应用程序部署管理

Kustomize的核心目标在于为管理的应用生成资源配置，而这些资源配置中定义了资源的期望状态，在具体实现上，它通过kustomization.yaml文件组合和（或）叠加多种不同的来源的资源配置来生成。

Kustomize将一个特定应用的配置保存于专用的目录中，且该目录中必须有一个名为kustomization.yaml的文件作为该应用的核心控制文件。由以下kustomization.yaml文件的格式说明可以大体看出，Kustomize可以直接组合由resources字段中指定资源文件作为最终配置，也可在它们的基础上进行额外的修订，例如添加通用标签和通用注解、为各个资源添加统一的名称前缀或名称后缀、改动Pod模板中的镜像文件及向容器传递变量等。

Kustomize资源定义清单

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources <[]string>   # 待定制的原始资源配置文件列表，将由kustomize按顺序处理
namespace <string>     # 设定所有名称空间级别资源所属的目标名称空间
commonLabels <map[string]string>  # 添加到所有资源的通用标签，包括Pod模板及相关的
# 相关的标签选择器
commonAnnotations <map[string]string>   # 添加到所有资源的通用注解
namePrefix <string>   # 统一给所有资源添加的名称前缀
nameSuffix <string>   # 统一给所有资源添加的名称后缀
images <[]Image>   # 将所有Pod模板中的符合name字段条件镜像文件修改为指定的镜像
- name <String>    # 资源清单中原有的镜像名称，即待替换的镜像
  newName <String>   # 要使用的新镜像名称
  newTag <String>     # 要使用的新镜像的标签
  digest <String>     # 要使用的新镜像的sha256校验码
vars <[]Var>       # 指定可用于替换Pod容器参数中变量的值或容器环境变量的值
- name <String>   # 变量的名称，支持以“$(name)”格式进行引用
  objref <String>  # 包含了要引用的目标字段的对象的名称
  fieldref <String>  # 引用的字段名称，默认为metadata.name


配置生成器：
configMapGenerator <[]ConfigMapGeneratorArgs>  # ConfigMap资源生成器列表
- name <String>   # ConfigMap资源的名称，会受到namePrefix和nameSuffix的影响
  namespace <String>  # 资源所在的名称空间，会覆盖kustomize级别的名称空间设定
  behavior <String>   # 与上级同名资源的合并策略，可用取值为create/replace/merge；
  files <[]String>   # 从指定的路径加载文件生成ConfigMap，要使用当前项目的相对路径
  literals <[]String>   # 从指定的“key=value”格式的直接值生成ConfigMap
  env <String>   # 从指定的环境变量文件中加载“key=value”格式的环境变量为资源数据
secretGenerator <[]secretGeneratorArgs>  # Secret资源生成器列表
- name <String>   # Secret资源的名称，会受到namePrefix和nameSuffix的影响
  namespace <String>  # 资源所在的名称空间，会覆盖kustomize级别的名称空间设定
  behavior <String>   # 与上级同名资源的合并策略，可用取值为create/replace/merge
  files <[]String>   # 从指定的路径加载文件生成Secret，起始于当前项目的相对路径
  literals <[]String>   # 从指定的“key=value”格式的直接值生成Secret
  type <String>   # Secret资源的类型，且“kubernetes.io/tls”有特殊的键名要求
generatorOptions <GeneratorOptions>   # 当前kustomization.yaml中的ConfigMap
# 和Secret生成器专用的选项
  labels <map[String]String>   # 当前kustomization.yaml中所有生成资源添加的标签
  annotations <map[String]String>   # 为生成所有资源添加的注解
  disableNameSuffixHash <Boolean>  # 是否禁用hash名称后缀，默认为启用
 
 
# 资源补丁
patchesJson6902 <[]Json6902>   # 由各待补对象及其补丁文件所组成的列表
  path <String>   # 补丁文件，不含有目标资源对象的信息，支持json或yaml格式
  target <Target>   # 待补资源对象
    group <String>  # 资源所属的群组
    version <String>   # API版本
    kind <String>   # 资源类型
    name <String>   # 资源对象的名称
    namespace <string>   # 资源对象所属的名称空间
patchesStrategicMerge <[]string>   # 将补丁补到匹配的资源之上，匹配的方式是根据资源
                                         # Group/Version/Kind + Name/Namespace判断

Kustomize示例

1.目录格式

root@k8s-master01:~/yaml/chapter14/kustomize-demo# ls
deploy-demoapp.yaml  kustomization.yaml  service-demoapp.yaml

# 此处kustomize-demo目录为需要部署的应用程序名称
# kustomization.yaml为必须的，其余两个文件为被kustomization装载时使用。

2.kustomization文件内容

root@k8s-master01:~/yaml/chapter14/kustomize-demo# vim kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- deploy-demoapp.yaml          # 此处为需要使用的清单
- service-demoapp.yaml

commonLabels:                 # 可以实现为每个资源自动添加标签
  generated-by: kustomize     # 等kustomization被启动时会自动添加标签。

3.deploy-demoapp.yaml内容

root@k8s-master01:~/yaml/chapter14/kustomize-demo# vim deploy-demoapp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demoapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demoapp
  template:
    metadata:
      labels:
        app: demoapp
    spec:
      containers:
      - name: demoapp
        image: ikubernetes/demoapp:v1.0
        ports:
        - containerPort: 80
          name: http

4.service-demoapp内容

root@k8s-master01:~/yaml/chapter14/kustomize-demo# vim service-demoapp.yaml
apiVersion: v1
kind: Service
metadata:
  name: demoapp
spec:
  selector:
    app: demoapp
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80

5.部署和应用

root@k8s-master01:~/yaml/chapter14/kustomize-demo# kubectl apply -k ../kustomize-demo --dry-run=client -o yaml
# 部署时需要使用-k选项，并且指定当前的目录。
# --dry-run表示测试不真正应用

Kustomize示例2

资源复用1

1.目录结构

root@k8s-master01:~/yaml/chapter14/demoapp# ls
base  prod  staging  test

# demoapp目录下定义了4个目录，base表示最基础配置。
# prod,staging,test分别代表三种环境

2.base目录下为示例1中的文件

root@k8s-master01:~/yaml/chapter14/demoapp/base# ls
deploy-demoapp.yaml  kustomization.yaml  service-demoapp.yaml

3.test目录下kustomization内容

root@k8s-master01:~/yaml/chapter14/demoapp/test# vim kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../base/           # 指定基于父目录中的base目录，此处加载了base目录，直接使用了base目录下的文件
resources:
- namespace.yaml     # 除了base目录下的文件外还另外加载了namespace.yaml文件。
namespace: test      # 此处表示专门用于部署在test名称空间下，而test名称空间是在namespase.yaml文件中定义的
commonLabels:
  environment: test   # 在原有的label之上新添加了一个环境的标签。
commonAnnotations:
  ilinux.io/app: "demoapp"   # 新加了一个annotations
images:
- name: "ikubernetes/demoapp"   # 使用images来修改原有清单中默认使用的镜像。
  newTag: "v1.1"

