实际项目部署案例
部署项目前的梳理:
1.项目的代码构成,什么语言开发的
2.项目的依赖环境
3.项目的配置文件在哪里
4.项目的端口清单
5.项目有没有做数据的持久化
容器交付流程
在K8s平台部署项目流程
在K8s平台部署Java网站项目
阿里云maven源地址: https://maven.aliyun.com/mvn/guide
第一步:制作镜像
yum install java-1.8.0-openjdk maven git -y
git clone https://github.com/lizhenliang/tomcat-java-demo
mvn clean package -Dmaven.test.skip=true # 代码编译构建
unzip target/*.war -d target/ROOT # 解压构建文件FROM lizhenliang/tomcat
LABEL maintainer www.ctnrs.com
RUN rm -rf /usr/local/tomcat/webapps/*
COPY target/ROOT /usr/local/tomcat/webapps/ROOTdocker build -t image:tag .
docker push <镜像仓库地址>/<项目名>/image:tagdocker run -d image:tag使用镜像仓库(私有仓库、公共仓库):
1、配置可信任(如果仓库是HTTPS访问不用配置)
# vi /etc/docker/daemon.json
{
insecure-registries": ["192.168.0.13"]
}2、将镜像仓库认证凭据保存在K8s Secret中
kubectl create secret docker-registry registry-auth --docker-username=admin --docker-password=Harbor12345 --docker-server=192.168.0.133、在yaml中使用这个认证凭据
imagePullSecrets:
- name: registry-auth
配置认证的的原因是部署的harbor是私有仓库,k8s的每个节点每次去拉取镜像都必须登录harbor仓库,比较麻烦,通过在yaml配置文件指定docker登录认证凭据,这样docker每次部署的时候就会自动去拉取镜像了。
第二步:使用控制器部署镜像
注意:在pod中挂载configmap配置文件时,如果指定容器内挂载的目录不是空目录,那么会覆盖原来目录下的内容。
部署configmap
vim configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: java-demo-config
data:
application.yml: |
server:
port: 8080
spring:
datasource:
url: jdbc:mysql://java-demo-db:3306/k8s?characterEncoding=utf-8
username: azhe
password: 123456
driver-class-name: com.mysql.jdbc.Driver
freemarker:
allow-request-override: false
cache: true
check-template-location: true
charset: UTF-8
content-type: text/html; charset=utf-8
expose-request-attributes: false
expose-session-attributes: false
expose-spring-macro-helpers: false
suffix: .ftl
template-loader-path:
- classpath:/templates/部署deployment
vim deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
spec:
replicas: 3
selector:
matchLabels:
app: java
template:
metadata:
labels:
app: java
spec:
imagePullSecrets:
- name: registry-auth
containers:
- image: 192.168.0.13/demo/java-demo:v1
name: java-demo
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 40
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 40
periodSeconds: 10
volumeMounts:
- name: config
mountPath: "/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/application.yml"
subPath: "application.yml"
volumes:
- name: config
configMap:
name: java-demo-config
items:
- key: "application.yml"
path: "application.yml"kubectl apply -f configmap.yaml
kubectl apply -f deployment.yaml第三步:对外暴露应用
部署service
vim service.yaml
apiVersion: v1
kind: Service
metadata:
name: java-demo
spec:
selector:
app: java
ports:
- protocol: TCP
port: 80
targetPort: 8080部署ingress(首先部署nginx-ingress-controller,监听端口是80和443)
vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: java-demo
spec:
rules:
- host: java.ctnrs.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: java-demo
port:
number: 80部署mysql数据库(1.部署NFS实现自动创建PV插件 2.导入表到k8s数据库)
#安装nfs安装包(每个k8s节点都要安装)
yum install nfs-utils
#创建nfs共享目录
mkdir -p /nfs/kubernetes
#修改nfs配置文件
vim /etc/exports
/nfs/kubernetes *(rw,no_root_squash)
#启动nfs并加入开机自启
systemctl start nfs
systemctl enable nfs
#部署NFS实现自动创建PV插件:
git clone https://github.com/kubernetes-incubator/external-storage
cd nfs-client/deploy
kubectl apply -f rbac.yaml # 授权访问apiserver
kubectl apply -f deployment.yaml # 部署插件,需修改里面NFS服务器地址与共享目录
kubectl apply -f class.yaml # 创建存储类
kubectl get sc # 查看存储类
#导入表到k8s数据库
kubectl get pod
kubectl cp tables_ly_tomcat.sql java-demo-db-6c775c4d4b-7xfgc:/
kubectl exec -it java-demo-db-6c775c4d4b-7xfgc -- bash
mysql -u root -p$MYSQL_ROOT_PASSWORD
show databses;
use k8s;
source /tables_ly_tomcat.sql;vim mysql.yaml
apiVersion: v1
kind: Secret
metadata:
name: java-demo-db
namespace: default
type: Opaque
data:
mysql-root-password: "MTIzNDU2"
mysql-password: "MTIzNDU2"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-demo-db
namespace: default
spec:
selector:
matchLabels:
operation: www
app: mysql
template:
metadata:
labels:
operation: www
app: mysql
spec:
containers:
- name: db
image: mysql:5.7.30
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 500m
memory: 512Mi
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: java-demo-db
key: mysql-root-password
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: java-demo-db
key: mysql-password
- name: MYSQL_USER
value: "azhe"
- name: MYSQL_DATABASE
value: "k8s"
ports:
- name: mysql
containerPort: 3306
livenessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
exec:
command:
- sh
- -c
- "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
initialDelaySeconds: 5
periodSeconds: 10
volumeMounts:
- name: data
mountPath: /var/lib/mysql
volumes:
- name: data
persistentVolumeClaim:
claimName: java-demo-db
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: java-demo-db
namespace: default
spec:
storageClassName: "managed-nfs-storage"
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
---
apiVersion: v1
kind: Service
metadata:
name: java-demo-db
namespace: default
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: mysql
selector:
operation: www
app: mysqlkubectl apply -f service.yaml
kubectl apply -f ingress.yaml
kubectl apply -f mysql.yaml访问java.ctnrs.com,添加用户验证数据库是否可用
第四步:增加公网负载均衡器
upstream java-demo {
server 192.168.0.12:80;
server 192.168.0.13:80;
}
server {
listen 81;
server_name java.ctnrs.com;
location / {
proxy_pass http://java-demo;
proxy_set_header Host $Host;
}
}访问java.ctnrs.com:81
1、为指定用户授权访问不同命名空间权限
2、使用Helm完成Java网站项目部署
注:自由发挥,实现需求即可