From 3f429cee633d8761affef6eb90868e142ad366a3 Mon Sep 17 00:00:00 2001 From: diandian Date: Wed, 12 Apr 2023 14:18:54 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20'kubernetes-MD/=E5=88=A9?= =?UTF-8?q?=E7=94=A8kubernetes=E9=83=A8=E7=BD=B2=E7=BD=91=E7=AB=99?= =?UTF-8?q?=E9=A1=B9=E7=9B=AE.md'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes-MD/利用kubernetes部署网站项目.md | 671 ++++++++++---------- 1 file changed, 335 insertions(+), 336 deletions(-) diff --git a/kubernetes-MD/利用kubernetes部署网站项目.md b/kubernetes-MD/利用kubernetes部署网站项目.md index a9115f7..162a431 100644 --- a/kubernetes-MD/利用kubernetes部署网站项目.md +++ b/kubernetes-MD/利用kubernetes部署网站项目.md @@ -1,336 +1,335 @@ -

利用kubernetes部署网站项目

- -著作:行癫 <盗版必究> - ------- - -## 一:环境准备 - -#### 1.kubernetes集群 - -集群正常运行,例如使用以下命令检查 - -```shell -[root@master ~]# kubectl get node -NAME STATUS ROLES AGE VERSION -master Ready control-plane,master 5d19h v1.23.1 -node-1 Ready 5d19h v1.23.1 -node-2 Ready 5d19h v1.23.1 -node-3 Ready 5d19h v1.23.1 -``` - -#### 2.harbor私有仓库 - -主要给kubernetes集群提供镜像服务 - -image-20220502184026483 - -## 二:项目部署 - -#### 1.镜像构建 - -软件下载地址: - -```shell -wget https://nginx.org/download/nginx-1.20.2.tar.gz -``` - -项目包下载地址: - -```shell -git clone https://github.com/blackmed/xingdian-project.git -``` - -构建centos基础镜像Dockerfile文件: - -```shell -root@nfs-harbor ~]# cat Dockerfile -FROM daocloud.io/centos:7 -MAINTAINER "xingdianvip@gmail.com" -ENV container docker -RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs -RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; -VOLUME [ "/sys/fs/cgroup" ] -CMD ["/usr/sbin/init"] -root@nfs-harbor ~]# docker bulid -t xingdian . -``` - -构建项目镜像: - -```shell -[root@nfs-harbor nginx]# cat Dockerfile -FROM xingdian -ADD nginx-1.20.2.tar.gz /usr/local -RUN rm -rf /etc/yum.repos.d/* -COPY CentOS-Base.repo /etc/yum.repos.d/ -COPY epel.repo /etc/yum.repos.d/ -RUN yum clean all && yum makecache fast -RUN yum -y install gcc gcc-c++ openssl openssl-devel pcre-devel zlib-devel make -WORKDIR /usr/local/nginx-1.20.2 -RUN ./configure --prefix=/usr/local/nginx -RUN make && make install -WORKDIR /usr/local/nginx -ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/nginx/sbin -EXPOSE 80 -RUN rm -rf /usr/local/nginx/conf/nginx.conf -COPY nginx.conf /usr/local/nginx/conf/ -RUN mkdir /dist -CMD ["nginx", "-g", "daemon off;"] -[root@nfs-harbor nginx]# docker build -t nginx:v2 . -``` - -注意: - -​ 需要事先准备好Centos的Base仓库和epel仓库 - -#### 2.上传项目到harbor - -修改镜像tag: - -```shell -[root@nfs-harbor ~]# docker tag nginx:v2 10.0.0.230/xingdian/nginx:v2 -``` - -登录私有仓库: - -```shell -[root@nfs-harbor ~]# docker login 10.0.0.230 -Username: xingdian -Password: -``` - -上传镜像: - -```shell -[root@nfs-harbor ~]# docker push 10.0.0.230/xingdian/nginx:v2 -``` - -注意: - -​ 默认上传时采用https,因为我们部署的harbor使用的是http,所以再上传之前按照3-1进行修改 - -#### 3.kubernetes集群连接harbor - -修改所有kubernetes集群能够访问http仓库,默认访问的是https - -```shell -[root@master ~]# vim /etc/systemd/system/multi-user.target.wants/docker.service -ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 10.0.1.13 --containerd=/run/containerd/containerd.sock -[root@master ~]# systemctl daemon-reload -[root@master ~]# systemctl restart docker -``` - -kubernetes集群创建secret用于连接harbor - -```shell -[root@master ~]# kubectl create secret docker-registry regcred --docker-server=10.0.0.230 --docker-username=diange --docker-password=QianFeng@123 -[root@master ~]# kubectl get secret -NAME TYPE DATA AGE -regcred kubernetes.io/dockerconfigjson 1 19h -``` - -注意: - -​ regcred:secret的名字 - -​ --docker-server:指定服务器的地址 - -​ --docker-username:指定harbor的用户 - -​ --docker-password:指定harbor的密码 - -#### 4.