书名：Mastering Docker Enterprise
作者名：Mark Panthofer
本章字数：386字
更新时间：2025-04-04 14:48:21

Application layer – interacting with the cluster

Finally, we have the application layer where containerized applications run using platform APIs (Swarm or Kubernetes) to describe and deploy them, as described earlier in Figure 2.

Now, we'll build on what we have learned and done during our tour of the platform layer and discuss deploying the application in a little more detail. Back at the platform layer, when creating users, let's say we created a user name John Doe and granted him "full control" to his private collection of developer resources. Now, he is able to deploy Swarm and Kubernetes resources to his personal (sandbox) space, but how does it actually work?

The system admin provides John with his UCP credentials.
John is able to log in to the cluster, but only sees what he's deployed to the cluster, which is nothing so far.
In Figure 3, John opens his profile in UCP Web UI and downloads a client bundle. The bundle contains some certificates and scripts (for both Linux and Windows) to securely connect the desktop shell to the cluster Swarm and Kubernetes APIs:

Figure 3 UCP client bundle download

John unzips the files and runs the connect script using either Import-module or source commands with PowerShell bash shell script files. John's local $docker and $kubectl commands now execute against the remote cluster, but are of course subject to his RBAC access rights.
John now runs the $docker stack deploy or $kubectl create commands, using the YAML file he built for his application, and deploys his application to the cluster.
See the following sample YAML file for a Kubernetes application use a $kubectl create -f nginx-deployment.yml from a command-line bundle:

apiVersion: apps/v1beta2
kind: Deployment
metadata:
 name: nginx-deployment
spec:
 selector:
 matchLabels:
 app: nginx
 replicas: 3
 template:
 metadata:
 labels:
 app: nginx
 spec:
 containers:
 - name: nginx
 image: nginx:1.7.9
 ports:
 - containerPort: 80

In the previous sample code, three Kubernetes pods are deployed into the cluster, each containing an nginx container. Running $kubectl get pods command shows the running pods as follows:

NAME                                  READY   STATUS  RESTARTS  AGE
nginx-deployment-75675f5897-45dvt     1/1     Running 0         26s
nginx-deployment-75675f5897-hrgmg     1/1     Running 0         26s
nginx-deployment-75675f5897-vskh8     1/1     Running 0         26s

The $kubectl get pods command lists all three nginx replica pods running in the default namespace, each with 1 of 1 containers ready, and each pod status is Running.