4.test目录下namespace内容。

root@k8s-master01:~/yaml/chapter14/demoapp/test# vim namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: test

5.运行test

root@k8s-master01:~/yaml/chapter14/demoapp# kubectl apply -k test --dry-run=client -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Namespace
  metadata:
    creationTimestamp: "2021-08-23T08:18:12Z"
    labels:
      kubernetes.io/metadata.name: test
    name: test
    resourceVersion: "893860"
    uid: 41682068-a532-4b3e-bda4-3389e2ce2a8d
  spec:
    finalizers:
    - kubernetes
  status:
    phase: Active
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"test","generated-by":"kustomize"},"name":"demoapp","namespace":"test"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"selector":{"app":"demoapp","environment":"test","generated-by":"kustomize"}}}
    labels:
      environment: test
      generated-by: kustomize
    name: demoapp
    namespace: test
  spec:
    ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
    selector:
      app: demoapp
      environment: test
      generated-by: kustomize
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"test","generated-by":"kustomize"},"name":"demoapp","namespace":"test"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"demoapp","environment":"test","generated-by":"kustomize"}},"template":{"metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"app":"demoapp","environment":"test","generated-by":"kustomize"}},"spec":{"containers":[{"image":"ikubernetes/demoapp:v1.1","name":"demoapp","ports":[{"containerPort":80,"name":"http"}]}]}}}}
    labels:
      environment: test
      generated-by: kustomize
    name: demoapp
    namespace: test
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: demoapp
        environment: test
        generated-by: kustomize
    template:
      metadata:
        annotations:
          ilinux.io/app: demoapp
        labels:
          app: demoapp
          environment: test
          generated-by: kustomize
      spec:
        containers:
        - image: ikubernetes/demoapp:v1.1
          name: demoapp
          ports:
          - containerPort: 80
            name: http
kind: List
metadata: {}

资源复用2

1.查看staging目录内容

root@k8s-master01:~/yaml/chapter14/demoapp/staging# ls
kustomization.yaml  namespace.yaml  secrets

2.查看kustomization.yaml内容

root@k8s-master01:~/yaml/chapter14/demoapp/staging# vim kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../base/
resources:
- namespace.yaml
namespace: staging
commonLabels:
  environment: staging
commonAnnotations:
  ilinux.io/app: "demoapp"
configMapGenerator:                # 生成CM信息
- name: demoapp-conf               # CM名字
  literals:												 # 基于字串生成CM
  - HOST="0.0.0.0"
  - PORT="8080"
secretGenerator:                   # 生成Secret信息
- name: demoapp-ssl
  files:
  - secrets/tls.crt
  - secrets/tls.key
  type: "kubernetes.io/tls"
generatorOptions:
  disableNameSuffixHash: true

3.查看namespace.yaml内容

root@k8s-master01:~/yaml/chapter14/demoapp/staging# vim namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: staging

