1、环境隔离

1.1、使用命名空间进行环境隔离，如下创建一个开发的命名空间

kubectl create namespace zo-dev          #创建名字为zo-dev的命名空间

kubectl delete namespace zo-dev          #删除名字为zo-dev的命名空间，删除命名空间时候其下的所有资源会被一并删除

kubectl api-resources --namespaced=true

kubectl get namespace      # 查看有哪些命名空间

kubectl describe namespace zo-dev  # 查看名字为zo-dev空间的相关信息

kubectl delete ns zo-dev --force --grace-period=0      #强制删除命名空间

1.2也可以使用yaml文件创建

 apiVersion: v1kind: Namespacemetadata:name: zo-devlabels:name: zo-dev

然后执行 kubectl apply -f xx.yaml

1.3 跨命名空间之间的应用通信

      实现即隔离，也可可以部分互通，比如A团队应用在一个空间，B团队在另一个空间，则二者可以通信。

1.4 命名空间中的资源限制

     可限制某个命名空间的POD、CPU、内存、存储资源的总数

     k8s实践(5）k8s的命名空间Namespace_k8s创建命名空间_hguisu的博客-CSDN博客

1.5 客户通过可不同的人员分配不同的账号，使之只能操作对应空间的pod，可参考：

        k8s dashboard 配置指导_51CTO博客_k8s 配置中心  （参考dashboard基于命名空间的权限分发）

     关于K8s集群环境工作组隔离配置多集群切换的一些笔记_k8s管理_山河已无恙_InfoQ写作社区

2、基本命令

2.1 查看某个命名空间的下的pod 

kubectl get pods -n zo-dev

2.2 查看某个容器的日志

kubectl logs XXXX -n zo-dev    #用上面显示的pod名称查看某个命名空间下的某个POD的日志

3、部署应用

如下分别给出 java应用及java应用暴露的service示例

3.1 JAVA 应用部署及暴露服务

http端口号是10000

kind: Deployment
apiVersion: apps/v1
metadata:name: zo-javanamespace: zo-devlabels:k8s-app: zo-java
spec:replicas: 2selector:matchLabels:k8s-app: zo-javatemplate:metadata:name: zo-javacreationTimestamp: nulllabels:k8s-app: zo-javaspec:containers:- name: zo-javaimage: registry.cn-hangzhou.aliyuncs.com/zo-base/zo-java:1.0.0command:- java- -Djava.security.egd=file:/dev/./urandom- -Dspring.profiles.active=offline- -jar- zo-java-template.jarports:- name: httpcontainerPort: 10000protocol: TCPresources: {}terminationMessagePath: /dev/termination-logterminationMessagePolicy: FileimagePullPolicy: AlwaysvolumeMounts:- mountPath: /logs/zo-template-logname: logssecurityContext:privileged: falsevolumes:- name: logshostPath:path: /root/logs/zo-javarestartPolicy: AlwaysterminationGracePeriodSeconds: 30dnsPolicy: ClusterFirstsecurityContext: {}imagePullSecrets:- name: zo-dockerschedulerName: default-schedulerstrategy:type: RollingUpdaterollingUpdate:maxUnavailable: 25%maxSurge: 25%revisionHistoryLimit: 10progressDeadlineSeconds: 600
---
apiVersion: v1
kind: Service
metadata:creationTimestamp: nulllabels:k8s-app: zo-javaname: zo-javanamespace: zo-dev
spec:type: NodePortports:- name: httpprotocol: TCPport: 10000targetPort: 10000nodePort: 10000selector:k8s-app: zo-java
status:loadBalancer: {}

3.3 Nginx-web-ui部署及暴露服务

kind: Deployment
apiVersion: apps/v1
metadata:name: nginx-web-uinamespace: zo-devlabels:k8s-app: nginx-web-ui
spec:replicas: 1selector:matchLabels:k8s-app: nginx-web-uitemplate:metadata:name: nginx-web-uicreationTimestamp: nulllabels:k8s-app: nginx-web-uispec:containers:- name: nginx-web-uiimage: cym1102/nginxwebui:latestcommand:- java- -Dfile.encoding=UTF-8- -jar- /home/nginxWebUI.jarresources: {}terminationMessagePath: /dev/termination-logterminationMessagePolicy: FileimagePullPolicy: AlwaysvolumeMounts:- mountPath: /home/nginxWebUIname: datasecurityContext:privileged: falsevolumes:- name: datahostPath:path: /root/nginxWebUIrestartPolicy: AlwaysterminationGracePeriodSeconds: 30dnsPolicy: ClusterFirstsecurityContext: {}schedulerName: default-schedulerstrategy:type: RollingUpdaterollingUpdate:maxUnavailable: 25%maxSurge: 25%revisionHistoryLimit: 10progressDeadlineSeconds: 600
---
apiVersion: v1
kind: Service
metadata:creationTimestamp: nulllabels:k8s-app: nginx-web-uiname: nginx-web-uinamespace: zo-dev
spec:type: NodePortports:- name: httpprotocol: TCPport: 80targetPort: 80nodePort: 80- name: httpsprotocol: TCPport: 443targetPort: 443nodePort: 443- name: dashboradprotocol: TCPport: 8080targetPort: 8080nodePort: 18080selector:k8s-app: nginx-web-ui
status:loadBalancer: {}