Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
537 lines (503 sloc) 9.4 KB
snippet rc "Replication Controller" !b
# WARNING, use Deployments -- ReplicationController is being replaced.
apiVersion: v1
kind: ReplicationController
metadata:
name: ${1:some-controller}
namespace: ${2:default}
spec:
replicas: 1
template:
metadata:
labels:
app: $1
tier: $3
spec:
containers:
- name: ${4:name}
image: ${5:nginx}
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: 8080
endsnippet
snippet dep "Deployment" !bm
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${1:some-controller}
namespace: ${2:default}
spec:
replicas: 1
selector:
matchLabels:
$3
template:
metadata:
labels:
${3:app: $1}
spec:
containers:
- name: ${4:name}
image: ${5:nginx}
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: 8080
endsnippet
snippet svc "Service" !b
apiVersion: v1
kind: Service
metadata:
name: ${1:frontend}
namespace: ${2:default}
labels:
app: ${3:someApp}
tier: ${4:frontend}
spec:
ports:
- port: ${5:80}
selector:
app: $3
tier: $4
endsnippet
snippet depsvc "Deployment and service" !b
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${1:some-controller}
namespace: ${2:default}
spec:
replicas: 1
selector:
matchLabels:
$3
template:
metadata:
labels:
${3:app: $1}
spec:
containers:
- name: ${4:name}
image: ${5:nginx}
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: ${6:8080}
---
apiVersion: v1
kind: Service
metadata:
name: $1
namespace: $2
spec:
ports:
- port: ${7:80}
targetPort: $6
selector:
$3
endsnippet
snippet depsvcing "Deployment, service, and ingress" !b
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${1:some-controller}
namespace: ${2:default}
spec:
replicas: 1
selector:
matchLabels:
$3
template:
metadata:
labels:
${3:app: $1}
spec:
containers:
- name: ${4:name}
image: ${5:nginx}
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 200Mi
ports:
- containerPort: ${6:8080}
---
apiVersion: v1
kind: Service
metadata:
name: $1
namespace: $2
spec:
ports:
- port: ${7:80}
targetPort: $6
selector:
$3
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: $1
namespace: $2
spec:
${10:tls:
- secretName: ${9:$8.tls}
hosts:
- $8
}rules:
- host: ${8:host}
http:
paths:
- path: ${11:/}
backend:
serviceName: $1
servicePort: $7
endsnippet
snippet pv "PersistentVolume" !b
apiVersion: v1
kind: PersistentVolume
metadata:
name: ${1:name}
labels:
app: ${2:app}
tier: ${3:tier}
spec:
capacity:
storage: ${4:20Gi}
accessModes:
- ${5:ReadWriteMany}
nfs:
server: ${6:NameOrIP}
path: ${7:"/share/path/on/server"}
endsnippet
snippet pvc "PersistentVolumeClaim" !b
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ${1:name}
labels:
# insert any desired labels to identify your claim
app: ${2:app}
tier: ${3:tier}
spec:
${4:storageClassName: ${5:standard}}
accessModes:
- ${6:ReadWriteOnce}
resources:
requests:
# The amount of the volume's storage to request
storage: ${7:20Gi}
endsnippet
snippet ing "Ingress" !b
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ${1:name}
namespace: ${2:default}
spec:
${5:tls:
- secretName: ${4:$3.tls}
hosts:
- $3
}rules:
- host: ${3:host.tld}
http:
paths:
- path: ${7:/}
backend:
serviceName: ${8:service}
servicePort: ${9:portNumberOrName}
endsnippet
snippet ns "Namespace" !b
apiVersion: v1
kind: Namespace
metadata:
name: ${1:name}
endsnippet
snippet sa "ServiceAccount" !b
apiVersion: v1
kind: ServiceAccount
metadata:
name: ${1:name}
endsnippet
snippet ingtls "Ingress TLS section" !b
tls:
- secretName: ${2:$1.tls}
hosts:
- ${1:host}
endsnippet
snippet cfg "ConfigMap" !b
apiVersion: v1
kind: ConfigMap
metadata:
name: ${1:name}
data:
${2:key}: ${3:value}
endsnippet
snippet sec "Secret" !b
apiVersion: v1
kind: Secret
metadata:
name: ${1:secret-name}
type: ${2:Opaque}
data:
${3:key}: ${4:value}
endsnippet
snippet env "Environment template" !b
- name: ${1:VAR_NAME}
value: ${2:value}
endsnippet
snippet secref "env SecretRef" !b
valueFrom:
secretKeyRef:
name: ${1:secret-name}
key: ${2:key-name}
endsnippet
snippet pvol "Pod Volume Object"
- name: ${1:name}
${2:source}:
name:
endsnippet
snippet job "Kubernetes Job" !b
apiVersion: batch/v1
kind: Job
metadata:
name: ${1:jobname}
labels:
${2:sometag: somevalue}
spec:
template:
metadata:
name: $1
spec:
containers:
- name: ${3:containerName}
image: ${4: image}
imagePullPolicy: Always
command:
