11、nginx(未加密)+php wordpress + mysql
#wordpress+mysql延用上边部署好的
[root@k8s-master01 ~]#vim /data/conf/wang.conf
server {
listen 80;
listen 443 ssl http2;
server_name www.wang.org;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
client_max_body_size 20m;
include /etc/nginx/conf.d/wang-*.cfg;
location / {
proxy_pass http://wang-wordpress;
}
[root@k8s-master01 ~]#vim /data/conf/wang-gzip.cfg
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
[root@k8s-master01 ~]#vim /data/conf/wang-status.cfg
location /nginx-status {
stub_status on;
access_log off;
}
[root@k8s-master01 ~]#kubectl create configmap nginx-confs --from-file=/data/conf/ --dry-run=client -o yaml > nginx-confs.yaml
[root@k8s-master01 ~]#vim nginx-wordpress-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx-wordpress
name: nginx-wordpress
spec:
ports:
- name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: wordpress
type: NodePort
status:
loadBalancer: {}
[root@k8s-master01 ~]#vim nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: wordpress
spec:
containers:
- name: nginxserver
image: nginx:alpine
volumeMounts:
- name: nginx-cert
mountPath: /etc/nginx/certs/
readOnly: true
- name: nginx-conf
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: nginx-cert
secret:
secretName: nginx-certs
- name: nginx-conf
configMap:
name: nginx-confs
optional: false
[root@k8s-master01 ~]#kubectl apply -f nginx-wordpress-svc.yaml
[root@k8s-master01 ~]#kubectl apply -f nginx-confs.yaml
configmap/nginx-confs created
[root@k8s-master01 ~]#kubectl apply -f nginx.yaml
pod/nginx created
[root@k8s-master01 ~]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d
mydb ClusterIP 10.98.239.149 <none> 3306/TCP 3h40m
nginx-wordpress NodePort 10.98.220.213 <none> 80:32649/TCP 171m
wordpress NodePort 10.103.38.62 <none> 80:31808/TCP 3h32m
12、初始化集群service模式为ipvs
#环境部署、安装docker、cri-dockerd等步骤略过 具体步骤参考:https://blog.51cto.com/dayu/5847893
#初始化第一节点用以下配置:
[root@k8s-master01 ~]#vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
kind: InitConfiguration
localAPIEndpoint:
# 这里的地址即为初始化的控制平面第一个节点的IP地址;
advertiseAddress: 192.168.100.201
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
# 第一个控制平面节点的主机名称;
name: k8s-master01.wang.com
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
# 控制平面的接入端点,我们这里选择适配到kubeapi.wang.com这一域名上;
controlPlaneEndpoint: "kubeapi.wang.com:6443"
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.25.4
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# 用于配置kube-proxy上为Service指定的代理模式,默认为iptables;
mode: "ipvs"
[root@k8s-master01 ~]#kubeadm init --config kubeadm-config.yaml --upload-certs
#其他步骤略过,具体步骤参考:https://blog.51cto.com/dayu/5847893
[root@k8s-master01 manifests]#ip a
......
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 3a:1b:d4:a5:8d:51 brd ff:ff:ff:ff:ff:ff
inet 10.96.0.10/32 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.96.0.1/32 scope global kube-ipvs0
valid_lft forever preferred_lft forever
......
13、external作为接入点部署wordpress
要求:Pod/Wordpress-APACHE, 部署在Kubernetes上,Service使用ExternalIP接入; MySQL要部署在集群外部,Wordpress基于Kubernetes SErvice名称访问MySQL
#mysql主机(192.168.100.207)创建:
mysql> create database wpdb;
mysql> create user wordpress@'%' identified by '123456';
mysql> grant all on wpdb.* to wordpress@'%';
#以下操作都在master01操作:
[root@k8s-master01 ~]#ip a add 192.168.100.188/24 dev enp1s0
#创建secret(mysql用户名密码)
[root@k8s-master01 ~]#kubectl create secret generic mysql-secret --from-literal=db.name=wpdb --from-literal=db.user.name=wordpress --from-literal=db.user.passwd=123456 --dry-run=client -o yaml > mysql-secret.yaml
[root@k8s-master01 ~]#vim mysql-secret.yaml
apiVersion: v1
data:
db.name: d3BkYg==
db.user.passwd: MTIzNDU2
db.user.name: d29yZHByZXNz
kind: Secret
metadata:
creationTimestamp: null
name: mysql-secret
#创建用于mysql的service:
[root@k8s-master01 ~]#vim mydb-svc.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: mysql-external
namespace: default
subsets:
- addresses:
- ip: 192.168.100.207
ports:
- name: mysql
port: 3306
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: mysql-external
