name: kubernetes-manifests user-invocable: false description: 用于编写和部署Kubernetes清单以进行容器编排。 allowed-tools: []
Kubernetes 清单
理解和编写Kubernetes清单文件。
基本结构
apiVersion: v1
kind: Pod
metadata:
name: my-app
namespace: default
labels:
app: my-app
spec:
containers:
- name: app
image: nginx:latest
ports:
- containerPort: 80
常见资源类型
Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: app
image: myapp:1.0.0
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
Service
apiVersion: v1
kind: Service
metadata:
name: my-app-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: LoadBalancer
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
database.url: "postgres://db:5432"
log.level: "info"
Secret
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
data:
password: cGFzc3dvcmQxMjM= # base64编码
最佳实践
资源请求和限制
始终定义资源请求和限制:
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
存活性和就绪性探针
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
标签和选择器
使用一致的标签:
metadata:
labels:
app: my-app
version: v1
environment: production
验证
# 验证清单语法
kubectl apply --dry-run=client -f manifest.yaml
# 使用kubeconform验证
kubeconform manifest.yaml
# 针对实时集群验证
kubectl apply --dry-run=server -f manifest.yaml