新增说明及示例文件

This commit is contained in:
huty 2023-12-15 16:39:01 +08:00 committed by huty
parent 823b19c3f0
commit 3445c145aa
71 changed files with 4048 additions and 0 deletions

View File

@ -0,0 +1,29 @@
# ConfigMaps 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/configuration/configmap
# API 版本
apiVersion: v1
# 资源类型
kind: ConfigMap
# 元数据
metadata:
## 名称
name: 此 ConfigMap 的名称
## 命名空间
namespace: 此 ConfigMap 所属命名空间
# 数据( UTF-8 字节类型数据)
data:
## 直接定义属性(每一个键都映射到一个简单的值)
key_name_1: 'key_value_1'
key_name-2: key_value_2
## 定义文件(每一个键都映射到一个文件)
file_name_1.properties: |
key.1.name=key.1.value
key.2.name=key.2.value
file_name_2.properties: |
key.11.name=key.11.value
key.12.name=key.12.value
# 数据(二进制 base64 编码类型数据)
binaryData:
key_name_a: a2V5X3ZhbHVlX2E=
key_name_b: a2V5X3ZhbHVlX2I=
# 配置此 ConfigMaps 为不可变更(此 ConfigMaps 创建后,内容将不可变更,想要变更内容时,只能将此 ConfigMaps 删除后重建)
immutable: true

View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: example-halo
namespace: halo
data:
spring.sql.init.platform: mysql
spring.r2dbc.url: r2dbc:pool:mysql://{HOST}:{PORT}/{DATABASE}
halo.external-url: http://localhost:8090/
immutable: true

View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: example-mysql
namespace: mysql
data:
MYSQL_DATABASE: app
immutable: true

View File

@ -0,0 +1,23 @@
# Secret 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/configuration/secret
# API 版本
apiVersion: v1
# 资源类型
kind: Secret
# 元数据
metadata:
## 名称
name: 此 Secret 的名称
## 命名空间
namespace: 此 Secret 所属命名空间
# 类型
type: Opaque
# 数据( UTF-8 字节类型)
stringData:
key_name_1: key_value_1
key_name-2: key_value_2
# 数据( base64 编码类型数据)
data:
key_name_a: a2V5X3ZhbHVlX2E=
key_name_b: a2V5X3ZhbHVlX2I=
# 配置此 Secret 为不可变更(此 Secret 创建后,内容将不可变更,想要变更内容时,只能将此 Secret 删除后重建)
immutable: true

View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: example-halo
namespace: halo
type: Opaque
stringData:
spring.r2dbc.username: halo
spring.r2dbc.password: pKMoNmuCyxP6QZq7
halo.security.initializer.superadminusername: admin
halo.security.initializer.superadminpassword: QrgkqetX7LNz38hB
immutable: true

View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: example-mysql
namespace: mysql
type: Opaque
stringData:
MYSQL_ROOT_PASSWORD: pKMoNmuCyxP6QZq7
MYSQL_USER: app
MYSQL_PASSWORD: QrgkqetX7LNz38hB
immutable: true

View File

@ -0,0 +1,25 @@
# Endpoint 说明,官方文档:
# API 版本
apiVersion: v1
# 资源类型
kind: Endpoints
# 元数据
metadata:
## 名称
name: 此 Endpoint 的名称
## 命名空间
namespace: 此 Endpoint 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
subsets:
## 端点1
### 端点地址
- addresses:
#### 端点 IP
- ip: 端点 IP
### 端点端口号
ports:
- port: 端点端口号

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Endpoints
metadata:
name: example-endpoints
namespace: demo
labels:
name: example-endpoints
app: demo
type: endpoints
subsets:
- addresses:
- ip: 192.0.2.42
ports:
- port: 9376

View File

@ -0,0 +1,60 @@
# Ingress 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/services-networking/ingress
# API 版本
apiVersion: networking.k8s.io/v1
# 资源类型
kind: Ingress
# 元数据
metadata:
## 名称
name: 此 Ingress 的名称
## 命名空间
namespace: 此 Ingress 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
## 注解(使用不同的控制器时注解不同,具体见官方文档)
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
# 内容
spec:
## TLS 证书
tls:
### TLS 证书1
#### 该 TLS 证书对应的 HOST需要和 rules 中配置的 host 保持一致)
- hosts:
- host1
- host2
#### 该 TLS 证书使用的 Secret 名称
secretName: 该 TLS 证书使用的 Secret 名称
## 规则
rules:
### 规则1
#### HOST
- host: HOST
#### HTTP 规则
http:
##### 路径
paths:
###### 路径1
####### 路径
- path: 路径
####### 路径类型【ImplementationSpecific视 IngressClass 而定Prefix前缀匹配Exact精确匹配】
pathType: 路径类型
####### 后端
backend:
######## Service 类型(常用于后端服务,不能和 Resource 类型同时配置)
service:
######### Service 的名称
name: Service 的名称
######### Service 的端口号
port:
number: Service 的端口号
######## Resource 类型(常用于前端静态资源服务,不能和 Service 类型同时配置)
resource:
#########
apiGroup: k8s.example.com
######### 资源类型
kind: StorageBucket
######### 资源名称
name: icon-assets

View File

@ -0,0 +1,31 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress-multi
namespace: demo
labels:
name: example-ingress-multi
app: ingress
type: ingress
spec:
rules:
- host: "foo.bar.com"
http:
paths:
- pathType: Prefix
path: "/bar"
backend:
service:
name: service1
port:
number: 80
- host: "*.foo.com"
http:
paths:
- pathType: Prefix
path: "/foo"
backend:
service:
name: service2
port:
number: 80

View File

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress-single
namespace: demo
labels:
name: example-ingress-single
app: ingress
type: ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: test
port:
number: 80

View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress-tls
namespace: demo
labels:
name: example-ingress-tls
app: ingress
type: ingress
spec:
tls:
- hosts:
- https-example.foo.com
secretName: testsecret-tls
rules:
- host: https-example.foo.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80

View File

@ -0,0 +1,42 @@
# Service 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/services-networking/service
# API 版本
apiVersion: v1
# 资源类型
kind: Service
# 元数据
metadata:
## 名称
name: 此 Service 的名称
## 命名空间
namespace: 此 Service 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 指定 Service 类型【ClusterIP通过集群的内部 IP 暴露服务选择该值时服务只能够在集群内部访问NodePort通过每个节点上的 IP 和静态端口NodePort暴露服务LoadBalancer使用云提供商的负载均衡器向外部暴露服务ExternalName通过返回 CNAME 和对应值,可以将服务映射到 externalName 字段的内容】
type: Service 类型
## 指定 Pod 选择器( 此 Service 需要暴露哪些 Pod
selector:
标签名1: 标签值1
标签名2: 标签值2
## 端口号
ports:
### 端口号1
#### 端口名称
- name:
#### 端口类型
protocol: 端口类型
#### Service 端口号
port: Service 端口号
#### Pod 端口号
targetPort: Pod 端口号
### Node 端口号(仅 type 为 NodePort 时使用)
nodePort: Node 端口号
## ExternalName仅 type 为 ExternalName 时使用)
externalName: ExternalName
## 指定外部IP该 Service 允许通过哪些外部 IP:Port 访问)
externalIPs:
- externalIP1:Port1
- externalIP2:Port2

View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: example-externalips
namespace: demo
labels:
name: example-externalips
app: demo
type: service
spec:
- name: http
protocol: TCP
port: 80
targetPort: 9376
externalIPs:
- 80.11.12.10

View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: example-externalname
namespace: demo
labels:
name: example-externalname
app: demo
type: service
spec:
type: ExternalName
externalName: my.database.example.com

