Skip to content

Instantly share code, notes, and snippets.

@zaki-lknr

zaki-lknr/deploy_pod_and_svc.md

Last active February 14, 2021 12:58
Show Gist options
  • Save zaki-lknr/6c30d42bda04511345bac2b46f676ac9 to your computer and use it in GitHub Desktop.
Save zaki-lknr/6c30d42bda04511345bac2b46f676ac9 to your computer and use it in GitHub Desktop.
Download ZIP
k8s memo
Raw
deploy_pod_and_svc.md

k8sクラスタに雑にpodをデプロイする

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: sample-http
  name: sample-http
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sample-http
  template:
    metadata:
      labels:
        app: sample-http
    spec:
      containers:
      - image: httpd
        name: httpd
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: sample-http
  name: sample-http
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: sample-http
  type: NodePort

コマンドでやる場合

$ kubectl create deployment sample-http --image=httpd

$ kubectl scale --replicas=2 deploy sample-http

$ kubectl expose deployment sample-http --type=NodePort --port=80

もしくは

$ kubectl create service nodeport sample-http --tcp=80

nodeportでなくloadbalancerなら

$ kubectl create service loadbalancer sample-http --tcp=80

pod単体

$ kubectl run centos -n sample --image=centos:7 -- tail -f /dev/null
Raw
kindチートシート.md

クラスタ削除

kind delete cluster --name <cluster-name>

指定クラスタを停止したり一時停止したり

kind get nodes --name <cluster-name> | xargs docker pause

再開はunpause

Raw
merge_kubeconfig.md

kubeconfigファイルをマージする

~/.kube/config./foobar-kubeconfig-configをマージ

$ KUBECONFIG=~/.kube/config:./foobar-kubeconfig-config kubectl config view --flatten > new-config

このnew-config~/.kube/configへコピーすればOK

Raw
patch.md

例: type:ClusterIPのServiceをtype:LoadBalancerに更新する

$ kubectl patch svc -n istio-system kiali -p '{"spec": {"type": "LoadBalancer"}}'

既存のリストに項目を新しく追加する

例: webサーバー用のServiceのポートに項目を追加する

spec:
  clusterIP: 10.102.64.92
  externalTrafficPolicy: Cluster
  ports:
  - name: http
    nodePort: 30450
    port: 80
    protocol: TCP
    targetPort: 80

もともとこんな定義だったものに、新しく8080/TCPを追加する。

kubectl patch svc -n zzz sample-http -p '{"spec": {"ports": [{"port":8080, "protocol":"TCP", "targetPort": 80, "name": "http-alt"} ] } }'

spec:
  clusterIP: 10.102.64.92
  externalTrafficPolicy: Cluster
  ports:
  - name: http-alt
    nodePort: 30934
    port: 8080
    protocol: TCP
    targetPort: 80
  - name: http
    nodePort: 30450
    port: 80
    protocol: TCP
    targetPort: 80

こんな感じ。

既存リストの既存項目の内容を更新する

これは今までのようにjsonpathの指定だとできない。(たぶん)

ちなみに↑のあとに同じ要領で"port": 8081を指定しても

[zaki@cloud-dev httpd-nodeport]$ kubectl patch svc -n zzz sample-http -p '{"spec": {"ports": [{"port":8081, "protocol":"TCP", "targetPort": 80, "name": "http-alt"} ] } }'
The Service "sample-http" is invalid: spec.ports[1].name: Duplicate value: "http-alt"

という風に"http-alt"は既に存在するのでNGとなる。(新規追加しようとしている)

Raw
port-forward.md 
NAME      TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
tracing   ClusterIP   10.0.170.18   <none>        80/TCP    7d5h

このserviceにクラスタ外からアクセスするには

kubectl port-forward -n istio-system svc/tracing 8080:80

これで http://localhost:8080 で、tracing serviceにアクセス。

Raw
認証と認可.md

ServiceAccount

$ kc create serviceaccount --dry-run=client -o yaml sample-account
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: null
  name: sample-account

Role

Role | Kubernetes

$ kc create role sample-role --dry-run=client -o yaml --verb=* --resource=*
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: null
  name: sample-role
rules:
- apiGroups:
  - ""
  resources:
  - '*'
  verbs:
  - '*'

RoleBinding

RoleBinding | Kubernetes

$ kc create rolebinding --dry-run=client -o yaml sample-rolebinding --role=sample-role --serviceaccount=rbac-sample:sample-account
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  creationTimestamp: null
  name: sample-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: sample-role
subjects:
- kind: ServiceAccount
  name: sample-account
  namespace: rbac-sample
$ kc get sa,role,rolebindings,secret -n rbac-sample
NAME                            SECRETS   AGE
serviceaccount/sample-account   1         15m
serviceaccount/default          1         15m

NAME                                         CREATED AT
role.rbac.authorization.k8s.io/sample-role   2021-02-14T12:42:02Z

NAME                                                       ROLE               AGE
rolebinding.rbac.authorization.k8s.io/sample-rolebinding   Role/sample-role   52s

NAME                                TYPE                                  DATA   AGE
secret/default-token-rp7ks          kubernetes.io/service-account-token   3      15m
secret/sample-account-token-7flnm   kubernetes.io/service-account-token   3      15m
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment