Running   0          3s    10.100.2.125   worker233   <none>           <none>
oldboyedu-private-harbor-tcp27   1/1     Running   0          3s    10.100.1.68    worker232   <none>           <none>
[root@master231 case-demo]# 

基于serviceaccounts绑定secret实现harbor认证

root@ubuntu0:/oldboyedu/softwares/harbor# kubectl api-resources |grep -w sa
serviceaccounts                   sa           v1                                     true         ServiceAccount

1.响应式创建账号
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl create sa xixi
serviceaccount/xixi created
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl get sa xixi        
NAME   SECRETS   AGE
xixi   1         61s
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl get sa xixi -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2025-05-18T12:03:44Z"
  name: xixi
  namespace: default
  resourceVersion: "1617334"
  uid: 8597121b-be87-4e33-a25b-d7f84a2fc43d
secrets:
- name: xixi-token-f4d9p


2.查看账号后端的Image pull secrets
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl describe sa xixi 
Name:                xixi
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   xixi-token-f4d9p
Tokens:              xixi-token-f4d9p
Events:              <none>
由于上面的镜像拉去策略为空,所以更新账号绑定的信息
[root@master231 serviceaccounts]# kubectl patch sa xixi -p '{"imagePullSecrets":[{"name":"oldboyedu-harbor"}]}'
serviceaccount/xixi patched
[root@master231 serviceaccounts]# 
[root@master231 serviceaccounts]# kubectl describe sa xixi 
Name:                xixi
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  oldboyedu-harbor
Mountable secrets:   xixi-token-nk9z4
Tokens:              xixi-token-nk9z4
Events:              <none>


	4.响应式更新账号的信息
[root@master231 serviceaccounts]# kubectl get secrets oldboyedu-harbor 
NAME               TYPE                             DATA   AGE
oldboyedu-harbor   kubernetes.io/dockerconfigjson   1      66m
[root@master231 serviceaccounts]# 
[root@master231 serviceaccounts]# kubectl describe sa xixi 
Name:                xixi
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   xixi-token-nk9z4
Tokens:              xixi-token-nk9z4
Events:              <none>
[root@master231 serviceaccounts]# 
[root@master231 serviceaccounts]# kubectl patch sa xixi -p '{"imagePullSecrets":[{"name":"oldboyedu-harbor"}]}'
serviceaccount/xixi patched
[root@master231 serviceaccounts]# 
[root@master231 serviceaccounts]# kubectl describe sa xixi 
Name:                xixi
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  oldboyedu-harbor
Mountable secrets:   xixi-token-nk9z4
Tokens:              xixi-token-nk9z4
Events:              <none>
[root@master231 serviceaccounts]# 


	5.Pod使用sa账号拉取镜像
[root@master231 case-demo]# cat 17-rc-secrets-sa-harbor.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: linux94-harbor
stringData:
  .dockerconfigjson: '{"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}}'
type: kubernetes.io/dockerconfigjson

---

apiVersion: v1
# 将sa账号绑定secret的拉取镜像认证信息
imagePullSecrets:
- name: linux94-harbor
kind: ServiceAccount
metadata:
  name: linux94
  namespace: default


---

apiVersion: v1
kind: ReplicationController
metadata:
  name: oldboyedu-private-harbor
spec:
  replicas: 3
  selector:
    apps: linux
  template:
    spec:
      # 指定服务账号,基于该账号拉取镜像
      serviceAccount: linux94
      containers:
      - name: c1
        image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latest
        imagePullPolicy: Always
        stdin: true
    metadata:
      labels:
        apps: linux
[root@master231 case-demo]# 

pod创建流程

- Pod创建流程:
	Pod的创建,删除,修改流程:
		  1.执行kubectl命令时会加载"~/.kube/config",从而识别到apiserver的地址,端口及认证证书;
		  2.apiserver进行证书认证,鉴权,语法检查,若成功则可以进行数据的读取或者写入;
		  3.若用户是写入操作(创建,修改,删除)则需要修改etcd数据库的信息;
		  4.如果创建Pod,此时scheduler负责Pod调度,将Pod调度到合适的worker节点,并将结果返回给ApiServer存储到etcd中;
		  5.kubelet组件会周期性上报给apiServer节点,包括Pod内的容器资源(cpu,memory,disk,gpu,...)及worker宿主机节点状态,apiServer并将结果存储到etcd中,若有该节点的任务也会直接返回给该节点进行调度;
		  6.kubelet开始调用CRI接口创建容器(依次创建pause,initContainers,containers);
		  7.在运行过程中,若Pod容器,正常或者异常退出时,kubelet会根据重启策略是否重启容器(Never,Always,OnFailure);
		  8.若一个节点怪掉,则需要controller manager介入维护,比如Pod副本数量缺失,则需要创建watch事件,要求控制器的副本数要达到标准,从而要创建新的Pod,此过程重复步骤4-6。