View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: example-multi
namespace: demo
labels:
name: example-multi
app: demo
type: service
spec:
selector:
app: app1
ports:
- name: http
protocol: TCP
port: 80
targetPort: 9376
- name: https
protocol: TCP
port: 443
targetPort: 9377

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: example-nodeport
namespace: demo
labels:
name: example-nodeport
app: demo
type: service
spec:
selector:
app: app1
ports:
- protocol: TCP
port: 80
targetPort: 80
nodePort: 30007

View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: example-single
namespace: demo
labels:
name: example-single
app: demo
type: service
spec:
selector:
app: app1
ports:
- protocol: TCP
port: 80
targetPort: 9376

View File

@ -0,0 +1,33 @@
# PersistentVolumeClaim持久卷申领说明官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/persistent-volumes
# API 版本
apiVersion: v1
# 资源名称
kind: PersistentVolumeClaim
# 资源元数据
metadata:
## 名称
name: 该 PersistentVolumeClaim 的名称【自定义,见名知意】
# 内容
spec:
## 资源
resources:
requests:
### 容量
storage: 该 PersistentVolumeClaim 使用的空间大小【自定义单位使用量纲Ki、Mi、Gi、Ti、Pi、Ei】
## 卷模式
volumeMode: 该 PersistentVolumeClaim 使用的卷模式【Filesystem默认文件系统Block块】
## 访问模式
accessModes:
- 该 PersistentVolumeClaim 使用的访问模式【ReadWriteOnce卷可以被一个节点以读写方式挂载ReadOnlyMany卷可以被多个节点以只读方式挂载ReadWriteMany卷可以被多个节点以读写方式挂载ReadWriteOncePod卷可以被单个 Pod 以读写方式挂载(整个集群中只有一个 Pod 可以读取和写入)】
## Storage Class 名称
storageClassName: 该 PersistentVolumeClaim 使用的 StorageClass 的名称
## 指定 PersistentVolume 配置后该 PersistentVolumeClaim 只能绑定指定的 PersistentVolume
volumeName: PersistentVolume 的名称
## 选择器
selector:
### 卷必须包含带有此值的标签
matchLabels:
name: value
### 通过设定键key、值列表和操作符operator 来构造的需求
matchExpressions:
- {key: key的值, operator: operator的值【In包含NotIn不包含Exists存在DoesNotExist不存在】,values: [value的值1,value的值2,...]}

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-example
spec:
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
storageClassName: storage-local-example
selector:
matchLabels:
release: "stable"
matchExpressions:
- {key: environment, operator: In, values: [dev]}

View File

@ -0,0 +1,34 @@
# PersistentVolume持久卷说明官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/persistent-volumes
# API 版本
apiVersion: v1
# 资源名称
kind: PersistentVolume
# 资源元数据
metadata:
## 名称
name: 该 PersistentVolume 的名称【自定义,见名知意】
# 内容
spec:
## 资源
capacity:
### 容量
storage: 该 PersistentVolume 使用的空间大小【自定义单位使用量纲Ki、Mi、Gi、Ti、Pi、Ei】
## 卷模式
volumeMode: 该 PersistentVolume 使用的卷模式【Filesystem默认文件系统Block块】
## 访问模式
accessModes:
- 该 PersistentVolume 使用的访问模式【ReadWriteOnce卷可以被一个节点以读写方式挂载ReadOnlyMany卷可以被多个节点以只读方式挂载ReadWriteMany卷可以被多个节点以读写方式挂载ReadWriteOncePod卷可以被单个 Pod 以读写方式挂载(整个集群中只有一个 Pod 可以读取和写入)】
## 回收策略
persistentVolumeReclaimPolicy: 该 PersistentVolume 使用的回收策略【Retain保留、手动回收当 PersistentVolumeClaim 被删除时PersistentVolume 仍然存在,需要手动删除 PersistentVolume 及 PersistentVolume 中的数据Delete删除当 PersistentVolumeClaim 被删除时,自动删除 PersistentVolume 及 PersistentVolume 中的数据)】
## StorageClass 名称
storageClassName: 该 PersistentVolume 使用的 StorageClass 的名称
## 预留 PersistentVolume配置该 PersistentVolume 只能被指定的 PersistentVolumeClaim 绑定)
claimRef:
name: PersistentVolumeClaim 的名称
namespace: Namespace 的名称
## 挂载选项
mount-options:
挂载选项参数【 不同类型的存储类型参数不一样具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/persistent-volumes/#mount-options 】
## 节点亲和性
nodeAffinity:
节点亲和性参数【 local 存储类型需要声明具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/persistent-volumes/#node-affinity 】

View File

@ -0,0 +1,24 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-local-example
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-example
local:
path: /data/k8s/pv/local/example
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- nodename-example-1
- nodename-example-2
- nodename-example-3

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-nfs-example
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
nfs:
server: nfs-server.default.svc.cluster.local
path: "/"
mountOptions:
- nfsvers=4.2

View File

@ -0,0 +1,23 @@
# StorageClass存储类 说明官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes
# API 版本
apiVersion: storage.k8s.io/v1
# 资源名称
kind: StorageClass
# 资源元数据
metadata:
## 名称
name: 该 StorageClass 的名称【自定义,见名知意】
# 制备器(供应商)
provisioner: 该 StorageClass 使用的制备器【可选制备器见官方文档: https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#provisioner 】
# 回收策略
reclaimPolicy: 该 StorageClass 的回收策略【Delete删除默认当使用此 PersistentVolume 的对象被删除时,此 PersistentVolume 自动删除Retain保留当使用此 PersistentVolume 的对象被删除时,此 PersistentVolume 不会自动删除)】
# 卷捆绑模型
volumeBindingMode: 该 StorageClass 的绑定模式【Immediate默认PersistentVolumeClaim 创建后立即完成制备和绑定WaitForFirstConsumer使用 PersistentVolumeClaim 的 Pod 被创建后才制备和绑定】
# 允许的拓扑结构
allowedTopologies: 该 StorageClass 允许的拓扑架构【具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#allowed-topologies 】
# 是否允许卷扩展
allowVolumeExpansion: 是否允许卷扩展【true允许false不允许。仅部分制备器可用具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#allow-volume-expansion 】
# 挂载选项
mountOptions: 该 StorageClass 的挂载选项【仅部分制备器可用具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/persistent-volumes/#mount-options 】
# 参数
parameters: 该 StorageClass 的参数【使用不同类型的制备器时参数不一样具体见官方文档https://kubernetes.io/zh-cn/docs/concepts/storage/storage-classes/#parameters 】

View File

@ -0,0 +1,7 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-example
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer

View File

@ -0,0 +1,42 @@
# HorizontalPodAutoscalerPod 水平自动扩缩说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/tasks/run-application/horizontal-pod-autoscale
# API 版本
apiVersion: autoscaling/v2
# 资源类型
kind: HorizontalPodAutoscaler
# 元数据
metadata:
## 名称
name: 此 HorizontalPodAutoscaler 的名称
## 命名空间
namespace: 此 HorizontalPodAutoscaler 所属的命名空间
# 数据
spec:
## 扩缩目标
scaleTargetRef:
### 扩缩目标的 API 版本
apiVersion: apps/v1
### 扩缩目标的资源类型
kind: Deployment
### 扩缩目标的资源名称
name: php-apache
## 最小副本数
minReplicas: 1
## 最大副本数
maxReplicas: 10
## 指标
metrics:
### 指标1
#### 指标类型【Resource资源如 CPU、内存等PodsKubernetes PodsObject对象】
- type: Resource
#### 指标详情
resource:
##### 指标名称
name: cpu
##### 指标
target:
###### 类型 【Utilization百分比AverageValue绝对值】
type: Utilization
###### 数值(百分比)【仅当 type 为 Utilization 时生效】
averageUtilization: 50
###### 数值(绝对值)【仅当 type 为 AverageValue 时生效】
averageValue: 0