namespace: default
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: 3306
protocol: TCP
#创建用于wordpress的service:
[root@k8s-master01 ~]#kubectl create svc nodeport wordpress --tcp=80:80 --dry-run=client -o yaml > wordpress-svc.yaml
[root@k8s-master01 ~]#vim wordpress-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: wordpress
name: wordpress
spec:
ports:
- name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: wordpress
type: NodePort
externalIPs:
- 192.168.100.199
status:
loadBalancer: {}
#生成wordpress资源模版:
kubectl run wordpress --image=wordpress:6.1-apache --port=80 --restart=Never --dry-run=client -o yaml > wordpress.yaml
#创建wordpress资源
[root@k8s-master01 ~]#vim wordpress.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
app: wordpress
name: wordpress
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/gtsre/wordpress:6.0.2 #更改为阿里云地址
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: mysql-external
- name: WORDPRESS_DB_NAME
valueFrom:
secretKeyRef:
name: mysql-secret
key: db.name
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: mysql-secret
key: db.user.name
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: db.user.passwd
volumeMounts:
- name: wordpress-nfs
mountPath: /var/www/html
ports:
- containerPort: 80
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
volumes:
- name: wordpress-nfs #动态置备sc请查看8-1
persistentVolumeClaim:
claimName: nfs-csi-wordpress-pvc
status: {}
[root@k8s-master01 ~]#kubectl apply -f mysql-secret.yaml
[root@k8s-master01 ~]#kubectl apply -f mydb-svc.yaml
[root@k8s-master01 ~]#kubectl apply -f wordpress-svc.yaml
[root@k8s-master01 ~]#kubectl apply -f wordpress.yaml
14、nginx反向代理wordpress
要求:Pod/Wordpress-FPM和nginx, 部署在Kubernetes上,Nginx Service使用ExternalIP接入,并反代给Wordpress;MySQL要部署在集群外部,Wordpress基于Kubernetes SErvice名称访问MySQL;
#基于上边部署的wordpress增加nginx:
[root@k8s-master01 ~]#mkdir /data/conf -p
[root@k8s-master01 ~]#cd /data/conf/
[root@k8s-master01 conf]#vim wang.conf
server {
listen 80;
# listen 443 ssl http2;
server_name www.wang.org;
# ssl_certificate /etc/nginx/certs/tls.crt;
# ssl_certificate_key /etc/nginx/certs/tls.key;
client_max_body_size 20m;
include /etc/nginx/conf.d/wang-*.cfg;
location / {
proxy_pass http://wordpress.default;
}
}
[root@k8s-master01 conf]#vim wang-gzip.cfg
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
[root@k8s-master01 conf]#vim wang-status.cfg
location /nginx-status {
stub_status on;
access_log off;
}
[root@k8s-master01 ~]#kubectl create service nodeport nginx-wordpress --tcp=80:80 --dry-run=client -o yaml > nginx-wordpress-svc.yaml
[root@k8s-master01 ~]#vim nginx-wordpress-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx-wordpress
name: nginx-wordpress
spec:
ports:
- name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: wordpress
type: NodePort
status:
loadBalancer: {}
[root@k8s-master01 ~]#kubectl apply -f nginx-wordpress-svc.yaml
[root@k8s-master01 ~]#kubectl create configmap nginx-confs --from-file=/data/conf/ --dry-run=client -o yaml > nginx-confs.yaml
[root@k8s-master01 ~]#kubectl apply -f nginx-confs.yaml
[root@k8s-master01 ~]#vim nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: wordpress
spec:
containers:
- name: nginxserver
image: nginx:alpine
volumeMounts:
- name: nginx-cert
mountPath: /etc/nginx/certs/
readOnly: true
- name: nginx-conf
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: nginx-cert
secret:
secretName: nginx-certs
- name: nginx-conf
configMap:
name: nginx-confs
optional: false
[root@k8s-master01 ~]#kubectl apply -f nginx.yaml
[root@k8s-master01 ~]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6h18m
mysql-external ClusterIP 10.103.54.79 <none> 3306/TCP 3h27m
nginx-wordpress NodePort 10.106.108.17 <none> 80:32112/TCP 26m
wordpress NodePort 10.105.215.135 192.168.100.199 80:31880/TCP 3h20m
15、部署jpress
要求:Pod/Tomcat-jpress和Nginx,部署在Kubernetes上,Nginx Service使用ExternalIP接入,并反代给tomcat;MySQL要部署在集群外部,jpress基于Kubernetes SErvice名称访问MySQL;
#mysql创建数据库后台用户密码:
mysql> create database jpress;
mysql> create user jpress@'%' identified by '123456';