k8s部署jenkins

apiVersion: v1
kind: Namespace
metadata:
  name: devops

---

apiVersion: v1
kind: ReplicationController
metadata:
  name: oldboyedu-jenkins
  namespace: devops
spec:
  replicas: 1
  selector:
    apps: jenkins
  template:
    spec:
      nodeName: worker233
      volumes:
      - name: data
        nfs:
          server: 10.0.0.231
          path: /oldboyedu/data/nfs-server/volumes/devops/jenkins
      containers:
      - name: c1
        # image: jenkins/jenkins:2.479.1-alpine-jdk21
        image: harbor.oldboyedu.com/oldboyedu-devops/jenkins:2.479.1-alpine-jdk21
        #command: 
        #- tail
        #- -f
        #- /etc/hosts
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: data
          mountPath: /var/jenkins_home/
    metadata:
      labels:
        apps: jenkins

---

apiVersion: v1
kind: Service
metadata:
  name: svc-jenkins
  namespace: devops
spec:
  type: NodePort
  selector:
     apps: jenkins
  ports:
  - port: 8080
    nodePort: 30083
[root@master231 case-demo]# 



	3.温馨提示:
		- 在使用资源清单之前,应该先将Jenkins运行起来,安装常用的插件;
		- 再将/var/jenkins_home/数据拷贝到"/oldboyedu/data/nfs-server/volumes/devops/jenkins"中。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2405160.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

【MySQL系列】MySQL 执行 SQL 文件

博客目录 一、MySQL 执行 SQL 文件的常见场景二、MySQL 执行 SQL 文件的主要方法1. 使用 MySQL 命令行客户端2. 在 MySQL 交互界面中使用 source 命令3. 使用 MySQL Workbench 等图形化工具4. 使用编程语言接口 三、执行 SQL 文件时的注意事项1. 字符集问题2. 事务处理3. 错误处…

论文MR-SVD

每个像素 7 个 FLOPs意思&#xff1a; FLOPs&#xff08;浮点运算次数&#xff09;&#xff1a;衡量算法计算复杂度的指标&#xff0c;数值越小表示运算越高效。含义&#xff1a;对图像中每个像素进行处理时&#xff0c;仅需执行7 次浮点运算&#xff08;如加减乘除等&#xf…

Java 日期时间类全面解析

Java 日期时间类全面解析&#xff1a;从传统到现代的演进 一、发展历程概览 二、传统日期类&#xff08;Java 8前&#xff09; 1. java.util.Date - 日期表示类 Date now new Date(); // 当前日期时间 System.out.println(now); // Wed May 15 09:30:45 CST 2023// 特定时间…

【工具-Wireshark 抓包工具】

工具-Wireshark 抓包工具 ■ Wireshark 抓包工具■ 通过IP指定查看■■ ■ Wireshark 抓包工具 抓包工具】win 10 / win 11&#xff1a;WireShark 下载、安装、使用 Wireshark下载 阿里云镜像 ■ 通过IP指定查看 ■ ■

设备驱动与文件系统:06 目录与文件

磁盘使用的最后一层抽象&#xff1a;文件系统 今天我们讲第31讲&#xff0c;这一讲将完成磁盘对磁盘使用的最后一层抽象。对此板使用最后一层抽象&#xff0c;抽象出来的是什么呢&#xff1f; 实际上我们使用过磁盘&#xff0c;大家应该有这样的认识&#xff0c;最后不管这个磁…

Linux 系统中的算法技巧与性能优化

引言​ Linux 系统以其开源、稳定和高度可定制的特性&#xff0c;在服务器端、嵌入式设备以及开发环境中得到了极为广泛的应用。对于开发者而言&#xff0c;不仅要掌握在 Linux 环境下实现各类算法的方法&#xff0c;更要知晓如何利用系统特性对算法进行优化&#xff0c;以提升…

【C++系列】模板类型特例化

1. C模板类型特例化介绍 ​​定义​​&#xff1a;模板类型特例化&#xff08;Template Specialization&#xff09;是C中为模板的特定类型提供定制实现的机制&#xff0c;允许开发者对通用模板无法处理的特殊类型进行优化或特殊处理。 ​​产生标准​​&#xff1a; C98/03…

K8S认证|CKS题库+答案| 7. Dockerfile 检测

目录 7. Dockerfile 检测 免费获取并激活 CKA_v1.31_模拟系统 题目 开始操作&#xff1a; 1&#xff09;、切换集群 2&#xff09;、修改 Dockerfile 3&#xff09;、 修改 deployment.yaml 7. Dockerfile 检测 免费获取并激活 CKA_v1.31_模拟系统 题目 您必须在以…

基于Scala实现Flink的三种基本时间窗口操作

目录 代码结构 代码解析 (1) 主程序入口 (2) 窗口联结&#xff08;Window Join&#xff09; (3) 间隔联结&#xff08;Interval Join&#xff09; (4) 窗口同组联结&#xff08;CoGroup&#xff09; (5) 执行任务 代码优化 (1) 时间戳分配 (2) 窗口大小 (3) 输出格式…

c++对halcon的动态链接库dll封装及调用(细细讲)

