上篇博文,发布之后,正好跟着双十一,不知道大家剁手了没~~。好啦,言归正传先声明一下,每周1,3,5更新教程,大家如果想要了解更多的教程可以重温一下之前的教程或者,关注崔格拉斯 公众号,大家想要源码的可以私信我~
每日解析(11.9 每日一题解析)
昨天的教程中留下了一个问题:如何实现数据持久化,确保django project和数据库文件不随pod的销毁而销毁。
解析:
在上一篇教程中,我们已经使用了emptyDir 数据卷。这种数据卷对于当个容器来说是持久的,但是对于Pod来说并不是持久的。当我们删除Pod资源的时候,emptyDir数据卷的内容也会被删除~~。简而言之,emptyDir和Pod的生命周期是绑定的,Pod还在数据卷就不会消失。所以,如果我们的数据持久化,只做到和Pod周期一致,那就不需要进行重新设计啦。当然显然在生产环境中,我们有些数据是需要数据是一致持久存在的,即使是Pod销毁了,数据卷的数据也不可以丢失,这个时候,就要使用共享存储,来实现数据持久化。
kubernetes 提供了数据持久化的方案,我在之前的kubernetes-从入门到弃坑-8中也介绍了PV和PVC。这里我们继续使用NFS 创建pv(外部存储系统中的一块存储空间),pvc(对pv资源的申请)。然后在django_deployment.yaml和mysql_deployment.yaml中设置使用NFS PV。
NFS 服务器
想法再好,也要落地,第一步就是搭建好NFS服务器,有了NFS服务,我们再去考虑其他的事情~~
nfs_install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| yum -y install nfs-utils rpcbind
systemctl start rpcbind.service
systemctl enable rpcbind.service
systemctl start nfs.service
systemctl enable nfs.service
rpcinfo -p localhost
ps -ef|egrep "rpc|nfs"
mkdir -p /nfs-share
chmod a+w /nfs-share
echo "/nfs-share 172.16.0.0/16(rw,async,no_root_squash)" >> /etc/exports
mkdir -p /mysql-share
chmod a+w /mysql-share
echo "/mysql-share 172.16.0.0/16(rw,async,no_root_squash)" >> /etc/exports
mkdir -p /django-share
chmod a+w /django-share
echo "/django-share 172.16.0.0/16(rw,async,no_root_squash)" >> /etc/exports
systemctl restart nfs.service
showmount -e
firewall-cmd --permanent --zone=public --add-port=2049/tcp --add-port=111/tcp --add-port=111/udp --add-port=4046/udp
firewall-cmd --reload
|
安装其实很简单,值得注意的是在使用yum安装完nfs服务之后,我们要根据自己的使用情况,设置nfs共享目录,并且打开防火墙的相关端口,确保其他主机也可以访问~~
确保你的NFS服务已经将这三个文件夹共享出去之后,我们再执行接下来的操作~~
重新制作镜像
重新制作镜像是因为,我们要把开机启动脚本统一放入/start_script目录下,然后便于统一修正管理
mysql/Dockerfile
1
2
3
4
5
| FROM centos7:mysql5.7
MAINTAINER from cgls
RUN chmod +755 /etc/rc.d/rc.local &&
echo "/start_script/mysql_init.sh" >> /etc/rc.d/rc.local
CMD ["/usr/sbin/init"]
|
1
| docker build -t centos7:mysql3 .
|
django/Dockerfile
1
2
3
4
5
6
7
8
| FROM centos7:django2.02
MAINTAINER from cgls
RUN yum -y install git &&
git config --global user.name cuigelasi &&
git config --global user.email cuigelasi@gmail.com &&
chmod +755 /etc/rc.d/rc.local &&
echo "/start_script/django_init.sh" >> /etc/rc.d/rc.local
CMD ["/usr/sbin/init"]
|
1
| docker build -t centos7:django3 .
