88-云原生操作系统-Jenkins和LNMP架构业务容器化案例

标签：LNMP jenkins 88 wordpress mysql mooreyxia Jenkins K8s root

前提：基础镜像的构建请参考分层镜像构建并部署业务到Kubernetes集群生产案例

基于StatefulSet实现MySql业务容器化案例

Pod调度运⾏时，如果应⽤不需要任何稳定的标示、有序的部署、删除和扩展，则应该使⽤⼀组⽆状态副本的控制器StatefulSet来部署应⽤，例如 Deployment 或 ReplicaSet更适合⽆状态服务需求，⽽StatefulSet适合管理所有有状态的服务，⽐如MySQL、MongoDB集群等
⽆状态副本的控制器StatefulSet

StatefulSet本质上是Deployment的⼀种变体，在v1.9版本中已成为GA版本，它为了解决有状态服务的问题，它所管理的Pod拥有固定的Pod名称，启停顺序，在StatefulSet中，Pod名字称为⽹络标识(hostname)，还必须要⽤到共享存储。

在Deployment中，与之对应的服务是service，⽽在StatefulSet中与之对应的headless service，headless service，即⽆头服务，与service的区别就是它没有Cluster IP，解析它的名称时将返回该Headless Service对应的全部Pod的Endpoint列表。

StatefulSet的组成部分：
-> Headless Service：⽤来定义Pod⽹络标识( DNS domain)，指的是短的service(丢失了domainname)。
-> StatefulSet：定义具体应⽤，有多少个Pod副本，并为每个Pod定义了⼀个域名。
-> volumeClaimTemplates： 存储卷申请模板，创建PVC，指定pvc名称⼤⼩，将⾃动创建pvc，且pvc必须由存储类供应。

StatefulSet 特点：
-> 给每个pod分配固定且唯⼀的⽹络标识符
-> 给每个pod分配固定且持久化的外部存储
-> 对pod进⾏有序的部署和扩展
-> 对pod进有序的删除和终⽌
-> 对pod进有序的⾃动滚动更新

架构及部署

架构

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_WordPress

部署

基础镜像准备

https://github.com/docker-library/ #github 下载地址

#准备xtrabackup镜像
[root@K8s-ansible ~]#docker pull registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0
1.0: Pulling from hxpdocker/xtrabackup
1fad42e8a0d9: Pull complete 
dac06889328b: Pull complete 
90d87ab7dc00: Pull complete 
Digest: sha256:92ef9832ee300642529677b4c6f6707fc292e7c6a9a9a1940f346f753ac0fdeb
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0
registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0

[root@K8s-ansible ~]#docker tag registry.cn-hangzhou.aliyuncs.com/hxpdocker/xtrabackup:1.0 K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0

[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/xtrabackup]
f85c58969eb0: Pushed 
82d548d175dd: Pushed 
fe4c16cbf7a4: Pushed 
1.0: digest: sha256:39f106eb400e18dcb4bded651a7ab308b39c305578ce228ae35f3c76bc715510 size: 949

#准备mysql镜像
[root@K8s-ansible ~]#docker pull mysql:5.7.36
5.7: Pulling from library/mysql
e83e8f2e82cc: Pull complete 
0f23deb01b84: Pull complete 
f5bda3b184ea: Pull complete 
ed17edbc6604: Pull complete 
33a94a6acfa7: Pull complete 
3686cf92b89d: Pull complete 
f81535a6a8bf: Pull complete 
4bffb03ea5e2: Pull complete 
49348ef8dcaa: Pull complete 
509d665d0cf5: Pull complete 
adc919b937fd: Pull complete 
Digest: sha256:bf18020f32cc5d8f5e2add516d52fbf3afc3de431457076340e938596c528171
Status: Downloaded newer image for mysql:5.7.36
docker.io/library/mysql:5.7.36

[root@K8s-ansible ~]#docker tag mysql:5.7.36 K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36

[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/mysql]
2d7ad8ebf62c: Pushed 
8576e00c5982: Pushed 
cf46fba5eb1b: Pushed 
398fc42736e8: Pushed 
ffe7364b7815: Pushed 
3e72c01b85e8: Pushed 
e792fc7474b3: Pushed 
74a008e3042b: Pushed 
519cf9da0b88: Pushed 
963177f01181: Pushed 
e74a57638021: Pushed 
5.7: digest: sha256:47b0250a983e600ab247e6f25a4c99069d4cb637fd8dc6a11a43e83a83e9308c size: 2618

创建PV

pvc会⾃动基于PV创建，只需要有多个可⽤的PV即可，PV数量取决于计划启动多少个mysql pod，本次创建5个PV，也就是最多启动5个mysql pod。

*注意，一般创建存储类前确保没有旧的存储类storageclasses.storage存在，如果有需要清空或者换个环境

[root@K8s-ansible mysql]#tree .
.
├── mysql-configmap.yaml
├── mysql-services.yaml
├── mysql-statefulset.yaml
└── pv
    └── mysql-persistentvolume.yaml

1 directory, 4 files

#受限确保环境中动态存储卷生成的存储类没有残留，以免出错
[root@K8s-ansible mysql]#kubectl get storageclasses.storage.k8s.io -A
NAME                    PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
mooreyxia-nfs-storage   k8s-sigs.io/nfs-subdir-external-provisioner   Retain          Immediate           false                  7d2h
[root@K8s-ansible mysql]#kubectl delete storageclasses.storage.k8s.io mooreyxia-nfs-storage
storageclass.storage.k8s.io "mooreyxia-nfs-storage" deleted
[root@K8s-ansible mysql]#kubectl get storageclasses.storage.k8s.io -A
No resources found

#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -pv /data/k8sdata/mooreyxia/mysql-datadir-{1,2,3,4,5,clone}
[root@K8s-haproxy01 ~]#vim /etc/exports 
[root@K8s-haproxy01 ~]#cat /etc/exports 
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exporting *:/data/volumes
exporting *:/data/k8sdata

#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *


#创建PV
[root@K8s-ansible mysql]#vim pv/mysql-persistentvolume.yaml 
[root@K8s-ansible mysql]#cat pv/mysql-persistentvolume.yaml 
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-1
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-1 
    server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-2
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-2
    server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-3
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-3
    server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-4
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-4
    server: 192.168.11.203
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-5
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-5
    server: 192.168.11.203

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-datadir-6
  namespace: mooreyxia
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    path: /data/k8sdata/mooreyxia/mysql-datadir-6
    server: 192.168.11.203

[root@K8s-ansible mysql]#kubectl apply -f pv/mysql-persistentvolume.yaml 
persistentvolume/mysql-datadir-1 created
persistentvolume/mysql-datadir-2 created
persistentvolume/mysql-datadir-3 created
persistentvolume/mysql-datadir-4 created
persistentvolume/mysql-datadir-5 created
persistentvolume/mysql-datadir-6 created

#确认pv可用

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_WordPress_02

创建mysql-pod并运行服务

#创建configmap提供mysql配置
[root@K8s-ansible mysql]#vim mysql-configmap.yaml 
[root@K8s-ansible mysql]#cat mysql-configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql
  namespace: mooreyxia
  labels:
    app: mysql
data:
  master.cnf: |
    # Apply this config only on the master.
    [mysqld]
    log-bin
    log_bin_trust_function_creators=1
    lower_case_table_names=1
  slave.cnf: |
    # Apply this config only on slaves.
    [mysqld]
    super-read-only
    log_bin_trust_function_creators=1

[root@K8s-ansible mysql]#kubectl apply -f mysql-configmap.yaml 
configmap/mysql created

#确认configMap

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_03

#创建service
[root@K8s-ansible mysql]#vim mysql-services.yaml 
[root@K8s-ansible mysql]#cat mysql-services.yaml 
# Headless service for stable DNS entries of StatefulSet members.
apiVersion: v1
kind: Service
metadata:
  namespace: mooreyxia
  name: mysql
  labels:
    app: mysql
spec:
  ports:
  - name: mysql
    port: 3306
  clusterIP: None #headless 
  selector:
    app: mysql
---
# Client service for connecting to any MySQL instance for reads.
# For writes, you must instead connect to the master: mysql-0.mysql.
apiVersion: v1
kind: Service
metadata:
  name: mysql-read
  namespace: mooreyxia
  labels:
    app: mysql
spec:
  ports:
  - name: mysql
    port: 3306
  selector:
    app: mysql

[root@K8s-ansible mysql]#kubectl apply -f mysql-services.yaml 
service/mysql created
service/mysql-read created

#确认service

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Kubernetes_04

#创建StateFull控制器
[root@K8s-ansible mysql]#vim mysql-statefulset.yaml 
[root@K8s-ansible mysql]#cat mysql-statefulset.yaml 
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
  namespace: mooreyxia
spec:
  selector:
    matchLabels:
      app: mysql
  serviceName: mysql
  replicas: 3
  template:
    metadata:
      labels:
        app: mysql
    spec:
      initContainers:
      - name: init-mysql #初始化容器1-基于当前pod name匹配校色是master还是slave,并动态生成相应的配置
        image: K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36 
        command:
        - bash
        - "-c"
        - |
          set -ex
          # Generate mysql server-id from pod ordinal index.
          [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 #匹配hostname随后一位，是一个顺序叠加的整数
          ordinal=${BASH_REMATCH[1]}
          echo [mysqld] > /mnt/conf.d/server-id.cnf
          # Add an offset to avoid reserved server-id=0 value.
          echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf
          # Copy appropriate conf.d files from config-map to emptyDir.
          if [[ $ordinal -eq 0 ]]; then #如果是master,则配置master.cnf
            cp /mnt/config-map/master.cnf /mnt/conf.d/
          else
            cp /mnt/config-map/slave.cnf /mnt/conf.d/
          fi
        volumeMounts:
        - name: conf #临时卷，emptyDir
          mountPath: /mnt/conf.d
        - name: config-map
          mountPath: /mnt/config-map
      - name: clone-mysql #初始化容器2-用于生成mysql配置文件，并从上一个pod完成首次全备。(slave 3从slave 2 clone,而非每个salve都从master clone。首次全备后采用增量备份) 
        image: K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0 
        command:
        - bash
        - "-c"
        - |
          set -ex
          # Skip the clone if data already exists.
          [[ -d /var/lib/mysql/mysql ]] && exit 0
          # Skip the clone on master (ordinal index 0).
          [[ `hostname` =~ -([0-9]+)$ ]] || exit 1
          ordinal=${BASH_REMATCH[1]}
          [[ $ordinal -eq 0 ]] && exit 0 #如果最后一位是0，判断为master则退出clone
          # Clone data from previous peer.
          #从上一个pod执行clone(binlog)，xbstream解压缩
          ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql
          # Prepare the backup.
          #xtrabackup恢复binlog
          xtrabackup --prepare --target-dir=/var/lib/mysql
        volumeMounts:
        - name: data
          mountPath: /var/lib/mysql
          subPath: mysql
        - name: conf
          mountPath: /etc/mysql/conf.d
      containers:
      - name: mysql #业务容器1(mysql主容器)
        image: K8s-harbor01.mooreyxia.com/baseimages/mysql:5.7.36 
        env:
        - name: MYSQL_ALLOW_EMPTY_PASSWORD
          value: "1"
        ports:
        - name: mysql
          containerPort: 3306
        volumeMounts:
        - name: data #挂载数据目录至/var/lib/mysql
          mountPath: /var/lib/mysql
          subPath: mysql
        - name: conf #配置文件/etc/mysql/conf.d
          mountPath: /etc/mysql/conf.d
        resources: #资源限制
          requests:
            cpu: 500m
            memory: 1Gi
        livenessProbe: #存活探针
          exec:
            command: ["mysqladmin", "ping"]
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
        readinessProbe: #就绪探针
          exec:
            # Check we can execute queries over TCP (skip-networking is off).
            command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
          initialDelaySeconds: 5
          periodSeconds: 2
          timeoutSeconds: 1
      - name: xtrabackup #业务容器2(xtrabackup),用于后期同步master的binlog并恢复数据
        image: K8s-harbor01.mooreyxia.com/baseimages/xtrabackup:1.0 
        ports:
        - name: xtrabackup
          containerPort: 3307
        command:
        - bash
        - "-c"
        - |
          set -ex
          cd /var/lib/mysql
          # Determine binlog position of cloned data, if any.
          if [[ -f xtrabackup_slave_info ]]; then
            # XtraBackup already generated a partial "CHANGE MASTER TO" query
            # because we're cloning from an existing slave.
            mv xtrabackup_slave_info change_master_to.sql.in
            # Ignore xtrabackup_binlog_info in this case (it's useless).
            rm -f xtrabackup_binlog_info
          elif [[ -f xtrabackup_binlog_info ]]; then
            # We're cloning directly from master. Parse binlog position.
            [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1
            rm xtrabackup_binlog_info
            echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\
                  MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in #生成CHANGE MASTER命令
          fi
          # Check if we need to complete a clone by starting replication.
          if [[ -f change_master_to.sql.in ]]; then
            echo "Waiting for mysqld to be ready (accepting connections)"
            until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done
            echo "Initializing replication from clone position"
            # In case of container restart, attempt this at-most-once.
            mv change_master_to.sql.in change_master_to.sql.orig
            #执行CHANGE MASTER操作并启动SLAVE
            mysql -h 127.0.0.1 <<EOF
          $(<change_master_to.sql.orig),
            MASTER_HOST='mysql-0.mysql',
            MASTER_USER='root',
            MASTER_PASSWORD='',
            MASTER_CONNECT_RETRY=10;
          START SLAVE;
          EOF
          fi
          # Start a server to send backups when requested by peers.
          #监听3307端口，用于下一个pod同步全量数据
          exec ncat --listen --keep-open --send-only --max-cnotallow=1 3307 -c \
            "xtrabackup --backup --slave-info --stream=xbstream --host=127.0.0.1 --user=root"
        volumeMounts:
        - name: data
          mountPath: /var/lib/mysql
          subPath: mysql
        - name: conf
          mountPath: /etc/mysql/conf.d
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
      volumes:
      - name: conf
        emptyDir: {}
      - name: config-map
        configMap:
          name: mysql
  volumeClaimTemplates: #根据pv生成pvc
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 10Gi

[root@K8s-ansible mysql]#kubectl apply -f mysql-statefulset.yaml 
statefulset.apps/mysql created

[root@K8s-ansible mysql]#kubectl get pod -n mooreyxia 
NAME      READY   STATUS    RESTARTS   AGE
mysql-0   2/2     Running   0          14m
mysql-1   2/2     Running   0          13m
mysql-2   2/2     Running   0          11m

