传统部署和k8s部署区别
通常使用传统的部署的时候,我们一个web项目,网站的搭建,往往使用的如下的一种整体架构,可能有的公司在某一环节使用的东西是不一样,但是大体的框架流程是都是差不多的
使用k8s部署,便于弹性伸缩,节约资源,发布周期快,整体框架如下
环境
| 节点名 | IP | 软件版本 | 硬件 | 网络 | 说明 |
|---|---|---|---|---|---|
| K8s-master | 192.168.43.190 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-node1 | 192.168.43.120 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-node2 | 192.168.43.9 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
| K8s-harbor | 192.168.43.129 | list 里面都有 | 2C4G | Nat,内网 | 测试环境 |
安装运行harbor(http方式)
安装docker
# 安装一些必要的系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加软件源信息
# docker 官方源
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 阿里云源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装前可以先更新 yum 缓存:
sudo yum makecache fast
# CentOS7安装 Docker-ce
yum -y install docker-ce # CentOS 中安装
apt-get install docker-ce # Ubuntu 中安装
pacman -S docker # Arch 中安装
emerge --ask docker # Gentoo 中安装
# 如果想安装特定版本的Docker-ce版本,先列出repo中可用版本,然后选择安装
yum list docker-ce --showduplicates |sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
Installed Packages
docker-ce.x86_64 3:19.03.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.4-3.el7 @docker-ce-stable
docker-ce.x86_64 3:19.03.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable
yum install docker-ce-<VERSION STRING>
# 选择安装 docker-ce-18.06.1.ce
yum install docker-ce-18.06.1.ce -y
# Docker镜像加速
# 没有启动/etc/docker目录不存在,需要自己创建,docker启动也会自己创建
# 为了期望我们的镜像下载快一点,应该定义一个镜像加速器,加速器在国内
mkdir /etc/docker
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
# 启动Docker后台服务
systemctl start docker && systemctl enable docker
systemctl daemon-reload # 守护进程重启
# 通过运行hello-world镜像,验证是否正确安装了docker,或者通过查看版本
docker run hello-world
docker version
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
https请看我下面专门写的文章
https://www.cnblogs.com/you-men/p/13121835.html
Harbor 可帮助用户迅速搭建企业级的 Registry 服务, 它提供了管理图形界面, 基于角色的访问控制 ( Role Based Access Control), 镜像远程复制 (同步), AD/LDAP 集成, 以及审计日志等企业用户需求的功能, 同时还原生支持中文, 深受中国用户的喜爱;
安装harbor
注意
安装harbor之前需要安装docker
是
VMware公司开源了企业级Registry项目, 其的目标是帮助用户迅速搭建一个企业级的Docker registry服务。由于 Harbor 是基于 Docker Registry V2 版本,所以 docker 版本必须
>=1.10.0docker-compose>=1.6.0
下载最新版 Docker Compose
curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
下载最新版Docker Harbor
wget https://github.com/goharbor/harbor/releases/download/v1.10.0-rc1/harbor-offline-installer-v1.10.0-rc1.tgz
# 对二进制文件应用可执行权限:
sudo chmod +x /usr/local/bin/docker-compose
# 测试是否安装成功
docker-compose --version
# 按照上面给的docker harbor地址,下载离线安装包
tar xvf harbor-offline-installer-v1.8.1.tgz -C /usr/local/
vim /usr/local/harbor/harbor.yml
hostname: 47.92.24.137
# 运行安装脚本
./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 19.03.4
Note: docker-compose version: 1.22.0
[Step 1]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v1.8.1
Loaded image: goharbor/harbor-registryctl:v1.8.1
Loaded image: goharbor/redis-photon:v1.8.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.1
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.1
Loaded image: goharbor/harbor-db:v1.8.1
Loaded image: goharbor/harbor-jobservice:v1.8.1
Loaded image: goharbor/nginx-photon:v1.8.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1
Loaded image: goharbor/harbor-migrator:v1.8.1
Loaded image: goharbor/prepare:v1.8.1
Loaded image: goharbor/harbor-portal:v1.8.1
Loaded image: goharbor/harbor-log:v1.8.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.1
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1
[Step 2]: preparing environment ...
prepare base dir is set to /usr/local/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file:/secret/core/private_key.pem, cert file:/secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://47.92.24.137.
For more details, please visit https://github.com/goharbor/harbor
接下来我们可以直接浏览器访问配置文件定义的IP或者域名加端口
默认用户密码: admin/Harbor12345
修改harbor端口
# 因为harbor默认端口是80,而大多数时候是不希望使用80端口,修改方法如下
# vim harbor.yml
# 找到port选项修改端口,然后执行./install 就会使用配置文件端口
# 还有一种情况就是更改已有harbor的配置
vim docker-compose.yml
dns_search: .
ports:
- 99:80
auth:
token:
issuer: harbor-token-issuer
realm: http://47.92.24.137:99/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
docker-compose down -v
docker-compose up -d
使用harbor
为了体现出效果,建议使用非harbor的另一台机器
# 镜像推送
docker login 47.92.24.137:99 -u admin -p Harbor12345
vim /etc/docker/daemon.json
{
"insecure-registries":["192.168.43.129"]
}
systemctl daemon-reload
systemctl restart docker
# 因为docker默认使用的是https协议,而搭建harbor是http提供服务的,
# 所以要配置可信任,或者强制docker login和docker push 走http的80端口,而不是443端口.
docker tag daocloud.io/library/nginx:latest 192.168.43.129/library/nginx:latest
docker push 192.168.43.129/library/nginx:latest
PHP部署项目流程
当我们把项目迁移到K8S平台上时,首先我们需要了解的是整个部署的流程,按照这个流程部署,才能避免出现问题,也方便大家理解
制作镜像
使用Dockerfile制作镜像,把应用程序、运行环境、文件系统一起打包成一个镜像,然后推送到Harbor镜像仓库中 首先在k8s的master节点进行操作
[root@k8s-master ]# git clone https://github.com/zhangdongdong7/php-demo.git
[root@k8s-master ]# cd php-demo
[root@k8s-master php-demo]# ls
deployment.yaml ingress.yaml mysql.yaml namespace.yaml README.md service.yaml wordpress
使用wordpress创建一个博客网站,打开wordpress,编写Dockerfile构建镜像,然后推送到一个harbor镜像仓库中,可以看前面章节,harbor镜像的搭建,这里是使用的harbor镜像仓库地址为192.168.43.129
[root@k8s-master php-demo]cd wordpress
[root@k8s-master wordpress]# vim Dockerfile
FROM lizhenliang/nginx-php:latest
MAINTAINER www.ctnrs.com
ADD . /usr/local/nginx/html
[root@k8s-master wordpress]docker login 192.168.43.129
[root@k8s-master wordpress] docker build -t 192.168.43.129/library/php-demo:latest .
[root@k8s-master wordpress] docker push 192.168.43.129/library/php-demo:latest
创建控制器管理Pod
回到php-demo目录编写yaml,首先部署一个test的命令空间
[root@k8s-master wordpress]# cd ../
[root@k8s-master php-demo]# vim namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
[root@k8s-master php-demo]# kubectl apply -f namespace.yaml
kubectl get ns
NAME STATUS AGE
default Active 5h59m
kube-node-lease Active 5h59m
kube-public Active 5h59m
kube-system Active 5h59m
kubernetes-dashboard Active 5h18m
test Active 3s
创建认证
kubectl create secret docker-registry regsecret --docker-server=192.168.43.129 --docker-username=admin --docker-password=Harbor12345 -n test
配置deployment控制器
编写deployment.yaml控制器,这里需要把image进行修改成刚才推送到Harbor镜像仓库中的地址
[root@k8s-master php-demo]# vim deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: php-demo
namespace: test
spec:
replicas: 2
selector:
matchLabels:
project: www
app: php-demo
template:
metadata:
labels:
project: www
app: php-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: nginx
image: 192.168.43.129/library/php-demo:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /status.php
port: 80
Pod数据持久化
因为是一个静态的网站,基本不需要做持久化,直接把代码打包到镜像中
暴露应用
创建一个service来暴露应用,直接使用的了ingress控制器的方式暴露应用了
[root@k8s-master php-demo]# vim service.yaml
