基于k8s运行web:基于NFS实现nginx+tomcat动静分离
基于alpine制作nginx的镜像:
注意:基于alpine创建的用户shell类型必须要是bin/bash,不然无法执行su -c命令,也无法执行#!/bin/bash的脚本;
<P>pwd
<P>/data/dockerfile</P>
构建基础镜像:
构建仓库文件
# vim repositories http://mirrors.aliyun.com/alpine/v3.8/main http://mirrors.aliyun.com/alpine/v3.8/community
编写Dockerfile
# vim Dockerfile FROM k8s-harbor.taozi.net/pub-image/alpine:v3.8.1 LABEL maintainer="lijian/20210117" COPY repositories /etc/apk/repositories RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && apk update && apk --no-cache add iotop gcc libgcc libc-dev libcurl libc-utils pcre-dev zlib-dev libnfs make pcre pcre2 zip unzip net-tools pstree wget libevent libevent-dev iproute2 openssl-dev
创建build.sh:
vim build.sh #!/bin/bash docker build -t k8s-harbor.taozi.net/pub-image/alpine-base:V3.8.1 . docker push k8s-harbor.taozi.net/pub-image/alpine-base:V3.8.1
创建nginx基础镜像:
进入容器命令:
<P>docker run -it --rm k8s-harbor.taozi.net/pub-image/alpine-base:V3.8.1 sh </P>
准备相关文件:
mkdir /data/dockerfile/web/nginx/1.18.0-alpine/ -pv cd 1.18.0-alpine/ wget http://nginx.org/download/nginx-1.18.0.tar.gz 取出压缩包内的nginx.conf,并修改: vim nginx.conf #在第二行添加: daemon off;
编写Dockerfile:
vim Dockerfile FROM k8s-harbor.taozi.net/pub-image/alpine-base:V3.8.1 LABEL maintainer="lijian/20210117" ADD nginx-1.18.0.tar.gz /usr/local/src RUN cd /usr/local/src/nginx-1.18.0 && ./configure --prefix=/apps/nginx \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_stub_status_module \ --with-http_gzip_static_module \ --with-pcre \ --with-stream \ --with-stream_ssl_module && make && make install && ln -s /apps/nginx/sbin/nginx /usr/bin/ && addgroup -g 2022 -S nginx && adduser -s /sbin/nologin -S -D -u 2022 -G nginx nginx COPY nginx.conf /apps/nginx/conf/nginx.conf RUN chown -R nginx.nginx /apps/nginx/ EXPOSE 80 443 CMD ["nginx"]
创建build.sh:
vim build.sh #!/bin/bash docker build -t k8s-harbor.taozi.net/pub-image/nginx-base:1.18.0 . docker push k8s-harbor.taozi.net/pub-image/nginx-base:1.18.0
创建nginx业务镜像:
准备文件和网页文件
mkdir /data/dockerfile/app/nginx-app1/ -p cd /data/dockerfile/app/nginx-app1/ mkdir html echo Tish is nginx-app1 > html/index.html tar zcfv html.tar.gz html
编写Dkocerfile:
vim Dockerfile FROM k8s-harbor.taozi.net/pub-image/nginx-base:1.18.0 LABEL maintainer="lijian/20210117" ADD html.tar.gz /data/nginx/ COPY nginx.conf /apps/nginx/conf/nginx.conf RUN chown -R nginx.nginx /data/nginx CMD ["nginx"]
构建镜像脚本:
vim build.sh #!/bin/bash docker build -t k8s-harbor.taozi.net/pub-image/nginx-app1:v1 . docker push k8s-harbor.taozi.net/pub-image/nginx-app1:v1
启动容器:
<P>docker run -d -p 8011:80 k8s-harbor.taozi.net/pub-image/nginx-app1:v1 </P>
在k8s环境运nginx:
创建名称空间的yaml文件:
mkdir /data/k8s-01-data/yml/linux-61/nginx-app1 -pv vim linux61.yaml kind: Namespace apiVersion: v1 metadata: name: linux61
创建nginx-app1的yaml文件:
vim nginx.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: linux61-nginx-deployment-lable name: linux61-nginx-deployment namespace: linux61 spec: replicas: 1 selector: matchLabels: app: linux61-nginx-selector template: metadata: labels: app: linux61-nginx-selector spec: containers: - name: linux61-nginx-container image: k8s-harbor.taozi.net/apps/nginx-app1:v1 #command: ["/apps/tomcat/bin/run_tomcat.sh"] #imagePullPolicy: IfNotPresent imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http - containerPort: 443 protocol: TCP name: https env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 500m memory: 1Gi requests: cpu: 200m memory: 200Mi --- kind: Service apiVersion: v1 metadata: labels: app: linux61-nginx-svc name: linux61-nginx-svc namespace: linux61 spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 nodePort: 30001 - name: https port: 443 protocol: TCP targetPort: 443 nodePort: 30443 selector: app: linux61-nginx-selector
使用k8s运行nginx-app1:
<P>kubectl apply -f nginx.yaml </P>
使用浏览器登录
基于alpine制作tomcat的镜像:
制作jdk镜像(直接使用基础镜像alpine):
编写Dkocerfile:
vim Dockerfile FROM k8s-harbor.taozi.net/pub-image/alpine-base:V3.8.1 LABEL maintainer="lijian/20210117" RUN apk add --no-cache bash openjdk8-jre-base=8.275.01-r0 && rm -rf /var/cache/apk/*
构建镜像脚本:
vim build.sh #!/bin/bash docker build -t k8s-harbor.taozi.net/pub-image/jdk-base:8.275.01-r0 . docker push k8s-harbor.taozi.net/pub-image/jdk-base:8.275.01-r0
制作tomcat基础镜像:
制作启动脚本:
cat > run_tomcat.sh << EOF #!/bin/bash su - www -c "/apps/tomcat/bin/catalina.sh start" su - www -c "tail -f /etc/hosts" EOF chmod a+x run_tomcat.sh
制作测试页面:
mkdir ROOT echo "this is tomcat-app-base"> ROOT/index.jsp tar czfv ROOT.tar.gz ROOT/
修改页面文件路径:
将二进制文件的server.xml,拿出来修改
vim server.xml appBase="/d
编写Dkocerfile:
vim Dockerfile FROM k8s-harbor.taozi.net/pub-image/jdk-base:8.275.01-r0 LABEL maintainer="lijian" ENV LANG en_US.UTF-8 ENV TERM xterm ENV TOMCAT_MAJOR_VERSION 8 ENV TOMCAT_MINOR_VERSION 8.5.64 ENV CATALINA_HOME /apps/tomcat ENV APP_DIR /webapps ADD apache-tomcat-8.5.64.tar.gz /apps RUN ln -s /apps/apache-tomcat-8.5.64 /apps/tomcat && addgroup -g 2021 -S www && adduser -s /bin/bash -S -D -u 2021 -G www www ADD server.xml /apps/tomcat/conf/server.xml ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh ADD ROOT.tar.gz /data/tomcat/webapps RUN chown -R www.www /apps/ /data/tomcat/ EXPOSE 8080 CMD ["/apps/tomcat/bin/run_tomcat.sh"]
构建镜像脚本:
cat > build.sh << EOF #!/bin/bash docker build -t k8s-harbor.taozi.net/pub-image/tomcat:8.5.73 . docker push k8s-harbor.taozi.net/pub-image/tomcat:8.5.73 EOF
测试:
构建tomcat业务镜像:
进入tomcat的业务目录:
# pwd
/data/dockerfile/app/tomcat-app1
制作测试页面:
mkdir ROOT echo "this is tomcat-app-11111"> ROOT/index.jsp tar czfv ROOT.tar.gz ROOT/
编写Dkocerfile:
FROM k8s-harbor.taozi.net/pub-image/tomcat:8.5.73 LABEL maintainer="lijian" ADD ROOT.tar.gz /data/tomcat/webapps ADD server.xml /apps/tomcat/conf/server.xml RUN chown -R www.www /apps/ /data/tomcat/ EXPOSE 8080 CMD ["/apps/tomcat/bin/run_tomcat.sh"]
构建镜像脚本:
cat > build.sh << EOF #!/bin/bash docker build -t k8s-harbor.taozi.net/apps/tomcat-app1:v1 . docker push k8s-harbor.taozi.net/apps/tomcat-app1:v1 EOF
测试
在k8s环境运tomcat:
创建tomcat-app1的yaml文件:
vim tomcat-app1.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: linux61-tomcat-app1-deployment-lable name: linux61-tomcat-app1-deployment namespace: linux61 spec: replicas: 1 selector: matchLabels: app: linux61-tomcat-app1-selector template: metadata: labels: app: linux61-tomcat-app1-selector spec: containers: - name: linux61-tomcat-app1-container image: k8s-harbor.taozi.net/apps/tomcat-app1:v1 #command: ["/apps/tomcat/bin/run_tomcat.sh"] #imagePullPolicy: IfNotPresent imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 500m memory: 1Gi requests: cpu: 200m memory: 200Mi --- kind: Service apiVersion: v1 metadata: labels: app: linux61-tomcat-app1-svc name: linux61-tomcat-app1-svc namespace: linux61 spec: type: NodePort ports: - name: http port: 8080 protocol: TCP targetPort: 8080 nodePort: 30002 selector: app: linux61-tomcat-app1-selector
