(1) 项目迁移到k8s平台的流程
1) 制作镜像
dockerfile、docker+jenkins持续集成。镜像分类:基础镜像、中间镜像、项目镜像
2) 控制器管理pod
控制器管理pod,deployment(无状态应用)、deamonset(守护进程)、statsfulset(有状态应用)、job&cronjob(批处理)
3) pod数据持久化
pv、pvc
4) 暴露应用
5) 对外发布应用
service nodeport、ingress(LB -> ingress controller -> pod)
2 环境说明
| 主机名称 | ip地址 | 备注 |
|---|---|---|
| k8s_harbor | 172.16.1.61 | 访问:http://172.16.1.61/ 用户:admin 密码:Harbor12345 项目:java(包含tomcat:v01的镜像) |
| k8s_gitlab | 172.16.1.62 | 访问:http://172.16.1.62:9999/ 用户:root 密码:12345678 项目:dev/java |
| k8s_nfs | 172.16.1.63 | 用于镜像构建和镜像推送和nfs |
(1) 安装编译环境 1) 安装openjdk和maven [root@k8s_nfs ~]# yum install java-1.8.0-openjdk maven -y 2) 替换maven国内源 [root@k8s_nfs ~]# vim /etc/maven/settings.xml # 158行下面插入如下内容 <mirror> <id>aliyunmaven</id> <mirrorOf>*</mirrorOf> <name>阿里云公共仓库</name> <url>https://maven.aliyun.com/repository/public</url> </mirror> (2) 编译构建 [root@k8s_nfs ~]# git clone http://172.16.1.62:9999/dev/java.git [root@k8s_nfs ~]# cd java/ [root@k8s_nfs java]# mvn clean package -DskipTests=true [root@k8s_nfs java]# ls target/ classes ly-simple-tomcat-0.0.1-SNAPSHOT maven-archiver generated-sources ly-simple-tomcat-0.0.1-SNAPSHOT.war maven-status (3) 使用Dockerfile构建镜像并将war包推送到镜像仓库 1) 修改harbor镜像仓库认证(需要在k8s集群上也要做配置,否则无法拉取) [root@k8s_nfs java]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://b1cx9cn7.mirror.aliyuncs.com"], "insecure-registries": ["172.16.1.61"] } [root@k8s_nfs java]# systemctl daemon-reload [root@k8s_nfs java]# systemctl restart docker 2) 登录镜像仓库 [root@k8s_nfs java]# docker login 172.16.1.61 3) 将war包打入tomcat镜像 [root@k8s_nfs java]# cat Dockerfile FROM 172.16.1.61/java/tomcat:v01 RUN rm -rf /usr/local/tomcat/webapps/* COPY target/*.war /usr/local/tomcat/webapps/ROOT.war [root@k8s_nfs java]# docker build -t 172.16.1.61/java/tomcat:v20 . [root@k8s_nfs java]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.16.1.61/java/tomcat v20 36330bfb480e 9 seconds ago 785MB 172.16.1.61/java/tomcat v01 fc492f3c2b01 23 hours ago 767MB 4) 推送tomcat项目镜像到harbor仓库 [root@k8s_nfs java]# docker push 172.16.1.61/java/tomcat:v20 (4) 创建secret保存harbor认证信息 [root@k8s-admin ~]# kubectl create secret docker-registry dockerpullauth --docker-username=admin --docker-password=Harbor12345 --docker-server=172.16.1.61 (5) 编写yaml部署(deployment) [root@k8s-admin ~]# kubectl create deployment java --image=172.16.1.61/java/tomcat:v20 --dry-run -o yaml > deplo yment-java.yaml [root@k8s-admin ~]# cat deployment-java.yaml apiVersion: apps/v1 kind: Deployment metadata: name: java labels: app: java spec: replicas: 3 selector: matchLabels: project: www app: java template: metadata: labels: project: www app: java spec: imagePullSecrets: - name: "dockerpullauth" restartPolicy: Always containers: - image: 172.16.1.61/java/tomcat:v20 name: tomcat imagePullPolicy: IfNotPresent ports: - containerPort: 8080 name: tomcat protocol: TCP resources: requests: cpu: 0.5 memory: 1Gi limits: cpu: 1 memory: 2Gi livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 60 timeoutSeconds: 20 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 20 [root@k8s-admin ~]# kubectl apply -f deployment-java.yaml [root@k8s-admin ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES java-7f9c5f9d64-8n675 1/1 Running 0 9m26s 10.244.1.14 k8s-node1 <none> <none> java-7f9c5f9d64-tnrft 1/1 Running 0 9m26s 10.244.2.13 k8s-node2 <none> <none> java-7f9c5f9d64-xntk9 1/1 Running 0 9m26s 10.244.2.12 k8s-node2 <none> <none> (6) 编写yaml部署(service) [root@k8s-admin ~]# kubectl expose deployment java --port=80 --target-port=8080 --type=NodePort --dry-run -o yaml > service-java.yaml [root@k8s-admin ~]# cat service-java.yaml apiVersion: v1 kind: Service metadata: labels: app: java name: java spec: ports: - port: 80 protocol: TCP targetPort: 8080 nodePort: 30009 selector: app: java project: www type: NodePort [root@k8s-admin ~]# kubectl apply -f service-java.yaml [root@k8s-admin ~]# kubectl get deploy,pod,svc,ep -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/java 3/3 3 3 30m tomcat 172.16.1.61/java/tomcat:v20 app=java,project=www NAME READY STATUS RESTARTS AGE IP NODE pod/java-7f9c5f9d64-8n675 1/1 Running 0 30m 10.244.1.14 k8s-node1 pod/java-7f9c5f9d64-tnrft 1/1 Running 0 30m 10.244.2.13 k8s-node2 pod/java-7f9c5f9d64-xntk9 1/1 Running 0 30m 10.244.2.12 k8s-node2 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/java NodePort 10.96.192.44 <none> 80:30009/TCP 2m53s app=java,project=www service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 44d <none> NAME ENDPOINTS AGE endpoints/java 10.244.1.14:8080,10.244.2.12:8080,10.244.2.13:8080 2m53s endpoints/kubernetes 172.16.1.70:6443 44d (7) 访问 http://172.16.1.71:30009/ http://172.16.1.72:30009/ (8) 创建数据库 [root@k8s_nfs ~]# docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7 [root@k8s_nfs ~]# docker exec -it mysql bash root@d5503ea45b93:/# mysql -uroot -p$MYSQL_ROOT_PASSWORD mysql> grant all on test.* to wp@'%' identified by '123456'; (9) 安装ingress-controller配置ingress.yaml模板实现对service下的pod做负载均衡,可以跳过k8s service的转发网络,直接负载service后面的pod提高效率。