TAP 1.3からWeb Servers buildpack(nginx or httpd)がbase builderで使えるようになった。 静的HTMLをTAPにデプロイする。
ここでは--local-path
オプションを使ってローカルファイルを直接デプロイするが、--git-repo
オプションを使ってgitからデプロイするのも基本的には同じ。
HTMLの作成
mkdir -p hello-world/public
cd hello-world
cat <<EOF > public/index.html
<!DOCTYPE html>
<html>
<head>
<title>Hello World!</title>
</head>
<body>
<p>Hello World!</p>
</body>
</html>
EOF
nginxでHTMLをデプロイ
Workloadを作成。--build-env
にBP_WEB_SERVER=nginx
を設定
tanzu apps workload apply hello-world \
--local-path ./ \
--source-image ghcr.io/making/hello-world-source \
--type web \
--app hello-world \
--build-env BP_WEB_SERVER=nginx \
-n demo \
-y
Workloadを確認
$ tanzu apps workload get -n demo hello-world
📡 Overview
name: hello-world
type: web
💾 Source
type: source image
image: ghcr.io/making/hello-world-source:latest@sha256:cff5552ec1c0e57e14f7ff7060bc308fd8f002facdf683795814130d73258aa0
📦 Supply Chain
name: source-to-url
RESOURCE READY HEALTHY TIME OUTPUT
source-provider True True 4m28s ImageRepository/hello-world
image-provider True True 3m38s Image/hello-world
config-provider True True 3m33s PodIntent/hello-world
app-config True True 3m33s ConfigMap/hello-world
service-bindings True True 3m33s ConfigMap/hello-world-with-claims
api-descriptors True True 3m33s ConfigMap/hello-world-with-api-descriptors
config-writer True True 3m17s Runnable/hello-world-config-writer
🚚 Delivery
name: delivery-basic
RESOURCE READY HEALTHY TIME OUTPUT
source-provider True True 2m22s ImageRepository/hello-world-delivery
deployer True True 2m14s App/hello-world
💬 Messages
No messages found.
🛶 Pods
NAME READY STATUS RESTARTS AGE
hello-world-00001-deployment-58799cc6c5-v4tvw 2/2 Running 0 24s
hello-world-build-1-build-pod 0/1 Completed 0 4m28s
hello-world-config-writer-dlrzc-pod 0/1 Completed 0 3m31s
🚢 Knative Services
NAME READY URL
hello-world Ready https://hello-world-demo.127-0-0-1.sslip.io
To see logs: "tanzu apps workload tail hello-world --namespace demo"
アクセス
$ curl -kv https://hello-world-demo.127-0-0-1.sslip.io
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to hello-world-demo.127-0-0-1.sslip.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: [NONE]
* start date: Nov 28 11:09:44 2022 GMT
* expire date: Feb 26 11:09:44 2023 GMT
* issuer: CN=default-ca; O=TAP; C=JP
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff4de00dc00)
> GET / HTTP/2
> Host: hello-world-demo.127-0-0-1.sslip.io
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
< HTTP/2 200
< accept-ranges: bytes
< content-length: 125
< content-type: text/html; charset=utf-8
< date: Wed, 14 Dec 2022 04:54:37 GMT
< etag: "12cea601-7d"
< last-modified: Tue, 01 Jan 1980 00:00:01 GMT
< server: envoy
< x-envoy-upstream-service-time: 2
< vary: Accept-Encoding
<
<!DOCTYPE html>
<html>
<head>
<title>Hello World!</title>
</head>
<body>
<p>Hello World!</p>
</body>
</html>
Workloadを削除
tanzu apps workload delete -n demo hello-world -y
httpdでHTMLをデプロイ
Workloadを作成。--build-env
にBP_WEB_SERVER=httpd
を設定
tanzu apps workload apply hello-world \
--local-path ./ \
--source-image ghcr.io/making/hello-world-source \
--type web \
--app hello-world \
--build-env BP_WEB_SERVER=httpd \
-n demo \
-y
Workloadを確認
$ tanzu apps workload get -n demo hello-world
📡 Overview
name: hello-world
type: web
💾 Source
type: source image
image: ghcr.io/making/hello-world-source:latest@sha256:cff5552ec1c0e57e14f7ff7060bc308fd8f002facdf683795814130d73258aa0
📦 Supply Chain
name: source-to-url
RESOURCE READY HEALTHY TIME OUTPUT
source-provider True True 2m17s ImageRepository/hello-world
image-provider True True 84s Image/hello-world
config-provider True True 78s PodIntent/hello-world
app-config True True 78s ConfigMap/hello-world
service-bindings True True 78s ConfigMap/hello-world-with-claims
api-descriptors True True 78s ConfigMap/hello-world-with-api-descriptors
config-writer True True 62s Runnable/hello-world-config-writer
🚚 Delivery
name: delivery-basic
RESOURCE READY HEALTHY TIME OUTPUT
source-provider True True 14s ImageRepository/hello-world-delivery
deployer True True 11s App/hello-world
💬 Messages
No messages found.
