WordPress 网站持久化部署
要持久化MariaDB 可以把 Deployment 改成了 StatefulSet,修改 YAML添加“serviceName”“volumeClaimTemplates”这两个字段,定义网络标识和 NFS 动态存储卷,然后在容器部分用“volumeMounts”挂载到容器里的数据目录“/var/lib/mysql”
MariaDB
marial-cm.yml 【db配置】
apiVersion: v1
kind: ConfigMap
metadata:
name: maria-cm
data:
DATABASE: 'db'
USER: 'wp'
PASSWORD: '123'
ROOT_PASSWORD: '123'
marial-sts.yml【db pod】
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: maria-sts
name: maria-sts
spec:
# headless svc
serviceName: maria-svc
# pvc
volumeClaimTemplates:
- metadata:
name: maria-100m-pvc
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
replicas: 1
selector:
matchLabels:
app: maria-sts
template:
metadata:
labels:
app: maria-sts
spec:
containers:
- image: mariadb:10
name: mariadb
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
envFrom:
- prefix: 'MARIADB_'
configMapRef:
name: maria-cm
volumeMounts:
- name: maria-100m-pvc
mountPath: /var/lib/mysql
marial-sts-svc.yml【db service】
apiVersion: v1
kind: Service
metadata:
labels:
app: maria-sts
name: maria-svc
spec:
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: maria-sts
执行命令
kubectl apply -f marial-cm.yml
kubectl apply -f marial-sts.yml
kubectl apply -f marial-sts-svc.yml
WordPress
wp-sts-cm.yml【wp连接db配置】
apiVersion: v1
kind: ConfigMap
metadata:
name: wp-cm
data:
HOST: 'maria-sts-0.maria-svc' #注意这里
USER: 'wp'
PASSWORD: '123'
NAME: 'db'
wp-deploy.yml【wp pod】
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: wp-dep
name: wp-dep
spec:
replicas: 2
selector:
matchLabels:
app: wp-dep
template:
metadata:
labels:
app: wp-dep
spec:
containers:
- image: wordpress:5
name: wordpress
ports:
- containerPort: 80
envFrom:
- prefix: 'WORDPRESS_DB_'
configMapRef:
name: wp-cm
wp-svc.yml【wp service】
apiVersion: v1
kind: Service
metadata:
labels:
app: wp-dep
name: wp-svc
spec:
ports:
- name: http80
port: 80
protocol: TCP
targetPort: 80
nodePort: 30088
selector:
app: wp-dep
type: NodePort
执行命令
kubectl apply -f wp-sts-cm.yml
kubectl apply -f wp-deploy.yml
kubectl apply -f wp-svc.yml
svc端口访问测试
Nginx Ingress Controller
1、部署Ingress Class
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: wp-ink
spec:
controller: nginx.org/ingress-controller
执行命令
vim wp-ingress-class.yml
kubectl apply -f wp-ingress-class.yml
2、部署Ingress
用 kubectl create 命令生成 Ingress 的样板文件,指定域名是“wp.test”,后端 Service 是“wp-svc:80”,Ingress Class 就是刚定义的“wp-ink”:
kubectl create ing wp-ing --rule="wp.test/=wp-svc:80" --class=wp-ink $out
Ingress YAML 就是这样,注意路径类型我还是用的前缀匹配“Prefix”:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-ing
spec:
ingressClassName: wp-ink
rules:
- host: wp.test
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wp-svc
port:
number: 80
执行命令
vim wp-ingress.yml
kubectl apply -f wp-ingress.yml
3、部署Ingress Controller
Ingress Controller 不使用 Service
给它的 Pod 加上一个特殊字段 hostNetwork,让 Pod 能够使用宿主机的网络,相当于另一种形式的 NodePort:
wp-kic.yml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wp-kic-dep
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: wp-kic-dep
template:
metadata:
labels:
app: wp-kic-dep
app.kubernetes.io/name: nginx-ingress
spec:
serviceAccountName: nginx-ingress
hostNetwork: true
automountServiceAccountToken: true
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- image: nginx/nginx-ingress:2.2-alpine
imagePullPolicy: IfNotPresent
name: nginx-ingress
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: readiness-port
containerPort: 8081
- name: prometheus
containerPort: 9113
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
resources:
requests:
cpu: "100m"
memory: "128Mi"
#limits:
# cpu: "1"
# memory: "1Gi"
securityContext:
allowPrivilegeEscalation: true
# readOnlyRootFilesystem: true
runAsUser: 101 #nginx
runAsNonRoot: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
- -ingress-class=wp-ink
执行命令
vim wp-kic.yml
kubectl apply -f wp-kic.yml
4、访问测试
Ingress 使用的是 HTTP 路由规则,用 IP 地址访问是无效的,所以在集群外的主机上必须能够识别我们的“wp.test”域名,也就是说要把域名“wp.test”解析到 Ingress Controller 所在的节点上。
Mac,那就修改 /etc/hosts; Windows,就修改 C:\Windows\System32\Drivers\etc\hosts,添加一条解析规则就行:
自己服务器ip wp.test
直接用域名“wp.test”访问
查看nfs中的挂载数据
#在nfs sever中进入挂载目录
cd /tmp/nfs/
#查看挂载文件
ll