4.secrets目录下位tls证书和私钥

root@k8s-master01:~/yaml/chapter14/demoapp/staging# ls secrets/
tls.crt  tls.key

5.运行kustomize

root@k8s-master01:~/yaml/chapter14/demoapp/staging# kubectl apply -k ../staging/ --dry-run=client -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Namespace
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"staging"},"name":"staging"}}
    labels:
      environment: staging
    name: staging
- apiVersion: v1
  data:
    HOST: 0.0.0.0
    PORT: "8080"
  kind: ConfigMap
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","data":{"HOST":"0.0.0.0","PORT":"8080"},"kind":"ConfigMap","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"staging"},"name":"demoapp-conf","namespace":"staging"}}
    labels:
      environment: staging
    name: demoapp-conf
    namespace: staging
- apiVersion: v1
  data:
    tls.crt: |
      LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lVT2J1Qm
      NVMjMyNHhsTmdxZVdoVXBiM2k1b2ljd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdH
      QTFVRUF3d1JkM2QzTG0xNWJHbHVkWGh2Y0hNdVkyNHdIaGNOTWpFd09ESXdNRFUwTXpNMg
      pXaGNOTWpJd09ESXdNRFUwTXpNMldqQWNNUm93R0FZRFZRUUREQkYzZDNjdWJYbHNhVzUx
      ZUc5d2N5NWpiakNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRU
      JBT0VqN3ozS1JPYWI3NGpHamUvWDh0M0IKZmliVVlpYkljLzV6Ky9jR2s3RHRpR2h5a3VB
      QkFHa0wwNVVlOHM0WGNpZ1pMZThITllxTzZIdGF1OXRCdWcwcwptdytoRmlMWUhEeFFPN3
      ZqaDRzeWlXRG9ZMk9WR0NOa0NiRm91eHA0clg5b3NOdnZVYTlFdUNkRTRhdGdnbytpCkli
      Rkcya1IycU5CYXRzckdTNXdPYnBQUlVuSzY1aHpEaW5tWU5ITzBqWTZXYXc1ZkczdFljUX
      F4dEVPU1B5akQKOWlVVHBXdjdsWEtzOG96Rmk5enMvQ1pvdloyQ0lUWCtRVW1TbHUvOU5v
      U3Z6WDgvYy9relpoVG9vQXROeGkybgpCT3c0WkJzeGxJeGxhczNJcEd5Nno1cUpOZ0doMk
      oyZ1N3bVkwRTVDcFBsZ0x6Q2tvWGtsK0Nyd2xZNkE3cVVDCkF3RUFBYU5UTUZFd0hRWURW
      UjBPQkJZRUZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQjhHQTFVZEl3UVkKTUJhQU
      ZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdE
      UVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUNSUXNib2pJSVp2ckRKblVlSTMyMko4ZnB0S2
      FtMWdZSjJWTi94NXY1c29tQnhMCmVaL1BzeVU5bUNIdFNlY2RNOXNJZUlOZm0yY2x0Sk1M
      RExuNEpEdjdpSFR5dzcxRzVUZGw1UU4zTWEwU2N5dVAKdVIxc281SVBpc0VEalVjOHVpcE
      ovdSt5bS9MbitUS2pNeEpzL0pSZnhEbXZRZUJneGpIaWNBWStDNHlOV1dHRwozUk1HL2pY
      RGVKOWJ3dTNjQmhndjBwNjR3ak93aU1QUGlMNGRJUFp4VUVUbkFWeVgzZDd1K3ZsT2VwWW
      phSWM3CjhLL2JZelkvY2dBaTJNZ2ZXK2x1UFJHOTRxVHo1SkdZeXVtbUlRdnRNRUFucnVM
      aTFWSXVRNjljaWtvNlpxTHkKMVhYeWJuZTZzNW1oVmduS25iM1l6NjRIOXlhaHRxYTArMF
      l3N2xzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    tls.key: |
      LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNFNQdl
      BjcEU1cHZ2aU1hTjc5ZnkzY0YrSnRSaUpzaHovblA3OXdhVHNPMklhSEtTCjRBRUFhUXZU
      bFI3eXpoZHlLQmt0N3djMWlvN29lMXE3MjBHNkRTeWJENkVXSXRnY1BGQTd1K09IaXpLSl
      lPaGoKWTVVWUkyUUpzV2k3R25pdGYyaXcyKzlScjBTNEowVGhxMkNDajZJaHNVYmFSSGFv
      MEZxMnlzWkxuQTV1azlGUwpjcnJtSE1PS2VaZzBjN1NOanBackRsOGJlMWh4Q3JHMFE1SS
      9LTVAySlJPbGEvdVZjcXp5ak1XTDNPejhKbWk5Cm5ZSWhOZjVCU1pLVzcvMDJoSy9OZno5
      eitUTm1GT2lnQzAzR0xhY0U3RGhrR3pHVWpHVnF6Y2lrYkxyUG1vazIKQWFIWW5hQkxDWm
      pRVGtLaytXQXZNS1NoZVNYNEt2Q1Zqb0R1cFFJREFRQUJBb0lCQVFEYWRrMEtyMEFHYVor
      WQpIOXJRdGNJanJrTGtHTWdaQy8rS0ZDK1ZkeHRPM2w2end5R0VIVlN4bWRrNFpPeUVVTG
      5qOFBMaWN5TmdET1hICjlMWSt2bHR6dHluTGs2cndLclhUVEtONTRRSEFiMHhnN1g2cnZa
      dkxrNkhZTldFQkFjS1ExQnh4ZlpyTXNLamsKNmZEMG85UnMzWTFHQVJPQXhZZHZqZWE3Z2
      9rUnBobDJqOCtsYlNqWklCbHRIYzdCUmNZMHI0SmRxcGQ2cFlWeApWeEF4VDl5dkNacHZz
      SldxM2dhbGZybTFPVFZURG90V1E4VWZjcG9IS2JwRDlLNFpHM05Yb21KS0I0bEROVnIxCn
      NkYU42UlhCSVNvdXh5SWNpaUdrdndhWU52cTNCYytmYkNNTnA4em4reldSZE5CVXRKaDE5
      cDUrT3lEd0gvelIKTE1LTzFsY0JBb0dCQVBJQmkrMmxCYTIxdXZkb0FkUVZnaHFQa1B1Qk
      FuZm1zOVNuL0ZqVkNkd2hEQkxGZWtnVgpiYUYzeXNvVU5MSzJMd0hyVGFQdFc5M1NHN1Vv
      azdCTGw3WkpCU1YxeWNubWJWTVRoaTYwajFwUjdnN24zaUpyCjZLNFl3NmNsUmhrOG1XTG
      ZRbmdVSEZSOVBRRmVBVFM3RGdReCt5Qy8yYUovaUs3bW50UUIrTEhsQW9HQkFPNG8KdVFZ
      Mml4bHZ1SkErOG1vTW1KU3VPSFM4aUxYdXNSRFRuYzRremIxcDBCL1pUaEtHUjN1Ynd0Sn
      VtRURPTWczWApJVENFTWU1NW9OSFdZN1N1YWZ2T2ZFTDhFMERiZEpsMHk1Z3N3Ulp1SHpD
      YkZ3TnVHL3hnSjBGL1hybGswdFNSCkl5ZFgwR2YzNDh4LzVwMXcyTzJnRnFYZ1VOQjNYY3
      gyN1VnOExuM0JBb0dCQUt1OTl6eWVDT3FlOW1GUFdVVFcKUXE5d3hSWUhGdVphUGJLanlF
      eU9XMkh4dmV5d1lqZzNwTWFiQ2JuaEh3allpNEdVS0ZRMlJTU2xUKzUvTGxoRgpQUlFxdT
      lFNnh3cFdVYTFNUk1SdWRQRkhCV2RrbTFyWU01Y2hrZS9UWHV6WCtZNldIRWkxRk9uTXV2
      ZDJhK3FzCitLUjNoOTFVNlRFTnlzVThldWkvd1dzVkFvR0FTMlhCRGVKK3J4TGJqMjhlTj
      h5OUVYVUdrbzZOaVd1RHl4dnoKdmF1Ukp3STB6YUJ5UXhNWDFsNDlrM2xINGx4bEpGU1RR
      VlRZcWZML291OElxYzc5NXFZOFdNaU5IOTlhVHFyWApPZG9SVnhTTjgwbG1ROE84UUc0QW
      Y0L2ZZVG8yTk8ydC8ycWhwQWlxcWJka1B6dldzWVFaSjNLWW95Ym5IekFYCmR1TDJwUUVD
      Z1lCY3FBNUNseXEvUDRUVU44MUdPazNDSzI4ckhRSG9sV2VDdkxaOHV4SkpjcTBobHc0ZW
      x4dzQKQ3NnZWR0Wm42Tjk1MVE0aEZqRXhBSE5UU1NWdmRtV0xSS2dmSnkxV3VITnlzcnNJ
      OTgrVXQwdmRVa0pCSitWMQozcmF0dStUYUozT1dmQWNSYXhqZlFKVlFmMEYwN0QyL2tjNm
      9IMDRlL3Vvdjd0UWxSUWUzMEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  kind: Secret
