练习1
部署一个Deployment应用,使用secret普通卷,该应用启动依赖此secret。
Deployment的名称为<hwcka-005-1-你的华为云id>
将所用命令、创建的Deployment及secret的完整yaml截图上传,注意体现依赖特性,如secret删除后,应用无法启动。
首先准备一个自定义的docker镜像
vi a.sh
#!/bin/sh
user=$(cat /etc/secret-volume/username)
password=`cat /etc/secret-volume/password`
if [ "$user" = 'epm-user' -a "$password" = '123456' ]; then
echo 'Correct username and password! This busybox will serve you for 3600 seconds.'
sleep 3600
else
echo 'Incorrect username or password! This app will exit immediately.'
exit 1
fi
vi Dockerfile
FROM busybox:1.28
COPY a.sh /tmp/
ENTRYPOINT ["/bin/sh","-c","/tmp/a.sh"]
构建镜像,给镜像打标签,推送镜像
docker build -t mybox:v1 .
docker tag mybox:v1 192.168.202.130:80/dev/mybox:v1
docker push 192.168.202.130:80/dev/mybox:v1
vi secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: test-secret
data:
username: ZXBtLXVzZXI=
password: MTIzNDU2
[root@svn ch5]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: test-secret
data:
username: ZXBtLXVzZXI=
password: MTIzNDU2
vi secret-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-test-pod
spec:
containers:
- name: test-container
image: 192.168.202.130/dev/mybox:v1
volumeMounts:
# name must match the volume name below
- name: secret-volume
mountPath: /etc/secret-volume
# The secret data is exposed to Containers in the Pod through a Volume.
volumes:
- name: secret-volume
secret:
secretName: test-secret
直接运行kubectl apply -f secret-pod.yaml,此时因为缺少secret,运行失败。
[root@svn ch5]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 16 23h
secret-test-pod 0/1 ContainerCreating 0 9m1s
[root@svn ch5]# kubectl logs -f secret-test-pod
Error from server (BadRequest): container "test-container" in pod "secret-test-pod" is waiting to start: ContainerCreating
[root@svn ch5]# kubectl logs secret-test-pod
// omitted
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 10m default-scheduler Successfully assigned default/secret-test-pod to app.centos7.com
Warning FailedMount 116s (x12 over 10m) kubelet, app.centos7.com MountVolume.SetUp failed for volume "secret-volume" : secret "test-secret" not found
Warning FailedMount 78s (x4 over 8m7s) kubelet, app.centos7.com Unable to mount volumes for pod "secret-test-pod_default(949a1255-acfc-11e9-87b5-000c29ad265c)": timeout expired waiting for volumes to attach or mount for pod "default"/"secret-test-pod". list of unmounted volumes=[secret-volume]. list of unattached volumes=[secret-volume default-token-52b6b]
先运行kubectl apply -f secret.yaml,再运行kubectl apply -f secret-pod.yaml,则一切正常。
[root@svn ch5]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 16 23h
secret-test-pod 1/1 Running 0 3s
练习2
部署一个statefulset应用,使用持久化卷,通过pvc声明所需的存储大小10G及访问模式为RWX。
Deployment的名称为<hwcka-005-2-你的华为云id>
将所用命令、创建的statefulset及pvc的完整yaml和证明该应用有在存储中写内容的截图上传
vi mybox-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: mybox-pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/tmp"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mybox-pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
vi mybox-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: mybox
name: mybox
spec:
replicas: 1
selector:
matchLabels:
app: mybox
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: mybox
spec:
containers:
- image: busybox:1.28
name: busybox
command:
- sleep
- "3600"
volumeMounts:
- name: mybox-persistent-storage
mountPath: /tmp/
volumes:
- name: mybox-persistent-storage
persistentVolumeClaim:
claimName: mybox-pv-claim
运行kubectl -f mybox-pv.yaml和kubectl apply -f mybox-deploy.yaml。
然后以命令kubectl exec -it mybox-95c474b84-9qvkv -- sh进入Pod。
echo `date` > /tmp/joyo.txt
echo hi >> /tmp/joyo.txt
即使是kubectl delete -f mybox-deploy.yaml之后,在Deployment曾经运行的主机上,仍然可以
// cat /tmp/joyo.txt
Tue Jul 23 04:42:50 UTC 2019
hi