文章目录
搭建Discuz
链接:https://gitee.com/3dming/DiscuzL/attach_files
要求:ingress —> headless service —> pod
1、要有健康检查
2、要求有https
3、要求有存储卷,数据持久化,防止容器停止或宕机数据随之丢失
(hostpath:类似于docker -v参数,将存储卷挂载在本地【pod部署的节点上】)
#1.准备软件包
[root@k8s-master1 discuz]# ll
总用量 12044
-rw-r--r-- 1 root root 12330468 4月 7 2021 Discuz_X3.4_SC_UTF8_20210320.zip
[root@k8s-master1 discuz]# unzip Discuz_X3.4_SC_UTF8_20210320.zip
[root@k8s-master1 discuz]# ll
总用量 12172
-rw-r--r-- 1 root root 12330468 4月 7 2021 Discuz_X3.4_SC_UTF8_20210320.zip
-rw-r--r-- 1 root root 17886 3月 20 10:36 LICENSE
-rw-r--r-- 1 root root 31040 1月 19 17:18 qqqun.png
drwxr-xr-x 2 root root 124 3月 22 19:44 readme
-rw-r--r-- 1 root root 71107 1月 19 17:20 readme.html
drwxr-xr-x 13 root root 4096 3月 22 19:44 upload
drwxr-xr-x 4 root root 94 3月 22 19:44 utility
#给upload打包以便后边存储卷hostpath使用
[root@k8s-master1 discuz]# tar -czf discuz.tar.gz upload/
[root@k8s-master1 discuz]# ll
总用量 22260
-rw-r--r-- 1 root root 10329409 4月 4 01:42 discuz.tar.gz
#给每个节点都推一份upload压缩包
[root@k8s-master1 discuz]# for i in n1 n2;do
> ssh root@$i "mkdir -pv /opt/discuz" && scp discuz.tar.gz root@$i:/opt/discuz/
> ssh root@$i "cd /opt/discuz && tar -xf discuz.tar.gz -C /opt/discuz"
> done
mkdir: 已创建目录 "/opt/discuz"
discuz.tar.gz 100% 10MB 48.9MB/s 00:00
ssh: Could not resolve hostname n2: Name or service not known
ssh: Could not resolve hostname n2: Name or service not known
#所有节点都需要添加可写权限
[root@k8s-master1 discuz]# chmod -R o+w upload/
[root@k8s-master1 discuz]# ll
drwxr-xrwx 13 root root 4096 3月 22 19:44 upload
#2.编写配置清单思路梳理
1.部署MySQL集群
命名空间
service提供负载均衡
使用控制器部署MySQL实例
2.部署discuz应用
创建命名空间
创建service提供负载均衡(headless service)
创建ingress,用于域名转发
3.服务之间的互连
discuz连接MySQL===》mysql.mysql.svc.cluster.local
==============================================================================
#3.创建证书
[root@k8s-master1 discuz]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
........................................................................+++
e is 65537 (0x10001)
[root@k8s-master1 discuz]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=ShangHai/L=ShangHai/O=Ingress/CN=www.discuz.cluster.local.com #注意域名要与配置清单定义相同
#部署证书
[root@k8s-master1 discuz]# kubectl create namespace discuz #部署证书之前要先创命名空间
namespace/discuz created
[root@k8s-master1 discuz]# kubectl -n discuz create secret tls discuz-secret --cert=tls.crt --key=tls.key #注意证书的secretname要与配置清单定义相同(discuz-secret)
secret/discuz-secret created
[root@k8s-master1 discuz]# ll #查看生成证书
-rw-r--r-- 1 root root 1334 4月 4 03:50 tls.crt
-rw-r--r-- 1 root root 1675 4月 4 03:49 tls.key
#4.部署配置清单
[root@k8s-master1 discuz]# vim discuz.yaml
apiVersion: v1 #定义MySQL命名空间
kind: Namespace
metadata:
name: mysql
---
apiVersion: v1 #定义MySQLservice
kind: Service
metadata:
name: mysql-svc
namespace: mysql
spec:
ports:
- port: 3306
targetPort: 3306
name: mysql
protocol: TCP
selector:
app: mysql
deploy: discuz
---
apiVersion: apps/v1 #定义MySQL控制器
kind: Deployment
metadata:
name: mysql-deployment
namespace: mysql
spec:
selector:
matchLabels:
app: mysql
deploy: discuz #应用标签
template:
metadata:
labels:
app: mysql
deploy: discuz
spec:
nodeName: gdx3 #指定调度到哪个节点上(kubectl get nodes 查看nodename)
containers:
- name: mysql
image: mysql:5.7
livenessProbe: #存活性检查
tcpSocket:
port: 3306
readinessProbe: #就绪性检查
tcpSocket:
port: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
- name: MYSQL_DATABASE
value: "discuz"