View File

@ -0,0 +1,19 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: hpa-example
namespace: demo
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: php-apache
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50

View File

@ -0,0 +1,35 @@
# LimitRange限制范围说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/policy/limit-range
# API 版本
apiVersion: v1
# 资源类型
kind: LimitRange
# 元数据
metadata:
## 名称
name: 此 LimitRange 的名称
## 命名空间
namespace: 此 LimitRange 所属的命名空间
# 数据
spec:
## 限制详情
limits:
### 默认值
- default:
cpu: 500m
memory: 1Gi
### 默认请求值
defaultRequest:
cpu: 500m
memory: 1Gi
### 最大值
max:
cpu: 800m
memory: 2Gi
storage: 5Gi
### 最小值
min:
cpu: 200m
memory: 500Mi
storage: 1Gi
### 限制类型
type: Container

View File

@ -0,0 +1,22 @@
apiVersion: v1
kind: LimitRange
metadata:
name: limit-range-example
namespace: demo
spec:
limits:
- default:
cpu: 500m
memory: 1Gi
defaultRequest:
cpu: 500m
memory: 1Gi
max:
cpu: 800m
memory: 2Gi
storage: 5Gi
min:
cpu: 200m
memory: 500Mi
storage: 1Gi
type: Container

View File

@ -0,0 +1,22 @@
# PodDisruptionBudgetPod干扰预算说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/tasks/run-application/configure-pdb
# API 版本
apiVersion: policy/v1beta1
# 资源类型
kind: PodDisruptionBudget
# 元数据
metadata:
## 名称
name: 此 PodDisruptionBudget 的名称
## 命名空间
namespace: 此 PodDisruptionBudget 所属的命名空间
# 数据
spec:
## 最少可用 Pod 数(可配置绝对值或百分比,不能和 maxUnavailable 同时存在)
minAvailable: 2
## 最大不可用 Pod 数(可配置绝对值或百分比,不能和 minAvailable 同时存在)
maxUnavailable: 50%
## 作用的 Pod 集合
selector:
### 标签选择
matchLabels:
name: value

View File

@ -0,0 +1,10 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: pdb-example
namespace: demo
spec:
minAvailable: 2
selector:
matchLabels:
app: zookeeper

View File

@ -0,0 +1,69 @@
# ResourceQuota 资源配额说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/policy/resource-quotas
# API 版本
apiVersion: v1
# 资源类型
kind: ResourceQuota
# 元数据
metadata:
## 名称
name: 此 ResourceQuota 的名称
## 命名空间
namespace: 此 ResourceQuota 所属的命名空间
# 数据
spec:
## 配额
hard:
### 在该命名空间中,所有非终止状态的 Pod其 CPU 需求总量不能超过该值
cpu: '1000'
### 在该命名空间中,所有非终止状态的 Pod其内存需求总量不能超过该值
memory: 200Gi
### 在该命名空间中,所有非终止状态的 Pod其 CPU 限额总量不能超过该值
limits.cpu: '1000'
### 在该命名空间中,所有非终止状态的 Pod其内存限额总量不能超过该值
limits.memory: 200Gi
### 在该命名空间中,所有 PVC存储资源的需求总量不能超过该值
requests.storage: 1Ti
### 在该命名空间中,对于 <storage-class-name> 类型的 PVC存储资源的需求总量不能超过该值
<storage-class-name>.storageclass.storage.k8s.io/requests.storage: 300Gi
### 在该命名空间中,允许的 PVC 总量
persistentvolumeclaims: '1000'
### 在该命名空间中,允许的 <storage-class-name> 类型的 PVC 总量
<storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims: '300'
### 在该命名空间中,允许存在的 ReplicationController 总数上限
replicationcontrollers: '1000'
### 在该命名空间中,允许存在的 ResourceQuota 总数上限
resourcequotas: '100'
### 在该命名空间中,允许存在的 ConfigMap 总数上限
configmaps: '1000'
### 在该命名空间中,允许存在的 Secret 总数上限
secrets: '1000'
### 在该命名空间中,允许存在的 Service 总数上限
services: '100'
### 在该命名空间中,允许存在的 LoadBalancer 类型的 Service 总数上限
services.loadbalancers: '100'
### 在该命名空间中,允许存在的 NodePort 类型的 Service 总数上限
services.nodeports: '100'
### 在该命名空间中,允许存在的非终止状态的 Pod 总数上限
pods: '100'
## 配额作用域
scopeSelector:
matchExpressions:
### 匹配所有引用了所指定的优先级类的 Pods【 operator 可选In包含、NotIn不包含、Exists存在、DoesNotExist不存在values 可选low、medium、high】
- scopeName: PriorityClass
operator: In
values:
- high
### 匹配所有 spec.activeDeadlineSeconds 不小于 0 的 Pod不能和 NotTerminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: Terminating
operator: Exists
### 匹配所有 spec.activeDeadlineSeconds 是 nil 的 Pod不能和 Terminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotTerminating
operator: Exists
### 匹配所有 Qos 是 BestEffort 的 Pod不能和 NotBestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: BestEffort
operator: Exists
### 匹配所有 Qos 不是 BestEffort 的 Pod不能和 BestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotBestEffort
operator: Exists
### 匹配那些设置了跨名字空间 (反)亲和性条件的 Pod
- scopeName: CrossNamespaceAffinity

View File

@ -0,0 +1,80 @@
# ResourceQuota (资源配额)( List 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/policy/resource-quotas
# API 版本
apiVersion: v1
# 资源类型
kind: List
# 资源详情
items:
## ResourceQuota 1
### API 版本
- apiVersion: v1
### 资源类型
kind: ResourceQuota
### 元数据
metadata:
#### 名称
name: 此 ResourceQuota 的名称
#### 命名空间
namespace: 此 ResourceQuota 所属的命名空间
### 数据
spec:
#### 配额
hard:
##### 在该命名空间中,所有非终止状态的 Pod其 CPU 需求总量不能超过该值
cpu: '1000'
### 在该命名空间中,所有非终止状态的 Pod其内存需求总量不能超过该值
memory: 200Gi
### 在该命名空间中,所有非终止状态的 Pod其 CPU 限额总量不能超过该值
limits.cpu: ''
### 在该命名空间中,所有非终止状态的 Pod其内存限额总量不能超过该值
limits.memory:
### 在该命名空间中,所有 PVC存储资源的需求总量不能超过该值
requests.storage: 1Ti
### 在该命名空间中,对于 <storage-class-name> 类型的 PVC存储资源的需求总量不能超过该值
<storage-class-name>.storageclass.storage.k8s.io/requests.storage: 300Gi
### 在该命名空间中,允许的 PVC 总量
persistentvolumeclaims: '1000'
### 在该命名空间中,允许的 <storage-class-name> 类型的 PVC 总量
<storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims: '300'
### 在该命名空间中,允许存在的 ReplicationController 总数上限
replicationcontrollers: '1000'
### 在该命名空间中,允许存在的 ResourceQuota 总数上限
resourcequotas: '100'
### 在该命名空间中,允许存在的 ConfigMap 总数上限
configmaps: '1000'
### 在该命名空间中,允许存在的 Secret 总数上限
secrets: '1000'
### 在该命名空间中,允许存在的 Service 总数上限
services: '100'
### 在该命名空间中,允许存在的 LoadBalancer 类型的 Service 总数上限
services.loadbalancers: '100'
### 在该命名空间中,允许存在的 NodePort 类型的 Service 总数上限
services.nodeports: '100'
### 在该命名空间中,允许存在的非终止状态的 Pod 总数上限
pods: '100'
## 配额作用域
scopeSelector:
matchExpressions:
### 匹配所有引用了所指定的优先级类的 Pods【 operator 可选In包含、NotIn不包含、Exists存在、DoesNotExist不存在values 可选low、medium、high】
- scopeName: PriorityClass
operator: In
values:
- high
### 匹配所有 spec.activeDeadlineSeconds 不小于 0 的 Pod不能和 NotTerminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: Terminating
operator: Exists
### 匹配所有 spec.activeDeadlineSeconds 是 nil 的 Pod不能和 Terminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotTerminating
operator: Exists
### 匹配所有 Qos 是 BestEffort 的 Pod不能和 NotBestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: BestEffort
operator: Exists
### 匹配所有 Qos 不是 BestEffort 的 Pod不能和 BestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotBestEffort
operator: Exists
### 匹配那些设置了跨名字空间 (反)亲和性条件的 Pod
- scopeName: CrossNamespaceAffinity
## ResourceQuota 2
### API 版本
- apiVersion: v1
...

View File

@ -0,0 +1,69 @@
# ResourceQuota 资源配额说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/policy/resource-quotas/
# API 版本
apiVersion: v1
# 资源类型
kind: ResourceQuota
# 元数据
metadata:
## 名称
name: 此 ResourceQuota 的名称
## 命名空间
namespace: 此 ResourceQuota 所属的命名空间
# 数据
spec:
## 配额
hard:
### 在该命名空间中,所有非终止状态的 Pod其 CPU 需求总量不能超过该值
cpu: '1000'
### 在该命名空间中,所有非终止状态的 Pod其内存需求总量不能超过该值
memory: 200Gi
### 在该命名空间中,所有非终止状态的 Pod其 CPU 限额总量不能超过该值
limits.cpu: ''
### 在该命名空间中,所有非终止状态的 Pod其内存限额总量不能超过该值
limits.memory:
### 在该命名空间中,所有 PVC存储资源的需求总量不能超过该值
requests.storage: 1Ti
### 在该命名空间中,对于 <storage-class-name> 类型的 PVC存储资源的需求总量不能超过该值
<storage-class-name>.storageclass.storage.k8s.io/requests.storage: 300Gi
### 在该命名空间中,允许的 PVC 总量
persistentvolumeclaims: '1000'
### 在该命名空间中,允许的 <storage-class-name> 类型的 PVC 总量
<storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims: '300'
### 在该命名空间中,允许存在的 ReplicationController 总数上限
replicationcontrollers: '1000'
### 在该命名空间中,允许存在的 ResourceQuota 总数上限
resourcequotas: '100'
### 在该命名空间中,允许存在的 ConfigMap 总数上限
configmaps: '1000'
### 在该命名空间中,允许存在的 Secret 总数上限
secrets: '1000'
### 在该命名空间中,允许存在的 Service 总数上限
services: '100'
### 在该命名空间中,允许存在的 LoadBalancer 类型的 Service 总数上限
services.loadbalancers: '100'
### 在该命名空间中,允许存在的 NodePort 类型的 Service 总数上限
services.nodeports: '100'
### 在该命名空间中,允许存在的非终止状态的 Pod 总数上限
pods: '100'
## 配额作用域
scopeSelector:
matchExpressions:
### 匹配所有引用了所指定的优先级类的 Pods【 operator 可选In包含、NotIn不包含、Exists存在、DoesNotExist不存在values 可选low、medium、high】
- scopeName: PriorityClass
operator: In
values:
- high
### 匹配所有 spec.activeDeadlineSeconds 不小于 0 的 Pod不能和 NotTerminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: Terminating
operator: Exists
### 匹配所有 spec.activeDeadlineSeconds 是 nil 的 Pod不能和 Terminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotTerminating
operator: Exists
### 匹配所有 Qos 是 BestEffort 的 Pod不能和 NotBestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: BestEffort
operator: Exists
### 匹配所有 Qos 不是 BestEffort 的 Pod不能和 BestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotBestEffort
operator: Exists
### 匹配那些设置了跨名字空间 (反)亲和性条件的 Pod
- scopeName: CrossNamespaceAffinity

View File

@ -0,0 +1,80 @@
# ResourceQuota (资源配额)( List 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/policy/resource-quotas/
# API 版本
apiVersion: v1
# 资源类型
kind: List
# 资源详情
items:
## ResourceQuota 1
### API 版本
- apiVersion: v1
### 资源类型
kind: ResourceQuota
### 元数据
metadata:
#### 名称
name: 此 ResourceQuota 的名称
#### 命名空间
namespace: 此 ResourceQuota 所属的命名空间
### 数据
spec:
#### 配额
hard:
##### 在该命名空间中,所有非终止状态的 Pod其 CPU 需求总量不能超过该值
cpu: '1000'
### 在该命名空间中,所有非终止状态的 Pod其内存需求总量不能超过该值
memory: 200Gi
### 在该命名空间中,所有非终止状态的 Pod其 CPU 限额总量不能超过该值
limits.cpu: ''
### 在该命名空间中,所有非终止状态的 Pod其内存限额总量不能超过该值
limits.memory:
### 在该命名空间中,所有 PVC存储资源的需求总量不能超过该值
requests.storage: 1Ti
### 在该命名空间中,对于 <storage-class-name> 类型的 PVC存储资源的需求总量不能超过该值
<storage-class-name>.storageclass.storage.k8s.io/requests.storage: 300Gi
### 在该命名空间中,允许的 PVC 总量
persistentvolumeclaims: '1000'
### 在该命名空间中,允许的 <storage-class-name> 类型的 PVC 总量
<storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims: '300'
### 在该命名空间中,允许存在的 ReplicationController 总数上限
replicationcontrollers: '1000'
### 在该命名空间中,允许存在的 ResourceQuota 总数上限
resourcequotas: '100'
### 在该命名空间中,允许存在的 ConfigMap 总数上限
configmaps: '1000'
### 在该命名空间中,允许存在的 Secret 总数上限
secrets: '1000'
### 在该命名空间中,允许存在的 Service 总数上限
services: '100'
### 在该命名空间中,允许存在的 LoadBalancer 类型的 Service 总数上限
services.loadbalancers: '100'
### 在该命名空间中,允许存在的 NodePort 类型的 Service 总数上限
services.nodeports: '100'
### 在该命名空间中,允许存在的非终止状态的 Pod 总数上限
pods: '100'
## 配额作用域
scopeSelector:
matchExpressions:
### 匹配所有引用了所指定的优先级类的 Pods【 operator 可选In包含、NotIn不包含、Exists存在、DoesNotExist不存在values 可选low、medium、high】
- scopeName: PriorityClass
operator: In
values:
- high
### 匹配所有 spec.activeDeadlineSeconds 不小于 0 的 Pod不能和 NotTerminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: Terminating
operator: Exists
### 匹配所有 spec.activeDeadlineSeconds 是 nil 的 Pod不能和 Terminating 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotTerminating
operator: Exists
### 匹配所有 Qos 是 BestEffort 的 Pod不能和 NotBestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: BestEffort
operator: Exists
### 匹配所有 Qos 不是 BestEffort 的 Pod不能和 BestEffort 同时存在)【 operator 必须为 Exists不能设置 values 】
- scopeName: NotBestEffort
operator: Exists
### 匹配那些设置了跨名字空间 (反)亲和性条件的 Pod
- scopeName: CrossNamespaceAffinity
## ResourceQuota 2
### API 版本
- apiVersion: v1
...

