05 . k8s实战之部署PHP/JAVA网站
传统部署和k8s部署区别
一般使用传统的部署的时候,咱们一个web项目,网站的搭建,每每使用的以下的一种总体架构,可能有的公司在某一环节使用的东西是不同,可是大致的框架流程是都是差很少的php
使用k8s部署,便于弹性伸缩,节约资源,发布周期快,总体框架以下html
环境
| 节点名 | IP | 软件版本 | 硬件 | 网络 | 说明 |
|---|---|---|---|---|---|
| K8s-master | 192.168.43.190 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-node1 | 192.168.43.120 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-node2 | 192.168.43.9 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-harbor | 192.168.43.129 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
安装运行harbor(http方式)
安装docker
# 安装一些必要的系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加软件源信息
# docker 官方源
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 阿里云源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装前能够先更新 yum 缓存:
sudo yum makecache fast
# CentOS7安装 Docker-ce
yum -y install docker-ce # CentOS 中安装
apt-get install docker-ce # Ubuntu 中安装
pacman -S docker # Arch 中安装
emerge --ask docker # Gentoo 中安装
# 若是想安装特定版本的Docker-ce版本,先列出repo中可用版本,而后选择安装
yum list docker-ce --showduplicates |sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
Installed Packages
docker-ce.x86_64 3:19.03.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.4-3.el7 @docker-ce-stable
docker-ce.x86_64 3:19.03.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable
yum install docker-ce-<VERSION STRING>
# 选择安装 docker-ce-18.06.1.ce
yum install docker-ce-18.06.1.ce -y
# Docker镜像加速
# 没有启动/etc/docker目录不存在,须要本身建立,docker启动也会本身建立
# 为了指望咱们的镜像下载快一点,应该定义一个镜像加速器,加速器在国内
mkdir /etc/docker
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
# 启动Docker后台服务
systemctl start docker && systemctl enable docker
systemctl daemon-reload # 守护进程重启
# 经过运行hello-world镜像,验证是否正确安装了docker,或者经过查看版本
docker run hello-world
docker version
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
https请看我下面专门写的文章java
https://www.cnblogs.com/you-men/p/13121835.htmlnode
Harbor 可帮助用户迅速搭建企业级的 Registry 服务, 它提供了管理图形界面, 基于角色的访问控制 ( Role Based Access Control), 镜像远程复制 (同步), AD/LDAP 集成, 以及审计日志等企业用户需求的功能, 同时还原生支持中文, 深受中国用户的喜好;python
安装harbor
注意mysql
安装harbor以前须要安装dockerlinux
是
VMware公司开源了企业级Registry项目, 其的目标是帮助用户迅速搭建一个企业级的Docker registry服务。nginx因为 Harbor 是基于 Docker Registry V2 版本,因此 docker 版本必须
>=1.10.0docker-compose>=1.6.0git
下载最新版 Docker Compose
curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composegithub
下载最新版Docker Harbor
wget https://github.com/goharbor/harbor/releases/download/v1.10.0-rc1/harbor-offline-installer-v1.10.0-rc1.tgz
# 对二进制文件应用可执行权限: sudo chmod +x /usr/local/bin/docker-compose # 测试是否安装成功 docker-compose --version # 按照上面给的docker harbor地址,下载离线安装包 tar xvf harbor-offline-installer-v1.8.1.tgz -C /usr/local/ vim /usr/local/harbor/harbor.yml hostname: 47.92.24.137 # 运行安装脚本 ./install.sh [Step 0]: checking installation environment ... Note: docker version: 19.03.4 Note: docker-compose version: 1.22.0 [Step 1]: loading Harbor images ... Loaded image: goharbor/harbor-core:v1.8.1 Loaded image: goharbor/harbor-registryctl:v1.8.1 Loaded image: goharbor/redis-photon:v1.8.1 Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.1 Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.1 Loaded image: goharbor/harbor-db:v1.8.1 Loaded image: goharbor/harbor-jobservice:v1.8.1 Loaded image: goharbor/nginx-photon:v1.8.1 Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 Loaded image: goharbor/harbor-migrator:v1.8.1 Loaded image: goharbor/prepare:v1.8.1 Loaded image: goharbor/harbor-portal:v1.8.1 Loaded image: goharbor/harbor-log:v1.8.1 Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.1 Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1 [Step 2]: preparing environment ... prepare base dir is set to /usr/local/harbor Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file:/secret/core/private_key.pem, cert file:/secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 3]: starting Harbor ... ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://47.92.24.137. For more details, please visit https://github.com/goharbor/harbor
接下来咱们能够直接浏览器访问配置文件定义的IP或者域名加端口
默认用户密码: admin/Harbor12345
修改harbor端口
# 由于harbor默认端口是80,而大多数时候是不但愿使用80端口,修改方法以下
# vim harbor.yml
# 找到port选项修改端口,而后执行./install 就会使用配置文件端口
# 还有一种状况就是更改已有harbor的配置
vim docker-compose.yml
dns_search: .
