Download

Kubernetes 部署phpmyadmin和设置htpasswd

1. 设置deployment , 设置成testdb路径,防止别人知道你的网站入口

apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpmyadmin-deployment
  labels:
    app: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin_app
  template:
    metadata:
      labels:
        app: phpmyadmin_app
    spec:
      containers:
        - name: phpmyadmin
          image: phpmyadmin:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 80
          env:
            - name: PMA_HOST
              value: 数据库服务器IP
            - name: PMA_PORT
              value: "3306"
            - name: UPLOAD_LIMIT
              value: 300M
            - name: PMA_ABSOLUTE_URI
              value: https://db.pangzai.win/testdb/

2. 设置cert-manager的证书,自动获取SSL , 如果你还没架设cert manager 可以参考这里

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: phpmyadmin-selfsigned-cert-tls
spec:
  dnsNames:
    - db.pangzai.win
  secretName: phpmyadmin-selfsigned-cert-tls
  issuerRef:
    name: letsencrypt-dns01

3. 设置service

apiVersion: v1
kind: Service
metadata:
    name: phpmyadmin-service
spec:
    selector:
        app: phpmyadmin_app
    ports:
        - name: "phpmyadmin80"
          protocol: TCP
          port: 80
          targetPort: 80
    clusterIP: None

4. 把htpasswd存入secret , 可以去https://hostingcanada.org/htpasswd-generator/ 生产htpasswd , 创建testaccount的用户名

apiVersion: v1
data:
  auth: testaccount:$2y$10$/nKUHBTTJ9VurcejKDWvXOzxX5VMkUoGrKMZ9/VcNcsIFWz33L5e6
kind: Secret
metadata:
  name: phpmyadmin-auth
type: Opaque

5. 设置Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
    name: phpmyadmin-ingress
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"

      nginx.ingress.kubernetes.io/auth-type: basic
      nginx.ingress.kubernetes.io/auth-secret: phpmyadmin-auth
      nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - testaccount"
      kubernetes.io/ingress.class: "nginx"
      cert-manager.io/issuer: "letsencrypt-dns01"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
    ingressClassName: nginx
    tls:
    - hosts:
      - db.pangzai.win
      secretName: phpmyadmin-selfsigned-cert-tls
    rules:
        - host: db.pangzai.win
          http:
              paths:
                - backend:
                    serviceName: phpmyadmin-service
                    servicePort: 80
                  path: /testdb(/|$)(.*)

Loading

Facebook评论

Related Posts