🛶 Pods
NAME READY STATUS RESTARTS AGE
hello-world-00001-deployment-7d96c7fb9d-7k5g5 2/2 Running 0 14s
hello-world-build-1-build-pod 0/1 Completed 0 2m20s
hello-world-config-writer-gk4qp-pod 0/1 Completed 0 76s
🚢 Knative Services
NAME READY URL
hello-world Ready https://hello-world-demo.127-0-0-1.sslip.io
To see logs: "tanzu apps workload tail hello-world --namespace demo"
アクセス
$ curl -kv https://hello-world-demo.127-0-0-1.sslip.io
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to hello-world-demo.127-0-0-1.sslip.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: [NONE]
* start date: Nov 28 11:09:44 2022 GMT
* expire date: Feb 26 11:09:44 2023 GMT
* issuer: CN=default-ca; O=TAP; C=JP
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9504810e00)
> GET / HTTP/2
> Host: hello-world-demo.127-0-0-1.sslip.io
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
< HTTP/2 200
< accept-ranges: bytes
< content-length: 125
< content-type: text/html
< date: Wed, 14 Dec 2022 04:58:23 GMT
< etag: "7d-11ef9b484c240"
< last-modified: Tue, 01 Jan 1980 00:00:01 GMT
< server: envoy
< x-envoy-upstream-service-time: 2
< vary: Accept-Encoding
<
<!DOCTYPE html>
<html>
<head>
<title>Hello World!</title>
</head>
<body>
<p>Hello World!</p>
</body>
</html>
Workloadを削除
tanzu apps workload delete -n demo hello-world -y
カスタムhttpd.confを使用
デフォルトではhttpd.confが自動生成される。自前のhttpd.confを使用したい場合
cat <<'EOF' > httpd.conf
ServerRoot "${SERVER_ROOT}"
Listen "${PORT}"
ServerAdmin "test@example.com"
ServerName "0.0.0.0"
DocumentRoot "${APP_ROOT}/public"
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule dir_module modules/mod_dir.so
LoadModule mime_module modules/mod_mime.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "${APP_ROOT}/public">
Options SymLinksIfOwnerMatch
AllowOverride All
Require all granted
</Directory>
<Files ".ht*">
Require all denied
</Files>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule filter_module>
<IfModule deflate_module>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>
</IfModule>
ErrorLog "/proc/self/fd/2"
LogLevel info
<IfModule log_config_module>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b" common
LogFormat "%a %l %u %t \"%r\" %>s %b vcap_request_id=%{X-Vcap-Request-Id}i peer_addr=%{c}a" extended
<IfModule logio_module>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/proc/self/fd/1" extended
</IfModule>
<IfModule !mpm_netware_module>
PidFile "logs/httpd.pid"
</IfModule>
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
<IfModule !mpm_netware_module>
MaxMemFree 2048
</IfModule>
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
UseCanonicalPhysicalPort Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
EnableMMAP Off
EnableSendfile On
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
# Adjust IP Address based on header set by proxy
#
RemoteIpHeader x-forwarded-for
RemoteIpInternalProxy 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
# Set HTTPS environment variable if we came in over secure
# channel.
SetEnvIf x-forwarded-proto https HTTPS=on
<IfModule !mod_headers.c>
LoadModule headers_module modules/mod_headers.so
</IfModule>
RequestHeader unset Proxy early
EOF
Workloadを作成。--build-env
を設定しない
tanzu apps workload apply hello-world \
--local-path ./ \
--source-image ghcr.io/making/hello-world-source \
--type web \
--app hello-world \
-n demo \
-y