Resource Type | Purpose | Minimal YAML Example |
---|---|---|
Pod | The smallest and simplest Kubernetes object. Represents a single instance of a running process in a cluster. | yaml<br>apiVersion: v1<br>kind: Pod<br>metadata:<br> name: my-pod<br>spec:<br> containers:<br> - name: my-container<br> image: nginx<br> |
Deployment | Provides declarative updates for Pods and ReplicaSets. | yaml<br>apiVersion: apps/v1<br>kind: Deployment<br>metadata:<br> name: my-deployment<br>spec:<br> replicas: 3<br> selector:<br> matchLabels:<br> app: myapp<br> template:<br> metadata:<br> labels:<br> app: myapp<br> spec:<br> containers:<br> - name: my-container<br> image: nginx<br> ports:<br> - containerPort: 80<br> |
Service | Exposes a set of Pods as a network service. | yaml<br>apiVersion: v1<br>kind: Service<br>metadata:<br> name: my-service<br>spec:<br> selector:<br> app: myapp<br> ports:<br> - protocol: TCP<br> port: 80<br> targetPort: 9376<br> |
ConfigMap | Provides a way to inject configuration data into Pods. | yaml<br>apiVersion: v1<br>kind: ConfigMap<br>metadata:<br> name: my-configmap<br>data:<br> key: value<br> |
Secret | Stores sensitive information, such as passwords, OAuth tokens, and ssh keys. | yaml<br>apiVersion: v1<br>kind: Secret<br>metadata:<br> name: my-secret<br>type: Opaque<br>data:<br> key: dmFsdWU=<br> |
Ingress | Manages external access to services, typically HTTP. | yaml<br>apiVersion: networking.k8s.io/v1<br>kind: Ingress<br>metadata:<br> name: my-ingress<br>spec:<br> rules:<br> - host: my-app.example.com<br> http:<br> paths:<br> - path: /<br> pathType: Prefix<br> backend:<br> service:<br> name: my-service<br> port:<br> number: 80<br> |
PersistentVolume | Provides storage resources to be used by Pods. | yaml<br>apiVersion: v1<br>kind: PersistentVolume<br>metadata:<br> name: my-pv<br>spec:<br> capacity:<br> storage: 1Gi<br> accessModes:<br> - ReadWriteOnce<br> persistentVolumeReclaimPolicy: Retain<br> hostPath:<br> path: /mnt/data<br> |
PersistentVolumeClaim | Requests storage resources for Pods. | yaml<br>apiVersion: v1<br>kind: PersistentVolumeClaim<br>metadata:<br> name: my-pvc<br>spec:<br> accessModes:<br> - ReadWriteOnce<br> resources:<br> requests:<br> storage: 1Gi<br> |
StatefulSet | Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. | yaml<br>apiVersion: apps/v1<br>kind: StatefulSet<br>metadata:<br> name: my-statefulset<br>spec:<br> serviceName: "nginx"<br> replicas: 3<br> selector:<br> matchLabels:<br> app: nginx<br> template:<br> metadata:<br> labels:<br> app: nginx<br> spec:<br> containers:<br> - name: nginx<br> image: nginx<br> ports:<br> - containerPort: 80<br> volumeClaimTemplates:<br> - metadata:<br> name: my-pvc<br> spec:<br> accessModes: [ "ReadWriteOnce" ]<br> resources:<br> requests:<br> storage: 1Gi<br> |
DaemonSet | Ensures a copy of a Pod is running across all or some nodes in the cluster. | yaml<br>apiVersion: apps/v1<br>kind: DaemonSet<br>metadata:<br> name: my-daemonset<br>spec:<br> selector:<br> matchLabels:<br> app: myapp<br> template:<br> metadata:<br> labels:<br> app: myapp<br> spec:<br> containers:<br> - name: my-container<br> image: nginx<br> |
Job | Creates one or more Pods and ensures that a specified number of them successfully terminate. | yaml<br>apiVersion: batch/v1<br>kind: Job<br>metadata:<br> name: my-job<br>spec:<br> template:<br> spec:<br> containers:<br> - name: my-container<br> image: busybox<br> command: ["sleep", "10"]<br> restartPolicy: OnFailure<br> |
CronJob | Creates Jobs on a time-based schedule. | yaml<br>apiVersion: batch/v1<br>kind: CronJob<br>metadata:<br> name: my-cronjob<br>spec:<br> schedule: "*/1 * * * *"<br> jobTemplate:<br> spec:<br> template:<br> spec:<br> containers:<br> - name: my-container<br> image: busybox<br> command: ["sleep", "10"]<br> restartPolicy: OnFailure<br> |
Role | Defines permissions within a namespace. | yaml<br>apiVersion: rbac.authorization.k8s.io/v1<br>kind: Role<br>metadata:<br> namespace: default<br> name: pod-reader<br>rules:<br>- apiGroups: [""]<br> resources: ["pods"]<br> verbs: ["get", "watch", "list"]<br> |
ClusterRole | Defines permissions cluster-wide. | yaml<br>apiVersion: rbac.authorization.k8s.io/v1<br>kind: ClusterRole<br>metadata:<br> name: cluster-admin<br>rules:<br>- apiGroups: ["*"]<br> resources: ["*"]<br> verbs: ["*"]<br> |
RoleBinding | Grants permissions defined in a Role to a user or set of users. | yaml<br>apiVersion: rbac.authorization.k8s.io/v1<br>kind: RoleBinding<br>metadata:<br> name: read-pods<br> namespace: default<br>subjects:<br>- kind: User<br> name: "jane"<br> apiGroup: rbac.authorization.k8s.io<br>roleRef:<br> kind: Role<br> name: pod-reader<br> apiGroup: rbac.authorization.k8s.io<br> |
ClusterRoleBinding | Grants permissions defined in a ClusterRole to a user or set of users. | yaml<br>apiVersion: rbac.authorization.k8s.io/v1<br>kind: ClusterRoleBinding<br>metadata:<br> name: admin-binding<br>subjects:<br>- kind: User<br> name: "admin"<br> apiGroup: rbac.authorization.k8s.io<br>roleRef:<br> kind: ClusterRole<br> name: cluster-admin<br> apiGroup: rbac.authorization.k8s.io<br> |
Created
May 15, 2024 11:48
-
-
Save 1UC1F3R616/acfd3dba3ad073ecd8e8fa10c82e8e94 to your computer and use it in GitHub Desktop.
Kuberenetes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://validkube.com/
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#deployment-v1-apps