This is a collection of Kubernetes-Manifest snippets to quickly reference the syntax.
Namespace
apiVersion: v1
kind: Namespace
metadata:
name: myapp
Service
ClusterIP
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: frontend
name: frontend-service
namespace: myapp
spec:
ports:
- port: 80
targetPort: 80
selector:
k8s-app: frontend
NodePort
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: frontend
name: frontend-service
namespace: myapp
spec:
ports:
- port: 80
targetPort: 80
nodePort: 30080
selector:
k8s-app: frontend
type: NodePort
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
namespace: myapp
spec:
rules:
- host: "myapp.home"
http:
paths:
- pathType: Prefix
path: "/api/v1"
backend:
service:
name: backend-service
port:
number: 3001
- pathType: Prefix
path: "/socket.io/"
backend:
service:
name: backend-service
port:
number: 3001
- host: "myapp.home"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: frontend-service
port:
number: 80
Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-deployment
namespace: myapp
labels:
k8s-app: frontend
spec:
selector:
matchLabels:
k8s-app: frontend
template:
metadata:
labels:
k8s-app: frontend
spec:
imagePullSecrets:
- name: gitea
containers:
- name: frontend
image: frontend:latest
imagePullPolicy: Always
ports:
- containerPort: 80
env:
- name: REACT_APP_API_URL
value: "myapp.home"
resources:
limits:
cpu: 1500m
requests:
cpu: 200m
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
volumeMounts:
- name: nfs
mountPath: /mnt/nfs
volumes:
- name: nfs
persistentVolumeClaim:
claimName: nfs
HorizontalPodAutoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: frontend-autoscaler
namespace: myapp
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: frontend-deployment
minReplicas: 1
maxReplicas: 9
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 40
Secret
apiVersion: v1
kind: Secret
metadata:
name: runner-secret
data:
token: WmRuT0JyUWVRRnVlRTdNWURDdHlEak41UnVNQmxKUnUzWjF6SVE3QQo=
type: Opaque
Persistent Volumes
Creates a Ressource to store data persistently.
PVs are not bound to a namespace
NFS
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs
spec:
capacity:
storage: 500Mi
accessModes:
- ReadWriteMany
storageClassName: nfs
nfs:
server: <nfs-server-ip-or-name>
path: "/<path of nfs-export>"
Persistent Volume Claims
It requests to use a Persistent Volume. A matching PV will be connected to the claim.
It will claim the whole PV. If the PV is bigger than the claim requests, the claim will recieve a bigger volume.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs
resources:
requests:
storage: 100Mi
Cronjob
apiVersion: batch/v1
kind: CronJob
metadata:
name: hello
spec:
schedule: "* * * * *"
successfulJobsHistoryLimit: 0 # do not keep successful jobs and pods
failedJobsHistoryLimit: 5
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure
TLS Configuration
Create Secret
kubectl create secret tls cert-name --key <privatekey-file> --cert <cert-file>
Configure Ingress
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect
namespace: myapp
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
namespace: myapp
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
# MUST be <namespace>-<name>@kubernetescrd
traefik.ingress.kubernetes.io/router.middlewares: myapp-redirect@kubernetescrd
spec:
rules:
- host: "myapp.home"
http:
paths:
- pathType: Prefix
path: "/api/v1"
backend:
service:
name: backend-service
port:
number: 3001
- pathType: Prefix
path: "/socket.io/"
backend:
service:
name: backend-service
port:
number: 3001
- host: "myapp.home"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: frontend-service
port:
number: 80
tls:
- hosts:
- myapp.home
secretName: cert-name