K8s之Web服务

目录

Web服务

前端由Nginx做Tomcat的向代理,Nginx Pod 挂载NFS存储卷做动静分离访问

运行Nginx

Nginx 镜像制作

制作Centos基础镜像

下载centos iamge 并上传到harbor

root@master1:~# docker tag centos:centos7.7.1908 harbor.linux.com/baseimages/centos:centos7.7.1908
root@master1:~# docker push harbor.linux.com/baseimages/centos:centos7.7.1908
镜像文件列表
root@master1:/opt/data/dockerfile/system/centos# pwd
/opt/data/dockerfile/system/centos
root@master1:/opt/data/dockerfile/system/centos# tree
.
├── base.repo
├── build-command.sh
├── Dockerfile
└── filebeat-7.6.1-x86_64.rpm

0 directories, 4 files
Centos Dockerfile
root@master1:/opt/data/dockerfile/system/centos# cat Dockerfile 
FROM harbor.linux.com/baseimages/centos:centos7.7.1908
MAINTAINER JevonWei "jevonran@163.com"
ADD filebeat-7.6.1-x86_64.rpm /tmp/
RUN rm -rf /etc/yum.repos.d/*
ADD base.repo /etc/yum.repos.d/
RUN yum install -y /tmp/filebeat-7.6.1-x86_64.rpm && rm -rf /tmp/filebeat-7.6.1-x86_64.rpm
RUN yum install -y vim wget tree lrzsz automake pcre pcre-devel gcc gcc-c++ zlib zlib-devel openssl openssl-devel net-tools iotop unzip zip iproute ntpdate nfs-utils tcp dump telnet traceroute
RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && useradd nginx -u 2020 && useradd www -u 2019
build-command 脚本
root@master1:/opt/data/dockerfile/system/centos# cat build-command.sh 
#!/bin/bash
docker build -t harbor.linux.com/baseimages/centos-jevon-base:7.7.1908 .
sleep 1
docker push harbor.linux.com/baseimages/centos-jevon-base:7.7.1908
执行build-command
root@master1:/opt/data/dockerfile/system/centos# bash build-command.sh
harbor中验证镜像

harbor中验证镜像已上传

制作Nginx 镜像

镜像文件列表
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# tree
.
├── build-command.sh
├── Dockerfile
└── nginx-1.14.2.tar.gz

0 directories, 3 files
Nginx Dockerfile
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# cat Dockerfile 
#Nginx Base Image
FROM harbor.linux.com/baseimages/centos-jevon-base:7.7.1908
MAINTAINER jevonran@163.com
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlibdevel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.14.2.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.14.2 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx && rm -rf /usr/local/src/nginx-1.14.2.tar.gz
build-command.sh
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# cat build-command.sh 
#!/bin/bash
docker build -t harbor.linux.com/webimages/nginx-base:v1.14.2 .
sleep 1
docker push harbor.linux.com/webimages/nginx-base:v1.14.2
执行build-command
root@master1:/opt/data/dockerfile/web/pub-images/nginx-base# bash build-command.sh
harbor中验证镜像

Nginx业务镜像制作

镜像文件列表
root@master1:/opt/data/dockerfile/web/jevon/nginx# tree
.
├── build-command.sh
├── Dockerfile
├── index.html
├── nginx.conf
└── webapp
    └── index.html

1 directory, 5 files
Dockerfile
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat Dockerfile 
#Nginx Base Image
FROM harbor.linux.com/webimages/nginx-base:v1.14.2

ADD nginx.conf /usr/local/nginx/conf/nginx.conf
ADD webapp/* /usr/local/nginx/html/webapp/
ADD index.html /usr/local/nginx/html/index.html

RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images
EXPOSE 80 443
CMD ["nginx"]
Nginx配置文件
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat nginx.conf 
user	nginx nginx;
worker_processes	auto;

daemon off;

events { 
    worker_connections 1024;
}

http {
    include		mime.types;
    default_type	application/octet-stream;

    sendfile	on;
    keepalive_timeout	65;

    server {
        listen		80;
        server_name	localhost;

        location  /  {
            root	html;
            index	index.html index.htm;
        }

        location  webapp/  {
            root	html;
            index	index.html index.htm;