#确认pod建立没有错误
[root@K8s-ansible mysql]#kubectl describe pod mysql-0 -n mooreyxia
[root@K8s-ansible mysql]#kubectl logs mysql-0 -n mooreyxia

#数据同步验证，生产一定要做，详细的mysql集群搭建验参考我的mysql专题博客
[root@K8s-ansible mysql]#kubectl exec -it mysql-0 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-0:/# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 241
Server version: 5.7.36-log MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database mooreyxia;
Query OK, 1 row affected (0.08 sec)

mysql> show databases;
+------------------------+
| Database               |
+------------------------+
| information_schema     |
| mooreyxia              |
| mysql                  |
| performance_schema     |
| sys                    |
| xtrabackup_backupfiles |
+------------------------+
6 rows in set (0.02 sec)

mysql> exit
Bye
root@mysql-0:/# exit
exit
[root@K8s-ansible mysql]#kubectl exec -it mysql-1 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-1:/# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 274
Server version: 5.7.36 MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+------------------------+
| Database               |
+------------------------+
| information_schema     |
| mooreyxia              |
| mysql                  |
| performance_schema     |
| sys                    |
| xtrabackup_backupfiles |
+------------------------+
6 rows in set (0.09 sec)

mysql> show slave status\G;
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: mysql-0.mysql
                  Master_User: root
                  Master_Port: 3306
                Connect_Retry: 10
              Master_Log_File: mysql-0-bin.000004
          Read_Master_Log_Pos: 328
               Relay_Log_File: mysql-1-relay-bin.000005
                Relay_Log_Pos: 545
        Relay_Master_Log_File: mysql-0-bin.000004
             Slave_IO_Running: Yes #两个线程确认同步开启
            Slave_SQL_Running: Yes
              Replicate_Do_DB: 
          Replicate_Ignore_DB: 
           Replicate_Do_Table: 
       Replicate_Ignore_Table: 
      Replicate_Wild_Do_Table: 
  Replicate_Wild_Ignore_Table: 
                   Last_Errno: 0
                   Last_Error: 
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 328
              Relay_Log_Space: 922
              Until_Condition: None
               Until_Log_File: 
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File: 
           Master_SSL_CA_Path: 
              Master_SSL_Cert: 
            Master_SSL_Cipher: 
               Master_SSL_Key: 
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
  Replicate_Ignore_Server_Ids: 
             Master_Server_Id: 100
                  Master_UUID: f9a4d535-d906-11ed-9063-2edace016355
             Master_Info_File: /var/lib/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
           Master_Retry_Count: 86400
                  Master_Bind: 
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
               Master_SSL_Crl: 
           Master_SSL_Crlpath: 
           Retrieved_Gtid_Set: 
            Executed_Gtid_Set: 
                Auto_Position: 0
         Replicate_Rewrite_DB: 
                 Channel_Name: 
           Master_TLS_Version: 
1 row in set (0.00 sec)

ERROR: 
No query specified

Jenkins业务容器化案例

Jenkins属于JAVA应用，基于java命令，运⾏java war包或jar包，本次以jenkins.war 包部署⽅式为例，且要求jenkins的数据保存⾄外部存储(NFS或者PVC)，其他java应⽤看实际需求是否需要将数据保存⾄外部存储。

Jenkins的各种使用方式请参考Jenkins的专题博客，这里只做容器化演示。

架构及部署

架构

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_WordPress_05

部署

构建Jenkins镜像

#下载Jenkins服务的源码war包
[root@K8s-ansible ~]#cd /usr/local/src/
[root@K8s-ansible src]#wget http://mirrors.ustc.edu.cn/jenkins/war-stable/2.319.2/jenkins.war

#创建镜像使用的文件
[root@K8s-ansible jenkins]#chmod a+x *.sh
[root@K8s-ansible jenkins]#ll
total 70576
drwxr-xr-x  2 root root     4096 Apr 12 10:54 ./
drwxr-xr-x 11 root root     4096 Apr  9 02:59 ../
-rw-r--r--  1 root root      256 Apr 12 10:49 Dockerfile
-rwxr-xr-x  1 root root      234 Apr 12 10:54 build-command.sh*
-rw-r--r--  1 root root 72248203 Apr  9 02:59 jenkins-2.319.2.war
-rwxr-xr-x  1 root root      144 Apr  9 02:59 run_jenkins.sh*

#创建运行服务脚本
[root@K8s-ansible jenkins]#cat run_jenkins.sh 
#!/bin/bash
cd /apps/jenkins && java -server -Xms1024m -Xmx1024m -Xss512k -jar jenkins.war --webroot=/apps/jenkins/jenkins-data --httpPort=8080

#创建Dockerfile进行自动化镜像构建
[root@K8s-ansible jenkins]#vim Dockerfile 
[root@K8s-ansible jenkins]#cat Dockerfile 
#Jenkins Version 2.190.1
FROM K8s-harbor01.mooreyxia.com/pub-images/jdk-base:v8.212

MAINTAINER mooreyxia "[email protected]"

ADD jenkins-2.319.2.war /apps/jenkins/jenkins.war
ADD run_jenkins.sh /usr/bin/


EXPOSE 8080 

CMD ["/usr/bin/run_jenkins.sh"]

#构建镜像
[root@K8s-ansible jenkins]#vim build-command.sh 
[root@K8s-ansible jenkins]#cat build-command.sh 
#!/bin/bash
docker build -t  K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2 .
echo "镜像制作完成，即将上传至Harbor服务器"
sleep 1
docker push K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
echo "镜像上传完成"

[root@K8s-ansible jenkins]#bash build-command.sh 
Sending build context to Docker daemon  72.25MB
Step 1/6 : FROM K8s-harbor01.mooreyxia.com/pub-images/jdk-base:v8.212
 ---> 3f4cebe39805
Step 2/6 : MAINTAINER mooreyxia "[email protected]"
 ---> Running in 730b8fffd3e2
Removing intermediate container 730b8fffd3e2
 ---> 0d0c12b60869
Step 3/6 : ADD jenkins-2.319.2.war /apps/jenkins/jenkins.war
 ---> 2b064998837f
Step 4/6 : ADD run_jenkins.sh /usr/bin/
 ---> d5e84b34be02
Step 5/6 : EXPOSE 8080
 ---> Running in 824d64598628
Removing intermediate container 824d64598628
 ---> 0c5de63593b6
Step 6/6 : CMD ["/usr/bin/run_jenkins.sh"]
 ---> Running in 1584ddbc2664
Removing intermediate container 1584ddbc2664
 ---> d5354386552f
Successfully built d5354386552f
Successfully tagged K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
镜像制作完成，即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/jenkins]
eebaa2c2936e: Pushed 
97c642fde0cc: Pushed 
72519bae3e48: Mounted from demo/tomcat-app1 
f4ab7af29087: Mounted from demo/tomcat-app1 
e183bde7d2a2: Mounted from demo/tomcat-app1 
3e6fa9b75f89: Mounted from demo/redis 
cf71274b159a: Mounted from demo/redis 
174f56854903: Mounted from demo/redis 
v2.319.2: digest: sha256:7fadaff08a2c213d047621400c814b3e0f5beec62f2ef5110e529ac61dad3402 size: 2001
镜像上传完成

