Azure 服务经纪人的使用方式(3)
Azure服务经纪人的使用方法(3)
这次开始探索 Azure Service Broker 的使用方法。
因为有示例,所以首先要克隆它。
安装Instance
试着安装一个样例的 Postgres 数据库。
$ kubectl create -f contrib/k8s/examples/postgresql-instance.yaml
serviceinstance "my-postgresql-instance" created
invincible:azure-service-broker ushio$ kubectl get serviceinstances
NAME AGE
my-postgresql-instance 2m
当你等待一段时间,一个名为”demo”的资源组中将创建一个托管的 PostgreSQL 资源。
这里有一张截屏图片。
$ kubectl get serviceinstance my-postgresql-instance -o yaml
当执行此命令时,会出现一个状态。通过查看status:conditions:,可以知道当前的状态。稍等片刻,将变成成功。
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
creationTimestamp: 2017-11-19T12:07:54Z
finalizers:
- kubernetes-incubator/service-catalog
generation: 1
name: my-postgresql-instance
namespace: default
resourceVersion: "336"
selfLink: /apis/servicecatalog.k8s.io/v1beta1/namespaces/default/serviceinstances/my-postgresql-instance
uid: 4614210e-cd22-11e7-a0dd-0a580af40104
spec:
clusterServiceClassExternalName: azure-postgresqldb
clusterServiceClassRef:
name: b43b4bba-5741-4d98-a10b-17dc5cee0175
clusterServicePlanExternalName: basic50
clusterServicePlanRef:
name: b2ed210f-6a10-4593-a6c4-964e6b6fad62
externalID: a2972880-181e-4bbf-8a2e-a92d0d165d58
parameters:
extensions:
- uuid-ossp
- postgis
location: eastus
resourceGroup: demo
updateRequests: 0
status:
asyncOpInProgress: false
conditions:
- lastTransitionTime: 2017-11-19T12:16:25Z
message: The instance was provisioned successfully
reason: ProvisionedSuccessfully
status: "True"
type: Ready
deprovisionStatus: Required
externalProperties:
clusterServicePlanExternalID: b2ed210f-6a10-4593-a6c4-964e6b6fad62
clusterServicePlanExternalName: basic50
parameterChecksum: 99ba190fa88b80d79fc9d601c0fcb13e84bc2e72c38c1230e232a5eab95165a4
parameters:
extensions:
- uuid-ossp
- postgis
location: eastus
resourceGroup: demo
orphanMitigationInProgress: false
reconciledGeneration: 1
顺便提一下,应用的 YAML 文件内容是这样的。它是使用非标准的 Kubernetes Serviceinstance 类型进行部署的。
postgresql-instance.yaml 的中文本地化版本
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
name: my-postgresql-instance
namespace: default
spec:
clusterServiceClassExternalName: azure-postgresqldb
clusterServicePlanExternalName: basic50
parameters:
location: eastus
resourceGroup: demo
extensions:
- uuid-ossp
- postgis
执行绑定
当创建实例后,执行绑定操作。
$ kubectl create -f contrib/k8s/examples/postgresql-binding.yaml
servicebinding "my-postgresql-binding" created
确认一下,不一定立即结束。看起来在运作。
$ kubectl get servicebinding my-postgresql-binding -o yaml
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
creationTimestamp: 2017-11-19T12:20:44Z
finalizers:
- kubernetes-incubator/service-catalog
generation: 1
name: my-postgresql-binding
namespace: default
resourceVersion: "340"
selfLink: /apis/servicecatalog.k8s.io/v1beta1/namespaces/default/servicebindings/my-postgresql-binding
uid: 10ee3219-cd24-11e7-a0dd-0a580af40104
spec:
externalID: 7386578e-1b93-4d1d-8fc6-85e1cef77cdb
instanceRef:
name: my-postgresql-instance
secretName: my-postgresql-secret
status:
asyncOpInProgress: false
conditions:
- lastTransitionTime: 2017-11-19T12:20:48Z
message: Injected bind result
reason: InjectedBindResult
status: "True"
type: Ready
externalProperties: {}
orphanMitigationInProgress: false
reconciledGeneration: 1
unbindStatus: Required
当查看绑定的yaml时,可以看到正在创建一个名为ServicveBinding的资源类型。有趣的是,有一个名为my-postgresql-secret的资源被创建了。
postgresql-binding.yaml 的含义是 PostgreSQL 绑定文件。
