Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to verify secret and configmap in kubernetes". The explanation in this article is simple and clear, easy to learn and understand. Please follow the idea of Xiaobian and go deep into it slowly to study and learn "how to verify secret and configmap in kubernetes" together!

Deploy nginx on k8s with deployment and service, store SSL Certificates with secret, store nginx configuration file with configmap, and simply set up https service.

1, Create a deployment my-nginx with two pods

Edit deployment file

vi dep-nginx.yaml

apiVersion: apps/v1kind: Deploymentmetadata: name: my-nginxspec: selector: matchLabels: run: my-nginx replicas: 2 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80

Deployment pod:

kubectl apply -f dep-nginx.yaml

kubectl get pods -l run=my-nginx -o wide

#Check the IP address of the Pod

kubectl get pods -l run=my-nginx -o yaml | grep podIP

2, Create a new service for my-nginx

vi nginx-svc.yaml

apiVersion: v1kind: Servicemetadata: name: my-nginx labels: run: my-nginxspec: ports: - port: 80 targetPort: 80 protocol: TCP selector: run: my-nginx

kubectl apply -f nginx-svc.yaml

kubectl get svc my-nginx

kubectl get ep my-nginx

3. Verify the self-healing of pod

Remove pod from deployment

kubectl delete pods -l run=my-nginx

You can see that the deleted pod will be rebuilt and see the changes after reconstruction

kubectl exec my-nginx-3800858182-e9ihh -- printenv | grep SERVICE

dns of service

kubectl get services kube-dns --namespace=kube-system

kubectl run curl --image=radial/busyboxplus:curl -i --tty

busybox alternative to nslookup tool

https://github.com/cncf/curriculum

nslookup my-nginx

4, Add SSL Certificates for new nginx, Use it by creating a new secret

1) Self-certification

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /d/tmp/nginx.key -out /d/tmp/nginx.crt -subj "/CN=my-nginx/O=my-nginx"

encoding

echo -n "string"| base64

cat dockerconfig.json |base64 -w 0

decoding

echo "string" | base64 --decode

cat nginx.key |base64 -w 0

cat nginx.crt |base64 -w 0

2) Edit the secret file

vi nginxsecrets.yaml

apiVersion: "v1"kind: "Secret"metadata: name: "nginxsecret" namespace: "default"data: nginx.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJT" nginx.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ"

3) Deployment of secret

kubectl apply -f nginxsecrets.yaml

4) Check the new secret

kubectl get secrets

5) Edit the corresponding deployment and service configuration files

vi nginx-https.yaml

apiVersion: v1kind: Servicemetadata: name: nginx-https labels: run: nginx-httpsspec: type: NodePort ports: - port: 80 targetPort: 80 protocol: TCP name: http - port: 443 #Add port 443 protocol: TCP name: https selector: run: nginx-https---apiVersion: apps/v1kind: Deploymentmetadata: name: nginx-httpsspec: selector: matchLabels: run: nginx-https replicas: 1 template: metadata: labels: run: nginx-https spec: volumes: - name: secret-volume secret: secretName: nginxsecret #is the same as the name of the new secret containers: - name: nginxhttps image: nginx ports: - containerPort: 443 - containerPort: 80 volumeMounts: - mountPath: /etc/nginx/ssl #Set configuration file mount point name: secret-volume

Deployment and service

kubectl -f nginx-https.yaml

6) Log in pod and configure ssl, secret just add SSL Certificates, you have to modify the configuration file

kubectl exec -it nginx-https-6575cc58f5-7p28z -- /bin/bash

sed -i 'N;2a\ listen 443 ssl;' /etc/nginx/conf.d/default.conf

sed -i 'N;4a\ ssl_certificate /etc/nginx/ssl/nginx.crt;' /etc/nginx/conf.d/default.conf

sed -i 'N;6a\ ssl_certificate_key /etc/nginx/ssl/nginx.key;' /etc/nginx/conf.d/default.conf

nginx -s reload

7) Verification

Get POD IP

kubectl get pods -o yaml | grep -i podip

curl -k https://10.244.3.5

-k i.e. allows curl to connect and transfer data using ssl with unauthenticated certificates because certificates are not trusted

Browser Certificate Authority Inquiry: Browser Settings--Privacy and Security--Certificate Management

Linux path: /etc/ssl/certs

Get service IP

kubectl get svc | grep nginx-https | awk '{print $3}'

Visit Test:

curl -k https://10.1.71.99

Get service endpoints

kubectl get ep nginx-https

5, Just entered the container to modify the configuration is not nice, In fact, there is no need to manually, Use configmap nginx configuration into the container, Use like secret

vi https-nginx-configmap.yaml

apiVersion: apps/v1kind: Deploymentmetadata: name: https-nginxspec: selector: matchLabels: run: https-nginx replicas: 2 template: metadata: labels: run: https-nginx spec: volumes: - name: secret-volume secret: secretName: nginxsecret - name: config-volume configMap: name: nginx-config containers: - name: https-nginx image: nginx ports: - containerPort: 80 - containerPort: 443 volumeMounts: - mountPath: /etc/nginx/ssl name: secret-volume - mountPath: /etc/nginx/conf.d name: config-volume---apiVersion: v1kind: Servicemetadata: name: https-nginx labels: run: https-nginxspec: type: NodePort ports: - port: 80 targetPort: 80 protocol: TCP name: http - port: 443 targetPort: 443 protocol: TCP name: https selector: run: https-nginx---apiVersion: v1kind: ConfigMapmetadata: name: nginx-configdata: nginx.conf: | server { listen 80; listen [::]:80; listen 443 ssl; server_name localhost; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }

kubectl apply -f https-nginx-configmap.yaml

kubectl get deployments

kubectl get svc

kubectl get cm

Thank you for reading, the above is the content of "how to verify secret and configmap in kubernetes", after learning this article, I believe everyone has a deeper understanding of how to verify secret and configmap in kubernetes, and the specific use situation needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.