使用k8s运行nginx-app1:
<P>kubectl apply -f tomcat-app1.yaml </P>
使用浏览器登录
k8s中nginx+tomcat实现动静分离:
重新构建nginx的业务镜像,添加upstream:
修改nginx的配置文件:
vim nginx.conf #upstream语句块在http语句块内,url中不能带下划线: upstream tomcat-app1 { server linux61-tomcat-app1-svc.linux61.svc.taozi.local:8080 weight=1 fail_timeout=5s max_fails=3; } server { ...... #location语句块在在server语句块内 location ~* \.jsp$ { proxy_pass http://tomcat-app1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } ...... }
重新构建镜像:
bash build.sh
删除原有的nginx的pod:
kubectl delete linux61-nginx-app1-deployment-5bbc8745d7-w45g4 pod -n linux61
node会重新拉去镜像,重建成功:
也可以使用yaml文件先删除原有的pod,在舒勇yaml文件新创建:
kubectl delete -f nginx.yaml
kubectl apply -f nginx.yaml
使用网页实验:
基于NFS实现动静分离:
准备nfs服务器:主机192.168.37.106
yum install nfs-util -y mkdir /data/linux61/{static,images} -pv echo "this is nginx-app1-static" > /data/linux61/static/index.html echo "this is tomcat-app1-images" > /data/linux61/images/index.jsp 在 /etc/exports文件添加下面一行: vim /etc/exports /data/linux61/ 192.168.37.0/24(rw,no_root_squash) systemctl enable --now nfs 在其他主机实验挂载和读写功能: mount -t nfs 192.168.37.106:/data/linux61 /mnt cp /etc/hosts /mnt/
修改nginx-app1的yaml文件:
注意:#volumes属于Deployment.spec.template.spec的级别,比 volumeMounts:高一级别,书写时需要注意格式
cd /data/k8s-01-data/yml/linux-61/nginx-app1/ #volumeMounts和resources:是一个级别都属于Deployment.spec.template.spec.containers内的子选项 volumeMounts: - name: linux61-static mountPath: /data/nginx/html readOnly: false #volumes属于Deployment.spec.template.spec的级别,比 volumeMounts:高一级别,书写时需要注意格式 volumes: - name: linux61-static nfs: server: 192.168.37.106 path: /data/linux61/static
应用nginx的yaml文件:
<P>kubectl apply -f nginx-app1.yaml </P>
修改tomcat-app1的yaml文件:
vim tomcat-app1.yaml #在containers的语句块最后添加: volumeMounts: - name: linux61-images mountPath: /data/tomcat/webapps/ROOT/images # mountPath: /data/tomcat/webapps/ROOT readOnly: false volumes: - name: linux61-images nfs: server: 192.168.37.106 path: /data/linux61/image
启动新的pod:kubectl apply -f tomcat-app1.yaml
测试:
挂载关系笔记:
第一次挂载
相当于两个images文件重合,原来的ROOT里面的文件index.jsp没有变动,在images目录下的文件是nfs的文件;
第二次挂载的关系
容器内的目录情况,nfs下的文件images文件和ROOT文件重合,名称以ROOT为准,但是里面的文件已经是nfs下的文件了,只是原来的ROOT的文件被挂载关系覆盖住了;
使用到的命令:
kubectl get service -A -o wide kubectl get pods -A -o wide kubectl get nodes-A -o wide kubectl get deployment -A kubectl get deployment -n linux61 -o wide kubectl describe svc linux61-nginx-app1-svc -n linux61 #查询某个svc的详情 kubectl describe deployment -n linux61 #查询某个namespace的deployment的详情 kubectl create -f tomcat-app1.yaml kubectl apply -f tomcat-app1.yaml kubectl delete -f tomcat-app1.yaml kubectl create -f tomcat-app1.yaml --save-config --record kubectl apply -f tomcat-app1.yaml --record #推荐命令 kubectl exec -it linux61-tomcat-app1-deployment-6bccd8f9c7-g76s5 sh -n linux61 #进入某个pod kubectl logs linux61-tomcat-app1-deployment-6bccd8f9c7-g76s5 -n linux61 #查询某个pod的日志 kubectl delete pods linux61-tomcat-app1-deployment-6bccd8f9c7-g76s5 -n linux61