部署NFS - -部署NFS目的是为了给kubernetes集群提供持久化存储,kubernetes集群也要安装nfs-utils目的是为了支持nfs文件系统 - -```shell -[root@nfs-harbor ~]# yum -y install nfs-utils -[root@nfs-harbor ~]# systemctl start nfs -[root@nfs-harbor ~]# systemctl enable nfs -``` - -创建共享目录并对外共享 - -```shell -[root@nfs-harbor ~]# mkdir /kubernetes-1 -[root@nfs-harbor ~]# cat /etc/exports -/kubernetes-1 *(rw,no_root_squash,sync) -[root@nfs-harbor ~]# exportfs -rv -``` - -项目放入共享目录下 - -```shell -[root@nfs-harbor ~]# git clone https://github.com/blackmed/xingdian-project.git -[root@nfs-harbor ~]# unzip dist.zip -[root@nfs-harbor ~]# cp -r dist/* /kubernetes-1 -``` - -#### 5.创建statefulset部署项目 - -该yaml文件中除了statefulset以外还有service、PersistentVolume、StorageClass - -```shell -[root@master xingdian]# cat Statefulset.yaml -apiVersion: v1 -kind: Service -metadata: - name: nginx - labels: - app: nginx -spec: - type: NodePort - ports: - - port: 80 - name: web - targetPort: 80 - nodePort: 30010 - selector: - app: nginx ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: xingdian -provisioner: example.com/external-nfs -parameters: - server: 10.0.0.230 - path: /kubernetes-1 - readOnly: "false" ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: xingdian-1 -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - storageClassName: xingdian - nfs: - path: /kubernetes-1 - server: 10.0.0.230 ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: xingdian-2 -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - storageClassName: xingdian - nfs: - path: /kubernetes-1 - server: 10.0.0.230 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: web -spec: - selector: - matchLabels: - app: nginx - serviceName: "nginx" - replicas: 2 - template: - metadata: - labels: - app: nginx - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: nginx - image: 10.0.0.230/xingdian/nginx:v2 - ports: - - containerPort: 80 - name: web - volumeMounts: - - name: www - mountPath: /dist - volumeClaimTemplates: - - metadata: - name: www - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: "xingdian" - resources: - requests: - storage: 1Gi -``` - -#### 6.运行 - -```shell -[root@master xingdian]# kubectl create -f Statefulset.yaml -service/nginx created -storageclass.storage.k8s.io/xingdian created -persistentvolume/xingdian-1 created -persistentvolume/xingdian-2 created -statefulset.apps/web created -``` - -## 三:项目验证 - -#### 1.pv验证 - -```shell -[root@master xingdian]# kubectl get pv -NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE -xingdian-1 1Gi RWO Retain Bound default/www-web-1 xingdian 9m59s -xingdian-2 1Gi RWO Retain Bound default/www-web-0 xingdian 9m59s -``` - -#### 2.pvc验证 - -```shell -[root@master xingdian]# kubectl get pvc -NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE -www-web-0 Bound xingdian-2 1Gi RWO xingdian 10m -www-web-1 Bound xingdian-1 1Gi RWO xingdian 10m -``` - -#### 3.storageClass验证 - -```shell -[root@master xingdian]# kubectl get storageclass -NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE -xingdian example.com/external-nfs Delete Immediate false 10m -``` - -#### 4.statefulset验证 - -```shell -[root@master xingdian]# kubectl get statefulset -NAME READY AGE -web 2/2 13m -[root@master xingdian]# kubectl get pod -NAME READY STATUS RESTARTS AGE -web-0 1/1 Running 0 13m -web-1 1/1 Running 0 13m -``` - -#### 5.service验证 - -```shell -[root@master xingdian]# kubectl get svc -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -nginx NodePort 10.111.189.32 80:30010/TCP 13m -``` - -#### 6.浏览器访问 - -image-20220502193031689 +