apiVersion: v1
kind: Service
metadata:
name: php-demo
namespace: test
spec:
selector:
project: www
app: php-demo
ports:
- name: web
port: 80
targetPort: 80
[root@k8s-master php-demo]# kubectl apply -f service.yaml
[root@k8s-master php-demo]# kubectl apply -f deployment.yaml
[root@master php-demo]# kubectl get pods,svc -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-65bc56fdb8-grklk 1/1 Running 0 15s 10.244.0.11 master <none> <none>
pod/php-demo-65bc56fdb8-td6nv 0/1 Running 0 15s 10.244.2.7 node2 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo ClusterIP 10.0.0.221 <none> 80/TCP 4m16s app=php-demo,project=www
创建ingress对外发布应用
编写yaml,首先创建ingress控制器,创建ingress,最后可以查看pod,svc,ingress的状态,全部都正常可以开始下一步,如果有异常可以使用kubectl describe命令查看日志进行排错
[root@k8s-master java-demo]# kubectl apply -f mandatory.yaml
[root@k8s-master php-demo]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: php-demo
namespace: test
spec:
rules:
- host: php.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: php-demo
servicePort: 80
[root@k8s-master php-demo]# kubectl apply -f ingress.yaml
kubectl get pods,svc,ingress -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-65bc56fdb8-grklk 1/1 Running 0 2m31s 10.244.0.11 master <none> <none>
pod/php-demo-65bc56fdb8-td6nv 1/1 Running 0 2m31s 10.244.2.7 node2 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo ClusterIP 10.0.0.221 <none> 80/TCP 6m32s app=php-demo,project=www
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.extensions/php-demo <none> php.ctnrs.com 80 60s
可以在集群之外找一个数据库,也可以在harbor镜像仓库安装
docker run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 daocloud.io/library/mysql:5.7.5
docker exec -it mysql:5.7 /bin/bash
mysql -uroot -p$MYSQL_ROOT_PASSWORD
create database wp;
grant all on youmen.* TO 'youmen'@'%' IDENTIFIED BY 'zhoujian20';
# 我们可以进入已经运行的pod修改下数据库ip,最好构建镜像时候就修改好
# 此处就不演示了,我们能访问到错误页面说明服务访问暴露是没有问题的
绑定hosts,访问域名验证
windows系统,hosts文件地址:C:WindowsSystem32driversetc
Mac系统sudo vi /private/etc/hosts 编辑hosts文件,在底部加入域名和ip,用于解析
这个ip地址为node节点ip地址 加入如下命令,然后保存
在浏览器中,输入php.ctnrs.com,会跳转到初始化设置界面,设置对应的账号,然后安装,登录,然后就可以编辑文章发布了,一个简单的WordPress的php网站搭建完成
Java项目部署流程
制作镜像
使用Dockerfile制作镜像,把应用程序、运行环境、文件系统一起打包成一个镜像,然后推送到Harbor镜像仓库中
首先在k8s的master节点进行操作
[root@k8s-master ]# git clone https://github.com/zhangdongdong7/java-demo.git
[root@k8s-master java-demo]# cd java-demo
[root@k8s-master java-demo]# ls
deployment.yaml ingress.yaml mysql.yaml README.md tomcat-java-demo-master.zipdeploy.yml mandatory.yaml namespace.yaml service.yaml
[root@k8s-master java-demo]# unzip tomcat-java-demo-master.zip
[root@k8s-master java-demo]# cd tomcat-java-demo-master/
安装环境
[root@k8s-master tomcat-java-demo-master]# yum install java-1.8.0-openjdk maven -y
编译构建
如果maven构建慢可以使用阿里源
vim /etc/maven/settings.xml,大概在(159-164行),更换为如下代码
[root@k8s-master tomcat-java-demo-master]# vim /etc/maven/settings.xml
...
<mirror>
<id>central</id>
<mirrorOf>central</mirrorOf>
<name>aliyun maven</name>
<url>https://maven.aliyun.com/repository/public</url>
</mirror>
...
