華爲雲 Kubernetes 管理員實訓 五 課後做業

練習1

部署一個Deployment應用，使用secret普通卷，該應用啓動依賴此secret。
Deployment的名稱爲<hwcka-005-1-你的華爲雲id>
將所用命令、建立的Deployment及secret的完整yaml截圖上傳，注意體現依賴特性，如secret刪除後，應用沒法啓動。

首先準備一個自定義的docker鏡像
vi a.sh

#!/bin/sh

user=$(cat /etc/secret-volume/username)
password=`cat /etc/secret-volume/password`

if [ "$user" = 'epm-user' -a "$password" = '123456' ]; then
    echo 'Correct username and password! This busybox will serve you for 3600 seconds.'
    sleep 3600
else
    echo 'Incorrect username or password! This app will exit immediately.'
    exit 1
fi

vi Dockerfile

FROM busybox:1.28

COPY a.sh /tmp/

ENTRYPOINT ["/bin/sh","-c","/tmp/a.sh"]

構建鏡像，給鏡像打標籤，推送鏡像

docker build -t mybox:v1 .

docker tag mybox:v1 192.168.202.130:80/dev/mybox:v1

docker push 192.168.202.130:80/dev/mybox:v1

vi secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  username: ZXBtLXVzZXI=
  password: MTIzNDU2
[root@svn ch5]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  username: ZXBtLXVzZXI=
  password: MTIzNDU2

vi secret-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: secret-test-pod
spec:
  containers:
    - name: test-container
      image: 192.168.202.130/dev/mybox:v1
      volumeMounts:
        # name must match the volume name below
        - name: secret-volume
          mountPath: /etc/secret-volume
  # The secret data is exposed to Containers in the Pod through a Volume.
  volumes:
    - name: secret-volume
      secret:
        secretName: test-secret

直接運行kubectl apply -f secret-pod.yaml，此時由於缺乏secret，運行失敗。

[root@svn ch5]# kubectl get pod
NAME              READY   STATUS              RESTARTS   AGE
busybox           1/1     Running             16         23h
secret-test-pod   0/1     ContainerCreating   0          9m1s

[root@svn ch5]# kubectl logs -f secret-test-pod
Error from server (BadRequest): container "test-container" in pod "secret-test-pod" is waiting to start: ContainerCreating

[root@svn ch5]# kubectl logs secret-test-pod
// omitted 
Events:
  Type     Reason       Age                  From                      Message
  ----     ------       ----                 ----                      -------
  Normal   Scheduled    10m                  default-scheduler         Successfully assigned default/secret-test-pod to app.centos7.com
  Warning  FailedMount  116s (x12 over 10m)  kubelet, app.centos7.com  MountVolume.SetUp failed for volume "secret-volume" : secret "test-secret" not found
  Warning  FailedMount  78s (x4 over 8m7s)   kubelet, app.centos7.com  Unable to mount volumes for pod "secret-test-pod_default(949a1255-acfc-11e9-87b5-000c29ad265c)": timeout expired waiting for volumes to attach or mount for pod "default"/"secret-test-pod". list of unmounted volumes=[secret-volume]. list of unattached volumes=[secret-volume default-token-52b6b]

先運行kubectl apply -f secret.yaml，再運行kubectl apply -f secret-pod.yaml，則一切正常。

[root@svn ch5]# kubectl get pod
NAME              READY   STATUS    RESTARTS   AGE
busybox           1/1     Running   16         23h
secret-test-pod   1/1     Running   0          3s

練習2

部署一個statefulset應用，使用持久化卷，經過pvc聲明所需的存儲大小10G及訪問模式爲RWX。
Deployment的名稱爲<hwcka-005-2-你的華爲雲id>
將所用命令、建立的statefulset及pvc的完整yaml和證實該應用有在存儲中寫內容的截圖上傳

vi mybox-pv.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mybox-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/tmp"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mybox-pv-claim
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi

vi mybox-deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: mybox
  name: mybox
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mybox
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: mybox
    spec:
      containers:
      - image: busybox:1.28
        name: busybox
        command:
          - sleep
          - "3600"
        volumeMounts:
        - name: mybox-persistent-storage
          mountPath: /tmp/
      volumes:
      - name: mybox-persistent-storage
        persistentVolumeClaim:
          claimName: mybox-pv-claim

運行kubectl -f mybox-pv.yaml和kubectl apply -f mybox-deploy.yaml。
而後以命令kubectl exec -it mybox-95c474b84-9qvkv -- sh進入Pod。

echo `date` > /tmp/joyo.txt
echo hi >> /tmp/joyo.txt

即便是kubectl delete -f mybox-deploy.yaml以後，在Deployment曾經運行的主機上，仍然能夠

// cat /tmp/joyo.txt
Tue Jul 23 04:42:50 UTC 2019
hi