准备工作
lnmp部署架构环节图
1.镜像准备(本人有封装好的阿里镜像,这个自行解决)
- mysql:5.6
- nginx:1.16.1
- php:7.1
|
1 2 |
有个问题是后面直接在yaml文件中去拉取镜像一直都失败了,可能是因为认证的问题,所以我先在node上登录先私有镜像仓库,然后把镜像都拉到node上,然后在yaml文件中容器 选项指定imagePullPolicy: IfNotPresent 优先拉取本地镜像,认证这个后面再研究 |
2.LNMP环境搭建
1. 安装nfs(每个节点都要安装)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
配置nfs节点: yum install -y nfs-common nfs-utils rpcbind mkdir /nfsdata chmod 666 /nfsdata chown nfsnobody /nfsdata cat /etc/exports /nfsdata *(rw,no_root_squash,no_all_squash,sync) systemctl start rpcbind systemctl start nfs #并且在每个节点都要创建pv对应的挂载文件夹(因为随机分散的节点容器都会挂载) mkidr -p /nfs/pv{1..4} 其他三个k8s节点,安装下nfs客户端即可。 |
2. 创建pv
|
1 2 |
mkdir /root/k8s/lnmp cd /root/k8s/lnmp |
|
1 2 3 |
vim pv.yaml 注意,php和nginx是用同一个挂载目录的,但是我用不同节点挂载同一个pv失败,可能不能这么操作(具体原因后面再研究),所以创建了2个不同名称的pv但是挂载目录都一致:pv0004 pv0005 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
apiVersion: v1 kind: PersistentVolume metadata: name: pv0001 spec: capacity: storage: 1Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /nfs/pv1 server: 192.168.6.189 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv0002 spec: capacity: storage: 2Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /nfs/pv2 server: 192.168.6.189 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv0003 spec: capacity: storage: 3Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs-mysql nfs: path: /nfs/pv3 server: 192.168.6.189 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv0004 spec: capacity: storage: 5Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs-nginx nfs: path: /nfs/pv4 server: 192.168.6.189 --- apiVersion: v1 kind: PersistentVolume metadata: name: pv0005 spec: capacity: storage: 5Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs-php nfs: path: /nfs/pv4 server: 192.168.6.189 |
|
1 |
kubectl apply -f pv.yaml |
|
1 |
说明:总共创建5个nfs类型的pvpv, 001 002 为扩展暂不使用, 003为mysql使用,004为nginx使用,005为php使用 |
3. 创建mysql密码的认证 (secret)
|
1 |
kubectl create secret generic mysql-pass --from-literal=password=123456 |
4.创建mysql的Service、pvc、deployment
|
1 2 3 4 5 |
1.pvc匹配标签为上面创建的标签为apps: mysql-pv的pv 2.指定secret为上面创建的mysql-pass 3.拉取镜像为本人阿里云mysql镜像 4.前面私有镜像的认证有问题所以我先登录私有仓库然后先拉取了镜像,所以设置优先在本地拉取imagePullPolicy: IfNotPresent 5.使用mysql-pv-claim这个pvc,把上面创建的mysql的pv挂载在容器的/var/lib/mysql目录下。 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
apiVersion: v1 kind: Service metadata: name: blog-mysql labels: app: blog-mysql spec: ports: - port: 3306 selector: app: blog-mysql --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: mysql-pv-claim spec: storageClassName: nfs-mysql accessModes: - ReadWriteMany resources: requests: storage: 3Gi --- apiVersion: apps/v1beta2 kind: Deployment metadata: name: blog-mysql spec: selector: matchLabels: app: blog-mysql strategy: type: Recreate template: metadata: labels: app: blog-mysql spec: containers: - name: mysql image: registry.cn-shanghai.aliyuncs.com/shooer/by_docker_shooter:mysql_5.6 imagePullPolicy: IfNotPresent env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysql-persistent-storage mountPath: /var/lib/mysql volumes: - name: mysql-persistent-storage persistentVolumeClaim: claimName: mysql-pv-claim |
5. 创建nginx的configmap,service,deployment ,pvc
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
apiVersion: v1 kind: ConfigMap metadata: name: nginx-wp-config data: default.conf: |- server { listen 80; server_name localhost; root /usr/local/nginx/html; index index.html index.php; location ~ \.php$ { root /usr/local/nginx/html; fastcgi_pass blog-php:9000;#这里名称为blog-php svc名称 fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name; include fastcgi_params; fastcgi_connect_timeout 60s; fastcgi_read_timeout 300s; fastcgi_send_timeout 300s; } } --- apiVersion: v1 kind: Service metadata: name: blog-nginx labels: app: nginx spec: ports: - port: 80 selector: app: blog-nginx tier: frontend type: NodePort sessionAffinity: ClientIP --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nginx-pv-claim spec: storageClassName: nfs-nginx accessModes: - ReadWriteMany resources: requests: storage: 3Gi --- apiVersion: apps/v1beta2 kind: Deployment metadata: name: blog-nginx labels: app: nginx spec: replicas: 3 selector: matchLabels: app: blog-nginx tier: frontend strategy: type: Recreate template: metadata: labels: app: blog-nginx tier: frontend spec: containers: - name: nginx image: nginx:1.16.1 imagePullPolicy: IfNotPresent ports: - containerPort: 80 name: nginx volumeMounts: - name: nginx-persistent-storage mountPath: /usr/local/nginx/html - name: config mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf volumes: - name: nginx-persistent-storage persistentVolumeClaim: claimName: nginx-pv-claim - name: config configMap: name: nginx-wp-config |
