前提:基础镜像的构建请参考分层镜像构建并部署业务到Kubernetes集群生产案例
基于StatefulSet实现MySql业务容器化案例
- Pod调度运⾏时,如果应⽤不需要任何稳定的标示、有序的部署、删除和扩展,则应该使⽤⼀组⽆状态副本的控制器StatefulSet来部署应⽤,例如 Deployment 或 ReplicaSet更适合⽆状态服务需求,⽽StatefulSet适合管理所有有状态的服务,⽐如MySQL、MongoDB集群等
- ⽆状态副本的控制器StatefulSet
StatefulSet本质上是Deployment的⼀种变体,在v1.9版本中已成为GA版本,它为了解决有状态服务的问题,它所管理的Pod拥有固定的Pod名称,启停顺序,在StatefulSet中,Pod名字称为⽹络标识(hostname),还必须要⽤到共享存储。
在Deployment中,与之对应的服务是service,⽽在StatefulSet中与之对应的headless service,headless service,即⽆头服务,与service的区别就是它没有Cluster IP,解析它的名称时将返回该Headless Service对应的全部Pod的Endpoint列表。
StatefulSet的组成部分:
-> Headless Service:⽤来定义Pod⽹络标识( DNS domain),指的是短的service(丢失了domainname)。
-> StatefulSet:定义具体应⽤,有多少个Pod副本,并为每个Pod定义了⼀个域名。
-> volumeClaimTemplates: 存储卷申请模板,创建PVC,指定pvc名称⼤⼩,将⾃动创建pvc,且pvc必须由存储类供应。
StatefulSet 特点:
-> 给每个pod分配固定且唯⼀的⽹络标识符
-> 给每个pod分配固定且持久化的外部存储
-> 对pod进⾏有序的部署和扩展
-> 对pod进有序的删除和终⽌
-> 对pod进有序的⾃动滚动更新
架构及部署
- 架构
- 部署
- 基础镜像准备
https://github.com/docker-library/ #github 下载地址
#准备xtrabackup镜像
[root@K8s-ansible ~]#docker pull registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0
1.0: Pulling from hxpdocker/xtrabackup
1fad42e8a0d9: Pull complete
dac06889328b: Pull complete
90d87ab7dc00: Pull complete
Digest: sha256:92ef9832ee300642529677b4c6f6707fc292e7c6a9a9a1940f346f753ac0fdeb
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0
registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0
[root@K8s-ansible ~]#docker tag registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0 K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0
[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/xtrabackup]
f85c58969eb0: Pushed
82d548d175dd: Pushed
fe4c16cbf7a4: Pushed
1.0: digest: sha256:39f106eb400e18dcb4bded651a7ab308b39c305578ce228ae35f3c76bc715510 size: 949
#准备mysql镜像
[root@K8s-ansible ~]#docker pull mysql:5.7.36
5.7: Pulling from library/mysql
e83e8f2e82cc: Pull complete
0f23deb01b84: Pull complete
f5bda3b184ea: Pull complete
ed17edbc6604: Pull complete
33a94a6acfa7: Pull complete
3686cf92b89d: Pull complete
f81535a6a8bf: Pull complete
4bffb03ea5e2: Pull complete
49348ef8dcaa: Pull complete
509d665d0cf5: Pull complete
adc919b937fd: Pull complete
Digest: sha256:bf18020f32cc5d8f5e2add516d52fbf3afc3de431457076340e938596c528171
Status: Downloaded newer image for mysql:5.7.36
docker.io/library/mysql:5.7.36
[root@K8s-ansible ~]#docker tag mysql:5.7.36 K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36
[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/mysql]
2d7ad8ebf62c: Pushed
8576e00c5982: Pushed
cf46fba5eb1b: Pushed
398fc42736e8: Pushed
ffe7364b7815: Pushed
3e72c01b85e8: Pushed
e792fc7474b3: Pushed
74a008e3042b: Pushed
519cf9da0b88: Pushed
963177f01181: Pushed
e74a57638021: Pushed
5.7: digest: sha256:47b0250a983e600ab247e6f25a4c99069d4cb637fd8dc6a11a43e83a83e9308c size: 2618
- 创建PV
pvc会⾃动基于PV创建,只需要有多个可⽤的PV即可,PV数量取决于计划启动多少个mysql pod,本次创建5个PV,也就是最多启动5个mysql pod。
*注意,一般创建存储类前确保没有旧的存储类storageclasses.storage存在,如果有需要清空或者换个环境
[root@K8s-ansible mysql]#tree .
.
├── mysql-configmap.yaml
├── mysql-services.yaml
├── mysql-statefulset.yaml
└── pv
└── mysql-persistentvolume.yaml
1 directory, 4 files
#受限确保环境中动态存储卷生成的存储类没有残留,以免出错
[root@K8s-ansible mysql]#kubectl get storageclasses.storage.k8s.io -A
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
mooreyxia-nfs-storage k8s-sigs.io/nfs-subdir-external-provisioner Retain Immediate false 7d2h
[root@K8s-ansible mysql]#kubectl delete storageclasses.storage.k8s.io mooreyxia-nfs-storage
storageclass.storage.k8s.io "mooreyxia-nfs-storage" deleted
[root@K8s-ansible mysql]#kubectl get storageclasses.storage.k8s.io -A
No resources found
#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -pv /data/k8sdata/mooreyxia/mysql-datadir-{1,2,3,4,5,clone}
[root@K8s-haproxy01 ~]#vim /etc/exports
[root@K8s-haproxy01 ~]#cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exporting *:/data/volumes
exporting *:/data/k8sdata
#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *
#创建PV
[root@K8s-ansible mysql]#vim pv/mysql-persistentvolume.yaml
[root@K8s-ansible mysql]#cat pv/mysql-persistentvolume.yaml
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-1
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-1
server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-2
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-2
server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-3
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-3
server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-4
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-4
server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-5
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-5
server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-datadir-6
namespace: mooreyxia
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
nfs:
path: /data/k8sdata/mooreyxia/mysql-datadir-6
server: 192.168.11.203
[root@K8s-ansible mysql]#kubectl apply -f pv/mysql-persistentvolume.yaml
persistentvolume/mysql-datadir-1 created
persistentvolume/mysql-datadir-2 created
persistentvolume/mysql-datadir-3 created
persistentvolume/mysql-datadir-4 created
persistentvolume/mysql-datadir-5 created
persistentvolume/mysql-datadir-6 created
#确认pv可用
- 创建mysql-pod并运行服务
#创建configmap提供mysql配置
[root@K8s-ansible mysql]#vim mysql-configmap.yaml
[root@K8s-ansible mysql]#cat mysql-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
namespace: mooreyxia
labels:
app: mysql
data:
master.cnf: |
# Apply this config only on the master.
[mysqld]
