IK.AM

@making's tech note


Tanzu Application Platformに静的なHTMLをデプロイするメモ

🗃 {Dev/CaaS/Kubernetes/TAP}
🏷 Kubernetes 🏷 Tanzu 🏷 TAP 🏷 nginx 🏷 httpd 
🗓 Updated at 2022-12-14T05:11:54Z  🗓 Created at 2022-12-14T05:11:54Z   🌎 English Page

⚠️ 本記事の内容はVMwareによってサポートされていません。 記事の内容で生じた問題については自己責任で対応し、 VMwareサポート窓口には問い合わせないでください

TAP 1.3からWeb Servers buildpack(nginx or httpd)がbase builderで使えるようになった。 静的HTMLをTAPにデプロイする。

ここでは--local-pathオプションを使ってローカルファイルを直接デプロイするが、--git-repoオプションを使ってgitからデプロイするのも基本的には同じ。

HTMLの作成

mkdir -p hello-world/public
cd hello-world
cat <<EOF > public/index.html
<!DOCTYPE html>
<html>
  <head>
    <title>Hello World!</title>
  </head>
  <body>
    <p>Hello World!</p>
  </body>
</html>
EOF

nginxでHTMLをデプロイ

Workloadを作成。--build-envBP_WEB_SERVER=nginxを設定

tanzu apps workload apply hello-world \
  --local-path ./ \
  --source-image ghcr.io/making/hello-world-source \
  --type web \
  --app hello-world \
  --build-env BP_WEB_SERVER=nginx \
  -n demo \
  -y

Workloadを確認

$ tanzu apps workload get -n demo hello-world
📡 Overview
   name:   hello-world
   type:   web

💾 Source
   type:    source image
   image:   ghcr.io/making/hello-world-source:latest@sha256:cff5552ec1c0e57e14f7ff7060bc308fd8f002facdf683795814130d73258aa0

📦 Supply Chain
   name:   source-to-url

   RESOURCE           READY   HEALTHY   TIME    OUTPUT
   source-provider    True    True      4m28s   ImageRepository/hello-world
   image-provider     True    True      3m38s   Image/hello-world
   config-provider    True    True      3m33s   PodIntent/hello-world
   app-config         True    True      3m33s   ConfigMap/hello-world
   service-bindings   True    True      3m33s   ConfigMap/hello-world-with-claims
   api-descriptors    True    True      3m33s   ConfigMap/hello-world-with-api-descriptors
   config-writer      True    True      3m17s   Runnable/hello-world-config-writer

🚚 Delivery
   name:   delivery-basic

   RESOURCE          READY   HEALTHY   TIME    OUTPUT
   source-provider   True    True      2m22s   ImageRepository/hello-world-delivery
   deployer          True    True      2m14s   App/hello-world

💬 Messages
   No messages found.

🛶 Pods
   NAME                                            READY   STATUS      RESTARTS   AGE
   hello-world-00001-deployment-58799cc6c5-v4tvw   2/2     Running     0          24s
   hello-world-build-1-build-pod                   0/1     Completed   0          4m28s
   hello-world-config-writer-dlrzc-pod             0/1     Completed   0          3m31s

🚢 Knative Services
   NAME          READY   URL
   hello-world   Ready   https://hello-world-demo.127-0-0-1.sslip.io

To see logs: "tanzu apps workload tail hello-world --namespace demo"

アクセス

$ curl -kv https://hello-world-demo.127-0-0-1.sslip.io
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to hello-world-demo.127-0-0-1.sslip.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: [NONE]
*  start date: Nov 28 11:09:44 2022 GMT
*  expire date: Feb 26 11:09:44 2023 GMT
*  issuer: CN=default-ca; O=TAP; C=JP
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff4de00dc00)
> GET / HTTP/2
> Host: hello-world-demo.127-0-0-1.sslip.io
> User-Agent: curl/7.64.1
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
< HTTP/2 200 
< accept-ranges: bytes
< content-length: 125
< content-type: text/html; charset=utf-8
< date: Wed, 14 Dec 2022 04:54:37 GMT
< etag: "12cea601-7d"
< last-modified: Tue, 01 Jan 1980 00:00:01 GMT
< server: envoy
< x-envoy-upstream-service-time: 2
< vary: Accept-Encoding
< 
<!DOCTYPE html>
<html>
  <head>
    <title>Hello World!</title>
  </head>
  <body>
    <p>Hello World!</p>
  </body>
</html>

Workloadを削除

tanzu apps workload delete -n demo hello-world -y

httpdでHTMLをデプロイ

Workloadを作成。--build-envBP_WEB_SERVER=httpdを設定

tanzu apps workload apply hello-world \
  --local-path ./ \
  --source-image ghcr.io/making/hello-world-source \
  --type web \
  --app hello-world \
  --build-env BP_WEB_SERVER=httpd \
  -n demo \
  -y

Workloadを確認

$ tanzu apps workload get -n demo hello-world
📡 Overview
   name:   hello-world
   type:   web

💾 Source
   type:    source image
   image:   ghcr.io/making/hello-world-source:latest@sha256:cff5552ec1c0e57e14f7ff7060bc308fd8f002facdf683795814130d73258aa0

