docker-compose、k8s部署sftp
一、atmoz/sftp生成容器说明
1、生成容器目录且不映射到本地磁盘(不建议)
version: '2'
services:
sftp:
image: atmoz/sftp
container_name: sftp1
restart: always
ports:
- "2222:22"
command: sftp1:sftp1:2000:2000:test1/test3,test2 #用户名:密码:uid:gid:文件夹1/子文件夹1,文件夹2,文件夹3
注:上面的yaml会在容器中的/home下生成用户名(sftp1)的文件夹,在其中有test1和test2两个文件夹,test1里有test3文件夹,数据文件只能放到 叶子文件夹里。
2、生成容器目录映射到本地磁盘
version: '2'
services:
sftp:
image: atmoz/sftp
container_name: sftp1
restart: always
volumes:
- ./data/sftp1:/home/sftp1
ports:
- "2222:22"
command: sftp1:sftp1:2000:2000:test1/test3,test2 #用户名:密码:uid:gid:文件夹1/子文件夹1,文件夹2,文件夹3
注:上面的yaml会在容器中的/home下生成用户名(sftp1)的文件夹,在其中有test1和test2两个文件夹,test1里有test3文件夹,数据文件只能放到 叶子文件夹里。
3、多个用户,主用户创建多个文件夹,其他用户读写某个文件夹
[root@app01 test]# vim users.conf
sftp2:sftp2:2000:2000
sftp3:sftp3:2000:2000
version: '2'
services:
sftp:
image: atmoz/sftp
container_name: sftp1
restart: always
volumes:
- ./data/sftp1:/home/sftp1
- ./data/sftp1/test1:/home/sftp2
- ./data/sftp1/test2:/home/sftp3
- ./users.conf:/etc/sftp/users.conf:ro
ports:
- "2222:22"
command: sftp1:sftp1:2000:2000:test1/test3,test2/test4 #用户名:密码:uid:gid:文件夹1/子文件夹1,文件夹2,文件夹3
二、从windows系统mount过来的文件夹,只有一个读用户
1、docker-compose部署sftp
1、把windows的目录mount过来
vim mount.sh
mount -t cifs -o username=administrator,password=zjMEHECOddi0623,vers=3,uid=2000,gid=2000 //10.110.1.186/xzzjpath /home/xzzj/sftp/data/ftp/data
username:是Window系统登录用户名
password:Window系统登录密码
//10.110.1.186/xzzjpath:设置Windows共享目录的路径, ip加共享文件名
/home/xzzj/sftp/data/ftp/data:挂载到linux下的那个目录
删除mount
umount /home/xzzj/sftp/data/ftp/data
2、docker-compose部署sftp:
version: '2'
services:
sftp:
image: atmoz/sftp
volumes:
- /home/xzzj/sftp/data/ftp:/home/ftp
ports:
- "2222:22"
command: ftp:ftp123:2000:2000
2、k8s部署sftp
1、把windows的目录mount过来
vim mount.sh
mount -t cifs -o username=DDI_FC,password=123456qw@,vers=3,uid=2001,gid=2001 //10.10.8.248/sddiFTPPath /home/k8s-1.19.2/paas-basic/sftp/sftppath/data
2、k8s部署sftp
sftp-user1-service.yaml
apiVersion: v1
kind: Service
metadata:
name: sftp-user1-service
labels:
app: sftp-user1-service-label
namespace: paas-basic
spec:
selector:
app: sftp-user1-pod
type: NodePort
ports:
- name: sftp-user1
port: 22
targetPort: 22
nodePort: 30023
protocol: TCP
sftp-user1-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sftp-user1-deploy
namespace: paas-basic
labels:
name: sftp-user1-deploy-label
spec:
replicas: 1
minReadySeconds: 60 # 容器启动创建X秒后服务可用
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
app: sftp-user1-pod
template:
metadata:
labels:
app: sftp-user1-pod
spec:
terminationGracePeriodSeconds: 30 #k8s正确、优雅地关闭应用,等待时间30秒
nodeSelector:
sftp: "true"
containers:
- name: sftp-user1-container
image: atmoz/sftp
imagePullPolicy: IfNotPresent
ports:
- containerPort: 22
volumeMounts:
- name: sftp-volume1
mountPath: /home/hsadmin
env:
- name: user
value: "hsadmin"
- name: passwd
value: "654321"
command: ["/entrypoint", "$(user):$(passwd):2001:2001"]
volumes:
- name: sftp-volume1
hostPath:
path: /home/k8s-1.19.2/paas-basic/sftp/sftppath
三、多个用户,一个是主用户,其他是普通用户
1、docker-compose部署sftp
[root@app01 test]# vim users.conf
sftp2:sftp2:2000:2000
sftp3:sftp3:2000:2000
version: '2'
services:
sftp:
image: atmoz/sftp
container_name: sftp1
restart: always
volumes:
- ./data/sftp1:/home/sftp1
- ./data/sftp1/test1:/home/sftp2
- ./data/sftp1/test2:/home/sftp3
- ./users.conf:/etc/sftp/users.conf:ro
ports:
- "2222:22"
command: sftp1:sftp1:2000:2000:test1/test3,test2/test4 #用户名:密码:uid:gid:文件夹1/子文件夹1,文件夹2,文件夹3
2、k8s部署sftp
在运行sftp的服务器上创建用户配置文件users.conf,
gensci.net:gensci.net#123!:1001:1001
test1:test1:1001:1001
sftp-owner-service.yml
apiVersion: v1
kind: Service
metadata:
name: sftp-owner-service
labels:
app: sftp-owner-service-label
namespace: paas-basic
spec:
selector:
app: sftp-owner-pod
type: NodePort
ports:
- name: sftp-owner
port: 22
targetPort: 22
nodePort: 30023
protocol: TCP
sftp-owner-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sftp-owner-deploy
namespace: paas-basic
labels:
name: sftp-owner-deploy-label
spec:
replicas: 1
minReadySeconds: 60 # 容器启动创建X秒后服务可用
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
app: sftp-owner-pod
template:
metadata:
labels:
app: sftp-owner-pod
spec:
terminationGracePeriodSeconds: 30 #k8s正确、优雅地关闭应用,等待时间30秒
nodeSelector:
sftp: "true"
containers:
#用户gensci
- name: sftp-owner-container
image: atmoz/sftp
imagePullPolicy: IfNotPresent
ports:
- containerPort: 22
volumeMounts:
- name: sftp-volume
mountPath: /home
- name: sftp-volume1
mountPath: /etc/sftp/users.conf:ro
- name: sftp-volume2
mountPath: /home/gensci.net/data/Net
- name: sftp-volume3
mountPath: /home/test1/data/Net:ro # 默认是读写rw
env:
- name: user
value: "gensci"
- name: passwd
value: "gensciprd@123#"
- name: path
value: "data/Original,data/Master_Company,data/Monthly,data/Daily,data/Net"
command: ["/entrypoint", "$(user):$(passwd):1001:1001:$(path)"]
volumes:
- name: sftp-volume
hostPath:
path: /home/ctocyw/k8s-1.19.2/paas-basic/sftp/sftppath
- name: sftp-volume1
hostPath:
path: /home/ctocyw/k8s-1.19.2/paas-basic/sftp/users.conf
- name: sftp-volume2
hostPath:
path: /home/ctocyw/k8s-1.19.2/paas-basic/sftp/sftppath/gensci/data/Net
- name: sftp-volume3
hostPath:
path: /home/ctocyw/k8s-1.19.2/paas-basic/sftp/sftppath/gensci/data/Net
四、多个用户,多个访问地址
1、docker-compose部署sftp,tom用户写,leo用户读:
version: '2.1'
services:
sftp1:
image: atmoz/sftp
# 建议作为基础目录结构容器
container_name: sftp_tom
restart: always
cap_add:
- SYS_ADMIN
volumes:
# 可以将用户存储在配置中,启动容器时自动创建
#- ./leo_users.conf:/etc/sftp/users.conf:ro
- ./mySftpVolume:/home
command:
- tom:123:1001:1001:tom1/test1,tom1/test2,tom2
ports:
- "2224:22"
sftp2:
image: atmoz/sftp
# 作为基于sftp容器分配ro/rw目录的容器
container_name: sftp_leo
restart: always
depends_on:
- sftp1
cap_add:
- SYS_ADMIN
volumes:
# 可以将用户存储在配置中,启动容器时自动创建
#- ./leo_users.conf:/etc/sftp/users.conf:ro
# 配置对sftp1中tom1/test1只读(ro)权限和tom2读写(rw)权限
- ./mySftpVolume/tom/tom1/test1:/home/leo/tom1/test1:ro
- ./mySftpVolume/tom/tom2:/home/leo/tom2
command:
# 配置用户和依赖容器中用户UID/GID一致,在没有指定挂载目录为:ro的情况下则具有读写权限。
- leo:123:1001:1001
ports:
- "2225:22"
2、k8s部署sftp
sftp-owner-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sftp-owner-deploy
namespace: paas-basic
labels:
name: sftp-owner-deploy-label
spec:
replicas: 1
minReadySeconds: 60 # 容器启动创建X秒后服务可用
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
app: sftp-owner-pod
template:
metadata:
labels:
app: sftp-owner-pod
spec:
terminationGracePeriodSeconds: 30 #k8s正确、优雅地关闭应用,等待时间30秒
nodeSelector:
sftp: "true"
containers:
- name: sftp-owner-container
image: atmoz/sftp
imagePullPolicy: IfNotPresent
ports:
- containerPort: 22
volumeMounts:
- name: sftp-volume
mountPath: /home
env:
- name: user
value: "tom"
- name: passwd
value: "123"
- name: path
value: "tom1/test1,tom1/test2,tom2"
command: ["/entrypoint", "$(user):$(passwd):1001:1001:$(path)"]
volumes:
- name: sftp-volume
hostPath:
path: /home/simon/k8s-1.19.2/paas-basic/sftp/volume
sftp-owner-service.yml
apiVersion: v1
kind: Service
metadata:
name: sftp-owner-service
labels:
app: sftp-owner-service-label
namespace: paas-basic
spec:
selector:
app: sftp-owner-pod
type: NodePort
ports:
- name: sftp-owner
port: 22
targetPort: 22
nodePort: 30022
protocol: TCP
sftp-user1-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sftp-user1-deploy
namespace: paas-basic
labels:
name: sftp-user1-deploy-label
spec:
replicas: 1
minReadySeconds: 60 # 容器启动创建X秒后服务可用
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
selector:
matchLabels:
app: sftp-user1-pod
template:
metadata:
labels:
app: sftp-user1-pod
spec:
terminationGracePeriodSeconds: 30 #k8s正确、优雅地关闭应用,等待时间30秒
nodeSelector:
sftp: "true"
containers:
- name: sftp-user1-container
image: atmoz/sftp
imagePullPolicy: IfNotPresent
ports:
- containerPort: 22
volumeMounts:
- name: sftp-volume1
mountPath: /home/leo/tom1/test1:ro
- name: sftp-volume2
mountPath: /home/leo/tom2
env:
- name: user
value: "leo"
- name: passwd
value: "123"
command: ["/entrypoint", "$(user):$(passwd):1001:1001"]
volumes:
- name: sftp-volume1
hostPath:
path: /home/simon/k8s-1.19.2/paas-basic/sftp/volume/tom/tom1/test1
- name: sftp-volume2
hostPath:
path: /home/simon/k8s-1.19.2/paas-basic/sftp/volume/tom/tom2
sftp-user1-service.yml
apiVersion: v1
kind: Service
metadata:
name: sftp-user1-service
labels:
app: sftp-user1-service-label
namespace: paas-basic
spec:
selector:
app: sftp-user1-pod
type: NodePort
ports:
- name: sftp-user1
port: 22
targetPort: 22
nodePort: 30023
protocol: TCP