代码拉取完成,页面将自动刷新
通过POST请求更新Kubernetes资源,支持Kubernetes 1.20.15 ~~ Kubernetes 1.28.0,其他版本未测试。
项目必须部署到Kubernetes集群里!! 建议放到 kube-system namespace
1、自行构建镜像
git clone https://gitee.com/yunwe/kubeupdate.git
cd kubeupdate
docker build -t harbor.com/kubeupdate:0.3.4 .
docker push harbor.com/kubeupdate:0.3.4
使用我的镜像
registry.cn-hangzhou.aliyuncs.com/huang-image/kubeupdate:0.3.4
部署YAML
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeupdate-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["apps", "batch"]
resources: ["deployments", "statefulsets", "jobs", "cronjobs", "daemonsets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeupdate-rolebinding
subjects:
- kind: ServiceAccount
# 绑定 kubeupdate 角色
name: kubeupdate
namespace: kube-system
roleRef:
kind: ClusterRole
# cluster-admin拥有最高权限,需要权限收缩可以换成 kubeupdate-role
name: kubeupdate-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeupdate
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kubeupdate
name: kubeupdate
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: kubeupdate
template:
metadata:
labels:
app: kubeupdate
spec:
serviceAccountName: kubeupdate
containers:
- image: registry.cn-hangzhou.aliyuncs.com/huang-image/kubeupdate:0.3.4
imagePullPolicy: Always
name: kubeupdate
ports:
- containerPort: 5000
name: 5000tcp2
protocol: TCP
# 建议自定义Token,防止非法请求
env:
- name: TOKEN
value: 'PXhNVVVgMDdWKCrvPHOlwGseVMBscEXJKmAcrxltVQtTeNJQrMBMEIqUWSKJulDaFUUgy'
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kubeupdate
name: kubeupdate
namespace: kube-system
spec:
externalTrafficPolicy: Cluster
ports:
- nodePort: 30002
port: 5000
protocol: TCP
targetPort: 5000
selector:
app: kubeupdate
sessionAffinity: None
type: NodePort
测试Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80
- name: tomcat
image: tomcat:9.0
ports:
- containerPort: 8080
部署好后通过暴露的地址执行:
curl -X POST http://192.168.1.38:30002/update_image -H "Content-Type: application/json" -d '{
"name": "nginx-deployment",
"namespace": "default",
"image": "nginx:1.22",
"resource_type": "deployment",
"token": "PXhNVVVgMDdWKCrvPHOlwGseVMBscEXJKmAcrxltVQtTeNJQrMBMEIqUWSKJulDaFUUgy"
}'
pod如果有多个容器,必须添加一个
container
参数,指定容器名称,比如
curl -X POST http://192.168.1.38:30002/update_image -H "Content-Type: application/json" -d '{
"name": "nginx-deployment",
"namespace": "default",
"image": "tomcat:9-jdk11",
"resource_type": "deployment",
"container": "tomcat",
"token": "PXhNVVVgMDdWKCrvPHOlwGseVMBscEXJKmAcrxltVQtTeNJQrMBMEIqUWSKJulDaFUUgy"
}'
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。