In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly explains "how to verify secret and configmap in kubernetes". The explanation in this article is simple and clear, easy to learn and understand. Please follow the idea of Xiaobian and go deep into it slowly to study and learn "how to verify secret and configmap in kubernetes" together!
Deploy nginx on k8s with deployment and service, store SSL Certificates with secret, store nginx configuration file with configmap, and simply set up https service.
1, Create a deployment my-nginx with two pods
Edit deployment file
vi dep-nginx.yaml
apiVersion: apps/v1kind: Deploymentmetadata: name: my-nginxspec: selector: matchLabels: run: my-nginx replicas: 2 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80
Deployment pod:
kubectl apply -f dep-nginx.yaml
kubectl get pods -l run=my-nginx -o wide
#Check the IP address of the Pod
kubectl get pods -l run=my-nginx -o yaml | grep podIP
2, Create a new service for my-nginx
vi nginx-svc.yaml
apiVersion: v1kind: Servicemetadata: name: my-nginx labels: run: my-nginxspec: ports: - port: 80 targetPort: 80 protocol: TCP selector: run: my-nginx
kubectl apply -f nginx-svc.yaml
kubectl get svc my-nginx
kubectl get ep my-nginx
3. Verify the self-healing of pod
Remove pod from deployment
kubectl delete pods -l run=my-nginx
You can see that the deleted pod will be rebuilt and see the changes after reconstruction
kubectl exec my-nginx-3800858182-e9ihh -- printenv | grep SERVICE
dns of service
kubectl get services kube-dns --namespace=kube-system
kubectl run curl --image=radial/busyboxplus:curl -i --tty
busybox alternative to nslookup tool
https://github.com/cncf/curriculum
nslookup my-nginx
4, Add SSL Certificates for new nginx, Use it by creating a new secret
1) Self-certification
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /d/tmp/nginx.key -out /d/tmp/nginx.crt -subj "/CN=my-nginx/O=my-nginx"
encoding
echo -n "string"| base64
cat dockerconfig.json |base64 -w 0
decoding
echo "string" | base64 --decode
cat nginx.key |base64 -w 0
cat nginx.crt |base64 -w 0
2) Edit the secret file
vi nginxsecrets.yaml
apiVersion: "v1"kind: "Secret"metadata: name: "nginxsecret" namespace: "default"data: nginx.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lKQUp5M3lQK0pzMlpJT" nginx.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ"
3) Deployment of secret
kubectl apply -f nginxsecrets.yaml
4) Check the new secret
kubectl get secrets
5) Edit the corresponding deployment and service configuration files
vi nginx-https.yaml
apiVersion: v1kind: Servicemetadata: name: nginx-https labels: run: nginx-httpsspec: type: NodePort ports: - port: 80 targetPort: 80 protocol: TCP name: http - port: 443 #Add port 443 protocol: TCP name: https selector: run: nginx-https---apiVersion: apps/v1kind: Deploymentmetadata: name: nginx-httpsspec: selector: matchLabels: run: nginx-https replicas: 1 template: metadata: labels: run: nginx-https spec: volumes: - name: secret-volume secret: secretName: nginxsecret #is the same as the name of the new secret containers: - name: nginxhttps image: nginx ports: - containerPort: 443 - containerPort: 80 volumeMounts: - mountPath: /etc/nginx/ssl #Set configuration file mount point name: secret-volume
Deployment and service
kubectl -f nginx-https.yaml
6) Log in pod and configure ssl, secret just add SSL Certificates, you have to modify the configuration file
kubectl exec -it nginx-https-6575cc58f5-7p28z -- /bin/bash
sed -i 'N;2a\ listen 443 ssl;' /etc/nginx/conf.d/default.conf
sed -i 'N;4a\ ssl_certificate /etc/nginx/ssl/nginx.crt;' /etc/nginx/conf.d/default.conf
sed -i 'N;6a\ ssl_certificate_key /etc/nginx/ssl/nginx.key;' /etc/nginx/conf.d/default.conf
nginx -s reload
7) Verification
Get POD IP
kubectl get pods -o yaml | grep -i podip
curl -k https://10.244.3.5
-k i.e. allows curl to connect and transfer data using ssl with unauthenticated certificates because certificates are not trusted
Browser Certificate Authority Inquiry: Browser Settings--Privacy and Security--Certificate Management
Linux path: /etc/ssl/certs
Get service IP
kubectl get svc | grep nginx-https | awk '{print $3}'
Visit Test:
curl -k https://10.1.71.99
Get service endpoints
kubectl get ep nginx-https
5, Just entered the container to modify the configuration is not nice, In fact, there is no need to manually, Use configmap nginx configuration into the container, Use like secret
vi https-nginx-configmap.yaml
apiVersion: apps/v1kind: Deploymentmetadata: name: https-nginxspec: selector: matchLabels: run: https-nginx replicas: 2 template: metadata: labels: run: https-nginx spec: volumes: - name: secret-volume secret: secretName: nginxsecret - name: config-volume configMap: name: nginx-config containers: - name: https-nginx image: nginx ports: - containerPort: 80 - containerPort: 443 volumeMounts: - mountPath: /etc/nginx/ssl name: secret-volume - mountPath: /etc/nginx/conf.d name: config-volume---apiVersion: v1kind: Servicemetadata: name: https-nginx labels: run: https-nginxspec: type: NodePort ports: - port: 80 targetPort: 80 protocol: TCP name: http - port: 443 targetPort: 443 protocol: TCP name: https selector: run: https-nginx---apiVersion: v1kind: ConfigMapmetadata: name: nginx-configdata: nginx.conf: | server { listen 80; listen [::]:80; listen 443 ssl; server_name localhost; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
kubectl apply -f https-nginx-configmap.yaml
kubectl get deployments
kubectl get svc
kubectl get cm
Thank you for reading, the above is the content of "how to verify secret and configmap in kubernetes", after learning this article, I believe everyone has a deeper understanding of how to verify secret and configmap in kubernetes, and the specific use situation needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.