Vamos a desplegar un contenedor mysql 5.7 con un front phpmyadmin
vi mysql.yaml
apiVersion: v1
kind: Namespace
metadata:
name: phpmyadmin-mysql
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
namespace: phpmyadmin-mysql
type: Opaque
data:
ROOT_PASSWORD: cGFzc3dvcmQ=
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-data-disk
namespace: phpmyadmin-mysql
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-deployment
namespace: phpmyadmin-mysql
labels:
app: phpmyadmin-mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
ports:
- containerPort: 3306
volumeMounts:
- mountPath: "/var/lib/mysql"
subPath: "mysql"
name: mysql-data
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: ROOT_PASSWORD
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: mysql-data-disk
---
apiVersion: v1
kind: Service
metadata:
name: mysql-service
namespace: phpmyadmin-mysql
spec:
selector:
app: mysql
ports:
- protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: v1
kind: Secret
metadata:
name: phpmyadmin-secret
namespace: phpmyadmin-mysql
type: Opaque
data:
root-password: cGFzc3dvcmQ=
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpmyadmin-deployment
namespace: phpmyadmin-mysql
labels:
app: phpmyadmin-mysql
spec:
replicas: 1
selector:
matchLabels:
app: phpmyadmin-mysql
template:
metadata:
labels:
app: phpmyadmin-mysql
spec:
containers:
- name: phpmyadmin-mysql
image: phpmyadmin/phpmyadmin
ports:
- containerPort: 80
env:
- name: PMA_HOST
value: mysql-service
- name: PMA_PORT
value: "3306"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: phpmyadmin-secret
key: root-password
---
apiVersion: v1
kind: Service
metadata:
name: phpmyadmin-service
namespace: phpmyadmin-mysql
spec:
selector:
app: phpmyadmin-mysql
ports:
- protocol: TCP
port: 80
targetPort: 80
kubectl create -f mysql.yaml
Si hemos creado certificado bajo un dominio, en este ejemplo kluster.cf, creamos un secreto y luego se lo damos al ingress.
kubectl -n phpmyadmin-mysql create secret tls phpmyadmin-tls-secret --cert=kluster.cf.crt --key=kluster.cf.key
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: phpmyadmin-mysql
namespace: phpmyadmin-mysql
spec:
tls:
- hosts:
- kluster.cf
secretName: phpmyadmin-tls-secret
rules:
- host: kluster.cf
http:
paths:
- path: /
backend:
serviceName: phpmyadmin-service
servicePort: 80
Y con esto ya tenemos el certificado https y nos aparece firmado por lets encrypt
0 comentarios