Kubernetes This Blog
集群部署环境说明
本文采用gcp云服务部署方案,1 个 vCPU,3.75 GB,单节点部署。
所需部署服务说明
- mysql, 有状态服务,用于数据持久化存储
- redis,主要用于文章数据缓存,以此提升网站响应速度
- nginx, 用于网站中静态文件发布服务器,与后端服务站点分离以此达到分流效果
- web, 后端站点发布服务
- ingress controller, 路由控制器,实现站点请求路由,以及站点tls配置
部署
#PersistentVolumeClaim
创建持久化存储卷,有效避免数据丢失。
mysql pvc
1
2
3
4
5
6
7
8
9
10apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: blog-volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gistatic file pvc
1
2
3
4
5
6
7
8
9
10apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: blog-static-volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mimedia file pvc
1
2
3
4
5
6
7
8
9
10apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: blog-media-volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512Mi
#ingress controller
使用helm添加nginx ingress仓库地址
helm repo add stable https://kubernetes-charts.storage.googleapis.com编写nginx ingress controller配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27controller:
kind: Deployment
replicaCount: 1
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
ingressClass: nginx
service:
enabled: true
enableHttp: true
enableHttps: true
type: LoadBalancer
resources:
requests:
cpu: 20m
memory: 64Mi
limits:
cpu: 50m
memory: 256Mi
defaultBackendService: default/web-service
defaultBackend:
enabled: false
rbac:
create: true*** 这里的默认后台服务我是写的自己的站点,格式为namespace/service***
安裝nginx ingress controller服务
helm install nginx-ingress stable/nginx-ingress -f values.yaml
#mysql
deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:latest
args:
- "--default-authentication-plugin=mysql_native_password"
env:
- name: MYSQL_DATABASE
value: "blog"
- name: MYSQL_USER
value: "root"
- name: MYSQL_ROOT_PASSWORD
value: "123456"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
resources:
requests:
cpu: 50m
memory: 512Mi
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-volumeclaimservice
1
2
3
4
5
6
7
8
9
10apiVersion: v1
kind: Service
metadata:
name: mysql-service
spec:
type: ClusterIP
ports:
- port: 3306
selector:
app: mysql
#redis
deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-server
spec:
selector:
matchLabels:
app: redis-server
replicas: 1
template:
metadata:
labels:
app: redis-server
spec:
containers:
- name: redis-server
image: redis:latest
ports:
- containerPort: 6379
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
cpu: 10m
memory: 128Miservice
1
2
3
4
5
6
7
8
9
10apiVersion: v1
kind: Service
metadata:
name: redis-service
spec:
type: NodePort
ports:
- port: 6379
selector:
app: redis-serve
#nginx
deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-server
spec:
selector:
matchLabels:
app: nginx-server
replicas: 1
template:
metadata:
labels:
app: nginx-server
spec:
volumes:
- name: nginx-volume
configMap:
name: nginx-config
items:
- key: nginx.conf
path: nginx.conf
- name: blog-static-storage
persistentVolumeClaim:
claimName: blog-static-volumeclaim
- name: blog-media-storage
persistentVolumeClaim:
claimName: blog-media-volumeclaim
containers:
- name: nginx-server
image: nginx:latest
ports:
- containerPort: 80
resources:
requests:
cpu: 20m
memory: 256Mi
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: nginx-volume
- name: blog-static-storage
mountPath: /usr/src/app/web/static
- name: blog-media-storage
mountPath: /usr/src/app/web/media** 需要创建
nginx.confconfigmap配置。*service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx-service
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: nginx-server
#web
deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68apiVersion: apps/v1
kind: Deployment
metadata:
name: web
spec:
selector:
matchLabels:
app: web
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
minReadySeconds: 3
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: asia.gcr.io/whl-vps/blog_web:latest
command: ["/bin/sh", "-c", "python manage.py rebuild_index --noinput; uwsgi -i uwsgi.ini"]
env:
- name: DEBUG
value: "0"
- name: DOMAIN
value: "*"
- name: EMAIL_USER
value: "9239****@qq.com"
- name: EMAIL_PASSWORD
value: "*****"
- name: EMAIL_PORT
value: "587"
- name: MYSQL_HOST
value: "mysql-service"
- name: MYSQL_PORT
value: "3306"
- name: MYSQL_DATABASE
value: "blog"
- name: REDIS_HOST
value: "redis-service"
- name: REDIS_PORT
value: "6379"
- name: REDIS_DB
value: "0"
- name: SECRET_KEY
value: "*****"
ports:
- containerPort: 8000
protocol: TCP
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- name: blog-static-storage
mountPath: /usr/src/app/web/static
- name: blog-media-storage
mountPath: /usr/src/app/web/media
volumes:
- name: blog-static-storage
persistentVolumeClaim:
claimName: blog-static-volumeclaim
- name: blog-media-storage
persistentVolumeClaim:
claimName: blog-media-volumeclaimservice
1
2
3
4
5
6
7
8
9
10
11
12apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
type: NodePort
ports:
- port: 80
targetPort: 8000
protocol: TCP
selector:
app: webingress
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- www.thisblog.cn
secretName: tls-secret
rules:
- host: www.thisblog.cn
http:
paths:
- path: /
backend:
serviceName: web-service
servicePort: 80
- backend:
serviceName: nginx-service
servicePort: 80
path: /static
- backend:
serviceName: nginx-service
servicePort: 80
path: /mediatls-secret
1
2
3
4
5
6
7apiVersion: v1
kind: Secret
metadata:
name: tls-secret
data:
tls.crt: <base64>
tls.key: <base64>*** base64编码命令,
cat thisblog.cn.key | base64orcat thisblog.cn.crt | base64***
- 本文标题:Kubernetes This Blog
- 创建时间:2020-04-05 14:52:57
- 本文链接:2020/04/05/thisblog-k8s/
- 版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
评论