简介
OpenShift 是红帽“加强”过的 Kubernetes。
官方文档(v3.11.0)
Yaml 模板
DeploymentConfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: demo
labels:
app: demo
spec:
template:
metadata:
labels:
app: demo
spec:
hostname: demo
containers:
- env:
- name: SPRING_PROFILES_ACTIVE
valueFrom:
configMapKeyRef:
key: DEFAULT
name: profile
- name: PORT
value: "8080"
livenessProbe:
failureThreshold: 3
httpGet:
path: /actuator/health
port: 5273
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: /actuator/health
port: 5273
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
image: docker.io/wqnice/demo:0.1.0
imagePullPolicy: Always
name: demo
ports:
- containerPort: 8080
protocol: TCP
replicas: 1
strategy:
type: Rolling
paused: false
revisionHistoryLimit: 2
minReadySeconds: 0
|
Service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| kind: Service
apiVersion: v1
metadata:
labels:
app: demo
name: demo
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demo
|
Route
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| kind: Route
apiVersion: v1
metadata:
labels:
app: demo
name: demo
spec:
host: demo.apps.<hostname>
path: "/"
port:
targetPort: http
to:
kind: Service
name: demo
weight: 100
wildcardPolicy: None
|
Template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| apiVersion: v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description"
iconClass: "icon-redis"
tags: "database,nosql"
parameters:
- description: Password used for Redis authentication
from: '[A-Z0-9]{8}'
generate: expression
name: REDIS_PASSWORD
message: 'demo description'
labels:
redis: master
objects:
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: redis
spec:
template:
metadata:
labels:
app: redis
spec:
hostname: redis
containers:
- image: docker.io/wqnice/demo:0.1.0
imagePullPolicy: Always
name: demo
ports:
- containerPort: 8080
protocol: TCP
replicas: 1
strategy:
type: Rolling
paused: false
revisionHistoryLimit: 2
minReadySeconds: 0
|
ConfigMap
1
2
3
4
5
6
7
8
9
10
11
12
| kind: ConfigMap
apiVersion: v1
metadata:
name: example-config
namespace: default
data:
example.property.1: hello
example.property.2: world
example.property.file: |-
property.1=value-1
property.2=value-2
property.3=value-3
|
PersistentVolume
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| apiVersion: v1
kind: PersistentVolume
metadata:
finalizers:
- kubernetes.io/pv-protection
name: demo-pv
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: demo-pvc
nfs:
path: /demo
server: 172.25.2.1
persistentVolumeReclaimPolicy: Retain
storageClassName: demo
|
PersistentVolumeCliam
1
2
3
4
5
6
7
8
9
10
11
12
13
| apiVersion: v1
kind: PersistentVolumeClaim
metadata:
finalizers:
- kubernetes.io/pvc-protection
name: demo-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
volumeName: demo-pv
|
CronJobs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: demo
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
metadata:
labels:
parent: "cronjobpi"
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: OnFailure
|
DaemonSet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: demo
spec:
selector:
matchLabels:
name: demo
template:
metadata:
labels:
name: demo
spec:
containers:
- image: docker.io/wqnice/demo:0.1.0
imagePullPolicy: Always
name: demo
ports:
- containerPort: 8080
protocol: TCP
serviceAccount: default
terminationGracePeriodSeconds: 10
|
Robot 账户配置
创建账户
获取令牌
1
| oc serviceaccounts get-token robot
|
授予机器人账户全部权限
1
| oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:<namespace>:<robot name>
|