Kubernetes resource management with YAML manifests¶
In Kubernetes, the desired state of the cluster—such as which applications are running, on which nodes, and with what resources—is defined using YAML manifests^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md]. These declarative configuration files serve as the source of truth for the cluster, allowing administrators to manage complex deployments and infrastructure configurations efficiently^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
Deployment and Configuration¶
The typical workflow involves creating a directory to store YAML files and defining resources such as Deployments, Services, and Ingress^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
Example Directory Structure¶
A common practice is to organize manifests by application or component on a dedicated host (e.g., an Ops server)^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
mkdir /data/k8s-yaml
cd /data/k8s-yaml
mkdir jenkins
cd jenkins
Deployment Manifest¶
A Deployment resource (dp.yaml) defines the container image, replicas, ports, and environment variables^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
labels:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
name: jenkins
template:
metadata:
labels:
app: jenkins
name: jenkins
spec:
volumes:
- name: data
nfs:
server: hdss7-200
path: /data/nfs-volume/jenkins_home
containers:
- name: jenkins
image: harbor.od.com/infra/jenkins:v2.190.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: data
mountPath: /var/jenkins_home
imagePullSecrets:
- name: harbor
Service Manifest¶
A Service resource (svc.yaml) creates a stable network endpoint to access the running pods^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8080
selector:
app: jenkins
Ingress Manifest¶
An Ingress resource (ingress.yaml) manages external access to the services, typically via HTTP/HTTPS^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
kind: [Ingress](<./ingress.md>)
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
Applying Manifests¶
Once the YAML files are prepared, they are applied to the cluster using the kubectl apply command^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md]. These files are often hosted on an internal HTTP server for easy access and version control^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
[kubectl](<./kubectl.md>) apply -f http://k8s-yaml.od.com/jenkins/dp.yaml
[kubectl](<./kubectl.md>) apply -f http://k8s-yaml.od.com/jenkins/svc.yaml
[kubectl](<./kubectl.md>) apply -f http://k8s-yaml.od.com/jenkins/ingress.yaml
Private Registry Authentication¶
When deploying container images from a private registry (like Harbor), a secret must be created within the specific namespace to store the authentication credentials^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
[kubectl](<./kubectl.md>) create secret docker-registry harbor \
--docker-server=harbor.od.com \
--docker-username=admin \
--docker-password=Harbor12345 \
-n infra
This secret is then referenced in the Deployment manifest under spec.template.spec.imagePullSecrets^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
Configuration Management¶
YAML manifests can be used to inject environment variables and mount storage volumes.
- Environment Variables: Used to pass configuration at runtime, such as Java options or application arguments^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
- Volumes: Manifests support various volume types, including
nfsfor persistent storage andhostPathfor accessing host machine files^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md].
Related Concepts¶
- Kubernetes
- [[Docker]]
- CI/CD
- Ingress
Sources¶
400-devops-06-kubernetes-k8s-paas-05k8scicd.md