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","data":{"tls.crt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lVT2J1Qm\nNVMjMyNHhsTmdxZVdoVXBiM2k1b2ljd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdH\nQTFVRUF3d1JkM2QzTG0xNWJHbHVkWGh2Y0hNdVkyNHdIaGNOTWpFd09ESXdNRFUwTXpNMg\npXaGNOTWpJd09ESXdNRFUwTXpNMldqQWNNUm93R0FZRFZRUUREQkYzZDNjdWJYbHNhVzUx\nZUc5d2N5NWpiakNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRU\nJBT0VqN3ozS1JPYWI3NGpHamUvWDh0M0IKZmliVVlpYkljLzV6Ky9jR2s3RHRpR2h5a3VB\nQkFHa0wwNVVlOHM0WGNpZ1pMZThITllxTzZIdGF1OXRCdWcwcwptdytoRmlMWUhEeFFPN3\nZqaDRzeWlXRG9ZMk9WR0NOa0NiRm91eHA0clg5b3NOdnZVYTlFdUNkRTRhdGdnbytpCkli\nRkcya1IycU5CYXRzckdTNXdPYnBQUlVuSzY1aHpEaW5tWU5ITzBqWTZXYXc1ZkczdFljUX\nF4dEVPU1B5akQKOWlVVHBXdjdsWEtzOG96Rmk5enMvQ1pvdloyQ0lUWCtRVW1TbHUvOU5v\nU3Z6WDgvYy9relpoVG9vQXROeGkybgpCT3c0WkJzeGxJeGxhczNJcEd5Nno1cUpOZ0doMk\noyZ1N3bVkwRTVDcFBsZ0x6Q2tvWGtsK0Nyd2xZNkE3cVVDCkF3RUFBYU5UTUZFd0hRWURW\nUjBPQkJZRUZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQjhHQTFVZEl3UVkKTUJhQU\nZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdE\nUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUNSUXNib2pJSVp2ckRKblVlSTMyMko4ZnB0S2\nFtMWdZSjJWTi94NXY1c29tQnhMCmVaL1BzeVU5bUNIdFNlY2RNOXNJZUlOZm0yY2x0Sk1M\nRExuNEpEdjdpSFR5dzcxRzVUZGw1UU4zTWEwU2N5dVAKdVIxc281SVBpc0VEalVjOHVpcE\novdSt5bS9MbitUS2pNeEpzL0pSZnhEbXZRZUJneGpIaWNBWStDNHlOV1dHRwozUk1HL2pY\nRGVKOWJ3dTNjQmhndjBwNjR3ak93aU1QUGlMNGRJUFp4VUVUbkFWeVgzZDd1K3ZsT2VwWW\nphSWM3CjhLL2JZelkvY2dBaTJNZ2ZXK2x1UFJHOTRxVHo1SkdZeXVtbUlRdnRNRUFucnVM\naTFWSXVRNjljaWtvNlpxTHkKMVhYeWJuZTZzNW1oVmduS25iM1l6NjRIOXlhaHRxYTArMF\nl3N2xzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n","tls.key":"LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNFNQdl\nBjcEU1cHZ2aU1hTjc5ZnkzY0YrSnRSaUpzaHovblA3OXdhVHNPMklhSEtTCjRBRUFhUXZU\nbFI3eXpoZHlLQmt0N3djMWlvN29lMXE3MjBHNkRTeWJENkVXSXRnY1BGQTd1K09IaXpLSl\nlPaGoKWTVVWUkyUUpzV2k3R25pdGYyaXcyKzlScjBTNEowVGhxMkNDajZJaHNVYmFSSGFv\nMEZxMnlzWkxuQTV1azlGUwpjcnJtSE1PS2VaZzBjN1NOanBackRsOGJlMWh4Q3JHMFE1SS\n9LTVAySlJPbGEvdVZjcXp5ak1XTDNPejhKbWk5Cm5ZSWhOZjVCU1pLVzcvMDJoSy9OZno5\neitUTm1GT2lnQzAzR0xhY0U3RGhrR3pHVWpHVnF6Y2lrYkxyUG1vazIKQWFIWW5hQkxDWm\npRVGtLaytXQXZNS1NoZVNYNEt2Q1Zqb0R1cFFJREFRQUJBb0lCQVFEYWRrMEtyMEFHYVor\nWQpIOXJRdGNJanJrTGtHTWdaQy8rS0ZDK1ZkeHRPM2w2end5R0VIVlN4bWRrNFpPeUVVTG\n5qOFBMaWN5TmdET1hICjlMWSt2bHR6dHluTGs2cndLclhUVEtONTRRSEFiMHhnN1g2cnZa\ndkxrNkhZTldFQkFjS1ExQnh4ZlpyTXNLamsKNmZEMG85UnMzWTFHQVJPQXhZZHZqZWE3Z2\n9rUnBobDJqOCtsYlNqWklCbHRIYzdCUmNZMHI0SmRxcGQ2cFlWeApWeEF4VDl5dkNacHZz\nSldxM2dhbGZybTFPVFZURG90V1E4VWZjcG9IS2JwRDlLNFpHM05Yb21KS0I0bEROVnIxCn\nNkYU42UlhCSVNvdXh5SWNpaUdrdndhWU52cTNCYytmYkNNTnA4em4reldSZE5CVXRKaDE5\ncDUrT3lEd0gvelIKTE1LTzFsY0JBb0dCQVBJQmkrMmxCYTIxdXZkb0FkUVZnaHFQa1B1Qk\nFuZm1zOVNuL0ZqVkNkd2hEQkxGZWtnVgpiYUYzeXNvVU5MSzJMd0hyVGFQdFc5M1NHN1Vv\nazdCTGw3WkpCU1YxeWNubWJWTVRoaTYwajFwUjdnN24zaUpyCjZLNFl3NmNsUmhrOG1XTG\nZRbmdVSEZSOVBRRmVBVFM3RGdReCt5Qy8yYUovaUs3bW50UUIrTEhsQW9HQkFPNG8KdVFZ\nMml4bHZ1SkErOG1vTW1KU3VPSFM4aUxYdXNSRFRuYzRremIxcDBCL1pUaEtHUjN1Ynd0Sn\nVtRURPTWczWApJVENFTWU1NW9OSFdZN1N1YWZ2T2ZFTDhFMERiZEpsMHk1Z3N3Ulp1SHpD\nYkZ3TnVHL3hnSjBGL1hybGswdFNSCkl5ZFgwR2YzNDh4LzVwMXcyTzJnRnFYZ1VOQjNYY3\ngyN1VnOExuM0JBb0dCQUt1OTl6eWVDT3FlOW1GUFdVVFcKUXE5d3hSWUhGdVphUGJLanlF\neU9XMkh4dmV5d1lqZzNwTWFiQ2JuaEh3allpNEdVS0ZRMlJTU2xUKzUvTGxoRgpQUlFxdT\nlFNnh3cFdVYTFNUk1SdWRQRkhCV2RrbTFyWU01Y2hrZS9UWHV6WCtZNldIRWkxRk9uTXV2\nZDJhK3FzCitLUjNoOTFVNlRFTnlzVThldWkvd1dzVkFvR0FTMlhCRGVKK3J4TGJqMjhlTj\nh5OUVYVUdrbzZOaVd1RHl4dnoKdmF1Ukp3STB6YUJ5UXhNWDFsNDlrM2xINGx4bEpGU1RR\nVlRZcWZML291OElxYzc5NXFZOFdNaU5IOTlhVHFyWApPZG9SVnhTTjgwbG1ROE84UUc0QW\nY0L2ZZVG8yTk8ydC8ycWhwQWlxcWJka1B6dldzWVFaSjNLWW95Ym5IekFYCmR1TDJwUUVD\nZ1lCY3FBNUNseXEvUDRUVU44MUdPazNDSzI4ckhRSG9sV2VDdkxaOHV4SkpjcTBobHc0ZW\nx4dzQKQ3NnZWR0Wm42Tjk1MVE0aEZqRXhBSE5UU1NWdmRtV0xSS2dmSnkxV3VITnlzcnNJ\nOTgrVXQwdmRVa0pCSitWMQozcmF0dStUYUozT1dmQWNSYXhqZlFKVlFmMEYwN0QyL2tjNm\n9IMDRlL3Vvdjd0UWxSUWUzMEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=\n"},"kind":"Secret","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"staging"},"name":"demoapp-ssl","namespace":"staging"},"type":"kubernetes.io/tls"}
    labels:
      environment: staging
    name: demoapp-ssl
    namespace: staging
  type: kubernetes.io/tls
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"staging","generated-by":"kustomize"},"name":"demoapp","namespace":"staging"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"selector":{"app":"demoapp","environment":"staging","generated-by":"kustomize"}}}
    labels:
      environment: staging
      generated-by: kustomize
    name: demoapp
    namespace: staging
  spec:
    ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
    selector:
      app: demoapp
      environment: staging
      generated-by: kustomize
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"staging","generated-by":"kustomize"},"name":"demoapp","namespace":"staging"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"demoapp","environment":"staging","generated-by":"kustomize"}},"template":{"metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"app":"demoapp","environment":"staging","generated-by":"kustomize"}},"spec":{"containers":[{"image":"ikubernetes/demoapp:v1.0","name":"demoapp","ports":[{"containerPort":80,"name":"http"}]}]}}}}
    labels:
      environment: staging
      generated-by: kustomize
    name: demoapp
    namespace: staging
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: demoapp
        environment: staging
        generated-by: kustomize
    template:
      metadata:
        annotations:
          ilinux.io/app: demoapp
        labels:
          app: demoapp
          environment: staging
          generated-by: kustomize
      spec:
        containers:
        - image: ikubernetes/demoapp:v1.0
          name: demoapp
          ports:
          - containerPort: 80
            name: http
kind: List
metadata: {}

