21--k8s部署discuz
阿新 • • 發佈:2021-12-05
目錄
一,基礎部署wordpress
[root@node k8s]# vim mysql.yaml apiVersion: v1 kind: Namespace metadata: name: mysql --- kind: Service apiVersion: v1 metadata: name: mysql namespace: mysql spec: ports: - name: http port: 3306 targetPort: 3306 selector: app: mysql --- apiVersion: apps/v1 kind: Deployment metadata: name: name-mysql namespace: mysql spec: selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: mysql:5.7 env: - name: MYSQL_ROOT_PASSWORD value: "123456"
[root@node k8s]# cat wordpress.yaml apiVersion: v1 kind: Namespace metadata: name: wordpress --- apiVersion: v1 kind: Service metadata: name: wordpress namespace: wordpress spec: ports: - name: http port: 80 targetPort: 80 - name: https port: 443 targetPort: 443 selector: app: wordpress type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: wordpress namespace: wordpress spec: selector: matchLabels: app: wordpress template: metadata: labels: app: wordpress spec: containers: - name: php image: alvinos/php:wordpress-v2 - name: nginx image: alvinos/nginx:wordpress-v2
[root@node k8s]# kubectl get pods -n mysql NAME READY STATUS RESTARTS AGE name-mysql-56f8cdb464-b2klq 1/1 Running 0 40m [root@node k8s]# kubectl exec -it -n mysql name-mysql-56f8cdb464-b2klq -- bash root@name-mysql-56f8cdb464-b2klq:/# mysql -uroot -p Enter password: 123456 ... mysql> create database wordpress; Query OK, 1 row affected (0.01 sec) mysql> exit
[root@node k8s]# kubectl get svc -n wordpress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress NodePort 10.104.183.253 <none> 80:30311/TCP,443:31933/TCP 30m
訪問ip:30311
加上ingress
1.http部署
mysql.yaml不變
[root@k8s-n1 k8s]# cat wordpree.yaml
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app: wordpress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: php
image: alvinos/php:wordpress-v2
- name: nginx
image: alvinos/nginx:wordpress-v2
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: wordpress
namespace: wordpress
spec:
rules:
- host: "www.wordpress.com" # 要繫結的域名
http:
paths:
- path: / # 請求的路徑
pathType: Prefix #自由匹配
backend:
service:
name: wordpress # 必須和service的名字一致才可以繫結
port:
number: 80 # 服務的埠號
[root@k8s-n1 k8s]# kubectl get ingress -n wordpress
NAME CLASS HOSTS ADDRESS PORTS AGE
wordpress <none> www.wordpress.com 80 8m19s
[root@k8s-n1 k8s]# kubectl get svc -n wordpress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress NodePort 10.99.151.6 <none> 80:32379/TCP,443:32121/TCP 24m
訪問 域名:32379
2.https部署
# 生成證書
[root@m01 k8s]# openssl genrsa -out tls.key 2048
[root@m01 k8s]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wordpress.com
# 檢視
[root@m01 k8s]# ll
-rw-r--r-- 1 root root 1289 Aug 12 22:46 tls.crt
-rw-r--r-- 1 root root 1679 Aug 12 22:46 tls.key
# 繫結證書
kubectl -n [名稱空間] create secret tls [secretname] --cert=[證書.crt] --key=[證書.key]
kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: wordpress
spec:
tls:
- secretName: ingress-tls
rules:
- host: "www.wordpress.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress
port:
number: 80
# 部署
kubectl apply -f
# 配置hosts訪問
www.wordpress.com:30542
二、k8s部署discuz
要求:
ingress ---> headless service ---> pod
1、要有健康檢查
2、要求有https
3、要求有儲存卷(hostpath)
1、下載discuz安裝包,並解壓,同步到所有節點上