log-bin
log_bin_trust_function_creators=1
lower_case_table_names=1
slave.cnf: |
# Apply this config only on slaves.
[mysqld]
super-read-only
log_bin_trust_function_creators=1
[root@K8s-ansible mysql]#kubectl apply -f mysql-configmap.yaml
configmap/mysql created
#确认configMap
#创建service
[root@K8s-ansible mysql]#vim mysql-services.yaml
[root@K8s-ansible mysql]#cat mysql-services.yaml
# Headless service for stable DNS entries of StatefulSet members.
apiVersion: v1
kind: Service
metadata:
namespace: mooreyxia
name: mysql
labels:
app: mysql
spec:
ports:
- name: mysql
port: 3306
clusterIP: None #headless
selector:
app: mysql
---
# Client service for connecting to any MySQL instance for reads.
# For writes, you must instead connect to the master: mysql-0.mysql.
apiVersion: v1
kind: Service
metadata:
name: mysql-read
namespace: mooreyxia
labels:
app: mysql
spec:
ports:
- name: mysql
port: 3306
selector:
app: mysql
[root@K8s-ansible mysql]#kubectl apply -f mysql-services.yaml
service/mysql created
service/mysql-read created
#确认service
#创建StateFull控制器
[root@K8s-ansible mysql]#vim mysql-statefulset.yaml
[root@K8s-ansible mysql]#cat mysql-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
namespace: mooreyxia
spec:
selector:
matchLabels:
app: mysql
serviceName: mysql
replicas: 3
template:
metadata:
labels:
app: mysql
spec:
initContainers:
- name: init-mysql #初始化容器1-基于当前pod name匹配校色是master还是slave,并动态生成相应的配置
image: K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36
command:
- bash
- "-c"
- |
set -ex
# Generate mysql server-id from pod ordinal index.
[[ `hostname` =~ -([0-9]+)$ ]] || exit 1 #匹配hostname随后一位,是一个顺序叠加的整数
ordinal=${BASH_REMATCH[1]}
echo [mysqld] > /mnt/conf.d/server-id.cnf
# Add an offset to avoid reserved server-id=0 value.
echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf
# Copy appropriate conf.d files from config-map to emptyDir.
if [[ $ordinal -eq 0 ]]; then #如果是master,则配置master.cnf
cp /mnt/config-map/master.cnf /mnt/conf.d/
else
cp /mnt/config-map/slave.cnf /mnt/conf.d/
fi
volumeMounts:
- name: conf #临时卷,emptyDir
mountPath: /mnt/conf.d
- name: config-map
mountPath: /mnt/config-map
- name: clone-mysql #初始化容器2-用于生成mysql配置文件,并从上一个pod完成首次全备。(slave 3从slave 2 clone,而非每个salve都从master clone。首次全备后采用增量备份)
image: K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0
command:
- bash
- "-c"
- |
set -ex
# Skip the clone if data already exists.
[[ -d /var/lib/mysql/mysql ]] && exit 0
# Skip the clone on master (ordinal index 0).
[[ `hostname` =~ -([0-9]+)$ ]] || exit 1
ordinal=${BASH_REMATCH[1]}
[[ $ordinal -eq 0 ]] && exit 0 #如果最后一位是0,判断为master则退出clone
# Clone data from previous peer.
#从上一个pod执行clone(binlog),xbstream解压缩
ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql
# Prepare the backup.
#xtrabackup恢复binlog
xtrabackup --prepare --target-dir=/var/lib/mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
subPath: mysql
- name: conf
mountPath: /etc/mysql/conf.d
containers:
- name: mysql #业务容器1(mysql主容器)
image: K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36
env:
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "1"
ports:
- name: mysql
containerPort: 3306
volumeMounts:
- name: data #挂载数据目录至/var/lib/mysql
mountPath: /var/lib/mysql
subPath: mysql
- name: conf #配置文件/etc/mysql/conf.d
mountPath: /etc/mysql/conf.d
resources: #资源限制
requests:
cpu: 500m
memory: 1Gi
livenessProbe: #存活探针
exec:
command: ["mysqladmin", "ping"]
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
readinessProbe: #就绪探针
exec:
# Check we can execute queries over TCP (skip-networking is off).
command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
initialDelaySeconds: 5
periodSeconds: 2
timeoutSeconds: 1
- name: xtrabackup #业务容器2(xtrabackup),用于后期同步master的binlog并恢复数据
image: K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0
ports:
- name: xtrabackup
containerPort: 3307
command:
- bash
- "-c"
- |
set -ex
cd /var/lib/mysql
# Determine binlog position of cloned data, if any.
if [[ -f xtrabackup_slave_info ]]; then
# XtraBackup already generated a partial "CHANGE MASTER TO" query
# because we're cloning from an existing slave.
mv xtrabackup_slave_info change_master_to.sql.in
# Ignore xtrabackup_binlog_info in this case (it's useless).
rm -f xtrabackup_binlog_info
elif [[ -f xtrabackup_binlog_info ]]; then
# We're cloning directly from master. Parse binlog position.
[[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1
rm xtrabackup_binlog_info
echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\
MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in #生成CHANGE MASTER命令
fi
# Check if we need to complete a clone by starting replication.
if [[ -f change_master_to.sql.in ]]; then
echo "Waiting for mysqld to be ready (accepting connections)"
until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done
echo "Initializing replication from clone position"
# In case of container restart, attempt this at-most-once.
mv change_master_to.sql.in change_master_to.sql.orig
#执行CHANGE MASTER操作并启动SLAVE
mysql -h 127.0.0.1 <<EOF
$(<change_master_to.sql.orig),
MASTER_HOST='mysql-0.mysql',
MASTER_USER='root',
MASTER_PASSWORD='',
MASTER_CONNECT_RETRY=10;
START SLAVE;