[root@k8s-master tomcat-java-demo-master]# ls
db Dockerfile LICENSE pom.xml README.md src target
# 这一次我们提前修改好数据库配置再生成镜像
vim src/main/resources/application.yml
在tomcat目录下创建镜像
[root@k8s-master tomcat-java-demo-master]# docker login 192.168.73.136
Authenticating with existing credentials…WARNING!
Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning.
Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin
Succeeded
[root@k8s-master tomcat-java-demo-master]# docker build -t 192.168.43.129/library/java-demo:latest .
[root@k8s-master tomcat-java-demo-master]# docker push 192.168.73.136/test/java-demo:latest
回到上一级java-demo目录中
[root@k8s-master tomcat-java-demo-master]# cd ../
[root@k8s-master java-demo]# ls
db deploy.yml mandatory.yaml namespace.yaml service.yaml tomcat-java-demo-master.zip
deployment.yaml ingress.yaml mysql.yaml README.md tomcat-java-demo-master
[root@k8s-master java-demo]#
创建一个test的命令空间
[root@k8s-master java-demo]# cat namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test namespace.yaml
[root@k8s-master java-demo]# kubectl apply -f namespace.yaml
创建控制器管理Pod
编写deployment.yaml,创建pods,这里需要把image进行修改成刚才推送到Harbor镜像仓库中的地址
[root@k8s-master java-demo]# vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-java-demo
namespace: test
spec:
replicas: 2
selector:
matchLabels:
project: www
app: java-demo
template:
metadata:
labels:
project: www
app: java-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: tomcat
image: 192.168.73.136/test/java-demo:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.25
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
[root@k8s-master java-demo]# kubectl adpply -f deployment.yaml
Pod数据持久化
这里演示的是一个静态的web网站,基本不需要做持久化,直接把代码打包到了镜像中
暴露应用
创建一个service来暴露应用,直接使用的了ingress控制器的方式暴露应用了
[root@k8s-master java-demo]# cat service.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat-java-demo
namespace: test
spec:
selector:
project: www
app: java-demo
ports:
- name: web
port: 80
targetPort: 8080
[root@k8s-master java-demo]# kubectl apply -f service.yaml
创建ingress对外发布应用
编写yaml,因为刚才php项目创建过ingress控制器,因此可以不用创建,直接创建ingress,最后可以查看pod,svc,ingress的状态,全部都正常可以开始下一步,如果有异常可以使用kubectl describe命令查看日志进行排错
[root@k8s-master java-demo]# cat ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-java-demo
namespace: test
spec:
rules:
- host: java.ctnrs.com
http:
paths:
- path: /
backend:
serviceName: tomcat-java-demo
servicePort: 80
[root@k8s-master java-demo]# kubectl apply -f ingress.yaml
[root@k8s-master java-demo]# kubectl get pod,svc,ingress -n test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/php-demo-66d9c64968-4r4vn 1/1 Running 0 24h 10.244.1.73 k8s-node01 <none> <none>
pod/php-demo-66d9c64968-8zw9s 1/1 Running 0 24h 10.244.2.43 k8s-node02 <none> <none>
pod/tomcat-java-demo-5f4f64dd4b-tcmtv 1/1 Running 0 24h 10.244.2.42 k8s-node02 <none> <none>
pod/tomcat-java-demo-5f4f64dd4b-vvx5x 1/1 Running 0 24h 10.244.1.72 k8s-node01 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/php-demo NodePort 10.1.136.96 <none> 80:32625/TCP 24h app=php-demo,project=www
service/tomcat-java-demo ClusterIP 10.1.198.15 <none> 80/TCP 24h app=java-demo,project=www
NAME HOSTS ADDRESS PORTS AGE
ingress.extensions/php-demo php.ctnrs.com 80 24h
ingress.extensions/tomcat-java-demo java.ctnrs.com 80 24h
绑定本机hosts,访问域名验证
windows系统,hosts文件地址:C:WindowsSystem32driversetc
Mac系统sudo vi /private/etc/hosts 编辑hosts文件,在底部加入域名和ip,用于解析,这里的ip是node的ip地址 加入如下命令,然后保存
192.168.43.120 java.ctnrs.com