K8s之Web服务
目录
Web服务
前端由Nginx做Tomcat的向代理,Nginx Pod 挂载NFS存储卷做动静分离访问
运行Nginx
Nginx 镜像制作
制作Centos基础镜像
下载centos iamge 并上传到harbor
root@master1:~# docker tag centos:centos7.7.1908 harbor.linux.com/baseimages/centos:centos7.7.1908
root@master1:~# docker push harbor.linux.com/baseimages/centos:centos7.7.1908
镜像文件列表
root@master1:/opt/data/dockerfile/system/centos# pwd
/opt/data/dockerfile/system/centos
root@master1:/opt/data/dockerfile/system/centos# tree
.
├── base.repo
├── build-command.sh
├── Dockerfile
└── filebeat-7.6.1-x86_64.rpm
0 directories, 4 files
Centos Dockerfile
root@master1:/opt/data/dockerfile/system/centos# cat Dockerfile
FROM harbor.linux.com/baseimages/centos:centos7.7.1908
MAINTAINER JevonWei "jevonran@163.com"
ADD filebeat-7.6.1-x86_64.rpm /tmp/
RUN rm -rf /etc/yum.repos.d/*
ADD base.repo /etc/yum.repos.d/
RUN yum install -y /tmp/filebeat-7.6.1-x86_64.rpm && rm -rf /tmp/filebeat-7.6.1-x86_64.rpm
RUN yum install -y vim wget tree lrzsz automake pcre pcre-devel gcc gcc-c++ zlib zlib-devel openssl openssl-devel net-tools iotop unzip zip iproute ntpdate nfs-utils tcp dump telnet traceroute
RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && useradd nginx -u 2020 && useradd www -u 2019
build-command 脚本
root@master1:/opt/data/dockerfile/system/centos# cat build-command.sh
#!/bin/bash
docker build -t harbor.linux.com/baseimages/centos-jevon-base:7.7.1908 .
sleep 1
docker push harbor.linux.com/baseimages/centos-jevon-base:7.7.1908
执行build-command
root@master1:/opt/data/dockerfile/system/centos# bash build-command.sh
harbor中验证镜像
harbor中验证镜像已上传
制作Nginx 镜像
镜像文件列表
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# tree
.
├── build-command.sh
├── Dockerfile
└── nginx-1.14.2.tar.gz
0 directories, 3 files
Nginx Dockerfile
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# cat Dockerfile
#Nginx Base Image
FROM harbor.linux.com/baseimages/centos-jevon-base:7.7.1908
MAINTAINER jevonran@163.com
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlibdevel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.14.2.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.14.2 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx && rm -rf /usr/local/src/nginx-1.14.2.tar.gz
build-command.sh
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# cat build-command.sh
#!/bin/bash
docker build -t harbor.linux.com/webimages/nginx-base:v1.14.2 .
sleep 1
docker push harbor.linux.com/webimages/nginx-base:v1.14.2
执行build-command
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# bash build-command.sh
harbor中验证镜像
Nginx业务镜像制作
镜像文件列表
root@master1:/opt/data/dockerfile/web/jevon/nginx# tree
.
├── build-command.sh
├── Dockerfile
├── index.html
├── nginx.conf
└── webapp
└── index.html
1 directory, 5 files
Dockerfile
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat Dockerfile
#Nginx Base Image
FROM harbor.linux.com/webimages/nginx-base:v1.14.2
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD webapp/* /usr/local/nginx/html/webapp/
ADD index.html /usr/local/nginx/html/index.html
RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images
EXPOSE 80 443
CMD ["nginx"]
Nginx配置文件
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat nginx.conf
user nginx nginx;
worker_processes auto;
daemon off;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location webapp/ {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Nginx测试页
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat index.html
Nginx Web Page
webapp测试页
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat webapp/index.html
Nginx Webapp Page
build-command.sh
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.linux.com/danran/nginx-web1:${TAG} .