EOF
fi
# Start a server to send backups when requested by peers.
#监听3307端口,用于下一个pod同步全量数据
exec ncat --listen --keep-open --send-only --max-cnotallow=1 3307 -c \
"xtrabackup --backup --slave-info --stream=xbstream --host=127.0.0.1 --user=root"
volumeMounts:
- name: data
mountPath: /var/lib/mysql
subPath: mysql
- name: conf
mountPath: /etc/mysql/conf.d
resources:
requests:
cpu: 100m
memory: 100Mi
volumes:
- name: conf
emptyDir: {}
- name: config-map
configMap:
name: mysql
volumeClaimTemplates: #根据pv生成pvc
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
[root@K8s-ansible mysql]#kubectl apply -f mysql-statefulset.yaml
statefulset.apps/mysql created
[root@K8s-ansible mysql]#kubectl get pod -n mooreyxia
NAME READY STATUS RESTARTS AGE
mysql-0 2/2 Running 0 14m
mysql-1 2/2 Running 0 13m
mysql-2 2/2 Running 0 11m
#确认pod建立没有错误
[root@K8s-ansible mysql]#kubectl describe pod mysql-0 -n mooreyxia
[root@K8s-ansible mysql]#kubectl logs mysql-0 -n mooreyxia
#数据同步验证,生产一定要做,详细的mysql集群搭建验参考我的mysql专题博客
[root@K8s-ansible mysql]#kubectl exec -it mysql-0 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-0:/# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 241
Server version: 5.7.36-log MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database mooreyxia;
Query OK, 1 row affected (0.08 sec)
mysql> show databases;
+------------------------+
| Database |
+------------------------+
| information_schema |
| mooreyxia |
| mysql |
| performance_schema |
| sys |
| xtrabackup_backupfiles |
+------------------------+
6 rows in set (0.02 sec)
mysql> exit
Bye
root@mysql-0:/# exit
exit
[root@K8s-ansible mysql]#kubectl exec -it mysql-1 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-1:/# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 274
Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+------------------------+
| Database |
+------------------------+
| information_schema |
| mooreyxia |
| mysql |
| performance_schema |
| sys |
| xtrabackup_backupfiles |
+------------------------+
6 rows in set (0.09 sec)
mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: mysql-0.mysql
Master_User: root
Master_Port: 3306
Connect_Retry: 10
Master_Log_File: mysql-0-bin.000004
Read_Master_Log_Pos: 328
Relay_Log_File: mysql-1-relay-bin.000005
Relay_Log_Pos: 545
Relay_Master_Log_File: mysql-0-bin.000004
Slave_IO_Running: Yes #两个线程确认同步开启
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 328
Relay_Log_Space: 922
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 100
Master_UUID: f9a4d535-d906-11ed-9063-2edace016355
Master_Info_File: /var/lib/mysql/master.info
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
Master_Retry_Count: 86400
Master_Bind:
Last_IO_Error_Timestamp:
Last_SQL_Error_Timestamp:
Master_SSL_Crl:
Master_SSL_Crlpath:
Retrieved_Gtid_Set:
Executed_Gtid_Set:
Auto_Position: 0
Replicate_Rewrite_DB:
Channel_Name:
Master_TLS_Version:
1 row in set (0.00 sec)
ERROR:
No query specified
Jenkins业务容器化案例
Jenkins属于JAVA应用,基于java命令,运⾏java war包或jar包,本次以jenkins.war 包部署⽅式为例,且要求jenkins的数据保存⾄外部存储(NFS或者PVC),其他java应⽤看实际需求是否需要将数据保存⾄外部存储。
Jenkins的各种使用方式请参考Jenkins的专题博客,这里只做容器化演示。
架构及部署
- 架构
- 部署
- 构建Jenkins镜像
#下载Jenkins服务的源码war包
[root@K8s-ansible ~]#cd /usr/local/src/
[root@K8s-ansible src]#wget http://mirrors.ustc.edu.cn/jenkins/war-stable/2.319.2/jenkins.war
#创建镜像使用的文件
[root@K8s-ansible jenkins]#chmod a+x *.sh
[root@K8s-ansible jenkins]#ll
total 70576
drwxr-xr-x 2 root root 4096 Apr 12 10:54 ./
drwxr-xr-x 11 root root 4096 Apr 9 02:59 ../
-rw-r--r-- 1 root root 256 Apr 12 10:49 Dockerfile
-rwxr-xr-x 1 root root 234 Apr 12 10:54 build-command.sh*
-rw-r--r-- 1 root root 72248203 Apr 9 02:59 jenkins-2.319.2.war
-rwxr-xr-x 1 root root 144 Apr 9 02:59 run_jenkins.sh*
#创建运行服务脚本
[root@K8s-ansible jenkins]#cat run_jenkins.sh
#!/bin/bash
cd /apps/jenkins && java -server -Xms1024m -Xmx1024m -Xss512k -jar jenkins.war --webroot=/apps/jenkins/jenkins-data --httpPort=8080
#创建Dockerfile进行自动化镜像构建
[root@K8s-ansible jenkins]#vim Dockerfile
[root@K8s-ansible jenkins]#cat Dockerfile
#Jenkins Version 2.190.1
FROM K8s-harbor01.mooreyxia.com/pub-images/jdk-base:v8.212
MAINTAINER mooreyxia "[email protected]"
ADD jenkins-2.319.2.war /apps/jenkins/jenkins.war
ADD run_jenkins.sh /usr/bin/
EXPOSE 8080
CMD ["/usr/bin/run_jenkins.sh"]
#构建镜像
[root@K8s-ansible jenkins]#vim build-command.sh
[root@K8s-ansible jenkins]#cat build-command.sh
#!/bin/bash
docker build -t K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2 .
echo "镜像制作完成,即将上传至Harbor服务器"
sleep 1
docker push K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
echo "镜像上传完成"
[root@K8s-ansible jenkins]#bash build-command.sh
Sending build context to Docker daemon 72.25MB
Step 1/6 : FROM K8s-harbor01.mooreyxia.com/pub-images/jdk-base:v8.212
---> 3f4cebe39805
Step 2/6 : MAINTAINER mooreyxia "[email protected]"
---> Running in 730b8fffd3e2
Removing intermediate container 730b8fffd3e2
---> 0d0c12b60869
Step 3/6 : ADD jenkins-2.319.2.war /apps/jenkins/jenkins.war
---> 2b064998837f
Step 4/6 : ADD run_jenkins.sh /usr/bin/
---> d5e84b34be02
Step 5/6 : EXPOSE 8080
---> Running in 824d64598628
Removing intermediate container 824d64598628
---> 0c5de63593b6
Step 6/6 : CMD ["/usr/bin/run_jenkins.sh"]
---> Running in 1584ddbc2664
Removing intermediate container 1584ddbc2664
---> d5354386552f
Successfully built d5354386552f
Successfully tagged K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
镜像制作完成,即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/jenkins]
eebaa2c2936e: Pushed
97c642fde0cc: Pushed
72519bae3e48: Mounted from demo/tomcat-app1
f4ab7af29087: Mounted from demo/tomcat-app1
e183bde7d2a2: Mounted from demo/tomcat-app1
3e6fa9b75f89: Mounted from demo/redis
cf71274b159a: Mounted from demo/redis
174f56854903: Mounted from demo/redis
v2.319.2: digest: sha256:7fadaff08a2c213d047621400c814b3e0f5beec62f2ef5110e529ac61dad3402 size: 2001
镜像上传完成
- 验证Jenkins镜像
[root@K8s-ansible jenkins]#docker run -it --rm -p 8088:8080 K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
Running from: /apps/jenkins/jenkins.war
