定时重启POD

定时重启POD

# 第一步先创建账号和授权
#Service account the client will use to reset the deployment,
#by default the pods running inside the cluster can do no such things.
kind: ServiceAccount
apiVersion: v1
metadata:
  name: deployment-restart
  namespace: default
---
# allow getting status and patching only the one deployment you want
# to restart
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: deployment-restart
  namespace: default
rules:
	# if you wanna watch pod resources，add "metrics.k8s.io"
  - apiGroups: ["", "apps", "extensions", "metrics.k8s.io"]
  	# if you wanna execute pod，add "pod/exec"
    resources: ["deployments", "pods", "pods/exec"]
    # ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
    resourceNames: ["nginx-deployment-basic"]
    verbs: ["get", "patch", "list", "watch"] # "list" and "watch" are only needed
                                             # if you want to use `rollout status`
---
# bind the role to the service account
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: deployment-restart
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: deployment-restart
subjects:
  - kind: ServiceAccount
    name: deployment-restart
    namespace: default
---

# 第二步创建crontjob计划任务

# cronjob配置:
apiVersion: batch/v1
kind: CronJob
metadata:
  name: deployment-restart
  namespace: default
spec:
  #concurrencyPolicy: Forbid
  schedule: '*/1 * * * *' # cron spec of time, here, 8 o'clock
  jobTemplate:
    spec:
      backoffLimit: 1 # this has very low chance of failing, as all this does
                      # is prompt kubernetes to schedule new replica set for
                      # the deployment
      activeDeadlineSeconds: 20 # timeout, makes most sense with 
                                 # "waiting for rollout" variant specified below
      template:
        spec:
          serviceAccountName: deployment-restart # name of the service
                                                 # account configured above
          restartPolicy: Never
          containers:
            - name: kubectl
              image: bitnami/kubectl # probably any kubectl image will do,
                                     # optionaly specify version, but this
                                     # should not be necessary, as long the
                                     # version of kubectl is new enough to
                                     # have `rollout restart`
              command:
                - 'kubectl'
                - 'rollout'
                - 'restart'
                - 'deployment/nginx-deployment-basic'