利用kubernetes部署网站项目

5d19h v1.23.1 node-2 Ready 5d19h v1.23.1 node-3 Ready 5d19h v1.23.1 ``` #### 2.harbor私有仓库 主要给kubernetes集群提供镜像服务 ## 二：项目部署 #### 1.镜像构建 软件下载地址： ```shell wget https://nginx.org/download/nginx-1.20.2.tar.gz ``` 项目包下载地址： ```shell git clone https://github.com/blackmed/xingdian-project.git ``` 构建centos基础镜像Dockerfile文件： ```shell root@nfs-harbor ~]# cat Dockerfile FROM daocloud.io/centos:7 MAINTAINER "xingdianvip@gmail.com" ENV container docker RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs RUN yum -y update; yum clean all; \ (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f /etc/systemd/system/*.wants/*;\ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] root@nfs-harbor ~]# docker bulid -t xingdian . ``` 构建项目镜像： ```shell [root@nfs-harbor nginx]# cat Dockerfile FROM xingdian ADD nginx-1.20.2.tar.gz /usr/local RUN rm -rf /etc/yum.repos.d/* COPY CentOS-Base.repo /etc/yum.repos.d/ COPY epel.repo /etc/yum.repos.d/ RUN yum clean all && yum makecache fast RUN yum -y install gcc gcc-c++ openssl openssl-devel pcre-devel zlib-devel make WORKDIR /usr/local/nginx-1.20.2 RUN ./configure --prefix=/usr/local/nginx RUN make && make install WORKDIR /usr/local/nginx ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/nginx/sbin EXPOSE 80 RUN rm -rf /usr/local/nginx/conf/nginx.conf COPY nginx.conf /usr/local/nginx/conf/ RUN mkdir /dist CMD ["nginx", "-g", "daemon off;"] [root@nfs-harbor nginx]# docker build -t nginx:v2 . ``` 注意： ​ 需要事先准备好Centos的Base仓库和epel仓库 #### 2.上传项目到harbor 修改镜像tag： ```shell [root@nfs-harbor ~]# docker tag nginx:v2 10.0.0.230/xingdian/nginx:v2 ``` 登录私有仓库： ```shell [root@nfs-harbor ~]# docker login 10.0.0.230 Username: xingdian Password: ``` 上传镜像： ```shell [root@nfs-harbor ~]# docker push 10.0.0.230/xingdian/nginx:v2 ``` 注意： ​ 默认上传时采用https，因为我们部署的harbor使用的是http，所以再上传之前按照3-1进行修改 #### 3.kubernetes集群连接harbor 修改所有kubernetes集群能够访问http仓库，默认访问的是https ```shell [root@master ~]# vim /etc/systemd/system/multi-user.target.wants/docker.service ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 10.0.1.13 --containerd=/run/containerd/containerd.sock [root@master ~]# systemctl daemon-reload [root@master ~]# systemctl restart docker ``` kubernetes集群创建secret用于连接harbor ```shell [root@master ~]# kubectl create secret docker-registry regcred --docker-server=10.0.0.230 --docker-username=diange --docker-password=QianFeng@123 [root@master ~]# kubectl get secret NAME TYPE DATA AGE regcred kubernetes.io/dockerconfigjson 1 19h ``` 注意： ​ regcred：secret的名字 ​ --docker-server：指定服务器的地址 ​ --docker-username：指定harbor的用户 ​ --docker-password：指定harbor的密码 #### 4.部署NFS 部署NFS目的是为了给kubernetes集群提供持久化存储,kubernetes集群也要安装nfs-utils目的是为了支持nfs文件系统 ```shell [root@nfs-harbor ~]# yum -y install nfs-utils [root@nfs-harbor ~]# systemctl start nfs [root@nfs-harbor ~]# systemctl enable nfs ``` 创建共享目录并对外共享 ```shell [root@nfs-harbor ~]# mkdir /kubernetes-1 [root@nfs-harbor ~]# cat /etc/exports /kubernetes-1 *(rw,no_root_squash,sync) [root@nfs-harbor ~]# exportfs -rv ``` 项目放入共享目录下 ```shell [root@nfs-harbor ~]# git clone https://github.com/blackmed/xingdian-project.git [root@nfs-harbor ~]# unzip dist.zip [root@nfs-harbor ~]# cp -r dist/* /kubernetes-1 ``` #### 5.创建statefulset部署项目 该yaml文件中除了statefulset以外还有service、PersistentVolume、StorageClass ```shell [root@master xingdian]# cat Statefulset.yaml apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: type: NodePort ports: - port: 80 name: web targetPort: 80 nodePort: 30010 selector: app: nginx --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: xingdian provisioner: example.com/external-nfs parameters: server: 10.0.0.230 path: /kubernetes-1 readOnly: "false" --- apiVersion: v1 kind: PersistentVolume metadata: name: xingdian-1 spec: capacity: storage: 1Gi volumeMode: Filesystem accessModes: - ReadWriteOnce storageClassName: xingdian nfs: path: /kubernetes-1 server: 10.0.0.230 --- apiVersion: v1 kind: PersistentVolume metadata: name: xingdian-2 spec: capacity: storage: 1Gi volumeMode: Filesystem accessModes: - ReadWriteOnce storageClassName: xingdian nfs: path: /kubernetes-1 server: 10.0.0.230 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: selector: matchLabels: app: nginx serviceName: "nginx" replicas: 2 template: metadata: labels: app: nginx spec: terminationGracePeriodSeconds: 10 containers: - name: nginx image: 10.0.0.230/xingdian/nginx:v2 ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /dist volumeClaimTemplates: - metadata: name: www spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "xingdian" resources: requests: storage: 1Gi ``` #### 6.运行 ```shell [root@master xingdian]# kubectl create -f Statefulset.yaml service/nginx created storageclass.storage.k8s.io/xingdian created persistentvolume/xingdian-1 created persistentvolume/xingdian-2 created statefulset.apps/web created ``` ## 三：项目验证 #### 1.pv验证 ```shell [root@master xingdian]# kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE xingdian-1 1Gi RWO Retain Bound default/www-web-1 xingdian 9m59s xingdian-2 1Gi RWO Retain Bound default/www-web-0 xingdian 9m59s ``` #### 2.pvc验证 ```shell [root@master xingdian]# kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE www-web-0 Bound xingdian-2 1Gi RWO xingdian 10m www-web-1 Bound xingdian-1 1Gi RWO xingdian 10m ``` #### 3.storageClass验证 ```shell [root@master xingdian]# kubectl get storageclass NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE xingdian example.com/external-nfs Delete Immediate false 10m ``` #### 4.statefulset验证 ```shell [root@master xingdian]# kubectl get statefulset NAME READY AGE web 2/2 13m [root@master xingdian]# kubectl get pod NAME READY STATUS RESTARTS AGE web-0 1/1 Running 0 13m web-1 1/1 Running 0 13m ``` #### 5.service验证 ```shell [root@master xingdian]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx NodePort 10.111.189.32 80:30010/TCP 13m ``` #### 6.浏览器访问