volumeMounts: #容器存储卷===》相当于挂载
- mountPath: /var/lib/mysql
name: mysql-data
volumes: #宿主机挂载目录
- name: mysql-data
hostPath:
path: /opt/discuz/mysql
---
apiVersion: v1 #discuz命名空间
kind: Namespace
metadata:
name: discuz
---
apiVersion: v1 #discuzservice
kind: Service
metadata:
name: discuz-svc
namespace: discuz
spec:
clusterIP: None #使用无头service,因为下方用了ingress域名解析
ports:
- port: 80
targetPort: 80
name: http
selector:
app: discuz
deploy: discuz
---
apiVersion: apps/v1 #discuz控制器
kind: Deployment
metadata:
name: discuz-deployment
namespace: discuz
spec:
selector:
matchLabels:
app: discuz
deploy: discuz
template:
metadata:
labels:
app: discuz
deploy: discuz
spec:
nodeName: gdx3 #因为没有nfs共享目录,此处指定一台节点
containers:
- name: php
image: elaina0808/lnmp-php:v6
livenessProbe: #存活性检查
tcpSocket:
port: 9000
readinessProbe: #就绪性检查
tcpSocket:
port: 9000
volumeMounts: #存储卷挂载
- mountPath: /usr/share/nginx/html
name: discuz-data
- name: nginx
image: elaina0808/lnmp-nginx:v9
livenessProbe: #存活性检查
httpGet:
port: 80
path: /
readinessProbe: #就绪性检查
httpGet:
port: 80
path: /
volumeMounts: #存储卷挂载
- mountPath: /usr/share/nginx/html
name: discuz-data
volumes: #存储卷挂载
- name: discuz-data
hostPath:
path: /opt/discuz/upload
---
apiVersion: extensions/v1beta1 #定义ingress域名解析
kind: Ingress
metadata:
name: discuz-ingress
namespace: discuz
spec:
tls: #使用https加密
- hosts:
- www.discuz.cluster.local.com
secretName: discuz-secret
rules:
- host: www.discuz.cluster.local.com
http:
paths:
- backend:
serviceName: discuz-svc
servicePort: 80
#5.查看nginx php容器是否正常运行
[root@k8s-master1 discuz]# kubectl get pods -n discuz
NAME READY STATUS RESTARTS AGE
discuz-deployment-cbbbfc54b-l22wq 2/2 Running 0 58m
#查看数据库容器是否正常启动
[root@k8s-master1 discuz]# kubectl get pods -n mysql
NAME READY STATUS RESTARTS AGE
mysql-deployment-c687787fc-l7n5s 1/1 Running 0 118m
#查看ingress是否正常
[root@k8s-master1 discuz]# kubectl get ingress -n discuz
NAME CLASS HOSTS ADDRESS PORTS AGE
discuz-ingress <none> www.discuz.cluster.local.com 192.168.12.12 80, 443 121m
#查看端口号
[root@k8s-master1 discuz]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.88 <none> 80:32708/TCP,443:32731/TCP 36h
ingress-nginx-controller-admission ClusterIP 10.106.141.57 <none> 443/TCP 36h
#配置主机host文件并访问
192.168.12.11 www.discuz.cluster.local.com
注意:如果没有kubectl get svc -n ingress-nginx 查不到端口,这时候就需要把deploy.yaml文件放在对应的文件启动
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/baremetal/deploy.yaml --no-check-certificat
sed -i 's#k8s.gcr.io/ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a#registry.cn-hangzhou.aliyuncs.com/k8sos/ingress-controller:v0.44.0#g' deploy.yaml
kubectl apply -f deploy.yaml
创建自定义ingress报错:Internal error occurred: failed calling webhook “validate.nginx.ingress.kubernetes.io
报错:
Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post
https://ingress-nginx-controller-admission.kube-system.svc:443/networking/v1beta1/ingresses?
timeout=10s: dial tcp 10.0.0.5:8443: connect: connection refused
原因分析:
我刚开始使用yaml的方式创建nginx-ingress,之后删除了它创建的命名空间以及 clusterrole and clusterrolebinding ,但是没有删除ValidatingWebhookConfiguration ingress-nginx-admission,这个ingress-nginx-admission是在yaml文件中安装的。当我再次使用helm安装nginx-ingress之后,创建自定义的ingress就会报这个错误。
解决方案:
使用下面的命令查看 webhook
kubectl get validatingwebhookconfigurations
出来这个
ingress-nginx-admission
删除ingress-nginx-admission
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission