容器交付流程

作者：@skyflask
转载本文请注明出处：https://www.cnblogs.com/skyflask/p/15335827.html

---

目录

 一、容器交付流程
 二、容器交付实战
 三、dockerfile制作流程
四、使用控制器部署镜像
 ^{五、暴露应用}

 一、容器交付流程

 

 

 二、容器交付实战

 三、dockerfile制作流程

• 项目代码构成
• 依赖的服务
• 提供服务的端口
• 配置文件
• 程序在工作种涉及持久化的文件

代码项目地址：https://gitee.com/qianxunqianyu/tom-java-demo

1、生成网站打包文件

?

1 2 3 4

yum install java-1.8.0-openjdk maven git -y git clone https://gitee.com/qianxunqianyu/tom-java-demo mvn clean package -Dmaven.test.skip=true # 代码编译构建 unzip target/*.war -d target/ROOT # 解压构建文件

　

2、制作镜像

镜像分类：

基础镜像：例如centos、ubuntu

环境镜像：jdk、nginx

项目镜像：dashboard

Dockerfile编写：

?

1 2 3

FROM tomcat LABEL maintainer xq COPY target/ROOT /usr/local/tomcat/webapps/ROOT

　　

镜像制作：

?

1	docker build -t tomcat-java-demo:v1 .

　　

镜像推送：

?

1	docker push tomcat-java-demo:v1

　　注意：推送镜像时，首先要进行harbor仓库的登录，docker login   myhabor.kingsoft.com；其次要将镜像重新打tag。

harbor默认试用https登录，需要通过以下方式进行修改为http方式：

 cat /etc/docker/daemon.json 

?

1 2 3 4 5

{ "graph":"/data/docker", "registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"], "insecure-registries":["myharbor.kingsoft.com"] }

　　

?

1 2	docker  login myharbor.kingsoft.com docker tag tomcat-java-demo:v1 myharbor.kingsoft.com/tomcat-java/tomcat-java-demo:v1

　　

　

四、使用控制器部署镜像

根据业务逻辑编写deployment

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

apiVersion: apps/v1 kind: Deployment metadata:   name: java-demo-deployment   labels:     app: java-demo spec:   replicas: 2   selector:     matchLabels:       app: java-demo   template:     metadata:       labels:         app: java-demo     spec:       imagePullSecrets:       - name: registry-auth       containers:       - name: web-java-demo         image: myharbor.kingsoft.com/tomcat-java/tomcat-java:v3         ports:         - containerPort: 8080         resources:           requests:             cpu: 0.5             memory: 500Mi           limits:             cpu: 1             memory: 1Gi         livenessProbe:           httpGet:             path: /             port: 8080           initialDelaySeconds: 50           periodSeconds: 10         readinessProbe:           httpGet:             path: /             port: 8080           initialDelaySeconds: 50           periodSeconds: 10         volumeMounts:         - name: config           mountPath: "/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/application.yml"           subPath: application.yml       volumes:       # 你可以在 Pod 级别设置卷，然后将其挂载到 Pod 内的容器中       - name: config         configMap:           # 提供你想要挂载的 ConfigMap 的名字           name: java-demo-config           # 来自 ConfigMap 的一组键，将被创建为文件           items:           - key: "application.yml"             path: "application.yml"

　　

注意：项目中需要使用的几个东西：健康检查、配置文件、资源限额、镜像拉取

 

健康检查主要是对pod启动后是否正常提供服务，端口是否正常进行检查，保证pod的健壮性；

?

1 2 3 4 5 6 7 8 9 10 11 12

livenessProbe:    httpGet:      path: /      port: 8080    initialDelaySeconds: 50    periodSeconds: 10  readinessProbe:    httpGet:      path: /      port: 8080    initialDelaySeconds: 50    periodSeconds: 10

　　

配置文件通过configmap保存，然后使用volume进行挂在到pod里面直接使用

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

apiVersion: v1 kind: ConfigMap metadata:   name: java-demo-config data:   application.yml: |     server:       port: 8080     spring:       datasource:         url: jdbc:mysql://localhost:3306/test?characterEncoding=utf-8         username: root         password: 12345         driver-class-name: com.mysql.jdbc.Driver       freemarker:         allow-request-override: false         cache: true         check-template-location: true         charset: UTF-8         content-type: text/html; charset=utf-8         expose-request-attributes: false         expose-session-attributes: false         expose-spring-macro-helpers: false         suffix: .ftl         template-loader-path:           - classpath:/templates/

　　

资源限额，对pod资源进行限制

?

1 2 3 4 5 6 7

resources:    requests:      cpu: 0.5      memory: 500Mi    limits:      cpu: 1      memory: 1Gi

　　

镜像拉取，对于像harbor这样的镜像仓库，需要具有登录权限才能拉取镜像。

创建secret：

?

1	kubectl create secret docker-registry registry-auth --docker-username=admin --dockepassword=Harbor12345 --docker-server=10.11.97.193

　

在container同一级别配置拉取镜像密码：

?

1 2	imagePullSecrets: - name: registry-auth

　　

　

 

 ^{五、暴露应用}

service

?

1 2 3 4 5 6 7 8 9 10 11

apiVersion: v1 kind: Service metadata:   name: tomcat-java spec:   selector:     app: java-demo   ports:     - protocol: TCP       port: 80       targetPort: 8080

　　

ingress

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

apiVersion: extensions/v1beta1 kind: Ingress metadata:   annotations:     kubectl.kubernetes.io/last-applied-configuration: |       {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.ingress.kubernetes.io/proxy-connect-timeout":"600","nginx.ingress.kubernetes.io/proxy-read-timeout":"600","nginx.ingress.kubernetes.io/proxy-send-timeout":"600","nginx.ingress.kubernetes.io/rewrite-target":"/$1"},"creationTimestamp":"2021-04-02T05:27:55Z","generation":4,"name":"omms-ingress","namespace":"omms-qa","resourceVersion":"20064615","selfLink":"/apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress","uid":"c72ec48c-17dc-4df8-bf01-35ccab2a0812"},"spec":{"rules":[{"host":"omms-qa.kingsoft.com","http":{"paths":[{"backend":{"serviceName":"tomcat-java","servicePort":80},"path":"/"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(api/.*)"},{"backend":{"serviceName":"ommsweb","servicePort":8000},"path":"/(token/.*)"},{"backend":{"serviceName":"sysmanagefront","servicePort":8000},"path":"/sysmanage/(.*)"}]}}]},"status":{"loadBalancer":{}}}     kubernetes.io/ingress.class: nginx     nginx.ingress.kubernetes.io/enable-cors: "true"     nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"     nginx.ingress.kubernetes.io/proxy-read-timeout: "600"     nginx.ingress.kubernetes.io/proxy-send-timeout: "600"     nginx.ingress.kubernetes.io/rewrite-target: /$1   creationTimestamp: "2021-09-29T05:36:03Z"   generation: 1   name: omms-ingress   namespace: omms-qa   resourceVersion: "20072464"   selfLink: /apis/extensions/v1beta1/namespaces/omms-qa/ingresses/omms-ingress   uid: b119fe91-0377-44ef-aa7b-9e3cffbb8191 spec:   rules:   - host: omms-qa.kingsoft.com     http:       paths:       - backend:           serviceName: tomcat-java           servicePort: 80         path: /       - backend:           serviceName: ommsweb           servicePort: 8000         path: /(api/.*)       - backend:           serviceName: ommsweb           servicePort: 8000         path: /(token/.*)       - backend:           serviceName: sysmanagefront           servicePort: 8000         path: /sysmanage/(.*) status:   loadBalancer: {}