作业
作业:
1、修改此前部署的Wordpress和MySQL中的环境变量的配置方式,其数据要引用自同一个Secret对象;
#Secret文件
apiVersion: v1
data:
db.name: d3BkYg==
db.pass: bWFnZWR1LmNvbQ==
db.user: d3B1c2Vy
root.pass: bWFnZWR1
kind: Secret
metadata:
creationTimestamp: "2024-09-02T10:50:46Z"
name: mysql-login
namespace: default
resourceVersion: "107951"
uid: be4a97f9-0e6f-4136-a8d1-e2d62cc94503
type: Opaque
#mysql文件
[root@k8s-master01 ~]#cat mysql.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql
namespace: default
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-login
key: root.pass
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: mysql-login
key: db.name
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-login
key: db.user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-login
key: db.pass
volumeMounts:
- mountPath: /var/lib/mysql
name: mysqldata
volumes:
- name: mysqldata
persistentVolumeClaim:
claimName: pvc-nfs-dynamic-mysql
#wordpress文件
[root@k8s-master01 ~]#cat wordpress.yaml
apiVersion: v1
kind: Pod
metadata:
name: wordpress
namespace: default
labels:
app: wordpress
spec:
initContainers:
- name: init-user-setup
image: ikubernetes/admin-box:latest
command: ['sh', '-c', 'chown -R 33:33 /var/www/html']
volumeMounts:
- mountPath: /var/www/html
name: wordpressdata
containers:
- name: wordpress
image: wordpress:5.7
resources:
requests:
memory: "512Mi"
cpu: "300m"
limits:
memory: "512Mi"
cpu: "400m"
env:
- name: WORDPRESS_DB_HOST
value: mysql-service
- name: WORDPRESS_DB_NAME
valueFrom:
secretKeyRef:
name: mysql-login
key: db.name
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: mysql-login
key: db.user
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-login
key: db.pass
volumeMounts:
- mountPath: /var/www/html
name: wordpressdata
volumes:
- name: wordpressdata
persistentVolumeClaim:
claimName: pvc-nfs-dynamic
2、修改此前部署的Wordpress和MySQL中的数据存储位置,要求:
(1) 基于PVC卷存储数据,且PVC卷关联的PV通过动态置备完成;
#部署NFS SERVER
#创建nfs名称空间,应用配置文件,配置文件中pod和service的名称空间为default,需要手动修改配置文件为nfs
kubectl create namespace nfs
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/nfs-provisioner/nfs-server.yaml --namespace nfs
安装NFS CSI Driver到kubernetes cluster
git clone https://github.com/iKubernetes/learning-k8s.git
cd learning-k8s
kubectl apply -f csi-driver-nfs/deploy/03-csi-driver-nfs-4.2/
#创建StorageClas
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
annotations: #注释将该存储类设置为默认存储类,意味着如果在创建 PVC 时未指定存储类,Kubernetes 将自动使用这个存储类
storageclass.kubernetes.io/is-default-class: "true"
provisioner: nfs.csi.k8s.io #指定了由哪个nfs.csi.k8s.io CSI驱动程序来管理存储卷
parameters: #指定NFS服务器的地址,nfs-server.nfs.svc.cluster.local是 Kubernetes 集群内的DNS名称
#server: nfs-server.default.svc.cluster.local
server: nfs-server.nfs.svc.cluster.local
#server: nfs.magedu.com
share: / #nfs导出共享目录的根路径,非nfs的根目录,本例中为/exports目录
#share: /data
reclaimPolicy: Delete #回收策略为删除,当 PVC 被删除时,关联的 PV 也会被自动删除。生产中建议设置为Retain
volumeBindingMode: Immediate #表示卷的绑定操作会在 PVC 创建时立即发生,而不是等到 Pod 实际调度时再进行。这通常用于对延迟要求较低的场景。
#mountOptions: #挂载选项
# - hard #挂载方式硬挂载
# - nfsvers=4.1 #指定NFS协议版本4.1
#为wordpress和mysql分别创建pvc文件
[root@k8s-master01 ~]#cat nfs-pvc-dynamic.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-nfs-dynamic
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: nfs-csi
[root@k8s-master01 ~]#cat nfs-pvc-dynamic-mysql.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-nfs-dynamic-mysql
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: nfs-csi
#wordpress和mysql的pod文件引用pvc,参考前面的配置文件
(2) MySQL:/var/lib/mysql, Wordpress: /var/www/html
(3) 扩展作业:设定Wordpress中的应用以非管理员身份运行,注意监听的端口和挂载点文件系统的访问权限;
参考wordpress配置文件,初始化容器配置
(4) 扩展作业:试着为Wordpress和MySQL设定资源需求和资源限制,以及LivenessProbe和ReadinessProbe;
参考wordpress配置文件资源需求和资源限制
3、设定一个nginx服务器,为Wordpress提供反向代理,而且要求虚拟主机同时提供http和https服务,而强制http跳转至https;
准备证书和nginx配置文件,创建secert和configmap
[root@k8s-master01 ~]#ls certs/
nginx.crt nginx.key
[root@k8s-master01 ~]#ls nginx-conf.d/
myserver-gzip.cfg myserver-status.cfg myserver.conf
kubectl create secret tls nginx-wordpress --cert=./certs/nginx.crt --key=./certs/nginx.key
kubectl create configmap nginx-sslvhosts-confs-wordpress --from-file=./nginx-conf.d
准备nginx pod文件
[root@k8s-master01 ~]#cat nginx-wordpress.yaml
# Maintainer: MageEdu <mage@magedu.com>
# URL: http://www.magedu.com
---
apiVersion: v1
kind: Pod
metadata:
name: nginx-wordpress
labels:
app: nginx-proxy
namespace: default
spec:
containers:
- image: nginx:alpine
name: ngxserver
volumeMounts:
- name: nginxcerts
mountPath: /etc/nginx/certs/
readOnly: true
- name: nginxconfs
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: nginxcerts
secret:
secretName: nginx-wordpress
- name: nginxconfs
configMap:
name: nginx-sslvhosts-confs-wordpress
optional: false
容器内部执行curl命令发现http跳转到https,并代理给了wordpress
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· Vue3状态管理终极指南:Pinia保姆级教程