    }

        error_page	500 502 503 504 /50x.html;
        location = /50x.html {
            root	html;	
        }
    }
}    
Nginx测试页
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat index.html 
Nginx Web Page
webapp测试页
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat webapp/index.html 
Nginx Webapp Page
build-command.sh
root@master1:/opt/data/dockerfile/web/jevon/nginx# cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t harbor.linux.com/danran/nginx-web1:${TAG} .
sleep 1
docker push  harbor.linux.com/danran/nginx-web1:${TAG}
执行build-command
root@master1:/opt/data/dockerfile/web/jevon/nginx# bash build-command.sh v1

harbor中验证镜像

测试nginx业务镜像可以启动为容器
root@master1:~# docker run -it --rm -p 80:80 harbor.linux.com/danran/nginx-web1:v1
访问测试Nginx业务web页面
root@master1:/opt/data/dockerfile/system/centos# curl 10.203.104.20/webapp/
Nginx Webapp Page
root@master1:/opt/data/dockerfile/system/centos# curl 10.203.104.20
Nginx Web Page

k8s中创建Nginx pod

NFS中新建两个共享目录

root@ha1:~# vim /etc/exports 
/data/danran/static *(rw,no_root_squash)
/data/danran/images *(rw,no_root_squash)

root@ha1:~# mkdir /data/danran/images
root@ha1:~# mkdir /data/danran/static
root@ha1:/data/danran/static# cat danran.js 
danran Js file


root@ha1:~# systemctl restart nfs-server.service

root@ha1:~# exportfs 
/data/danran/static
        <world>
/data/danran/images
        <world>

创建danran Namespaces

root@master1:/opt/data/yaml/namespaces# cat danran-ns.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: danran
  
  
root@master1:/opt/data/yaml/namespaces# kubectl apply -f danran-ns.yaml 
namespace/danran created

Nginx.yaml

使用nfs挂载volume
root@master1:/opt/data/yaml/danran/nginx# cat nginx.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: danran-nginx-deployment-label 
  name: danran-nginx-deployment 
  namespace: danran
spec:
  replicas: 1
  selector:
    matchLabels:
      app: danran-nginx-selector
  template:
    metadata:
      labels:
        app: danran-nginx-selector
    spec:
      containers:
      - name: danran-nginx-container
        image: harbor.linux.com/danran/nginx-web1:v1
        #imagePullPolicy: IfNotPresent
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          protocol: TCP
          name: http
        - containerPort: 443
          protocol: TCP
          name: https
        env:
        - name: "password"
          value: "123456"
        - name: "age"
          value: "18"
        resources:
          limits:
            cpu: 2
            memory: 2Gi
          requests:
            cpu: 1
            memory: 512Mi
        volumeMounts:
          - name: danran-images
            mountPath: /usr/local/nginx/html/webapp/images
            readOnly: false
          - name: danran-static
            mountPath: /usr/local/nginx/html/webapp/static
            readOnly: false
      volumes:
      - name: danran-images
        nfs:
          server: 10.203.104.30
          path: /data/danran/images
      - name: danran-static
        nfs: 
          server: 10.203.104.30
          path: /data/danran/static 
---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: danran-nginx
  name: danran-nginx-spec
  namespace: danran
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 40002
  - name: https
    port: 443
    protocol: TCP
    targetPort: 443
    nodePort: 40043
  selector:
    app: danran-nginx-selector

创建K8s Pod

root@master1:/opt/data/yaml/danran/nginx# kubectl apply -f nginx.yaml 
deployment.apps/danran-nginx-deployment configured
service/danran-nginx-spec created

root@master1:~# kubectl get pod -n danran
NAME                                      READY   STATUS    RESTARTS   AGE
danran-nginx-deployment-fb55d7bf9-xsrmf   1/1     Running   0          3m56s

