一,基础部署wordpress
[root@node k8s]# vim mysql.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
kind: Service
apiVersion: v1
metadata:
name: mysql
namespace: mysql
spec:
ports:
- name: http
port: 3306
targetPort: 3306
selector:
app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: name-mysql
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
[root@node k8s]# cat wordpress.yaml
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app: wordpress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: php
image: alvinos/php:wordpress-v2
- name: nginx
image: alvinos/nginx:wordpress-v2
[root@node k8s]# kubectl get pods -n mysql
NAME READY STATUS RESTARTS AGE
name-mysql-56f8cdb464-b2klq 1/1 Running 0 40m
[root@node k8s]# kubectl exec -it -n mysql name-mysql-56f8cdb464-b2klq -- bash
root@name-mysql-56f8cdb464-b2klq:/# mysql -uroot -p
Enter password: 123456
...
mysql> create database wordpress;
Query OK, 1 row affected (0.01 sec)
mysql> exit
[root@node k8s]# kubectl get svc -n wordpress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress NodePort 10.104.183.253 <none> 80:30311/TCP,443:31933/TCP 30m
访问ip:30311
加上ingress
1.http部署
mysql.yaml不变
[root@k8s-n1 k8s]# cat wordpree.yaml
apiVersion: v1
kind: Namespace
metadata:
name: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
selector:
app: wordpress
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: php
image: alvinos/php:wordpress-v2
- name: nginx
image: alvinos/nginx:wordpress-v2
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: wordpress
namespace: wordpress
spec:
rules:
- host: "www.wordpress.com" # 要绑定的域名
http:
paths:
- path: / # 请求的路径
pathType: Prefix #自由匹配
backend:
service:
name: wordpress # 必须和service的名字一致才可以绑定
port:
number: 80 # 服务的端口号
[root@k8s-n1 k8s]# kubectl get ingress -n wordpress
NAME CLASS HOSTS ADDRESS PORTS AGE
wordpress <none> www.wordpress.com 80 8m19s
[root@k8s-n1 k8s]# kubectl get svc -n wordpress
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
wordpress NodePort 10.99.151.6 <none> 80:32379/TCP,443:32121/TCP 24m
访问 域名:32379
2.https部署
# 生成证书
[root@m01 k8s]# openssl genrsa -out tls.key 2048
[root@m01 k8s]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.wordpress.com
# 查看
[root@m01 k8s]# ll
-rw-r--r-- 1 root root 1289 Aug 12 22:46 tls.crt
-rw-r--r-- 1 root root 1679 Aug 12 22:46 tls.key
# 绑定证书
kubectl -n [名称空间] create secret tls [secretname] --cert=[证书.crt] --key=[证书.key]
kubectl -n wordpress create secret tls ingress-tls --cert=tls.crt --key=tls.key
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: wordpress
spec:
tls:
- secretName: ingress-tls
rules:
- host: "www.wordpress.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress
port:
number: 80
# 部署
kubectl apply -f
# 配置hosts访问
www.wordpress.com:30542
二、k8s部署discuz
要求:
ingress ---> headless service ---> pod
1、要有健康检查
2、要求有https
3、要求有存储卷(hostpath)
1、下载discuz安装包,并解压,同步到所有节点上
[root@k8s-m-01 /opt/discuz]# for i in m2 m3;do ssh root@$i "mkdir -pv /opt/discuz" && scp discuz.tar.gz root@$i:/opt/discuz/; ssh root@$i "cd /opt/discuz && tar -xf discuz.tar.gz -C /opt/discuz && chmod -R o+w /opt/discuz/upload"; done
2、构思架构,并且编写配置清单(见下文)
3、部署并调试
1、创建HTTPS证书
[root@k8s-m-01 /opt/discuz]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
.................................................................................+++
e is 65537 (0x10001)
[root@k8s-m-01 /opt/discuz]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.discuz.cluster.local.com
2、部署证书
[root@k8s-m-01 /opt/discuz]# kubectl create namespace discuz
namespace/discuz created
[root@k8s-m-01 /opt/discuz]# kubectl -n discuz create secret tls discuz-secret --cert=tls.crt --key=tls.key
secret/discuz-secret created
配置清单
#########################################################################################
# 1、部署MySQL集群
# 1、创建命名空间
# 2、创建service提供负载均衡
# 3、使用控制器部署MySQL实例
###
# 2、部署Discuz应用
# 1、创建命名空间
# 2、创建Service提供负载均衡(Headless Service)
# 3、创建服务并挂载代码
# 4、创建Ingress,用于域名转发(https)
###
# 3、服务之间的互连
# 1、Discuz连接MySQL ---> mysql.mysql.svc.cluster.local
#########################################################################################
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
kind: Service
apiVersion: v1
metadata:
name: mysql-svc
namespace: mysql
spec:
ports:
- port: 3306
targetPort: 3306
name: mysql
protocol: TCP
selector:
app: mysql
deploy: discuz
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-deployment
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
deploy: discuz
template:
metadata:
labels:
app: mysql
deploy: discuz
spec:
nodeName: k8s-m-02
containers:
- name: mysql
image: mysql:5.7
livenessProbe: #存活性检查
tcpSocket:
port: 3306
readinessProbe: #就绪性检查
tcpSocket:
port: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
- name: MYSQL_DATABASE #默认创建的数据库
value: "discuz"
#lifecycle: #启动回调钩子,和默认创建数据库value的方式2选1,推荐,因可以指定字符编码
# postStart:
# exec:
# command:
# - "/bin/bash"
# - "-c"
# - "mysql -uroot -p123456 -e 'create database discuz charset utf8;'"
volumeMounts: #挂载
- mountPath: /var/lib/mysql #挂载的路径,容器内
name: mysql-data
volumes:
- name: mysql-data
hostPath:
path: /opt/discuz/mysql #宿主主机的路径
---
kind: Namespace
apiVersion: v1
metadata:
name: discuz
---
kind: Service
apiVersion: v1
metadata:
name: discuz-svc
namespace: discuz
spec:
clusterIP: None
ports:
- port: 80
targetPort: 80
name: http
selector:
app: discuz
deploy: discuz
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: discuz-deployment
namespace: discuz
spec:
selector:
matchLabels:
app: discuz
deploy: discuz
template:
metadata:
labels:
app: discuz
deploy: discuz
spec:
containers:
- name: php
image: alvinos/php:wordpress-v2
livenessProbe:
tcpSocket:
port: 9000
readinessProbe:
tcpSocket:
port: 9000
volumeMounts:
- mountPath: /usr/share/nginx/html #挂载在容器的路径
name: discuz-data
- name: nginx
image: alvinos/nginx:wordpress-v2
livenessProbe:
httpGet:
port: 80
path: /
readinessProbe:
httpGet:
port: 80
path: /
volumeMounts:
- mountPath: /usr/share/nginx/html
name: discuz-data
volumes:
- name: discuz-data
hostPath:
path: /opt/discuz/upload
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: discuz-ingress
namespace: discuz
spec:
tls:
- hosts:
- www.discuz.cluster.local.com
secretName: discuz-secret
rules:
- host: www.discuz.cluster.local.com
http:
paths:
- backend:
serviceName: discuz-svc
servicePort: 80