一.Docker harbor搭建 二.构建提交镜像 三.安装reloader热更及其k8s部署 一.Docker harbor搭建 1.1 .docker harbor部署(https://www.cnblogs.com/sanduzxcvbnm/p/13724770.html)1.2 创建docker harbor认证secretkubectl create s
- 一.Docker harbor搭建
- 二.构建提交镜像
- 三.安装reloader热更及其k8s部署
一.Docker harbor搭建
1.1 .docker harbor部署(https://www.cnblogs.com/sanduzxcvbnm/p/13724770.html) 1.2 创建docker harbor认证secret kubectl create secret docker-registry registry-pull-secret --docker-server=10.206.16.4 --docker-username=admin --docker-password=Rolinabc123 --docker-email=xxxx@qq.com 1.3 进入harbor界面,创建项目fronted 二.构建提交镜像 2.1 进入网站目录编写dockerfile From nginx WORKDIR /var/www/html add h5game.xxx.com.tar.gz /var/www/html 2.2 修改客户端docker配置文件支持http vim /etc/docker/daemon.json "insecure-registries" : ["10.206.16.4"] 2.3 构建镜像推送到harbor docker login 10.206.16.4 docker build 10.206.16.4/fronted/h5game.xxx.com:v1 . docker push 10.206.16.4/fronted/h5game.xxx.com:v1 三.k8s部署 3.0 安装reloader kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml 可以通过reloader和checksum的形式来检测配置文件发生改变触发pod滚动更新 参考文章:https://juejin.cn/post/6993128314055426084 3.1 namespace创建 namespace.yaml apiVersion: v1 kind: Namespace metadata: name: fronted限定命名空间使用额度
#争对命名空间限额 # kubectl create -f compute-resources.yaml -n fronted apiVersion: v1 kind: ResourceQuota metadata: name: compute-resources spec: hard: pods: "20" requests.cpu: "1" requests.memory: 1Gi limits.cpu: "2" limits.memory: 4Gi 3.2 configmap配置创建 configmap.yaml kind: ConfigMap # 对象类型 apiVersion: v1 # api 版本 metadata: # 元数据 name: h5sdk # 对象名称 namespace: fronted data: # key-value 数据集合 nginx.conf: | # 将 nginx config 配置写入 ConfigMap 中,经典的 php-fpm 代理设置,这里就不再多说了 events { } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; gzip on; tcp_nopush on; tcp_nodelay on; server_tokens off; keepalive_timeout 0; client_body_timeout 10; client_header_timeout 10; client_header_buffer_size 1k; large_client_header_buffers 4 4k; output_buffers 1 32k; client_max_body_size 64m; client_body_buffer_size 256k; server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html/h5game.sentsss.com; #index index.php; server_name _; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location / { index index.html index.htm index.php; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=$1 last; break; } } access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log error; #location ~ \.php$ { # include fastcgi_params; # fastcgi_param REQUEST_METHOD $request_method; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_pass 127.0.0.1:9000; } }3.3 部署文件 deployment.yaml
kind: Deployment apiVersion: apps/v1 metadata: name: h5sdk namespace: fronted annotations: #检测配置文件的改变来实现pod滚动更新 reloader.stakater.com/auto: "true" spec: selector: matchLabels: app: h5sdk replicas: 2 template: metadata: labels: app: h5sdk spec: #nodeName: k8s-node-01 imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: 10.206.16.4/fronted/www.h5sdk.xxx.com:v1 ports: - containerPort: 80 volumeMounts: #- mountPath: /var/www/html #name: nginx-www - mountPath: /etc/nginx/nginx.conf subPath: nginx.conf name: nginx-config - mountPath: /var/log/nginx name: nginx-log - mountPath: /etc/localtime name: timezone #探针查看服务是否可用是否加入service livenessProbe: httpGet: path: /user.html port: 80 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 1 readinessProbe: httpGet: path: /user.html port: 80 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 timeoutSeconds: 1 lifecycle: preStop: exec: command: ["/bin/bash","-c","sleep 20"] resources: limits: cpu: 40m memory: 40Mi requests: cpu: 20m memory: 20Mi securityContext: readOnlyRootFilesystem: true runAsNonRoot: true affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - {key: app, operator: In, values: ["h5sdk"]} topologyKey: fronted volumes: - name: nginx-log hostPath: path: /opt/log/nginx/h5sdk - name: nginx-config configMap: name: h5sdk - name: timezone hostPath: path: /usr/share/zoneinfo/Asia/Shanghai #- name: nginx-www # emptyDir: {} 3.4 svc的创建 svc.yaml apiVersion: v1 kind: Service metadata: name: h5sdk namespace: fronted spec: selector: #project: h5sdk app: h5sdk ports: - port: 80 targetPort: 803.5 ingress创建 ingress.yaml
kind: Ingress # 对象类型 apiVersion: networking.k8s.io/v1beta1 metadata: name: h5sdk namespace: fronted spec: rules: - host: h6game.xxx.com http: paths: - path: / backend: serviceName: h5sdk # 需要与servicename一致 servicePort: 80 # 与 Service 的 port 一致3.6 hpa创建 hpa.yaml(记得提前安装metric)
kind: HorizontalPodAutoscaler # 对象类型,简称 hpa,水平自动伸缩 apiVersion: autoscaling/v2beta2 # autoscaling/v2beta2 与 autoscaling/v1 的 API 有很大的不同,注意识别两者的差异 metadata: name: h5sdk namespace: fronted spec: scaleTargetRef: # 伸缩的目标对象 apiVersion: apps/v1 # 对象版本 kind: Deployment # 目标对象的类型 name: h5sdk # 目标对象的名称 minReplicas: 2 # 最小副本数 maxReplicas: 4 # 最大副本数 metrics: # 指标 - type: Resource # 类型:资源 resource: name: memory # 内存 target: type: Utilization averageUtilization: 70 # 1% 这个值是为了实验,具体值请参考业务方实际情况而定 - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 703.7 腾讯云申请一个负载均衡,然后将所有node节点加入到负载均衡
3.8 域名解析到负载均衡的ip上