K8s-应用数据

应用数据

1 应用数据解析

k8s应用数据类型和步骤解析

k8s如何使用数据功能

k8s使用各种数据类型的配置

2 应用数据实践

emptyDir实践

资源对象文件内容

apiVersion: v1
kind: Pod
metadata:
  name: sswang-emptydir
spec:
  containers:
  - name: nginx-web
    image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1
    volumeMounts:
    - name: nginx-index
      mountPath: /usr/share/nginx/html
  - name: change-index
    image: kubernetes-register.sswang.com/sswang/busybox:1.28
    # 每过2秒更改一下文件内容
    command: ['sh', '-c', 'for i in $(seq 100); do echo index-$i > /testdir/index.html;sleep 2;done']
    volumeMounts:
    - name: nginx-index
      mountPath: /testdir
  volumes:
  - name: nginx-index
    emptyDir: {}

hostPath实践

资源对象文件内容

apiVersion: v1
kind: Pod
metadata:
  name: sswang-hostpath
spec:
  volumes:
  - name: redis-backup
    hostPath:
     path: /data/backup/redis
  containers:
    - name: hostpath-redis
      image: kubernetes-register.sswang.com/sswang/redis:7.0.4
      volumeMounts:
       - name: redis-backup
         mountPath: /data

应用配置

1 应用配置解析

k8s如何使用配置数据功能

2 配置文件实践

定制配置文件实践

定制资源清单文件
apiVersion: v1
kind: ConfigMap
metadata:
  name: sswang-nginxconf
data:
  default.conf: |
    server {
        listen 80;
        server_name www.sswang.com;
        location /nginx {
          proxy_pass http://sswang-nginx-web/;
        }
        location /tomcat {
          proxy_pass http://sswang-tomcat-web:8080/;
        }
        location / {
            root /usr/share/nginx/html;
        }
    }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: sswang-nginx-index
data:
  index.html: "Hello Nginx, This is Nginx Web Page by sswang!!!\n"

定制nginx-proxy代理
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sswang-nginx-proxy
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: kubernetes-register.sswang.com/sswang/nginx_proxy:v0.1
        volumeMounts:
        - name: nginxconf
          mountPath: /etc/nginx/conf.d/
          readOnly: true
        - name: nginxindex
          mountPath: /usr/share/nginx/html/
          readOnly: true
      volumes:
      - name: nginxconf
        configMap:
          name: sswang-nginxconf
      - name: nginxindex
        configMap:
          name: sswang-nginx-index
---
apiVersion: v1
kind: Service
metadata:
  name: superopsmsb-nginx-proxy
  labels:
    app: superopsmsb-nginx-proxy
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      name: http
      port: 80
      targetPort: 80

3 敏感文件实践

定制配置文件

准备nginx容器的配置目录
mkdir tls-key

做证书
openssl  genrsa -out tls-key/tls.key 2048

做成自签证书
openssl req  -new -x509 -key tls-key/tls.key  -out tls-key/tls.crt -subj "/CN=www.sswang.com"

定制专属nginx配置文件  nginx-conf-tls/default.conf
server {
    listen 443 ssl;
    server_name www.sswang.com;
    ssl_certificate /etc/nginx/certs/tls.crt; 
    ssl_certificate_key /etc/nginx/certs/tls.key;
    location / {
        root /usr/share/nginx/html;
    }
}

server {
    listen 80;
    server_name www.sswang.com; 
    return 301 https://$host$request_uri; 
}

手工创建资源对象文件

创建cm资源对象
kubectl create configmap nginx-ssl-conf --from-file=nginx-conf-tls/

创建secret资源对象
kubectl create secret tls nginx-ssl-secret --cert=tls-key/tls.crt --key=tls-key/tls.key

定制资源清单文件
apiVersion: v1
kind: Pod
metadata:
  name: sswang-nginx-ssl
spec:
  containers:
  - image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1
    name: nginx-web
    volumeMounts:
    - name: nginxcerts
      mountPath: /etc/nginx/certs/
      readOnly: true
    - name: nginxconfs
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: nginxcerts
    secret:
      secretName: nginx-ssl-secret
  - name: nginxconfs
    configMap:
      name: nginx-ssl-conf