|
创建PV / PVC
存放初始化脚本的pv/pvc
nfs_pv_init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apiVersion: v1
kind: PersistentVolume
metadata:
name: mypv1
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
storageClassName: mynfs
nfs:
path: /nfs-share
server: 172.16.2.237
|
nfs_pvc_init.yml
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mypvc1
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: mynfs
|
存放mysql数据的pv/pvc
nfs_pv_mysql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apiVersion: v1
kind: PersistentVolume
metadata:
name: mysqlpv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
storageClassName: mysqlnfs
nfs:
path: /mysql-share
server: 172.16.2.237
|
nfs_pvc_mysql.yml
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysqlpvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: mysqlnfs
|
存放django数据的pv/pvc
nfs_pv_django.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| apiVersion: v1
kind: PersistentVolume
metadata:
name: djangopv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
storageClassName: djangonfs
nfs:
path: /django-share
server: 172.16.2.237
|
nfs_pvc_django.yml
1
2
3
4
5
6
7
8
9
10
11
| apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: djangopvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: djangonfs
|
1
2
3
4
5
6
7
8
| kubectl apply -f nfs_pv_init.yaml
kubectl apply -f nfs_pvc_init.yaml
kubectl apply -f nfs_pv_mysql.yaml
kubectl apply -f nfs_pvc_mysql.yaml
kubectl apply -f nfs_pv_django.yaml
kubectl apply -f nfs_pvc_django.yaml
kubectl get pv
kubectl get pvc
|
创建deployment和service资源
仔细阅读下面的代码,看看你能不能找出和上一个版本的差别在哪?
django_deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
大专栏 K8S实战-构建Django项目-03-使用共享存储34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
| apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: mysql
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
initContainers:
- name: mysql-init
image: busybox
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- |
set -ex
cat > /start_script/mysql_init.sh <<EOF
#!/bin/bash
sed -i "/log-error/iskip-grant-tables" /etc/my.cnf
systemctl restart mysqld
sleep 50
mysql -uroot -p123qwe -e "CREATE DATABASE polls DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -uroot -p123qwe -e "use mysql;"
mysql -uroot -p123qwe -e "grant all privileges on *.* to root@'%' identified by "123qwe";"
mysql -uroot -p123qwe -e "flush privileges;"
systemctl restart mysqld
EOF
chmod +x /start_script/mysql_init.sh
volumeMounts:
- name: mysql-initdb
mountPath: /start_script
volumes:
- name: mysql-initdb
persistentVolumeClaim:
claimName: mypvc1
- name: mysql-data
persistentVolumeClaim:
claimName: mysqlpvc
containers:
- image: centos7:mysql3
name: mysql
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
value: 123qwe
readinessProbe:
exec:
command:
- /bin/sh
- "-c"
- MYSQL_PWD="${MYSQL_ROOT_PASSWORD}"
- mysql -h 127.0.0.1 -u root -p $MYSQL_PWD -e "SELECT 1"
initialDelaySeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
periodSeconds: 5
volumeMounts:
- name: mysql-initdb
mountPath: /start_script
- name: mysql-data
mountPath: /raiddisk
apiVersion: v1
kind: Service
metadata:
name: mysql-svc
spec:
selector:
app: mysql
clusterIP: 10.101.1.1
ports:
- protocol: TCP
port: 3306
targetPort: 3306
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: django
name: django
spec:
replicas: 1
selector:
matchLabels:
app: django
template:
metadata:
labels:
app: django
spec:
initContainers:
- name: django-init
image: busybox
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- |
set -ex
cat > /start_script/django_init.sh <<EOF
#!/bin/bash
mkdir /root/django
cd /root/django
git clone https://github.com/cuigelasi/learn_django.git
cd /root/django/learn_django
git checkout -t origin/polls
sed -i "s/172.10.1.2/10.101.1.1/" learn_django/settings.py
sleep 60
python manage.py makemigrations
python manage.py migrate
echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', 'admin@example.com', '123qwe')" | python manage.py shell
python manage.py runserver 0.0.0.0:8000
EOF
chmod +x /start_script/django_init.sh
volumeMounts:
- name: django-initdb
mountPath: /start_script
containers:
- image: centos7:django3
name: django
volumeMounts:
- name: django-initdb
mountPath: /start_script
readinessProbe:
exec:
command:
- cat
- /root/django/learn_django/learn_django/settings.py
initialDelaySeconds: 10
periodSeconds: 5
nodeSelector:
disktype: xfs
volumes:
- name: django-initdb
persistentVolumeClaim:
claimName: mypvc1
- name: django-data
persistentVolumeClaim:
claimName: djangopvc
apiVersion: v1
kind: Service
metadata:
name: django-svc
spec:
type: NodePort
selector:
app: django
clusterIP: 10.101.1.2
ports:
- protocol: TCP
nodePort: 30008
port: 8000
targetPort: 8000
|
好了,不卖关子了,和上个版本的区别有两处,一处是使用的数据卷是PVC,另一处是mysql初始化的时候解决了数据库不能登陆的bug,添加了skip-grant-tables参数。
运行脚本后,我们在浏览器上再去访问看看~~
一切正常,完美解决。
每日一题
问题一:如何实现敏感数据加密?
问题二:如何从版本二升级到版本三?并且可以回滚到版本二?
大家可以好好想想解决方案,下次我将给出一个方案给大家参考~