ports:
- 99:80
auth:
token:
issuer: harbor-token-issuer
realm: http://47.92.24.137:99/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
docker-compose down -v
docker-compose up -d
使用harbor
为了体现出效果,建议使用非harbor的另外一台机器
# 镜像推送
docker login 47.92.24.137:99 -u admin -p Harbor12345
vim /etc/docker/daemon.json
{
"insecure-registries":["192.168.43.129"]
}
systemctl daemon-reload
systemctl restart docker
# 由于docker默认使用的是https协议,而搭建harbor是http提供服务的,
# 因此要配置可信任,或者强制docker login和docker push 走http的80端口,而不是443端口.
docker tag daocloud.io/library/nginx:latest 192.168.43.129/library/nginx:latest
docker push 192.168.43.129/library/nginx:latest
PHP部署项目流程
当咱们把项目迁移到K8S平台上时,首先咱们须要了解的是整个部署的流程,按照这个流程部署,才能避免出现问题,也方便你们理解
制做镜像
使用Dockerfile制做镜像,把应用程序、运行环境、文件系统一块儿打包成一个镜像,而后推送到Harbor镜像仓库中 首先在k8s的master节点进行操做
[root@k8s-master ]# git clone https://github.com/zhangdongdong7/php-demo.git [root@k8s-master ]# cd php-demo [root@k8s-master php-demo]# ls deployment.yaml ingress.yaml mysql.yaml namespace.yaml README.md service.yaml wordpress
使用wordpress建立一个博客网站,打开wordpress,编写Dockerfile构建镜像,而后推送到一个harbor镜像仓库中,能够看前面章节,harbor镜像的搭建,这里是使用的harbor镜像仓库地址为192.168.43.129
[root@k8s-master php-demo]cd wordpress [root@k8s-master wordpress]# vim Dockerfile FROM lizhenliang/nginx-php:latest MAINTAINER www.ctnrs.com ADD . /usr/local/nginx/html [root@k8s-master wordpress]docker login 192.168.43.129 [root@k8s-master wordpress] docker build -t 192.168.43.129/library/php-demo:latest . [root@k8s-master wordpress] docker push 192.168.43.129/library/php-demo:latest
建立控制器管理Pod
回到php-demo目录编写yaml,首先部署一个test的命令空间
[root@k8s-master wordpress]# cd ../ [root@k8s-master php-demo]# vim namespace.yaml apiVersion: v1 kind: Namespace metadata: name: test [root@k8s-master php-demo]# kubectl apply -f namespace.yaml kubectl get ns NAME STATUS AGE default Active 5h59m kube-node-lease Active 5h59m kube-public Active 5h59m kube-system Active 5h59m kubernetes-dashboard Active 5h18m test Active 3s
建立认证
kubectl create secret docker-registry regsecret --docker-server=192.168.43.129 --docker-username=admin --docker-password=Harbor12345 -n test
配置deployment控制器
编写deployment.yaml控制器,这里须要把image进行修改为刚才推送到Harbor镜像仓库中的地址
[root@k8s-master php-demo]# vim deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: php-demo
namespace: test
spec:
replicas: 2
selector:
matchLabels:
project: www
app: php-demo
template:
metadata:
labels:
project: www
app: php-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: nginx
image: 192.168.43.129/library/php-demo:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /status.php
port: 80
Pod数据持久化
由于是一个静态的网站,基本不须要作持久化,直接把代码打包到镜像中
暴露应用
建立一个service来暴露应用,直接使用的了ingress控制器的方式暴露应用了
[root@k8s-master php-demo]# vim service.yaml
apiVersion: v1
kind: Service
metadata:
name: php-demo
namespace: test
spec:
selector:
project: www
app: php-demo