mysql> grant all on jpress.* to jpress@'%';
mysql> alter user jpress@'%' identified with mysql_native_password by '123456'; #注意:jpress连接数据库,要求认证方式为mysql_native_password
mysql> flush privileges;
#nfs服务器创建用于挂载的目录
[root@mysql ~]#vim /etc/exports
/data/jpress 192.168.100.0/24(rw,no_subtree_check,no_root_squash)
[root@mysql ~]#exportfs -ar
#jpress资源清单:
#创建数据库资源:(如果在wordpress试验中已经创建,此步不需要再做)
[root@k8s-master01 ~]#vim mydb-svc.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: mysql-external
namespace: default
subsets:
- addresses:
- ip: 192.168.100.207
ports:
- name: mysql
port: 3306
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: mysql-external
namespace: default
spec:
type: ClusterIP
ports:
- name: mysql
port: 3306
targetPort: 3306
protocol: TCP
#创建用于jpress的service资源:
[root@k8s-master01 ~]#vim jpress-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: jpress
name: jpress
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: jpress
type: NodePort
status:
loadBalancer: {}
#创建用于jpress的sc资源
[root@k8s-master01 ~]#vim jpress-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi-jpress
provisioner: nfs.csi.k8s.io
parameters:
server: 192.168.100.207
share: /data/jpress
reclaimPolicy: Retain
volumeBindingMode: Immediate
mountOptions:
- hard
- nfsvers=4.1
#创建用于jpress的pvc资源:
[root@k8s-master01 ~]#vim jpress-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-csi-jpress-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: nfs-csi-jpress
#创建jpress资源
[root@k8s-master01 ~]#vim jpress.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
app: jpress
name: jpress
spec:
containers:
- image: registry.cn-zhangjiakou.aliyuncs.com/dy-dockerfile/ubuntu_tomcat:v1.0
name: jpress
ports:
- containerPort: 8080
volumeMounts:
- name: jpress-nfs
mountPath: /data/jpress
volumes:
- name: jpress-nfs
persistentVolumeClaim:
claimName: nfs-csi-jpress-pvc
[root@k8s-master01 ~]#kubectl apply -f jpress-svc.yaml
[root@k8s-master01 ~]#kubectl apply -f jpress-sc.yaml
[root@k8s-master01 ~]#kubectl apply -f jpress-pvc.yaml
[root@k8s-master01 ~]#kubectl apply -f jpress.yaml
#nginx反向代理jpress资源清单:
[root@k8s-master01 ~]#ip a add 192.168.100.166/24 dev enp1s0
#创建用于nignx的svc资源:
[root@k8s-master01 ~]#vim nginx-jpress-svc.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: nginx-jpress
name: nginx-jpress
spec:
ports:
- name: 80-8080
port: 80
protocol: TCP
targetPort: 8080
selector:
app: jpress
type: NodePort
externalIPs:
- 192.168.100.166
status:
loadBalancer: {}
[root@k8s-master01 ~]#cat /data/jpress/wang.conf
server {
listen 80;
server_name jpress.wang.org;
client_max_body_size 20g;
include /etc/nginx/conf.d/wang-*.cfg;
location / {
proxy_pass http://jpress.default;
}
}
[root@k8s-master01 ~]#cat /data/jpress/wang-status.cfg
location /nginx-status {
stub_status on;
access_log off;
}
[root@k8s-master01 ~]#cat /data/jpress/wang-gzip.cfg
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
#创建用于nginx的configMap资源:
[root@k8s-master01 ~]#kubectl create configmap nginx-jpress-confs --from-file=/data/jpress/ --dry-run=client -o yaml > nginx-jpress-confs.yaml
#创建用于nginx资源:
[root@k8s-master01 ~]#vim nginx-jpress.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-jpress
labels:
app: jpress
spec:
containers:
- name: nginx-jpress-server
image: nginx:alpine
volumeMounts:
- name: jpress-conf
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: jpress-conf
configMap:
name: nginx-jpress-confs
optional: false
[root@k8s-master01 ~]#kubectl apply -f nginx-jpress-svc.yaml
[root@k8s-master01 ~]#kubectl apply -f nginx-jpress-confs.yaml
[root@k8s-master01 ~]#kubectl apply -f nginx-jpress.yaml
[root@k8s-master01 ~]#kubectl get pod
NAME READY STATUS RESTARTS AGE
jpress 1/1 Running 0 39m
nginx-jpress 1/1 Running 0 20m
[root@k8s-master01 ~]#kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jpress NodePort 10.102.38.130 <none> 8080:32166/TCP 3h48m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 46h
mysql-external ClusterIP 10.103.54.79 <none> 3306/TCP 43h
nginx-jpress NodePort 10.109.56.196 192.168.100.166 80:30013/TCP 20m