配置权限

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: deployment-restart
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: deployment-restart
namespace: default
rules:
- apiGroups: ["apps", "extensions"]
resources: ["deployments"]
resourceNames: []
verbs: ["get", "patch", "list", "watch"] # list 和 watch 就够用了,如果需要执行 rollout status ,则需要 get patch
---
# 角色绑定账号
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: deployment-restart
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: deployment-restart
subjects:
- kind: ServiceAccount
name: deployment-restart
namespace: default

编写 cronjob

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
apiVersion: batch/v1
kind: CronJob
metadata:
name: deployment-restart
namespace: default
spec:
# 多少秒后清理已完成的job,1.23版本之后可用。
ttlSecondsAfterFinished: 100
concurrencyPolicy: Forbid
schedule: '37 14 * * *' # 分时日月周
jobTemplate:
spec:
backoffLimit: 2
activeDeadlineSeconds: 600
template:
spec:
serviceAccountName: deployment-restart
restartPolicy: Never
containers:
- name: kubectl
# image: bitnami/kubectl:1.30.1
image: registry.cn-hangzhou.aliyuncs.com/iuxt/kubectl:1.30.1
command:
- bash
- -c
- >-
kubectl rollout restart deployment/nginx &&
kubectl rollout status deployment/java-example