部署项目前的梳理:
1.项目的代码构成,什么语言开发的
2.项目的依赖环境
3.项目的配置文件在哪里
4.项目的端口清单
5.项目有没有做数据的持久化
容器交付流程
在K8s平台部署项目流程
在K8s平台部署Java网站项目
阿里云maven源地址: https://maven.aliyun.com/mvn/guide
第一步:制作镜像
yum install java-1.8.0-openjdk maven git -y git clone https://github.com/lizhenliang/tomcat-java-demo mvn clean package -Dmaven.test.skip=true unzip target/*.war -d target/ROOT
FROM lizhenliang/tomcat LABEL maintainer www.ctnrs.com RUN rm -rf /usr/local/tomcat/webapps/* COPY target/ROOT /usr/local/tomcat/webapps/ROOT
docker build -t image:tag . docker push <镜像仓库地址>/<项目名>/image:tag
使用镜像仓库(私有仓库、公共仓库):
1、配置可信任(如果仓库是HTTPS访问不用配置)
{ insecure-registries": [" 192.168.0.13"] }
2、将镜像仓库认证凭据保存在K8s Secret中
kubectl create secret docker-registry registry-auth --docker-username=admin --docker-password=Harbor12345 --docker-server=192.168.0.13
3、在yaml中使用这个认证凭据
imagePullSecrets: - name: registry-auth
配置认证的的原因是部署的harbor是私有仓库,k8s的每个节点每次去拉取镜像都必须登录harbor仓库,比较麻烦,通过在yaml配置文件指定docker登录认证凭据,这样docker每次部署的时候就会自动去拉取镜像了。
第二步:使用控制器部署镜像
注意:在pod中挂载configmap配置文件时,如果指定容器内挂载的目录不是空目录,那么会覆盖原来目录下的内容。
部署configmap
vim configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: name: java-demo-config data: application.yml: | server: port: 8080 spring: datasource: url: jdbc:mysql://java-demo-db:3306/k8s?characterEncoding=utf-8 username: azhe password: 123456 driver-class-name: com.mysql.jdbc.Driver freemarker: allow-request-override: false cache: true check-template-location: true charset: UTF-8 content-type: text/html; charset=utf-8 expose-request-attributes: false expose-session-attributes: false expose-spring-macro-helpers: false suffix: .ftl template-loader-path: - classpath:/templates/
部署deployment
vim deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: web spec: replicas: 3 selector: matchLabels: app: java template: metadata: labels: app: java spec: imagePullSecrets: - name: registry-auth containers: - image: 192.168.0.13/demo/java-demo:v1 name: java-demo resources: requests: cpu: 0.5 memory: 500Mi limits: cpu: 1 memory: 1Gi livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 40 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 40 periodSeconds: 10 volumeMounts: - name: config mountPath: "/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/application.yml" subPath: "application.yml" volumes: - name: config configMap: name: java-demo-config items: - key: "application.yml" path: "application.yml"
kubectl apply -f configmap.yaml kubectl apply -f deployment.yaml
第三步:对外暴露应用
部署service
vim service.yaml
apiVersion: v1 kind: Service metadata: name: java-demo spec: selector: app: java ports: - protocol: TCP port: 80 targetPort: 8080
部署ingress(首先部署nginx-ingress-controller,监听端口是80和443)
vim ingress.yaml
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: java-demo spec: rules: - host: java.ctnrs.com http: paths: - path: / pathType: Prefix backend: service: name: java-demo port: number: 80
部署mysql数据库(1.部署NFS实现自动创建PV插件 2.导入表到k8s数据库)
nfs-client.zip
yum install nfs-utils mkdir -p /nfs/kubernetesvim /etc/exports /nfs/kubernetes *(rw,no_root_squash) systemctl start nfs systemctl enable nfs git clone https://github.com/kubernetes-incubator/external-storage cd nfs-client/deploy kubectl apply -f rbac.yaml kubectl apply -f deployment.yaml kubectl apply -f class.yaml kubectl get sc kubectl get pod kubectl cp tables_ly_tomcat.sql java-demo-db-6c775c4d4b-7xfgc:/ kubectl exec -it java-demo-db-6c775c4d4b-7xfgc -- bash mysql -u root -p$MYSQL_ROOT_PASSWORD show databses; use k8s; source /tables_ly_tomcat.sql;
vim mysql.yaml
apiVersion: v1 kind: Secret metadata: name: java-demo-db namespace: default type : Opaquedata: mysql-root-password: "MTIzNDU2" mysql-password: "MTIzNDU2" --- apiVersion: apps/v1 kind: Deployment metadata: name: java-demo-db namespace: default spec: selector: matchLabels: project: www app: mysql template: metadata: labels: project: www app: mysql spec: containers: - name: db image: mysql:5.7.30 resources: requests: cpu: 500m memory: 512Mi limits: cpu: 500m memory: 512Mi env : - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: java-demo-db key: mysql-root-password - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: java-demo-db key: mysql-password - name: MYSQL_USER value: "azhe" - name: MYSQL_DATABASE value: "k8s" ports: - name: mysql containerPort: 3306 livenessProbe: exec : command : - sh - -c - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD} " initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: exec : command : - sh - -c - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD} " initialDelaySeconds: 5 periodSeconds: 10 volumeMounts: - name: data mountPath: /var/lib/mysql volumes: - name: data persistentVolumeClaim: claimName: java-demo-db --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: java-demo-db namespace: default spec: storageClassName: "managed-nfs-storage" accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" --- apiVersion: v1 kind: Service metadata: name: java-demo-db namespace: default spec: type : ClusterIP ports: - name: mysql port: 3306 targetPort: mysql selector: project: www app: mysql
kubectl apply -f service.yaml kubectl apply -f ingress.yaml kubectl apply -f mysql.yaml
访问java.ctnrs.com ,添加用户验证数据库是否可用
第四步:增加公网负载均衡器
upstream java-demo { server 192.168.0.12:80; server 192.168.0.13:80; } server { listen 81; server_name java.ctnrs.com; location / { proxy_pass http://java-demo; proxy_set_header Host $Host ; } }
访问java.ctnrs.com:81
1、为指定用户授权访问不同命名空间权限
2、使用Helm完成Java网站项目部署
注:自由发挥,实现需求即可