测试Nginx Pod的web 界面

http://10.203.104.26:40002/webapp/

http://10.203.104.26:40002/

HA中配置Nginx的负载均衡

Nginx的负载均衡IP使用keepalived的 VIP地址

root@ha1:~# cat /etc/haproxy/haproxy.cfg
listen danran-nginx-80
    bind 10.203.104.213:80
    mode tcp
    server master1 10.203.104.26:40002 check inter 3s fall 3 rise 5	
    server master2 10.203.104.27:40002 check inter 3s fall 3 rise 5	
    server master3 10.203.104.28:40002 check inter 3s fall 3 rise 5	
    
root@ha1:~# systemctl restart haproxy

root@ha1:~# ss -ntl | grep 10.203.104.213
LISTEN   0         128           10.203.104.213:80               0.0.0.0:* 

访问HA VIP测试Nginx

http://10.203.104.213/

http://10.203.104.213/webapp/

http://10.203.104.213/webapp/static/danran.js

运行Tomcat

JDK基础镜像

https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html#license-lightbox

JDK基础镜像文件列表

root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# tree
.
├── build-command.sh
├── Dockerfile
├── jdk-8u212-linux-x64.tar.gz
└── profile

0 directories, 4 files

Dockerfile文件内容

root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat Dockerfile 
#JDK Base Image
FROM harbor.linux.com/baseimages/centos-jevon-base:7.7.1908

MAINTAINER Jevonran "jevonran@163.com"

ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
ADD profile /etc/profile

ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin

profile

root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat profile 
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

if [ "${PS1-}" ]; then
  if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
    # The file bash.bashrc already sets the default PS1.
    # PS1='\h:\w\$ '
    if [ -f /etc/bash.bashrc ]; then
      . /etc/bash.bashrc
    fi
  else
    if [ "`id -u`" -eq 0 ]; then
      PS1='# '
    else
      PS1='$ '
    fi
  fi
fi

if [ -d /etc/profile.d ]; then
  for i in /etc/profile.d/*.sh; do
    if [ -r $i ]; then
      . $i
    fi
  done
  unset i
fi

export JAVA_HOME=/usr/local/jdk
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
export PATH=$PATH:$JAVA_HOME/bin

build-command脚本

root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# cat build-command.sh 
#!/bin/bash
docker build -t harbor.linux.com/webimages/jdk-base:v8.212 .
sleep 1
docker push harbor.linux.com/webimages/jdk-base:v8.212

执行构建JDK基础镜像

root@master1:/opt/data/dockerfile/web/pub-images/jdk-1.8.212# bash build-command.sh

验证JDK镜像启动为容器后的java环境

root@master1:~# docker run -it --rm harbor.linux.com/webimages/jdk-base:v8.212 bash
[root@e8a310788efd /]# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)

Tomcat基础镜像

https://tomcat.apache.org/download-80.cgi

基础镜像文件列表

root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# tree
.
├── apache-tomcat-8.5.43.tar.gz
├── build-command.sh
└── Dockerfile

0 directories, 3 files

Dockerfile文件内容

root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat Dockerfile 
# cat Dockerfile
#JDK Base Image
FROM harbor.linux.com/webimages/jdk-base:v8.212

MAINTAINER jevonran "jevonran@163.com"

RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv
ADD apache-tomcat-8.5.43.tar.gz /apps
RUN useradd tomcat -u 2021 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R nginx.nginx /apps /data -R

build-command脚本

root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat build-command.sh 
#!/bin/bash
docker build -t harbor.linux.com/webimages/tomcat-base:v8.5.43 .
sleep 3
docker push harbor.linux.com/webimages/tomcat-base:v8.5.43

构建tomcat基础镜像

root@master1:/opt/data/dockerfile/web/pub-images/tomcat-base-8.5.43# bash build-command.sh