View File

@ -0,0 +1,24 @@
apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota-example-item
namespace: demo
spec:
hard:
cpu: '64'
memory: 256Gi
requests.storage: 1Ti
persistentvolumeclaims: '1000'
resourcequotas: '100'
configmaps: '3000'
secrets: '3000'
services: '100'
services.loadbalancers: '100'
services.nodeports: '100'
pods: '100'
scopeSelector:
matchExpressions:
- scopeName: PriorityClass
operator: In
values:
- high

View File

@ -0,0 +1,69 @@
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota-example-list-high
namespace: demo
spec:
hard:
cpu: '128'
memory: 512Gi
requests.storage: 1Ti
persistentvolumeclaims: '1000'
resourcequotas: '100'
configmaps: '1000'
secrets: '1000'
services: '100'
pods: '1000'
scopeSelector:
matchExpressions:
- scopeName: PriorityClass
operator: In
values:
- high
- apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota-example-list-medium
namespace: demo
spec:
hard:
cpu: '64'
memory: 256Gi
requests.storage: 1Ti
persistentvolumeclaims: '500'
resourcequotas: '100'
configmaps: '500'
secrets: '500'
services: '50'
pods: '500'
scopeSelector:
matchExpressions:
- scopeName: PriorityClass
operator: In
values:
- medium
- apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota-example-list-low
namespace: demo
spec:
hard:
cpu: '32'
memory: 128Gi
requests.storage: 1Ti
persistentvolumeclaims: '100'
resourcequotas: '10'
configmaps: '50'
secrets: '50'
services: '10'
pods: '50'
scopeSelector:
matchExpressions:
- scopeName: PriorityClass
operator: In
values:
- low

View File

@ -0,0 +1,42 @@
# CronJob 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/cron-jobs
# API 版本
apiVersion: batch/v1
# 资源类型
kind: CronJob
# 元数据
metadata:
## 名称
name: 此 CronJob 的名称
## 命名空间
namespace: 此 CronJob 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 此 CronJob 的执行周期【语法见https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/cron-jobs/#cron-%E6%97%B6%E9%97%B4%E8%A1%A8%E8%AF%AD%E6%B3%95】
schedule: 此 CronJob 的执行周期
## 此 CronJob 执行的 Job
jobTemplate:
### Job 的内容
spec:
#### 指定 Job 的 Pod 模板(内容参考 Pod 的 Yaml
template:
##### Pod 的内容
spec:
###### Pod 的容器
containers:
####### 容器1
######## 容器1的名称
- name: 容器1的名称
######## 容器1使用的镜像
image: 容器1使用的镜像
######## 镜像拉取规则
imagePullPolicy: IfNotPresent
######## 执行的命令
command:
- 命令1
- 命令2
###### 容器重启策略【Never不重启OnFailure失败时重启】
restartPolicy: 容器重启策略【Never不重启OnFailure失败时重启】

View File

@ -0,0 +1,24 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: example-hello
namespace: demo
labels:
name: example-hello
app: hello
type: cronjob
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure

View File

@ -0,0 +1,95 @@
# DaemonSet 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/daemonset
# API 版本
apiVersion: apps/v1
# 资源类型
kind: DaemonSet
# 元数据
metadata:
## 名称
name: 此 DaemonSet 的名称
## 命名空间
namespace: 此 DaemonSet 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 指定 Pod 选择器( 此 DaemonSet 需要管理哪些 Pod
selector:
### 指定标签选择器
matchLabels:
标签名1: 标签值1
标签名2: 标签值2
## 指定 Pod 模板
template:
### Pod 的元数据
metadata:
#### Pod 的标签(需要和上面 matchLabels 中配置的标签一致)
labels:
标签名1: 标签值1
标签名2: 标签值2
### Pod 的内容
spec:
#### Pod 的容忍度(需要在哪些节点上部署 Pod
tolerations:
##### Pod 的容忍度 1
###### 容忍度 1 的 key
- key: 容忍度 1 的 key
###### 容忍度 1 的表达式【Equal等于Exists存在】
operator: 容忍度 1 的表达式
###### 容忍度 1 的值
value: 容忍度 1 的值
###### 容忍度 1 的效果
effect: 容忍度 1 的效果
#### Pod 的终止宽限期(秒)
terminationGracePeriodSeconds: Pod 的终止宽限期(秒)
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1的资源
resources:
####### 限制资源
limits:
######## 限制的内存
memory: 限制的内存
####### 请求资源
requests:
######## 请求的 CPU
cpu: 请求的 CPU
######## 请求的内存
memory: 请求的内存
###### 容器1使用的持久卷
volumeMounts:
####### 持久卷1
######## 持久卷1的名称
- name: 持久卷1的名称
######## 持久卷1的挂载路径容器内
mountPath: 持久卷1的挂载路径容器内
####### 持久卷2
######## 持久卷2的名称
- name: 持久卷2的名称
######## 持久卷2的挂载路径容器内
mountPath: 持久卷2的挂载路径容器内
######## 容器内是否只读
readOnly: true
#### 持久卷
volumes:
##### 持久卷1
###### 持久卷1的名称
- name: 持久卷1的名称
###### 持久卷1的路径宿主机目录
hostPath:
####### 持久卷1的路径宿主机目录
path: 持久卷1的路径宿主机目录
##### 持久卷2
###### 持久卷2的名称
- name: 持久卷2的名称
###### 持久卷2的路径宿主机目录
hostPath:
####### 持久卷2的路径宿主机目录
path: 持久卷2的路径宿主机目录

View File

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: example-elasticsearch-fluentd
namespace: demo
labels:
name: elasticsearch-fluentd
app: elasticsearch-fluentd
type: daemonset
spec:
selector:
matchLabels:
name: elasticsearch-fluentd
app: elasticsearch-fluentd
type: pod
template:
metadata:
labels:
name: elasticsearch-fluentd
app: elasticsearch-fluentd
type: pod
spec:
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
terminationGracePeriodSeconds: 30
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers

View File

@ -0,0 +1,45 @@
# Deployment 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/deployment
# API 版本
apiVersion: apps/v1
# 资源类型
kind: Deployment
# 元数据
metadata:
## 名称
name: 此 Deployment 的名称
## 命名空间
namespace: 此 Deployment 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 指定副本数
replicas: 期望副本数
## 指定 Pod 选择器( 此 Deployment 需要管理哪些 Pod
selector:
### 指定标签选择器
matchLabels:
标签名1: 标签值1
标签名2: 标签值2
## 指定 Pod 模板
template:
### Pod 的元数据
metadata:
#### Pod 的标签(需要和上面 matchLabels 中配置的标签一致)
labels:
标签名1: 标签值1
标签名2: 标签值2
### Pod 的内容
spec:
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1使用的端口号
ports:
- containerPort: 80

View File

@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-nginx
namespace: demo
labels:
name: nginx
app: nginx
type: deployment
spec:
replicas: 3
selector:
matchLabels:
name: nginx
app: nginx
type: pod
template:
metadata:
labels:
name: nginx
app: nginx
type: pod
spec:
containers:
- name: nginx
image: nginx:1.23.3
ports:
- containerPort: 80

View File

@ -0,0 +1,45 @@
# Deployments 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/deployment
# API 版本
apiVersion: apps/v1
# 资源类型
kind: Deployments
# 元数据
metadata:
## 名称
name: 此 Deployments 的名称
## 命名空间
namespace: 此 Deployments 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 指定副本数
replicas: 期望副本数
## 指定 Pod 选择器( 此 Deployments 需要管理哪些 Pods
selector:
### 指定标签选择器
matchLabels:
标签名1: 标签值1
标签名2: 标签值2
## 指定 Pod 模板
template:
### Pod 的元数据
metadata:
#### Pod 的标签(需要和上面 matchLabels 中配置的标签一致)
labels:
标签名1: 标签值1
标签名2: 标签值2
### Pod 的内容
spec:
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1使用的端口号
ports:
- containerPort: 80

View File

@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployments
metadata:
name: example-nginx
namespace: demo
labels:
name: nginx
app: nginx
type: deployments
spec:
replicas: 3
selector:
matchLabels:
name: nginx
app: nginx
type: pod
template:
metadata:
labels:
name: nginx
app: nginx
type: pod
spec:
containers:
- name: nginx
image: nginx:1.23.3
ports:
- containerPort: 80

