For example, run Drupal app using nginx:stable-alpine + drupal:8.6-fpm-alpine.
nginx container needs to share /var/www/html from drupal container to deliver static contents.
drupal container should persist or mount site-data /var/www/html/sites from external storage using volume such as GCP-PD.
in this case, locally docker-compose.yml is below.
version: "3"
volumes:
www-data:
services:
drupal:
image: "drupal:8.6-fpm-alpine"
volumes:
- "www-data:/var/www/html"
- "./sites:/var/www/html/sites"
# ...
nginx;
image: "nginx:stable-alpine"
depends_on:
- drupal
volumes:
- "www-data:/var/www/html"
# ...
# ...
how to translate to k8s deployment.yml?
(EDIT) I tried following and it didn't work.
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydrupal
labels:
app.kubernetes.io/name: mydrupal
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: mydrupal
template:
metadata:
labels:
app.kubernetes.io/name: mydrupal
spec:
volumes:
- name: drupal-data
persistentVolumeClaim:
claimName: "drupal-pvc"
# keep default files for the drupal installer, and chown.
initContainers:
- name: init-drupal-data
image: drupal:8.6-fpm-alpine
imagePullPolicy: IfNotPresent
command: ['sh', '-c']
args: ['cp -r -u /var/www/html/sites/* /tmp/drupal; chown -R www-data:www-data /tmp/drupal']
volumeMounts:
- name: drupal-data
mountPath: /tmp/drupal
subPath: sites
securityContext:
# www-data
fsGroup: 33
containers:
- name: drupal
image: drupal:8.6-fpm-alpine
imagePullPolicy: IfNotPresent
volumeMounts:
# I want to sharing this directory with nginx container.
- name: drupal-data
mountPath: /var/www/html
# I want to persist this directory using external managed storage.
- name: drupal-data
mountPath: /var/www/html/sites
subPath: sites
resources:
limits:
cpu: 800m
memory: 512Mi
requests:
cpu: 200m
memory: 256Mi
- name: nginx
image: nginx:1.14-alpine
imagePullPolicy: IfNotPresent
volumeMounts:
- name: drupal-data
mountPath: /usr/share/nginx/html
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 120
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
I read the volume, pv, pvc docs.
but not found any solutions for how to expose directory inside container as volume.
any ideas?
Take a look at hostPath that will allow you to use a local folder as persistent storage. https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
There are some learning curve and configuration differences based on how your kubernetes cluster was setup for other types of pv/pvc.
Related
I have a docker-compose.yml file that has my configuration on importing an external file that installs a postgis configuration when creating a docker image for Postgres,
This is the docker file
services:
postgres:
container_name: postgres_db
build:
context: .
dockerfile: Dockerfile-db
image: postgres
environment:
POSTGRES_USER: admin
POSTGRES_PASSWORD: password
PGDATA: /data/postgres
volumes:
- postgres:/data/postgres
ports:
- "5454:5454"
networks:
- postgres
the file am importing is called Dockerfile-db .
FROM postgres:14.1
RUN apt-get update && apt-get install -y postgresql-14-postgis-3
CMD ["/usr/local/bin/docker-entrypoint.sh","postgres"]
How can I do the same import on a K8 manifest file. this is where I add the database
spec:
serviceName: zone-service-db-service
selector:
matchLabels:
app: zone-service-db
replicas: 1
template:
metadata:
labels:
app: zone-service-db
spec:
tolerations:
- key: "podType"
operator: "Equal"
value: "isDB"
effect: "NoSchedule"
containers:
- name: postgres
image: postgres:latest
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: zone-service-db
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
resources:
requests:
memory: '256Mi'
cpu: '100m'
limits:
memory: '256Mi'
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: zone-service-pv-claim
How can I import the Dockerfile-db on the k8 manifest file and be called during the creating of the Postgres container and have the extensions available on the docker-image? Any help is appreciated
I believe you are getting this error
ERROR: type "geometry" does not exist
The file you have added above will mostly work with docker-compose but for Kubernetes, to have both Postgress and Postgis work together you will have to us the postgis image instead of the postgres image like this
spec:
serviceName: zone-service-db-service
selector:
matchLabels:
app: zone-service-db
replicas: 1
template:
metadata:
labels:
app: zone-service-db
spec:
tolerations:
- key: "podType"
operator: "Equal"
value: "isDB"
effect: "NoSchedule"
containers:
- name: postgres
image: postgis/postgis:latest
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: zone-service-db
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
resources:
requests:
memory: '256Mi'
cpu: '100m'
limits:
memory: '256Mi'
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: zone-service-pv-claim
Try this and advise. No need to import external files.