2023-04-12 11:30:00.103+0000 [id=1] INFO org.eclipse.jetty.util.log.Log#initialized: Logging initialized @2181ms to org.eclipse.jetty.util.log.JavaUtilLog
2023-04-12 11:30:00.847+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file
2023-04-12 11:30:03.295+0000 [id=1] WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath
2023-04-12 11:30:03.434+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: jetty-9.4.43.v20210629; built: 2021-06-30T11:07:22.254Z; git: 526006ecfa3af7f1a27ef3a288e2bef7ea9dd7e8; jvm 1.8.0_212-b10
2023-04-12 11:30:04.480+0000 [id=1] INFO o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2023-04-12 11:30:04.665+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: DefaultSessionIdManager workerName=node0
2023-04-12 11:30:04.666+0000 [id=1] INFO o.e.j.s.s.DefaultSessionIdManager#doStart: No SessionScavenger set, using defaults
2023-04-12 11:30:04.669+0000 [id=1] INFO o.e.j.server.session.HouseKeeper#startScavenging: node0 Scavenging every 660000ms
2023-04-12 11:30:08.361+0000 [id=1] INFO hudson.WebAppMain#contextInitialized: Jenkins home directory: /root/.jenkins found at: $user.home/.jenkins
2023-04-12 11:30:10.452+0000 [id=1] INFO o.e.j.s.handler.ContextHandler#doStart: Started w.@6c451c9c{Jenkins v2.319.2,/,file:///apps/jenkins/jenkins-data/,AVAILABLE}{/apps/jenkins/jenkins-data}
2023-04-12 11:30:10.540+0000 [id=1] INFO o.e.j.server.AbstractConnector#doStart: Started ServerConnector@78452606{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2023-04-12 11:30:10.541+0000 [id=1] INFO org.eclipse.jetty.server.Server#doStart: Started @12620ms
2023-04-12 11:30:10.543+0000 [id=21] INFO winstone.Logger#logInternal: Winstone Servlet Engine running: cnotallow=disabled
2023-04-12 11:30:13.001+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Started initialization
2023-04-12 11:30:13.042+0000 [id=28] INFO jenkins.InitReactorRunner$1#onAttained: Listed all plugins
2023-04-12 11:30:14.767+0000 [id=26] INFO jenkins.InitReactorRunner$1#onAttained: Prepared all plugins
2023-04-12 11:30:14.773+0000 [id=26] INFO jenkins.InitReactorRunner$1#onAttained: Started all plugins
2023-04-12 11:30:14.791+0000 [id=26] INFO jenkins.InitReactorRunner$1#onAttained: Augmented all extensions
2023-04-12 11:30:16.226+0000 [id=27] INFO jenkins.InitReactorRunner$1#onAttained: System config loaded
2023-04-12 11:30:16.227+0000 [id=27] INFO jenkins.InitReactorRunner$1#onAttained: System config adapted
2023-04-12 11:30:16.228+0000 [id=27] INFO jenkins.InitReactorRunner$1#onAttained: Loaded all jobs
2023-04-12 11:30:16.229+0000 [id=27] INFO jenkins.InitReactorRunner$1#onAttained: Configuration for all jobs updated
2023-04-12 11:30:16.323+0000 [id=42] INFO hudson.model.AsyncPeriodicWork#lambda$doRun$1: Started Download metadata
2023-04-12 11:30:16.349+0000 [id=42] INFO hudson.util.Retrier#start: Attempt #1 to do the action check updates server
2023-04-12 11:30:17.277+0000 [id=26] INFO jenkins.install.SetupWizard#init:
*************************************************************
*************************************************************
*************************************************************
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
3db55bca24974cc5b96dd40f0b3dfa03
This may also be found at: /root/.jenkins/secrets/initialAdminPassword
*************************************************************
*************************************************************
*************************************************************
- 创建PV/PVC - 这里使用静态存储
需要两个PVC,⼀个保存jenkins的数据,⼀个保存.jenkins的数据。
#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -pv /data/k8sdata/mooreyxia/jenkins-{data,root-data}
[root@K8s-haproxy01 ~]#vim /etc/exports
[root@K8s-haproxy01 ~]#cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exporting *:/data/volumes
exporting *:/data/k8sdata
#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *
#创建pv
[root@K8s-ansible jenkins]#vim pv/jenkins-persistentvolume.yaml
[root@K8s-ansible jenkins]#cat pv/jenkins-persistentvolume.yaml
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-datadir-pv
namespace: mooreyxia
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
nfs:
server: 192.168.11.203
path: /data/k8sdata/mooreyxia/jenkins-data
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-root-datadir-pv
namespace: mooreyxia
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
nfs:
server: 192.168.11.203
path: /data/k8sdata/mooreyxia/jenkins-root-data
[root@K8s-ansible jenkins]#kubectl apply -f pv/jenkins-persistentvolume.yaml
persistentvolume/jenkins-datadir-pv created
persistentvolume/jenkins-root-datadir-pv created
#确认pv可用
#创建pvc
[root@K8s-ansible jenkins]#vim pv/jenkins-persistentvolumeclaim.yaml
[root@K8s-ansible jenkins]#cat pv/jenkins-persistentvolumeclaim.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-datadir-pvc
namespace: mooreyxia
spec:
volumeName: jenkins-datadir-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 80Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-root-data-pvc
namespace: mooreyxia
spec:
volumeName: jenkins-root-datadir-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 80Gi
[root@K8s-ansible jenkins]#kubectl apply -f pv/jenkins-persistentvolumeclaim.yaml
persistentvolumeclaim/jenkins-datadir-pvc created
persistentvolumeclaim/jenkins-root-data-pvc created
#确认pv绑定到对应pvc
- 创建Jenkins服务并运行
[root@K8s-ansible jenkins]#cat jenkins.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: mooreyxia-jenkins
name: mooreyxia-jenkins-deployment
namespace: mooreyxia
spec:
replicas: 1
selector:
matchLabels:
app: mooreyxia-jenkins
template:
metadata:
labels:
app: mooreyxia-jenkins
spec:
containers:
- name: mooreyxia-jenkins-container
image: K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
name: http
volumeMounts:
- mountPath: "/apps/jenkins/jenkins-data/"
name: jenkins-datadir-mooreyxia
- mountPath: "/root/.jenkins"
name: jenkins-root-datadir
volumes:
- name: jenkins-datadir-mooreyxia
persistentVolumeClaim:
claimName: jenkins-datadir-pvc
- name: jenkins-root-datadir
persistentVolumeClaim:
claimName: jenkins-root-data-pvc
---
kind: Service
apiVersion: v1
metadata:
labels:
app: mooreyxia-jenkins
name: mooreyxia-jenkins-service
namespace: mooreyxia
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
nodePort: 31080
selector:
app: mooreyxia-jenkins
[root@K8s-ansible jenkins]#kubectl apply -f jenkins.yaml
deployment.apps/mooreyxia-jenkins-deployment unchanged
service/mooreyxia-jenkins-service created
#确认pod创建没有错误
[root@K8s-ansible jenkins]#kubectl get pod -n mooreyxia
NAME READY STATUS RESTARTS AGE
mooreyxia-jenkins-deployment-6c947cff7f-g2g6p 1/1 Running 0 13s
[root@K8s-ansible jenkins]#kubectl describe pod mooreyxia-jenkins-deployment-6c947cff7f-g2g6p -n mooreyxia
Name: mooreyxia-jenkins-deployment-6c947cff7f-g2g6p
Namespace: mooreyxia
Priority: 0
Service Account: default
Node: 192.168.11.215/192.168.11.215
Start Time: Wed, 12 Apr 2023 11:31:39 +0000
Labels: app=mooreyxia-jenkins
pod-template-hash=6c947cff7f
Annotations: <none>
Status: Running
IP: 10.200.67.52
IPs:
IP: 10.200.67.52
Controlled By: ReplicaSet/mooreyxia-jenkins-deployment-6c947cff7f
Containers:
mooreyxia-jenkins-container:
Container ID: containerd://94e22799befed74efb2e17d55496728fd0dbf053d10878d7af25b3ed9727d023
Image: K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
Image ID: K8s-harbor01.mooreyxia.com/demo/jenkins@sha256:5fc1d194d30777f437c77fa9828993587ad010538139eb1aee710d4e4abfc3da
Port: 8080/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 12 Apr 2023 11:31:47 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/apps/jenkins/jenkins-data/ from jenkins-datadir-mooreyxia (rw)
/root/.jenkins from jenkins-root-datadir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pw5bw (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
jenkins-datadir-mooreyxia:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: jenkins-datadir-pvc
ReadOnly: false
jenkins-root-datadir:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: jenkins-root-data-pvc
ReadOnly: false
kube-api-access-pw5bw:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 57s default-scheduler Successfully assigned mooreyxia/mooreyxia-jenkins-deployment-6c947cff7f-g2g6p to 192.168.11.215
Normal Pulling 55s kubelet Pulling image "K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2"
Normal Pulled 51s kubelet Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2" in 4.745230857s (4.745266429s including waiting)
Normal Created 51s kubelet Created container mooreyxia-jenkins-container
Normal Started 50s kubelet Started container mooreyxia-jenkins-container
#确认日志并找出初始化密码
- 验证web访问jenkins
- 创建一个任务
- 确认数据持久化
[root@K8s-haproxy01 jenkins-root-data]#ll /data/k8sdata/mooreyxia/jenkins*
/data/k8sdata/mooreyxia/jenkins-data:
total 3356
drwxr-xr-x 11 root root 4096 Apr 12 12:14 ./
drwxr-xr-x 22 root root 4096 Apr 12 11:04 ../
-rw-r--r-- 1 root root 0 Apr 9 02:59 .timestamp
-rw-r--r-- 1 root root 1944 Apr 12 12:14 ColorFormatter.class
-rw-r--r-- 1 root root 1617 Apr 12 12:14 JNLPMain.class
-rw-r--r-- 1 root root 636 Apr 12 12:14 'LogFileOutputStream$1.class'
-rw-r--r-- 1 root root 2948 Apr 12 12:14 LogFileOutputStream.class
drwxr-xr-x 3 root root 4096 Apr 12 12:13 META-INF/
-rw-r--r-- 1 root root 512 Apr 12 12:13 'Main$FileAndDescription.class'
-rw-r--r-- 1 root root 19670 Apr 12 12:13 Main.class
-rw-r--r-- 1 root root 3756 Apr 12 12:14 MainDialog.class
drwxr-xr-x 6 root root 4096 Apr 12 12:14 WEB-INF/
drwxr-xr-x 3 root root 4096 Apr 12 12:14 bootstrap/
drwxr-xr-x 5 root root 4096 Apr 12 12:14 css/
drwxr-xr-x 2 root root 4096 Apr 12 12:14 executable/
-rw-r--r-- 1 root root 17542 Apr 12 12:14 favicon.ico
drwxr-xr-x 12 root root 4096 Apr 12 12:13 help/
drwxr-xr-x 9 root root 4096 Apr 12 12:14 images/
drwxr-xr-x 3 root root 4096 Apr 12 12:14 jsbundles/
-rw-r--r-- 1 root root 71 Apr 12 12:14 robots.txt
drwxr-xr-x 3 root root 4096 Apr 12 12:14 scripts/
-rw-r--r-- 1 root root 3319617 Apr 12 12:13 winstone.jar
/data/k8sdata/mooreyxia/jenkins-root-data:
total 60
drwxr-xr-x 8 root root 4096 Apr 12 12:14 ./
drwxr-xr-x 22 root root 4096 Apr 12 11:04 ../
-rw-r--r-- 1 root root 1656 Apr 12 12:14 config.xml
-rw-r--r-- 1 root root 29 Apr 12 12:14 failed-boot-attempts.txt
-rw-r--r-- 1 root root 156 Apr 12 12:14 hudson.model.UpdateCenter.xml
-rw------- 1 root root 1712 Apr 12 12:14 identity.key.enc
-rw-r--r-- 1 root root 171 Apr 12 12:14 jenkins.telemetry.Correlator.xml
drwxr-xr-x 2 root root 4096 Apr 12 12:14 jobs/
-rw-r--r-- 1 root root 907 Apr 12 12:14 nodeMonitors.xml
drwxr-xr-x 2 root root 4096 Apr 12 12:14 nodes/
drwxr-xr-x 2 root root 4096 Apr 12 12:14 plugins/
-rw-r--r-- 1 root root 64 Apr 12 12:14 secret.key
-rw-r--r-- 1 root root 0 Apr 12 12:14 secret.key.not-so-secret
drwx------ 4 root root 4096 Apr 12 12:14 secrets/
drwxr-xr-x 2 root root 4096 Apr 12 12:14 userContent/
drwxr-xr-x 3 root root 4096 Apr 12 12:14 users/
单Pod多容器实现LNMP架构运行WordPress
LNMP案例之基于Nginx+PHP实现WordPress博客站点,要求Nginx+PHP运⾏在同⼀个Pod的不同容器,MySQL运⾏与default的namespace并可以通过service name增删改查数据库。
架构及部署
- 架构
- 部署
- 构建PHP镜像
#下载php基础镜像
[root@K8s-ansible ~]#
[root@K8s-ansible ~]#docker pull php:5.6.40-fpm
5.6.40-fpm: Pulling from library/php
5e6ec7f28fb7: Pull complete
cf165947b5b7: Pull complete
7bd37682846d: Pull complete
99daf8e838e1: Pull complete
f8628c9f032f: Pull complete
50ff925cdfa2: Pull complete
6ab76f312877: Pull complete
28ea94b4dd82: Pull complete
a6dbb35d45d2: Pull complete
98b901ec9e8d: Pull complete
Digest: sha256:4f070f1b7b93cc5ab364839b79a5b26f38d5f89461f7bc0cd4bab4a3ad7d67d7
Status: Downloaded newer image for php:5.6.40-fpm
docker.io/library/php:5.6.40-fpm
[root@K8s-ansible ~]#docker tag php:5.6.40-fpm K8s-harbor01.mooreyxia.com/baseimages/php:5.6.40-fpm
[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/php:5.6.40-fpm
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/php]
bf97b47da88d: Pushed
56d6009fbc8b: Pushed
b6d5993da6a4: Pushed
c9e57440aae2: Pushed
5e2afcdec12b: Pushed
6e4f2e72b0d9: Pushed
6eb3cfd4ad9e: Pushed
82bded2c3a7c: Pushed
b87a266e6a9c: Pushed
3c816b4ead84: Pushed
5.6.40-fpm: digest: sha256:7cfd6ccb875ff314b2c672b62aa3169fe79d54bf3422b7b0017955b3457ca1a7 size: 2410
#⾃制PHP镜像
[root@K8s-ansible php]#chmod a+x *.sh
[root@K8s-ansible php]#tree .