[root@k8s-m-01 /opt/discuz]# for i in m2 m3;do ssh root@$i "mkdir -pv /opt/discuz" && scp discuz.tar.gz root@$i:/opt/discuz/; ssh root@$i "cd /opt/discuz && tar -xf discuz.tar.gz -C /opt/discuz && chmod -R o+w /opt/discuz/upload"; done
2、構思架構,並且編寫配置清單(見下文)
3、部署並除錯
1、建立HTTPS證書
[root@k8s-m-01 /opt/discuz]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
.................................................................................+++
e is 65537 (0x10001)
[root@k8s-m-01 /opt/discuz]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.discuz.cluster.local.com
2、部署證書
[root@k8s-m-01 /opt/discuz]# kubectl create namespace discuz
namespace/discuz created
[root@k8s-m-01 /opt/discuz]# kubectl -n discuz create secret tls discuz-secret --cert=tls.crt --key=tls.key
secret/discuz-secret created
配置清單
#########################################################################################
# 1、部署MySQL叢集
# 1、建立名稱空間
# 2、建立service提供負載均衡
# 3、使用控制器部署MySQL例項
###
# 2、部署Discuz應用
# 1、建立名稱空間
# 2、建立Service提供負載均衡(Headless Service)
# 3、建立服務並掛載程式碼
# 4、建立Ingress,用於域名轉發(https)
###
# 3、服務之間的互連
# 1、Discuz連線MySQL ---> mysql.mysql.svc.cluster.local
#########################################################################################
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
kind: Service
apiVersion: v1
metadata:
name: mysql-svc
namespace: mysql
spec:
ports:
- port: 3306
targetPort: 3306
name: mysql
protocol: TCP
selector:
app: mysql
deploy: discuz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-deployment
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
deploy: discuz
template:
metadata:
labels:
app: mysql
deploy: discuz
spec:
nodeName: k8s-m-02
containers:
- name: mysql
image: mysql:5.7
livenessProbe: #存活性檢查
tcpSocket:
port: 3306
readinessProbe: #就緒性檢查
tcpSocket:
port: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
- name: MYSQL_DATABASE #預設建立的資料庫
value: "discuz"
#lifecycle: #啟動回撥鉤子,和預設建立資料庫value的方式2選1,推薦,因可以指定字元編碼
# postStart:
# exec:
# command:
# - "/bin/bash"
# - "-c"
# - "mysql -uroot -p123456 -e 'create database discuz charset utf8;'"
volumeMounts: #掛載
- mountPath: /var/lib/mysql #掛載的路徑,容器內
name: mysql-data
volumes:
- name: mysql-data
hostPath:
path: /opt/discuz/mysql #宿主主機的路徑
---
kind: Namespace
apiVersion: v1
metadata:
name: discuz
---
kind: Service
apiVersion: v1
metadata:
name: discuz-svc
namespace: discuz
spec:
clusterIP: None
ports:
- port: 80
targetPort: 80
name: http
selector:
app: discuz
deploy: discuz
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: discuz-deployment
namespace: discuz
spec:
selector:
matchLabels:
app: discuz
deploy: discuz
template:
metadata:
labels:
app: discuz
deploy: discuz
spec:
containers:
- name: php
image: alvinos/php:wordpress-v2
livenessProbe:
tcpSocket:
port: 9000
readinessProbe:
tcpSocket:
port: 9000
volumeMounts:
- mountPath: /usr/share/nginx/html #掛載在容器的路徑
name: discuz-data
- name: nginx
image: alvinos/nginx:wordpress-v2
livenessProbe:
httpGet:
port: 80
path: /
readinessProbe:
httpGet:
port: 80
path: /
volumeMounts:
- mountPath: /usr/share/nginx/html
name: discuz-data
volumes:
- name: discuz-data
hostPath:
path: /opt/discuz/upload
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: discuz-ingress
namespace: discuz
spec:
tls:
- hosts:
- www.discuz.cluster.local.com
secretName: discuz-secret
rules:
- host: www.discuz.cluster.local.com
http:
paths:
- backend:
serviceName: discuz-svc
servicePort: 80