今天准备来将Day04、Day06的东西布署上来。
先写个namespace的yaml之後,东西会放在这个namespace底下
这些所有的yaml都是执行 kubectl apply -f xxxx.yml
ithomelab-ns.yml
apiVersion: v1
kind: Namespace
metadata:
name: ithomelab
这边的话因为资料库连线字串的考量,程序的部分是设计在Production读取环境变数取得connection string(开发时读appsettings.json),而这边则是使用configMap将connection string储存起来,供之後deployment的环境变数读取。
### 程序码片段
if(Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")=="Production")
services.AddDbContext<BloggerContext>(options => options.UseNpgsql(Environment.GetEnvironmentVariable("ConnectionStrings")));
else
services.AddDbContext<BloggerContext>(options => options.UseNpgsql("name=ConnectionStrings:DefaultConnection"));
再多一点安全考量的话,则可以将这段connection string加密後再放入configMap,不过程序端也要实作对应的解密就对了。
kubectl create cm apicm --from-file=api-day04-cm -n ithomelab
Day04 API的deployment,api-day04-deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ithomelab-api-deployment
namespace: ithomelab
labels:
app: ithomelab-api
spec:
replicas: 1
selector:
matchLabels:
app: ithomelab-api
template:
metadata:
labels:
app: ithomelab-api
spec:
containers:
- name: api
image: registry.gitlab.com/gurubear-ithome-13th/homelabapi:Release-v0.0.1
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
- name: TZ
value: "Asia/Taipei"
- name: ConnectionStrings
valueFrom:
configMapKeyRef:
name: apicm
key: api-day04-cm
ports:
- containerPort: 7777
将API运行起来後,确实有读到
使用Port-forward 检查看看有没有正确显示API出来。
kubectl port-forward ithomelab-api-deployment-7bb967b947-xqgpb 7777:7777 -n ithomelab
一切正常,所以如法炮制布署Day06的react+nginx deployment,react-day06-deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ithomelab-react-deployment
namespace: ithomelab
labels:
app: ithomelab-react
spec:
replicas: 1
selector:
matchLabels:
app: ithomelab-react
template:
metadata:
labels:
app: ithomelab-react
spec:
containers:
- name: react
image: registry.gitlab.com/gurubear-ithome-13th/homelabreact:Release-v0.0.1
env:
- name: TZ
value: "Asia/Taipei"
ports:
- containerPort: 80
最後将两个deployment接出ClusterIP type的service,分别如下:
ithomelab-api-svc.yml
apiVersion: v1
kind: Service
metadata:
labels:
app: ithomelab-api
name: ithomelab-api-deployment
namespace: ithomelab
spec:
ports:
- port: 80
protocol: TCP
targetPort: 7777
selector:
app: ithomelab-api
sessionAffinity: None
type: ClusterIP
ithomelab-react-svc.yml
apiVersion: v1
kind: Service
metadata:
labels:
app: ithomelab-react
name: ithomelab-react-deployment
namespace: ithomelab
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: ithomelab-react
sessionAffinity: None
type: ClusterIP
检查一下service&endpoint的关系
最後总结一下今天布署的内容
突然想到提一下,因为这边都是从public registry去pull image所以没有权限的问题,如果要从private registry去pull的话就需要imagePullSecrets,而在gitlab上我习惯使用deploy tokens来做为帐密使用。
<<: [Day12] CH08:积沙成塔——Array & ArrayList(中)
目前都只有从 container 公开 port 并绑定到本机,使得 container 内的服务 ...
Day 30: Non-stop Learning 完赛心得 FRIENDS 瑜-FRIENDS A...
费根检查是一种依靠组检查方法的正式检查,即使它可以针对有限的一组预先确定的常见软件错误自动进行。 ....
介绍 I²C(Inter-Integrated Circuit)中文是内部整合电路,属於串列通讯汇流...
时间time模组 使用前要先import time Time()可以传回自1970/1/1以来的秒...