https://blog.51cto.com/u_16180037/6846468 7.7
https://blog.51cto.com/u_16180037/6861579 7.7
https://www.cnblogs.com/peteremperor/p/12785335.html 7.10
https://cloud.tencent.com/developer/article/2305131
pod
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: mynginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
volumeMounts:
- name: myvolume
mountPath: /usr/share/nginx/html
initContainers:
- image: busybox
name: busybox
- command:
- touch /work-dir/test
volumeMounts:
- name: myvolume
mountPath: /work-dir
volumes:
- name: myvolume
emptyDir: {}
kubectl run busybox --image=busybox --restart=Never -it --rm -- /bin/sh -c "wget -O- x.x.x.x"
kubectl get pods -o=jsonpath="{.items[*]['metadata.name', 'metadata.namespace']}"k get po nginx -o yaml --export
kubectl get po nginx -o jsonpath='{.spec.containers[].image}{"\n"}'kubectl top pod busybox --containers > file.log
34. Create a Pod with main container busybox and which executes this “while true; do echo ‘Hi I am from Main container’ >> /var/log/index.html; sleep 5; done” and with sidecar container with nginx image which exposes on port 80. Use emptyDir Volume and mount this volume on path /var/log for busybox and on path /usr/share/nginx/html for nginx container. Verify both containers are running.
k run multi-po --image=busybox --dry-run=client -oyaml -- /bin/sh -c 'while true; do echo "Hi I am from Main container" >> /var/log/index.html; sleep 5; done;'
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: multi-po
name: multi-po
spec:
containers:
- args:
- /bin/sh
- -c
- while true; do echo "Hi I am from Main container" >> /var/log/index.html; sleep
5; done;
image: busybox
name: multi-po
volumeMounts:
- name: myVol
mountPath: /var/log
- name: sidecar
image: nginx
ports:
- containerPort: 80
voluments:
- name: myVol
mountPath: /usr/share/nginx/html
volumes:
- name: myVol
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
92. Create a Cronjob with busybox image that prints date and hello from kubernetes cluster message for every minute
k create cronjob cj-minute --image=busybox --schedule="*/1 * * * *" -- /bin/sh -c date; echo hello from kubernetes cluster message"
111. Create an nginx pod and load environment values from the above configmap keyvalcfgmap and exec into the pod and verify the environment variables and delete the pod
apiVersion: v1
kind: Pod
metadata:
name: pod-env
spec:
containers:
- name: nginx
image: nginx
envFrom:
- configMapRef:
name: keyvalcfgmap
restartPolicy: Never
112. Create an env file file.env with var1=val1 and create a configmap envcfgmap from this env file and verify the configmap
echo var1=val1 > file.env
cat file.envkubectl create cm envcfgmap --from-env-file=file.env
kubectl get cm envcfgmap -o yaml --export
115. Create a pod called secbusybox with the image busybox which executes command sleep 3600 and makes sure any Containers in the Pod, all processes run with user ID 1000 and with group id 2000 and verify.
k run secbusybox --image=busybox --dry-run=client -oyaml -- /bin/sh -c 'sleep 3600;' > po.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: secbusybox
name: secbusybox
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
containers:
- args:
- /bin/sh
- -c
- sleep 3600;
image: busybox
name: secbusybox
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
116. Create the same pod as above this time set the securityContext for the container as well and verify that the securityContext of container overrides the Pod level securityContext.
// create yml file with dry-run
kubectl run secbusybox --image=busybox --restart=Never --dry-run -o yaml -- /bin/sh -c "sleep 3600;" > busybox.yml// edit the pod like below and create
kubectl create -f busybox.yml// verify
kubectl exec -it secbusybox -- sh
id // you can see container securityContext overides the Pod level
149. Create the temporary busybox pod and hit the service. Verify the service that it should return the nginx page index.html.
kubectl get svc nginx -o wide// create temporary busybox to check the nodeport
kubectl run busybox --image=busybox --restart=Never -it --rm -- wget -o- <Cluster IP>:80
150. Create a NetworkPolicy which denies all ingress traffic
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
1.Do the same, but have the pod deleted automatically when it's completed
kubectl run busybox --image=busybox -it --rm --restart=Never -- /bin/sh -c 'echo hello world'
kubectl get po
- Create a Pod with two containers, both with image busybox and command "echo hello; sleep 3600". Connect to the second container and run 'ls' 译:创建一个带有两个容器的Pod,两个容器都使用的busybox镜像,并且都执行命令"echo hello;sleep 3600"。然后连接到第二个容器并运行'ls'命令
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: multic
name: multic
spec:
containers:
- args:
- /bin/sh
- -c
- echo hello;sleep 3600
image: busybox
name: busybox1
resources: {}
- args:
- /bin/sh
- -c
- echo hello;sleep 3600
image: busybox
name: busybox2
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
Create a pod with an nginx container exposed on port 80. Add a busybox init container which create a file using "touch /work-dir/test". Make a volume of type emptyDir and mount it in both containers. For the nginx container, mount it on "/usr/share/nginx/html" and for the initcontainer, mount it on "/work-dir". When done, get the IP of the created pod and create a busybox pod and run "wget -O- IP"
k run nginx --image=nginx --dry-run-client --restart=Never -oyaml --port=80
k run busybox --image=busybox --restart=Never -- /bin/sh -c "wget -O- 10.244.36.78"
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
volumes:
- name: myvol
emptyDir: {}
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
volumeMounts:
- name: myvol
mountPath: "/usr/share/nginx/html"
initContainers:
- image: busybox
name: busybox
args:
- /bin/sh
- -c
- touch /work-dir/test
volumeMounts:
- name: myvol
mountPath: "/work-dir"
dnsPolicy: ClusterFirst
restartPolicy: Never
w label tier=web to all pods having 'app=v2' or 'app=v1' labels
译:给所有 app=v2 或 app=v1 的 Pod 添加一个新的标签 tier=web。
k label po -l "app in (v1,v2)" tier=web --overwrite
Create a job with the image busybox that executes the command 'echo hello;sleep 30;echo world'
k create job job --image=busybox -- /bin/sh -c 'echo hello;sleep 30;echo world'
Create a job but ensure that it will be automatically terminated by kubernetes if it takes more than 30 seconds to execute
k create job busybox --image=busybox --dry-run=client -oyaml -- /bin/sh -c while true; do sleep 10s; done
配置 spec下activeDeadlineSeconds: 30