测试访问tomcat基础镜像启动为容器

root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@89f76f434943 /]# /apps/tomcat/bin/catalina.sh start
Using CATALINA_BASE:   /apps/tomcat
Using CATALINA_HOME:   /apps/tomcat
Using CATALINA_TMPDIR: /apps/tomcat/temp
Using JRE_HOME:        /usr/local/jdk/jre
Using CLASSPATH:       /apps/tomcat/bin/bootstrap.jar:/apps/tomcat/bin/tomcat-juli.jar
Tomcat started.
[root@89f76f434943 /]# ss -ntl
State       Recv-Q Send-Q                                        Local Address:Port                                                       Peer Address:Port              
LISTEN      0      1                                                 127.0.0.1:8005                                                                  *:*                  
LISTEN      0      100                                                       *:8009                                                                  *:*                  
LISTEN      0      100                                                       *:8080                                                                  *:*    

http://10.203.104.20:8801/

tomcat业务镜像app制作

cat业务镜像文件列表

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# tree
.
├── app1.tar.gz
├── build-command.sh
├── catalina.sh
├── Dockerfile
├── filebeat.yml
├── myapp
│   └── index.html
├── run_tomcat.sh
└── server.xml

1 directory, 8 files

Dockerfile文件内容

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat Dockerfile
# cat Dockerfile
#tomcat web1
FROM harbor.linux.com/webimages/tomcat-base:v8.5.43

ADD catalina.sh /apps/tomcat/bin/catalina.sh
ADD server.xml /apps/tomcat/conf/server.xml
#ADD myapp/* /data/tomcat/webapps/myapp/
ADD app1.tar.gz /data/tomcat/webapps/myapp/
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
ADD filebeat.yml /etc/filebeat/filebeat.yml

RUN mkdir /usr/local/nginx/html/webapp/images /usr/local/nginx/html/webapp/static -p
RUN chown -R nginx.nginx /data/ /apps/ /usr/local/nginx/html

EXPOSE 8080 8443

CMD ["/apps/tomcat/bin/run_tomcat.sh"]

修改catalina.sh

从harbor.linux.com/webimages/tomcat-base:v8.5.43镜像启动一个容器,拷贝catalina.sh到master上
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@99469a1736ea /]# scp /apps/tomcat/bin/catalina.sh 10.203.104.20:/opt/data/dockerfile/web/jevon/tomcat-app1/


编辑/opt/data/dockerfile/web/jevon/tomcat-app1/catalina.sh文件的java启动参数
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat catalina.sh
JAVA_OPTS="-server -Xms1g -Xmx1g -Xss512k -Xmn1g -XX:CMSInitiatingOccupancyFraction=65 -XX:+UseFastAccessorMethods -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:-DisableExplicitGC -XX:MaxTenuringThreshold=10 -XX:NewSize=2048M -XX:MaxNewSize=2048M -XX:NewRatio=2 -XX:PermSize=128m -XX:MaxPermSize=512m -XX:CMSFullGCsBeforeCompaction=5 -XX:+ExplicitGCInvokesConcurrent -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled"

修改server.xml

从harbor.linux.com/webimages/tomcat-base:v8.5.43镜像启动一个容器,拷贝server.xml到master上
root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/webimages/tomcat-base:v8.5.43 bash
[root@99469a1736ea /]# scp /apps/tomcat/conf/server.xml 10.203.104.20:/opt/data/dockerfile/web/jevon/tomcat-app1/


修改/opt/data/dockerfile/web/jevon/tomcat-app1/server.xml的工作目录appBase="/data/tomcat/webapps
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat server.xml
<Host name="localhost"  appBase="/data/tomcat/webapps"
        unpackWARs="true" autoDeploy="true">

    <!-- SingleSignOn valve, share authentication between web applications
         Documentation at: /docs/config/valve.html -->
    <!--
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
    -->

    <!-- Access log processes all example.
         Documentation at: /docs/config/valve.html
         Note: The pattern used is equivalent to using pattern="common" -->
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
           prefix="localhost_access_log" suffix=".txt"
           pattern="%h %l %u %t &quot;%r&quot; %s %b" />