补丁示例

如果我们需要对某些内容进行改变可以通过补丁的方式进行。

1.查看prod目内容

root@k8s-master01:~/yaml/chapter14/demoapp/prod# ls
kustomization.yaml  namespace.yaml  patches  secrets

# patchs目录下是用来打补丁
root@k8s-master01:~/yaml/chapter14/demoapp/prod/patches# ls
demoapp-add-configmap-and-secret.yaml  demoapp-add-liveness-and-readiness.yaml  deploy-demoapp-add-sidecar.yaml  patch-service-demoapp-targetport-8080.yaml

# 补丁文件内容
root@k8s-master01:~/yaml/chapter14/demoapp/prod/patches# cat demoapp-add-configmap-and-secret.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demoapp                    # 此处是指修改deployment资源中demoapp资源内templete中的spec字段
spec:
  template:
    spec:
      containers:
      - name: demoapp
        env:                       # 补丁只需要写加上的部分，此处添加了env字段。
        - name: PORT
          valueFrom:               # CM是直接通过变量导入
            configMapKeyRef:
              name: demoapp-conf
              key: demoapp.port
              optional: false
        - name: HOST
          valueFrom:                 
            configMapKeyRef:
              name: demoapp-conf
              key: demoapp.host
              optional: true
        volumeMounts:             # Secret是通过卷挂载实现
        - name: demoappcerts
          mountPath: /etc/demoapp/certs/
          readOnly: true
      volumes:
      - name: demoappcerts
        secret:
          secretName: demoapp-ssl
          
root@k8s-master01:~/yaml/chapter14/demoapp/prod/patches# cat demoapp-add-liveness-and-readiness.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demoapp
spec:
  template:
    spec:
      containers:
      - name: demoapp              # 此文件依旧为补丁文件，添加了liveness和readiness
        livenessProbe:
          httpGet:
            path: '/livez'
            port: 80
          initialDelaySeconds: 5
        readinessProbe:
          httpGet:
            path: '/readyz'
            port: 80
          initialDelaySeconds: 15

root@k8s-master01:~/yaml/chapter14/demoapp/prod/patches# cat deploy-demoapp-add-sidecar.yaml
# 此文件表示想容器中注入sidecar，但没有说名注入的具体位置，在kustomize中定义
  - name: proxy
    image: envoyproxy/envoy-alpine:v1.14.1
    command: ['/bin/sh','-c']
    args: ['sleep 5 && envoy -c /etc/envoy/envoy.yaml']
    lifecycle:
      postStart:
        exec:
          command: ['/bin/sh','-c','wget -O /etc/envoy/envoy.yaml http://ilinux.io/envoy.yaml']
          
root@k8s-master01:~/yaml/chapter14/demoapp/prod/patches# cat patch-service-demoapp-targetport-8080.yaml
# 此文件为更改ServicePort，将80改为8080，添加了一个443
- op: replace
  path: /spec/ports/0/targetPort
  value: 8080
- op: add
  path: /spec/ports/1
  value:
    name: https
    protocol: TCP
    port: 443
    targetPort: 8443

2.查看kustomzation中的调用

root@k8s-master01:~/yaml/chapter14/demoapp/prod# vim kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

bases:
- ../base/

resources:
- namespace.yaml

namespace: prod

commonLabels:
  environment: prod

commonAnnotations:
  ilinux.io/app: "demoapp"

configMapGenerator:
- name: demoapp-conf
  literals:
  - host="0.0.0.0"
  - port="8080"

secretGenerator:
- name: demoapp-ssl
  files:
  - secrets/tls.crt
  - secrets/tls.key
  type: "kubernetes.io/tls"

generatorOptions:
  disableNameSuffixHash: true

# 调用补丁需要指定以下两个字段patchesStrategicMerge和patchesJson6902之一
patchesStrategicMerge:   					# 表示策略合并，将补丁补到指定的资源上，匹配的方式是更具特定策略。
- patches/demoapp-add-requests-and-limits.yaml
- patches/demoapp-add-configmap-and-secret.yaml

patchesJson6902:             # 表示资源补丁
- target: 
    version: v1           # api版本
    kind: Service					# 类型为Service
    name: demoapp         # 名称为demoapp
  path: patches/patch-service-demoapp-targetport-8080.yaml
# 此段配置表示将patch-service-demoapp-targetport-8080.yaml补丁文件补到Service上

