tu
/
kubernetes-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
kubernetes-x/kubernetes-MD/利用kubernetes部署网站项目.md

336 lines
8.3 KiB
Markdown
Raw Normal View History

更新 'kubernetes-MD/利用kubernetes部署网站项目.md'
2023-04-12 14:18:54 +08:00
<h1><center>利用kubernetes部署网站项目</center></h1>
著作:行癫 <盗版必究>
------
## 一:环境准备
#### 1.kubernetes集群
集群正常运行,例如使用以下命令检查
```shell
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 5d19h v1.23.1
node-1 Ready <none> 5d19h v1.23.1
node-2 Ready <none> 5d19h v1.23.1
node-3 Ready <none> 5d19h v1.23.1
```
#### 2.harbor私有仓库
主要给kubernetes集群提供镜像服务
<img src="https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20220502184026483.png" alt="image-20220502184026483" style="zoom:50%;" />
## 二:项目部署
#### 1.镜像构建
软件下载地址:
```shell
wget https://nginx.org/download/nginx-1.20.2.tar.gz
```
项目包下载地址:
```shell
git clone https://github.com/blackmed/xingdian-project.git
```
构建centos基础镜像Dockerfile文件
```shell
root@nfs-harbor ~]# cat Dockerfile
FROM daocloud.io/centos:7
MAINTAINER "xingdianvip@gmail.com"
ENV container docker
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
root@nfs-harbor ~]# docker bulid -t xingdian .
```
构建项目镜像:
```shell
[root@nfs-harbor nginx]# cat Dockerfile
FROM xingdian
ADD nginx-1.20.2.tar.gz /usr/local
RUN rm -rf /etc/yum.repos.d/*
COPY CentOS-Base.repo /etc/yum.repos.d/
COPY epel.repo /etc/yum.repos.d/
RUN yum clean all && yum makecache fast
RUN yum -y install gcc gcc-c++ openssl openssl-devel pcre-devel zlib-devel make
WORKDIR /usr/local/nginx-1.20.2
RUN ./configure --prefix=/usr/local/nginx
RUN make && make install
WORKDIR /usr/local/nginx
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/nginx/sbin
EXPOSE 80
RUN rm -rf /usr/local/nginx/conf/nginx.conf
COPY nginx.conf /usr/local/nginx/conf/
RUN mkdir /dist
CMD ["nginx", "-g", "daemon off;"]
[root@nfs-harbor nginx]# docker build -t nginx:v2 .
```
注意:
需要事先准备好Centos的Base仓库和epel仓库
#### 2.上传项目到harbor
修改镜像tag
```shell
[root@nfs-harbor ~]# docker tag nginx:v2 10.0.0.230/xingdian/nginx:v2
```
登录私有仓库:
```shell
[root@nfs-harbor ~]# docker login 10.0.0.230
Username: xingdian
Password:
```
上传镜像:
```shell
[root@nfs-harbor ~]# docker push 10.0.0.230/xingdian/nginx:v2
```
注意:
默认上传时采用https因为我们部署的harbor使用的是http所以再上传之前按照3-1进行修改
#### 3.kubernetes集群连接harbor
修改所有kubernetes集群能够访问http仓库默认访问的是https
```shell
[root@master ~]# vim /etc/systemd/system/multi-user.target.wants/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 10.0.1.13 --containerd=/run/containerd/containerd.sock
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
```
kubernetes集群创建secret用于连接harbor
```shell
[root@master ~]# kubectl create secret docker-registry regcred --docker-server=10.0.0.230 --docker-username=diange --docker-password=QianFeng@123
[root@master ~]# kubectl get secret
NAME TYPE DATA AGE
regcred kubernetes.io/dockerconfigjson 1 19h
```
注意:
regcredsecret的名字
--docker-server指定服务器的地址
--docker-username指定harbor的用户
--docker-password指定harbor的密码
#### 4.部署NFS
部署NFS目的是为了给kubernetes集群提供持久化存储,kubernetes集群也要安装nfs-utils目的是为了支持nfs文件系统
```shell
[root@nfs-harbor ~]# yum -y install nfs-utils
[root@nfs-harbor ~]# systemctl start nfs
[root@nfs-harbor ~]# systemctl enable nfs
```
创建共享目录并对外共享
```shell
[root@nfs-harbor ~]# mkdir /kubernetes-1
[root@nfs-harbor ~]# cat /etc/exports
/kubernetes-1 *(rw,no_root_squash,sync)
[root@nfs-harbor ~]# exportfs -rv
```
项目放入共享目录下
```shell
[root@nfs-harbor ~]# git clone https://github.com/blackmed/xingdian-project.git
[root@nfs-harbor ~]# unzip dist.zip
[root@nfs-harbor ~]# cp -r dist/* /kubernetes-1
```
#### 5.创建statefulset部署项目
该yaml文件中除了statefulset以外还有service、PersistentVolume、StorageClass
```shell
[root@master xingdian]# cat Statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
name: web
targetPort: 80
nodePort: 30010
selector:
app: nginx
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: xingdian
provisioner: example.com/external-nfs
parameters:
server: 10.0.0.230
path: /kubernetes-1
readOnly: "false"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: xingdian-1
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: xingdian
nfs:
path: /kubernetes-1
server: 10.0.0.230
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: xingdian-2
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: xingdian
nfs:
path: /kubernetes-1
server: 10.0.0.230
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
selector:
matchLabels:
app: nginx
serviceName: "nginx"
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: 10.0.0.230/xingdian/nginx:v2
ports:
- containerPort: 80
name: web
volumeMounts:
- name: www
mountPath: /dist
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "xingdian"
resources:
requests:
storage: 1Gi
```
#### 6.运行
```shell
[root@master xingdian]# kubectl create -f Statefulset.yaml
service/nginx created
storageclass.storage.k8s.io/xingdian created
persistentvolume/xingdian-1 created
persistentvolume/xingdian-2 created
statefulset.apps/web created
```
## 三:项目验证
#### 1.pv验证
```shell
[root@master xingdian]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
xingdian-1 1Gi RWO Retain Bound default/www-web-1 xingdian 9m59s
xingdian-2 1Gi RWO Retain Bound default/www-web-0 xingdian 9m59s
```
#### 2.pvc验证
```shell
[root@master xingdian]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
www-web-0 Bound xingdian-2 1Gi RWO xingdian 10m
www-web-1 Bound xingdian-1 1Gi RWO xingdian 10m
```
#### 3.storageClass验证
```shell
[root@master xingdian]# kubectl get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
xingdian example.com/external-nfs Delete Immediate false 10m
```
#### 4.statefulset验证
```shell
[root@master xingdian]# kubectl get statefulset
NAME READY AGE
web 2/2 13m
[root@master xingdian]# kubectl get pod
NAME READY STATUS RESTARTS AGE
web-0 1/1 Running 0 13m
web-1 1/1 Running 0 13m
```
#### 5.service验证
```shell
[root@master xingdian]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.111.189.32 <none> 80:30010/TCP 13m
```
#### 6.浏览器访问
<img src="https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20220502193031689.png" alt="image-20220502193031689" style="zoom:80%;" />