Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
devops:kubernetes [2021/08/02 13:24] – [Добавление объекта] admindevops:kubernetes [2022/01/12 13:54] – [Распределить поды деплоймента по разным нодам кластера] admin
Line 352: Line 352:
 set -e set -e
  
-KUB_CONTEXT='kub-apps-test+KUB_CONTEXT='kubernetes-admin@kubernetes
-KUB_USERNAME='developer' +KUB_USERNAME='developer-ro
-KUB_USERGROUP='app-dev-full'+KUB_USERGROUP='mcs-ro'
 #cluster or ns (namespace) #cluster or ns (namespace)
 #AUTH_SCOPE='cluster' #AUTH_SCOPE='cluster'
 AUTH_SCOPE='ns' AUTH_SCOPE='ns'
 # If AUTH_SCOPE = ns then we need namespace name # If AUTH_SCOPE = ns then we need namespace name
-KUB_NAMESPACE='app-dev+KUB_NAMESPACE='default
-KUB_ROLE_NAME='app-dev-full'+KUB_ROLE_NAME="${KUB_USERGROUP}-role"
 # Comma separated quoted - '"get", "list"'. For all use "*" # Comma separated quoted - '"get", "list"'. For all use "*"
 KUB_ROLE_APIGROUPS='"*"' KUB_ROLE_APIGROUPS='"*"'
 KUB_ROLE_RESOURCES='"*"' KUB_ROLE_RESOURCES='"*"'
-KUB_ROLE_VERBS='"*"'+KUB_ROLE_VERBS='"get", "list"'
  
 echo "Switching to context '${KUB_CONTEXT}'..." echo "Switching to context '${KUB_CONTEXT}'..."
Line 449: Line 449:
   name: ${KUB_USERGROUP}   name: ${KUB_USERGROUP}
   apiGroup: rbac.authorization.k8s.io   apiGroup: rbac.authorization.k8s.io
-roleRef:                              +roleRef: 
- kind: ClusterRole                          + kind: ClusterRole
  name: ${KUB_ROLE_NAME}  name: ${KUB_ROLE_NAME}
- apiGroup: rbac.authorization.k8s.io + apiGroup: rbac.authorization.k8s.io
 EOF EOF
 fi fi
Line 479: Line 479:
   name: ${KUB_USERGROUP}   name: ${KUB_USERGROUP}
   apiGroup: rbac.authorization.k8s.io   apiGroup: rbac.authorization.k8s.io
-roleRef:                              +roleRef: 
- kind: Role                          + kind: Role
  name: ${KUB_ROLE_NAME}  name: ${KUB_ROLE_NAME}
- apiGroup: rbac.authorization.k8s.io + apiGroup: rbac.authorization.k8s.io
 EOF EOF
 fi fi
Line 510: Line 510:
 current-context: ${KUB_USERNAME}-${CLUSTER_NAME} current-context: ${KUB_USERNAME}-${CLUSTER_NAME}
 EOF EOF
 +
 +kubectl delete certificatesigningrequests ${KUB_USERNAME}_csr
 </code> </code>
 ===== Создание закрытого ключа пользователя и запроса сертификата ===== ===== Создание закрытого ключа пользователя и запроса сертификата =====
Line 907: Line 909:
   for pv in $PVs; do ./resetpv --etcd-ca ./ca.crt --etcd-cert ./server.crt --etcd-key ./server.key --etcd-host 10.77.68.1 --etcd-port 2379 $pv; done   for pv in $PVs; do ./resetpv --etcd-ca ./ca.crt --etcd-cert ./server.crt --etcd-key ./server.key --etcd-host 10.77.68.1 --etcd-port 2379 $pv; done
  
 +====== Распределить поды деплоймента по разным нодам кластера ======
 +<code>
 +apiVersion: apps/v1
 +kind: Deployment
 +metadata:
 +  name: my-service
 +  labels:
 +    app: my-service
 +spec:
 +  replicas: 2
 +  selector:
 +    matchLabels:
 +      app: my-service
 +  template:
 +    metadata:
 +      labels:
 +        app: my-service
 +    spec:
 +      topologySpreadConstraints:
 +      - maxSkew: 1
 +        topologyKey: kubernetes.io/hostname
 +        whenUnsatisfiable: DoNotSchedule
 +        labelSelector:
 +          matchLabels:
 +            app: my-service
 +</code>
  • devops/kubernetes.txt
  • Last modified: 2023/11/30 08:03
  • by admin