3.应用kustomization

root@k8s-master01:~/yaml/chapter14/demoapp/prod# kubectl apply -k . --dry-run=client -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Namespace
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"prod"},"name":"prod"}}
    labels:
      environment: prod
    name: prod
- apiVersion: v1
  data:
    host: 0.0.0.0
    port: "8080"
  kind: ConfigMap
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","data":{"host":"0.0.0.0","port":"8080"},"kind":"ConfigMap","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"prod"},"name":"demoapp-conf","namespace":"prod"}}
    labels:
      environment: prod
    name: demoapp-conf
    namespace: prod
- apiVersion: v1
  data:
    tls.crt: |
      LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lVT2J1Qm
      NVMjMyNHhsTmdxZVdoVXBiM2k1b2ljd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdH
      QTFVRUF3d1JkM2QzTG0xNWJHbHVkWGh2Y0hNdVkyNHdIaGNOTWpFd09ESXdNRFUwTXpNMg
      pXaGNOTWpJd09ESXdNRFUwTXpNMldqQWNNUm93R0FZRFZRUUREQkYzZDNjdWJYbHNhVzUx
      ZUc5d2N5NWpiakNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRU
      JBT0VqN3ozS1JPYWI3NGpHamUvWDh0M0IKZmliVVlpYkljLzV6Ky9jR2s3RHRpR2h5a3VB
      QkFHa0wwNVVlOHM0WGNpZ1pMZThITllxTzZIdGF1OXRCdWcwcwptdytoRmlMWUhEeFFPN3
      ZqaDRzeWlXRG9ZMk9WR0NOa0NiRm91eHA0clg5b3NOdnZVYTlFdUNkRTRhdGdnbytpCkli
      Rkcya1IycU5CYXRzckdTNXdPYnBQUlVuSzY1aHpEaW5tWU5ITzBqWTZXYXc1ZkczdFljUX
      F4dEVPU1B5akQKOWlVVHBXdjdsWEtzOG96Rmk5enMvQ1pvdloyQ0lUWCtRVW1TbHUvOU5v
      U3Z6WDgvYy9relpoVG9vQXROeGkybgpCT3c0WkJzeGxJeGxhczNJcEd5Nno1cUpOZ0doMk
      oyZ1N3bVkwRTVDcFBsZ0x6Q2tvWGtsK0Nyd2xZNkE3cVVDCkF3RUFBYU5UTUZFd0hRWURW
      UjBPQkJZRUZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQjhHQTFVZEl3UVkKTUJhQU
      ZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdE
      UVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUNSUXNib2pJSVp2ckRKblVlSTMyMko4ZnB0S2
      FtMWdZSjJWTi94NXY1c29tQnhMCmVaL1BzeVU5bUNIdFNlY2RNOXNJZUlOZm0yY2x0Sk1M
      RExuNEpEdjdpSFR5dzcxRzVUZGw1UU4zTWEwU2N5dVAKdVIxc281SVBpc0VEalVjOHVpcE
      ovdSt5bS9MbitUS2pNeEpzL0pSZnhEbXZRZUJneGpIaWNBWStDNHlOV1dHRwozUk1HL2pY
      RGVKOWJ3dTNjQmhndjBwNjR3ak93aU1QUGlMNGRJUFp4VUVUbkFWeVgzZDd1K3ZsT2VwWW
      phSWM3CjhLL2JZelkvY2dBaTJNZ2ZXK2x1UFJHOTRxVHo1SkdZeXVtbUlRdnRNRUFucnVM
      aTFWSXVRNjljaWtvNlpxTHkKMVhYeWJuZTZzNW1oVmduS25iM1l6NjRIOXlhaHRxYTArMF
      l3N2xzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    tls.key: |
      LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNFNQdl
      BjcEU1cHZ2aU1hTjc5ZnkzY0YrSnRSaUpzaHovblA3OXdhVHNPMklhSEtTCjRBRUFhUXZU
      bFI3eXpoZHlLQmt0N3djMWlvN29lMXE3MjBHNkRTeWJENkVXSXRnY1BGQTd1K09IaXpLSl
      lPaGoKWTVVWUkyUUpzV2k3R25pdGYyaXcyKzlScjBTNEowVGhxMkNDajZJaHNVYmFSSGFv
      MEZxMnlzWkxuQTV1azlGUwpjcnJtSE1PS2VaZzBjN1NOanBackRsOGJlMWh4Q3JHMFE1SS
      9LTVAySlJPbGEvdVZjcXp5ak1XTDNPejhKbWk5Cm5ZSWhOZjVCU1pLVzcvMDJoSy9OZno5
      eitUTm1GT2lnQzAzR0xhY0U3RGhrR3pHVWpHVnF6Y2lrYkxyUG1vazIKQWFIWW5hQkxDWm
      pRVGtLaytXQXZNS1NoZVNYNEt2Q1Zqb0R1cFFJREFRQUJBb0lCQVFEYWRrMEtyMEFHYVor
      WQpIOXJRdGNJanJrTGtHTWdaQy8rS0ZDK1ZkeHRPM2w2end5R0VIVlN4bWRrNFpPeUVVTG
      5qOFBMaWN5TmdET1hICjlMWSt2bHR6dHluTGs2cndLclhUVEtONTRRSEFiMHhnN1g2cnZa
      dkxrNkhZTldFQkFjS1ExQnh4ZlpyTXNLamsKNmZEMG85UnMzWTFHQVJPQXhZZHZqZWE3Z2
      9rUnBobDJqOCtsYlNqWklCbHRIYzdCUmNZMHI0SmRxcGQ2cFlWeApWeEF4VDl5dkNacHZz
      SldxM2dhbGZybTFPVFZURG90V1E4VWZjcG9IS2JwRDlLNFpHM05Yb21KS0I0bEROVnIxCn
      NkYU42UlhCSVNvdXh5SWNpaUdrdndhWU52cTNCYytmYkNNTnA4em4reldSZE5CVXRKaDE5
      cDUrT3lEd0gvelIKTE1LTzFsY0JBb0dCQVBJQmkrMmxCYTIxdXZkb0FkUVZnaHFQa1B1Qk
      FuZm1zOVNuL0ZqVkNkd2hEQkxGZWtnVgpiYUYzeXNvVU5MSzJMd0hyVGFQdFc5M1NHN1Vv
      azdCTGw3WkpCU1YxeWNubWJWTVRoaTYwajFwUjdnN24zaUpyCjZLNFl3NmNsUmhrOG1XTG
      ZRbmdVSEZSOVBRRmVBVFM3RGdReCt5Qy8yYUovaUs3bW50UUIrTEhsQW9HQkFPNG8KdVFZ
      Mml4bHZ1SkErOG1vTW1KU3VPSFM4aUxYdXNSRFRuYzRremIxcDBCL1pUaEtHUjN1Ynd0Sn
      VtRURPTWczWApJVENFTWU1NW9OSFdZN1N1YWZ2T2ZFTDhFMERiZEpsMHk1Z3N3Ulp1SHpD
      YkZ3TnVHL3hnSjBGL1hybGswdFNSCkl5ZFgwR2YzNDh4LzVwMXcyTzJnRnFYZ1VOQjNYY3
      gyN1VnOExuM0JBb0dCQUt1OTl6eWVDT3FlOW1GUFdVVFcKUXE5d3hSWUhGdVphUGJLanlF