.
├── Dockerfile
├── build-command.sh
├── run_php.sh
└── www.conf
0 directories, 4 files
#php配置
[root@K8s-ansible php]#grep -Ev "^ *;|^$" www.conf
[www]
user = nginx
group = nginx
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /opt/remi/php56/root/var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /opt/remi/php56/root/var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /opt/remi/php56/root/var/lib/php/session
php_value[soap.wsdl_cache_dir] = /opt/remi/php56/root/var/lib/php/wsdlcache
#运行php服务并做守护进程
[root@K8s-ansible php]#vim run_php.sh
[root@K8s-ansible php]#cat run_php.sh
#!/bin/bash
/opt/remi/php56/root/usr/sbin/php-fpm
tail -f /etc/hosts
#Dockerfile
[root@K8s-ansible php]#vim Dockerfile
[root@K8s-ansible php]#cat Dockerfile
#PHP Base Image
FROM K8s-harbor01.mooreyxia.com/baseimages/centos-base:7.9.2009
MAINTAINER mooreyxia "[email protected]"
RUN yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm && yum install php56-php-fpm php56-php-mysql -y
ADD www.conf /opt/remi/php56/root/etc/php-fpm.d/www.conf
ADD run_php.sh /usr/local/bin/run_php.sh
EXPOSE 9000
CMD ["/usr/local/bin/run_php.sh"]
#构建镜像
[root@K8s-ansible php]#vim build-command.sh
[root@K8s-ansible php]#cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:${TAG} .
echo "镜像制作完成,即将上传至Harbor服务器"
sleep 1
docker push K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:${TAG}
echo "镜像上传完成"
[root@K8s-ansible php]#bash build-command.sh v1
...
Successfully built 1c6f46c71781
Successfully tagged K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
镜像制作完成,即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6]
8a163d8301cd: Pushed
162b8d58096a: Pushed
78eaba0e95e6: Pushed
3e6fa9b75f89: Mounted from demo/wordpress-nginx
cf71274b159a: Mounted from demo/wordpress-nginx
174f56854903: Mounted from demo/wordpress-nginx
v1: digest: sha256:ac21be587d0471c2436447d9317d709eb49aae254c741be24c4bb712f4fec18f size: 1582
镜像上传完成
- 构建Nginx-wordpress基础镜像
[root@K8s-ansible nginx-base-wordpress]#chmod a+x *.sh
[root@K8s-ansible nginx-base-wordpress]#tree .
.
├── Dockerfile
├── build-command.sh
└── nginx-1.20.2.tar.gz
0 directories, 4 files
#Dockerfile
[root@K8s-ansible nginx-base-wordpress]#cat Dockerfile
#Nginx Base Image
FROM K8s-harbor01.mooreyxia.com/baseimages/centos-base:7.9.2009
MAINTAINER mooreyxia "[email protected]"
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.20.2.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.20.2 && ./configure --prefix=/apps/nginx && make && make install && ln -sv /apps/nginx/sbin/nginx /usr/sbin/nginx &&rm -rf /usr/local/src/nginx-1.20.2.tar.gz
#构建
[root@K8s-ansible nginx-base-wordpress]#cat build-command.sh
#!/bin/bash
docker build -t K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2 .
sleep 1
docker push K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
[root@K8s-ansible nginx-base-wordpress]#bash build-command.sh
...
Successfully built 0949b7d3be52
Successfully tagged K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
The push refers to repository [K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress]
4a9512f2e353: Pushed
08a188973746: Pushed
3736b6ab6d21: Pushed
3e6fa9b75f89: Mounted from pub-images/nginx-base
cf71274b159a: Mounted from pub-images/nginx-base
174f56854903: Mounted from pub-images/nginx-base
v1.20.2: digest: sha256:1d4c51a480457f5215ed1842543cc39d1eadc3b57bca647e994d2b139f37892b size: 1588
- 构建wordpress镜像
[root@K8s-ansible nginx]#chmod a+x *.sh
[root@K8s-ansible nginx]#tree .
.
├── Dockerfile
├── build-command.sh
├── index.html
├── nginx.conf
└── run_nginx.sh
0 directories, 5 files
#准备nginx配置
[root@K8s-ansible nginx]#grep -Ev "^ *#|^$" nginx.conf
user nginx nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 10M;
client_body_buffer_size 16k;
client_body_temp_path /apps/nginx/tmp 1 2 2;
gzip on;
server {
listen 80;
server_name blogs.magedu.net;
location / {
root /home/nginx/wordpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /home/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
#运行nginx,并做守护进程
[root@K8s-ansible nginx]#vim run_nginx.sh
[root@K8s-ansible nginx]#cat run_nginx.sh
#!/bin/bash
/apps/nginx/sbin/nginx
tail -f /etc/hosts
#Dockerfile
[root@K8s-ansible nginx]#vim Dockerfile
[root@K8s-ansible nginx]#cat Dockerfile
FROM K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
ADD nginx.conf /apps/nginx/conf/nginx.conf
ADD run_nginx.sh /apps/nginx/sbin/run_nginx.sh
RUN mkdir -pv /home/nginx/wordpress
RUN chown nginx.nginx /home/nginx/wordpress/ -R
EXPOSE 80 443
CMD ["/apps/nginx/sbin/run_nginx.sh"]
#构建镜像
[root@K8s-ansible nginx]#cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:${TAG} .