I am using Cassandra image w.r.t.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cassandra
labels:
app: cassandra
spec:
serviceName: cassandra
replicas: 3
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: cassandra
image: gcr.io/google-samples/cassandra:v13
imagePullPolicy: Always
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
resources:
limits:
cpu: "500m"
memory: 1Gi
requests:
cpu: "500m"
memory: 1Gi
securityContext:
capabilities:
add:
- IPC_LOCK
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- nodetool drain
env:
- name: MAX_HEAP_SIZE
value: 512M
- name: HEAP_NEWSIZE
value: 100M
- name: CASSANDRA_SEEDS
value: "cassandra-0.cassandra.default.svc.cluster.local"
- name: CASSANDRA_CLUSTER_NAME
value: "K8Demo"
- name: CASSANDRA_DC
value: "DC1-K8Demo"
- name: CASSANDRA_RACK
value: "Rack1-K8Demo"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /ready-probe.sh
initialDelaySeconds: 15
timeoutSeconds: 5
# These volume mounts are persistent. They are like inline claims,
# but not exactly because the names need to match exactly one of
# the stateful pod volumes.
volumeMounts:
- name: cassandra-data
mountPath: /cassandra_data
# These are converted to volume claims by the controller
# and mounted at the paths mentioned above.
# do not use these in production until ssd GCEPersistentDisk or other ssd pd
volumeClaimTemplates:
- metadata:
name: cassandra-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: fast
resources:
requests:
storage: 1Gi
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: fast
provisioner: k8s.io/minikube-hostpath
parameters:
type: pd-ssd
Now I need to add below line to cassandra-env.sh in postStart or in cassandra yaml file:
-JVM_OPTS="$JVM_OPTS
-javaagent:$CASSANDRA_HOME/lib/cassandra-exporter-agent-<version>.jar"
Now I was able to achieve this, but after this step, Cassandra requires a restart but as it's already running as a pod, I don't know how to restart the process. So is there any way that this step is done prior to running the pod and not after it is up?
I was suggested below solution:-
This won’t work. Commands that run postStart don’t impact the running container. You need to change the startup commands passed to Cassandra.
The only way that I know to do this is to create a new container image in the artifactory based on the existing image. and pull from there.
But I don't know how to achieve this.
I'm trying to deploy rocketmq on my testing cluster. I started from the scripts provided in the apache/rocketmq-docker repo on github, but they do not work. I created my own yaml deployment starting from the one in the repo I previously cited, and it works for mqnamsrv, but not for broker. In the following the 2 deployments:
apiVersion: apps/v1
kind: Deployment
metadata:
name: rocketmq-namesrv
spec:
replicas: 1
selector:
matchLabels:
app: rocketmq-namesrv
template:
metadata:
labels:
app: rocketmq-namesrv
spec:
containers:
- name: namesrv
image: myrepo/rocketmq:4.9.3-alpine
command: ["sh", "mqnamesrv"]
imagePullPolicy: IfNotPresent
resources:
limits:
memory: "128Mi"
cpu: "400m"
ports:
- containerPort: 9876
volumeMounts:
- name: namesrv-log
mountPath: /var/log
volumes:
- name: namesrv-log
persistentVolumeClaim:
claimName: rocketmq-namesrv-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rocketmq-broker
spec:
replicas: 1
selector:
matchLabels:
app: rocketmq-broker
template:
metadata:
labels:
app: rocketmq-broker
spec:
containers:
- name: broker
image: myrepo/rocketmq:4.9.3-alpine
command: ["sh", "mqbroker", "-n", "localhost:9876"]
imagePullPolicy: IfNotPresent
resources:
limits:
memory: "128Mi"
cpu: "400m"
ports:
- containerPort: 10909
- containerPort: 10911
volumeMounts:
- name: broker-log
mountPath: /var/log
- name: broker-store
mountPath: /home/rocketmq
volumes:
- name: broker-log
persistentVolumeClaim:
claimName: rocketmq-broker-log-pvc
- name: broker-store
persistentVolumeClaim:
claimName: rocketmq-broker-store-pvc
The image rocketmq:4.9.3-alpine was created following the procedure on the apache/rocketmq-docker repo.
After the deployment the rocketmq-namesrv works, but the broker's pod logs: sh: can't open 'mqbroker': No such file or directory. ut if I try to run manually the container with kubectl run -ti rocketmq-broker --image=myrepo/rocketmq:4.9.3-alpine --restart=Never -- sh mqbroker -n localhost:9876 it works...