验证Jenkins镜像

[root@K8s-ansible jenkins]#docker run -it --rm -p 8088:8080 K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
Running from: /apps/jenkins/jenkins.war
2023-04-12 11:30:00.103+0000 [id=1]	INFO	org.eclipse.jetty.util.log.Log#initialized: Logging initialized @2181ms to org.eclipse.jetty.util.log.JavaUtilLog
2023-04-12 11:30:00.847+0000 [id=1]	INFO	winstone.Logger#logInternal: Beginning extraction from war file
2023-04-12 11:30:03.295+0000 [id=1]	WARNING	o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath
2023-04-12 11:30:03.434+0000 [id=1]	INFO	org.eclipse.jetty.server.Server#doStart: jetty-9.4.43.v20210629; built: 2021-06-30T11:07:22.254Z; git: 526006ecfa3af7f1a27ef3a288e2bef7ea9dd7e8; jvm 1.8.0_212-b10
2023-04-12 11:30:04.480+0000 [id=1]	INFO	o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2023-04-12 11:30:04.665+0000 [id=1]	INFO	o.e.j.s.s.DefaultSessionIdManager#doStart: DefaultSessionIdManager workerName=node0
2023-04-12 11:30:04.666+0000 [id=1]	INFO	o.e.j.s.s.DefaultSessionIdManager#doStart: No SessionScavenger set, using defaults
2023-04-12 11:30:04.669+0000 [id=1]	INFO	o.e.j.server.session.HouseKeeper#startScavenging: node0 Scavenging every 660000ms
2023-04-12 11:30:08.361+0000 [id=1]	INFO	hudson.WebAppMain#contextInitialized: Jenkins home directory: /root/.jenkins found at: $user.home/.jenkins
2023-04-12 11:30:10.452+0000 [id=1]	INFO	o.e.j.s.handler.ContextHandler#doStart: Started w.@6c451c9c{Jenkins v2.319.2,/,file:///apps/jenkins/jenkins-data/,AVAILABLE}{/apps/jenkins/jenkins-data}
2023-04-12 11:30:10.540+0000 [id=1]	INFO	o.e.j.server.AbstractConnector#doStart: Started ServerConnector@78452606{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2023-04-12 11:30:10.541+0000 [id=1]	INFO	org.eclipse.jetty.server.Server#doStart: Started @12620ms
2023-04-12 11:30:10.543+0000 [id=21]	INFO	winstone.Logger#logInternal: Winstone Servlet Engine running: cnotallow=disabled
2023-04-12 11:30:13.001+0000 [id=28]	INFO	jenkins.InitReactorRunner$1#onAttained: Started initialization
2023-04-12 11:30:13.042+0000 [id=28]	INFO	jenkins.InitReactorRunner$1#onAttained: Listed all plugins
2023-04-12 11:30:14.767+0000 [id=26]	INFO	jenkins.InitReactorRunner$1#onAttained: Prepared all plugins
2023-04-12 11:30:14.773+0000 [id=26]	INFO	jenkins.InitReactorRunner$1#onAttained: Started all plugins
2023-04-12 11:30:14.791+0000 [id=26]	INFO	jenkins.InitReactorRunner$1#onAttained: Augmented all extensions
2023-04-12 11:30:16.226+0000 [id=27]	INFO	jenkins.InitReactorRunner$1#onAttained: System config loaded
2023-04-12 11:30:16.227+0000 [id=27]	INFO	jenkins.InitReactorRunner$1#onAttained: System config adapted
2023-04-12 11:30:16.228+0000 [id=27]	INFO	jenkins.InitReactorRunner$1#onAttained: Loaded all jobs
2023-04-12 11:30:16.229+0000 [id=27]	INFO	jenkins.InitReactorRunner$1#onAttained: Configuration for all jobs updated
2023-04-12 11:30:16.323+0000 [id=42]	INFO	hudson.model.AsyncPeriodicWork#lambda$doRun$1: Started Download metadata
2023-04-12 11:30:16.349+0000 [id=42]	INFO	hudson.util.Retrier#start: Attempt #1 to do the action check updates server
2023-04-12 11:30:17.277+0000 [id=26]	INFO	jenkins.install.SetupWizard#init: 

*************************************************************
*************************************************************
*************************************************************

Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

3db55bca24974cc5b96dd40f0b3dfa03

This may also be found at: /root/.jenkins/secrets/initialAdminPassword

*************************************************************
*************************************************************
*************************************************************

创建PV/PVC - 这里使用静态存储

需要两个PVC，⼀个保存jenkins的数据，⼀个保存.jenkins的数据。

#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -pv /data/k8sdata/mooreyxia/jenkins-{data,root-data}
[root@K8s-haproxy01 ~]#vim /etc/exports 
[root@K8s-haproxy01 ~]#cat /etc/exports 
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exporting *:/data/volumes
exporting *:/data/k8sdata

#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *

#创建pv
[root@K8s-ansible jenkins]#vim pv/jenkins-persistentvolume.yaml 
[root@K8s-ansible jenkins]#cat pv/jenkins-persistentvolume.yaml 
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-datadir-pv
  namespace: mooreyxia
spec:
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    server: 192.168.11.203
    path: /data/k8sdata/mooreyxia/jenkins-data 

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: jenkins-root-datadir-pv
  namespace: mooreyxia
spec:
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteOnce
  nfs:
    server: 192.168.11.203
    path: /data/k8sdata/mooreyxia/jenkins-root-data

[root@K8s-ansible jenkins]#kubectl apply -f  pv/jenkins-persistentvolume.yaml 
persistentvolume/jenkins-datadir-pv created
persistentvolume/jenkins-root-datadir-pv created

#确认pv可用

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_LNMP_06

#创建pvc
[root@K8s-ansible jenkins]#vim pv/jenkins-persistentvolumeclaim.yaml 
[root@K8s-ansible jenkins]#cat pv/jenkins-persistentvolumeclaim.yaml 
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-datadir-pvc
  namespace: mooreyxia
spec:
  volumeName: jenkins-datadir-pv
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 80Gi

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jenkins-root-data-pvc
  namespace: mooreyxia
spec:
  volumeName: jenkins-root-datadir-pv 
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 80Gi
      
[root@K8s-ansible jenkins]#kubectl apply -f pv/jenkins-persistentvolumeclaim.yaml
persistentvolumeclaim/jenkins-datadir-pvc created
persistentvolumeclaim/jenkins-root-data-pvc created

#确认pv绑定到对应pvc

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_07

创建Jenkins服务并运行

[root@K8s-ansible jenkins]#cat jenkins.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: mooreyxia-jenkins
  name: mooreyxia-jenkins-deployment
  namespace: mooreyxia
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mooreyxia-jenkins
  template:
    metadata:
      labels:
        app: mooreyxia-jenkins
    spec:
      containers:
      - name: mooreyxia-jenkins-container
        image: K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
        #imagePullPolicy: IfNotPresent
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
        volumeMounts:
        - mountPath: "/apps/jenkins/jenkins-data/"
          name: jenkins-datadir-mooreyxia
        - mountPath: "/root/.jenkins"
          name: jenkins-root-datadir
      volumes:
        - name: jenkins-datadir-mooreyxia
          persistentVolumeClaim:
            claimName: jenkins-datadir-pvc
        - name: jenkins-root-datadir
          persistentVolumeClaim:
            claimName: jenkins-root-data-pvc

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: mooreyxia-jenkins
  name: mooreyxia-jenkins-service
  namespace: mooreyxia
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 31080
  selector:
    app: mooreyxia-jenkins

[root@K8s-ansible jenkins]#kubectl apply -f jenkins.yaml 
deployment.apps/mooreyxia-jenkins-deployment unchanged
service/mooreyxia-jenkins-service created

