Kubernetes集群持久化部署实践

WordPress 网站持久化部署

要持久化MariaDB 可以把 Deployment 改成了 StatefulSet，修改 YAML添加"serviceName""volumeClaimTemplates"这两个字段，定义网络标识和 NFS 动态存储卷，然后在容器部分用"volumeMounts"挂载到容器里的数据目录"/var/lib/mysql"

MariaDB

marial-cm.yml 【db配置】

apiVersion: v1
kind: ConfigMap
metadata:
  name: maria-cm

data:
  DATABASE: 'db'
  USER: 'wp'
  PASSWORD: '123'
  ROOT_PASSWORD: '123'

marial-sts.yml【db pod】

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: maria-sts
  name: maria-sts

spec:
  # headless svc
  serviceName: maria-svc

  # pvc
  volumeClaimTemplates:
  - metadata:
      name: maria-100m-pvc
    spec:
      storageClassName: nfs-client
      accessModes:
        - ReadWriteMany
      resources:
        requests:
          storage: 100Mi

  replicas: 1
  selector:
    matchLabels:
      app: maria-sts

  template:
    metadata:
      labels:
        app: maria-sts
    spec:
      containers:
      - image: mariadb:10
        name: mariadb
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3306

        envFrom:
        - prefix: 'MARIADB_'
          configMapRef:
            name: maria-cm

        volumeMounts:
        - name: maria-100m-pvc
          mountPath: /var/lib/mysql

marial-sts-svc.yml【db service】

apiVersion: v1
kind: Service
metadata:
  labels:
    app: maria-sts
  name: maria-svc

spec:
  ports:
  - port: 3306
    protocol: TCP
    targetPort: 3306
  selector:
    app: maria-sts

执行命令

 kubectl apply -f marial-cm.yml
 kubectl apply -f marial-sts.yml
 kubectl apply -f marial-sts-svc.yml

WordPress

wp-sts-cm.yml【wp连接db配置】

apiVersion: v1
kind: ConfigMap
metadata:
  name: wp-cm

data:
  HOST: 'maria-sts-0.maria-svc'  #注意这里
  USER: 'wp'
  PASSWORD: '123'
  NAME: 'db'

wp-deploy.yml【wp pod】

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: wp-dep
  name: wp-dep

spec:
  replicas: 2
  selector:
    matchLabels:
      app: wp-dep

  template:
    metadata:
      labels:
        app: wp-dep
    spec:
      containers:
      - image: wordpress:5
        name: wordpress
        ports:
        - containerPort: 80

        envFrom:
        - prefix: 'WORDPRESS_DB_'
          configMapRef:
            name: wp-cm

wp-svc.yml【wp service】

apiVersion: v1
kind: Service
metadata:
  labels:
    app: wp-dep
  name: wp-svc

spec:
  ports:
  - name: http80
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30088

  selector:
    app: wp-dep
  type: NodePort

执行命令

 kubectl apply -f wp-sts-cm.yml
 kubectl apply -f wp-deploy.yml
 kubectl apply -f wp-svc.yml

svc端口访问测试

Nginx Ingress Controller

1、部署Ingress Class

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: wp-ink

spec:
  controller: nginx.org/ingress-controller

执行命令

vim wp-ingress-class.yml
kubectl apply -f wp-ingress-class.yml 

2、部署Ingress

用 kubectl create 命令生成 Ingress 的样板文件，指定域名是"wp.test"，后端 Service 是"wp-svc:80"，Ingress Class 就是刚定义的"wp-ink"：

kubectl create ing wp-ing --rule="wp.test/=wp-svc:80" --class=wp-ink $out

Ingress YAML 就是这样，注意路径类型我还是用的前缀匹配"Prefix":

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wp-ing

spec:
  ingressClassName: wp-ink

  rules:
  - host: wp.test
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: wp-svc
            port:
              number: 80

执行命令

vim wp-ingress.yml
kubectl apply -f wp-ingress.yml 

3、部署Ingress Controller

Ingress Controller 不使用 Service

给它的 Pod 加上一个特殊字段 hostNetwork，让 Pod 能够使用宿主机的网络，相当于另一种形式的 NodePort：

wp-kic.yml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: wp-kic-dep
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: wp-kic-dep
  template:
    metadata:
      labels:
        app: wp-kic-dep
        app.kubernetes.io/name: nginx-ingress
    spec:
      serviceAccountName: nginx-ingress
      hostNetwork: true
      automountServiceAccountToken: true
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
      - image: nginx/nginx-ingress:2.2-alpine
        imagePullPolicy: IfNotPresent
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: readiness-port
          containerPort: 8081
        - name: prometheus
          containerPort: 9113
        readinessProbe:
          httpGet:
            path: /nginx-ready
            port: readiness-port
          periodSeconds: 1
        resources:
          requests:
            cpu: "100m"
            memory: "128Mi"
         #limits:
         #  cpu: "1"
         #  memory: "1Gi"
        securityContext:
          allowPrivilegeEscalation: true
#          readOnlyRootFilesystem: true
          runAsUser: 101 #nginx
          runAsNonRoot: true
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -ingress-class=wp-ink

执行命令

vim wp-kic.yml
kubectl apply -f wp-kic.yml

4、访问测试

Ingress 使用的是 HTTP 路由规则，用 IP 地址访问是无效的，所以在集群外的主机上必须能够识别我们的"wp.test"域名，也就是说要把域名"wp.test"解析到 Ingress Controller 所在的节点上。

Mac，那就修改 /etc/hosts； Windows，就修改 C:\Windows\System32\Drivers\etc\hosts，添加一条解析规则就行：

自己服务器ip  wp.test

直接用域名"wp.test"访问

查看nfs中的挂载数据

#在nfs sever中进入挂载目录
cd /tmp/nfs/
#查看挂载文件
ll