View File

@ -0,0 +1,48 @@
# Job 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/job
# API 版本
apiVersion: batch/v1
# 资源类型
kind: Job
# 元数据
metadata:
## 名称
name: 此 Job 的名称
## 命名空间
namespace: 此 Job 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 是否挂起此 Jobtrue挂起false不挂起立即执行
suspend: 是否挂起此 Job
## 指定 Pod 模板(内容参考 Pod 的 Yaml
template:
### Pod 的内容
spec:
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1运行的命令
command:
- 命令1
- 命令2
#### 容器重启策略【Never不重启OnFailure失败时重启】
restartPolicy: 容器重启策略【Never不重启OnFailure失败时重启】
## 失败重试次数(重试次数到达此值后,此 Job 标记为失败)
backoffLimit: 失败重试次数
## Job 活跃期限Job 运行时间达到此值后,此 Job 标记为失败,优先级高于 backoffLimit
activeDeadlineSeconds: Job 活跃期限(秒)
## Pod 完成模式【NonIndexed当成功完成的 Pod 个数达到 .spec.completions 所设值时认为 Job 已经完成IndexedJob 的 Pod 会获得对应的完成索引,取值为 0 到 .spec.completions-1当每个索引都对应一个完成完成的 Pod 时Job 被认为是已完成的】
completionMode: Pod 完成模式
## Pod 完成量(当成功的 Pod 个数达到次数时,该 Job 视为完成)
completions: Pod 完成量
## Pod 工作队列
parallelism: Pod 工作队列
## Job 完成(状态为 Complete 或 Failed后自动清除时间
ttlSecondsAfterFinished: Job 完成(状态为 Complete 或 Failed后自动清除时间

View File

@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: example-pi
namespace: demo
labels:
name: example-pi
app: pi
type: job
spec:
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4

View File

@ -0,0 +1,40 @@
# Jobs 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/job
# API 版本
apiVersion: apps/v1
# 资源类型
kind: Jobs
# 元数据
metadata:
## 名称
name: 此 Jobs 的名称
## 命名空间
namespace: 此 Jobs 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 指定 Pod 模板(内容参考 Pod 的 Yaml
template:
### Pod 的内容
spec:
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1运行的命令
command:
- 命令1
- 命令2
#### 容器重启策略【Never不重启OnFailure失败时重启】
restartPolicy: 容器重启策略【Never不重启OnFailure失败时重启】
## 失败重试次数
backoffLimit: 4
## Pod 完成量(当成功的 Pod 个数达到次数时,该 Job 视为完成)
completions: Pod 完成量
## Pod 工作队列
parallelism: Pod 工作队列

View File

@ -0,0 +1,18 @@
apiVersion: apps/v1
kind: Jobs
metadata:
name: example-pi
namespace: demo
labels:
name: example-pi
app: pi
type: job
spec:
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4

View File

@ -0,0 +1,33 @@
# Pod 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/pods
# API 版本
apiVersion: v1
# 资源类型
kind: Pod
# 元数据
metadata:
## 名称
name: 此 Pod 的名称
## 命名空间
namespace: 此 Pod 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 容器
containers:
### 容器1
#### 容器名称
- name: 该容器的名称
#### 容器镜像
image: 改容器使用的镜像
#### 容器端口号
ports:
##### 端口号1
###### 名称
- name: 该端口号的名称
###### 端口号
containerPort: 端口号
###### 端口类型
protocol: 该端口号的类型

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: example-nginx
namespace: demo
labels:
name: nginx
app: nginx
type: pod
spec:
containers:
- name: web
image: nginx:1.23.3
ports:
- name: web
containerPort: 80
protocol: TCP

View File

@ -0,0 +1,33 @@
# Pods 说明官方文档https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/pods
# API 版本
apiVersion: v1
# 资源类型
kind: Pods
# 元数据
metadata:
## 名称
name: 此 Pods 的名称
## 命名空间
namespace: 此 Pods 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 容器
containers:
### 容器1
#### 容器名称
- name: 该容器的名称
#### 容器镜像
image: 改容器使用的镜像
#### 容器端口号
ports:
##### 端口号1
###### 名称
- name: 该端口号的名称
###### 端口号
containerPort: 端口号
###### 端口类型
protocol: 该端口号的类型

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pods
metadata:
name: example-nginx
namespace: demo
labels:
name: nginx
app: nginx
type: pod
spec:
containers:
- name: web
image: nginx:1.23.3
ports:
- name: web
containerPort: 80
protocol: TCP

View File

@ -0,0 +1,83 @@
# StatefulSet 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/statefulset
# API 版本
apiVersion: apps/v1
# 资源类型
kind: StatefulSet
# 元数据
metadata:
## 名称
name: 此 StatefulSet 的名称
## 命名空间
namespace: 此 StatefulSet 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 服务名称
serviceName: 服务名称(此 StatefulSet 对应的 Service 的 name
## 指定副本数
replicas: 期望副本数
## 指定更新策略
updateStrategy:
type: 更新策略【OnDelete不自动更新 PodRollingUpdate自动滚动更新默认
## 最短就绪秒数
minReadySeconds: 短就绪秒数( Pod 就绪后默认可用的等待时间,默认为 0即 Pod 就绪后即为可用状态)
## 指定 Pod 选择器( 此 StatefulSet 需要管理哪些 Pod
selector:
### 指定标签选择器
matchLabels:
标签名1: 标签值1
标签名2: 标签值2
## 指定 Pod 模板(内容参考 Pod 的 Yaml
template:
### Pod 的元数据
metadata:
#### Pod 的标签(需要和上面 matchLabels 中配置的标签一致)
labels:
标签名1: 标签值1
标签名2: 标签值2
### Pod 的内容
spec:
#### Pod 的终止宽限期(秒)
terminationGracePeriodSeconds: Pod 的终止宽限期(秒)
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1使用的端口号
ports:
####### 端口号1
######## 端口号1的名称
- name: 端口号1的名称
######## 端口号1的端口号
containerPort: 端口号1的端口号
###### 容器1使用的持久卷
volumeMounts:
######## 持久卷1
######## 持久卷1的名称
- name: 持久卷1的名称
######## 持久卷1的挂载路径容器内
mountPath: 持久卷1的挂载路径容器内
## 指定 PersistentVolumeClaims 模板(内容参考 PersistentVolumeClaims 的 Yaml
volumeClaimTemplates:
### PersistentVolumeClaims 1
#### PersistentVolumeClaims 1 的元数据
- metadata:
##### PersistentVolumeClaims 1 的名称
name: PersistentVolumeClaims 1 的名称
#### PersistentVolumeClaims 1 的内容
spec:
##### 访问模式
accessModes:
- PersistentVolumeClaims 1 的访问模式
##### Storage Class 名称
storageClassName: PersistentVolumeClaims 1 使用的 StorageClass 的名称
##### 资源
resources:
requests:
storage: PersistentVolumeClaim 1 使用的空间大小

View File

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: example-nginx-slim
namespace: demo
labels:
name: nginx
app: nginx
type: statefulset
spec:
serviceName: example-nginx-slim
replicas: 3
updateStrategy:
type: RollingUpdate
minReadySeconds: 0
selector:
matchLabels:
name: nginx
app: nginx
type: pod
template:
metadata:
labels:
name: nginx
app: nginx
type: pod
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: nginx:1.23.3-alpine-slim
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: html
spec:
accessModes:
- ReadWriteOnce
storageClassName: example-storage-class-nginx-html
resources:
requests:
storage: 1Gi