#确认pod创建没有错误
[root@K8s-ansible jenkins]#kubectl get pod -n mooreyxia
NAME                                            READY   STATUS    RESTARTS   AGE
mooreyxia-jenkins-deployment-6c947cff7f-g2g6p   1/1     Running   0          13s

[root@K8s-ansible jenkins]#kubectl describe pod mooreyxia-jenkins-deployment-6c947cff7f-g2g6p  -n mooreyxia
Name:             mooreyxia-jenkins-deployment-6c947cff7f-g2g6p
Namespace:        mooreyxia
Priority:         0
Service Account:  default
Node:             192.168.11.215/192.168.11.215
Start Time:       Wed, 12 Apr 2023 11:31:39 +0000
Labels:           app=mooreyxia-jenkins
                  pod-template-hash=6c947cff7f
Annotations:      <none>
Status:           Running
IP:               10.200.67.52
IPs:
  IP:           10.200.67.52
Controlled By:  ReplicaSet/mooreyxia-jenkins-deployment-6c947cff7f
Containers:
  mooreyxia-jenkins-container:
    Container ID:   containerd://94e22799befed74efb2e17d55496728fd0dbf053d10878d7af25b3ed9727d023
    Image:          K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2
    Image ID:       K8s-harbor01.mooreyxia.com/demo/jenkins@sha256:5fc1d194d30777f437c77fa9828993587ad010538139eb1aee710d4e4abfc3da
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Wed, 12 Apr 2023 11:31:47 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /apps/jenkins/jenkins-data/ from jenkins-datadir-mooreyxia (rw)
      /root/.jenkins from jenkins-root-datadir (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pw5bw (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  jenkins-datadir-mooreyxia:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  jenkins-datadir-pvc
    ReadOnly:   false
  jenkins-root-datadir:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  jenkins-root-data-pvc
    ReadOnly:   false
  kube-api-access-pw5bw:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  57s   default-scheduler  Successfully assigned mooreyxia/mooreyxia-jenkins-deployment-6c947cff7f-g2g6p to 192.168.11.215
  Normal  Pulling    55s   kubelet            Pulling image "K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2"
  Normal  Pulled     51s   kubelet            Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/jenkins:v2.319.2" in 4.745230857s (4.745266429s including waiting)
  Normal  Created    51s   kubelet            Created container mooreyxia-jenkins-container
  Normal  Started    50s   kubelet            Started container mooreyxia-jenkins-container

#确认日志并找出初始化密码

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_WordPress_08

验证web访问jenkins

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_LNMP_09

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_10

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_11

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_12

创建一个任务

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Kubernetes_13

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_WordPress_14

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_15

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_16

确认数据持久化

[root@K8s-haproxy01 jenkins-root-data]#ll /data/k8sdata/mooreyxia/jenkins*
/data/k8sdata/mooreyxia/jenkins-data:
total 3356
drwxr-xr-x 11 root root    4096 Apr 12 12:14  ./
drwxr-xr-x 22 root root    4096 Apr 12 11:04  ../
-rw-r--r--  1 root root       0 Apr  9 02:59  .timestamp
-rw-r--r--  1 root root    1944 Apr 12 12:14  ColorFormatter.class
-rw-r--r--  1 root root    1617 Apr 12 12:14  JNLPMain.class
-rw-r--r--  1 root root     636 Apr 12 12:14 'LogFileOutputStream$1.class'
-rw-r--r--  1 root root    2948 Apr 12 12:14  LogFileOutputStream.class
drwxr-xr-x  3 root root    4096 Apr 12 12:13  META-INF/
-rw-r--r--  1 root root     512 Apr 12 12:13 'Main$FileAndDescription.class'
-rw-r--r--  1 root root   19670 Apr 12 12:13  Main.class
-rw-r--r--  1 root root    3756 Apr 12 12:14  MainDialog.class
drwxr-xr-x  6 root root    4096 Apr 12 12:14  WEB-INF/
drwxr-xr-x  3 root root    4096 Apr 12 12:14  bootstrap/
drwxr-xr-x  5 root root    4096 Apr 12 12:14  css/
drwxr-xr-x  2 root root    4096 Apr 12 12:14  executable/
-rw-r--r--  1 root root   17542 Apr 12 12:14  favicon.ico
drwxr-xr-x 12 root root    4096 Apr 12 12:13  help/
drwxr-xr-x  9 root root    4096 Apr 12 12:14  images/
drwxr-xr-x  3 root root    4096 Apr 12 12:14  jsbundles/
-rw-r--r--  1 root root      71 Apr 12 12:14  robots.txt
drwxr-xr-x  3 root root    4096 Apr 12 12:14  scripts/
-rw-r--r--  1 root root 3319617 Apr 12 12:13  winstone.jar

/data/k8sdata/mooreyxia/jenkins-root-data:
total 60
drwxr-xr-x  8 root root 4096 Apr 12 12:14 ./
drwxr-xr-x 22 root root 4096 Apr 12 11:04 ../
-rw-r--r--  1 root root 1656 Apr 12 12:14 config.xml
-rw-r--r--  1 root root   29 Apr 12 12:14 failed-boot-attempts.txt
-rw-r--r--  1 root root  156 Apr 12 12:14 hudson.model.UpdateCenter.xml
-rw-------  1 root root 1712 Apr 12 12:14 identity.key.enc
-rw-r--r--  1 root root  171 Apr 12 12:14 jenkins.telemetry.Correlator.xml
drwxr-xr-x  2 root root 4096 Apr 12 12:14 jobs/
-rw-r--r--  1 root root  907 Apr 12 12:14 nodeMonitors.xml
drwxr-xr-x  2 root root 4096 Apr 12 12:14 nodes/
drwxr-xr-x  2 root root 4096 Apr 12 12:14 plugins/
-rw-r--r--  1 root root   64 Apr 12 12:14 secret.key
-rw-r--r--  1 root root    0 Apr 12 12:14 secret.key.not-so-secret
drwx------  4 root root 4096 Apr 12 12:14 secrets/
drwxr-xr-x  2 root root 4096 Apr 12 12:14 userContent/
drwxr-xr-x  3 root root 4096 Apr 12 12:14 users/

单Pod多容器实现LNMP架构运行WordPress

LNMP案例之基于Nginx+PHP实现WordPress博客站点，要求Nginx+PHP运⾏在同⼀个Pod的不同容器，MySQL运⾏与default的namespace并可以通过service name增删改查数据库。

架构及部署

架构

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_17

部署

构建PHP镜像

#下载php基础镜像
[root@K8s-ansible ~]#
[root@K8s-ansible ~]#docker pull php:5.6.40-fpm
5.6.40-fpm: Pulling from library/php
5e6ec7f28fb7: Pull complete 
cf165947b5b7: Pull complete 
7bd37682846d: Pull complete 
99daf8e838e1: Pull complete 
f8628c9f032f: Pull complete 
50ff925cdfa2: Pull complete 
6ab76f312877: Pull complete 
28ea94b4dd82: Pull complete 
a6dbb35d45d2: Pull complete 
98b901ec9e8d: Pull complete 
Digest: sha256:4f070f1b7b93cc5ab364839b79a5b26f38d5f89461f7bc0cd4bab4a3ad7d67d7
Status: Downloaded newer image for php:5.6.40-fpm
docker.io/library/php:5.6.40-fpm
[root@K8s-ansible ~]#docker tag php:5.6.40-fpm K8s-harbor01.mooreyxia.com/baseimages/php:5.6.40-fpm
[root@K8s-ansible ~]#docker push K8s-harbor01.mooreyxia.com/baseimages/php:5.6.40-fpm
The push refers to repository [K8s-harbor01.mooreyxia.com/baseimages/php]
bf97b47da88d: Pushed 
56d6009fbc8b: Pushed 
b6d5993da6a4: Pushed 
c9e57440aae2: Pushed 
5e2afcdec12b: Pushed 
6e4f2e72b0d9: Pushed 
6eb3cfd4ad9e: Pushed 
82bded2c3a7c: Pushed 
b87a266e6a9c: Pushed 
3c816b4ead84: Pushed 
5.6.40-fpm: digest: sha256:7cfd6ccb875ff314b2c672b62aa3169fe79d54bf3422b7b0017955b3457ca1a7 size: 2410