      eU9XMkh4dmV5d1lqZzNwTWFiQ2JuaEh3allpNEdVS0ZRMlJTU2xUKzUvTGxoRgpQUlFxdT
      lFNnh3cFdVYTFNUk1SdWRQRkhCV2RrbTFyWU01Y2hrZS9UWHV6WCtZNldIRWkxRk9uTXV2
      ZDJhK3FzCitLUjNoOTFVNlRFTnlzVThldWkvd1dzVkFvR0FTMlhCRGVKK3J4TGJqMjhlTj
      h5OUVYVUdrbzZOaVd1RHl4dnoKdmF1Ukp3STB6YUJ5UXhNWDFsNDlrM2xINGx4bEpGU1RR
      VlRZcWZML291OElxYzc5NXFZOFdNaU5IOTlhVHFyWApPZG9SVnhTTjgwbG1ROE84UUc0QW
      Y0L2ZZVG8yTk8ydC8ycWhwQWlxcWJka1B6dldzWVFaSjNLWW95Ym5IekFYCmR1TDJwUUVD
      Z1lCY3FBNUNseXEvUDRUVU44MUdPazNDSzI4ckhRSG9sV2VDdkxaOHV4SkpjcTBobHc0ZW
      x4dzQKQ3NnZWR0Wm42Tjk1MVE0aEZqRXhBSE5UU1NWdmRtV0xSS2dmSnkxV3VITnlzcnNJ
      OTgrVXQwdmRVa0pCSitWMQozcmF0dStUYUozT1dmQWNSYXhqZlFKVlFmMEYwN0QyL2tjNm
      9IMDRlL3Vvdjd0UWxSUWUzMEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  kind: Secret
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","data":{"tls.crt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lVT2J1Qm\nNVMjMyNHhsTmdxZVdoVXBiM2k1b2ljd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hERWFNQmdH\nQTFVRUF3d1JkM2QzTG0xNWJHbHVkWGh2Y0hNdVkyNHdIaGNOTWpFd09ESXdNRFUwTXpNMg\npXaGNOTWpJd09ESXdNRFUwTXpNMldqQWNNUm93R0FZRFZRUUREQkYzZDNjdWJYbHNhVzUx\nZUc5d2N5NWpiakNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRU\nJBT0VqN3ozS1JPYWI3NGpHamUvWDh0M0IKZmliVVlpYkljLzV6Ky9jR2s3RHRpR2h5a3VB\nQkFHa0wwNVVlOHM0WGNpZ1pMZThITllxTzZIdGF1OXRCdWcwcwptdytoRmlMWUhEeFFPN3\nZqaDRzeWlXRG9ZMk9WR0NOa0NiRm91eHA0clg5b3NOdnZVYTlFdUNkRTRhdGdnbytpCkli\nRkcya1IycU5CYXRzckdTNXdPYnBQUlVuSzY1aHpEaW5tWU5ITzBqWTZXYXc1ZkczdFljUX\nF4dEVPU1B5akQKOWlVVHBXdjdsWEtzOG96Rmk5enMvQ1pvdloyQ0lUWCtRVW1TbHUvOU5v\nU3Z6WDgvYy9relpoVG9vQXROeGkybgpCT3c0WkJzeGxJeGxhczNJcEd5Nno1cUpOZ0doMk\noyZ1N3bVkwRTVDcFBsZ0x6Q2tvWGtsK0Nyd2xZNkE3cVVDCkF3RUFBYU5UTUZFd0hRWURW\nUjBPQkJZRUZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQjhHQTFVZEl3UVkKTUJhQU\nZJc0RLVVl3YWVrLzAyUUdWMEl3TC9PeDNxTTNNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdE\nUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUNSUXNib2pJSVp2ckRKblVlSTMyMko4ZnB0S2\nFtMWdZSjJWTi94NXY1c29tQnhMCmVaL1BzeVU5bUNIdFNlY2RNOXNJZUlOZm0yY2x0Sk1M\nRExuNEpEdjdpSFR5dzcxRzVUZGw1UU4zTWEwU2N5dVAKdVIxc281SVBpc0VEalVjOHVpcE\novdSt5bS9MbitUS2pNeEpzL0pSZnhEbXZRZUJneGpIaWNBWStDNHlOV1dHRwozUk1HL2pY\nRGVKOWJ3dTNjQmhndjBwNjR3ak93aU1QUGlMNGRJUFp4VUVUbkFWeVgzZDd1K3ZsT2VwWW\nphSWM3CjhLL2JZelkvY2dBaTJNZ2ZXK2x1UFJHOTRxVHo1SkdZeXVtbUlRdnRNRUFucnVM\naTFWSXVRNjljaWtvNlpxTHkKMVhYeWJuZTZzNW1oVmduS25iM1l6NjRIOXlhaHRxYTArMF\nl3N2xzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n","tls.key":"LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNFNQdl\nBjcEU1cHZ2aU1hTjc5ZnkzY0YrSnRSaUpzaHovblA3OXdhVHNPMklhSEtTCjRBRUFhUXZU\nbFI3eXpoZHlLQmt0N3djMWlvN29lMXE3MjBHNkRTeWJENkVXSXRnY1BGQTd1K09IaXpLSl\nlPaGoKWTVVWUkyUUpzV2k3R25pdGYyaXcyKzlScjBTNEowVGhxMkNDajZJaHNVYmFSSGFv\nMEZxMnlzWkxuQTV1azlGUwpjcnJtSE1PS2VaZzBjN1NOanBackRsOGJlMWh4Q3JHMFE1SS\n9LTVAySlJPbGEvdVZjcXp5ak1XTDNPejhKbWk5Cm5ZSWhOZjVCU1pLVzcvMDJoSy9OZno5\neitUTm1GT2lnQzAzR0xhY0U3RGhrR3pHVWpHVnF6Y2lrYkxyUG1vazIKQWFIWW5hQkxDWm\npRVGtLaytXQXZNS1NoZVNYNEt2Q1Zqb0R1cFFJREFRQUJBb0lCQVFEYWRrMEtyMEFHYVor\nWQpIOXJRdGNJanJrTGtHTWdaQy8rS0ZDK1ZkeHRPM2w2end5R0VIVlN4bWRrNFpPeUVVTG\n5qOFBMaWN5TmdET1hICjlMWSt2bHR6dHluTGs2cndLclhUVEtONTRRSEFiMHhnN1g2cnZa\ndkxrNkhZTldFQkFjS1ExQnh4ZlpyTXNLamsKNmZEMG85UnMzWTFHQVJPQXhZZHZqZWE3Z2\n9rUnBobDJqOCtsYlNqWklCbHRIYzdCUmNZMHI0SmRxcGQ2cFlWeApWeEF4VDl5dkNacHZz\nSldxM2dhbGZybTFPVFZURG90V1E4VWZjcG9IS2JwRDlLNFpHM05Yb21KS0I0bEROVnIxCn\nNkYU42UlhCSVNvdXh5SWNpaUdrdndhWU52cTNCYytmYkNNTnA4em4reldSZE5CVXRKaDE5\ncDUrT3lEd0gvelIKTE1LTzFsY0JBb0dCQVBJQmkrMmxCYTIxdXZkb0FkUVZnaHFQa1B1Qk\nFuZm1zOVNuL0ZqVkNkd2hEQkxGZWtnVgpiYUYzeXNvVU5MSzJMd0hyVGFQdFc5M1NHN1Vv\nazdCTGw3WkpCU1YxeWNubWJWTVRoaTYwajFwUjdnN24zaUpyCjZLNFl3NmNsUmhrOG1XTG\nZRbmdVSEZSOVBRRmVBVFM3RGdReCt5Qy8yYUovaUs3bW50UUIrTEhsQW9HQkFPNG8KdVFZ\nMml4bHZ1SkErOG1vTW1KU3VPSFM4aUxYdXNSRFRuYzRremIxcDBCL1pUaEtHUjN1Ynd0Sn\nVtRURPTWczWApJVENFTWU1NW9OSFdZN1N1YWZ2T2ZFTDhFMERiZEpsMHk1Z3N3Ulp1SHpD\nYkZ3TnVHL3hnSjBGL1hybGswdFNSCkl5ZFgwR2YzNDh4LzVwMXcyTzJnRnFYZ1VOQjNYY3\ngyN1VnOExuM0JBb0dCQUt1OTl6eWVDT3FlOW1GUFdVVFcKUXE5d3hSWUhGdVphUGJLanlF\neU9XMkh4dmV5d1lqZzNwTWFiQ2JuaEh3allpNEdVS0ZRMlJTU2xUKzUvTGxoRgpQUlFxdT\nlFNnh3cFdVYTFNUk1SdWRQRkhCV2RrbTFyWU01Y2hrZS9UWHV6WCtZNldIRWkxRk9uTXV2\nZDJhK3FzCitLUjNoOTFVNlRFTnlzVThldWkvd1dzVkFvR0FTMlhCRGVKK3J4TGJqMjhlTj\nh5OUVYVUdrbzZOaVd1RHl4dnoKdmF1Ukp3STB6YUJ5UXhNWDFsNDlrM2xINGx4bEpGU1RR\nVlRZcWZML291OElxYzc5NXFZOFdNaU5IOTlhVHFyWApPZG9SVnhTTjgwbG1ROE84UUc0QW\nY0L2ZZVG8yTk8ydC8ycWhwQWlxcWJka1B6dldzWVFaSjNLWW95Ym5IekFYCmR1TDJwUUVD\nZ1lCY3FBNUNseXEvUDRUVU44MUdPazNDSzI4ckhRSG9sV2VDdkxaOHV4SkpjcTBobHc0ZW\nx4dzQKQ3NnZWR0Wm42Tjk1MVE0aEZqRXhBSE5UU1NWdmRtV0xSS2dmSnkxV3VITnlzcnNJ\nOTgrVXQwdmRVa0pCSitWMQozcmF0dStUYUozT1dmQWNSYXhqZlFKVlFmMEYwN0QyL2tjNm\n9IMDRlL3Vvdjd0UWxSUWUzMEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=\n"},"kind":"Secret","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"prod"},"name":"demoapp-ssl","namespace":"prod"},"type":"kubernetes.io/tls"}
    labels:
      environment: prod
    name: demoapp-ssl
    namespace: prod
  type: kubernetes.io/tls
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"prod","generated-by":"kustomize"},"name":"demoapp","namespace":"prod"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":8080},{"name":"https","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"app":"demoapp","environment":"prod","generated-by":"kustomize"}}}
    labels:
      environment: prod
      generated-by: kustomize
    name: demoapp
    namespace: prod
  spec:
    ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 8080
    - name: https
      port: 443
      protocol: TCP
      targetPort: 8443
    selector:
      app: demoapp
      environment: prod
      generated-by: kustomize
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      ilinux.io/app: demoapp
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"environment":"prod","generated-by":"kustomize"},"name":"demoapp","namespace":"prod"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"demoapp","environment":"prod","generated-by":"kustomize"}},"template":{"metadata":{"annotations":{"ilinux.io/app":"demoapp"},"labels":{"app":"demoapp","environment":"prod","generated-by":"kustomize"}},"spec":{"containers":[{"env":[{"name":"PORT","valueFrom":{"configMapKeyRef":{"key":"demoapp.port","name":"demoapp-conf","optional":false}}},{"name":"HOST","valueFrom":{"configMapKeyRef":{"key":"demoapp.host","name":"demoapp-conf","optional":true}}}],"image":"ikubernetes/demoapp:v1.0","livenessProbe":{"httpGet":{"path":"/livez","port":80},"initialDelaySeconds":5},"name":"demoapp","ports":[{"containerPort":80,"name":"http"}],"readinessProbe":{"httpGet":{"path":"/readyz","port":80},"initialDelaySeconds":15},"volumeMounts":[{"mountPath":"/etc/demoapp/certs/","name":"demoappcerts","readOnly":true}]}],"volumes":[{"name":"demoappcerts","secret":{"secretName":"demoapp-ssl"}}]}}}}
    labels:
      environment: prod
      generated-by: kustomize
    name: demoapp
    namespace: prod
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: demoapp
        environment: prod
        generated-by: kustomize
    template:
      metadata:
        annotations:
          ilinux.io/app: demoapp
        labels:
          app: demoapp
          environment: prod
          generated-by: kustomize
      spec:
        containers:
        - env:
          - name: PORT
            valueFrom:
              configMapKeyRef:
                key: demoapp.port
                name: demoapp-conf
                optional: false
          - name: HOST
            valueFrom:
              configMapKeyRef:
                key: demoapp.host
                name: demoapp-conf
                optional: true
          image: ikubernetes/demoapp:v1.0
          livenessProbe:
            httpGet:
              path: /livez
              port: 80
            initialDelaySeconds: 5
          name: demoapp
          ports:
          - containerPort: 80
            name: http
          readinessProbe:
            httpGet:
              path: /readyz
              port: 80
            initialDelaySeconds: 15
          volumeMounts:
          - mountPath: /etc/demoapp/certs/
            name: demoappcerts
            readOnly: true
        volumes:
        - name: demoappcerts
          secret:
            secretName: demoapp-ssl
kind: List
metadata: {}