ports:
- name: web
port: 80
targetPort: 80
[root@k8s-master php-demo]# kubectl apply -f service.yaml
[root@k8s-master php-demo]# kubectl apply -f deployment.yaml
[root@master php-demo]# kubectl get pods,svc -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-65bc56fdb8-grklk 1/1 Running 0 15s 10.244.0.11 master <none> <none>
pod/php-demo-65bc56fdb8-td6nv 0/1 Running 0 15s 10.244.2.7 node2 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo ClusterIP 10.0.0.221 <none> 80/TCP 4m16s app=php-demo,project=www
建立ingress对外发布应用
编写yaml,首先建立ingress控制器,建立ingress,最后能够查看pod,svc,ingress的状态,所有都正常能够开始下一步,若是有异常可使用kubectl describe命令查看日志进行排错
[root@k8s-master java-demo]# kubectl apply -f mandatory.yaml
[root@k8s-master php-demo]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: php-demo
namespace: test
spec:
rules:
- host: php.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: php-demo
servicePort: 80
[root@k8s-master php-demo]# kubectl apply -f ingress.yaml
kubectl get pods,svc,ingress -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-65bc56fdb8-grklk 1/1 Running 0 2m31s 10.244.0.11 master <none> <none>
pod/php-demo-65bc56fdb8-td6nv 1/1 Running 0 2m31s 10.244.2.7 node2 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo ClusterIP 10.0.0.221 <none> 80/TCP 6m32s app=php-demo,project=www
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.extensions/php-demo <none> php.ctnrs.com 80 60s
能够在集群以外找一个数据库,也能够在harbor镜像仓库安装
docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 daocloud.io/library/mysql:5.7.5
docker exec -it mysql:5.7 /bin/bash
mysql -uroot -p$MYSQL_ROOT_PASSWORD
create database wp;
grant all on youmen.* TO 'youmen'@'%' IDENTIFIED BY 'zhoujian20';
# 咱们能够进入已经运行的pod修改下数据库ip,最好构建镜像时候就修改好
# 此处就不演示了,咱们能访问到错误页面说明服务访问暴露是没有问题的
绑定hosts,访问域名验证
windows系统,hosts文件地址:C:\Windows\System32\drivers\etc
Mac系统sudo vi /private/etc/hosts 编辑hosts文件,在底部加入域名和ip,用于解析
这个ip地址为node节点ip地址 加入以下命令,而后保存
在浏览器中,输入php.ctnrs.com,会跳转到初始化设置界面,设置对应的帐号,而后安装,登陆,而后就能够编辑文章发布了,一个简单的WordPress的php网站搭建完成
Java项目部署流程
制做镜像
使用Dockerfile制做镜像,把应用程序、运行环境、文件系统一块儿打包成一个镜像,而后推送到Harbor镜像仓库中
首先在k8s的master节点进行操做
[root@k8s-master ]# git clone https://github.com/zhangdongdong7/java-demo.git [root@k8s-master java-demo]# cd java-demo [root@k8s-master java-demo]# ls deployment.yaml ingress.yaml mysql.yaml README.md tomcat-java-demo-master.zipdeploy.yml mandatory.yaml namespace.yaml service.yaml [root@k8s-master java-demo]# unzip tomcat-java-demo-master.zip [root@k8s-master java-demo]# cd tomcat-java-demo-master/
安装环境
[root@k8s-master tomcat-java-demo-master]# yum install java-1.8.0-openjdk maven -y
编译构建
若是maven构建慢可使用阿里源
vim /etc/maven/settings.xml,大概在(159-164行),更换为以下代码
[root@k8s-master tomcat-java-demo-master]# vim /etc/maven/settings.xml
...
<mirror>
<id>central</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
...
