kubernetes-x/kubernetes-MD/利用kubernetes部署网站项目.md

8.3 KiB
Raw Blame History

利用kubernetes部署网站项目

著作:行癫 <盗版必究>


一:环境准备

1.kubernetes集群

集群正常运行,例如使用以下命令检查

[root@master ~]# kubectl get node
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   5d19h   v1.23.1
node-1   Ready    <none>                 5d19h   v1.23.1
node-2   Ready    <none>                 5d19h   v1.23.1
node-3   Ready    <none>                 5d19h   v1.23.1

2.harbor私有仓库

主要给kubernetes集群提供镜像服务

image-20220502184026483 ## 二:项目部署

1.镜像构建

软件下载地址:

wget https://nginx.org/download/nginx-1.20.2.tar.gz

项目包下载地址:

git clone https://github.com/blackmed/xingdian-project.git

构建centos基础镜像Dockerfile文件

root@nfs-harbor ~]# cat Dockerfile
FROM daocloud.io/centos:7
MAINTAINER "xingdianvip@gmail.com"
ENV container docker
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
root@nfs-harbor ~]# docker bulid -t xingdian .

构建项目镜像:

[root@nfs-harbor nginx]# cat Dockerfile
FROM xingdian
ADD nginx-1.20.2.tar.gz /usr/local
RUN rm -rf /etc/yum.repos.d/*
COPY CentOS-Base.repo /etc/yum.repos.d/
COPY epel.repo /etc/yum.repos.d/
RUN yum clean all && yum makecache fast
RUN yum -y install gcc gcc-c++ openssl openssl-devel  pcre-devel zlib-devel make
WORKDIR /usr/local/nginx-1.20.2
RUN ./configure --prefix=/usr/local/nginx
RUN make && make install
WORKDIR /usr/local/nginx
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/nginx/sbin
EXPOSE 80
RUN rm -rf /usr/local/nginx/conf/nginx.conf
COPY nginx.conf /usr/local/nginx/conf/
RUN mkdir /dist
CMD ["nginx", "-g", "daemon off;"]
[root@nfs-harbor nginx]# docker build -t nginx:v2 .

注意:

需要事先准备好Centos的Base仓库和epel仓库

2.上传项目到harbor

修改镜像tag

[root@nfs-harbor ~]# docker tag nginx:v2 10.0.0.230/xingdian/nginx:v2

登录私有仓库:

[root@nfs-harbor ~]# docker login 10.0.0.230
Username: xingdian
Password: 

上传镜像:

[root@nfs-harbor ~]# docker push 10.0.0.230/xingdian/nginx:v2

注意:

默认上传时采用https因为我们部署的harbor使用的是http所以再上传之前按照3-1进行修改

3.kubernetes集群连接harbor

修改所有kubernetes集群能够访问http仓库默认访问的是https

[root@master ~]# vim /etc/systemd/system/multi-user.target.wants/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 10.0.1.13 --containerd=/run/containerd/containerd.sock
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker

kubernetes集群创建secret用于连接harbor

[root@master ~]# kubectl create secret docker-registry regcred --docker-server=10.0.0.230 --docker-username=diange --docker-password=QianFeng@123
[root@master ~]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
regcred               kubernetes.io/dockerconfigjson        1      19h

注意:

regcredsecret的名字

--docker-server指定服务器的地址

--docker-username指定harbor的用户

--docker-password指定harbor的密码

4.部署NFS

部署NFS目的是为了给kubernetes集群提供持久化存储,kubernetes集群也要安装nfs-utils目的是为了支持nfs文件系统

[root@nfs-harbor ~]# yum -y install nfs-utils
[root@nfs-harbor ~]# systemctl start nfs
[root@nfs-harbor ~]# systemctl enable nfs

创建共享目录并对外共享

[root@nfs-harbor ~]# mkdir /kubernetes-1
[root@nfs-harbor ~]# cat /etc/exports
/kubernetes-1 *(rw,no_root_squash,sync)
[root@nfs-harbor ~]# exportfs -rv

项目放入共享目录下

[root@nfs-harbor ~]# git clone https://github.com/blackmed/xingdian-project.git
[root@nfs-harbor ~]# unzip dist.zip
[root@nfs-harbor ~]# cp -r dist/* /kubernetes-1

5.创建statefulset部署项目

该yaml文件中除了statefulset以外还有service、PersistentVolume、StorageClass

[root@master xingdian]# cat Statefulset.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  type: NodePort
  ports:
  - port: 80
    name: web
    targetPort: 80
    nodePort: 30010
  selector:
    app: nginx
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: xingdian
provisioner: example.com/external-nfs
parameters:
  server: 10.0.0.230
  path: /kubernetes-1
  readOnly: "false"
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: xingdian-1
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  storageClassName: xingdian
  nfs:
    path: /kubernetes-1
    server: 10.0.0.230
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: xingdian-2
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  storageClassName: xingdian
  nfs:
    path: /kubernetes-1
    server: 10.0.0.230
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  selector:
    matchLabels:
      app: nginx
  serviceName: "nginx"
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx
        image: 10.0.0.230/xingdian/nginx:v2
        ports:
        - containerPort: 80
          name: web
        volumeMounts:
        - name: www
          mountPath: /dist
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "xingdian"
      resources:
        requests:
          storage: 1Gi

6.运行

[root@master xingdian]# kubectl create -f Statefulset.yaml
service/nginx created
storageclass.storage.k8s.io/xingdian created
persistentvolume/xingdian-1 created
persistentvolume/xingdian-2 created
statefulset.apps/web created

三:项目验证

1.pv验证

[root@master xingdian]# kubectl get pv
NAME  CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM STORAGECLASS   REASON   AGE
xingdian-1   1Gi    RWO     Retain    Bound    default/www-web-1   xingdian  9m59s
xingdian-2   1Gi    RWO     Retain    Bound    default/www-web-0   xingdian  9m59s

2.pvc验证

[root@master xingdian]# kubectl get pvc
NAME        STATUS   VOLUME       CAPACITY   ACCESS MODES   STORAGECLASS   AGE
www-web-0   Bound    xingdian-2   1Gi        RWO            xingdian       10m
www-web-1   Bound    xingdian-1   1Gi        RWO            xingdian       10m

3.storageClass验证

[root@master xingdian]# kubectl get storageclass
NAME       PROVISIONER  RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
xingdian   example.com/external-nfs   Delete     Immediate     false        10m

4.statefulset验证

[root@master xingdian]# kubectl get statefulset
NAME   READY   AGE
web    2/2     13m
[root@master xingdian]# kubectl get pod
NAME    READY   STATUS    RESTARTS   AGE
web-0   1/1     Running   0          13m
web-1   1/1     Running   0          13m

5.service验证

[root@master xingdian]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
nginx        NodePort    10.111.189.32   <none>        80:30010/TCP   13m

6.浏览器访问

image-20220502193031689