七个部分(是个大工程) 一,halcon封装函数导出cpp的内容介绍 二,c++中对halcon环境的配置 三,在配置环境下验证halcon代码 四,dll项目创建+环境配置 五,编辑dll及导出 六,调用打包好的动态链接库的配置 七,进行测试 一,halcon的封装及导出cpp的介绍 1,我这里…

【优选算法】分治

一&#xff1a;颜色分类 class Solution { public:void sortColors(vector<int>& nums) {// 三指针法int n nums.size();int left -1, right n, i 0;while(i < right){if(nums[i] 0) swap(nums[left], nums[i]);else if(nums[i] 2) swap(nums[--right], num…

【图片识别改名】如何批量将图片按图片上文字重命名?自动批量识别图片文字并命名,基于图片文字内容改名,WPF和京东ocr识别的解决方案

应用场景 在日常工作和生活中&#xff0c;我们经常会遇到需要对大量图片进行重命名的情况。例如&#xff0c;设计师可能需要根据图片内容为设计素材命名&#xff0c;文档管理人员可能需要根据扫描文档中的文字对图片进行分类命名。传统的手动重命名方式效率低下且容易出错&…

RabbitMQ 的高可用性

RabbitMQ 是比较有代表性的&#xff0c;因为是基于主从&#xff08;非分布式&#xff09;做高可用的RabbitMQ 有三种模式&#xff1a;单机模式、普通集群模式、镜像集群模式。 单机模式 单机模式,生产几乎不用。 普通集群模式&#xff08;无高可用性&#xff09; 普通集群模…

AI架构师修炼之道

1 AI时代的架构革命 与传统软件开发和软件架构师相比&#xff0c;AI架构师面临着三重范式转换&#xff1a; 1.1 技术维度&#xff0c;需处理异构算力调度与模型生命周期管理的复杂性&#xff1b; 1.2 系统维度&#xff0c;需平衡实时性与资源约束的矛盾&#xff1b; 1.3 价…

iview组件库:当后台返回到的数据与使用官网组件指定的字段不匹配时,进行修改某个属性名再将response数据渲染到页面上的处理

1、需求导入 当存在前端需要的数据的字段渲染到表格或者是一些公共的表格组件展示数据时的某个字段名与后台返回的字段不一致时&#xff0c;那么需要前端进行稍加处理&#xff0c;而不能直接this.list res.data;这样数据是渲染不出来的。 2、后台返回的数据类型 Datalist(pn) …

服务器 | Centos 9 系统中,如何部署SpringBoot后端项目?

系列文章目录 虚拟机 | Ubuntu 安装流程以及界面太小问题解决 虚拟机 | Ubuntu图形化系统&#xff1a; open-vm-tools安装失败以及实现文件拖放 虚拟机 | Ubuntu操作系统&#xff1a;su和sudo理解及如何处理忘记root密码 文章目录 系列文章目录前言一、环境介绍二、 使用syst…

(2025)Windows修改JupyterNotebook的字体,使用JetBrains Mono

(JetBrains Mono字体未下载就配置,这种情况我不知道能不能行,没做过实验,因为我电脑已经下载了,不可能删了那么多字体做实验,我的建议是下载JetBrains Mono字体,当你使用VsCode配置里面的JetBrains字体也很有用) 首先参考该文章下载字体到电脑上 VSCode 修改字体为JetBrains …

小番茄C盘清理:专业高效的电脑磁盘清理工具

在使用电脑的过程中&#xff0c;我们常常会遇到系统盘空间不足、磁盘碎片过多、垃圾文件堆积等问题&#xff0c;这些问题不仅会导致电脑运行缓慢&#xff0c;还可能引发系统崩溃。为了解决这些问题&#xff0c;小番茄C盘清理应运而生。它是一款专业的C盘清理软件&#xff0c;能…

AUTOSAR实战教程--标准协议栈实现DoIP转DoCAN的方法

目录 软件架构 关键知识点 第一:PDUR的缓存作用 第二:CANTP的组包拆包功能 第三:流控帧的意义 配置过程 步骤0:ECUC模块中PDU创建 步骤1:SoAD模块维持不变 步骤2:DoIP模块为Gateway功能添加Connection ​步骤3:DoIP模块为Gateway新增LA/TA/SA ​步骤4:PDUR模…

【MySQL系列】MySQL 导出表数据到文件

博客目录 一、使用 SELECT INTO OUTFILE 语句基本语法参数详解注意事项实际示例 二、使用 mysqldump 工具基本语法常用选项实际示例 三、使用 MySQL Workbench 导出导出步骤高级选项 四、其他导出方法1. 使用 mysql 命令行客户端2. 使用 LOAD DATA INFILE 的逆向操作3. 使用编程…