利用kubernetes部署网站项目

+ +著作:行癫 <盗版必究> + +------ + +## 一:环境准备 + +#### 1.kubernetes集群 + +集群正常运行,例如使用以下命令检查 + +```shell +[root@master ~]# kubectl get node +NAME STATUS ROLES AGE VERSION +master Ready control-plane,master 5d19h v1.23.1 +node-1 Ready 5d19h v1.23.1 +node-2 Ready 5d19h v1.23.1 +node-3 Ready 5d19h v1.23.1 +``` + +#### 2.harbor私有仓库 + +主要给kubernetes集群提供镜像服务 + +image-20220502184026483 +## 二:项目部署 + +#### 1.镜像构建 + +软件下载地址: + +```shell +wget https://nginx.org/download/nginx-1.20.2.tar.gz +``` + +项目包下载地址: + +```shell +git clone https://github.com/blackmed/xingdian-project.git +``` + +构建centos基础镜像Dockerfile文件: + +```shell +root@nfs-harbor ~]# cat Dockerfile +FROM daocloud.io/centos:7 +MAINTAINER "xingdianvip@gmail.com" +ENV container docker +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*;\ +rm -f /etc/systemd/system/*.wants/*;\ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*;\ +rm -f /lib/systemd/system/anaconda.target.wants/*; +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/usr/sbin/init"] +root@nfs-harbor ~]# docker bulid -t xingdian . +``` + +构建项目镜像: + +```shell +[root@nfs-harbor nginx]# cat Dockerfile +FROM xingdian +ADD nginx-1.20.2.tar.gz /usr/local +RUN rm -rf /etc/yum.repos.d/* +COPY CentOS-Base.repo /etc/yum.repos.d/ +COPY epel.repo /etc/yum.repos.d/ +RUN yum clean all && yum makecache fast +RUN yum -y install gcc gcc-c++ openssl openssl-devel pcre-devel zlib-devel make +WORKDIR /usr/local/nginx-1.20.2 +RUN ./configure --prefix=/usr/local/nginx +RUN make && make install +WORKDIR /usr/local/nginx +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/nginx/sbin +EXPOSE 80 +RUN rm -rf /usr/local/nginx/conf/nginx.conf +COPY nginx.conf /usr/local/nginx/conf/ +RUN mkdir /dist +CMD ["nginx", "-g", "daemon off;"] +[root@nfs-harbor nginx]# docker build -t nginx:v2 . +``` + +注意: + +​ 需要事先准备好Centos的Base仓库和epel仓库 + +#### 2.上传项目到harbor + +修改镜像tag: + +```shell +[root@nfs-harbor ~]# docker tag nginx:v2 10.0.0.230/xingdian/nginx:v2 +``` + +登录私有仓库: + +```shell +[root@nfs-harbor ~]# docker login 10.0.0.230 +Username: xingdian +Password: +``` + +上传镜像: + +```shell +[root@nfs-harbor ~]# docker push 10.0.0.230/xingdian/nginx:v2 +``` + +注意: + +​ 默认上传时采用https,因为我们部署的harbor使用的是http,所以再上传之前按照3-1进行修改 + +#### 3.kubernetes集群连接harbor + +修改所有kubernetes集群能够访问http仓库,默认访问的是https + +```shell +[root@master ~]# vim /etc/systemd/system/multi-user.target.wants/docker.service +ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 10.0.1.13 --containerd=/run/containerd/containerd.sock +[root@master ~]# systemctl daemon-reload +[root@master ~]# systemctl restart docker +``` + +kubernetes集群创建secret用于连接harbor + +```shell +[root@master ~]# kubectl create secret docker-registry regcred --docker-server=10.0.0.230 --docker-username=diange --docker-password=QianFeng@123 +[root@master ~]# kubectl get secret +NAME TYPE DATA AGE +regcred kubernetes.io/dockerconfigjson 1 19h +``` + +注意: + +​ regcred:secret的名字 + +​ --docker-server:指定服务器的地址 + +​ --docker-username:指定harbor的用户 + +​ --docker-password:指定harbor的密码 + +#### 4.