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
name: my-postgresql-binding
namespace: default
spec:
instanceRef:
name: my-postgresql-instance
secretName: my-postgresql-secret
Secret的内容是这样的。
$ kubectl get servicebinding my-postgresql-binding -o yaml
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
creationTimestamp: 2017-11-19T12:20:44Z
finalizers:
- kubernetes-incubator/service-catalog
generation: 1
name: my-postgresql-binding
namespace: default
resourceVersion: "340"
selfLink: /apis/servicecatalog.k8s.io/v1beta1/namespaces/default/servicebindings/my-postgresql-binding
uid: 10ee3219-cd24-11e7-a0dd-0a580af40104
spec:
externalID: 7386578e-1b93-4d1d-8fc6-85e1cef77cdb
instanceRef:
name: my-postgresql-instance
secretName: my-postgresql-secret
status:
asyncOpInProgress: false
conditions:
- lastTransitionTime: 2017-11-19T12:20:48Z
message: Injected bind result
reason: InjectedBindResult
status: "True"
type: Ready
externalProperties: {}
orphanMitigationInProgress: false
reconciledGeneration: 1
unbindStatus: Required
invincible:azure-service-broker ushio$ kubectl get secret my-postgresql-secret -o yaml
apiVersion: v1
data:
database: ZnI1ejlwNHMzNA==
host: MWFlNzEzY2UtNDdhZC00N2YwLWEwZTctOWVmZWVhYzgwMWUyLnBvc3RncmVzLmRhdGFiYXNlLmF6dXJlLmNvbQ==
password: SUtEd3dhbjZscVlDbzRSbQ==
port: NTQzMg==
username: YWJkMmNqNDVzMkAxYWU3MTNjZS00N2FkLTQ3ZjAtYTBlNy05ZWZlZWFjODAxZTI=
kind: Secret
metadata:
creationTimestamp: 2017-11-19T12:20:47Z
name: my-postgresql-secret
namespace: default
ownerReferences:
- apiVersion: servicecatalog.k8s.io/v1beta1
blockOwnerDeletion: true
controller: true
kind: ServiceBinding
name: my-postgresql-binding
uid: 10ee3219-cd24-11e7-a0dd-0a580af40104
resourceVersion: "119949"
selfLink: /api/v1/namespaces/default/secrets/my-postgresql-secret
uid: 12fd2879-cd24-11e7-a22d-000d3a5183f5
type: Opaque
使用Pod来使用服务。
好的,让我们来看看是否可以从 Pod 中使用服务。
如果有 Secret,我们可以通过环境变量或卷挂载来获取服务的信息。
Kubernetes秘密物件介绍 – 如何储存数据库密码和其他机密信息?
试着创建以下这样的YAML文件来验证一下。
nginx-secret.yaml 的翻译选项:
– Nginx秘密配置文件
– Nginx的密钥文件
– Nginx保密文件
– Nginx私密配置
– Nginx隐秘配置文件
apiVersion: apps/v1beta1 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
volumeMounts:
- mountPath: /tmp
name : my-postgresql-secret
readOnly: true
volumes:
- name: my-postgresql-secret
secret:
secretName: my-postgresql-secret
部署。
$ kubectl create -f nginx-secret.yaml
进入到刚刚启动的Pod中,并进行数值调查。嗯,一切正常。只要用这个来开发前端应用,应该会完美无缺。
$ kubectl exec nginx-deployment-2278088344-4f26h -it /bin/bash
root@nginx-deployment-2278088344-4f26h:/# cd /tmp
root@nginx-deployment-2278088344-4f26h:/tmp# ls
database host password port username
root@nginx-deployment-2278088344-4f26h:/tmp# cat database
fr5z9p4s34
root@nginx-deployment-2278088344-4f26h:/tmp# cat host
1ae713ce-47ad-47f0-a0e7-9efeeac801e2.postgres.database.azure.com
root@nginx-deployment-2278088344-4f26h:/tmp#
解绑
删除绑定将导致秘钥也被删除。
$ kubectl delete servicebinding my-postgresql-binding
servicebinding "my-postgresql-binding" deleted
$ kubectl get secret my-postgresql-secret
Error from server (NotFound): secrets "my-postgresql-secret" not found
撤销许可
删除ServiceInstance将同时删除Azure上的资源。
$ kubectl delete serviceinstance my-postgresql-instance
serviceinstance "my-postgresql-instance" deleted
$ kubectl get serviceinstance my-postgresql-instance -o yaml
Error from server (NotFound): serviceinstances.servicecatalog.k8s.io "my-postgresql-instance" not found
这看起来很方便。下次我要试着做一个示例应用程序。既然这么好,就在 Cosmos 上试试吧。