#⾃制PHP镜像
[root@K8s-ansible php]#chmod a+x *.sh
[root@K8s-ansible php]#tree .
.
├── Dockerfile
├── build-command.sh
├── run_php.sh
└── www.conf

0 directories, 4 files

#php配置
[root@K8s-ansible php]#grep -Ev "^ *;|^$" www.conf 
[www]
user = nginx
group = nginx
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /opt/remi/php56/root/var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /opt/remi/php56/root/var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /opt/remi/php56/root/var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /opt/remi/php56/root/var/lib/php/wsdlcache

#运行php服务并做守护进程
[root@K8s-ansible php]#vim run_php.sh 
[root@K8s-ansible php]#cat run_php.sh 
#!/bin/bash

/opt/remi/php56/root/usr/sbin/php-fpm
tail -f /etc/hosts

#Dockerfile
[root@K8s-ansible php]#vim Dockerfile 
[root@K8s-ansible php]#cat Dockerfile 
#PHP Base Image
FROM K8s-harbor01.mooreyxia.com/baseimages/centos-base:7.9.2009 

MAINTAINER mooreyxia "[email protected]"

RUN yum install -y  https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm && yum install  php56-php-fpm php56-php-mysql -y 
ADD www.conf /opt/remi/php56/root/etc/php-fpm.d/www.conf
ADD run_php.sh /usr/local/bin/run_php.sh
EXPOSE 9000

CMD ["/usr/local/bin/run_php.sh"] 

#构建镜像
[root@K8s-ansible php]#vim build-command.sh 
[root@K8s-ansible php]#cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:${TAG} .
echo "镜像制作完成，即将上传至Harbor服务器"
sleep 1
docker push K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:${TAG}
echo "镜像上传完成"

[root@K8s-ansible php]#bash build-command.sh v1
...
Successfully built 1c6f46c71781
Successfully tagged K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
镜像制作完成，即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6]
8a163d8301cd: Pushed 
162b8d58096a: Pushed 
78eaba0e95e6: Pushed 
3e6fa9b75f89: Mounted from demo/wordpress-nginx 
cf71274b159a: Mounted from demo/wordpress-nginx 
174f56854903: Mounted from demo/wordpress-nginx 
v1: digest: sha256:ac21be587d0471c2436447d9317d709eb49aae254c741be24c4bb712f4fec18f size: 1582
镜像上传完成

构建Nginx-wordpress基础镜像

[root@K8s-ansible nginx-base-wordpress]#chmod a+x *.sh
[root@K8s-ansible nginx-base-wordpress]#tree .
.
├── Dockerfile
├── build-command.sh
└── nginx-1.20.2.tar.gz

0 directories, 4 files

#Dockerfile
[root@K8s-ansible nginx-base-wordpress]#cat Dockerfile 
#Nginx Base Image
FROM K8s-harbor01.mooreyxia.com/baseimages/centos-base:7.9.2009 

MAINTAINER mooreyxia "[email protected]"

RUN yum install -y vim wget tree  lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.20.2.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.20.2 && ./configure --prefix=/apps/nginx  && make && make install && ln -sv  /apps/nginx/sbin/nginx /usr/sbin/nginx  &&rm -rf /usr/local/src/nginx-1.20.2.tar.gz 

#构建
[root@K8s-ansible nginx-base-wordpress]#cat build-command.sh 
#!/bin/bash
docker build -t K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2  .
sleep 1
docker push  K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2

[root@K8s-ansible nginx-base-wordpress]#bash build-command.sh 
...
Successfully built 0949b7d3be52
Successfully tagged K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
The push refers to repository [K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress]
4a9512f2e353: Pushed 
08a188973746: Pushed 
3736b6ab6d21: Pushed 
3e6fa9b75f89: Mounted from pub-images/nginx-base 
cf71274b159a: Mounted from pub-images/nginx-base 
174f56854903: Mounted from pub-images/nginx-base 
v1.20.2: digest: sha256:1d4c51a480457f5215ed1842543cc39d1eadc3b57bca647e994d2b139f37892b size: 1588

构建wordpress镜像

[root@K8s-ansible nginx]#chmod a+x *.sh
[root@K8s-ansible nginx]#tree .
.
├── Dockerfile
├── build-command.sh
├── index.html
├── nginx.conf
└── run_nginx.sh

0 directories, 5 files

#准备nginx配置
[root@K8s-ansible nginx]#grep -Ev "^ *#|^$"  nginx.conf 
user  nginx nginx;
worker_processes  auto;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    client_max_body_size 10M;
    client_body_buffer_size 16k;
    client_body_temp_path  /apps/nginx/tmp   1 2 2;
    gzip  on;
    server {
        listen       80;
        server_name  blogs.magedu.net;
        location / {
            root    /home/nginx/wordpress;
            index   index.php index.html index.htm;
        }
        location ~ \.php$ {
            root           /home/nginx/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             include        fastcgi_params;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}


#运行nginx，并做守护进程
[root@K8s-ansible nginx]#vim run_nginx.sh 
[root@K8s-ansible nginx]#cat run_nginx.sh 
#!/bin/bash
/apps/nginx/sbin/nginx
tail -f /etc/hosts

#Dockerfile
[root@K8s-ansible nginx]#vim Dockerfile 
[root@K8s-ansible nginx]#cat Dockerfile 
FROM K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2

ADD nginx.conf /apps/nginx/conf/nginx.conf
ADD run_nginx.sh /apps/nginx/sbin/run_nginx.sh
RUN mkdir -pv /home/nginx/wordpress
RUN chown nginx.nginx /home/nginx/wordpress/ -R

EXPOSE 80 443

CMD ["/apps/nginx/sbin/run_nginx.sh"] 

#构建镜像
[root@K8s-ansible nginx]#cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:${TAG} .
echo "镜像制作完成，即将上传至Harbor服务器"
sleep 1
docker push  K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:${TAG}
echo "镜像上传完成"

[root@K8s-ansible nginx]#bash build-command.sh v1
Sending build context to Docker daemon  9.216kB
Step 1/7 : FROM K8s-harbor01.mooreyxia.com/pub-images/nginx-base-wordpress:v1.20.2
 ---> 0949b7d3be52
Step 2/7 : ADD nginx.conf /apps/nginx/conf/nginx.conf
 ---> 415bb198319e
Step 3/7 : ADD run_nginx.sh /apps/nginx/sbin/run_nginx.sh
 ---> a3f581bfb743
Step 4/7 : RUN mkdir -pv /home/nginx/wordpress
 ---> Running in ff5e082dacd1
mkdir: created directory '/home/nginx/wordpress'
Removing intermediate container ff5e082dacd1
 ---> da1d83dafe4a
Step 5/7 : RUN chown nginx.nginx /home/nginx/wordpress/ -R
 ---> Running in 0adda03fff26
Removing intermediate container 0adda03fff26
 ---> 1453bcd9f641
Step 6/7 : EXPOSE 80 443
 ---> Running in 0298853f2207
Removing intermediate container 0298853f2207
 ---> e345abfd5ca7
Step 7/7 : CMD ["/apps/nginx/sbin/run_nginx.sh"]
 ---> Running in 37bdde1017c4
Removing intermediate container 37bdde1017c4
 ---> 72b54d5c1a9f
Successfully built 72b54d5c1a9f
Successfully tagged K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1
镜像制作完成，即将上传至Harbor服务器
The push refers to repository [K8s-harbor01.mooreyxia.com/demo/wordpress-nginx]
a21497ba143a: Pushed 
c480e4dd5938: Pushed 
4d685ac681e0: Pushed 
52ead525925c: Pushed 
4a9512f2e353: Mounted from pub-images/nginx-base-wordpress 
08a188973746: Mounted from pub-images/nginx-base-wordpress 
3736b6ab6d21: Mounted from pub-images/nginx-base-wordpress 
3e6fa9b75f89: Mounted from demo/jenkins 
cf71274b159a: Mounted from demo/jenkins 
174f56854903: Mounted from demo/jenkins 
v1: digest: sha256:ac39a0019765228ca48e97a182c85fdfde626dc0ca82971aafdc8c90ff5d0ae7 size: 2417
镜像上传完成

创建WordPress-Pod站点

#创建存储设备-这里用nfs
[root@K8s-haproxy01 ~]#mkdir -p /data/k8sdata/mooreyxia/wordpress
[root@K8s-haproxy01 ~]#vim /etc/exports 
[root@K8s-haproxy01 ~]#cat /etc/exports 
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

/data/k8sdata *(rw,no_root_squash)
/data/volumes *(rw,no_root_squash)
[root@K8s-haproxy01 ~]#exportfs -avs
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/k8sdata".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exportfs: /etc/exports [3]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/data/volumes".
  Assuming default behaviour ('no_subtree_check').
  NOTE: this default has changed since nfs-utils version 1.0.x

exporting *:/data/volumes
exporting *:/data/k8sdata

#showmount
[root@K8s-ansible redis]#showmount -e 192.168.11.203
Export list for 192.168.11.203:
/data/volumes *
/data/k8sdata *

#创建WordPress-Pod
[root@K8s-ansible wordpress]#cat wordpress.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-deployment
  namespace: mooreyxia
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress-app
  template:
    metadata:
      labels:
        app: wordpress-app
    spec:
      containers:
      - name: wordpress-app-nginx
        image: K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1 
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          protocol: TCP
          name: http
        - containerPort: 443
          protocol: TCP
          name: https
        volumeMounts:
        - name: wordpress
          mountPath: /home/nginx/wordpress
          readOnly: false

      - name: wordpress-app-php
        image: K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
        #imagePullPolicy: IfNotPresent
        imagePullPolicy: Always
        ports:
        - containerPort: 9000
          protocol: TCP
          name: http
        volumeMounts:
        - name: wordpress
          mountPath: /home/nginx/wordpress
          readOnly: false

      volumes:
      - name: wordpress
        nfs:
          server: 192.168.11.203
          path: /data/k8sdata/mooreyxia/wordpress 


---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: wordpress-app
  name: wordpress-app-spec
  namespace: mooreyxia
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30031
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
    nodePort: 30033
  selector:
    app: wordpress-app

[root@K8s-ansible wordpress]#kubectl apply -f wordpress.yaml 
deployment.apps/wordpress-app-deployment created
service/wordpress-app-spec created

#确认pod运行

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Jenkins_18

#describe
[root@K8s-ansible wordpress]#kubectl describe pod wordpress-app-deployment-598fd848b4-sc8r6  -n mooreyxia
Name:             wordpress-app-deployment-598fd848b4-sc8r6
Namespace:        mooreyxia
Priority:         0
Service Account:  default
Node:             192.168.11.215/192.168.11.215
Start Time:       Wed, 12 Apr 2023 14:04:52 +0000
Labels:           app=wordpress-app
                  pod-template-hash=598fd848b4
Annotations:      <none>
Status:           Running
IP:               10.200.67.57
IPs:
  IP:           10.200.67.57
Controlled By:  ReplicaSet/wordpress-app-deployment-598fd848b4
Containers:
  wordpress-app-nginx:
    Container ID:   containerd://642521777959607629426dedd2a2b0031adb5382cbac3b23f2be4fb483760e08
    Image:          K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1
    Image ID:       K8s-harbor01.mooreyxia.com/demo/wordpress-nginx@sha256:ac39a0019765228ca48e97a182c85fdfde626dc0ca82971aafdc8c90ff5d0ae7
    Ports:          80/TCP, 443/TCP
    Host Ports:     0/TCP, 0/TCP
    State:          Running
      Started:      Wed, 12 Apr 2023 14:05:07 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /home/nginx/wordpress from wordpress (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kqbcc (ro)
  wordpress-app-php:
    Container ID:   containerd://97a450bcf53a91d3f15d4b3934102db0e377ddb6176b7f7159abaf09ea2708d3
    Image:          K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1
    Image ID:       K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6@sha256:ac21be587d0471c2436447d9317d709eb49aae254c741be24c4bb712f4fec18f
    Port:           9000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Wed, 12 Apr 2023 14:05:19 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /home/nginx/wordpress from wordpress (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kqbcc (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  wordpress:
    Type:      NFS (an NFS mount that lasts the lifetime of a pod)
    Server:    192.168.11.203
    Path:      /data/k8sdata/mooreyxia/wordpress
    ReadOnly:  false
  kube-api-access-kqbcc:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  3m9s   default-scheduler  Successfully assigned mooreyxia/wordpress-app-deployment-598fd848b4-sc8r6 to 192.168.11.215
  Normal  Pulling    3m9s   kubelet            Pulling image "K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1"
  Normal  Pulled     2m56s  kubelet            Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/wordpress-nginx:v1" in 12.999044642s (12.999118117s including waiting)
  Normal  Created    2m55s  kubelet            Created container wordpress-app-nginx
  Normal  Started    2m55s  kubelet            Started container wordpress-app-nginx
  Normal  Pulling    2m55s  kubelet            Pulling image "K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1"
  Normal  Pulled     2m43s  kubelet            Successfully pulled image "K8s-harbor01.mooreyxia.com/demo/wordpress-php-5.6:v1" in 11.880760933s (11.880781672s including waiting)
  Normal  Created    2m43s  kubelet            Created container wordpress-app-php
  Normal  Started    2m43s  kubelet            Started container wordpress-app-php


#查看log
[root@K8s-ansible wordpress]#kubectl logs wordpress-app-deployment-598fd848b4-sc8r6 -n mooreyxia
Defaulted container "wordpress-app-nginx" out of: wordpress-app-nginx, wordpress-app-php
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.200.67.57	wordpress-app-deployment-598fd848b4-sc8r6
tail: /etc/hosts: file truncated
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.200.67.57	wordpress-app-deployment-598fd848b4-sc8r6

验证WordPress-Pod站点

#在存储目录创建PHP测试⻚
[root@K8s-haproxy01 ~]#cd /data/k8sdata/mooreyxia/wordpress
[root@K8s-haproxy01 wordpress]#vim test.php
[root@K8s-haproxy01 wordpress]#cat test.php
<?php
phpinfo();
?>

