k8s中部署nginx和tomcat+nfs+动静分离
root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/nginx# cat Dockerfile #Nginx 1.18.0 FROM harbor.chuan.net/baseimages/nginx-base:v1.18.1 ADD nginx.conf /usr/local/nginx/conf/nginx.conf ADD app1.tar.gz /usr/local/nginx/html/webapp/ ADD index.html /usr/local/nginx/html/index.html #静态资源挂载路径 RUN mkdir -p /usr/local/nginx/html/webapp/static /usr/local/nginx/html/webapp/images RUN groupadd nginx && useradd nginx -g nginx -s /sbin/nologin -M EXPOSE 80 443 CMD ["nginx"] root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/nginx# cd /opt/k8s-data/dockerfile/web/chuan/nginx root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/nginx# cat nginx.conf user nginx nginx; worker_processes auto; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; daemon off; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #upstream tomcat_webserver { # server chuan-tomcat-app1-service.chuan.svc.chuan.local:80; #} server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } location /webapp { root html; index index.html index.htm; } # location /myapp { # proxy_pass http://tomcat_webserver; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/nginx# cd /opt/k8s-data/yaml/chuan/nginx root@ubuntu20:/opt/k8s-data/yaml/chuan/nginx# cat nginx.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: chuan-nginx-deployment-label name: chuan-nginx-deployment namespace: chuan spec: replicas: 1 selector: matchLabels: app: chuan-nginx-selector template: metadata: labels: app: chuan-nginx-selector spec: containers: - name: chuan-nginx-container image: harbor.chuan.net/baseimages/nginx-web1:aa #command: ["/apps/tomcat/bin/run_tomcat.sh"] #imagePullPolicy: IfNotPresent imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http - containerPort: 443 protocol: TCP name: https env: - name: "password" value: "123456" - name: "age" value: "20" # resources: # limits: # cpu: 2 # memory: 2Gi # requests: # cpu: 500m # memory: 1Gi volumeMounts: - name: chuan-images mountPath: /usr/local/nginx/html/webapp/images readOnly: false - name: chuan-static mountPath: /usr/local/nginx/html/webapp/static readOnly: false volumes: - name: chuan-images nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/images - name: chuan-static nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/static #nodeSelector: # group: chuan --- kind: Service apiVersion: v1 metadata: labels: app: chuan-nginx-service-label name: chuan-nginx-service namespace: chuan spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 nodePort: 40002 - name: https port: 443 protocol: TCP targetPort: 443 nodePort: 40443 selector: app: chuan-nginx-selector
http://192.168.211.151:40002/ http://192.168.211.151:40002/webapp/index.html
root@ubuntu20:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# cat Dockerfile #JDK Base Image FROM centos:7.8.2003 MAINTAINER chuan RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop ADD jdk-8u212-linux-x64.tar.gz /usr/local/src/ RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk ADD profile /etc/profile ENV JAVA_HOME /usr/local/jdk ENV JRE_HOME $JAVA_HOME/jre ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/ ENV PATH $PATH:$JAVA_HOME/bin root@ubuntu20:/opt/k8s-data/dockerfile/web/pub-images/jdk-1.8.212# cat build-command.sh #!/bin/bash docker build -t harbor.chuan.net/baseimages/jdk-base:v8.212 . sleep 1 docker push harbor.chuan.net/baseimages/jdk-base:v8.212 root@ubuntu20:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-root@ubuntu20:/opt/k8s-data/dockerfile/web/pub-images/tomcat-base-8.5.43# cat Dockerfile #Tomcat 8.5.43基础镜像 FROM harbor.chuan.net/baseimages/jdk-base:v8.212 MAINTAINER chuan RUN mkdir /apps /data/tomcat/webapps /data/tomcat/logs -pv ADD apache-tomcat-8.5.43.tar.gz /apps RUN ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat #RUN useradd tomcat -u 2022 && ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat && chown -R tomcat.tomcat /apps /data -R root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/tomcat-app1# cat run_tomcat.sh #!