View File

@ -0,0 +1,83 @@
# StatefulSets 说明,官方文档: https://v1-22.docs.kubernetes.io/zh/docs/concepts/workloads/controllers/statefulset
# API 版本
apiVersion: apps/v1
# 资源类型
kind: StatefulSets
# 元数据
metadata:
## 名称
name: 此 StatefulSets 的名称
## 命名空间
namespace: 此 StatefulSets 所属命名空间
## 标签
labels:
标签名1: 标签值1
标签名2: 标签值2
# 内容
spec:
## 服务名称
serviceName: 服务名称(此 StatefulSets 对应的 Service 的 name
## 指定副本数
replicas: 期望副本数
## 指定更新策略
updateStrategy:
type: 更新策略【OnDelete不自动更新 PodRollingUpdate自动滚动更新默认
## 最短就绪秒数
minReadySeconds: 短就绪秒数( Pod 就绪后默认可用的等待时间,默认为 0即 Pod 就绪后即为可用状态)
## 指定 Pod 选择器( 此 StatefulSets 需要管理哪些 Pods
selector:
### 指定标签选择器
matchLabels:
标签名1: 标签值1
标签名2: 标签值2
## 指定 Pod 模板(内容参考 Pod 的 Yaml
template:
### Pod 的元数据
metadata:
#### Pod 的标签(需要和上面 matchLabels 中配置的标签一致)
labels:
标签名1: 标签值1
标签名2: 标签值2
### Pod 的内容
spec:
#### Pod 的终止宽限期(秒)
terminationGracePeriodSeconds: Pod 的终止宽限期(秒)
#### Pod 的容器
containers:
##### 容器1
###### 容器1的名称
- name: 容器1的名称
###### 容器1使用的镜像
image: 容器1使用的镜像
###### 容器1使用的端口号
ports:
####### 端口号1
######## 端口号1的名称
- name: 端口号1的名称
######## 端口号1的端口号
containerPort: 端口号1的端口号
###### 容器1使用的持久卷
volumeMounts:
######## 持久卷1
######## 持久卷1的名称
- name: 持久卷1的名称
######## 持久卷1的挂载路径容器内
mountPath: 持久卷1的挂载路径容器内
## 指定 PersistentVolumeClaims 模板(内容参考 PersistentVolumeClaims 的 Yaml
volumeClaimTemplates:
### PersistentVolumeClaims 1
#### PersistentVolumeClaims 1 的元数据
- metadata:
##### PersistentVolumeClaims 1 的名称
name: PersistentVolumeClaims 1 的名称
#### PersistentVolumeClaims 1 的内容
spec:
##### 访问模式
accessModes:
- PersistentVolumeClaims 1 的访问模式
##### Storage Class 名称
storageClassName: PersistentVolumeClaims 1 使用的 StorageClass 的名称
##### 资源
resources:
requests:
storage: PersistentVolumeClaim 1 使用的空间大小

View File

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: StatefulSets
metadata:
name: example-nginx-slim
namespace: demo
labels:
name: nginx
app: nginx
type: statefulsets
spec:
serviceName: example-nginx-slim
replicas: 3
updateStrategy:
type: RollingUpdate
minReadySeconds: 0
selector:
matchLabels:
name: nginx
app: nginx
type: pod
template:
metadata:
labels:
name: nginx
app: nginx
type: pod
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: nginx:1.23.3-alpine-slim
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html
volumeClaimTemplates:
- metadata:
name: html
spec:
accessModes:
- ReadWriteOnce
storageClassName: example-storage-class-nginx-html
resources:
requests:
storage: 1Gi

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard

View File

@ -0,0 +1,308 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}

192
examples/drawio/drawio.yaml Normal file
View File

@ -0,0 +1,192 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-drawio
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-drawio-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-drawio
local:
path: /app/drawio/fonts
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-drawio-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-drawio
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-drawio-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: pod
---
# 创建 Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: hty1024-app-drawio-deployment
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: deployment
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: drawio
app.k8s.hty1024.com/version: 22.1.8
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-drawio-data
persistentVolumeClaim:
claimName: hty1024-app-drawio-pvc
containers:
# - name: plantuml-server
# image: plantuml/plantuml-server:v1.2023.13
# volumeMounts:
# - name: localtime
# mountPath: /etc/localtime
# readOnly: true
# - name: hty1024-app-drawio-data
# mountPath: /usr/share/fonts/drawio
- name: export-server
image: jgraph/export-server:latest
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-drawio-data
mountPath: /usr/share/fonts/drawio
ports:
- name: tcp
containerPort: 8000
env:
- name: DRAWIO_SERVER_URL
value: "http://localhost:8080"
- name: drawio
image: jgraph/drawio:22.1.8
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
ports:
- name: tcp
containerPort: 8080
env:
- name: DRAWIO_SELF_CONTAINED
value: "1"
- name: DRAWIO_BASE_URL
value: "http://localhost:8080"
# - name: PLANTUML_URL
# value: "http://plantuml-server:8080"
- name: EXPORT_URL
value: "http://localhost:8000"
nodeSelector:
node.k8s.hty1024.com/type: app

163
examples/gitea/gitea.yaml Normal file
View File

@ -0,0 +1,163 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-gitea
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-gitea-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-gitea
local:
path: /app/gitea/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-gitea-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-gitea
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-gitea-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-app-gitea-statefulset
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: gitea
app.k8s.hty1024.com/version: 1.19.4
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-gitea-data
persistentVolumeClaim:
claimName: hty1024-app-gitea-pvc
containers:
- name: gitea
image: gitea/gitea:1.19.4
ports:
- name: tcp
containerPort: 3000
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-gitea-data
mountPath: /data
nodeSelector:
node.k8s.hty1024.com/type: app