#测试访问

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_Kubernetes_19

下载WordPress代码到存储设备

[root@K8s-haproxy01 wordpress]#pwd
/data/k8sdata/mooreyxia/wordpress

[root@K8s-haproxy01 wordpress]#wget https://cn.wordpress.org/latest-zh_CN.tar.gz
--2023-04-12 14:36:00--  https://cn.wordpress.org/latest-zh_CN.tar.gz
Resolving cn.wordpress.org (cn.wordpress.org)... 198.143.164.252
Connecting to cn.wordpress.org (cn.wordpress.org)|198.143.164.252|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 23763585 (23M) [application/octet-stream]
Saving to: ‘latest-zh_CN.tar.gz’

latest-zh_CN.tar.gz                          100%[=============================================================================================>]  22.66M   929KB/s    in 20s     

2023-04-12 14:36:20 (1.16 MB/s) - ‘latest-zh_CN.tar.gz’ saved [23763585/23763585]

#解压并将项目文件移入当前目录
[root@K8s-haproxy01 wordpress]#tar xvf latest-zh_CN.tar.gz 
[root@K8s-haproxy01 wordpress]#ll
total 23220
drwxr-xr-x  3 root root     4096 Apr 12 14:38 ./
drwxr-xr-x 23 root root     4096 Apr 12 13:28 ../
-rw-r--r--  1 root root 23763585 Mar 29 19:04 latest-zh_CN.tar.gz
drwxr-xr-x  5 1006 1006     4096 Mar 29 19:02 wordpress/
[root@K8s-haproxy01 wordpress]#mv wordpress/* .
[root@K8s-haproxy01 wordpress]#mv latest-zh_CN.tar.gz /tmp/
[root@K8s-haproxy01 wordpress]#mv wordpress /tmp/
[root@K8s-haproxy01 wordpress]#ll
total 236
drwxr-xr-x  5 root root  4096 Apr 12 14:40 ./
drwxr-xr-x 23 root root  4096 Apr 12 13:28 ../
-rw-r--r--  1 1006 1006   405 Feb  6  2020 index.php
-rw-r--r--  1 1006 1006 19915 Mar 29 19:02 license.txt
-rw-r--r--  1 1006 1006  7402 Mar 29 19:02 readme.html
-rw-r--r--  1 1006 1006  7205 Sep 16  2022 wp-activate.php
drwxr-xr-x  9 1006 1006  4096 Mar 29 19:00 wp-admin/
-rw-r--r--  1 1006 1006   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--  1 1006 1006  2338 Nov  9  2021 wp-comments-post.php
-rw-r--r--  1 1006 1006  3013 Mar 29 19:02 wp-config-sample.php
drwxr-xr-x  5 1006 1006  4096 Mar 29 19:04 wp-content/
-rw-r--r--  1 1006 1006  5536 Nov 23 15:43 wp-cron.php
drwxr-xr-x 28 1006 1006 12288 Mar 29 19:04 wp-includes/
-rw-r--r--  1 1006 1006  2502 Nov 26 21:01 wp-links-opml.php
-rw-r--r--  1 1006 1006  3792 Feb 23 10:38 wp-load.php
-rw-r--r--  1 1006 1006 49330 Feb 23 10:38 wp-login.php
-rw-r--r--  1 1006 1006  8541 Feb  3 13:35 wp-mail.php
-rw-r--r--  1 1006 1006 24993 Mar  1 15:05 wp-settings.php
-rw-r--r--  1 1006 1006 34350 Sep 17  2022 wp-signup.php
-rw-r--r--  1 1006 1006  4889 Nov 23 15:43 wp-trackback.php
-rw-r--r--  1 1006 1006  3238 Nov 29 15:51 xmlrpc.php

#更改属主属组 - 要和业务容器中运行服务的用户保持一致
[root@K8s-haproxy01 mooreyxia]#chown 2088.2088 wordpress/ -R
[root@K8s-haproxy01 mooreyxia]#ll wordpress 
total 236
drwxr-xr-x  5 2088 2088  4096 Apr 12 14:40 ./
drwxr-xr-x 23 root root  4096 Apr 12 13:28 ../
-rw-r--r--  1 2088 2088   405 Feb  6  2020 index.php
-rw-r--r--  1 2088 2088 19915 Mar 29 19:02 license.txt
-rw-r--r--  1 2088 2088  7402 Mar 29 19:02 readme.html
-rw-r--r--  1 2088 2088  7205 Sep 16  2022 wp-activate.php
drwxr-xr-x  9 2088 2088  4096 Mar 29 19:00 wp-admin/
-rw-r--r--  1 2088 2088   351 Feb  6  2020 wp-blog-header.php
-rw-r--r--  1 2088 2088  2338 Nov  9  2021 wp-comments-post.php
-rw-r--r--  1 2088 2088  3013 Mar 29 19:02 wp-config-sample.php
drwxr-xr-x  5 2088 2088  4096 Mar 29 19:04 wp-content/
-rw-r--r--  1 2088 2088  5536 Nov 23 15:43 wp-cron.php
drwxr-xr-x 28 2088 2088 12288 Mar 29 19:04 wp-includes/
-rw-r--r--  1 2088 2088  2502 Nov 26 21:01 wp-links-opml.php
-rw-r--r--  1 2088 2088  3792 Feb 23 10:38 wp-load.php
-rw-r--r--  1 2088 2088 49330 Feb 23 10:38 wp-login.php
-rw-r--r--  1 2088 2088  8541 Feb  3 13:35 wp-mail.php
-rw-r--r--  1 2088 2088 24993 Mar  1 15:05 wp-settings.php
-rw-r--r--  1 2088 2088 34350 Sep 17  2022 wp-signup.php
-rw-r--r--  1 2088 2088  4889 Nov 23 15:43 wp-trackback.php
-rw-r--r--  1 2088 2088  3238 Nov 29 15:51 xmlrpc.php

-------------业务容器中运行服务的用户--------------------------
[root@K8s-ansible php]#kubectl exec -it wordpress-app-deployment-598fd848b4-sc8r6 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "wordpress-app-nginx" out of: wordpress-app-nginx, wordpress-app-php
[root@wordpress-app-deployment-598fd848b4-sc8r6 /]# id nginx
uid=2088(nginx) gid=2088(nginx) groups=2088(nginx) #存储设备上的文件属主属组要保持一致，否则会有权限问题

#测试访问WordPress站点 集群nodeIP:NodePort
http://192.168.11.211:30031/

88-云原生操作系统-Jenkins和LNMP架构业务容器化案例_LNMP_20

WordPress站点数据库创建

#使⽤k8s中运⾏的mysql服务，作为mysql服务器，创建WordPress数据库并做授权用户创建
[root@K8s-ansible wordpress]#kubectl exec -it mysql-0 bash -n mooreyxia
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Defaulted container "mysql" out of: mysql, xtrabackup, init-mysql (init), clone-mysql (init)
root@mysql-0:/# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13176
Server version: 5.7.36-log MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.07 sec)

mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"%" IDENTIFIED BY "wordpress";
Query OK, 0 rows affected, 1 warning (0.18 sec)

mysql> 

#测试MySQL连接
root@mysql-0:/# mysql -uwordpress -hmysql-0.mysql -pwordpress
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13298
Server version: 5.7.36-log MySQL Community Server (GPL)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.