sleep 1
docker push harbor.linux.com/danran/nginx-web1:${TAG}
执行build-command
root@master1:/opt/data/dockerfile/web/jevon/nginx# bash build-command.sh v1
harbor中验证镜像
测试nginx业务镜像可以启动为容器
root@master1:~# docker run -it --rm -p 80:80 harbor.linux.com/danran/nginx-web1:v1
访问测试Nginx业务web页面
root@master1:/opt/data/dockerfile/system/centos# curl 10.203.104.20/webapp/
Nginx Webapp Page
root@master1:/opt/data/dockerfile/system/centos# curl 10.203.104.20
Nginx Web Page
k8s中创建Nginx pod
NFS中新建两个共享目录
root@ha1:~# vim /etc/exports
/data/danran/static *(rw,no_root_squash)
/data/danran/images *(rw,no_root_squash)
root@ha1:~# mkdir /data/danran/images
root@ha1:~# mkdir /data/danran/static
root@ha1:/data/danran/static# cat danran.js
danran Js file
root@ha1:~# systemctl restart nfs-server.service
root@ha1:~# exportfs
/data/danran/static
<world>
/data/danran/images
<world>
创建danran Namespaces
root@master1:/opt/data/yaml/namespaces# cat danran-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: danran
root@master1:/opt/data/yaml/namespaces# kubectl apply -f danran-ns.yaml
namespace/danran created
Nginx.yaml
使用nfs挂载volume
root@master1:/opt/data/yaml/danran/nginx# cat nginx.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: danran-nginx-deployment-label
name: danran-nginx-deployment
namespace: danran
spec:
replicas: 1
selector:
matchLabels:
app: danran-nginx-selector
template:
metadata:
labels:
app: danran-nginx-selector
spec:
containers:
- name: danran-nginx-container
image: harbor.linux.com/danran/nginx-web1:v1
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
- containerPort: 443
protocol: TCP
name: https
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 512Mi
volumeMounts:
- name: danran-images
mountPath: /usr/local/nginx/html/webapp/images
readOnly: false
- name: danran-static
mountPath: /usr/local/nginx/html/webapp/static
readOnly: false
volumes:
- name: danran-images
nfs:
server: 10.203.104.30
path: /data/danran/images
- name: danran-static
nfs:
server: 10.203.104.30
path: /data/danran/static
---
kind: Service
apiVersion: v1
metadata:
labels:
app: danran-nginx
name: danran-nginx-spec
namespace: danran
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 40002
- name: https
port: 443
protocol: TCP
targetPort: 443
nodePort: 40043
selector:
app: danran-nginx-selector
创建K8s Pod
root@master1:/opt/data/yaml/danran/nginx# kubectl apply -f nginx.yaml
deployment.apps/danran-nginx-deployment configured
service/danran-nginx-spec created
root@master1:~# kubectl get pod -n danran
NAME READY STATUS RESTARTS AGE
danran-nginx-deployment-fb55d7bf9-xsrmf 1/1 Running 0 3m56s
测试Nginx Pod的web 界面
http://10.203.104.26:40002/webapp/
HA中配置Nginx的负载均衡
Nginx的负载均衡IP使用keepalived的 VIP地址
root@ha1:~# cat /etc/haproxy/haproxy.cfg
listen danran-nginx-80
bind 10.203.104.213:80
mode tcp
server master1 10.203.104.26:40002 check inter 3s fall 3 rise 5
server master2 10.203.104.27:40002 check inter 3s fall 3 rise 5
server master3 10.203.104.28:40002 check inter 3s fall 3 rise 5
root@ha1:~# systemctl restart haproxy
root@ha1:~# ss -ntl | grep 10.203.104.213
LISTEN 0 128 10.203.104.213:80 0.0.0.0:*
访问HA VIP测试Nginx
http://10.203.104.213/webapp/static/danran.js
运行Tomcat
JDK基础镜像
JDK基础镜像文件列表
root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# tree
.