  </Host>

tomcat启动脚本

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat run_tomcat.sh
#!/bin/bash
su - nginx -c "/apps/tomcat/bin/catalina.sh start"
tail -f /etc/hosts

filebeat.yml

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat filebeat.yml 
filebeat.prospectors:
- input_type: log
  paths:
    - /app/tomcat/logs/cataline.out
  fields:
    type: tomcat-cayaline

output.redis:
  hosts: ["10.203.104.20:6379"]
  key: "jevon-app1"
  db: 1
  timeout: 5
  password: 12345

准备测试界面

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# mkdir myapp/
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat myapp/index.html 
Tomcat app1

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cd myapp/
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# tar -zcvf app1.tar.gz index.html 
index.html
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# mv app1.tar.gz ../
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1/myapp# cd ..
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# ls
app1.tar.gz  build-command.sh  catalina.sh  Dockerfile  filebeat.yml  myapp  run_tomcat.sh  server.xml

build-command

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t harbor.linux.com/danran/tomcat-app1:${TAG} .
sleep 3
docker push harbor.linux.com/danran/tomcat-app1:${TAG}

执行构建tomcat业务镜像

构建镜像前,需为ADD到镜像的sh脚本文件添加x执行权限
root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# chmod o+x *.sh

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# ll
total 52
drwxr-xr-x 3 root root   158 Jun 16 21:30 ./
drwxr-xr-x 4 root root    38 Jun 16 20:47 ../
-rw-r--r-- 1 root root   167 Jun 16 21:23 app1.tar.gz
-rw-r--r-x 1 root root   143 Jun 16 21:30 build-command.sh*
-rwxr-x--x 1 root root 23887 Jun 16 21:16 catalina.sh*
-rw-r--r-- 1 root root   448 Jun 16 20:50 Dockerfile
-rw-r--r-- 1 root root   227 Jun 16 21:22 filebeat.yml
drwxr-xr-x 2 root root    24 Jun 16 21:22 myapp/
-rw-r--r-x 1 root root    83 Jun 16 21:28 run_tomcat.sh*
-rw------- 1 root root  7524 Jun 16 21:18 server.xml

root@master1:/opt/data/dockerfile/web/jevon/tomcat-app1# bash build-command.sh v1

测试tomcat业务镜像启动为容器

root@master1:~# docker run -it --rm -p 8801:8080 harbor.linux.com/danran/tomcat-app1:v1 bash

http://10.203.104.20:8801/myapp/

k8s集群中运行Tomcat

tomcat-app1.yaml

root@master1:/opt/data/yaml/danran/tomcat-app1# cat tomcat-app1.yaml 
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: danran-tomcat-app1-deployment-label 
  name: danran-tomcat-app1-deployment-label
  namespace: danran
spec:
  replicas: 1
  selector:
    matchLabels:
      app: danran-tomcat-app1-selector
  template:
    metadata:
      labels:
        app: danran-tomcat-app1-selector
    spec:
      containers:
      - name: danran-tomcat-app1-container
        image: harbor.linux.com/danran/tomcat-app1:v1
        #imagePullPolicy: IfNotPresent
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          protocol: TCP
          name: http
        env:
        - name: "password"
          value: "123456"
        - name: "age"
          value: "18"
        resources:
          limits:
            cpu: 2
            memory: 2Gi
          requests:
            cpu: 1
            memory: 512Mi
        volumeMounts:
        - name: danran-images
          mountPath: /usr/local/nginx/html/webapp/images
          readOnly: false
        - name: danran-static
          mountPath: /usr/local/nginx/html/webapp/static
          readOnly: false
      volumes:
      - name: danran-images
        nfs:
          server: 10.203.104.30
          path: /data/danran/images
      - name: danran-static
        nfs:
          server: 10.203.104.30
          path: /data/danran/static

