应用数据
1 应用数据解析
k8s应用数据类型和步骤解析
k8s如何使用数据功能
k8s使用各种数据类型的配置
2 应用数据实践
emptyDir实践
资源对象文件内容
apiVersion: v1
kind: Pod
metadata:
name: sswang-emptydir
spec:
containers:
- name: nginx-web
image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1
volumeMounts:
- name: nginx-index
mountPath: /usr/share/nginx/html
- name: change-index
image: kubernetes-register.sswang.com/sswang/busybox:1.28
# 每过2秒更改一下文件内容
command: ['sh', '-c', 'for i in $(seq 100); do echo index-$i > /testdir/index.html;sleep 2;done']
volumeMounts:
- name: nginx-index
mountPath: /testdir
volumes:
- name: nginx-index
emptyDir: {}
hostPath实践
资源对象文件内容
apiVersion: v1
kind: Pod
metadata:
name: sswang-hostpath
spec:
volumes:
- name: redis-backup
hostPath:
path: /data/backup/redis
containers:
- name: hostpath-redis
image: kubernetes-register.sswang.com/sswang/redis:7.0.4
volumeMounts:
- name: redis-backup
mountPath: /data
应用配置
1 应用配置解析
k8s如何使用配置数据功能
2 配置文件实践
定制配置文件实践
定制资源清单文件
apiVersion: v1
kind: ConfigMap
metadata:
name: sswang-nginxconf
data:
default.conf: |
server {
listen 80;
server_name www.sswang.com;
location /nginx {
proxy_pass http://sswang-nginx-web/;
}
location /tomcat {
proxy_pass http://sswang-tomcat-web:8080/;
}
location / {
root /usr/share/nginx/html;
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: sswang-nginx-index
data:
index.html: "Hello Nginx, This is Nginx Web Page by sswang!!!\n"
定制nginx-proxy代理
apiVersion: apps/v1
kind: Deployment
metadata:
name: sswang-nginx-proxy
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: kubernetes-register.sswang.com/sswang/nginx_proxy:v0.1
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/conf.d/
readOnly: true
- name: nginxindex
mountPath: /usr/share/nginx/html/
readOnly: true
volumes:
- name: nginxconf
configMap:
name: sswang-nginxconf
- name: nginxindex
configMap:
name: sswang-nginx-index
---
apiVersion: v1
kind: Service
metadata:
name: superopsmsb-nginx-proxy
labels:
app: superopsmsb-nginx-proxy
spec:
selector:
app: nginx
ports:
- protocol: TCP
name: http
port: 80
targetPort: 80
3 敏感文件实践
定制配置文件
准备nginx容器的配置目录
mkdir tls-key
做证书
openssl genrsa -out tls-key/tls.key 2048
做成自签证书
openssl req -new -x509 -key tls-key/tls.key -out tls-key/tls.crt -subj "/CN=www.sswang.com"
定制专属nginx配置文件 nginx-conf-tls/default.conf
server {
listen 443 ssl;
server_name www.sswang.com;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
location / {
root /usr/share/nginx/html;
}
}
server {
listen 80;
server_name www.sswang.com;
return 301 https://$host$request_uri;
}
手工创建资源对象文件
创建cm资源对象
kubectl create configmap nginx-ssl-conf --from-file=nginx-conf-tls/
创建secret资源对象
kubectl create secret tls nginx-ssl-secret --cert=tls-key/tls.crt --key=tls-key/tls.key
定制资源清单文件
apiVersion: v1
kind: Pod
metadata:
name: sswang-nginx-ssl
spec:
containers:
- image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1
name: nginx-web
volumeMounts:
- name: nginxcerts
mountPath: /etc/nginx/certs/
readOnly: true
- name: nginxconfs
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: nginxcerts
secret:
secretName: nginx-ssl-secret
- name: nginxconfs
configMap:
name: nginx-ssl-conf