创建secret 用于配置yaml拉取镜像时登录仓库的账号密码
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
注意:这种创建方式在1.9版本中,在yaml中好像不被调用,不被执行,imagePullSecrets 好像不支持 Opaque 类型的secret kubectl create secret docker-registry registry-pass \ --docker-server=registry.cn-hangzhou.aliyuncs.com \ --docker-username=admin \ --docker-password=123123 \ --docker-email=tuobalongshen@126.com kubectl create secret docker-registry regcred \ --docker-server=<your-registry-server> \ --docker-username=<your-name> \ --docker-password=<your-pword> \ --docker-email=<your-email> |
其中,server、username和password都是必填项,email可以不填。
基于现有Docker凭据创建secret(推荐)
kubernetes集群使用docker注册表类型的秘密对容器注册表进行身份验证,以获取私有映像。
如果您已经运行了Docker登录,则可以将该凭证复制到Kubernetes中:
|
1 2 3 4 5 6 7 |
kubectl create secret generic registry-pass \ --from-file=.dockerconfigjson=/root/.docker/config.json \ --type=kubernetes.io/dockerconfigjson 或 kubectl create secret generic registry-pass \ --from-file=/root/.docker/config.json \ --type=kubernetes.io/dockerconfigjson |
在使用时,把imagePullSecrets添加到Pod配置中。
例子:
|
1 2 3 4 5 6 7 8 9 10 11 |
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: your-private-image imagePullSecrets: - name: regcred |
6. 创建php的service,pvc,deployment
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
apiVersion: v1 kind: Service metadata: name: blog-php labels: app: php spec: ports: - port: 9000 selector: app: blog-php tier: frontend --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: php-pv-claim spec: storageClassName: nfs-nginx accessModes: - ReadWriteMany resources: requests: storage: 5Gi --- apiVersion: apps/v1beta2 kind: Deployment metadata: name: blog-php labels: app: php spec: replicas: 3 selector: matchLabels: app: blog-php tier: frontend strategy: type: Recreate template: metadata: labels: app: blog-php tier: frontend spec: containers: - name: php image: registry.cn-shanghai.aliyuncs.com/shooer/by_docker_shooter:php_v7.1 imagePullPolicy: IfNotPresent ports: - containerPort: 9000 name: php volumeMounts: - name: php-persistent-storage mountPath: /usr/local/nginx/html imagePullSecrets: - name: regsecret volumes: - name: php-persistent-storage persistentVolumeClaim: claimName: php-pv-claim |
7.创建环境
|
1 2 3 |
kubectl apply -f mysql-deployment.yaml kubectl apply -f php-deployment.yaml kubectl apply -f nginx-deployment.yaml |
8. 查看pod
9.在nfs服务器上下载wordpress源码,解压到/nfs/pv4
|
1 2 3 4 |
cd /nfs/pv4 unzip wordpress-5.4.zip cp -a wordpress/* /nfs/pv4/ chown -R nobody /nfs/pv4/ |
10. 进入mysql容器配置账号密码
|
1 2 3 4 5 |
kubectl exec -it blog-mysql-797fc878cd-jj9tl bash mysql -uroot -p123456 create database wp; grant all on wp.* to 'shooter'@'%' identified by '123456'; FLUSH PRIVILEGES; |
11.查看nginx配置文件
|
1 |
kubectl exec -it blog-nginx-559ff4fc8d-jm6gp cat /etc/nginx/conf.d/default.conf |
12.查看service的地址,可以看到被映射到宿主机的31154端口
13.访问php文件看是否成功
|
1 |
http://192.168.66.20:31154/index.php |
13.访问wordpress安装
|
1 |
http://192.168.66.20:31154/wp-admin |
|
1 2 3 4 5 6 |
下一步: 填写数据库名:wp 数据库账号:root 数据库密码:123456 数据库主机:blog-mysql #这里写svc地址即可 数据表前缀:wp_ |
然后进行安装即可。
|
1 |
http://192.168.66.20:31154/wp-admin/ |
每次都用IP地址加端口访问不方便,所以创建一个Ingress,使之能直接通过域名访问,匹配blog-nginx这个service
创建ingress svc
server-ingress.yaml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP - name: https port: 443 targetPort: 443 protocol: TCP selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx |
|
1 2 3 4 5 6 7 8 9 10 |
ingress控制器会将所有监听到的ingress-svc(nginx-web)的绑定域名,www.shooter.com 写入到ingress-nginx控制器中,然后重启nginx来实现负载和转发 重点:ingress controller 会感知所有namespace的ingress资源文件 用户执行 kubectl apply ingress.yaml文件后 k8s感知到变化就调用 ingress controller 把它翻译成nginx.conf 并写到ingress-nginx的pod中,pod的名字默认nginx-ingress-controller开头 |
创建 Ingress HTTP 代理访问
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-web spec: rules: - host: www.shooter.com http: paths: - path: / backend: serviceName: blog-nginx #这里对应要代理nginx svc名称 servicePort: 80 |
在宿主机host文件中映射域名到 master机器
|
1 |
192.168.66.20 www.shooter.com |
|
1 |
然后重装一下wordpress, 如果不想重装,替换下数据库中的url为当前使用的url还有端口,否则有一些样式显示不了。建议还是重装的好。 |
访问 http://www.shooter.com:31678/wp-admin/
如果不想加端口,前面再加一层代理即可,nginx或者HA-proxy,这里不做演示。
- 本文固定链接: https://www.yoyoask.com/?p=3014
- 转载请注明: shooter 于 SHOOTER 发表
这个作者貌似有点懒,什么都没有留下。