准备步骤
deployment + svc + ingress
1 打一个jdk基础镜像
2 将原来的启动文件jar包或者文件夹拷贝到打包机字上(这里以用脚本启动的spring cloud项目为例)
我这里选择在harbor服务器打镜像 在k8s-op-m01上启动服务
Dockerfile-java
Dockerfile-java
FROM centos:centos7.4.1708
MAINTAINER PDABC Enterprise Container Images <[email protected]>
ADD jdk-8u161-linux-x64.tar.gz /usr/local/java/
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
WORKDIR /data/module
ENV JAVA_HOME /usr/local/java/jdk1.8.0_161
ENV JRE_HOME ${JAVA_HOME}/jre
ENV CLASSPATH .:${JAVA_HOME}/lib:${JRE_HOME}/lib
ENV PATH ${JAVA_HOME}/bin:$PATH
docker build -f Dockerfile-java -t harbor.aircourses.com/kubernetes/jdk-1.8.0_161:v1
创建Dockerfile
Dockerfile-eureka-80
注意:这里的启动脚本不能设置为后台启动。
FROM harbor.aircourses.com/kubernetes/jdk-1.8.0_161:v1
MAINTAINER PDABC Enterprise Container Images <[email protected]>
COPY ac-eureka-80 /data/module/ac-eureka
ENTRYPOINT ["sh", "/data/module/ac-eureka/bin/start.sh","start"]
构建镜像
docker build -f Dockerfile-eureka-80 -t harbor.aircourses.com/kubernetes/eureka:v1.80 .
上传镜像
docker push harbor.aircourses.com/kubernetes/eureka:v1.80
创建eureka的yaml
**注意 **这里使用了secret保存harbor信息 确保安全性
deployment-eureka.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
# deployment名字 和svc 和ingress绑定没关系
name: pre-eureka-dp
namespace: default
spec:
replicas: 1
# 在定义模板的时候必须定义labels,因为Deployment.spec.selector是必须字段,而他又必须和template.labels对应
selector:
matchLabels:
app: pre-eureka
# template里面定义的内容会应用到下面所有的副本集里面(例如depolyment下的pod),在template.spec.containers里面不能定义labels标签。可以kubectl get pods --show-labels查看
template:
metadata:
labels:
app: pre-eureka
env: pre
spec:
containers:
# containers名字 和svc 和ingress绑定没关系
- name: pre-eureka
image: harbor.aircourses.com/kubernetes/eureka:v1.80
ports:
- name: http
containerPort: 80
imagePullSecrets:
- name: myregistrykey
kubectl apply -f eureka-deployment.yaml
kubectl get pods -o wide
根据pod的clusteip地址 curl一下 看看页面对不对
创建svc-eureka.yaml
apiVersion: v1
kind: Service
metadata:
name: pre-eureka
namespace: default
spec:
type: ClusterIP
selector:
app: pre-eureka
env: pre
ports:
- name: http
port: 80
targetPort: 80
kubectl apply -f svc-eureka.yaml
kubectl get svc
根据svc的clusteip地址 curl一下 看看页面对不对
通过ipvsadm -Ln查看ipvs转发策略
一组pod可以被多个svc绑定
测试环境 如果需要开启白名单需要添加annotations
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
# 通过添加下面的annotations 来开启白名单
# 关闭80强制跳转443 为ingress配置增加注解(annotations):nginx.ingress.kubernetes.io/ssl-redirect: 'false' 就可以禁止http强制跳转至https
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: "60.191.70.64/29, xx.xxx.0.0/16"
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
name: pre-eureka
spec:
tls:
- hosts:
- k8s-tomcat-demo.aircourses.com
secretName: aircourses
rules:
- host: k8s-tomcat-demo.aircourses.com
http:
paths:
- path: /
backend:
serviceName: pre-eureka
servicePort: 80
修改config 修改eureka地址为域名 并启动wehub测试
如果不需要ingress强制跳转80到443 需要添加annotations如下
为ingress配置增加注解(annotations):nginx.ingress.kubernetes.io/ssl-redirect: ‘false’ 就可以禁止http强制跳转至https
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pre-eureka
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
spec:
tls:
- hosts:
- k8s-tomcat-demo.aircourses.com
secretName: aircourses
rules:
- host: k8s-tomcat-demo.aircourses.com
http:
paths:
- path: /
backend:
serviceName: pre-eureka
servicePort: 80
ingress 日志在ingress-nginx的namespaces下的名为nginx-ingress的pod中
kubectl log -f nginx-ingress-controller-f76d44f6c-lb5wz -n ingress-nginx