echo "镜像制作完成,即将上传至Harbor服务器"
sleep 1
docker push K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:${TAG}
echo "镜像上传完成"
[root@K8s-ansible nginx]#bash build-command.sh v1
Sending build context to Docker daemon 9.216kB
Step 1/7 : FROM K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
---> 0949b7d3be52
Step 2/7 : ADD nginx.conf /apps/nginx/conf/nginx.conf
---> 415bb198319e
Step 3/7 : ADD run_nginx.sh /apps/nginx/sbin/run_nginx.sh
---> a3f581bfb743
Step 4/7 : RUN mkdir -pv /home/nginx/wordpress
---> Running in ff5e082dacd1
mkdir: created directory '/home/nginx/wordpress'
Removing intermediate container ff5e082dacd1
---> da1d83dafe4a
Step 5/7 : RUN chown nginx.nginx /home/nginx/wordpress/ -R
---> Running in 0adda03fff26
Removing intermediate container 0adda03fff26
---> 1453bcd9f641
Step 6/7 : EXPOSE 80 443
---> Running in 0298853f2207
Removing intermediate container 0298853f2207
---> e345abfd5ca7
Step 7/7 : CMD ["/apps/nginx/sbin/run_nginx.sh"]
---> Running in 37bdde1017c4
Removing intermediate container 37bdde1017c4
---> 72b54d5c1a9f
Successfully built 72b54d5c1a9f
Successfully tagged K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1
镜像制作完成,即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/wordpress-nginx]
a21497ba143a: Pushed
c480e4dd5938: Pushed
4d685ac681e0: Pushed
52ead525925c: Pushed
4a9512f2e353: Mounted from pub-images/nginx-base-wordpress
08a188973746: Mounted from pub-images/nginx-base-wordpress
3736b6ab6d21: Mounted from pub-images/nginx-base-wordpress
3e6fa9b75f89: Mounted from demo/jenkins
cf71274b159a: Mounted from demo/jenkins
174f56854903: Mounted from demo/jenkins
v1: digest: sha256:ac39a0019765228ca48e97a182c85fdfde626dc0ca82971aafdc8c90ff5d0ae7 size: 2417
镜像上传完成
- 创建WordPress-Pod站点
#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -p /data/k8sdata/mooreyxia/wordpress
[root@K8s-haproxy01 ~]#vim /etc/exports
[root@K8s-haproxy01 ~]#cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x
exporting *:/data/volumes
exporting *:/data/k8sdata
#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *
#创建WordPress-Pod
[root@K8s-ansible wordpress]#cat wordpress.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wordpress-app
name: wordpress-app-deployment
namespace: mooreyxia
spec:
replicas: 1
selector:
matchLabels:
app: wordpress-app
template:
metadata:
labels:
app: wordpress-app
spec:
containers:
- name: wordpress-app-nginx
image: K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
- containerPort: 443
protocol: TCP
name: https
volumeMounts:
- name: wordpress
mountPath: /home/nginx/wordpress
readOnly: false
- name: wordpress-app-php
image: K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
ports:
- containerPort: 9000
protocol: TCP
name: http
volumeMounts:
- name: wordpress
mountPath: /home/nginx/wordpress
readOnly: false
volumes:
- name: wordpress
nfs:
server: 192.168.11.203
path: /data/k8sdata/mooreyxia/wordpress
---
kind: Service
apiVersion: v1
metadata:
labels:
app: wordpress-app
name: wordpress-app-spec
namespace: mooreyxia
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30031
- name: https
port: 443
protocol: TCP
targetPort: 443
nodePort: 30033
selector:
app: wordpress-app
[root@K8s-ansible wordpress]#kubectl apply -f wordpress.yaml
deployment.apps/wordpress-app-deployment created
service/wordpress-app-spec created
#确认pod运行
#describe
[root@K8s-ansible wordpress]#kubectl describe pod wordpress-app-deployment-598fd848b4-sc8r6 -n mooreyxia
Name: wordpress-app-deployment-598fd848b4-sc8r6
Namespace: mooreyxia
Priority: 0
Service Account: default
Node: 192.168.11.215/192.168.11.215
Start Time: Wed, 12 Apr 2023 14:04:52 +0000
Labels: app=wordpress-app
pod-template-hash=598fd848b4
Annotations: <none>
Status: Running
IP: 10.200.67.57
IPs:
IP: 10.200.67.57
Controlled By: ReplicaSet/wordpress-app-deployment-598fd848b4
Containers:
wordpress-app-nginx:
Container ID: containerd://642521777959607629426dedd2a2b0031adb5382cbac3b23f2be4fb483760e08
Image: K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1
Image ID: K8s-harbor01.mooreyxia.com/demo/wordpress-nginx@sha256:ac39a0019765228ca48e97a182c85fdfde626dc0ca82971aafdc8c90ff5d0ae7
Ports: 80/TCP, 443/TCP
Host Ports: 0/TCP, 0/TCP
State: Running
Started: Wed, 12 Apr 2023 14:05:07 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/home/nginx/wordpress from wordpress (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kqbcc (ro)
wordpress-app-php:
Container ID: containerd://97a450bcf53a91d3f15d4b3934102db0e377ddb6176b7f7159abaf09ea2708d3
Image: K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
Image ID: K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6@sha256:ac21be587d0471c2436447d9317d709eb49aae254c741be24c4bb712f4fec18f
Port: 9000/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 12 Apr 2023 14:05:19 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/home/nginx/wordpress from wordpress (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kqbcc (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
wordpress:
Type: NFS (an NFS mount that lasts the lifetime of a pod)
Server: 192.168.11.203
Path: /data/k8sdata/mooreyxia/wordpress
ReadOnly: false
kube-api-access-kqbcc:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m9s default-scheduler Successfully assigned mooreyxia/wordpress-app-deployment-598fd848b4-sc8r6 to 192.168.11.215
Normal Pulling 3m9s kubelet Pulling image "K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1"
Normal Pulled 2m56s kubelet Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1" in 12.999044642s (12.999118117s including waiting)
Normal Created 2m55s kubelet Created container wordpress-app-nginx
Normal Started 2m55s kubelet Started container wordpress-app-nginx
Normal Pulling 2m55s kubelet Pulling image "K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1"
Normal Pulled 2m43s kubelet Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1" in 11.880760933s (11.880781672s including waiting)
Normal Created 2m43s kubelet Created container wordpress-app-php
Normal Started 2m43s kubelet Started container wordpress-app-php
#查看log
[root@K8s-ansible wordpress]#kubectl logs wordpress-app-deployment-598fd848b4-sc8r6 -n mooreyxia
Defaulted container "wordpress-app-nginx" out of: wordpress-app-nginx, wordpress-app-php
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.200.67.57 wordpress-app-deployment-598fd848b4-sc8r6
tail: /etc/hosts: file truncated
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.200.67.57 wordpress-app-deployment-598fd848b4-sc8r6
- 验证WordPress-Pod站点
#在存储目录创建PHP测试⻚
[root@K8s-haproxy01 ~]#cd /data/k8sdata/mooreyxia/wordpress
[root@K8s-haproxy01 wordpress]#vim test.php
[root@K8s-haproxy01 wordpress]#cat test.php
<?php
phpinfo();
?>
#测试访问
- 下载WordPress代码到存储设备
[root@K8s-haproxy01 wordpress]#pwd
/data/k8sdata/mooreyxia/wordpress
[root@K8s-haproxy01 wordpress]#wget https://cn.wordpress.org/latest-zh_CN.tar.gz
--2023-04-12 14:36:00-- https://cn.wordpress.org/latest-zh_CN.tar.gz
Resolving cn.wordpress.org (cn.wordpress.org)... 198.143.164.252
Connecting to cn.wordpress.org (cn.wordpress.org)|198.143.164.252|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 23763585 (23M) [application/octet-stream]
Saving to: ‘latest-zh_CN.tar.gz’
latest-zh_CN.tar.gz 100%[=============================================================================================>] 22.66M 929KB/s in 20s
2023-04-12 14:36:20 (1.16 MB/s) - ‘latest-zh_CN.tar.gz’ saved [23763585/23763585]
#解压并将项目文件移入当前目录
[root@K8s-haproxy01 wordpress]#tar xvf latest-zh_CN.tar.gz
[root@K8s-haproxy01 wordpress]#ll
total 23220
drwxr-xr-x 3 root root 4096 Apr 12 14:38 ./
drwxr-xr-x 23 root root 4096 Apr 12 13:28 ../
-rw-r--r-- 1 root root 23763585 Mar 29 19:04 latest-zh_CN.tar.gz
drwxr-xr-x 5 1006 1006 4096 Mar 29 19:02 wordpress/
[root@K8s-haproxy01 wordpress]#mv wordpress/* .
[root@K8s-haproxy01 wordpress]#mv latest-zh_CN.tar.gz /tmp/
[root@K8s-haproxy01 wordpress]#mv wordpress /tmp/
[root@K8s-haproxy01 wordpress]#ll
total 236
drwxr-xr-x 5 root root 4096 Apr 12 14:40 ./
drwxr-xr-x 23 root root 4096 Apr 12 13:28 ../
-rw-r--r-- 1 1006 1006 405 Feb 6 2020 index.php
-rw-r--r-- 1 1006 1006 19915 Mar 29 19:02 license.txt
-rw-r--r-- 1 1006 1006 7402 Mar 29 19:02 readme.html
-rw-r--r-- 1 1006 1006 7205 Sep 16 2022 wp-activate.php
drwxr-xr-x 9 1006 1006 4096 Mar 29 19:00 wp-admin/
-rw-r--r-- 1 1006 1006 351 Feb 6 2020 wp-blog-header.php
-rw-r--r-- 1 1006 1006 2338 Nov 9 2021 wp-comments-post.php
-rw-r--r-- 1 1006 1006 3013 Mar 29 19:02 wp-config-sample.php
drwxr-xr-x 5 1006 1006 4096 Mar 29 19:04 wp-content/
-rw-r--r-- 1 1006 1006 5536 Nov 23 15:43 wp-cron.php
drwxr-xr-x 28 1006 1006 12288 Mar 29 19:04 wp-includes/
-rw-r--r-- 1 1006 1006 2502 Nov 26 21:01 wp-links-opml.php
-rw-r--r-- 1 1006 1006 3792 Feb 23 10:38 wp-load.php
-rw-r--r-- 1 1006 1006 49330 Feb 23 10:38 wp-login.php
-rw-r--r-- 1 1006 1006 8541 Feb 3 13:35 wp-mail.php
-rw-r--r-- 1 1006 1006 24993 Mar 1 15:05 wp-settings.php
-rw-r--r-- 1 1006 1006 34350 Sep 17 2022 wp-signup.php
-rw-r--r-- 1 1006 1006 4889 Nov 23 15:43 wp-trackback.php
-rw-r--r-- 1 1006 1006 3238 Nov 29 15:51 xmlrpc.php
#更改属主属组 - 要和业务容器中运行服务的用户保持一致
[root@K8s-haproxy01 mooreyxia]#chown 2088.2088 wordpress/ -R
[root@K8s-haproxy01 mooreyxia]#ll wordpress
total 236
drwxr-xr-x 5 2088 2088 4096 Apr 12 14:40 ./
drwxr-xr-x 23 root root 4096 Apr 12 13:28 ../
-rw-r--r-- 1 2088 2088 405 Feb 6 2020 index.php
-rw-r--r-- 1 2088 2088 19915 Mar 29 19:02 license.txt
-rw-r--r-- 1 2088 2088 7402 Mar 29 19:02 readme.html
-rw-r--r-- 1 2088 2088 7205 Sep 16 2022 wp-activate.php
drwxr-xr-x 9 2088 2088 4096 Mar 29 19:00 wp-admin/
-rw-r--r-- 1 2088 2088 351 Feb 6 2020 wp-blog-header.php
-rw-r--r-- 1 2088 2088 2338 Nov 9 2021 wp-comments-post.php
-rw-r--r-- 1 2088 2088 3013 Mar 29 19:02 wp-config-sample.php
drwxr-xr-x 5 2088 2088 4096 Mar 29 19:04 wp-content/
-rw-r--r-- 1 2088 2088 5536 Nov 23 15:43 wp-cron.php
drwxr-xr-x 28 2088 2088 12288 Mar 29 19:04 wp-includes/
-rw-r--r-- 1 2088 2088 2502 Nov 26 21:01 wp-links-opml.php
-rw-r--r-- 1 2088 2088 3792 Feb 23 10:38 wp-load.php
-rw-r--r-- 1 2088 2088 49330 Feb 23 10:38 wp-login.php
-rw-r--r-- 1 2088 2088 8541 Feb 3 13:35 wp-mail.php
-rw-r--r-- 1 2088 2088 24993 Mar 1 15:05 wp-settings.php
-rw-r--r-- 1 2088 2088 34350 Sep 17 2022 wp-signup.php
-rw-r--r-- 1 2088 2088 4889 Nov 23 15:43 wp-trackback.php
-rw-r--r-- 1 2088 2088 3238 Nov 29 15:51 xmlrpc.php
-------------业务容器中运行服务的用户--------------------------
[root@K8s-ansible php]#kubectl exec -it wordpress-app-deployment-598fd848b4-sc8r6 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "wordpress-app-nginx" out of: wordpress-app-nginx, wordpress-app-php
[root@wordpress-app-deployment-598fd848b4-sc8r6 /]# id nginx
uid=2088(nginx) gid=2088(nginx) groups=2088(nginx) #存储设备上的文件属主属组要保持一致,否则会有权限问题
#测试访问WordPress站点 集群nodeIP:NodePort
http://192.168.11.211:30031/
- WordPress站点数据库创建
#使⽤k8s中运⾏的mysql服务,作为mysql服务器,创建WordPress数据库并做授权用户创建
[root@K8s-ansible wordpress]#kubectl exec -it mysql-0 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-0:/# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13176
Server version: 5.7.36-log MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.07 sec)
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"%" IDENTIFIED BY "wordpress";
Query OK, 0 rows affected, 1 warning (0.18 sec)
mysql>
#测试MySQL连接
root@mysql-0:/# mysql -uwordpress -hmysql-0.mysql -pwordpress
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13298
Server version: 5.7.36-log MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
- 初始化WordPress站点
- 站点访问需要做防火墙、负载均衡,这里不做赘述
注意:如果应用不在同一个namespace下,就用service全称通信,可实现跨namespace访问和解析
我是moore,大家一起加油!!!
累了,想休息了...写博客太累了....
标签:LNMP,jenkins,88,wordpress,mysql,mooreyxia,Jenkins,K8s,root From: https://blog.51cto.com/mooreyxia/6186367