k8s部署Java和PHP项目案例【AL】 《部署JavaPHP网站项目案例-下》
1、启动harbor和gitlab 。安装maven 、jdk 、拉去代码
cd /root/harbor/ && docker-compose up -d
docker start gitlab
yum install -y java-1.8.0-openjdk
yum install maven -y
git clone https://github.com/lizhenliang/tomcat-java-demo.git
代码内容:
SQL文件: db/tables_ly_tomcat.sql
数据库配置:src/main/resources/application.yml
db目录 ,数据库表的初始化sql
pom.xml 项目依赖的jar包说明文件
src 源代码目录
JAVA tomcat war包项目
2 maven编译代码项目
#替换成阿里的maven源。略
mvn clean package -Dmaven.test.skip=true
此时会生成target文件夹
[root@k8s-master java-demo]# ls
db Dockerfile LICENSE pom.xml README.md src target
2.1 编写dockerfile
cat Dockerfile
FROM 192.168.31.70/library/tomcat:v1
RUN rm -rf /usr/local/tomcat/webapps/*
COPY target/*.war /usr/local/tomcat/webapps/ROOT.war
#配置daemon.json
{
"registry-mirrors": ["https://yyk0qnca.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.31.70"]
}
#执行构建 、push
docker build -t 192.168.31.70/dev/java-demo:v10 .
docker login 192.168.31.70
docker push 192.168.31.70/dev/java-demo:v10
3 、k8s编写对应的deployment 、 service 、ingress
创建拉取镜像认证
kubectl create secret docker-registry registry-pull-secret —docker-username=admin —docker-password=Harbor12345 —docker-email=123@qq.com —docker-server=192.168.31.70 -n test
创建deployment
kubectl create deployment java-demo --image=192.168.31.70/dev/java-demo:v10 --dry-run -o yaml > deployment.yaml
#最终deployment.yaml内容
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: java-demo
namespace: test
spec:
replicas: 3
selector:
matchLabels:
project: www
app: java-demo
template:
metadata:
labels:
project: www
app: java-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: tomcat
image: 192.168.31.70/test/java-demo:v10
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.25
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
kubectl apply -f deployment.yaml
创建service
#注意这里的port 根据实际情况创建。 最终以service.yaml为准
kubectl expose deployment java-demo --port=80 --target=8080 --type=NodePort --dry-run -o yaml > service.yaml
#最终service.yaml内容
apiVersion: v1
kind: Service
metadata:
labels:
app: java-demo
name: java-demo
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
nodePort: 30009
selector:
app: java-demo
type: NodePort
kubectl apply -f service.yaml
创建ingress
#先部署ingress
kubectl apply -f ingress-controller.yaml
#ingress.yaml内容
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: java-demo
spec:
rules:
- host: example.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: java-demo
servicePort: 80
kubectl apply -f ingress.yaml
windows的hosts文件做域名解析
192.168.73.139 example.ctnrs.com
4 JAVA项目小结:
1、安装编译环境
yum install java-1.8.0-openjdk maven -y
2、编译构建
mvn clean package -DskipTests=true
3、替换maven国内源
/etc/maven/settings.xml
<mirror>
< id>central</id>
< mirrorof >central</mirror0f>
< name>aliyun maven</name>
< url>https://maven.aliyun.com/repository/public</url>
< /mirror>
4、使用Dockerfile构建 镜像并推送到镜像仓库
docker build -t 192.168.31.70/dev/java-demo:v10 .
docker login 192.168.31.70
docker push 192.168.31.70/dev/java-demo:v10
5、创建secret保存harbor认证信息
kubectl create secret docker-registry dockerpullauth --docker-username=admin
--docker-password=Harbor12345 --docker-server=192.168.31.70
6、编写yam1部署( deployment、service. ingress)
参考 下面来自benjamin杨的滚动更新:
#安装mysql数据库
yum install -y mariadb-server
systemctl start mariadb
mysqladmin -uroot password "123456"
vim java-demo/src/main/resources/application.yml
#创建demo用户并授权
MariaDB [test]> grant all on test.* to 'demo'@'192.168.31.%' identified by '123.com';
MariaDB [test]> grant all on test.* to 'demo'@'localhost' identified by '123.com';
#将修改后的配置重新编译成war包
mvn clean package -Dmaven.skip.test
docker build -t java-demo:v2 .