What could it be the problem in the yaml? Am I making something wrong?
I think the problem is with the mount path.
- name: broker-store
mountPath: /home/rocketmq
So your binaries won't be there and so the error
I am trying to load elasticsearch.yml file using ConfigMap while installing ElasticSearch using Kubernetes.
kubectl create configmap elastic-config --from-file=./elasticsearch.yml
The elasticsearch.yml file is loaded in the container with root as its owner and read-only permission (https://github.com/kubernetes/kubernetes/issues/62099). Since, ElasticSearch will not start with root ownership, the pod crashes.
As a work-around, I tried to mount the ConfigMap to a different file and then copy it to the config directory using an initContainer. However, the file in the config directory does not seem to be updated.
Is there anything that I am missing or is there any other way to accomplish this?
ElasticSearch Kubernetes StatefulSet:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
labels:
app: elasticservice
spec:
serviceName: elasticsearch
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: elastic-config-vol
mountPath: /tmp/elasticsearch
- name: elastic-storage
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: docker-elastic
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.zen.ping.unicast.hosts
value: "elastic-service"
- name: discovery.zen.minimum_master_nodes
value: "1"
- name: node.master
value: "true"
- name: node.data
value: "true"
- name: ES_JAVA_OPTS
value: "-Xmx256m -Xms256m"
volumes:
- name: elastic-config-vol
configMap:
name: elastic-config
items:
- key: elasticsearch.yml
path: elasticsearch.yml
- name: elastic-config-dir
emptyDir: {}
- name: elastic-storage
emptyDir: {}
initContainers:
# elasticsearch will not run as non-root user, fix permissions
- name: fix-vol-permission
image: busybox
command:
- sh
- -c
- chown -R 1000:1000 /usr/share/elasticsearch/data
securityContext:
privileged: true
volumeMounts:
- name: elastic-storage
mountPath: /usr/share/elasticsearch/data
- name: fix-config-vol-permission
image: busybox
command:
- sh
- -c
- cp /tmp/elasticsearch/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
securityContext:
privileged: true
volumeMounts:
- name: elastic-config-dir
mountPath: /usr/share/elasticsearch/config
- name: elastic-config-vol
mountPath: /tmp/elasticsearch
# increase default vm.max_map_count to 262144
- name: increase-vm-max-map-count
image: busybox
command:
- sysctl
- -w
- vm.max_map_count=262144
securityContext:
privileged: true
- name: increase-the-ulimit
image: busybox
command:
- sh
- -c
- ulimit -n 65536
securityContext:
privileged: true
I use:
...
volumeMounts:
- name: config
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
subPath: elasticsearch.yml
volumes:
- name : config
configMap:
name: es-configmap
without any permissions problem, but you can set permissions with defaultMode
Whatever mount path i add for PVC it is creating lost+found folder and deleting all other content.
I am trying to setup deployment with PVC
FROM python:3.5 AS python-build
ADD . /test
WORKDIR /test
CMD [ "python3", "./run.py" ]
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: test-core
labels:
app: test-core
spec:
selector:
matchLabels:
app: test-core
tier: frontend
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: test-core
tier: frontend
spec:
containers:
- image: <My image>
securityContext:
privileged: true
runAsUser: 1000
resources:
requests:
memory: "128Mi"
cpu: .05
limits:
memory: "256Mi"
cpu: .10
name: test-core
ports:
- containerPort: 9595
name: http
- containerPort: 443
name: https
readinessProbe:
httpGet:
path: /
port: 9595
initialDelaySeconds: 5
periodSeconds: 3
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 4
envFrom:
- secretRef:
name: test-secret
- configMapRef:
name: test-new-configmap
volumeMounts:
- name: core-data
mountPath: /test
imagePullPolicy: Always
volumes:
- name: core-data
persistentVolumeClaim:
claimName: core-claim
When i apply this file from kubernetes it's giving an error in the log cannot find file run.py that mean PVC going empty.
Whatever mount path a add it is creating lsot+found folder and deleting all other content.
Thanks
According your Dockerfile, when you run docker build -t <imagename> ., it will copy all files on your current directory to container image. And when you start this container, it will look for run.py.
If one of theese files is run.py, which actually should be, then your deployment yaml file is not correct, because you mount another PV to that directory, which will overwrite your files which you copied before and it won't able to find run.py
Hope it helps.