search

essie-chiang / blog-incubator

0 stars 0 forks source link

ocp study daily log - network ingress #23

Open essie-chiang opened 10 months ago

essie-chiang commented 10 months ago

cat ~/DO280/labs/network-ingress/todo-app-v1.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-http
  labels:
    app: todo-http
    name: todo-http
  namespace: network-ingress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: todo-http
      name: todo-http
  template:
    metadata:
      labels:
        app: todo-http
        name: todo-http
    spec:
      containers:
      - resources:
          limits:
            cpu: '0.5'
        image: registry.ocp4.example.com:8443/redhattraining/todo-angular:v1.1
        name: todo-http
        ports:
        - containerPort: 8080
          name: todo-http
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: todo-http
    name: todo-http
  name: todo-http
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    name: todo-http
essie-chiang commented 10 months ago

cat todo-app-v2.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: todo-https
  labels:
    app: todo-https
    name: todo-https
  namespace: network-ingress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: todo-https
      name: todo-https
  template:
    metadata:
      labels:
        app: todo-https
        name: todo-https
    spec:
      containers:
      - resources:
          limits:
            cpu: '0.5'
        image: registry.ocp4.example.com:8443/redhattraining/todo-angular:v1.2
        name: todo-https
        ports:
        - containerPort: 8080
          name: todo-http
        - containerPort: 8443
          name: todo-https
        volumeMounts:
        - name: tls-certs
          readOnly: true
          mountPath: /usr/local/etc/ssl/certs
      resources:
        limits:
          memory: 64Mi
      volumes:
      - name: tls-certs
        secret:
          secretName: todo-certs
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: todo-https
    name: todo-https
  name: todo-https
spec:
  ports:
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 8443
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    name: todo-https
essie-chiang commented 10 months ago

secret

A secret volume is used to pass sensitive information, such as passwords, to Pods. You can store secrets in the Kubernetes API and mount them as files for use by pods without coupling to Kubernetes directly. secret volumes are backed by tmpfs (a RAM-backed filesystem) so they are never written to non-volatile storage. Note:

You must create a Secret in the Kubernetes API before you can use it.

A Secret is always mounted as readOnly.

A container using a Secret as a [subPath](https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath) volume mount will not receive Secret updates.

For more details, see Configuring Secrets.

essie-chiang commented 10 months ago

$ cat ~/DO280/labs/network-policy/display-project-info.sh

#!/usr/bin/bash

if oc get project -o jsonpath='{.items[*].metadata.name}' | grep -q network-policy
then
  echo "==================================================================="
  echo "PROJECT: network-policy"
  echo
  oc get pods -o custom-columns="POD NAME:.metadata.name,IP ADDRESS:.status.podIP" -n network-policy
  echo
  oc get svc -o custom-columns="SERVICE NAME:.metadata.name,CLUSTER-IP:.spec.clusterIP" -n network-policy
  echo
  oc get route -o custom-columns="ROUTE NAME:.metadata.name,HOSTNAME:.spec.host,PORT:.spec.port.targetPort" -n network-policy
  echo
  echo "==================================================================="
fi

if oc get project -o jsonpath='{.items[*].metadata.name}' | grep -q different-namespace
then
  echo "PROJECT: different-namespace"
  echo
  oc get pods -o custom-columns="POD NAME:.metadata.name" -n different-namespace
  echo
  echo "==================================================================="
fi
essie-chiang commented 9 months ago

=================================================================== PROJECT: network-policy

POD NAME IP ADDRESS hello-7d44d9b887-f77j2 10.8.0.68 test-7986c46b6f-qgvp9 10.8.0.69

SERVICE NAME CLUSTER-IP hello 172.30.163.223 test 172.30.170.224

ROUTE NAME HOSTNAME PORT hello hello-network-policy.apps.ocp4.example.com 8080-tcp

===================================================================

essie-chiang commented 9 months ago

=================================================================== PROJECT: network-policy

POD NAME IP ADDRESS hello-7d44d9b887-f77j2 10.8.0.68 test-7986c46b6f-qgvp9 10.8.0.69

SERVICE NAME CLUSTER-IP hello 172.30.163.223 test 172.30.170.224

ROUTE NAME HOSTNAME PORT hello hello-network-policy.apps.ocp4.example.com 8080-tcp

=================================================================== PROJECT: different-namespace

POD NAME sample-app-6bb5944b6f-nh45l

===================================================================