Pod with nginx

Примеры подов с nginx.

Pod nginx с labels и открытым портом у контейнера.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: cam-nginx
  namespace: default
  labels:
    app: nginx
    environment: prod
  annotations:
    author: cameda
spec:
  containers:
  - name: nginx
    image: nginx:latest
    imagePullPolicy: IfNotPresent
    ports:
    - containerPort: 80
    - containerPort: 443
    resources:
      requests:
        cpu: 300m
        memory: 300Mi
      limits:
        memory: 400Mi
  restartPolicy: Always
  hostname: nginx
  subdomain: web
EOF

Pod nginx с volume hostPath, probe.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: cam-nginx
  namespace: default
  labels:
    app: nginx
    env: prod
  annotations:
    author: cameda
spec:
  containers:
  - name: cameda-nginx
    image: nginx:latest
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 300m
        memory: 300Mi
      limits:
        memory: 500Mi
    ports:
    - containerPort: 80
    - containerPort: 443
    livenessProbe:
      failureThreshold: 10
      successThreshold: 1
      httpGet:
        path: /
        port: 80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 5
    readinessProbe:
      failureThreshold: 3
      successThreshold: 1
      exec:
        command:
        - curl
        - http://127.0.0.1:80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 7
    volumeMounts:
    - name: cam-volume
      mountPath: /mnt/cameda
  restartPolicy: OnFailure
  hostname: nginx
  subdomain: web
  volumes:
  - name: cam-volume
    hostPath:
      # directory location on host
      path: /mnt/cam
      type: Directory
EOF

Pod with probe, volumes emptyDir, securityContext.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: cam-nginx
  namespace: default
  labels:
    app: nginx
    env: prod
  annotations:
    author: cameda
spec:
  containers:
  - name: cameda-nginx
    image: nginx:latest
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 300m
        memory: 300Mi
      limits:
        memory: 500Mi
    ports:
    - containerPort: 80
    - containerPort: 443
    livenessProbe:
      failureThreshold: 10
      successThreshold: 1
      httpGet:
        path: /
        port: 80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 5
    readinessProbe:
      failureThreshold: 3
      successThreshold: 1
      exec:
        command:
        - curl
        - http://127.0.0.1:80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 7
    volumeMounts:
    - name: cam-emptydir
      mountPath: /mnt/emptydir
  restartPolicy: OnFailure
  hostname: nginx
  subdomain: web
  dnsPolicy: ClusterFirst
  terminationGracePeriodSeconds: 90
  securityContext:
    runAsUser: 0
    runAsGroup: 0
    fsGroup: 2000
  volumes:
  - name: cam-emptydir
    emptyDir: {}
EOF

Pod nginx с volumes, probe, tolerations, nodeName, priorityClass, секретом и конфигмапом.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata: 
  name: cam-secret
type: Opaque
data: 
  username: Y2FtZWRh 
  password: Z29vZFBhJCR3b3Jk
EOF

cat <<EOF | kubectl apply -f -
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: cam-pc
  namespace: default
  labels:
    pc: main
  annotations:
    author: cameda
value: 20
globalDefault: false
description: "Cameda first pc"
EOF

Файл /etc/nginx/site-available/default

server {
  listen 80 default_server;
  server_name cameda.ru;
  root /var/www/html/cameda1.ml;
  access_log off;

  location / {
    index.html;
  }
###########################################################################
  location ~ /\.ht {
    deny all;
  }
}

Создадим ConfigMap из этого файла.

kubectl create cm nginx-config --from-file /etc/nginx/site-available/default

Pod. Если пример не работает отсюда, то можно скопировать манифест в file.yaml и запустить его через kubectl create -f file.yaml. Первую и последнюю строчки манифеста копировать не надо в файл.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: cam-nginx
  namespace: default
  labels:
    app: nginx
    env: prod
  annotations:
    author: cameda
spec:
  containers:
  - name: cameda-nginx
    image: nginx:latest
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 300m
        memory: 300Mi
      limits:
        memory: 500Mi
    ports:
    - containerPort: 80
    - containerPort: 443
    livenessProbe:
      failureThreshold: 10
      successThreshold: 1
      httpGet:
        path: /
        port: 80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 5
    readinessProbe:
      failureThreshold: 3
      successThreshold: 1
      exec:
        command:
        - curl
        - http://127.0.0.1:80
      periodSeconds: 10
      timeoutSeconds: 1
      initialDelaySeconds: 7
    volumeMounts:
    - name: cam-emptydir
      mountPath: /mnt/emptydir
    - name: cam-hostpath
      mountPath: /mnt/hostpath
    - name: nginx-secret
      mountPath: /etc/secret
      readOnly: true
    - name: nginx-configmap
      mountPath: /etc/nginx/sites-available
      readOnly: true
  restartPolicy: OnFailure
  priorityClassName: cam-pc
  hostname: nginx
  subdomain: web
  nodeName: cl14iev9l04rfqleuqa5-iguw
  dnsPolicy: ClusterFirst
  serviceAccountName: default
  schedulerName: default-scheduler
  terminationGracePeriodSeconds: 90
  securityContext:
    runAsUser: 0
    runAsGroup: 0
    fsGroup: 2000
  tolerations:
  - key: "cam"
    operator: "Exists"
    effect: "NoSchedule"
  - key: "cam"
    operator: "Exists"
    effect: "NoExecute"
  volumes:
  - name: cam-emptydir 
    emptyDir: {}
  - name: cam-hostpath
    hostPath:
      path: /mnt/cam
      type: Directory
  - name: nginx-secret
    secret:
      secretName: cam-secret
  - name: nginx-configmap
    configMap:
      name: nginx-config
EOF

kubectl exec --tty --stdin cam-nginx -- /bin/bash

Secret, ConfigMap и hostPath успешно работают.