部署NFS + +部署NFS目的是为了给kubernetes集群提供持久化存储,kubernetes集群也要安装nfs-utils目的是为了支持nfs文件系统 + +```shell +[root@nfs-harbor ~]# yum -y install nfs-utils +[root@nfs-harbor ~]# systemctl start nfs +[root@nfs-harbor ~]# systemctl enable nfs +``` + +创建共享目录并对外共享 + +```shell +[root@nfs-harbor ~]# mkdir /kubernetes-1 +[root@nfs-harbor ~]# cat /etc/exports +/kubernetes-1 *(rw,no_root_squash,sync) +[root@nfs-harbor ~]# exportfs -rv +``` + +项目放入共享目录下 + +```shell +[root@nfs-harbor ~]# git clone https://github.com/blackmed/xingdian-project.git +[root@nfs-harbor ~]# unzip dist.zip +[root@nfs-harbor ~]# cp -r dist/* /kubernetes-1 +``` + +#### 5.创建statefulset部署项目 + +该yaml文件中除了statefulset以外还有service、PersistentVolume、StorageClass + +```shell +[root@master xingdian]# cat Statefulset.yaml +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + app: nginx +spec: + type: NodePort + ports: + - port: 80 + name: web + targetPort: 80 + nodePort: 30010 + selector: + app: nginx +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: xingdian +provisioner: example.com/external-nfs +parameters: + server: 10.0.0.230 + path: /kubernetes-1 + readOnly: "false" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: xingdian-1 +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + storageClassName: xingdian + nfs: + path: /kubernetes-1 + server: 10.0.0.230 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: xingdian-2 +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + storageClassName: xingdian + nfs: + path: /kubernetes-1 + server: 10.0.0.230 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: web +spec: + selector: + matchLabels: + app: nginx + serviceName: "nginx" + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: nginx + image: 10.0.0.230/xingdian/nginx:v2 + ports: + - containerPort: 80 + name: web + volumeMounts: + - name: www + mountPath: /dist + volumeClaimTemplates: + - metadata: + name: www + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "xingdian" + resources: + requests: + storage: 1Gi +``` + +#### 6.运行 + +```shell +[root@master xingdian]# kubectl create -f Statefulset.yaml +service/nginx created +storageclass.storage.k8s.io/xingdian created +persistentvolume/xingdian-1 created +persistentvolume/xingdian-2 created +statefulset.apps/web created +``` + +## 三:项目验证 + +#### 1.pv验证 + +```shell +[root@master xingdian]# kubectl get pv +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE +xingdian-1 1Gi RWO Retain Bound default/www-web-1 xingdian 9m59s +xingdian-2 1Gi RWO Retain Bound default/www-web-0 xingdian 9m59s +``` + +#### 2.pvc验证 + +```shell +[root@master xingdian]# kubectl get pvc +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +www-web-0 Bound xingdian-2 1Gi RWO xingdian 10m +www-web-1 Bound xingdian-1 1Gi RWO xingdian 10m +``` + +#### 3.storageClass验证 + +```shell +[root@master xingdian]# kubectl get storageclass +NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE +xingdian example.com/external-nfs Delete Immediate false 10m +``` + +#### 4.statefulset验证 + +```shell +[root@master xingdian]# kubectl get statefulset +NAME READY AGE +web 2/2 13m +[root@master xingdian]# kubectl get pod +NAME READY STATUS RESTARTS AGE +web-0 1/1 Running 0 13m +web-1 1/1 Running 0 13m +``` + +#### 5.service验证 + +```shell +[root@master xingdian]# kubectl get svc +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +nginx NodePort 10.111.189.32 80:30010/TCP 13m +``` + +#### 6.浏览器访问 + +image-20220502193031689