/bin/bash #/usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat & ./apps/tomcat/bin/catalina.sh start tail -f /etc/hosts root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/tomcat-app1# cat Dockerfile #tomcat web1 FROM harbor.chuan.net/baseimages/tomcat-base:v8.5.43 ADD catalina.sh /apps/tomcat/bin/catalina.sh ADD server.xml /apps/tomcat/conf/server.xml #ADD myapp/* /data/tomcat/webapps/myapp/ ADD app1.tar.gz /data/tomcat/webapps/myapp/ ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh #ADD filebeat.yml /etc/filebeat/filebeat.yml RUN groupadd nginx && useradd nginx -g nginx -s /sbin/nologin -M RUN chown -R nginx.nginx /data/ /apps/ #ADD filebeat-7.5.1-x86_64.rpm /tmp/ #RUN cd /tmp && yum localinstall -y filebeat-7.5.1-amd64.deb EXPOSE 8080 8443 CMD ["/apps/tomcat/bin/run_tomcat.sh"] [root@25377ca56903 /]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 1 127.0.0.1:8005 *:* LISTEN 0 100 *:8009 *:* LISTEN 0 100 *:8080 *:
root@ubuntu20:/opt/k8s-data/yaml/chuan/tomcat-app1# cat tomcat-app1.yaml kind: Deployment #apiVersion: extensions/v1beta1 apiVersion: apps/v1 metadata: labels: app: chuan-tomcat-app1-deployment-label name: chuan-tomcat-app1-deployment namespace: chuan spec: replicas: 1 selector: matchLabels: app: chuan-tomcat-app1-selector template: metadata: labels: app: chuan-tomcat-app1-selector spec: containers: - name: chuan-tomcat-app1-container image: harbor.chuan.net/baseimages/tomcat-app1:v3 #command: ["/apps/tomcat/bin/run_tomcat.sh"] #imagePullPolicy: IfNotPresent imagePullPolicy: Always ports: - containerPort: 8080 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 1 memory: "512Mi" requests: cpu: 500m memory: "512Mi" volumeMounts: - name: chuan-images mountPath: /usr/local/nginx/html/webapp/images readOnly: false - name: chuan-static mountPath: /usr/local/nginx/html/webapp/static readOnly: false volumes: - name: chuan-images nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/images - name: chuan-static nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/static # nodeSelector: # project: chuan # app: tomcat --- kind: Service apiVersion: v1 metadata: labels: app: chuan-tomcat-app1-service-label name: chuan-tomcat-app1-service namespace: chuan spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 8080 nodePort: 40003 selector: app: chuan-tomcat-app1-selector curl chuan-tomcat-app1-service/myapp/index.html
root@ubuntu20:/opt/k8s-data/dockerfile/web/chuan/nginx# egrep -v "(^#|^$)" nginx.conf user nginx nginx; worker_processes auto; daemon off; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream tomcat_webserver { server chuan-tomcat-app1-service:80;
server chuan-tomcat-app1-service1:80; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } location /webapp { root html; index index.html index.htm; } location /myapp { proxy_pass http://tomcat_webserver; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } root@ubuntu20:/opt/k8s-data/yaml/chuan/nginx# cat nginx.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: chuan-nginx-deployment-label name: chuan-nginx-deployment namespace: chuan spec: replicas: 1 selector: matchLabels: app: chuan-nginx-selector template: metadata: labels: app: chuan-nginx-selector spec: containers: - name: chuan-nginx-container image: harbor.chuan.net/baseimages/nginx-web1:v66 #command: ["/apps/tomcat/bin/run_tomcat.sh"] #imagePullPolicy: IfNotPresent imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http - containerPort: 443 protocol: TCP name: https env: - name: "password" value: "123456" - name: "age" value: "20" # resources: # limits: # cpu: 2 # memory: 2Gi # requests: # cpu: 500m # memory: 1Gi volumeMounts: - name: chuan-images mountPath: /usr/local/nginx/html/webapp/images readOnly: false - name: chuan-static mountPath: /usr/local/nginx/html/webapp/static readOnly: false volumes: - name: chuan-images nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/images - name: chuan-static nfs: server: 192.168.211.154 path: /data/k8sdata/chuan/static #nodeSelector: # group: chuan --- kind: Service apiVersion: v1 metadata: labels: app: chuan-nginx-service-label name: chuan-nginx-service namespace: chuan spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 nodePort: 40002 - name: https port: 443 protocol: TCP targetPort: 443 nodePort: 40443 selector: app: chuan-nginx-selector #haproxy listen nginx-80 bind 192.168.211.188:80 mode tcp server k8s1 192.168.211.151:40002 check inter 3s fall 3 rise 5 server k8s2 192.168.211.152:40002 check inter 3s fall 3 rise 5 http://192.168.211.188/myapp/