178
examples/halo/halo.yaml Normal file
View File

@ -0,0 +1,178 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-halo
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-halo-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-halo
local:
path: /app/halo/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-halo-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-halo
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-halo-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 8090
targetPort: 8090
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-app-halo-statefulset
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: halo
app.k8s.hty1024.com/version: 1.6.1
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-halo-data
persistentVolumeClaim:
claimName: hty1024-app-halo-pvc
containers:
- name: halo
image: halohub/halo:1.6.1
ports:
- name: tcp
containerPort: 8090
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-halo-data
mountPath: /root/.halo
env:
- name: SERVER_PORT
value: "8090"
- name: SPRING_DATASOURCE_DRIVER_CLASS_NAME
value: "com.mysql.cj.jdbc.Driver"
- name: SPRING_DATASOURCE_URL
value: "jdbc:mysql://hty1024-db-mysql-service.hty1024-db:3306/halo?characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true"
- name: SPRING_DATASOURCE_USERNAME
value: "halo"
- name: SPRING_DATASOURCE_PASSWORD
value: "123456"
- name: HALO_ADMIN_PATH
value: "admin"
- name: HALO_CACHE
value: "memory"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,163 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-kiwix-serve
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-kiwix-serve-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-kiwix-serve
local:
path: /app/kiwix-serve/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-kiwix-serve-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 100Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-kiwix-serve
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-kiwix-serve-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 10080
targetPort: 10080
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: pod
---
# 创建 Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: hty1024-app-kiwix-serve-deployment
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: deployment
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: kiwix-serve
app.k8s.hty1024.com/version: 3.6.0-alpine
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-kiwix-serve-data
persistentVolumeClaim:
claimName: hty1024-app-kiwix-serve-pvc
containers:
- name: kiwix-serve
image: hub.hty1024.com/hty1024/kiwix-serve:3.6.0-alpine
ports:
- name: tcp
containerPort: 10080
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-kiwix-serve-data
mountPath: /data
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,220 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-db
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-mysql
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-db-mysql-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-mysql
local:
path: /app/mysql/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-db-mysql-pvc
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-mysql
---
# 创建 ConfigMap自定义 my.cnf 文件)
apiVersion: v1
kind: ConfigMap
metadata:
name: hty1024-db-mysql-cm
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: configMap
data:
my.cnf: |
[mysqld]
max_connections = 1000
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
---
# 创建 Secret自定义 MySQL 用户密码)
apiVersion: v1
kind: Secret
metadata:
name: hty1024-db-mysql-secret
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: secret
type: Opaque
stringData:
root.key: |
123456
immutable: true
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-db-mysql-service
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: service
spec:
type: ClusterIP
ports:
- port: 3306
targetPort: 3306
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-db-mysql-statefulset
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: mysql
app.k8s.hty1024.com/version: 8.0.35
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-db-mysql-data
persistentVolumeClaim:
claimName: hty1024-db-mysql-pvc
- name: hty1024-db-mysql-conf
configMap:
name: hty1024-db-mysql-cm
items:
- key: my.cnf
path: my.cnf
- name: hty1024-db-mysql-pwd
secret:
secretName: hty1024-db-mysql-secret
containers:
- name: mysql
image: mysql:8.0.35
ports:
- name: tcp
containerPort: 3306
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-db-mysql-data
mountPath: /var/lib/mysql
- name: hty1024-db-mysql-conf
mountPath: /etc/mysql/conf.d/
- name: hty1024-db-mysql-pwd
mountPath: /tmp/secret-volume
readOnly: true
env:
- name: MYSQL_ROOT_PASSWORD_FILE
value: "/tmp/secret-volume/root.key"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,91 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-db
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-db-pgadmin4-service
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: pgadmin4
app.k8s.hty1024.com/version: 8.0.0
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- name: pgadmin4
port: 80
targetPort: 80
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: pgadmin4
app.k8s.hty1024.com/version: 8.0.0
app.k8s.hty1024.com/resources: pod
---
# 创建 Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: hty1024-db-pgadmin4
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: pgadmin4
app.k8s.hty1024.com/version: 8.0.0
app.k8s.hty1024.com/resources: deployment
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: pgadmin4
app.k8s.hty1024.com/version: 8.0.0
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: pgadmin4
app.k8s.hty1024.com/version: 8.0.0
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
containers:
- name: pgadmin4
image: dpage/pgadmin4:8.0
ports:
- name: http
containerPort: 80
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
env:
- name: PGADMIN_DEFAULT_EMAIL
value: "test@hty1024.com"
- name: PGADMIN_DEFAULT_PASSWORD
value: "123456"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,89 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-db
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-db-phpmyadmin-service
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: phpmyadmin
app.k8s.hty1024.com/version: 5.2.1
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- name: phpmyadmin
port: 80
targetPort: 80
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: phpmyadmin
app.k8s.hty1024.com/version: 5.2.1
app.k8s.hty1024.com/resources: pod
---
# 创建 Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: hty1024-db-phpmyadmin
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: phpmyadmin
app.k8s.hty1024.com/version: 5.2.1
app.k8s.hty1024.com/resources: deployment
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: phpmyadmin
app.k8s.hty1024.com/version: 5.2.1
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: phpmyadmin
app.k8s.hty1024.com/version: 5.2.1
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
containers:
- name: phpmyadmin
image: phpmyadmin:5.2.1
ports:
- name: http
containerPort: 80
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
env:
- name: PMA_ARBITRARY
value: "1"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,191 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-db
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-postgres
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-db-postgres-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-postgres
local:
path: /app/postgres/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-db-postgres-pvc
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-postgres
---
# 创建 Secret自定义 PostgreSQL 用户密码)
apiVersion: v1
kind: Secret
metadata:
name: hty1024-db-postgres-secret
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: secret
type: Opaque
stringData:
postgres.key: |
123456
immutable: true
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-db-postgres-service
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: service
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-db-postgres-statefulset
namespace: hty1024-db
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: db
app.k8s.hty1024.com/name: postgres
app.k8s.hty1024.com/version: 16.1-alpine3.19
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-db-postgres-data
persistentVolumeClaim:
claimName: hty1024-db-postgres-pvc
- name: hty1024-db-postgres-pwd
secret:
secretName: hty1024-db-postgres-secret
containers:
- name: postgres
image: postgres:16.1-alpine3.19
ports:
- name: tcp
containerPort: 5432
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-db-postgres-data
mountPath: /var/lib/postgres
- name: hty1024-db-postgres-pwd
mountPath: /tmp/secret-volume
readOnly: true
env:
- name: POSTGRES_PASSWORD_FILE
value: "/tmp/secret-volume/postgres.key"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,166 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-vaultwarden
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-vaultwarden-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-vaultwarden
local:
path: /app/vaultwarden/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-vaultwarden-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-vaultwarden
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-vaultwarden-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-app-vaultwarden-statefulset
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: vaultwarden
app.k8s.hty1024.com/version: 1.30.1-alpine
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-vaultwarden-data
persistentVolumeClaim:
claimName: hty1024-app-vaultwarden-pvc
containers:
- name: vaultwarden
image: vaultwarden/server:1.30.1-alpine
ports:
- name: tcp
containerPort: 80
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-vaultwarden-data
mountPath: /data
env:
- name: SIGNUPS_ALLOWED
value: "false"
nodeSelector:
node.k8s.hty1024.com/type: app

176
examples/wikijs/wikijs.yaml Normal file
View File

@ -0,0 +1,176 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-wikijs
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-wikijs-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-wikijs
local:
path: /app/wikijs/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-wikijs-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-wikijs
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-wikijs-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-app-wikijs-statefulset
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wikijs
app.k8s.hty1024.com/version: 2.5.300
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-wikijs-data
persistentVolumeClaim:
claimName: hty1024-app-wikijs-pvc
containers:
- name: wikijs
image: requarks/wiki:2.5.300
ports:
- name: tcp
containerPort: 3000
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-wikijs-data
mountPath: /wiki/data
env:
- name: DB_TYPE
value: "mysql"
- name: DB_HOST
value: "hty1024-db-mysql-service.hty1024-db"
- name: DB_PORT
value: "3306"
- name: DB_USER
value: "wikijs"
- name: DB_PASS
value: "123456"
- name: DB_NAME
value: "wikijs"
nodeSelector:
node.k8s.hty1024.com/type: app

View File

@ -0,0 +1,163 @@
---
# 创建 Namespace
apiVersion: v1
kind: Namespace
metadata:
name: hty1024-app
---
# 创建 StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: storage-local-wiznote
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: storageClass
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
# 创建 PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: hty1024-app-wiznote-pv
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: persistentVolume
spec:
capacity:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: storage-local-wiznote
local:
path: /app/wiznote/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node.k8s.hty1024.com/type
operator: In
values:
- app
---
# 创建 PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hty1024-app-wiznote-pvc
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: persistentVolumeClaim
spec:
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: storage-local-wiznote
---
# 创建 Service
apiVersion: v1
kind: Service
metadata:
name: hty1024-app-wiznote-service
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: service
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30000
selector:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: pod
---
# 创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hty1024-app-wiznote-statefulset
namespace: hty1024-app
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: statefulSet
spec:
replicas: 1
minReadySeconds: 30
selector:
matchLabels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: pod
template:
metadata:
labels:
app.k8s.hty1024.com/env: prod
app.k8s.hty1024.com/type: app
app.k8s.hty1024.com/name: wiznote
app.k8s.hty1024.com/version: 1.0.31
app.k8s.hty1024.com/resources: pod
spec:
terminationGracePeriodSeconds: 60
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: hty1024-app-wiznote-data
persistentVolumeClaim:
claimName: hty1024-app-wiznote-pvc
containers:
- name: wiznote
image: hub.hty1024.com/official/wiznote/wizserver:1.0.31
ports:
- name: tcp
containerPort: 80
volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: hty1024-app-wiznote-data
mountPath: /wiz/storage
nodeSelector:
node.k8s.hty1024.com/type: app