├── build-command.sh
├── Dockerfile
├── jdk-8u212-linux-x64.tar.gz
└── profile
0 directories, 4 files
Dockerfile文件内容
root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat Dockerfile
#JDK Base Image
FROM harbor.linux.com/baseimages/centos-jevon-base:7.7.1908
MAINTAINER Jevonran "jevonran@163.com"
ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
ADD profile /etc/profile
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
profile
root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat profile
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "${PS1-}" ]; then
if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "`id -u`" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
export JAVA_HOME=/usr/local/jdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
export PATH=$PATH:$JAVA_HOME/bin
build-command脚本
root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat build-command.sh
#!/bin/bash
docker build -t harbor.linux.com/webimages/jdk-base:v8.212 .
sleep 1
docker push harbor.linux.com/webimages/jdk-base:v8.212
执行构建JDK基础镜像
root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# bash build-command.sh
验证JDK镜像启动为容器后的java环境
root@master1:~# docker run -it --rm harbor.linux.com/webimages/jdk-base:v8.212 bash
[root@e8a310788efd /]# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)
Tomcat基础镜像
https://tomcat.apache.org/download-80.cgi
基础镜像文件列表
root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# tree
.
├── apache-tomcat-8.5.43.tar.gz
├── build-command.sh
└── Dockerfile
0 directories, 3 files
Dockerfile文件内容
root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat Dockerfile
# cat Dockerfile
#JDK Base Image
FROM harbor.linux.com/webimages/jdk-base:v8.212
MAINTAINER jevonran "jevonran@163.com"
RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv
ADD apache-tomcat-8.5.43.tar.gz /apps
RUN useradd tomcat -u 2021 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R nginx.nginx /apps /data -R
build-command脚本
root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat build-command.sh
#!/bin/bash
docker build -t harbor.linux.com/webimages/tomcat-base:v8.5.43 .
sleep 3
docker push harbor.linux.com/webimages/tomcat-base:v8.5.43
构建tomcat基础镜像
root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# bash build-command.sh
测试访问tomcat基础镜像启动为容器
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@89f76f434943 /]# /apps/tomcat/bin/catalina.sh start
Using CATALINA_BASE: /apps/tomcat
Using CATALINA_HOME: /apps/tomcat
Using CATALINA_TMPDIR: /apps/tomcat/temp
Using JRE_HOME: /usr/local/jdk/jre
Using CLASSPATH: /apps/tomcat/bin/bootstrap.jar:/apps/tomcat/bin/tomcat-juli.jar
Tomcat started.
[root@89f76f434943 /]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 1 127.0.0.1:8005 *:*
LISTEN 0 100 *:8009 *:*
LISTEN 0 100 *:8080 *:*
tomcat业务镜像app制作
cat业务镜像文件列表
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# tree
.
├── app1.tar.gz
├── build-command.sh
├── catalina.sh
├── Dockerfile
├── filebeat.yml
├── myapp
│ └── index.html
├── run_tomcat.sh
└── server.xml
1 directory, 8 files
Dockerfile文件内容
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat Dockerfile
# cat Dockerfile
#tomcat web1
FROM harbor.linux.com/webimages/tomcat-base:v8.5.43
ADD catalina.sh /apps/tomcat/bin/catalina.sh
ADD server.xml /apps/tomcat/conf/server.xml
#ADD myapp/* /data/tomcat/webapps/myapp/
ADD app1.tar.gz /data/tomcat/webapps/myapp/
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
ADD filebeat.yml /etc/filebeat/filebeat.yml
RUN mkdir /usr/local/nginx/html/webapp/images /usr/local/nginx/html/webapp/static -p
RUN chown -R nginx.nginx /data/ /apps/ /usr/local/nginx/html
