Kubernetes 的概念裡所有資源皆物件,因此 Kubernetes 不關心他的持久化存儲對象是誰,可以是 iSCSI、Ceph、NFS 或是 Node 上的本機目錄,為了解耦 Pod 應用所綁定的持久化存儲對象,Kubernetes 引入了 PV/PVC 的觀念,所需 PV 存儲空間由存儲管理員提供,Kubernetes 管理員只管宣告 PVC 去綁定所需的存儲空間(PV),最後再由 Pod 指定 PVC 來掛載持久化存儲目錄。
上一集,我們已將基礎設施 Kubernetes Cluster 與相關套件給佈建完畢,這次我們要在 Kubernetes 上透過 Ingress + Deployment + Service + PVC 來部署常見的 Wordpress 網頁應用服務。
實驗環境規格
主機安裝的作業系統皆為 CentOS 7.9x64
替 Kubernetes 建置外部存儲池
由於是實驗環境,我們額外使用一台機器單獨安裝 nfs service 來快速搭建網路存儲服務
[root@nfs nfs]# yum install nfs-utils -y配置分享目錄,指定為 /tmp/nfs
[root@nfs nfs]# mkdir -p /tmp/nfs
[root@nfs nfs]# mkdir -p /tmp/nfs/001 /tmp/nfs/002
[root@nfs nfs]# cat /etc/exports
/tmp/nfs 192.168.200.0/24(rw,sync,no_root_squash)開啟 nfs 服務並預設每次開機啟動
[root@nfs nfs]# systemctl start nfs && systemctl enable nfs
[root@nfs nfs]# showmount -e localhost
Export list for localhost:
/tmp/nfs 192.168.200.0/24防火牆放行 nfs 使用埠號
[root@nfs nfs]# firewall-cmd --permanent --add-service=nfs
[root@nfs nfs]# firewall-cmd --permanent --add-service=rpc-bind
[root@nfs nfs]# firewall-cmd --permanent --add-service=mountd
[root@nfs nfs]# firewall-cmd --reload配置 PV/PVC
編寫 PV
apiVersion: v1
kind: PersistentVolume
metadata:
name: 10g-disk001
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /tmp/nfs/001
server: 192.168.200.158
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: 10g-disk002
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
path: /tmp/nfs/002
server: 192.168.200.158[root@k8s-master wordpress]# kubectl apply -f ./wordpress-pv.yaml編寫 PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pvc
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-mysql-pvc
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi[root@k8s-master wordpress]# kubectl apply -f ./wordpress-pvc.yaml配置 Wordpress
編寫 MySQL Pod 與對應的 Service
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-mysql-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: wordpress-mysql-app
template:
metadata:
labels:
app: wordpress-mysql-app
spec:
volumes:
- name: wordpress-mysql-persistent-volume
persistentVolumeClaim:
claimName: wordpress-mysql-pvc
containers:
- name: wordpress-mysql
image: mysql:8.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
name: dbport
volumeMounts:
- name: wordpress-mysql-persistent-volume
mountPath: /var/lib/mysql
env:
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_USER
value: wordpress
- name: MYSQL_PASSWORD
value: wordpress
- name: MYSQL_RANDOM_ROOT_PASSWORD # 啟用隨機 root 密碼以確保安全
value: '1'
- name: TZ
value: "Asia/Taipei"
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-mysql-service-clusterip
namespace: default
spec:
selector:
app: wordpress-mysql-app
type: ClusterIP
ports:
- port: 3306 # service所對應的clusterIP的端口
targetPort: 3306 # service所對應的pod的端口[root@k8s-master wordpress]# kubectl apply -f ./wordpress-mysql.yaml編寫 Wordpress Pod、對應的 Service 與對外的 Ingress
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: wordpress-app
template:
metadata:
labels:
app: wordpress-app
spec:
volumes:
- name: wordpress-persistent-volume
persistentVolumeClaim:
claimName: wordpress-pvc
containers:
- name: wordpress
image: wordpress:php8.2
ports:
- containerPort: 80
name: wdport
volumeMounts:
- name: wordpress-persistent-volume
mountPath: /var/www/html
env:
- name: WORDPRESS_DB_HOST
value: wordpress-mysql-service-clusterip # 透過service存取MySQL Pod
- name: WORDPRESS_DB_NAME
value: wordpress
- name: WORDPRESS_DB_USER
value: wordpress
- name: WORDPRESS_DB_PASSWORD
value: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-service-clusterip
namespace: default
spec:
selector:
app: wordpress-app
type: ClusterIP
ports:
- port: 80 # service所對應的clusterIP的端口
targetPort: 80 # service所對應的Pod的端口
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ing-wordpress
namespace: default
spec:
ingressClassName: nginx
rules:
- host: wordpress.test.com
http:
paths:
- pathType: Prefix
backend:
service:
name: wordpress-service-clusterip
port:
number: 80
path: /[root@k8s-master wordpress]# kubectl apply -f ./wordpress.yaml由於兩個 Pod 同處一個命名空間,WORDPRESS_DB_HOST 寫入的主機名稱可以是Service name:wordpress-mysql-service-clusterip,也可以是完整 DNS 地址:wordpress-mysql-service-clusterip.default.svc.cluster.local
生產環境中請將密碼寫在 configMap,Wordpress Deployment 的 replicas 參數可以視情況調高以實現高可用性
確認成果
檢查已建立的所有資源
[root@k8s-master wordpress]# kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
10g-disk001 10Gi RWX Retain Bound default/wordpress-pvc 51m
10g-disk002 10Gi RWX Retain Bound default/wordpress-mysql-pvc 51m
[root@k8s-master wordpress]# kubectl get pvc,pods,svc,ing -n default
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/wordpress-mysql-pvc Bound 10g-disk002 10Gi RWX 47m
persistentvolumeclaim/wordpress-pvc Bound 10g-disk001 10Gi RWX 47m
NAME READY STATUS RESTARTS AGE
pod/wordpress-deployment-5594885cb7-fsjld 1/1 Running 0 47m
pod/wordpress-mysql-deployment-76bf56568-s4wtx 1/1 Running 0 47m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/wordpress-mysql-service-clusterip ClusterIP 10.106.170.74 <none> 3306/TCP 47m
service/wordpress-service-clusterip ClusterIP 10.98.255.72 <none> 80/TCP 47m
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/ing-wordpress nginx wordpress.test.com 192.168.200.161,192.168.200.162 80 47m區網任一電腦的 hosts 檔案裡加入一筆 192.168.200.161 指向 wordpress.test.com 的資料,再透過電腦瀏覽器網址列輸入 http://wordpress.test.com 即可驗證我們的 wordpress 網頁應用服務!
本文內容參閱以下連結:
來自台灣的系統工程師,一直熱衷於 Open source 相關技術的學習、建置、應用與分享。
0 Comments:
張貼留言