21--k8s部署discuz

一,基础部署wordpress

[root@node k8s]# vim mysql.yaml
apiVersion: v1
kind: Namespace
metadata: 
  name: mysql
---
kind: Service
apiVersion: v1
metadata:
  name: mysql
  namespace: mysql
spec:
  ports: 
    - name: http
      port: 3306
      targetPort: 3306
  selector:
    app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: name-mysql
  namespace: mysql
spec:
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql:5.7
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"
[root@node k8s]# cat wordpress.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: wordpress
---
apiVersion: v1
kind: Service
metadata:
  name: wordpress
  namespace: wordpress
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 443
  selector:
    app: wordpress
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  namespace: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - name: php
          image: alvinos/php:wordpress-v2
        - name: nginx
          image: alvinos/nginx:wordpress-v2 
[root@node k8s]# kubectl get pods -n mysql
NAME                          READY   STATUS    RESTARTS   AGE
name-mysql-56f8cdb464-b2klq   1/1     Running   0          40m
[root@node k8s]# kubectl exec -it -n mysql name-mysql-56f8cdb464-b2klq  -- bash
root@name-mysql-56f8cdb464-b2klq:/# mysql -uroot -p
Enter password: 123456
...

mysql> create database wordpress;
Query OK, 1 row affected (0.01 sec)

mysql> exit
[root@node k8s]# kubectl get svc -n wordpress
NAME        TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
wordpress   NodePort   10.104.183.253   <none>        80:30311/TCP,443:31933/TCP   30m

访问ip:30311

加上ingress

1.http部署

mysql.yaml不变

[root@k8s-n1 k8s]# cat wordpree.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: wordpress
---
apiVersion: v1
kind: Service
metadata:
  name: wordpress
  namespace: wordpress
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 443
  selector:
    app: wordpress
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  namespace: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - name: php
          image: alvinos/php:wordpress-v2
        - name: nginx
          image: alvinos/nginx:wordpress-v2
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: wordpress
  namespace: wordpress
spec:
  rules:
    - host: "www.wordpress.com" # 要绑定的域名
      http:
        paths:
          - path: / # 请求的路径
            pathType: Prefix #自由匹配
            backend:
              service:
                name: wordpress # 必须和service的名字一致才可以绑定
                port:
                  number: 80  # 服务的端口号
[root@k8s-n1 k8s]# kubectl get ingress -n wordpress
NAME        CLASS    HOSTS               ADDRESS   PORTS   AGE
wordpress   <none>   www.wordpress.com             80      8m19s
[root@k8s-n1 k8s]# kubectl get svc -n wordpress
NAME        TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)                      AGE
wordpress   NodePort   10.99.151.6   <none>        80:32379/TCP,443:32121/TCP   24m

访问 域名:32379

2.https部署

# 生成证书
[root@m01 k8s]# openssl genrsa -out tls.key 2048
[root@m01 k8s]#  openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wordpress.com

# 查看
[root@m01 k8s]# ll
-rw-r--r-- 1 root root 1289 Aug 12 22:46 tls.crt
-rw-r--r-- 1 root root 1679 Aug 12 22:46 tls.key
# 绑定证书
kubectl -n [名称空间] create secret tls [secretname] --cert=[证书.crt] --key=[证书.key]

kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: wordpress
spec:
  tls:
    - secretName: ingress-tls 
  rules:
    - host: "www.wordpress.com" 
      http:
        paths:
          - path: / 
            pathType: Prefix 
            backend:
              service:
                name: wordpress
                port:
                  number: 80
# 部署
kubectl apply -f

# 配置hosts访问
www.wordpress.com:30542

二、k8s部署discuz

要求:

ingress ---> headless service ---> pod

1、要有健康检查

2、要求有https

3、要求有存储卷(hostpath)

1、下载discuz安装包,并解压,同步到所有节点上
[root@k8s-m-01 /opt/discuz]# for i in m2 m3;do ssh root@$i "mkdir -pv /opt/discuz" && scp discuz.tar.gz root@$i:/opt/discuz/; ssh root@$i "cd /opt/discuz && tar -xf discuz.tar.gz -C /opt/discuz && chmod -R o+w /opt/discuz/upload"; done

2、构思架构,并且编写配置清单(见下文)