docker tag java-demo:v2 192.168.31.70/demo/java-demo:v2
docker push 192.168.31.70/demo/java-demo:v2
#将deployment.yaml 中镜像版本v1改成v2
- image: 192.168.31.70/demo/java-demo:v2
#重新应用配置后会触发滚动更新
kubectl apply -f deployment.yaml
回滚应用
回滚应用
kubectl rollout history deployment/java-demo #查看应用历史版本
kubectl rollout undo deployment/java-demo #回滚到之前的版本
kubectl rollout undo deployment/java-demo --to-revision=1 #回到指定的历史版本
kubectl rollout status deploy/java-demo #查看发布情况
java项目END
一、PHP WordPress项目
PHP wp项目代码:
#在k8s平台上搭建一个php网站示例,使用wordpress搭建个人博客
git clone https://github.com/zhangdongdong7/php-demo.git
二、编写php的Dockerfile
dockerfile内容: 这个镜像包含php和nginx的环境。
FROM registry.cn-hangzhou.aliyuncs.com/benjamin-public/nginx-php:latest
#将当前路径的所有文件,复制到/usr/local/nginx/html下
ADD . /usr/local/nginx/html
java或者go的应用需要编译,php的可以不用编译。
三、构建docker镜像 及 推送镜像
#在dockerfile的目录下执行:
docker build -t 192.168.31.70/dev/php-demo:v10 .
docker push 192.168.31.70/dev/php-demo:v10
四、编写yaml文件(deployment 、 service 、 ingress、namespace、secret)
namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
deployment .yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: php-demo
namespace: test
spec:
replicas: 2
selector:
matchLabels:
project: www
app: php-demo
template:
metadata:
labels:
project: www
app: php-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: nginx
image: 192.168.73.136/test/php-demo:v2
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /status.php
port: 80
initialDelaySeconds: 6
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /status.php
port: 80
initialDelaySeconds: 6
timeoutSeconds: 20
service .yaml
apiVersion: v1
kind: Service
metadata:
name: php-demo
namespace: test
spec:
selector:
project: www
app: php-demo
ports:
- name: web
port: 80
targetPort: 80
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: php-demo
namespace: test
spec:
rules:
- host: php.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: php-demo
servicePort: 80
部署yaml 。在ns=test下
kubectl create secret docker-registry dockerpullauth --docker-username=admin --docker-password=Harbor12345 --docker-server=192.168.31.70 -n test
#第一次执行 可能会报错。可再次执行。 或者按顺序执行 ns -> deployment -> service -> ingress
kubectl apply -f .
五、mysql数据库的操作
docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
数据库添加用户并授权
create database wp;
MariaDB [(none)]> grant all on wp.* to 'wp'@'192.168.31.%' identified by '123.com';
MariaDB [(none)]> grant all on wp.* to 'wp'@'localhost' identified by '123.com';
编辑数据库配置文件 php-demo/wp-config.php
...
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wp');
/** MySQL数据库用户名 */
define('DB_USER', 'root');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '192.168.73.136:3306');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8mb4');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
六、绑定hosts 、访问
192.168.73.139 php.ctnrs.com
PHP项目小结
1、使用Dockerfile构建 镜像并推送到镜像仓库
vim Dockerfile
docker build -t 192.168.31.70/dev/php-demo:v10 .
docker login 192.168.31.70
docker push 192.168.31.70/dev/java-demo:v10
2、创建secret保存harbor认证信息
kubectl create secret docker-registry dockerpullauth --docker-username=admin
--docker-password=Harbor12345 --docker-server=192.168.31.70 -n test
3、编写yam1部署( deployment、service、ingress)
4、mysql部分
docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7
mysql -uroot -p$MYSQL_ROOT_PASSWORD
mysql> grant all on test.* wp@'%' indentified by '123456';
部署PHP项目 END
参考:
https://www.cnblogs.com/benjamin77/p/12446781.html 《k8s发布php / java》
https://blog.51cto.com/u_12970189/4851758
其他: 部署ingress
官网:wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
mandatory.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
containers:
- name: nginx-ingress-controller
image: lizhenliang/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
---
其他: k8s部署mysql
mysql.yaml
apiVersion: v1
kind: Service
metadata:
name: php-mysql
labels:
project: php-demo
app: mysql
spec:
ports:
- port: 3306
name: mysql
clusterIP: None
selector:
project: php-demo
app: mysql
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: db
spec:
selector:
matchLabels:
project: php-demo
app: mysql
serviceName: "mysql"
template:
metadata:
labels:
project: php-demo
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
volumeMounts:
- mountPath: /var/lib/mysql
name: data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "managed-nfs-storage"
resources:
requests:
storage: 2Gi