EXPOSE 8080 8443
CMD ["/apps/tomcat/bin/run_tomcat.sh"]
修改catalina.sh
从harbor.linux.com/webimages/tomcat-base:v8.5.43镜像启动一个容器,拷贝catalina.sh到master上
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@99469a1736ea /]# scp /apps/tomcat/bin/catalina.sh 10.203.104.20:/opt/data/dockerfile/web/jevon/tomcat-app1/
编辑/opt/data/dockerfile/web/jevon/tomcat-app1/catalina.sh文件的java启动参数
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat catalina.sh
JAVA_OPTS="-server -Xms1g -Xmx1g -Xss512k -Xmn1g -XX:CMSInitiatingOccupancyFraction=65 -XX:+UseFastAccessorMethods -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:-DisableExplicitGC -XX:MaxTenuringThreshold=10 -XX:NewSize=2048M -XX:MaxNewSize=2048M -XX:NewRatio=2 -XX:PermSize=128m -XX:MaxPermSize=512m -XX:CMSFullGCsBeforeCompaction=5 -XX:+ExplicitGCInvokesConcurrent -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled"
修改server.xml
从harbor.linux.com/webimages/tomcat-base:v8.5.43镜像启动一个容器,拷贝server.xml到master上
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@99469a1736ea /]# scp /apps/tomcat/conf/server.xml 10.203.104.20:/opt/data/dockerfile/web/jevon/tomcat-app1/
修改/opt/data/dockerfile/web/jevon/tomcat-app1/server.xml的工作目录appBase="/data/tomcat/webapps
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat server.xml
<Host name="localhost" appBase="/data/tomcat/webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
tomcat启动脚本
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat run_tomcat.sh
#!/bin/bash
su - nginx -c "/apps/tomcat/bin/catalina.sh start"
tail -f /etc/hosts
filebeat.yml
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat filebeat.yml
filebeat.prospectors:
- input_type: log
paths:
- /app/tomcat/logs/cataline.out
fields:
type: tomcat-cayaline
output.redis:
hosts: ["10.203.104.20:6379"]
key: "jevon-app1"
db: 1
timeout: 5
password: 12345
准备测试界面
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# mkdir myapp/
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat myapp/index.html
Tomcat app1
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cd myapp/
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# tar -zcvf app1.tar.gz index.html
index.html
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# mv app1.tar.gz ../
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# cd ..
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# ls
app1.tar.gz build-command.sh catalina.sh Dockerfile filebeat.yml myapp run_tomcat.sh server.xml
build-command
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.linux.com/danran/tomcat-app1:${TAG} .
sleep 3
docker push harbor.linux.com/danran/tomcat-app1:${TAG}
执行构建tomcat业务镜像
构建镜像前,需为ADD到镜像的sh脚本文件添加x执行权限
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# chmod o+x *.sh
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# ll
total 52
drwxr-xr-x 3 root root 158 Jun 16 21:30 ./
drwxr-xr-x 4 root root 38 Jun 16 20:47 ../
-rw-r--r-- 1 root root 167 Jun 16 21:23 app1.tar.gz
-rw-r--r-x 1 root root 143 Jun 16 21:30 build-command.sh*
-rwxr-x--x 1 root root 23887 Jun 16 21:16 catalina.sh*
-rw-r--r-- 1 root root 448 Jun 16 20:50 Dockerfile
-rw-r--r-- 1 root root 227 Jun 16 21:22 filebeat.yml
drwxr-xr-x 2 root root 24 Jun 16 21:22 myapp/
-rw-r--r-x 1 root root 83 Jun 16 21:28 run_tomcat.sh*
-rw------- 1 root root 7524 Jun 16 21:18 server.xml
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# bash build-command.sh v1
测试tomcat业务镜像启动为容器
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/danran/tomcat-app1:v1 bash
http://10.203.104.20:8801/myapp/
k8s集群中运行Tomcat
tomcat-app1.yaml