📦 Supply Chain
   name:   source-to-url

   RESOURCE           READY   HEALTHY   TIME    OUTPUT
   source-provider    True    True      2m17s   ImageRepository/hello-world
   image-provider     True    True      84s     Image/hello-world
   config-provider    True    True      78s     PodIntent/hello-world
   app-config         True    True      78s     ConfigMap/hello-world
   service-bindings   True    True      78s     ConfigMap/hello-world-with-claims
   api-descriptors    True    True      78s     ConfigMap/hello-world-with-api-descriptors
   config-writer      True    True      62s     Runnable/hello-world-config-writer

🚚 Delivery
   name:   delivery-basic

   RESOURCE          READY   HEALTHY   TIME   OUTPUT
   source-provider   True    True      14s    ImageRepository/hello-world-delivery
   deployer          True    True      11s    App/hello-world

💬 Messages
   No messages found.

🛶 Pods
   NAME                                            READY   STATUS      RESTARTS   AGE
   hello-world-00001-deployment-7d96c7fb9d-7k5g5   2/2     Running     0          14s
   hello-world-build-1-build-pod                   0/1     Completed   0          2m20s
   hello-world-config-writer-gk4qp-pod             0/1     Completed   0          76s

🚢 Knative Services
   NAME          READY   URL
   hello-world   Ready   https://hello-world-demo.127-0-0-1.sslip.io

To see logs: "tanzu apps workload tail hello-world --namespace demo"

アクセス

$ curl -kv https://hello-world-demo.127-0-0-1.sslip.io
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to hello-world-demo.127-0-0-1.sslip.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: [NONE]
*  start date: Nov 28 11:09:44 2022 GMT
*  expire date: Feb 26 11:09:44 2023 GMT
*  issuer: CN=default-ca; O=TAP; C=JP
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9504810e00)
> GET / HTTP/2
> Host: hello-world-demo.127-0-0-1.sslip.io
> User-Agent: curl/7.64.1
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
< HTTP/2 200 
< accept-ranges: bytes
< content-length: 125
< content-type: text/html
< date: Wed, 14 Dec 2022 04:58:23 GMT
< etag: "7d-11ef9b484c240"
< last-modified: Tue, 01 Jan 1980 00:00:01 GMT
< server: envoy
< x-envoy-upstream-service-time: 2
< vary: Accept-Encoding
< 
<!DOCTYPE html>
<html>
  <head>
    <title>Hello World!</title>
  </head>
  <body>
    <p>Hello World!</p>
  </body>
</html>

Workloadを削除

tanzu apps workload delete -n demo hello-world -y

カスタムhttpd.confを使用

デフォルトではhttpd.confが自動生成される。自前のhttpd.confを使用したい場合

cat <<'EOF' > httpd.conf
ServerRoot "${SERVER_ROOT}"
Listen "${PORT}"
ServerAdmin "test@example.com"
ServerName "0.0.0.0"
DocumentRoot "${APP_ROOT}/public"

LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule dir_module modules/mod_dir.so
LoadModule mime_module modules/mod_mime.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so

<Directory />
    AllowOverride none
    Require all denied
</Directory>

<Directory "${APP_ROOT}/public">
    Options SymLinksIfOwnerMatch
    AllowOverride All
    Require all granted
</Directory>

<Files ".ht*">
    Require all denied
</Files>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule filter_module>
<IfModule deflate_module>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>
</IfModule>

ErrorLog "/proc/self/fd/2"
LogLevel info
<IfModule log_config_module>
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %b" common
    LogFormat "%a %l %u %t \"%r\" %>s %b vcap_request_id=%{X-Vcap-Request-Id}i peer_addr=%{c}a" extended
    <IfModule logio_module>
      LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "/proc/self/fd/1" extended
</IfModule>

<IfModule !mpm_netware_module>
    PidFile "logs/httpd.pid"
</IfModule>
<IfModule mpm_worker_module>
    StartServers             3
    MinSpareThreads         75
    MaxSpareThreads        250
    ThreadsPerChild         25
    MaxRequestWorkers      400
    MaxConnectionsPerChild   0
</IfModule>
<IfModule mpm_event_module>
    StartServers             3
    MinSpareThreads         75
    MaxSpareThreads        250
    ThreadsPerChild         25
    MaxRequestWorkers      400
    MaxConnectionsPerChild   0
</IfModule>
<IfModule !mpm_netware_module>
    MaxMemFree            2048
</IfModule>

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
UseCanonicalPhysicalPort Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
EnableMMAP Off
EnableSendfile On
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

# Adjust IP Address based on header set by proxy
#
RemoteIpHeader x-forwarded-for
RemoteIpInternalProxy 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

# Set HTTPS environment variable if we came in over secure
#  channel.
SetEnvIf x-forwarded-proto https HTTPS=on

<IfModule !mod_headers.c>
  LoadModule headers_module modules/mod_headers.so
</IfModule>

RequestHeader unset Proxy early
EOF

Workloadを作成。--build-envを設定しない

tanzu apps workload apply hello-world \
  --local-path ./ \
  --source-image ghcr.io/making/hello-world-source \
  --type web \
  --app hello-world \
  -n demo \
  -y

✒️️ Edit  ⏰ History  🗑 Delete