K8s-应用数据

news/2024/12/4 22:21:09/

应用数据

1 应用数据解析

k8s应用数据类型和步骤解析

k8s如何使用数据功能

k8s使用各种数据类型的配置

2 应用数据实践

emptyDir实践

资源对象文件内容

apiVersion: v1
kind: Pod
metadata:name: sswang-emptydir
spec:containers:- name: nginx-webimage: kubernetes-register.sswang.com/sswang/nginx_web:v0.1volumeMounts:- name: nginx-indexmountPath: /usr/share/nginx/html- name: change-indeximage: kubernetes-register.sswang.com/sswang/busybox:1.28# 每过2秒更改一下文件内容command: ['sh', '-c', 'for i in $(seq 100); do echo index-$i > /testdir/index.html;sleep 2;done']volumeMounts:- name: nginx-indexmountPath: /testdirvolumes:- name: nginx-indexemptyDir: {}

hostPath实践

资源对象文件内容

apiVersion: v1
kind: Pod
metadata:name: sswang-hostpath
spec:volumes:- name: redis-backuphostPath:path: /data/backup/rediscontainers:- name: hostpath-redisimage: kubernetes-register.sswang.com/sswang/redis:7.0.4volumeMounts:- name: redis-backupmountPath: /data

应用配置

1 应用配置解析

k8s如何使用配置数据功能

2 配置文件实践

定制配置文件实践

定制资源清单文件
apiVersion: v1
kind: ConfigMap
metadata:name: sswang-nginxconf
data:default.conf: |server {listen 80;server_name www.sswang.com;location /nginx {proxy_pass http://sswang-nginx-web/;}location /tomcat {proxy_pass http://sswang-tomcat-web:8080/;}location / {root /usr/share/nginx/html;}}
---
apiVersion: v1
kind: ConfigMap
metadata:name: sswang-nginx-index
data:index.html: "Hello Nginx, This is Nginx Web Page by sswang!!!\n"

定制nginx-proxy代理
apiVersion: apps/v1
kind: Deployment
metadata:name: sswang-nginx-proxylabels:app: nginx
spec:replicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: kubernetes-register.sswang.com/sswang/nginx_proxy:v0.1volumeMounts:- name: nginxconfmountPath: /etc/nginx/conf.d/readOnly: true- name: nginxindexmountPath: /usr/share/nginx/html/readOnly: truevolumes:- name: nginxconfconfigMap:name: sswang-nginxconf- name: nginxindexconfigMap:name: sswang-nginx-index
---
apiVersion: v1
kind: Service
metadata:name: superopsmsb-nginx-proxylabels:app: superopsmsb-nginx-proxy
spec:selector:app: nginxports:- protocol: TCPname: httpport: 80targetPort: 80

3 敏感文件实践

定制配置文件

准备nginx容器的配置目录
mkdir tls-key做证书
openssl  genrsa -out tls-key/tls.key 2048做成自签证书
openssl req  -new -x509 -key tls-key/tls.key  -out tls-key/tls.crt -subj "/CN=www.sswang.com"

定制专属nginx配置文件  nginx-conf-tls/default.conf
server {listen 443 ssl;server_name www.sswang.com;ssl_certificate /etc/nginx/certs/tls.crt; ssl_certificate_key /etc/nginx/certs/tls.key;location / {root /usr/share/nginx/html;}
}server {listen 80;server_name www.sswang.com; return 301 https://$host$request_uri; 
}

手工创建资源对象文件

创建cm资源对象
kubectl create configmap nginx-ssl-conf --from-file=nginx-conf-tls/创建secret资源对象
kubectl create secret tls nginx-ssl-secret --cert=tls-key/tls.crt --key=tls-key/tls.key

定制资源清单文件
apiVersion: v1
kind: Pod
metadata:name: sswang-nginx-ssl
spec:containers:- image: kubernetes-register.sswang.com/sswang/nginx_web:v0.1name: nginx-webvolumeMounts:- name: nginxcertsmountPath: /etc/nginx/certs/readOnly: true- name: nginxconfsmountPath: /etc/nginx/conf.d/readOnly: truevolumes:- name: nginxcertssecret:secretName: nginx-ssl-secret- name: nginxconfsconfigMap:name: nginx-ssl-conf