root@master1:/opt/data/yaml/danran/tomcat-app1# cat tomcat-app1.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: danran-tomcat-app1-deployment-label
name: danran-tomcat-app1-deployment-label
namespace: danran
spec:
replicas: 1
selector:
matchLabels:
app: danran-tomcat-app1-selector
template:
metadata:
labels:
app: danran-tomcat-app1-selector
spec:
containers:
- name: danran-tomcat-app1-container
image: harbor.linux.com/danran/tomcat-app1:v1
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1
memory: 512Mi
volumeMounts:
- name: danran-images
mountPath: /usr/local/nginx/html/webapp/images
readOnly: false
- name: danran-static
mountPath: /usr/local/nginx/html/webapp/static
readOnly: false
volumes:
- name: danran-images
nfs:
server: 10.203.104.30
path: /data/danran/images
- name: danran-static
nfs:
server: 10.203.104.30
path: /data/danran/static
---
kind: Service
apiVersion: v1
metadata:
labels:
app: danran-tomcat-app1-service-label
name: danran-tomcat-app1-service
namespace: danran
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
nodePort: 40004
selector:
app: danran-tomcat-app1-selector
创建tomcat业务pod
root@master1:/opt/data/yaml/danran/tomcat-app1# kubectl apply -f tomcat-app1.yaml
deployment.apps/danran-tomcat-app1-deployment-label created
service/danran-nginx-app1-service created
验证pod启动成功
root@master1:~# kubectl get pods -n danran
NAME READY STATUS RESTARTS AGE
danran-nginx-deployment-fb55d7bf9-xsrmf 1/1 Running 0 22h
danran-tomcat-app1-deployment-label-557cd56c58-xllzz 1/1 Running 0 4s
root@master1:~# kubectl get service -n danran
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
danran-nginx-spec NodePort 172.28.170.109 <none> 80:40002/TCP,443:40043/TCP 22h
danran-tomcat-app1-service NodePort 172.28.28.81 <none> 80:40004/TCP 38s
验证tomcat app1业务容器NFS挂载
测试访问tomcat业务pod的nodeport
k8s中nginx+tomcat实现动静分离
实现一个通用的nginx+tomcat动静分离web架构,即用户访问的静态页面和图片在由nginx直接响应,而动态请求则基于location转发至tomcat。
Nginx基于tomcat的service name转发用户请求到tomcat业务app
查看tomcat app1的server name
root@master1:~# kubectl get service -n danran
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
danran-nginx-spec NodePort 172.28.170.109 <none> 80:40002/TCP,443:40043/TCP 24h
danran-tomcat-app1-service NodePort 172.28.190.66 <none> 80:40004/TCP 10m
nginx业务镜像配置
nginx配置文件
tomcat对应的service为danran-tomcat-app1-service
定义upstream反向代理到danran-tomcat-app1-service.danran.svc.linux.local:80 的Nginx节点
访问/myapp的地址转发到upstream组中
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat nginx.conf
user nginx nginx;
worker_processes auto;
daemon off;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream tomcat_webserver {
server danran-tomcat-app1-service.danran.svc.linux.local:80;
}
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location webapp/ {
root html;
index index.html index.htm;
}
location /myapp {
proxy_pass http://tomcat_webserver;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
重新构建nginx业务镜像
root@master1:/opt/data/dockerfile/web/jevon/nginx# bash build-command.sh
镜像启动为容容器并验证配置文件
root@master1:~# docker run -it --rm harbor.linux.com/danran/nginx-web1:v2 bash
[root@1dee182b07dd /]# cat /usr/local/nginx/conf/nginx.conf
重新创建业务nginx pod
删除并重新创建nginx业务镜像
root@master1:/opt/data/yaml/danran/nginx# kubectl delete -f nginx.yaml
deployment.apps "danran-nginx-deployment" deleted
service "danran-nginx-spec" deleted
更新image地址为新构建的镜像
root@master1:/opt/data/yaml/danran/nginx# cat nginx.yaml | grep image
image: harbor.linux.com/danran/nginx-web1:v2
新建pod
root@master1:/opt/data/yaml/danran/nginx# kubectl apply -f nginx.yaml
deployment.apps/danran-nginx-deployment created
service/danran-nginx-spec created
访问测试
danran