[root@k8s-master tomcat-java-demo-master]# ls
db Dockerfile LICENSE pom.xml README.md src target
# 这一次咱们提早修改好数据库配置再生成镜像
vim src/main/resources/application.yml
在tomcat目录下建立镜像
[root@k8s-master tomcat-java-demo-master]# docker login 192.168.73.136 Authenticating with existing credentials…WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded [root@k8s-master tomcat-java-demo-master]# docker build -t 192.168.43.129/library/java-demo:latest . [root@k8s-master tomcat-java-demo-master]# docker push 192.168.73.136/test/java-demo:latest
回到上一级java-demo目录中
[root@k8s-master tomcat-java-demo-master]# cd ../ [root@k8s-master java-demo]# ls db deploy.yml mandatory.yaml namespace.yaml service.yaml tomcat-java-demo-master.zip deployment.yaml ingress.yaml mysql.yaml README.md tomcat-java-demo-master [root@k8s-master java-demo]#
建立一个test的命令空间
[root@k8s-master java-demo]# cat namespace.yaml apiVersion: v1 kind: Namespace metadata: name: test namespace.yaml [root@k8s-master java-demo]# kubectl apply -f namespace.yaml
建立控制器管理Pod
编写deployment.yaml,建立pods,这里须要把image进行修改为刚才推送到Harbor镜像仓库中的地址
[root@k8s-master java-demo]# vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-java-demo
namespace: test
spec:
replicas: 2
selector:
matchLabels:
project: www
app: java-demo
template:
metadata:
labels:
project: www
app: java-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: tomcat
image: 192.168.73.136/test/java-demo:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.25
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
[root@k8s-master java-demo]# kubectl adpply -f deployment.yaml
Pod数据持久化
这里演示的是一个静态的web网站,基本不须要作持久化,直接把代码打包到了镜像中
暴露应用
建立一个service来暴露应用,直接使用的了ingress控制器的方式暴露应用了
[root@k8s-master java-demo]# cat service.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat-java-demo
namespace: test
spec:
selector:
project: www
app: java-demo
ports:
- name: web
port: 80
targetPort: 8080
[root@k8s-master java-demo]# kubectl apply -f service.yaml
建立ingress对外发布应用
编写yaml,由于刚才php项目建立过ingress控制器,所以能够不用建立,直接建立ingress,最后能够查看pod,svc,ingress的状态,所有都正常能够开始下一步,若是有异常可使用kubectl describe命令查看日志进行排错
[root@k8s-master java-demo]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-java-demo
namespace: test
spec:
rules:
- host: java.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: tomcat-java-demo
servicePort: 80
[root@k8s-master java-demo]# kubectl apply -f ingress.yaml
[root@k8s-master java-demo]# kubectl get pod,svc,ingress -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-66d9c64968-4r4vn 1/1 Running 0 24h 10.244.1.73 k8s-node01 <none> <none>
pod/php-demo-66d9c64968-8zw9s 1/1 Running 0 24h 10.244.2.43 k8s-node02 <none> <none>
pod/tomcat-java-demo-5f4f64dd4b-tcmtv 1/1 Running 0 24h 10.244.2.42 k8s-node02 <none> <none>
pod/tomcat-java-demo-5f4f64dd4b-vvx5x 1/1 Running 0 24h 10.244.1.72 k8s-node01 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo NodePort 10.1.136.96 <none> 80:32625/TCP 24h app=php-demo,project=www
service/tomcat-java-demo ClusterIP 10.1.198.15 <none> 80/TCP 24h app=java-demo,project=www
NAME HOSTS ADDRESS PORTS AGE
ingress.extensions/php-demo php.ctnrs.com 80 24h
ingress.extensions/tomcat-java-demo java.ctnrs.com 80 24h
绑定本机hosts,访问域名验证
windows系统,hosts文件地址:C:\Windows\System32\drivers\etc
Mac系统sudo vi /private/etc/hosts 编辑hosts文件,在底部加入域名和ip,用于解析,这里的ip是node的ip地址 加入以下命令,而后保存
192.168.43.120 java.ctnrs.com
相关文章
- 1. rke 部署 k8s 实战
- 2. k8s-安装部署实战
- 3. k8s部署ingress及http、https-实战篇
- 4. K8S(13)监控实战-部署prometheus
- 5. k8s集群部署v1.15实践5:部署flannel网络:
- 6. k8s 1.8.2部署实践
- 7. 网站部署
- 8. K8s完整多节点部署(线网实战!含排错!)
- 9. 实战-分离部署LNMP平台之我的站点
- 10. K8s 实战之概念、集群部署与服务配置
- 更多相关文章...
- • Maven 自动化部署 - Maven教程
- • 网站 域名 - 网站主机教程
- • 使用阿里云OSS+CDN部署前端页面与加速静态资源
- • 互联网组织的未来:剖析GitHub员工的任性之源
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