- ${5:"override"
- "--the"
- "entrypoint"}
restartPolicy: OnFailure
endsnippet
snippet cron "Kubernetes Cronjob" !b
apiVersion: batch/v2alpha1
kind: CronJob
metadata:
name: ${1:name}
spec:
schedule: "${2:*/1} * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: $1
image: ${3: image}
args: ${4:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster}
restartPolicy: OnFailure
endsnippet
snippet skr "SecretKeyRef"
valueFrom:
secretKeyRef:
name: ${1:secret}
key: ${2:key}
endsnippet
snippet cert "cert-manager certificate" !b
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ${1:name}
namespace: ${2:namespace}
spec:
secretName: ${4:$3.tls}
dnsNames:
- ${3:some.domain.com}
acme:
config:
- dns01:
provider: ${4:prod}
domains: [ $3 ]
issuerRef:
name: ${5:letsencrypt}
kind: ClusterIssuer
endsnippet
snippet netp "NetworkPolicy" !b
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
namespace: ${1:default}
name: ${2:policyname}
spec:
${4:podSelector:
matchLabels:
${3:{}}
} ingress:
- {}
endsnippet
snippet probe "Liveness/Readiness Probes" !b
livenessProbe: &probe
initialDelaySeconds: ${1:10}
httpGet:
port: ${2:8080}
path: ${3:/}
readinessProbe: *probe $0
endsnippet
snippet ss "StatefulSet" !b
apiVersion: v1
kind: Service
metadata:
name: ${1:myservice}
spec:
ports:
- port: $5
name: $6
clusterIP: None
selector:
$2
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ${1:mystatefulset}
spec:
selector:
matchLabels:
$2
serviceName: "nginx"
replicas: 3 # by default is 1
template:
metadata:
labels:
${2:app: $1}
spec:
# terminationGracePeriodSeconds: 10
containers:
- name: ${3:$1}
image: ${4:$1}
ports:
- containerPort: ${5:80}
name: ${6:web}
volumeMounts:
- name: ${7:volume}
mountPath: ${8:/var/lib/mydata}
volumeClaimTemplates:
- metadata:
name: $7
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "${9:standard}"
resources:
requests:
storage: ${10:1G}
endsnippet
snippet res "Resources" !b
resources:
requests:
cpu: ${1:100m}
memory: ${2:200Mi}
${5:limits:
cpu: ${3:$1}
memory: ${4:$2}}$0
endsnippet
snippet init "Init Container" !b
initContainers:
- name: ${1:myinit}
image: ${2:busybox}
command: [${3:rm, -rf, $5/lost+found}]
${6:volumeMounts:
- name: ${4:data}
mountPath: ${5:/data}}$0
endsnippet
snippet strat "Deployment Strategy" !b
strategy:
type: ${1:RollingUpdate|Recreate}
rollingUpdate:
maxSurge: ${2:1}
maxUnavailable: ${3:1}$0
endsnippet
snippet atls "tls-acme annotations" !b
annotations:
kubernetes.io/tls-acme: "true"
endsnippet
snippet vtls "tls-vault annotations" !b
annotations:
kubernetes.io/tls-vault: "true"
endsnippet
snippet cmtls "cert-manager tls annotations" !b
${2:annotations:
}certmanager.k8s.io/cluster-issuer: ${1:lets-encrypt}
endsnippet
snippet edns "external dns" !b
annotations:
external-dns.alpha.kubernetes.io/hostname: ${1:myname.mydomain.com}
endsnippet
snippet role "Role" !b
kind: ${1:Cluster}Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
${2:namespace: ${3:default}
}name: ${4:configmap-updater}
rules:
- apiGroups: ["${5:}"]
resources: ["${6:configmaps}"]
resourceNames: ["${7:my-configmap}"]
verbs: [${8:"update", "get"}]
endsnippet
snippet rb "RoleBinding" !b
# This role binding allows "jane" to read pods in the "default" namespace.
kind: ${1:Cluster}RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ${2:read-pods}
${3:namespace: ${4:pods}
}subjects:
- kind: ${5:User|ServiceAccount|Group}
name: ${6:jane} # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ${7:Cluster}Role #this must be Role or ClusterRole
name: ${8:pod-reader} # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
endsnippet
snippet rbac "Role and Binding" !b
kind: ${1:Cluster}Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
${2:namespace: ${3:default}
}name: ${4:configmap-updater}
rules:
- apiGroups: ["${5:}"]
resources: ["${6:configmaps}"]
resourceNames: ["${7:my-configmap}"]
verbs: [${8:"update", "get"}]
---
# This role binding allows "jane" to read pods in the "default" namespace.
kind: ${9:Cluster}RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: $4
$2
subjects:
- kind: ${10:User|ServiceAccount|Group}
name: ${11:jane} # Name is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: $1Role #this must be Role or ClusterRole
name: $4 # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
endsnippet
You can’t perform that action at this time.