3、部署并调试
	1、创建HTTPS证书
    [root@k8s-m-01 /opt/discuz]#     openssl genrsa -out tls.key 2048
    Generating RSA private key, 2048 bit long modulus
    .+++
    .................................................................................+++
    e is 65537 (0x10001)
    [root@k8s-m-01 /opt/discuz]#     openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.discuz.cluster.local.com


    2、部署证书
    [root@k8s-m-01 /opt/discuz]# kubectl create namespace discuz
    namespace/discuz created
    [root@k8s-m-01 /opt/discuz]# kubectl -n discuz create secret tls discuz-secret --cert=tls.crt --key=tls.key
    secret/discuz-secret created

配置清单

#########################################################################################
#  1、部署MySQL集群
#     1、创建命名空间
#     2、创建service提供负载均衡
#     3、使用控制器部署MySQL实例
###
#  2、部署Discuz应用
#     1、创建命名空间
#     2、创建Service提供负载均衡(Headless Service)
#     3、创建服务并挂载代码
#     4、创建Ingress,用于域名转发(https)
###
#  3、服务之间的互连
#     1、Discuz连接MySQL  --->  mysql.mysql.svc.cluster.local
#########################################################################################
apiVersion: v1
kind: Namespace
metadata:
  name: mysql
---
kind: Service
apiVersion: v1
metadata:
  name: mysql-svc
  namespace: mysql
spec:
  ports:
    - port: 3306
      targetPort: 3306
      name: mysql
      protocol: TCP
  selector:
    app: mysql
    deploy: discuz 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deployment
  namespace: mysql
spec:
  selector:
    matchLabels:
      app: mysql
      deploy: discuz
  template:
    metadata:
      labels:
        app: mysql
        deploy: discuz
    spec:
      nodeName: k8s-m-02
      containers:
        - name: mysql
          image: mysql:5.7
          livenessProbe:   #存活性检查
            tcpSocket:
              port: 3306
          readinessProbe:   #就绪性检查
            tcpSocket:
              port: 3306
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"
            - name: MYSQL_DATABASE      #默认创建的数据库
              value: "discuz"
         #lifecycle:  #启动回调钩子,和默认创建数据库value的方式2选1,推荐,因可以指定字符编码
         #  postStart:
         #    exec:
         #      command:
         #        - "/bin/bash"
         #        - "-c"
         #        - "mysql -uroot -p123456 -e 'create database discuz charset utf8;'"
          volumeMounts:      #挂载
            - mountPath: /var/lib/mysql     #挂载的路径,容器内
              name: mysql-data
      volumes:
        - name: mysql-data
          hostPath:
            path: /opt/discuz/mysql      #宿主主机的路径
---
kind: Namespace
apiVersion: v1
metadata:
  name: discuz
---
kind: Service
apiVersion: v1
metadata:
  name: discuz-svc
  namespace: discuz
spec:
  clusterIP: None
  ports:
    - port: 80
      targetPort: 80
      name: http
  selector:
    app: discuz
    deploy: discuz
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: discuz-deployment
  namespace: discuz
spec:
  selector:
    matchLabels:
      app: discuz
      deploy: discuz
  template:
    metadata:
      labels:
        app: discuz
        deploy: discuz
    spec:
      containers:
        - name: php
          image: alvinos/php:wordpress-v2
          livenessProbe:
            tcpSocket:
              port: 9000
          readinessProbe:
            tcpSocket:
              port: 9000
          volumeMounts:
            - mountPath: /usr/share/nginx/html    #挂载在容器的路径
              name: discuz-data
        - name: nginx
          image: alvinos/nginx:wordpress-v2
          livenessProbe:
            httpGet:
              port: 80
              path: /
          readinessProbe:
            httpGet:
              port: 80
              path: /
          volumeMounts:
            - mountPath: /usr/share/nginx/html
              name: discuz-data
      volumes:
        - name: discuz-data
          hostPath:
            path: /opt/discuz/upload
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: discuz-ingress
  namespace: discuz
spec:
  tls:
    - hosts:
        - www.discuz.cluster.local.com
      secretName: discuz-secret
  rules:
    - host: www.discuz.cluster.local.com
      http:
        paths:
          - backend:
              serviceName: discuz-svc
              servicePort: 80
posted @ 2021-12-05 15:22  小绵  阅读(135)  评论(0编辑  收藏  举报