容器交付流程
一、容器交付流程
二、容器交付实战
三、dockerfile制作流程
- 项目代码构成
- 依赖的服务
- 提供服务的端口
- 配置文件
- 程序在工作种涉及持久化的文件
代码项目地址:https://gitee.com/qianxunqianyu/tom-java-demo
1、生成网站打包文件
yum install java-1.8.0-openjdk maven git -y git clone https://gitee.com/qianxunqianyu/tom-java-demo mvn clean package -Dmaven.test.skip=true # 代码编译构建 unzip target/*.war -d target/ROOT # 解压构建文件
2、制作镜像
镜像分类:
基础镜像:例如centos、ubuntu
环境镜像:jdk、nginx
项目镜像:dashboard
Dockerfile编写:
FROM tomcat LABEL maintainer xq COPY target/ROOT /usr/local/tomcat/webapps/ROOT
镜像制作:
docker build -t tomcat-java-demo:v1 .
镜像推送:
docker push tomcat-java-demo:v1
注意:推送镜像时,首先要进行harbor仓库的登录,docker login myhabor.kingsoft.com;其次要将镜像重新打tag。
harbor默认试用https登录,需要通过以下方式进行修改为http方式:
cat /etc/docker/daemon.json
{ "graph":"/data/docker", "registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"], "insecure-registries":["myharbor.kingsoft.com"] }
docker login myharbor.kingsoft.com docker tag tomcat-java-demo:v1 myharbor.kingsoft.com/tomcat-java/tomcat-java-demo:v1
四、使用控制器部署镜像
根据业务逻辑编写deployment
apiVersion: apps/v1 kind: Deployment metadata: name: java-demo-deployment labels: app: java-demo spec: replicas: 2 selector: matchLabels: app: java-demo template: metadata: labels: app: java-demo spec: imagePullSecrets: - name: registry-auth containers: - name: web-java-demo image: myharbor.kingsoft.com/tomcat-java/tomcat-java:v3 ports: - containerPort: 8080 resources: requests: cpu: 0.5 memory: 500Mi limits: cpu: 1 memory: 1Gi livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 50 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 50 periodSeconds: 10 volumeMounts: - name: config mountPath: "/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/application.yml" subPath: application.yml volumes: # 你可以在 Pod 级别设置卷,然后将其挂载到 Pod 内的容器中 - name: config configMap: # 提供你想要挂载的 ConfigMap 的名字 name: java-demo-config # 来自 ConfigMap 的一组键,将被创建为文件 items: - key: "application.yml" path: "application.yml"
注意:项目中需要使用的几个东西:健康检查、配置文件、资源限额、镜像拉取
健康检查主要是对pod启动后是否正常提供服务,端口是否正常进行检查,保证pod的健壮性;
livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 50 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 50 periodSeconds: 10
配置文件通过configmap保存,然后使用volume进行挂在到pod里面直接使用
apiVersion: v1 kind: ConfigMap metadata: name: java-demo-config data: application.yml: | server: port: 8080 spring: datasource: url: jdbc:mysql://localhost:3306/test?characterEncoding=utf-8 username: root password: 12345 driver-class-name: com.mysql.jdbc.Driver freemarker: allow-request-override: false cache: true check-template-location: true charset: UTF-8 content-type: text/html; charset=utf-8 expose-request-attributes: false expose-session-attributes: false expose-spring-macro-helpers: false suffix: .ftl template-loader-path: - classpath:/templates/
资源限额,对pod资源进行限制
resources: requests: cpu: 0.5 memory: 500Mi limits: cpu: 1 memory: 1Gi
镜像拉取,对于像harbor这样的镜像仓库,需要具有登录权限才能拉取镜像。
创建secret:
kubectl create secret docker-registry registry-auth --docker-username=admin --dockepassword=Harbor12345 --docker-server=10.11.97.193
在container同一级别配置拉取镜像密码:
imagePullSecrets: - name: registry-auth
五、暴露应用
service
apiVersion: v1 kind: Service metadata: name: tomcat-java spec: selector: app: java-demo ports: - protocol: TCP port: 80 targetPort: 8080
ingress
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.ingress.kubernetes.io/proxy-connect-timeout":"600","nginx.ingress.kubernetes.io/proxy-read-timeout":"600","nginx.ingress.kubernetes.io/proxy-send-timeout":"600","nginx.ingress.kubernetes.io/rewrite-target":"/$1"},"creationTimestamp":"2021-04-02T05:27:55Z","generation":4,"name":"omms-ingress","namespace":"omms-qa","resourceVersion":"20064615","selfLink":"/apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress","uid":"c72ec48c-17dc-4df8-bf01-35ccab2a0812"},"spec":{"rules":[{"host":"omms-qa.kingsoft.com","http":{"paths":[{"backend":{"serviceName":"tomcat-java","servicePort":80},"path":"/"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(api/.*)"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(token/.*)"},{"backend":{"serviceName":"sysmanagefront","servicePort":8000},"path":"/sysmanage/(.*)"}]}}]},"status":{"loadBalancer":{}}} kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/rewrite-target: /$1 creationTimestamp: "2021-09-29T05:36:03Z" generation: 1 name: omms-ingress namespace: omms-qa resourceVersion: "20072464" selfLink: /apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress uid: b119fe91-0377-44ef-aa7b-9e3cffbb8191 spec: rules: - host: omms-qa.kingsoft.com http: paths: - backend: serviceName: tomcat-java servicePort: 80 path: / - backend: serviceName: ommsweb servicePort: 8000 path: /(api/.*) - backend: serviceName: ommsweb servicePort: 8000 path: /(token/.*) - backend: serviceName: sysmanagefront servicePort: 8000 path: /sysmanage/(.*) status: loadBalancer: {}