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: danran-tomcat-app1-service-label
  name: danran-tomcat-app1-service
  namespace: danran
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 40004
  selector:
    app: danran-tomcat-app1-selector

创建tomcat业务pod

root@master1:/opt/data/yaml/danran/tomcat-app1# kubectl apply -f tomcat-app1.yaml 
deployment.apps/danran-tomcat-app1-deployment-label created
service/danran-nginx-app1-service created

验证pod启动成功

root@master1:~# kubectl get pods -n danran
NAME                                                   READY   STATUS    RESTARTS   AGE
danran-nginx-deployment-fb55d7bf9-xsrmf                1/1     Running   0          22h
danran-tomcat-app1-deployment-label-557cd56c58-xllzz   1/1     Running   0          4s

root@master1:~# kubectl get service -n danran
NAME                         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
danran-nginx-spec            NodePort   172.28.170.109   <none>        80:40002/TCP,443:40043/TCP   22h
danran-tomcat-app1-service   NodePort   172.28.28.81     <none>        80:40004/TCP                 38s

验证tomcat app1业务容器NFS挂载

测试访问tomcat业务pod的nodeport

k8s中nginx+tomcat实现动静分离

实现一个通用的nginx+tomcat动静分离web架构,即用户访问的静态页面和图片在由nginx直接响应,而动态请求则基于location转发至tomcat。

Nginx基于tomcat的service name转发用户请求到tomcat业务app

查看tomcat app1的server name

root@master1:~# kubectl get service -n danran
NAME                         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
danran-nginx-spec            NodePort   172.28.170.109   <none>        80:40002/TCP,443:40043/TCP   24h
danran-tomcat-app1-service   NodePort   172.28.190.66    <none>        80:40004/TCP                 10m

nginx业务镜像配置

nginx配置文件
tomcat对应的service为danran-tomcat-app1-service
定义upstream反向代理到danran-tomcat-app1-service.danran.svc.linux.local:80 的Nginx节点
访问/myapp的地址转发到upstream组中

root@master1:/opt/data/dockerfile/web/jevon/nginx# cat nginx.conf
user	nginx nginx;
worker_processes	auto;

daemon off;

events { 
    worker_connections 1024;
}

http {
    include		mime.types;
    default_type	application/octet-stream;

    sendfile	on;
    keepalive_timeout	65;

    upstream tomcat_webserver {
        server danran-tomcat-app1-service.danran.svc.linux.local:80;
    }
    server {
        listen		80;
        server_name	localhost;

        location  /  {
            root	html;
            index	index.html index.htm;
        }

        location  webapp/  {
            root	html;
            index	index.html index.htm;

        }
        location /myapp {
            proxy_pass http://tomcat_webserver;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        }

        error_page	500 502 503 504 /50x.html;
        location = /50x.html {
            root	html;	
        }
    }
}
重新构建nginx业务镜像
root@master1:/opt/data/dockerfile/web/jevon/nginx# bash build-command.sh

镜像启动为容容器并验证配置文件
root@master1:~# docker run -it --rm harbor.linux.com/danran/nginx-web1:v2 bash
[root@1dee182b07dd /]# cat /usr/local/nginx/conf/nginx.conf

重新创建业务nginx pod

删除并重新创建nginx业务镜像
root@master1:/opt/data/yaml/danran/nginx# kubectl delete -f nginx.yaml 
deployment.apps "danran-nginx-deployment" deleted
service "danran-nginx-spec" deleted

更新image地址为新构建的镜像
root@master1:/opt/data/yaml/danran/nginx# cat nginx.yaml | grep image
    image: harbor.linux.com/danran/nginx-web1:v2
   
新建pod   
root@master1:/opt/data/yaml/danran/nginx# kubectl apply -f nginx.yaml 
deployment.apps/danran-nginx-deployment created
service/danran-nginx-spec created
访问测试

http://10.203.104.213/myapp/

posted @ 2020-06-23 22:29  JevonWei  阅读(730)  评论(0编辑  收藏  举报